def verify_poc(scan_data):
plugin_name = scan_data['plugin_name']
plugin_filename = scan_data['plugin_filename']
target = scan_data['target']
info = {"pocname": plugin_name,
"pocstring": open(plugin_filename, 'r').read(),
"mode": 'verify'
}
try:
invoker = Cannon(target, info)
result = invoker.run()
if result[-3][0] == 1:
scan_result = {
"plugin_filename": scan_data['plugin_filename'],
"plugin_name": scan_data['plugin_name'],
"plugin_id": scan_data['plugin_id'],
"plugin_type": scan_data['plugin_type'],
"plugin_app": scan_data['plugin_app'],
"plugin_version": scan_data['plugin_version'],
"target": scan_data['target'],
"task_id": scan_data['task_id'],
"task_name": scan_data['task_name'],
"scan_result": result[-1],
"date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
"tag": ""
}
connectiondb(vul_db).insert(scan_result)
except Exception as e:
raise e
def config():
connectiondb(config_db).drop()
subdomain_dict = []
subdomain_dict_path = os.getcwd() + '/tests/domain.dict'
try:
with open(subdomain_dict_path) as file_read:
for i in file_read:
subdomain_dict.append(i.strip())
except Exception as e:
print(e)
subdomain_dict = ['www', 'mail', 'test']
config_data = {
'poc_thread': 50,
'discovery_thread': 52,
'subdomain_thread': 53,
'port_thread': 54,
'config_name': config_name,
'poc_frequency': 15,
'port_list': [20, 21, 22, 23, 80, 81, 443, 445, 544, 873, 1080, 1433, 1434, 1521, 2100, 3306, 3389, 4440, 5671,
5672, 5900, 5984, 6379, 7001, 8080, 8081, 8089, 8888, 9090, 9200, 11211, 15672, 27017, 50070],
'subdomain_dict_2': subdomain_dict,
'subdomain_dict_3': ['www', 'mail', 'test'],
'username_dict': ['admin', 'root', 'administrators'],
'password_dict': ['123456', 'password', '12345678', 'admin', 'admin123'],
'auth_tester_thread': 100,
'discovery_time': "11:00:00"
}
connectiondb(config_db).insert_one(config_data)
def multi_brute(self):
data_save = []
result = []
self.resolver_ip = self.resolver_check()
pool = Pool(processes=self.thread)
for sub_domain in self.domain_handle():
result.append(pool.apply_async(resolution, (sub_domain, )))
pool.close()
pool.join()
for res in result:
self.result = res.get()
for subdomain in self.result:
if self.result[subdomain] != self.resolver_ip:
data = {
"subdomain": subdomain,
"domain": self.domain,
"domain_id": self.domain_id,
"date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
"result": self.result[subdomain],
"title": '',
}
data_save.append(data)
try:
if data_save:
connectiondb(subdomain_db).insert_many(data_save, ordered=True)
except Exception as e:
print("[!] %s Saved result error: %s" %
(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), e))
print("[*] %s %s Brute Done" %
(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.domain))
def multi_brute(self):
start_date = datetime.now()
self.resolver_ip = self.resolver_check()
pool = Pool(processes=self.thread)
result = []
for sub_domain in self.domain_handle():
result.append(pool.apply_async(resolution, (sub_domain,)))
pool.close()
pool.join()
for res in result:
self.result = res.get()
for subdomain in self.result:
if self.result[subdomain] != self.resolver_ip:
data = {
"subdomain": subdomain,
"domain": self.domain,
"domain_id": self.domain_id,
"date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
"result": self.result[subdomain],
"title": '',
}
lock.acquire()
try:
connectiondb(subdomain_db).insert_one(data)
# print(self.result, var)
except Exception as e:
print("save_db error", e)
lock.release()
scan_time = datetime.now() - start_date
print("++++++++++ Scan Done! ++++++++++", scan_time.total_seconds())
def verify_poc(scan_data):
plugin_name = scan_data['plugin_name']
plugin_filename = scan_data['plugin_filename']
target = scan_data['target']
info = {
"pocname": plugin_name,
"pocstring": open(plugin_filename, 'r').read(),
"mode": 'verify'
}
try:
invoker = Cannon(target, info)
result = invoker.run()
if result[-3][0] == 1:
scan_result = {
"plugin_filename": scan_data['plugin_filename'],
"plugin_name": scan_data['plugin_name'],
"plugin_id": scan_data['plugin_id'],
"plugin_type": scan_data['plugin_type'],
"plugin_app": scan_data['plugin_app'],
"plugin_version": scan_data['plugin_version'],
"target": scan_data['target'],
"task_id": scan_data['task_id'],
"task_name": scan_data['task_name'],
"scan_result": result[-1],
"date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
"tag": ""
}
connectiondb(vul_db).insert(scan_result)
except Exception as e:
raise e
def start_scan(self):
tmp_result = []
args = self.args
connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": {"status": "Processing"}})
for service in self.service_list:
# Filter online host
pool_a = Pool(processes=self.processes)
args_check = self._args_parse(service, 'check')
for args in args_check:
tmp_result.append(pool_a.apply_async(host_check, (args,)))
pool_a.close()
pool_a.join()
for res_a in tmp_result:
if res_a.get():
self.online_target.append(res_a.get())
# start crack
pool_b = Pool(processes=self.processes)
args_crack = self._args_parse(service, 'crack')
for args in args_crack:
self.result.append(pool_b.apply_async(hydra_scanner, (args,)))
pool_b.close()
pool_b.join()
self.online_target = []
for res_b in self.result:
if res_b.get():
target = res_b.get()['target']
service = res_b.get()['service']
username = res_b.get()['username']
password = res_b.get()['password']
self.save_result(target, service, username, password)
connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": {
"status": "Completed",
"week_count": self.week_count,
}})
def multi_brute(self):
start_date = datetime.now()
self.resolver_ip = self.resolver_check()
pool = Pool(processes=self.thread)
result = []
for sub_domain in self.domain_handle():
result.append(pool.apply_async(resolution, (sub_domain, )))
pool.close()
pool.join()
for res in result:
self.result = res.get()
for subdomain in self.result:
if self.result[subdomain] != self.resolver_ip:
data = {
"subdomain": subdomain,
"domain": self.domain,
"domain_id": self.domain_id,
"date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
"result": self.result[subdomain],
"title": '',
}
lock.acquire()
try:
connectiondb(subdomain_db).insert_one(data)
# print(self.result, var)
except Exception as e:
print("save_db error", e)
lock.release()
scan_time = datetime.now() - start_date
print("++++++++++ Scan Done! ++++++++++", scan_time.total_seconds())
def __init__(self, task_id):
self.task_id = task_id
self.tasks_db_cursor = connectiondb(tasks_db).find_one({"_id": self.task_id})
self.target_list = parse_target(self.tasks_db_cursor['scan_target'])
self.plugin_id_list = self.tasks_db_cursor['plugin_id']
self.result_tmp = []
self.result = []
self.processes = connectiondb(config_db).find_one({"config_name": config_name})['poc_thread']
def __init__(self, asset_id):
self.asset_id = asset_id
self.result_tmp = []
self.result = []
self.port_list = connectiondb(config_db).find_one({"config_name": config_name})['port_list']
self.processes = connectiondb(config_db).find_one({"config_name": config_name})['discovery_thread']
self.asset_name = connectiondb(asset_db).find_one({"_id": self.asset_id})['asset_name']
self.host_list = parse_target(connectiondb(asset_db).find_one({"_id": self.asset_id})['asset_host'])
def start_scan(self):
connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": {"status": "Processing"}})
# start host check
tmp_result = []
check_time = datetime.now()
print("[*] %s %s Service Check..." % (check_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
for service in self.service_list:
# Filter online host
pool_a = Pool(processes=self.processes)
for target in self.target_list:
tmp_result.append(pool_a.apply_async(service_check, (target, service, self.args)))
pool_a.close()
pool_a.join()
for res_a in tmp_result:
if res_a.get():
target = res_a.get()['target']
check_res = res_a.get()['result']
if check_res:
username = check_res['username']
password = check_res['password']
if not username:
username = "******"
if not password:
password = "******"
self.save_result(target, service, username, password)
else:
self.online_target.append(target)
self.check_result[service] = self.online_target
self.online_target = []
tmp_result = []
check_end_time = datetime.now()
print("[*] %s %s Service Check Done..." % (check_end_time.strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
print("[*] %s Service check used time: %ss" % (self.task_name, (check_end_time - check_time).seconds))
# start crack
print("[*] %s %s Crack Start..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
pool_b = Pool(processes=self.processes)
for service, target_list in self.check_result.items():
# print(service, target_list)
self.result.append(pool_b.apply_async(hydra_scanner, (target_list, service, self.username_list,
self.password_list, self.args)))
pool_b.close()
pool_b.join()
print("[*] %s %s Crack Done..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
for res_b in self.result:
if res_b.get():
for i in res_b.get():
target = i['target']
service = i['service']
username = i['username']
password = i['password']
self.save_result(target, service, username, password)
print("[*] %s Crack used time: %ss" % (self.task_name, (datetime.now() - check_time).seconds))
print("[*] %s %s Saving result..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": {
"status": "Completed",
"week_count": self.week_count,
}})
print("[*] %s %s Save result done..." % (datetime.now().strftime("%Y-%m-%d %H:%M:%S"), self.task_name))
def __init__(self, task_id):
self.task_id = task_id
self.tasks_db_cursor = connectiondb(tasks_db).find_one(
{"_id": self.task_id})
self.target_list = parse_target(self.tasks_db_cursor['scan_target'])
self.plugin_id_list = self.tasks_db_cursor['plugin_id']
self.result_tmp = []
self.result = []
self.processes = connectiondb(config_db).find_one(
{"config_name": config_name})['poc_thread']
def port_result(self):
self.result.append(self.scan().command_line())
for i in self.scan().csv().split('\r\n'):
self.result.append(i)
self.result.pop(1)
connectiondb(port_db).update_one({"_id": self.scan_id}, {'$set': {
'status': 'Done',
'detail': self.result
}})
return self.result
def save_result(self):
if connectiondb(server_db).find_one({"asset_id": self.asset_id}):
connectiondb(server_db).update({"asset_id": self.asset_id}, {"$set": {"tag": "delete"}}, multi=True)
for res in self.result:
res['asset_name'] = self.asset_name
res['asset_id'] = self.asset_id
res['tag'] = ""
res['date'] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
connectiondb(server_db).insert(res, check_keys=False)
print(self.asset_id, "Discovery done...")
def __init__(self, domain, domain_id):
self.domain = domain
self.domain_id = domain_id
self.sub_domain = []
self.third_domain = connectiondb(domain_db).find_one({"_id": domain_id})['third_domain']
self.resolver_ip = ''
self.result = ''
self.thread = int(connectiondb(config_db).find_one({"config_name": config_name})['subdomain_thread'])
self.subdomain_dict_2 = connectiondb(config_db).find_one({"config_name": config_name})['subdomain_dict_2']
self.subdomain_dict_3 = connectiondb(config_db).find_one({"config_name": config_name})['subdomain_dict_3']
self.random_subdomain = ''.join(sample(digits + ascii_lowercase, 10)) + '.' + domain
def start_domain_brute(domain, domain_id):
connectiondb(domain_db).update_one({"_id": domain_id}, {"$set": {
"status": "Running"
}})
for i in domain:
start_brute = DomainBrute(i, domain_id)
start_brute.multi_brute()
connectiondb(domain_db).update_one({"_id": domain_id}, {"$set": {
"status": "Done"
}})
get_domain_title(domain_id)
def start_loop_scan(self):
connectiondb(weekpasswd_db).update({"task_id": self.task_id}, {"$set": {"tag": "delete"}}, multi=True)
connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": {
"status": "Queued",
"date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
"week_count": 0,
}})
scanner = AuthCrack(self.task_id)
if scanner:
t1 = Thread(target=scanner.start_scan, args=())
t1.start()
return True
def start_loop_scan(self):
connectiondb(weekpasswd_db).update({"task_id": self.task_id}, {"$set": {"tag": "delete"}}, multi=True)
connectiondb(auth_db).update_one({"_id": self.task_id}, {"$set": {
"status": "Queued",
"date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
"week_count": 0,
}})
scanner = AuthCrack(self.task_id)
if scanner:
t1 = Thread(target=scanner.start_scan, args=())
t1.start()
return True
def port_result(self):
self.result.append(self.scan().command_line())
for i in self.scan().csv().split('\r\n'):
self.result.append(i)
self.result.pop(1)
connectiondb(port_db).update_one(
{"_id": self.scan_id},
{'$set': {
'status': 'Done',
'detail': self.result
}})
return self.result
def save_result(self, target, service, username, password):
data = {
"target": target,
"service": service,
"username": username,
"password": password,
"date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
"task_id": self.task_id,
"task_name": self.task_name,
"tag": ""
}
self.week_count += 1
connectiondb(weekpasswd_db).insert_one(data)
def save_result(self, target, service, username, password):
data = {
"target": target,
"service": service,
"username": username,
"password": password,
"date": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
"task_id": self.task_id,
"task_name": self.task_name,
"tag": ""
}
self.week_count += 1
connectiondb(weekpasswd_db).insert_one(data)
def __init__(self, asset_id):
self.asset_id = asset_id
self.result_tmp = []
self.result = []
self.port_list = connectiondb(config_db).find_one(
{"config_name": config_name})['port_list']
self.processes = connectiondb(config_db).find_one(
{"config_name": config_name})['discovery_thread']
self.asset_name = connectiondb(asset_db).find_one(
{"_id": self.asset_id})['asset_name']
self.host_list = parse_target(
connectiondb(asset_db).find_one({"_id":
self.asset_id})['asset_host'])
def local_install():
print("[*]Processing...")
connectiondb(plugin_db).drop()
path = os.getcwd() + '/pocsuite_plugin/'
files = os.listdir(path)
for file_name in files:
plugin_info = parse_plugin(path + file_name.strip())
if plugin_info is None:
pass
else:
db_insert = connectiondb(plugin_db).insert_one(
plugin_info).inserted_id
print("[*]Processing Completed!")
def start_domain_brute(domain, domain_id):
connectiondb(domain_db).update_one({"_id": domain_id},
{"$set": {
"status": "Running"
}})
for i in domain:
start_brute = DomainBrute(i, domain_id)
start_brute.multi_brute()
connectiondb(domain_db).update_one({"_id": domain_id},
{"$set": {
"status": "Done"
}})
get_domain_title(domain_id)
def config():
subdomain_dict = []
subdomain_dict_path = os.getcwd() + '/tests/domain.dict'
try:
with open(subdomain_dict_path) as file_read:
for i in file_read:
subdomain_dict.append(i.strip())
except Exception as e:
print(e)
subdomain_dict = ['www', 'mail', 'test']
if not connectiondb(config_db).find_one({"config_name": config_name}):
config_data = {
'poc_thread':
50,
'discovery_thread':
50,
'subdomain_thread':
50,
'port_thread':
50,
'config_name':
config_name,
'poc_frequency':
15,
'port_list': [
20, 21, 22, 23, 80, 81, 443, 445, 544, 873, 1080, 1433, 1434,
1521, 2100, 3306, 3389, 4440, 5671, 5672, 5900, 5984, 6379,
7001, 8080, 8081, 8089, 8888, 9090, 9200, 11211, 15672, 27017,
50070
],
'subdomain_dict_2':
subdomain_dict,
'subdomain_dict_3': ['www', 'mail', 'test'],
'username_dict': ['admin', 'root', 'administrators'],
'password_dict':
['123456', 'password', '12345678', 'admin', 'admin123'],
'auth_tester_thread':
50,
'discovery_time':
"10:30:00",
'auth_service': [
'asterisk', 'cisco', 'cisco-enable', 'cvs', 'firebird', 'ftp',
'ftps', 'http-proxy', 'http-proxy-urlenum', 'icq', 'imap',
'irc', 'ldap2', 'mssql', 'mysql', 'nntp', 'oracle-listener',
'oracle-sid', 'pcanywhere', 'pcnfs', 'pop3', 'postgres', 'rdp',
'redis', 'rexec', 'rlogin', 'rsh', 's7-300', 'sip', 'smb',
'smtp', 'smtp-enum', 'snmp', 'socks5', 'ssh', 'sshkey', 'svn',
'teamspeak', 'telnet', 'vmauthd', 'vnc', 'xmpp'
],
}
connectiondb(config_db).insert_one(config_data)
def set_scanner(self):
connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, {'$set': {'task_status': 'Processing'}})
if connectiondb(vul_db).find_one({"task_id": self.task_id}):
connectiondb(vul_db).update({'task_id': self.task_id}, {"$set": {"tag": "delete"}}, multi=True)
pool_scanner = Pool(processes=self.processes)
for target in self.target_list:
for plugin_id in self.plugin_id_list:
plugin_cursor = connectiondb(plugin_db).find_one({"_id": ObjectId(plugin_id)})
scan_data = {
"plugin_filename": plugin_cursor['plugin_filename'].encode("UTF-8"),
"plugin_name": plugin_cursor['plugin_name'].encode("UTF-8"),
"plugin_id": plugin_cursor['_id'],
"plugin_type": plugin_cursor['plugin_type'],
"plugin_app": plugin_cursor['plugin_app'],
"plugin_version": plugin_cursor['plugin_version'],
"target": target,
"task_id": self.task_id,
"task_name": self.tasks_db_cursor['task_name'],
}
pool_scanner.apply_async(verify_poc, (scan_data,))
pool_scanner.close()
pool_scanner.join()
connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, {
'$set': {
'task_status': 'Completed',
'end_date': time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
}
})
def start_scan(self):
tmp_result = []
args = self.args
connectiondb(auth_db).update_one({"_id": self.task_id},
{"$set": {
"status": "Processing"
}})
for service in self.service_list:
# Filter online host
pool_a = Pool(processes=self.processes)
args_check = self._args_parse(service, 'check')
for args in args_check:
tmp_result.append(pool_a.apply_async(host_check, (args, )))
pool_a.close()
pool_a.join()
for res_a in tmp_result:
if res_a.get():
target = res_a.get()['target']
check_res = res_a.get()['result']
if check_res:
username = check_res['username']
password = check_res['password']
if not username:
username = "******"
if not password:
password = "******"
self.save_result(target, service, username, password)
else:
self.online_target.append(target)
# start crack
pool_b = Pool(processes=self.processes)
args_crack = self._args_parse(service, 'crack')
for args in args_crack:
self.result.append(pool_b.apply_async(hydra_scanner, (args, )))
pool_b.close()
pool_b.join()
self.online_target = []
for res_b in self.result:
if res_b.get():
target = res_b.get()['target']
service = res_b.get()['service']
username = res_b.get()['username']
password = res_b.get()['password']
self.save_result(target, service, username, password)
connectiondb(auth_db).update_one(
{"_id": self.task_id},
{"$set": {
"status": "Completed",
"week_count": self.week_count,
}})
def save_result(self):
if connectiondb(server_db).find_one({"asset_id": self.asset_id}):
connectiondb(server_db).update({"asset_id": self.asset_id},
{"$set": {
"tag": "delete"
}},
multi=True)
for res in self.result:
res['asset_name'] = self.asset_name
res['asset_id'] = self.asset_id
res['tag'] = ""
res['date'] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
connectiondb(server_db).insert(res, check_keys=False)
print(self.asset_id, "Discovery done...")
def __init__(self, task_id):
self.task_id = task_id
self.db_cursor = connectiondb(auth_db).find_one({"_id": self.task_id})
self.processes = connectiondb(config_db).find_one({"config_name": config_name})['auth_tester_thread']
self.task_name = self.db_cursor['task_name']
self.username_list = self.db_cursor['username']
self.password_list = self.db_cursor['password']
self.target_list = parse_target(self.db_cursor['target'])
self.online_target = []
self.service_list = self.db_cursor['service']
self.args = self.db_cursor['args']
self.result_pool = []
self.result = []
self.week_count = 0
def __init__(self, task_id):
self.task_id = task_id
self.db_cursor = connectiondb(auth_db).find_one({"_id": self.task_id})
self.processes = connectiondb(config_db).find_one(
{"config_name": config_name})['auth_tester_thread']
self.task_name = self.db_cursor['task_name']
self.username_list = self.db_cursor['username']
self.password_list = self.db_cursor['password']
self.target_list = parse_target(self.db_cursor['target'])
self.online_target = []
self.service_list = self.db_cursor['service']
self.args = self.db_cursor['args']
self.result_pool = []
self.result = []
self.week_count = 0
def save_result(self):
if connectiondb(server_db).find_one({"asset_id": self.asset_id}):
connectiondb(server_db).update({"asset_id": self.asset_id},
{"$set": {
"tag": "delete"
}},
multi=True)
for res in self.result:
res['asset_name'] = self.asset_name
res['asset_id'] = self.asset_id
res['tag'] = ""
res['date'] = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
try:
connectiondb(server_db).insert_one(res)
except Exception as e:
print("[!] Save discovery result error %s" % e)
def get_domain_title(domain_id):
pool = Pool(processes=50)
result = []
for i in connectiondb(subdomain_db).find({"domain_id": domain_id}):
result.append(pool.apply_async(get_title, (i['subdomain'], i['_id'])))
pool.close()
pool.join()
for res in result:
lock.acquire()
try:
connectiondb(subdomain_db).update_one({"_id": res.get()["_id"]}, {"$set": {
"title": res.get()['title']
}})
except Exception as e:
print("update title error", e)
lock.release()
def _get_task(self):
for task_info in connectiondb(auth_db).find():
self.recursion = task_info['recursion']
self.status = task_info['status']
self.scan_date = task_info['date']
self.task_id = task_info['_id']
start_date = datetime.strptime(self.scan_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.now() - start_date).total_seconds()
if self.recursion == 0:
pass
# every day
elif self.recursion == 1 and "Completed" in self.status:
if plan_time > 60 * 60 * 24 * 1:
if self.start_loop_scan():
print(
"[*] Every Day Task Start...",
time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime()))
# every week
elif self.recursion == 7 and "Completed" in self.status:
if plan_time > 60 * 60 * 24 * 7:
if self.start_loop_scan():
print(
"[*] Every Week Task Start...",
time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime()))
# every month
elif self.recursion == 30 and "Completed" in self.status:
if plan_time > 60 * 60 * 24 * 30:
if self.start_loop_scan():
print(
"[*] Every Month Task Start...",
time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime()))
def _get_task(self):
for task_info in connectiondb(auth_db).find():
self.recursion = task_info['recursion']
self.status = task_info['status']
self.scan_date = task_info['date']
self.task_id = task_info['_id']
start_date = datetime.strptime(self.scan_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.now() - start_date).total_seconds()
if self.recursion == 0:
pass
# every day
elif self.recursion == 1 and "Completed" in self.status:
if plan_time > 60 * 60 * 24 * 1:
if self.start_loop_scan():
print("[*] Every Day Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
# every week
elif self.recursion == 7 and "Completed" in self.status:
if plan_time > 60 * 60 * 24 * 7:
if self.start_loop_scan():
print("[*] Every Week Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
# every month
elif self.recursion == 30 and "Completed" in self.status:
if plan_time > 60 * 60 * 24 * 30:
if self.start_loop_scan():
print("[*] Every Month Task Start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()))
def __init__(self, target_list, username_list, password_list, plugin):
self.target_list = target_list
self.username_list = username_list
self.password_list = password_list
self.plugin = plugin
self.result = []
self.result_tmp = []
self.processes = connectiondb(config_db).find_one({"config_name": config_name})['auth_tester_thread']
def __init__(self, target_list, password_list):
self.target_list = target_list
self.password_list = password_list
self.redis_target = []
self.result_check = []
self.result_auth = []
self.result = []
self.processes = connectiondb(config_db).find_one({"config_name": config_name})['auth_tester_thread']
def __init__(self, domain, domain_id):
self.domain = domain
self.domain_id = domain_id
self.sub_domain = []
self.third_domain = connectiondb(domain_db).find_one(
{"_id": domain_id})['third_domain']
self.resolver_ip = ''
self.result = ''
self.thread = int(
connectiondb(config_db).find_one({"config_name": config_name
})['subdomain_thread'])
self.subdomain_dict_2 = connectiondb(config_db).find_one(
{"config_name": config_name})['subdomain_dict_2']
self.subdomain_dict_3 = connectiondb(config_db).find_one(
{"config_name": config_name})['subdomain_dict_3']
self.random_subdomain = ''.join(sample(digits + ascii_lowercase,
10)) + '.' + domain
def get_domain_title(domain_id):
pool = Pool(processes=50)
result = []
for i in connectiondb(subdomain_db).find({"domain_id": domain_id}):
result.append(pool.apply_async(get_title, (i['subdomain'], i['_id'])))
pool.close()
pool.join()
for res in result:
lock.acquire()
try:
connectiondb(subdomain_db).update_one(
{"_id": res.get()["_id"]},
{"$set": {
"title": res.get()['title']
}})
except Exception as e:
print("update title error", e)
lock.release()
def __init__(self, domain, domain_id):
print("[*] %s %s Brute Start" %
(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), domain))
self.domain = domain
self.domain_id = domain_id
self.sub_domain = []
self.third_domain = connectiondb(domain_db).find_one(
{"_id": domain_id})['third_domain']
self.resolver_ip = ''
self.result = ''
self.thread = int(
connectiondb(config_db).find_one({"config_name": config_name
})['subdomain_thread'])
self.subdomain_dict_2 = connectiondb(config_db).find_one(
{"config_name": config_name})['subdomain_dict_2']
self.subdomain_dict_3 = connectiondb(config_db).find_one(
{"config_name": config_name})['subdomain_dict_3']
self.random_subdomain = ''.join(sample(digits + ascii_lowercase,
10)) + '.' + domain
def start_scan(self):
connectiondb(auth_db).update_one({"_id": self.task_id},
{"$set": {
"status": "Processing"
}})
if self.plugin == "Redis Auth":
scanner = redis_plugin.RedisPlugin(self.target_list,
self.password_list)
self.result = scanner.redis_scan()
for i in self.result:
self.save_result(i['target'], i['username'], i['password'])
elif self.plugin == "Basic Auth":
scanner = http_plugin.HttpPlugin(self.target_list,
self.username_list,
self.password_list, self.plugin)
self.result = scanner.http_scan()
for i in self.result:
self.save_result(i['target'], i['username'], i['password'])
elif self.plugin == "SSH Auth":
scanner = ssh_plugin.SSHPlugin(self.target_list,
self.username_list,
self.password_list)
self.result = scanner.ssh_scan()
for i in self.result:
self.save_result(i['target'], i['username'], i['password'])
elif self.plugin == "MySQL Auth":
scanner = mysql_plugin.MySQLPlugin(self.target_list,
self.username_list,
self.password_list)
self.result = scanner.mysql_scan()
for i in self.result:
self.save_result(i['target'], i['username'], i['password'])
connectiondb(auth_db).update_one(
{"_id": self.task_id},
{"$set": {
"status": "Completed",
"week_count": self.week_count
}})
def start_domain_brute(domain_list, domain_id):
time_start = datetime.now()
print("[*] %s Domain Brute start %s" %
(time_start.strftime("%Y-%m-%d %H:%M:%S"), domain_id))
connectiondb(domain_db).update_one({"_id": domain_id},
{"$set": {
"status": "Running"
}})
for domain in domain_list:
start_brute = DomainBrute(domain, domain_id)
start_brute.multi_brute()
connectiondb(domain_db).update_one({"_id": domain_id},
{"$set": {
"status": "Done"
}})
time_end = datetime.now()
print("[*] %s Domain Brute Done %s" %
(time_end.strftime("%Y-%m-%d %H:%M:%S"), domain_id))
print("[*] %s Used Time: %s" % (time_end.strftime("%Y-%m-%d %H:%M:%S"),
(time_end - time_start).seconds))
get_domain_title(domain_id)
def _get_task(self):
print("Discovery scheduler success")
for asset_info in connectiondb(asset_db).find():
self.discover_option = asset_info['discover_option']
if self.discover_option == "Enable":
self.asset_id = asset_info['_id']
try:
AssetDiscovery(self.asset_id).set_discovery()
except Exception as e:
print(e)
return e
print("Discovery scheduler done")
def _get_task(self):
print("Discovery scheduler success")
for asset_info in connectiondb(asset_db).find():
self.discover_option = asset_info['discover_option']
if self.discover_option == "Enable":
self.asset_id = asset_info['_id']
try:
AssetDiscovery(self.asset_id).set_discovery()
except Exception as e:
print(e)
return e
print("Discovery scheduler done")
def set_scanner(self):
connectiondb(tasks_db).update_one(
{'_id': ObjectId(self.task_id)},
{'$set': {
'task_status': 'Processing'
}})
if connectiondb(vul_db).find_one({"task_id": self.task_id}):
connectiondb(vul_db).update({'task_id': self.task_id},
{"$set": {
"tag": "delete"
}},
multi=True)
pool_scanner = Pool(processes=self.processes)
for target in self.target_list:
for plugin_id in self.plugin_id_list:
plugin_cursor = connectiondb(plugin_db).find_one(
{"_id": ObjectId(plugin_id)})
scan_data = {
"plugin_filename":
plugin_cursor['plugin_filename'].encode("UTF-8"),
"plugin_name":
plugin_cursor['plugin_name'].encode("UTF-8"),
"plugin_id":
plugin_cursor['_id'],
"plugin_type":
plugin_cursor['plugin_type'],
"plugin_app":
plugin_cursor['plugin_app'],
"plugin_version":
plugin_cursor['plugin_version'],
"target":
target,
"task_id":
self.task_id,
"task_name":
self.tasks_db_cursor['task_name'],
}
pool_scanner.apply_async(verify_poc, (scan_data, ))
pool_scanner.close()
pool_scanner.join()
connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, {
'$set': {
'task_status': 'Completed',
'end_date': time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime())
}
})
def _get_task(self):
# while thread_lock:
for task_info in connectiondb(tasks_db).find():
self.recursion = int(task_info['task_recursion'])
self.task_id = task_info['_id']
self.status = task_info['task_status']
self.end_date = task_info['end_date']
if self.recursion == 0:
pass
# every day task
if self.recursion == 1:
if "Processing" in self.status:
pass
else:
start_date = datetime.datetime.strptime(
self.end_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.datetime.now() -
start_date).total_seconds()
if plan_time > 60 * 60 * 24:
print("Every day recursion start......")
scanner = PocsuiteScanner(self.task_id)
scanner.set_scanner()
# every week task
elif self.recursion == 7:
if "Processing" in self.status:
pass
else:
start_date = datetime.datetime.strptime(
self.end_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.datetime.now() -
start_date).total_seconds()
if plan_time > 60 * 60 * 24 * 7:
print("Every week start...")
scanner = PocsuiteScanner(self.task_id)
scanner.set_scanner()
# every month task
elif self.recursion == 30:
if "Processing" in self.status:
pass
else:
start_date = datetime.datetime.strptime(
self.end_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.datetime.now() -
start_date).total_seconds()
if plan_time > 60 * 60 * 24 * 30:
print("Every month start...")
scanner = PocsuiteScanner(self.task_id)
scanner.set_scanner()
def _get_task(self):
# while thread_lock:
for task_info in connectiondb(tasks_db).find():
self.recursion = int(task_info['task_recursion'])
self.task_id = task_info['_id']
self.status = task_info['task_status']
self.end_date = task_info['end_date']
if self.recursion == 0:
pass
# every day task
if self.recursion == 1:
if "Processing" in self.status:
pass
else:
start_date = datetime.datetime.strptime(self.end_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.datetime.now() - start_date).total_seconds()
if plan_time > 60 * 60 * 24:
print("Every day recursion start......")
scanner = PocsuiteScanner(self.task_id)
scanner.set_scanner()
# every week task
elif self.recursion == 7:
if "Processing" in self.status:
pass
else:
start_date = datetime.datetime.strptime(self.end_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.datetime.now() - start_date).total_seconds()
if plan_time > 60 * 60 * 24 * 7:
print("Every week start...")
scanner = PocsuiteScanner(self.task_id)
scanner.set_scanner()
# every month task
elif self.recursion == 30:
if "Processing" in self.status:
pass
else:
start_date = datetime.datetime.strptime(self.end_date, "%Y-%m-%d %H:%M:%S")
plan_time = (datetime.datetime.now() - start_date).total_seconds()
if plan_time > 60 * 60 * 24 * 30:
print("Every month start...")
scanner = PocsuiteScanner(self.task_id)
scanner.set_scanner()
def acunetix_view():
# scanner view
if request.method == "GET":
acunetix_task = connectiondb(acunetix_db).find()
return render_template('acunetix-scanner.html', acunetix_task=acunetix_task)
else:
if request.form.get('source') == "new_scan":
target_id = []
task_name = request.form.get('task_name')
target_list = request.form.get('target_addr').split("\n")
scan_type = request.form.get('scan_type')
description_val = request.form.get('description_val')
for target in parse_target(target_list):
target_id.append(AcunetixScanner().start_task(target, description_val, scan_type)['target_id'])
task_data = {
"task_name": task_name,
"target_list": target_list,
"scan_type": scan_type,
"description": description_val,
"status": "",
"target_id": target_id,
"date": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()),
}
connectiondb(acunetix_db).insert(task_data)
# print(new_scan)
return "success"
elif request.form.get('source') == "delete_task":
task_id = request.form.get('delete')
target_id = connectiondb(acunetix_db).find_one({"_id": ObjectId(task_id)})['target_id']
if connectiondb(acunetix_db).remove({"_id": ObjectId(task_id)}):
for t_id in target_id:
AcunetixScanner().delete_target(t_id)
return "success"
else:
return "warning"
elif request.form.get('source') == "download_report":
task_id = request.form.get('task_id')
target_id = connectiondb(acunetix_db).find_one({"_id": ObjectId(task_id)})['target_id']
task_name = connectiondb(acunetix_db).find_one({"_id": ObjectId(task_id)})['task_name']
report_url = AcunetixScanner().reports(target_id, 'targets', task_name)
if report_url:
return jsonify({"html_url": report_url[0], "pdf_url": report_url[1]})
else:
return "warning"
def __init__(self):
self.sche_time = connectiondb(config_db).find_one({"config_name": config_name})['discovery_time'].split(":")
self.asset_id = ''
self.discover_option = ''
def __init__(self):
self.sche_time = connectiondb(config_db).find_one(
{"config_name": config_name})['discovery_time'].split(":")
self.asset_id = ''
self.discover_option = ''
