def async_run(func, items, callback): """ 运行任务 :param func: 异步函数对象 :param items: 异步函数参数 :param callback: 回调函数 :return: """ # 任务组, 最大协程数 pool = AsyncPool() # 插入任务任务 # for i in range(100000): # pool.submit(thread_example(i), my_callback) for i in items: pool.submit(func(i), callback) # 停止事件循环 pool.release() # 获取线程数 msg = f'Current task {pool.running}' LOGGER.info(msg) # 等待 pool.wait()
def command_unsetg(args): if len(args.split(' ')) == 2: parse = args.split(' ') if parse[0] == 'proxy': optProxy.__set__(None) else: LOGGER.warning('Please input unsetg <proxy>')
def register_option(self, key, value): if key in self.option.keys(): if value: self.option[key]['Current Setting'] = value print(f'{key} => {value}') else: msg = f'Please input {key}\'s value' LOGGER.warning(msg)
def eyou_rce_callback(self, future): resp = future.result() if resp: if resp['code'] == 200: result = resp['text'] LOGGER.success(result) else: msg = 'The target ' + str(resp['url']) + ' not vuln !' LOGGER.info(msg)
def command_search(args): if len(args.split(' ')) == 1: keyword = args.split(' ')[0] result = module_manager.search_module(keyword) if not result: msg = f'search {keyword} not found' LOGGER.info(msg) else: search_style(result) else: LOGGER.warning('Please input search <keyword>')
def check_run(self): # 运行前检查必填参数 options = self.current_module.option for k, v in options.items(): c_set = v['Current Setting'] required = v['Required'] if not c_set and required == 'yes': LOGGER.warning(f'{k} is not set!') return False return True
def spider_callback(self, future): resp = future.result() status = int(self.get_options('status')) try: if resp['code'] == status: url = resp['url'] title = re.findall('<title>(.*?)</title>', resp['text'])[0] msg = f'{url} - {status} - {title}' LOGGER.success(msg) except (TypeError, IndexError): pass
def start(self): """用户输入输出循环""" print(self.banner) while True: try: command, args = self.parse_line(input(self.prompt)) if not command: continue self.command_handle(command, args) except (KeyboardInterrupt, EOFError): LOGGER.info('Interrupt: use the \'exit\' command to quit')
def rg_uac_passleak_callback(self, future): resp = future.result() if resp['code'] == 200: result = resp['text'] user = re.findall('"name":"(.*?)"', result) password = re.findall('"password":"******"', result) for i in range(len(user)): msg = f'name:{user[i]},password:{password[i]}' LOGGER.success(msg) else: msg = 'The target ' + str(resp['url']) + ' not vuln !' LOGGER.info(msg)
def command_exec(args): # 执行系统命令并时时打印 msg = f'exec {args}' LOGGER.info(msg) process = subprocess.Popen(args, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) while process.poll() is None: line = process.stdout.readline() line = line.strip() if line: if IS_WIN: print(line.decode('gbk', 'ignore')) else: print(line.decode('utf-8', 'ignore'))
def load_module(name): # if os.path.isdir(name): # exp = parse_exp(name) # for i in exp: # path = (name + i).replace('/', '.') # try: # module_obj = importlib.import_module(name=path) # if hasattr(module_obj, 'Zerooosploit'): # pass # except ModuleNotFoundError as e: # LOGGER.error(e) # else: exp = name.replace('/', '.') try: global mod mod = importlib.import_module('modules.' + exp) if hasattr(mod, 'Zerooosploit'): module_self = getattr(mod, 'Zerooosploit') # print(getattr(module_self, 'show_info')) # print('class', module_self()) return module_self() else: msg = f'Module {exp} doesn\'t define any object named Zerooosploit' LOGGER.error(ModuleNotDefineException(msg)) except ModuleNotFoundError as e: LOGGER.error(e) except Exception as e: LOGGER.exception(e)
def command_handle(self, command, args): # print('1:',command, '2:',args) if self.current_module: if command == 'run' or command == 'exploit': self.command_run() elif command == 'back' or command == 'exit': self.command_back() elif command == 'set' and args: self.command_set(args) elif command == 'show' and args == 'options': self.command_show_options() elif command == 'show' and args == 'info': self.command_show_info() elif command == 'reload': self.command_reload() else: LOGGER.error('Unknow command: {0}.'.format(command, args)) else: if command == 'use': self.module_use(args) elif command == 'help' or command == '?': self.command_help() elif command == 'setg' and args: self.command_setg(args) elif command == 'unsetg' and args: self.command_unsetg(args) elif command == 'exit' or command == 'quit': sys.exit() elif command == 'exec' and args: self.command_exec(args) elif command == 'search' and args: self.command_search(args) elif command == 'list': self.command_modules_list() else: LOGGER.error('Unknow command: {0}.'.format(command + args))
def __set__(self, value): if 'http://' in value: self.value = value LOGGER.info(f'proxy => {self.value}') elif 'socks5://' in value: self.value = value LOGGER.info(f'proxy => {self.value}') else: LOGGER.warning('Support only http:// or socks5://') self.value = None
def __set__(self, value): if value == 'on': self.value = True LOGGER.info('debug => on') return self.value elif value == 'off': self.value = False LOGGER.info('debug => off') return self.value else: LOGGER.info('setg debug on/off') return self.value
def command_reload(self): module_metadata = self.module_metadata() LOGGER.info(f'Reloading module {module_metadata}...') reload_module() self.command_back() LOGGER.success(f'Reload complete, please use {module_metadata}')
def command_run(self): LOGGER.info(f'Running module {self.module_metadata()}...') if self.check_run(): self.current_module.exploit()
def get_options(self, key): try: return self.option[key]['Current Setting'] except KeyError: msg = f'{key} not found' LOGGER.warning(msg)
async def send_request_cgi(self, method, url, **kwargs): kwargs.setdefault('timeout', self.http_timeout) kwargs.setdefault('headers', self.http_headers) kwargs.setdefault('verify_ssl', self.verify_ssl) kwargs.setdefault('allow_redirects', self.http_allow_redirects) kwargs.setdefault('proxy', self.proxy) # 连接数限制 禁止dns缓存 conn = aiohttp.TCPConnector(use_dns_cache=False) try: # async with asyncio.Semaphore(rate): async with aiohttp.ClientSession(connector=conn) as session: # async with aiohttp.ClientSession(connector=conn) as session: resp = await session.request(method, url, **kwargs) LOGGER.debug(f'Requests: {method} {url}', self.debug) text = await resp.text() content = await resp.read() stream_content = await resp.content.read() resp = { 'code': resp.status, 'text': text, 'content': content, 'url': resp.url, 'stream_content': stream_content, 'headers': resp.headers, 'cookie': resp.cookies } LOGGER.debug(http_response_style(resp['code'], resp['headers'], resp['text'], resp['content'], resp['stream_content']), self.debug) return resp except aiohttp.ClientConnectorError: LOGGER.error(f'{url} Error: ConnectionError') except aiohttp.ServerDisconnectedError: LOGGER.error(f'{url} Error: ServerDisconnectedError') except aiohttp.InvalidURL: LOGGER.error(f'Invalid URL format: {url}') except socket.error as e: LOGGER.warning(e) except KeyboardInterrupt: LOGGER.warning('Module has been stopped') except asyncio.TimeoutError as e: pass except Exception as e: LOGGER.exception(e) return None
def tcp_scan_callback(self, future): ip, port, status = future.result() if status == 'open': msg = f'{ip} {port} {status}' LOGGER.success(msg)
def exploit(self): targets = get_target(self.get_options('targets')) async_run(self.rg_uac_passleak, targets, self.rg_uac_passleak_callback) LOGGER.info('exploit complete')
def exploit(self): targets = get_target(self.get_options('targets')) async_run(self.eyou_rce, targets, self.eyou_rce_callback) LOGGER.info('exploit complete')
# if exp_info: # self.only_insert_data('Exploit', exp_info['Name'], exp_info['Module'], exp_info['Product'], exp_info['Cve'], # exp_info['Create_date'], exp_info['Description'], exp_info['Authors'], # exp_info['References']) # if aux_info: # self.only_insert_data('Auxiliary', aux_info['Name'], aux_info['Module'], aux_info['Product'], # aux_info['Cve'], aux_info['Create_date'], aux_info['Description'], # aux_info['Authors'], aux_info['References']) # except KeyError: # pass try: module_manager = ModuleManager() except (sqlite3.OperationalError, Exception) as e: LOGGER.exception(e) def parse_module(): exp = [] for dirpath, dirnames, filenames in os.walk('./modules/exploit'): for file in filenames: if file.endswith('.py') and '__init__' not in file: if '__pycache__' not in dirpath: exp.append(f'{dirpath}/{file}') aux = [] for dirpath, dirnames, filenames in os.walk('./modules/auxiliary'): for file in filenames: if file.endswith('.py') and '__init__' not in file: if '__pycache__' not in dirpath: aux.append(f'{dirpath}/{file}')