def main(args):
'''parse arguments and load info'''
# Minimum error checking
if len(args) < 4:
print("Not enough args")
usage()
exit(1)
elif args[1] == 'checkout' and len(args) != 5:
print("Error: impoper number of args for checkout")
usage()
exit(1)
elif args[1] == 'build' and len(args) != 5:
print("Error: improper number of args for build")
usage()
exit(1)
elif args[1] == 'exploit' and len(args) != 4:
print("Error: improper number of args for exploit")
usage()
exit(1)
elif args[1] == 'run' and len(args) != 5:
print("Error: improper number of args for run")
usage()
exit(1)
elif args[1] == 'info' and len(args) != 4:
print("Error: improper number of args for info")
usage()
exit(1)
elif (args[1] != 'checkout' and args[1] != 'info'
and args[1] != 'exploit' and args[1] != 'build'
and args[1] != 'run'):
print("Unrecognized command {}".format(args[1]))
usage()
exit(1)
# TODO: add checkout-build command to checkout and then build automatically
core.vuls_utils.load_program_info()
if args[1] == 'checkout':
core.checkout.checkout(args[2], args[3], args[4])
elif args[1] == 'exploit':
exploit.exploit(args[2], args[3])
elif args[1] == 'info':
info.print_info(args[2], args[3])
elif args[1] == 'build':
build.build(args[2], args[3], args[4])
elif args[1] == 'run':
run.run(args[2], args[3], args[4])
def control_webapps(target_type, target, webapps, mode):
t_num = globals.get_value("THREADNUM") # 线程数量
thread_poc = [] # 多线程字典,用于添加线程任务
gevent_pool = [] # 协程字段,用于添加协程任务
thread_pool = ThreadPoolExecutor(t_num) # 多线程池数量t_num由选项控制,默认10线程
webapps_identify = [] # 定义目标类型字典,用于目标类型识别并记录,为跑所有poc时进行类型识别
if mode == "poc": # poc漏洞扫描模式
if target_type == "url": # ========================================================= 第一种扫描仅扫描单个URL
output("text", "[*] " + target) # 丢给output模块判断是否输出文件
if webapps is None: # 判断是否进行指纹识别
Identify.start(target, webapps_identify) # 第一种情况需要进行指纹识别
elif r"all" in webapps: # 判断是否扫描所有类型poc
print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify to scan all vulnerabilities"))
webapps_identify.append("all") # 指定扫描所有时,需要将指纹全部指定为all
else:
webapps_identify = webapps # 指定但不是all,也可以指定多个类型,比如-a solr struts2
print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify scan vulnerabilities for: "), end='')
count = 0 # 用于判断类型的数量,一个还是多个
for w_i in webapps_identify:
print(color.cyan(w_i), end=' ')
count += 1
if count % len(webapps_identify) == 0:
print(end='\n')
core.scan_webapps(webapps_identify, thread_poc, thread_pool, gevent_pool, target) # 调用scan开始扫描
joinall(gevent_pool) # 运行协程池
wait(thread_poc, return_when=ALL_COMPLETED) # 等待所有多线程任务运行完
print(now.timed(de=0) + color.yel_info() + color.yellow(" Scan completed and ended "))
elif target_type == "file": # ========================= 第二种扫描情况,批量扫描文件不指定webapps时需要做指纹识别
count_line = -1 # 用于判断行数
count_null = 0
for line in open(target).readlines(): # 判断文件里有多少空行
line = line.strip() # 读取目标时过滤杂质
if line == "":
count_null += 1
for count_line, line in enumerate(open(target, 'rU')): # 判断文件的行数
pass
count_line += 1 # 行数加1
target_num = count_line - count_null
now_num = 0 # 当前数量
target_list = [] # 批量扫描需要读取的字典
with open(target, 'r') as _: # 打开目标文件
for line in _: # 用for循环读取文件
line = line.strip() # 过滤杂质
if line: # 判断是否结束
target_list.append(line) # 读取到的目标加入字典准备扫描
now_num += 1 # 读取到之后当前数量+1
furl = line
furl = url_check(furl) # url格式检测
output("text", "[*] " + furl) # 丢给output模块判断是否输出文件
if survival_check(furl) == "f": # 如果存活检测失败就跳过
print(now.timed(de=0) + color.red_warn() + color.red(
" Current:[" + str(now_num) + "] Total:[" + str(
target_num) + "] Survival check failed: " + furl))
continue
else: # 存活不失败就正常显示
print(now.timed(de=0) + color.yel_info() + color.yellow(
" Current:[" + str(now_num) + "] Total:[" + str(
target_num) + "] Scanning target: " + furl))
if webapps is None: # 判断是否要进行指纹识别
webapps_identify.clear() # 可能跟单个url冲突需要清理字典
Identify.start(furl, webapps_identify) # 识别指纹
# print(webapps_identify)
elif r"all" in webapps: # 不识别指纹运行所有
print(now.timed(de=0) + color.yel_info() + color.yellow(
" Specify to scan all vulnerabilities"))
webapps_identify.append("all")
else:
webapps_identify = webapps
print(now.timed(de=0) + color.yel_info() + color.yellow(
" Specify scan vulnerabilities for: "),
end='')
count = 0
for w_i in webapps_identify:
print(color.cyan(w_i), end=' ')
count += 1
if count % len(webapps_identify) == 0:
print(end='\n')
core.scan_webapps(webapps_identify, thread_poc, thread_pool, gevent_pool, furl) # 开扫
joinall(gevent_pool) # 运行协程池
wait(thread_poc, return_when=ALL_COMPLETED) # 等待所有多线程任务运行完
print(now.timed(de=0) + color.yel_info() + color.yellow(" Scan completed and ended "))
elif target_type == "fofa" or target_type == "shodan": # ======================================================= 第三种调用fofa api
total = len(target) # fofa api的总数,不出意外100个
if webapps is not None:
if r"all" in webapps: # 不识别直接扫描所有类型
print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify to scan all vulnerabilities"))
webapps_identify.append("all")
else:
webapps_identify = webapps # 扫描指定的类型
print(now.timed(de=0) + color.yel_info() + color.yellow(" Specify scan vulnerabilities for: "), end='')
count = 0
for w_i in webapps_identify:
print(color.cyan(w_i), end=' ')
count += 1
if count % len(webapps_identify) == 0:
print(end='\n')
now_num = 0 # 当前第几个
for f_target in target:
fofa_target = url_check(f_target)
output("text", "[*] " + fofa_target) # 丢给output模块判断是否输出文件
now_num += 1
if survival_check(fofa_target) == "f":
print(now.timed(de=0) + color.red_warn() + color.red(
" Current:[" + str(now_num) + "] Total:[" + str(
total) + "] Survival check failed: " + fofa_target))
continue
else:
print(now.timed(de=0) + color.yel_info() + color.yellow(
" Current:[" + str(now_num) + "] Total:[" + str(
total) + "] Scanning target: " + fofa_target))
if webapps is None: # 需要指纹识别
Identify.start(target, webapps_identify) # 是否需要进行指纹识别
core.scan_webapps(webapps_identify, thread_poc, thread_pool, gevent_pool, fofa_target)
joinall(gevent_pool) # 运行协程池
wait(thread_poc, return_when=ALL_COMPLETED) # 等待所有多线程任务运行完
print(now.timed(de=0) + color.yel_info() + color.yellow(" Scan completed and ended "))
elif mode == "exp": # 漏洞利用
vul_num = webapps
exploit(target, vul_num) # 调用core中的exploit