def down_plugins(self, remote_plugins, local_plugins):
"""
下载插件
:param remote_plugins: list, 远程插件列表
:param local_plugins: list, 本地插件列表
:return: list, 新增插件列表
"""
def down_single_plugin(plugin):
"""
下载单个插件
:return:
"""
base_url = "https://api.github.com/repos/chuhades/" \
"CMS-Exploit-Framework/contents/"
r = requests.get(base_url + plugin)
r.close()
j = json.loads(r.text)
data = binascii.a2b_base64(j["content"])
with open(plugin, "w") as f:
f.write(data)
for plugin in local_plugins:
if plugin in remote_plugins:
remote_plugins.remove(plugin)
pool = threadpool.ThreadPool(10)
reqs = threadpool.makeRequests(down_single_plugin, remote_plugins)
for req in reqs:
pool.putRequest(req)
pool.wait()
return remote_plugins
def main():
global thread_pool
global config
global cos_log
bucketdirList = BucketDirList(BUCKET_PATH_LIST_PATH)
cosconfig = CosConfig(300,300,False,region=config.region)
cos_client = CosClient(config.appid, config.secret_id, config.secret_key, config.region)
cos_client.set_config(cosconfig)
thread_pool_dir = threadpool.ThreadPool(config.dir_thread_num)
for var in bucketdirList.bucketDirList:
cos_log.debug(var)
bucket = bucketdirList.getBucketName(var)
path = bucketdirList.getPath(var)
if (bucket == "" or path == ""):
continue
thread_pool_file = threadpool.ThreadPool(config.file_thread_num)
cos_log.debug("bucket:"+bucket +",path:"+path)
args = [cos_client,bucket, path, thread_pool_file]
args_tuple = (args, None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delete_r, args_list)
for req in requests:
thread_pool_dir.putRequest(req)
cos_log.debug("thread_pool_dir waiting.....\n")
thread_pool_dir.wait()
thread_pool_dir.dismissWorkers(config.dir_thread_num, True)
cos_log.debug("thread_pool_dir wait end.....\n")
def down_plugins(self, remote_plugins, local_plugins):
"""
下载插件
:param remote_plugins: list, 远程插件列表
:param local_plugins: list, 本地插件列表
:return: list, 新增插件列表
"""
def down_single_plugin(plugin):
"""
下载单个插件
:return:
"""
base_url = "https://api.github.com/repos/chuhades/" \
"CMS-Exploit-Framework/contents/"
r = requests.get(base_url+plugin)
r.close()
j = json.loads(r.text)
data = binascii.a2b_base64(j["content"])
with open(plugin, "w") as f:
f.write(data)
for plugin in local_plugins:
if plugin in remote_plugins:
remote_plugins.remove(plugin)
pool = threadpool.ThreadPool(10)
reqs = threadpool.makeRequests(down_single_plugin, remote_plugins)
for req in reqs:
pool.putRequest(req)
pool.wait()
return remote_plugins
def run(self):
"""
多线程
:return:
"""
pool = threadpool.ThreadPool(self.thread_num)
reqs = threadpool.makeRequests(self.identify_cms, self.rules, self.log)
for req in reqs:
pool.putRequest(req)
pool.wait()
def run(self):
"""
多线程
:return:
"""
pool = threadpool.ThreadPool(self.thread_num)
reqs = threadpool.makeRequests(self.identify_cms, self.rules, self.log)
for req in reqs:
pool.putRequest(req)
pool.wait()
def down_plugin_list(self):
"""
获取远程插件列表
:param dirs: 所有插件目录
:return: list, 远程插件列表
"""
base_url = "https://api.github.com/repos/chuhades/" \
"CMS-Exploit-Framework/contents/"
plugin_dirs = []
remote_plugins = []
def down_plugin_dirs():
"""
获取远程插件目录
:return:
"""
r = requests.get(base_url + "plugins")
r.close()
j = json.loads(r.text)
for i in j:
plugin_dirs.append(i["path"])
def down_single_dir(plugin_dir):
"""
下载单个目录插件列表
:param plugin_dir: list, 插件目录
"""
remote_plugins = []
r = requests.get(base_url + plugin_dir)
r.close()
j = json.loads(r.text)
for i in j:
remote_plugins.append(i["path"])
return remote_plugins
def log(request, result):
"""
threadpool callback
"""
remote_plugins.extend(result)
down_plugin_dirs()
pool = threadpool.ThreadPool(10)
reqs = threadpool.makeRequests(down_single_dir, plugin_dirs, log)
for req in reqs:
pool.putRequest(req)
pool.wait()
return remote_plugins
def down_plugin_list(self):
"""
获取远程插件列表
:param dirs: 所有插件目录
:return: list, 远程插件列表
"""
base_url = "https://api.github.com/repos/chuhades/" \
"CMS-Exploit-Framework/contents/"
plugin_dirs = []
remote_plugins = []
def down_plugin_dirs():
"""
获取远程插件目录
:return:
"""
r = requests.get(base_url+"plugins")
r.close()
j = json.loads(r.text)
for i in j:
plugin_dirs.append(i["path"])
def down_single_dir(plugin_dir):
"""
下载单个目录插件列表
:param plugin_dir: list, 插件目录
"""
remote_plugins = []
r = requests.get(base_url+plugin_dir)
r.close()
j = json.loads(r.text)
for i in j:
remote_plugins.append(i["path"])
return remote_plugins
def log(request, result):
"""
threadpool callback
"""
remote_plugins.extend(result)
down_plugin_dirs()
pool = threadpool.ThreadPool(10)
reqs = threadpool.makeRequests(down_single_dir, plugin_dirs, log)
for req in reqs:
pool.putRequest(req)
pool.wait()
return remote_plugins
def exec_plugins(self):
"""
执行所有插件
:return:
"""
logger.process("Loading Plugins")
self.load_plugins()
if self.what_web:
logger.process("Loading multi_whatweb")
self.identify_cms()
for plugin in self.plugins:
logger.process("Loading %s" % plugin)
self.load_plugin(plugin)
pool = threadpool.ThreadPool(self.thread_number)
reqs = threadpool.makeRequests(self.exec_single_plugin,
self.targets)
for req in reqs:
pool.putRequest(req)
pool.wait()
self.log_vulns()
def exec_plugins(self):
"""
执行所有插件
:return:
"""
logger.process("Loading Plugins")
self.load_plugins()
if self.what_web:
logger.process("Loading multi_whatweb")
self.identify_cms()
for plugin in self.plugins:
logger.process("Loading %s" % plugin)
self.load_plugin(plugin)
pool = threadpool.ThreadPool(self.thread_number)
reqs = threadpool.makeRequests(self.exec_single_plugin,
self.targets)
for req in reqs:
pool.putRequest(req)
pool.wait()
self.log_vulns()
def main():
global thread_pool
global config
global cos_log
bucketdirList = BucketDirList(BUCKET_PATH_LIST_PATH)
cosconfig = CosConfig(300, 300, False, region=config.region)
cos_client = CosClient(config.appid, config.secret_id, config.secret_key,
config.region)
cos_client.set_config(cosconfig)
thread_pool_dir = threadpool.ThreadPool(config.dir_thread_num)
for var in bucketdirList.bucketDirList:
cos_log.debug(var)
bucket = bucketdirList.getBucketName(var)
path = bucketdirList.getPath(var)
if (bucket == "" or path == ""):
cos_log.error(
"config is invalid at line %s, please check it and try again!"
% var)
continue
thread_pool_file = threadpool.ThreadPool(config.file_thread_num)
cos_log.debug("bucket:" + bucket + ",path:" + path)
cos_log.debug(
'please commit the target to be deleted. bucket: %s, path: %s (yes/no)'
% (bucket, path))
answer = sys.stdin.readline()
if answer.lower().strip() != "yes":
cos_log.debug('answer is not yes. quit')
return
args = [cos_client, bucket, path, thread_pool_file]
args_tuple = (args, None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delete_r, args_list)
for req in requests:
thread_pool_dir.putRequest(req)
cos_log.debug("thread_pool_dir waiting.....\n")
thread_pool_dir.wait()
thread_pool_dir.dismissWorkers(config.dir_thread_num, True)
cos_log.debug("thread_pool_dir wait end.....\n")
def delete_r(cos_client, bucket, path, thread_pool_file):
global stat
global config
global cos_log
cos_log.debug("delete_r bucket:"+bucket+",path:"+path)
context = u""
#递归文件夹
while True:
listfolderreq = ListFolderRequest(bucket, path, 1000, u'', context)
retry = 0
while (retry < MAX_RETRY_TIMES):
listret = cos_client.list_folder(listfolderreq)
if listret['code'] != 0 :
retry += 1
sleep(random.randint(1,3))
continue
else:
break
if (listret['code'] != 0):
#cos_log.error("delete_r: list folder fail:"+path +",return msg:"+ listret['message'])
cos_log.error("delete_r: list folder fail:"+path +",return msg:"+ str(listret.get('message')))
return listret['code']
if (len(listret['data']['infos']) == 0):
break;
filelist = []
dirlist = []
for info in listret['data']['infos']:
fullname = path + info['name']
#list出来的文件列表中文件夹和文件本身是混杂一起的
if info.has_key('filesize'):
filelist.append(fullname)
if (len(filelist) >= config.one_task_del_file_num):
args = [cos_client, bucket, filelist]
args_tuple = (args,None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delfiles, args_list)
for req in requests:
thread_pool_file.putRequest(req)
filelist = []
continue
else:
pass
else:
dirlist.append(fullname)
if (len(dirlist) >= config.one_task_del_file_num):
args = [cos_client, bucket, dirlist]
args_tuple = (args,None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delfolders, args_list)
for req in requests:
thread_pool_file.putRequest(req)
dirlist = []
continue
else:
pass
pass
if (len(filelist) > 0):
args = [cos_client, bucket, filelist]
args_tuple = (args,None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delfiles, args_list)
for req in requests:
thread_pool_file.putRequest(req)
filelist = []
else:
pass
if (len(dirlist) > 0):
args = [cos_client, bucket, dirlist]
args_tuple = (args,None)
args_list = [args_tuple]
requests = threadpool.makeRequests(delfolders, args_list)
for req in requests:
thread_pool_file.putRequest(req)
filelist = []
else:
pass
cos_log.debug("delete_r thread pool file waiting\n")
thread_pool_file.wait()
cos_log.debug("delete_r thread pool file waiting end\n")
if (listret['data']['listover'] == False):
context = listret['data']['context']
continue
else:
break
stat.logStat()
return 0
