def masscan_scan(hostname, ip, task_name, task_id, ports, tag_name):
"""
masscan扫描端口,获取开放的端口
:param url:
:return: str "22,80" 开放的端口列表
"""
args = [MASSCAN.PATH, '-p', ports, '--rate', MASSCAN.RATE, ip]
try:
p = subprocess.Popen(args,stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output, error = p.communicate()
if output:
pattern = re.compile(r"port (\d+)/")
match = re.findall(pattern, decode_text(output))
elif "Permission denied" in decode_text(error):
log.error("You Must Use Root To Run Masscan", exc_info=True)
sys.exit(0)
else:
match = None
except Exception:
log.error("Masscan Scan Ports Failed", exc_info=True)
match = None
log.info("Masscan Success: %s: %s",ip, match)
nmap_object = {
"task_id": task_id,
"task_name": task_name,
"tag_name": tag_name,
"hostname": hostname,
"ip": ip,
"ports": match
}
redis_conn.lpush("Nmap_Second", json.dumps(nmap_object))
def vuln_scan(hostname, port, service, poc, task_id, task_name, tag_name):
"""
:param url 要扫描的URL
:param poc 需要扫描的poc
"""
if poc.find(".py") < 0:
poc += ".py"
log.info("target host is %s and port is %s, service is %s" %
(hostname, port, service))
obj = load_code_to_obj(poc)
result, response = None, None
try:
result, response = obj.poc(hostname, port, service)
except Exception:
log.error("[Error]: POC Processing Error")
if result:
vul_info = obj.plugin_info()
if response:
if not isinstance(response, str):
response = decode_text(response)
response = response if response else " "
vul_level = vul_info['level'] if vul_info else None # 漏洞等级
vul_type = vul_info['category'] if vul_info else None # 漏洞类型
vul_name = vul_info['info'] if vul_info else None # 漏洞描述
first_find_date = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
query = {
'url': hostname,
'port': port,
'poc': poc,
'task_id': task_id,
'tag_name': tag_name
}
# print(query)
if db.vulBlack.find_one({"vul_url": result, "poc": poc}):
log.error("Vul in Black List, ignore: %s", result)
return
if db.vulPoc.find_one(query):
log.info("Vul exist, Update Find Date")
db.vulPoc.update(query,
{"$set": {
"last_find_date": first_find_date
}}) #如果已存在记录,更新最新发现时间
else:
payload = {
'task_id': task_id,
'task_name': task_name,
'tag_name': tag_name,
'name': vul_name,
'level': vul_level,
'type': vul_type,
'vul_url': result,
'vul_response': response,
'vul_desc': ' ',
'black_flag': 0,
'first_find_date': first_find_date,
'last_find_date': first_find_date
}
db.vulPoc.insert(dict(query, **payload))
log.info("find Vul %s, %s", hostname + ':' + str(port), poc)
def bbscan(url, tag, status_to_match, content_type, content_type_no, vul_type,
status_404, len_404_content, task_name, task_id, tag_name):
status_to_match = int(status_to_match)
status_404 = int(status_404)
try:
status_code, headers, content = http_request(url)
cur_content_type = headers['Content-Type']
status = status_code
content = decode_text(content)
cur_content_length = len(content)
if check_black_list(content): # 在黑名单的的url返回
return
if 0 <= int(cur_content_length) <= 10: # text too short
return
if cur_content_type.find('image/') >= 0: # exclude image
return
if content_type != 'application/json' and cur_content_type.find('application/json') >= 0 and \
not url.endswith('.json'): # invalid json
return
if content_type and cur_content_type.find(content_type) < 0 \
or content_type_no and cur_content_type.find(content_type_no) >= 0:
return # content type mismatch
if tag and content.find(tag) < 0:
return # tag mismatch
if check_white_list(content):
valid_item = True
else:
if status_to_match == 206 and status != 206:
return
if status_to_match in (200, 206) and status in (200, 206):
valid_item = True
elif status_to_match and status != status_to_match:
return
elif status in (403, 404) and status != status_to_match:
return
else:
valid_item = True
if status == status_404 and url != '/':
len_doc = len(content)
len_sum = int(len_404_content) + len_doc
# print("bool is %s" % bool(0.4 <= float(len_doc) / len_sum <= 0.6))
if len_sum == 0 or (0.4 <= float(len_doc) / len_sum <= 0.6):
return
if valid_item:
vul_type = vul_type.replace('_', ' ')
m = re.search('<title>(.*?)</title>', content)
title = m.group(1) if m else ''
scheme, host, port = get_hostname_port(url)
vul_url = "%s://%s:%s" % (scheme, host, port)
first_find_date = datetime.datetime.now().strftime(
"%Y-%m-%d %H:%M:%S")
# log.info(bool(db.bbscan.find_one({"task_id": task_id, "url": url})))
if db.bbscan.find_one({
"task_id": task_id,
"tag_name": tag_name,
"vul_url": url
}): # 以task_id和url为主键查询条件
log.info("Get Vul Repeat %s", {"task_id": task_id, "url": url})
db.bbscan.update({
"task_id": task_id,
"url": url
}, {"$set": {
"last_find_date": first_find_date
}})
else:
log.info("Get Vul Success %s", {
"task_id": task_id,
"url": url
})
result = {
"task_name": task_name,
"task_id": task_id,
"tag_name": tag_name,
"vul_url": url,
"url": vul_url,
"vul_Type": vul_type,
"status": status,
"title": title,
"first_find_date": first_find_date,
"last_find_date": first_find_date
}
db.bbscan.insert(result)
except TypeError:
pass
except KeyError:
pass
except:
log.error("BBScan::process_request error %s", url, exc_info=True)