def verify_poc(scan_data): plugin_name = scan_data['plugin_name'] plugin_filename = scan_data['plugin_filename'] target = scan_data['target'] info = { "pocname": plugin_name, "pocstring": open(plugin_filename, 'r').read(), "mode": 'verify' } try: invoker = Cannon(target, info) result = invoker.run() if result[-3][0] == 1: scan_result = { "plugin_filename": scan_data['plugin_filename'], "plugin_name": scan_data['plugin_name'], "plugin_id": scan_data['plugin_id'], "plugin_type": scan_data['plugin_type'], "plugin_app": scan_data['plugin_app'], "plugin_version": scan_data['plugin_version'], "target": scan_data['target'], "task_id": scan_data['task_id'], "task_name": scan_data['task_name'], "scan_result": result[-1], "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), "tag": "" } connectiondb(vul_db).insert(scan_result) except Exception as e: raise e
def multi_brute(self): data_save = [] result = [] self.resolver_ip = self.resolver_check() pool = Pool(processes=self.thread) for sub_domain in self.domain_handle(): result.append(pool.apply_async(resolution, (sub_domain, ))) pool.close() pool.join() for res in result: self.result = res.get() for subdomain in self.result: if self.result[subdomain] != self.resolver_ip: data = { "subdomain": subdomain, "domain": self.domain, "domain_id": self.domain_id, "date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"), "result": self.result[subdomain], "title": '', "webfinder": '', } data_save.append(data) try: if data_save: connectiondb(subdomain_db).insert_many(data_save, ordered=True) except Exception as e: print("[!] %s Saved result error: %s" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), e)) print("[*] %s %s Brute Done" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.domain))
def config(): subdomain_dict = [] subdomain_dict_path = os.getcwd() + '/../tests/domain.dict' try: with open(subdomain_dict_path) as file_read: for i in file_read: subdomain_dict.append(i.strip()) except Exception as e: print(e) subdomain_dict = ['www', 'mail', 'test'] mail_dict = [] mail_dict_path = os.getcwd() + '/../tests/names_top500.txt' try: with open(mail_dict_path) as file_read: for i in file_read: mail_dict.append(i.strip()) except Exception as e: print(e) mail_dict = ['zhangming', 'xiaoli', 'xiaoxue'] mail_dict1 = [] mail_dict_path1 = os.getcwd() + '/../tests/password1.txt' try: with open(mail_dict_path1) as file_read: for i in file_read: mail_dict1.append(i.strip()) except Exception as e: print(e) mail_dict1 = ['zhangming', 'xiaoli', 'xiaoxue'] if not connectiondb(config_db).find_one({"config_name": config_name}): config_data = { 'poc_thread': 50, 'discovery_thread': 50, 'subdomain_thread': 50, 'port_thread': 50, 'config_name': config_name, 'poc_frequency': 15, 'mail_port':25, #add 'port_list': [20, 21, 22, 23, 80, 81, 443, 445, 544, 873, 1080, 1433, 1434, 1521, 2100, 3306, 3389, 4440, 5671, 5672, 5900, 5984, 6379, 7001, 8080, 8081, 8089, 8888, 9090, 9200, 11211, 15672, 27017, 50070], 'subdomain_dict_2': subdomain_dict, 'mail_user_dict':mail_dict, #add 'mail_password_dict': mail_dict1, 'github_user':'******', 'todo':'2020-11-11 asas', 'github_password':'******', 'github_page':10, 'subdomain_dict_3': ['www', 'mail', 'test'], 'username_dict': ['admin', 'root', 'administrators'], 'password_dict': ['123456', 'password', '12345678', 'admin', 'admin123'], 'auth_tester_thread': 50, 'discovery_time': "10:30:00", 'auth_service': ['asterisk', 'cisco', 'cisco-enable', 'cvs', 'firebird', 'ftp', 'ftps', 'http-proxy', 'http-proxy-urlenum', 'icq', 'imap', 'irc', 'ldap2', 'mssql', 'mysql', 'nntp', 'oracle-listener', 'oracle-sid', 'pcanywhere', 'pcnfs', 'pop3', 'postgres', 'rdp', 'redis', 'rexec', 'rlogin', 'rsh', 's7-300', 'sip', 'smb', 'smtp', 'smtp-enum', 'snmp', 'socks5', 'ssh', 'sshkey', 'svn', 'teamspeak', 'telnet', 'vmauthd', 'vnc', 'xmpp'], } connectiondb(config_db).insert_one(config_data)
def __init__(self, task_id): self.task_id = task_id self.tasks_db_cursor = connectiondb(tasks_db).find_one( {"_id": self.task_id}) self.target_list = parse_target(self.tasks_db_cursor['scan_target']) self.plugin_id_list = self.tasks_db_cursor['plugin_id'] self.result_tmp = [] self.result = [] self.processes = connectiondb(config_db).find_one( {"config_name": config_name})['poc_thread']
def port_result(self): self.result.append(self.scan().command_line()) for i in self.scan().csv().split('\r\n'): self.result.append(i) self.result.pop(1) connectiondb(port_db).update_one({"_id": self.scan_id}, {'$set': { 'status': 'Done', 'detail': self.result }}) return self.result
def __init__(self, asset_id): self.asset_id = asset_id self.result_tmp = [] self.result = [] self.port_list = connectiondb(config_db).find_one( {"config_name": config_name})['port_list'] self.processes = connectiondb(config_db).find_one( {"config_name": config_name})['discovery_thread'] self.asset_name = connectiondb(asset_db).find_one( {"_id": self.asset_id})['asset_name'] self.host_list = parse_target( connectiondb(asset_db).find_one({"_id": self.asset_id})['asset_host'])
def save_result(self, target, service, username, password): data = { "target": target, "service": service, "username": username, "password": password, "date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"), "task_id": self.task_id, "task_name": self.task_name, "tag": "" } self.week_count += 1 connectiondb(weekpasswd_db).insert_one(data)
def local_install(): print("[*]Processing...") connectiondb(plugin_db).drop() path = os.getcwd() + '/pocsuite_plugin/' files = os.listdir(path) for file_name in files: plugin_info = parse_plugin(path + file_name.strip()) if plugin_info is None: pass else: db_insert = connectiondb(plugin_db).insert_one( plugin_info).inserted_id print("[*]Processing Completed!")
def multi_brute(self): self.mail_handle() data_save = [] try: for user in self.mail_user: message1 = message2 = '' for pwd in self.mail_password: pwd = pwd.replace('<user>', user) while True: try: email = str(user) password = str(pwd) pop3_server = self.email # 连接到POP3服务器: server = poplib.POP3( pop3_server, int( connectiondb(config_db).find_one( {"config_name": config_name})['mail_port'])) server.user(email) server.pass_(password) # stat()返回邮件数量和占用空间: message1, message2 = server.stat() server.quit() break except: break if len(str(message1)) > 0: message1 = '' #print('(SUCESS)>> User:'******'Password:'******'', } data_save.append(data) try: if data_save: connectiondb(subemail_db).insert_many(data_save, ordered=True) except Exception as e: print(e) data_save = [] except Exception as e: print(e)
def __init__(self, email_name_val, email_name_val1, email_id): print("[*] %s %s Brute Start" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), email_id)) self.email = email_name_val1 self.keyword = email_name_val self.email_id = email_id self.mail_user = [] self.mail_password = [] self.third_domain = connectiondb(email_db).find_one({"_id": email_id })['third_domain'] self.mail_user_dict = connectiondb(config_db).find_one( {"config_name": config_name})['mail_user_dict'] self.mail_password_dict = connectiondb(config_db).find_one( {"config_name": config_name})['mail_password_dict'] self.resolver_ip = '' self.result = ''
def save_result(self): if connectiondb(server_db).find_one({"asset_id": self.asset_id}): connectiondb(server_db).update({"asset_id": self.asset_id}, {"$set": { "tag": "delete" }}, multi=True) for res in self.result: res['asset_name'] = self.asset_name res['asset_id'] = self.asset_id res['tag'] = "" res['date'] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) try: connectiondb(server_db).insert_one(res) except Exception as e: print("[!] Save discovery result error %s" % e)
def _get_task(self): for task_info in connectiondb(auth_db).find(): self.recursion = task_info['recursion'] self.status = task_info['status'] self.scan_date = task_info['date'] self.task_id = task_info['_id'] start_date = datetime.strptime(self.scan_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.now() - start_date).total_seconds() if self.recursion == 0: pass # every day elif self.recursion == 1 and "Completed" in self.status: if plan_time > 60 * 60 * 24 * 1: if self.start_loop_scan(): print( "[*] Every Day Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())) # every week elif self.recursion == 7 and "Completed" in self.status: if plan_time > 60 * 60 * 24 * 7: if self.start_loop_scan(): print( "[*] Every Week Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())) # every month elif self.recursion == 30 and "Completed" in self.status: if plan_time > 60 * 60 * 24 * 30: if self.start_loop_scan(): print( "[*] Every Month Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
def __init__(self, task_id): self.task_id = task_id self.db_cursor = connectiondb(auth_db).find_one({"_id": self.task_id}) self.processes = connectiondb(config_db).find_one( {"config_name": config_name})['auth_tester_thread'] self.task_name = self.db_cursor['task_name'] self.username_list = self.db_cursor['username'] self.password_list = self.db_cursor['password'] self.target_list = parse_target(self.db_cursor['target']) self.check_result = {} self.online_target = [] self.service_list = self.db_cursor['service'] self.args = self.db_cursor['args'] self.result_pool = [] self.result = [] self.week_count = 0
def start_loop_scan(self): connectiondb(weekpasswd_db).update({"task_id": self.task_id}, {"$set": { "tag": "delete" }}, multi=True) connectiondb(auth_db).update_one({"_id": self.task_id}, { "$set": { "status": "Queued", "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), "week_count": 0, } }) scanner = AuthCrack(self.task_id) if scanner: t1 = Thread(target=scanner.start_scan, args=()) t1.start() return True
def get_domain_what(domain_id): pool = Pool(processes=10) result = [] for i in connectiondb(subdomain_db).find({"domain_id": domain_id}): result.append(pool.apply_async(openmain, (i['subdomain'], i['_id']))) pool.close() pool.join() for res in result: lock.acquire() try: connectiondb(subdomain_db).update_one( {"_id": res.get()["_id"]}, {"$set": { "webfinder": res.get()['webfinder'] }}) except Exception as e: print("update webfinder error", e) lock.release()
def start_github_brute(github_name_val, payloads_list, github_id): time_start = datetime.now() print("[*] %s Domain Brute start %s" % (time_start.strftime("%Y-%m-%d %H:%M:%S"), github_id)) connectiondb(github_db).update_one({"_id": github_id}, {"$set": { "status": "Running" }}) start_brute = githubBrute(github_name_val, payloads_list, github_id) start_brute.multi_brute() connectiondb(github_db).update_one({"_id": github_id}, {"$set": { "status": "Done" }}) time_end = datetime.now() print("[*] %s Domain Brute Done %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), github_id)) print("[*] %s Used Time: %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), (time_end - time_start).seconds))
def __init__(self, domain, domain_id): print("[*] %s %s Brute Start" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), domain)) self.domain = domain self.domain_id = domain_id self.sub_domain = [] self.third_domain = connectiondb(domain_db).find_one( {"_id": domain_id})['third_domain'] self.resolver_ip = '' self.result = '' self.thread = int( connectiondb(config_db).find_one({"config_name": config_name })['subdomain_thread']) self.subdomain_dict_2 = connectiondb(config_db).find_one( {"config_name": config_name})['subdomain_dict_2'] self.subdomain_dict_3 = connectiondb(config_db).find_one( {"config_name": config_name})['subdomain_dict_3'] self.random_subdomain = ''.join(sample(digits + ascii_lowercase, 10)) + '.' + domain
def __init__(self, github_name_val, payloads_list, github_id): print("[*] %s %s Brute Start" % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), github_id)) self.keyword = github_name_val self.github = payloads_list self.github_id = github_id self.third_domain = connectiondb(github_db).find_one( {"_id": github_id})['third_domain'] self.resolver_ip = '' self.result = ''
def _get_task(self): print("Discovery scheduler success") for asset_info in connectiondb(asset_db).find(): self.discover_option = asset_info['discover_option'] if self.discover_option == "Enable": self.asset_id = asset_info['_id'] try: AssetDiscovery(self.asset_id).set_discovery() except Exception as e: print(e) return e print("Discovery scheduler done")
def start_email_brute(email_name_val, payloads_list, email_id): time_start = datetime.now() print("[*] %s mail Brute start %s" % (time_start.strftime("%Y-%m-%d %H:%M:%S"), email_id)) connectiondb(email_db).update_one({"_id": email_id}, {"$set": { "status": "Running" }}) for email_name_val1 in payloads_list: start_brute = emailBrute(email_name_val, email_name_val1, email_id) start_brute.multi_brute() connectiondb(email_db).update_one({"_id": email_id}, {"$set": { "status": "Done" }}) time_end = datetime.now() print("[*] %s mail Brute Done %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), email_id)) print("[*] %s Used Time: %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), (time_end - time_start).seconds))
def start_domain_brute(domain_list, domain_id): time_start = datetime.now() print("[*] %s Domain Brute start %s" % (time_start.strftime("%Y-%m-%d %H:%M:%S"), domain_id)) connectiondb(domain_db).update_one({"_id": domain_id}, {"$set": { "status": "Running" }}) for domain in domain_list: start_brute = DomainBrute(domain, domain_id) start_brute.multi_brute() connectiondb(domain_db).update_one({"_id": domain_id}, {"$set": { "status": "Done" }}) time_end = datetime.now() print("[*] %s Domain Brute Done %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), domain_id)) print("[*] %s Used Time: %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"), (time_end - time_start).seconds)) get_domain_title(domain_id) get_domain_what(domain_id)
def set_scanner(self): connectiondb(tasks_db).update_one( {'_id': ObjectId(self.task_id)}, {'$set': { 'task_status': 'Processing' }}) if connectiondb(vul_db).find_one({"task_id": self.task_id}): connectiondb(vul_db).update({'task_id': self.task_id}, {"$set": { "tag": "delete" }}, multi=True) pool_scanner = Pool(processes=self.processes) for target in self.target_list: for plugin_id in self.plugin_id_list: plugin_cursor = connectiondb(plugin_db).find_one( {"_id": ObjectId(plugin_id)}) scan_data = { "plugin_filename": plugin_cursor['plugin_filename'].encode("UTF-8"), "plugin_name": plugin_cursor['plugin_name'].encode("UTF-8"), "plugin_id": plugin_cursor['_id'], "plugin_type": plugin_cursor['plugin_type'], "plugin_app": plugin_cursor['plugin_app'], "plugin_version": plugin_cursor['plugin_version'], "target": target, "task_id": self.task_id, "task_name": self.tasks_db_cursor['task_name'], } pool_scanner.apply_async(verify_poc, (scan_data, )) pool_scanner.close() pool_scanner.join() connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, { '$set': { 'task_status': 'Completed', 'end_date': time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) } })
def _get_task(self): # while thread_lock: for task_info in connectiondb(tasks_db).find(): self.recursion = int(task_info['task_recursion']) self.task_id = task_info['_id'] self.status = task_info['task_status'] self.end_date = task_info['end_date'] if self.recursion == 0: pass # every day task if self.recursion == 1: if "Processing" in self.status: pass else: start_date = datetime.datetime.strptime( self.end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24: print("Every day recursion start......") scanner = PocsuiteScanner(self.task_id) scanner.set_scanner() # every week task elif self.recursion == 7: if "Processing" in self.status: pass else: start_date = datetime.datetime.strptime( self.end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24 * 7: print("Every week start...") scanner = PocsuiteScanner(self.task_id) scanner.set_scanner() # every month task elif self.recursion == 30: if "Processing" in self.status: pass else: start_date = datetime.datetime.strptime( self.end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24 * 30: print("Every month start...") scanner = PocsuiteScanner(self.task_id) scanner.set_scanner()
def acunetix_view(): # scanner view if request.method == "GET": acunetix_task = connectiondb(acunetix_db).find() return render_template('acunetix-scanner.html', acunetix_task=acunetix_task) else: if request.form.get('source') == "new_scan": target_id = [] task_name = request.form.get('task_name') target_list = request.form.get('target_addr').split("\n") scan_type = request.form.get('scan_type') description_val = request.form.get('description_val') for target in parse_target(target_list): target_id.append(AcunetixScanner().start_task(target, description_val, scan_type)['target_id']) task_data = { "task_name": task_name, "target_list": target_list, "scan_type": scan_type, "description": description_val, "status": "", "target_id": target_id, "date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), } connectiondb(acunetix_db).insert(task_data) # print(new_scan) return "success" elif request.form.get('source') == "delete_task": task_id = request.form.get('delete') target_id = connectiondb(acunetix_db).find_one({"_id": ObjectId(task_id)})['target_id'] if connectiondb(acunetix_db).remove({"_id": ObjectId(task_id)}): for t_id in target_id: AcunetixScanner().delete_target(t_id) return "success" else: return "warning" elif request.form.get('source') == "download_report": task_id = request.form.get('task_id') target_id = connectiondb(acunetix_db).find_one({"_id": ObjectId(task_id)})['target_id'] task_name = connectiondb(acunetix_db).find_one({"_id": ObjectId(task_id)})['task_name'] report_url = AcunetixScanner().reports(target_id, 'targets', task_name) if report_url: return jsonify({"html_url": report_url[0], "pdf_url": report_url[1]}) else: return "warning"
def drop_database(db_name): result = connectiondb(db_name).remove() print("[*] Drop database: %s %s" % (db_name, result))
def start_scan(self): connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": { "status": "Processing" }}) # start host check tmp_result = [] check_time = datetime.now() print("[*] %s %s Service Check..." % (check_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) for service in self.service_list: # Filter online host pool_a = Pool(processes=self.processes) for target in self.target_list: tmp_result.append( pool_a.apply_async(service_check, (target, service, self.args))) pool_a.close() pool_a.join() for res_a in tmp_result: if res_a.get(): target = res_a.get()['target'] check_res = res_a.get()['result'] if check_res: username = check_res['username'] password = check_res['password'] if not username: username = "******" if not password: password = "******" self.save_result(target, service, username, password) else: self.online_target.append(target) self.check_result[service] = self.online_target self.online_target = [] tmp_result = [] check_end_time = datetime.now() print("[*] %s %s Service Check Done..." % (check_end_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) print("[*] %s Service check used time: %ss" % (self.task_name, (check_end_time - check_time).seconds)) # start crack print("[*] %s %s Crack Start..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) pool_b = Pool(processes=self.processes) for service, target_list in self.check_result.items(): # print(service, target_list) self.result.append( pool_b.apply_async(hydra_scanner, (target_list, service, self.username_list, self.password_list, self.args))) pool_b.close() pool_b.join() print("[*] %s %s Crack Done..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) for res_b in self.result: if res_b.get(): for i in res_b.get(): target = i['target'] service = i['service'] username = i['username'] password = i['password'] self.save_result(target, service, username, password) print("[*] %s Crack used time: %ss" % (self.task_name, (datetime.now() - check_time).seconds)) print("[*] %s %s Saving result..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name)) connectiondb(auth_db).update_one( {"_id": self.task_id}, {"$set": { "status": "Completed", "week_count": self.week_count, }}) print("[*] %s %s Save result done..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
def __init__(self): self.sche_time = connectiondb(config_db).find_one( {"config_name": config_name})['discovery_time'].split(":") self.asset_id = '' self.discover_option = ''
def multi_brute(self): g_User = connectiondb(config_db).find_one({"config_name": config_name})['github_user'] g_Pass = connectiondb(config_db).find_one({"config_name": config_name })['github_password'] keyword = self.keyword payloads = self.github sensitive_list = [] comp_list = [] data_save = [] tUrls = [] login_url = 'https://github.com/login' session_url = 'https://github.com/session' try: s = requests.session() resp = s.get(login_url).text dom_tree = etree.HTML(resp) key = dom_tree.xpath('//input[@name="authenticity_token"]/@value') # print key user_data = { 'commit': 'Sign in', 'utf8': '✓', 'authenticity_token': key, 'login': g_User, 'password': g_Pass } # print key,g_User,g_Pass s.post(session_url, data=user_data) s.get('https://github.com/settings/profile') # print g_User,g_Pass except Exception as e: print e try: print('login.......') sleep(1) for page in tqdm( range( 1, connectiondb(config_db).find_one( {"config_name": config_name})['github_page'])): search_code = 'https://github.com/search?p=' + str( page) + '&q=' + keyword + '&type=Code' resp = s.get(search_code) results_code = resp.text dom_tree_code = etree.HTML(results_code) Urls = dom_tree_code.xpath( '//div[@class="flex-auto min-width-0 col-10"]/a[2]/@href') users = dom_tree_code.xpath( '//div[@class="flex-auto min-width-0 col-10"]/a[1]/text()') datetime = dom_tree_code.xpath('//relative-time/text()') filename = dom_tree_code.xpath( '//div[@class="flex-auto min-width-0 col-10"]/a[2]/text()') for i in range(len(Urls)): for Url in Urls: Url = 'https://github.com' + Url tUrls.append(Url) #[,filename[i]] data = { "subgithub": self.keyword, "github": self.github, "github_id": self.github_id, "date": datetime[i], "result": tUrls[i], "user": users[i], "title": '', } data_save.append(data) try: if data_save: connectiondb(subgithub_db).insert_many(data_save, ordered=True) except Exception as e: print(e) print sensitive_list, comp_list except Exception as e: print(e)