def __call__(self, parser, namespace, values, option_string=None):
columns = ['expName', 'os', 'webserver', 'language', 'appName']
if values.endswith(".py"):
expFileList = [values]
else:
if ":" not in values:
column = 'expName'
keyword = values.strip().decode(sys.stdout.encoding)
else:
splited = values.split(":")
column = splited[0].strip()
keyword = ":".join(splited[1:]).decode(sys.stdout.encoding)
if column not in columns:
raise ExploitError(
"search param error, should be one of '{0}'".format(
columns))
exploits = ExpModel.search(column, keyword)
if exploits:
expFileList = [e.expFile for e in exploits]
else:
expFileList = []
setattr(namespace, self.dest, expFileList)
def __call__(self, parser, namespace, values, option_string=None):
columns = ['expName', 'os', 'webserver', 'language', 'appName']
if values.endswith(".py"):
expFileList = [values]
else:
if ":" not in values:
column = 'expName'
keyword = values.strip().decode(sys.stdout.encoding)
else:
splited = values.split(":")
column = splited[0].strip()
keyword = ":".join(splited[1:]).decode(sys.stdout.encoding)
if column not in columns:
raise ExploitError("search param error, should be one of '{0}'".format(columns))
exploits = ExpModel.search(column, keyword)
if exploits:
expFileList = [e.expFile for e in exploits]
else:
expFileList = []
setattr(namespace, self.dest, expFileList)
def doExploit(args, out):
'''
exploit模块
'''
out.init(u"Exploit验证系统", tofile=args.output)
# 创建exploit信息数据库
if args.createdb:
try:
ExpModel.create()
except DBError as error:
out.error(u"创建数据库失败,'{0}'".format(error))
else:
out.info(u"创建数据库成功")
return True
# 注册register
if args.register:
path = os.path.split(args.register.rstrip("\\/"))[-1]
if ".py" in path:
path = os.path.join(sys.path[0], "exploit", path)
else:
path = os.path.join(sys.path[0], path)
if not os.path.exists(path):
out.error(u"路径'{0}'不存在".format(path))
return False
if os.path.isfile(path):
try:
expClass = _loadExpClass(path)
except ExploitError as error:
out.error(u"加载'{0}'失败,'{1}'".format(path, str(error)))
return False
exploit = expClass()
exploit.register()
out.info(u"'{0}'文件中的exploit注册成功".format(path))
return True
else:
files = glob.glob(os.path.join(path, "*.py"))
for f in files:
try:
expClass = _loadExpClass(f)
exploit = expClass()
exploit.register()
except ExploitError as error:
continue
else:
out.info(u"'{0}'文件中的exploit注册成功".format(f))
return True
# 更新exploit
if args.update:
try:
expClass = _loadExpClass(args.update)
except ExploitError as error:
out.error(u"加载exploit失败,reason: {0}".format(error))
return False
else:
exploit = expClass()
exploit.update()
out.info(u"Exploit信息更新成功")
return True
# 删除exploit信息条目
if args.delete:
expName = args.delete.strip().decode(
sys.stdout.encoding).encode("utf8")
try:
ExpModel.delete(expName)
except DBError as error:
out.error(u"删除exploit信息条目失败,'{0}'".format(error))
return False
else:
out.info(u"删除exploit信息条目成功")
return True
# 列举所有exploit
if args.list:
exploits = ExpModel.gets('expName', 'expFile')
out.warnning(u"项目中共有以下{0}个Exploit:\n".format(len(exploits)))
for exp in exploits:
out.info(out.Y(u"名称 : ") + exp.expName)
out.info(out.Y(u"文件 : ") + exp.expFile + "\n")
return True
# 搜索exploit
if args.query:
column, keyword = args.query
exploits = ExpModel.search(column, keyword)
if exploits:
out.green(u"关键词 '{0}' 在 '{1}' 列中搜索结果:\n".format(keyword, column))
for exp in exploits:
out.info(out.Y("expName: ") + exp.expName)
out.info(out.Y("expFile: ") + exp.expFile + "\n")
else:
out.red(u"在 '{0}' 列中未搜索到包含关键词 '{1}' 的exploit".format(
column, keyword))
return True
# 显示某个exploit的详细信息
if args.detail:
expName = args.detail.strip().decode(
sys.stdout.encoding).encode("utf8")
exp = ExpModel.get(expName)
out.info(str(exp))
return True
# Exploit执行
if isinstance(args.execute, list):
if not args.url:
out.error(u"缺少 -u/--url 参数")
return False
if args.execute:
for exp in args.execute:
for url in args.url:
result = _execExploit(exp, url, args)
out.info(result)
else:
out.red(u"未找到指定的exploits")
return False
return True
def doExploit(args, out):
'''
exploit模块
'''
out.init(u"Exploit验证系统", tofile=args.output)
# 创建exploit信息数据库
if args.createdb:
try:
ExpModel.create()
except DBError as error:
out.error(u"创建数据库失败,'{0}'".format(error))
else:
out.info(u"创建数据库成功")
return True
# 注册register
if args.register:
path = os.path.split(args.register.rstrip("\\/"))[-1]
if ".py" in path:
path = os.path.join(sys.path[0],"exploit",path)
else:
path = os.path.join(sys.path[0],path)
if not os.path.exists(path):
out.error(u"路径'{0}'不存在".format(path))
return False
if os.path.isfile(path):
try:
expClass = _loadExpClass(path)
except ExploitError as error:
out.error(u"加载'{0}'失败,'{1}'".format(path,str(error)))
return False
exploit = expClass()
exploit.register()
out.info(u"'{0}'文件中的exploit注册成功".format(path))
return True
else:
files = glob.glob(os.path.join(path,"*.py"))
for f in files:
try:
expClass = _loadExpClass(f)
exploit = expClass()
exploit.register()
except ExploitError as error:
continue
else:
out.info(u"'{0}'文件中的exploit注册成功".format(f))
return True
# 更新exploit
if args.update:
try:
expClass = _loadExpClass(args.update)
except ExploitError as error:
out.error(u"加载exploit失败,reason: {0}".format(error))
return False
else:
exploit = expClass()
exploit.update()
out.info(u"Exploit信息更新成功")
return True
# 删除exploit信息条目
if args.delete:
expName = args.delete.strip().decode(sys.stdout.encoding).encode("utf8")
try:
ExpModel.delete(expName)
except DBError as error:
out.error(u"删除exploit信息条目失败,'{0}'".format(error))
else:
out.info(u"删除exploit信息条目成功")
return True
# 列举所有exploit
if args.list:
exploits = ExpModel.gets('expName','expFile')
out.warnning(u"项目中共有以下{0}个Exploit:\n".format(len(exploits)))
for exp in exploits:
out.info(out.Y(u"名称 : ") + exp.expName)
out.info(out.Y(u"文件 : ") + exp.expFile + "\n")
return True
# 搜索exploit
if args.query:
column,keyword = args.query
exploits = ExpModel.search(column,keyword)
if exploits:
out.green(u"关键词 '{0}' 在 '{1}' 列中搜索结果:\n".format(keyword,column))
for exp in exploits:
out.info(out.Y("expName: ") + exp.expName)
out.info(out.Y("expFile: ") + exp.expFile + "\n")
else:
out.red(u"在 '{0}' 列中未搜索到包含关键词 '{1}' 的exploit".format(column,keyword))
return True
# 显示某个exploit的详细信息
if args.detail:
expName = args.detail.strip().decode(sys.stdout.encoding).encode("utf8")
exp = ExpModel.get(expName)
out.info(str(exp))
# Exploit执行
if args.execute:
if args.execute[0].endswith(".py"):
if not args.url:
out.error(u"缺少 -u/--url 参数")
return False
for url in args.url:
result = _execExploit(args.execute[0], url, args)
out.info(result)
return True
else:
if not args.url:
out.error(u"缺少 -u/--url 参数")
return False
exploits = ExpModel.search(args.execute[0], args.execute[1])
if exploits:
for exp in exploits:
for url in args.url:
result = _execExploit(exp.expFile, url, args)
out.info(result)
else:
out.red(u"在 '{0}' 列中未搜索到包含关键词 '{1}' 的exploit".format(args.execute[0],args.execute[1]))
return False
return True