def main():
global thread_pool
global config
global cos_log
bucketdirList = BucketDirList(BUCKET_PATH_LIST_PATH)
cosconfig = CosConfig(300,300,False,region=config.region)
cos_client = CosClient(config.appid, config.secret_id, config.secret_key, config.region)
cos_client.set_config(cosconfig)
thread_pool_dir = threadpool.ThreadPool(config.dir_thread_num)
for var in bucketdirList.bucketDirList:
cos_log.debug(var)
bucket = bucketdirList.getBucketName(var)
path = bucketdirList.getPath(var)
if (bucket == "" or path == ""):
continue
thread_pool_file = threadpool.ThreadPool(config.file_thread_num)
cos_log.debug("bucket:"+bucket +",path:"+path)
args = [cos_client,bucket, path, thread_pool_file]
args_tuple = (args, None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delete_r, args_list)
for req in requests:
thread_pool_dir.putRequest(req)
cos_log.debug("thread_pool_dir waiting.....\n")
thread_pool_dir.wait()
thread_pool_dir.dismissWorkers(config.dir_thread_num, True)
cos_log.debug("thread_pool_dir wait end.....\n")
def down_plugins(self, remote_plugins, local_plugins):
"""
下载插件
:param remote_plugins: list, 远程插件列表
:param local_plugins: list, 本地插件列表
:return: list, 新增插件列表
"""
def down_single_plugin(plugin):
"""
下载单个插件
:return:
"""
base_url = "https://api.github.com/repos/chuhades/" \
"CMS-Exploit-Framework/contents/"
r = requests.get(base_url + plugin)
r.close()
j = json.loads(r.text)
data = binascii.a2b_base64(j["content"])
with open(plugin, "w") as f:
f.write(data)
for plugin in local_plugins:
if plugin in remote_plugins:
remote_plugins.remove(plugin)
pool = threadpool.ThreadPool(10)
reqs = threadpool.makeRequests(down_single_plugin, remote_plugins)
for req in reqs:
pool.putRequest(req)
pool.wait()
return remote_plugins
def run(self):
"""
多线程
:return:
"""
pool = threadpool.ThreadPool(self.thread_num)
reqs = threadpool.makeRequests(self.identify_cms, self.rules, self.log)
for req in reqs:
pool.putRequest(req)
pool.wait()
def main():
global thread_pool
global config
global cos_log
bucketdirList = BucketDirList(BUCKET_PATH_LIST_PATH)
cosconfig = CosConfig(300, 300, False, region=config.region)
cos_client = CosClient(config.appid, config.secret_id, config.secret_key,
config.region)
cos_client.set_config(cosconfig)
thread_pool_dir = threadpool.ThreadPool(config.dir_thread_num)
for var in bucketdirList.bucketDirList:
cos_log.debug(var)
bucket = bucketdirList.getBucketName(var)
path = bucketdirList.getPath(var)
if (bucket == "" or path == ""):
cos_log.error(
"config is invalid at line %s, please check it and try again!"
% var)
continue
thread_pool_file = threadpool.ThreadPool(config.file_thread_num)
cos_log.debug("bucket:" + bucket + ",path:" + path)
cos_log.debug(
'please commit the target to be deleted. bucket: %s, path: %s (yes/no)'
% (bucket, path))
answer = sys.stdin.readline()
if answer.lower().strip() != "yes":
cos_log.debug('answer is not yes. quit')
return
args = [cos_client, bucket, path, thread_pool_file]
args_tuple = (args, None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delete_r, args_list)
for req in requests:
thread_pool_dir.putRequest(req)
cos_log.debug("thread_pool_dir waiting.....\n")
thread_pool_dir.wait()
thread_pool_dir.dismissWorkers(config.dir_thread_num, True)
cos_log.debug("thread_pool_dir wait end.....\n")
def down_plugin_list(self):
"""
获取远程插件列表
:param dirs: 所有插件目录
:return: list, 远程插件列表
"""
base_url = "https://api.github.com/repos/chuhades/" \
"CMS-Exploit-Framework/contents/"
plugin_dirs = []
remote_plugins = []
def down_plugin_dirs():
"""
获取远程插件目录
:return:
"""
r = requests.get(base_url + "plugins")
r.close()
j = json.loads(r.text)
for i in j:
plugin_dirs.append(i["path"])
def down_single_dir(plugin_dir):
"""
下载单个目录插件列表
:param plugin_dir: list, 插件目录
"""
remote_plugins = []
r = requests.get(base_url + plugin_dir)
r.close()
j = json.loads(r.text)
for i in j:
remote_plugins.append(i["path"])
return remote_plugins
def log(request, result):
"""
threadpool callback
"""
remote_plugins.extend(result)
down_plugin_dirs()
pool = threadpool.ThreadPool(10)
reqs = threadpool.makeRequests(down_single_dir, plugin_dirs, log)
for req in reqs:
pool.putRequest(req)
pool.wait()
return remote_plugins
def exec_plugins(self):
"""
执行所有插件
:return:
"""
logger.process("Loading Plugins")
self.load_plugins()
if self.what_web:
logger.process("Loading multi_whatweb")
self.identify_cms()
for plugin in self.plugins:
logger.process("Loading %s" % plugin)
self.load_plugin(plugin)
pool = threadpool.ThreadPool(self.thread_number)
reqs = threadpool.makeRequests(self.exec_single_plugin,
self.targets)
for req in reqs:
pool.putRequest(req)
pool.wait()
self.log_vulns()
import os, sys, traceback
from imp import reload
from components import abstracts
from lib import threadpool
plugins = {}
mods = {}
resources = {}
handlers = {}
prio = range(0, 5)
pool = threadpool.ThreadPool(10, "Event Dispatch")
def initialize():
for f in os.listdir("plugins/"):
fname, ext = os.path.splitext(f)
if ext == '.py':
loadPlugin(fname)
for plug in plugins:
plugins[plug].load()
def loadPlugin(name):
sys.path.insert(0, "plugins/")
mod = __import__(name)
registerPlugin(mod, name)
sys.path.pop(0)
global output
if status:
if result:
print("result:", result)
writefile("results/%s" % output, result)
if __name__ == "__main__":
banner()
args = parse_args()
poc = args.poc
input = args.input
output = args.output
l = args.poclist
threadnum = int(args.thread)
pool = threadpool.ThreadPool(threadnum)
pocs = []
if l:
listpoc()
else:
if poc == "":
poc = "all"
if poc == "all":
pocs = listpoc(1)
else:
if "," in poc:
for p in poc.split(","):
p = p.strip()
if p not in pocs:
pocs.append(p)
else: