def scanByDomain(self, domain): # 数据库记录 content = '' db = DBHelper() sql = "insert into job_status (status, path) valuse(%d, '%s')" % ( 0, file_name) db.excute_ddl_sql('safe_jobs', sql) # 生成报告头 self.exp_list = self.loadExp() self.file.write('domain\t\t\tattack_results\n') domain = self.httptools.get_standard_url(domain) for obj in self.exp_list: res = obj.expoit(domain) if not res: print('%s Exploit Failed:Unknow' % domain) content += '%s\tExploit\tFailed:Unknow' % domain else: print('Exploit Success:%s' % str(res)) content += '%sExploit\tSuccess:%s' % (domain, str(res)) # 完成后修改数据库,可添加一项时间列,记录任务开始时间,任务完成后查找当前开始时间的行 状态修改为完成 sql = "update job_status set status=%d,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)" % ( 1, content) print(sql) db.excute_ddl_sql('safe_jobs, sql')
def scanByQuery(self, query): content = '' # 数据库记录 db = DBHelper() sql = "insert into job_status (status, path) valuse(%d, '%s')" % ( 0, file_name) db.excute_ddl_sql('safe_jobs', sql) # 获取所有的EXP对象 self.exp_list = self.loadExp() # 生成报告头 self.file.write('domain\t\t\tattack_results\n') query_dsl = self.queryParser(query) query_res = self.es.search(body=query_dsl, index='showsafe', doc_type='web', size=100000) domain_list = [ x['_source']['domain'] for x in query_res['hits']['hits'] ] for target in domain_list: target = self.httptools.get_standard_url(target) print('[+]TargetHOST:%s' % target) for obj in self.exp_list: res = obj.expoit(target) if not res: record = '%s\t\t\tFailed\n' % target content += record print(record) else: record = '%s\t\t\t%s\n' % target content += record print(record) self.file.write(record) content = content.replace('\n', ' ') sql = "update job_status set status=%d,content='%s' where id =(select tmp.id from (select id from job_status order by id desc limit 1)tmp)" % ( 1, content) print(sql) db.excute_ddl_sql("safe_jobs", sql) self.file.close()
def run(self): (option, args) = self.optionInit() # print((option, args)) self.loaddir() if option.module_name == 'exp_name': if option.option == 'all': print('全网扫描模式') # 根据EXP名字查找模块文件 fp, pathname, desctiption = imp.find_module(option.exp_name) # 加载找到的文件 exp_file为模块文件 exp_file = imp.load_module(option.exp_name, fp, pathname, desctiption) # 从文件初始化为类的对象 exp_file = exp_file.SafecatExploit() # 初始化一个扫描脚本的对象,将要运行的EXP对象作为参数传入 self.exp_module = EXPModule(exp_file) elif option.option == 'single' and option.thost: target = self.httptools.get_standard_url(option.thost) mod = importlib.import_module(option.exp_name) print('[+] Test %s' % option.exp_name) # 通过module名字获取module中类的对象 for name in dir(mod): # dir(mod) 返回mod的属性,方法列表,getattr()获取列表中名字为变量name的那一个属性或方法;这里是取得类名 var = getattr(mod, name) # var即为最终获取到的类名 try: poc = var(target) # 通过类名初始化类的对象 except Exception: pass result = poc.run() # 执行类的对象的方法 db = DBHelper() sql = "insert into job_status (url, pocname, result) values('%s','%s','%s')" \ % (option.thost, mod.__name__, result) db.excute_ddl_sql('showsafe', sql) else: print('请输入-m确定测试模式')
def scanOneHost(self, target): # 数据库记录 content = '' db = DBHelper() sql = "insert into job_status (status, path) values(%d, '%s')" % ( 0, file_name) db.excute_ddl_sql('safe_jobs', sql) # print('[+]Start scanning in mode single...') print('[+]开始单个主机扫描,请稍后....') res = self.exp.exploit(target) if not res: print('%s Exploit Failed:Unknown' % target) content += '%s\tExploit\tFailed:Unknown' % target else: print('Exploit Success:%s\t\t%s' % ('x', str(res))) content = '%sExploit\tSuccess:%s\t\t%s' % (target, 'x', str(res)) content = content.replace('\n', ' ') # 直接先查询本表再更新在mysql会报错,只能在加一层刷新 http://blog.csdn.net/z_youarethebest/article/details/53785487 sql = "update job_status set status=%d, content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)" % ( 1, content) print(sql) db.excute_ddl_sql('safe_jobs', sql)