def portscan(self,target):
'''端口扫描'''
write = bool(self.args.get('write',1))
ping = bool(self.args.get('ping',0))
threads = int(self.args.get('threads',100))
timeout = int(self.args.get('timeout',5))
isfilter = bool(self.args.get('isfilter',0))
ports = self.args.get('port',None)
block = self.args.get('block',[])
logging.info('[portscan][host:%s][port:%s][write:%s][ping:%s][threads:%s][timeout:%s]'%(target,ports,write,ping,threads,timeout))
target = set(gethosts(target))
target = target.difference(set(block))
if isfilter:
H = models.HostResult
hosts = set([(h.host_ip) for h in H.select().where(H.projectid == self.Q.projectid)])
target = target.difference(hosts)
ps = PortScan(
target,
ports = ports,
neping = ping,
threads = threads,
timeout = timeout)
self.writehost(ps.scan())
def payloadverify(self, plug, host):
'''插件验证'''
#logging.info('check %s-%s-%s'%(plug.__class__,host.host,host.port))
filter = bool(self.args.get('filter', 1)) #是否需要过滤、
try:
socket.setdefaulttimeout(360)
if not filter or plug.filter(host):
logging.info(
'filter %s-%s-%s-%s' %
(plug.__class__, host.service, host.host, host.port))
for user, pwd in self.auths if plug.BRUTE else [(None,
'123456')]:
if user:
verify = plug.verify(host, user=user, pwd=pwd)
else:
verify = plug.verify(host, pwd=pwd)
if verify:
logging.warn(
'verify %s-%s-%s-%s-%s' %
(plug.__class__, host.host, host.port, user, pwd))
return self.callback_bug(plug)
except Exception as e:
type, value, tb = sys.exc_info()
e = '\n'.join(set(traceback.format_exception(type, value, tb)))
logging.error(str(e))
def writewebsite(self,w):
logging.info("Writewebsite %s %s %s %s "%(w.status_code,w.host,w.port,w.domain))
r,cd = models.HttpResult.get_or_create(host=w.host,port=w.port)
r.state = w.status_code
r.banner = w.server
r.domain = w.domain
r.xpoweredby= w.xpoweredby
r.title = w.title
r.headers = w.headers
r.content = w.content
r.updatedate= datetime.datetime.now()
r.save()
def addtask(self, Q, cel=True):
name = Q.tasktype.task_name
taskid = str(Q.task_id)
if name: # in self.tasklist.keys():
if cel:
nodeid = Q.tasknode.node_id if Q.tasknode else 'tasks' #没有指定任务节点就随机
task = app.send_task('%s.%s' % (nodeid, name), args=[taskid])
Q.task_pid = task.id
Q.task_code = task.status
Q.save()
else:
logging.info('Runing-Task:[%s]-[%s]' %
(str(Q.tasktype.task_name), str(Q.task_host)))
self.tasklist[name]['handler'](taskid)
def scan(self):
MP = models.Project
MH = models.HostResult
MR = models.PortResult
plug_names = self.args.get('plug', '').split(',')
for plug_name in plug_names:
logging.info('Scan plug name: %s' % plug_name)
hosts = self.target
ret = []
try:
R = MP.get(MP.project_id == hosts)
for H in MH.select().where(MH.projectid == R):
ret.append(str(H.host_ip))
except MP.DoesNotExist:
for H in gethosts(self.target):
ret.append(H)
wret = []
hret = []
for H in ret:
for P in MR.select().join(MH).where(
(MH.host_ip == H) & (MH.projectid == self.Q.projectid)):
if str(P.service_name) == 'http':
hp = 'https' if '443' in str(P.port) else 'http'
url = '%s://%s:%s/' % (hp, str(P.host), str(P.port))
host = BaseWebSite(url)
wret.append(host)
else:
host = BaseHost(str(P.host),
str(P.port),
service=str(P.service_name))
hret.append(host)
ret = []
for plug in PluginsManage.get_plugins(plug_name):
if isinstance(plug, BaseHostPlugin):
for host in hret:
ret.append((plug, host))
elif isinstance(plug, BaseWebPlugin):
for host in wret:
ret.append((plug, host))
pool = CoroutinePool(10)
for plug, host in ret:
pool.spawn(self.payloadverify, plug, host)
pool.join()
def response(self):
self.url = '%s://%s%s'%(
self.scheme,
self.netloc,
'%s?%s'%(self.path,
'&'.join(['%s=%s'%(k,v) for k,v in self.query.items()])) \
if self.query else self.path)
req = self.session.request(self.method,
self.url,
data=self.data,
headers=self.headers,
timeout=self.timeout,
proxies=self.proxies,
verify=False)
#self.session.close()
logging.info('%s %s %s' % (req.status_code, self.method, self.url))
return req
def portscan(self, target):
'''端口扫描'''
write = int(self.args.get('write', 1))
ping = int(self.args.get('ping', 0))
threads = int(self.args.get('threads', 100))
timeout = int(self.args.get('timeout', 5))
ports = self.args.get('port', None)
logging.info(
'[portscan][host:%s][port:%s][write:%s][ping:%s][threads:%s][timeout:%s]'
% (target, ports, write, ping, threads, timeout))
ps = PortScan(target,
ports=ports,
neping=ping,
threads=threads,
timeout=timeout)
self.writehost(ps.scan())
def payloadverify(self, plug, host):
'''插件验证'''
logging.info('check %s-%s-%s' % (plug.__class__, host.host, host.port))
filter = int(self.args.get('filter', 1)) #是否需要过滤、
try:
socket.setdefaulttimeout(360)
if not filter or plug.filter(host):
logging.info('filter %s-%s-%s-%s-%s' %
(plug.__class__, host.host, host.port))
for user, pwd in self.auths if plug.BRUTE else [(None,
'123456')]:
if user:
verify = plug.verify(host, user=user, pwd=pwd)
else:
verify = plug.verify(host, pwd=pwd)
if verify:
logging.warn(
'verify %s-%s-%s-%s-%s' %
(plug.__class__, host.host, host.port, user, pwd))
return self.callback_bug(plug)
except Exception as e:
logging.error(str(e))
