def main(): if not sga.module: sga.errorPrint("no module has been loaded") return try: sga.module.exploit() except Exception as e: sga.errorPrint("failed: %s has an error: %s" % (sga.modulePath, e))
def main(cmd): cmdList = cmd.split(" ") if len(cmdList) < 2: sga.errorPrint("search command: search [cveID/keyword]") return if not os.path.isfile(".com/cacheDB"): sga.errorPrint( "No local cache, use \"build\" command to build the local cache database file" ) sga.infoPrint("use slow search") result = slowSearch(cmdList[1]) else: result = search(cmdList[1]) if len(result) <= 0: return maxLengthPath = 0 maxLengthAuthor = 0 maxLengthDate = 0 for k in result: if maxLengthPath < len(k): maxLengthPath = len(k) if maxLengthAuthor < len(result[k]['author']): maxLengthAuthor = len(result[k]['author']) if maxLengthDate < len(result[k]['date']): maxLengthDate = len(result[k]['date']) string = "search keyword: %s" % (cmdList[1]) print(string) print("-" * len(string)) spaceString1 = " " + " " * (maxLengthPath - 4) spaceString2 = " " + " " * (maxLengthAuthor - 6) spaceString3 = " " + " " * (maxLengthDate - 4) print(" path%sauthor%sdate%sinfo" % (spaceString1, spaceString2, spaceString3)) print(" ----%s------%s----%s----" % (spaceString1, spaceString2, spaceString3)) for k in result: spaceString1 = " " + " " * (maxLengthPath - len(k)) spaceString2 = " " + " " * (maxLengthAuthor - len(result[k]['author'])) spaceString3 = " " + " " * (maxLengthDate - len(result[k]['date'])) print(" %s%s%s%s%s%s%s" % (k, spaceString1, result[k]['author'], spaceString2, result[k]['date'], spaceString3, result[k]['info']))
def main(cmd): cmdList = cmd.split(" ") if len(cmdList) < 2: sga.errorPrint("load command: load scorcsoftPOC/other/test") return modulePath = cmdList[1] badModule = False sga.moduleOptions = None if not os.path.isfile("%s.py" % (modulePath)): sga.errorPrint("failed: %s is not exist" % (modulePath)) return try: importString = modulePath.replace("/", ".") sga.module = importlib.import_module(importString) except Exception as e: sga.errorPrint("failed: %s has an error: %s" % (modulePath, e)) sga.module = None return try: sga.moduleType = sga.moduleTypeList[sga.module.type] sga.moduleOptions = sga.module.options # copy the module options to global module except: sga.errorPrint("failed: %s is not a SPF module" % (modulePath)) sga.module = None return for k in sga.module.options: # check the options sga.moduleOptionsWord.append( "%s " % (k)) # add current module option name auto complete tmp = list(sga.module.options[k]) if "value" not in tmp or "info" not in tmp: badModule = True break if "exploit" not in dir(sga.module): # check the main function badModule = True if badModule: sga.errorPrint("failed: %s is not a SPF module" % (modulePath)) sga.module = None return sga.modulePath = modulePath sga.commandWord.append("exploit") # add the exploit command auto complete sga.commandPrompt = '\033[4;30mspf\033[0m \033[1;31m%s\033[0m(%s) > ' % ( sga.moduleType, sga.modulePath) sga.successPrint("load: %s" % (modulePath))
def exploit(): #poc main function sga.infoPrint("test module, target host: %s, target port: %s" % (sga.get("rhost"), sga.get("rport"))) sga.successPrint("this is a successfully message for test") sga.errorPrint("this is an error message for test") sga.weakPrint("the target is vulnerable") sga.infoPrint("哈哈骗你的,想什么呢") sga.nweakPrint("the target is not vulnerable!")
def search(kw): try: for i in open(".com/cacheDB"): if kw in i: i = i.strip("\n") i = i.strip("\r\n") # for stupit bugdows info = json.loads(i) return info except: sga.errorPrint( "Can not use the local cache database, use \"build\" command to rebuild local cache database" ) sga.infoPrint("use slow search") slowSearch(kw)
def main(cmd): cmdList = cmd.split(" ") if len(cmdList) < 3: sga.errorPrint("set command: set [option name] [option value]") return if not sga.module: sga.errorPrint("no module has been load") return name = str(cmdList[1]) value = str(cmdList[2]) try: sga.moduleOptions[name]['value'] = value except: pass sga.infoPrint("set %s => %s" % (name, value))
def main(cmd): badCommand = ["vi", "vim", "ex", "python", "python3", "cd"] if cmd in badCommand: sga.infoPrint("command \"%s\" is not supported in SPF :)" % (cmd)) return result = subprocess.getstatusoutput(cmd) if result[0] == 0: string = "execute system command: %s" % (cmd) sga.successPrint(string) print("-" * (4 + len(string))) output = result[1].split("\n") for i in output: print(" %s" % (i)) print("-" * (4 + len(string))) else: sga.errorPrint("unknow command: %s" % (cmd))