def cmspoc_check(oldurl, cmsurl):
poc_class = pocdb_pocs(cmsurl)
poc_dict = poc_class.cmspocdict
cprint(
">>>CMS漏洞扫描URL: " + cmsurl + "\t可用POC个数[" + str(len(poc_dict)) + "]",
"magenta")
cmspool.map(cmsprint, poc_dict.keys())
print("\r")
results = cmspool.map(cmscheck, poc_dict.values())
cmspool.close()
cmspool.join()
try:
with app.app_context():
for result in results:
vulnerable, bugurl, bugname, payload, bugdetail = result
if vulnerable:
bug = BugList(oldurl=oldurl,
bugurl=bugurl,
bugname=bugname,
buggrade=redispool.hget('bugtype', bugname),
payload=payload,
bugdetail=bugdetail)
db.session.add(bug)
redispool.pfadd(redispool.hget('bugtype', bugname), bugurl)
redispool.pfadd(bugname, bugurl)
db.session.commit()
except Exception as e:
print(e)
pass
def industrial_check(oldurl, industrialurl):
poc_class = pocdb_pocs(industrialurl)
poc_dict = poc_class.industrialpocdict
cprint(
">>>工控漏洞扫描URL: " + industrialurl + "\t可用POC个数[" + str(len(poc_dict)) +
"]", "magenta")
print("\r")
results = []
for value in poc_dict.values():
results.append(value.run())
with app.app_context():
for result in results:
try:
vulnerable, bugurl, bugname, payload, bugdetail = result
if vulnerable:
bug = BugList(oldurl=oldurl,
bugurl=bugurl,
bugname=bugname,
buggrade=redispool.hget('bugtype', bugname),
payload=payload,
bugdetail=bugdetail)
redispool.pfadd(redispool.hget('bugtype', bugname), bugurl)
redispool.pfadd(bugname, bugurl)
db.session.add(bug)
db.session.commit()
except Exception as e:
print(e)
pass
def BugScanConsole(attackurl):
'''
动态调用类方法,减少冗余代码
将存在bug的url存在buglist表中,同时根据漏洞类型的不同,指向bugtype表中对应的漏洞类型
'''
try:
while redispool.scard(attackurl) != 0:
url = redispool.spop(attackurl)
Bug = BugScan(attackurl, url)
with app.app_context():
for value in Bugs:
vulnerable, payload, bugdetail = getattr(Bug, value)()
if vulnerable:
bug = BugList(oldurl=attackurl,
bugurl=url,
bugname=value,
buggrade=redispool.hget(
'bugtype', value),
payload=payload,
bugdetail=bugdetail)
db.session.add(bug)
db.session.commit()
Bug.POCScan()
Bug.WebLogicScan()
# time.sleep(0.5)
except Exception as e:
print(e)
pass
def SenFileScan(domain, url):
"""
敏感文件、目录扫描
字典:dict\SEN_scan.txt
:param domain:
:param
:return:
"""
pools = 20
urlList = []
for i in range(0, redispool.llen("SenScan")):
suffix = redispool.lindex("SenScan", i)
senurl = "{}/{}".format(url, suffix)
urlList.append(senurl)
pool = ThreadPool(pools)
SenFileMessage = pool.map(UrlRequest, urlList)
SenFileMessage2 = ""
pool.close()
pool.join()
url404 = "{}/springbird404page".format(url)
try:
rep404 = requests.get(url404,
headers=core.GetHeaders(),
timeout=3,
verify=False).text
except Exception as e:
print("超时")
rep404 = str(e)
pass
if len(SenFileMessage) != 0:
with app.app_context():
print("Sen file and dir : \n")
for url in SenFileMessage:
try:
if url is None:
continue
rep = requests.get(url,
headers=core.GetHeaders(),
timeout=1,
verify=False)
#添加404界面的判断,避免过多杂乱信息
if not core.is_similar_page(rep404, rep.text, radio=0.85):
print(url)
bug = BugList(oldurl=domain,
bugurl=url,
bugname="SenDir",
buggrade=redispool.hget(
'bugtype', "SenDir"),
payload=url,
bugdetail=rep.text)
SenFileMessage2 += url + "\n"
redispool.pfadd(redispool.hget('bugtype', "SenDir"),
url)
redispool.pfadd("SenDir", url)
db.session.add(bug)
except Exception as e:
# print(e)
pass
db.session.commit()
return SenFileMessage2
def SenFileScan(domain, redispool):
"""
敏感文件、目录扫描
字典:dict\SEN_scan.txt
:param domain:
:param
:return:
"""
pools = 20
urlList = []
for i in range(0, redispool.llen("SenScan")):
url="http://{}/{}".format(domain, redispool.lindex("SenScan", i))
urlList.append(url)
pool = ThreadPool(pools)
SenFileMessage = pool.map(UrlRequest, urlList)
pool.close()
pool.join()
if len(SenFileMessage)!=0:
with app.app_context():
for url in SenFileMessage:
try:
rep = requests.get(url, headers=core.GetHeaders(), timeout=3, verify=False)
bug = BugList(oldurl=domain, bugurl=url, bugname="SenDir",buggrade=redispool.hget('bugtype', "SenDir"),payload=url, bugdetail=rep.text)
db.session.add(bug)
except Exception as e:
print(e)
pass
db.session.commit()
return "\n".join(list(filter(None, SenFileMessage)))
def WebLogicScan(self):
results = WebLogicScan.run(self.domain)
with app.app_context():
for result in results:
vulnerable, bugurl, bugname, bugdetail = result
if vulnerable:
bug = BugList(oldurl=self.domain,
bugurl=bugurl,
bugname=bugname,
buggrade=redispool.hget('bugtype', bugname),
payload=bugurl,
bugdetail=bugdetail)
db.session.add(bug)
db.session.commit()
def POCScanConsole(attackurl,url):
allpoc=POC.query.all()
with app.app_context():
for poc in allpoc:
try:
rep = requests.get(url+poc.rule, headers=core.GetHeaders(),timeout=2)
if rep.status_code!=404 and poc.expression in rep.text:
bug = BugList(oldurl=attackurl, bugurl=url, bugname=poc.name,buggrade=redispool.hget('bugtype', poc.name), payload=url+poc,
bugdetail=rep.text)
redispool.pfadd(redispool.hget('bugtype', poc.name), url)
redispool.pfadd(poc.name, url)
db.session.add(bug)
except Exception as e:
print(e)
pass
db.session.commit()
def WebLogicScan(self):
print("正在进行weblogic漏洞检测!")
try:
results=WebLogicScan.run(self.domain)
with app.app_context():
for result in results:
vulnerable, bugurl, bugname, bugdetail = result
if vulnerable:
bug = BugList(oldurl=self.domain, bugurl=bugurl, bugname=bugname,
buggrade=redispool.hget('bugtype', bugname),
payload=bugurl, bugdetail=bugdetail)
redispool.pfadd(redispool.hget('bugtype', bugname), bugurl)
redispool.pfadd(bugname, bugurl)
db.session.add(bug)
db.session.commit()
except Exception as e:
print(e)
pass
def informationpoc_check(oldurl, informationurl):
poc_class = pocdb_pocs(informationurl)
poc_dict = poc_class.informationpocdict
cprint(
">>>Information漏洞扫描URL: " + informationurl + "\t可用POC个数[" +
str(len(poc_dict)) + "]", "magenta")
informationpool.map(informationprint, poc_dict.keys())
print("\r")
results = informationpool.map(informationcheck, poc_dict.values())
informationpool.close()
informationpool.join()
with app.app_context():
for result in results:
vulnerable, bugurl, bugname, payload, bugdetail = result
if vulnerable:
bug = BugList(oldurl=oldurl,
bugurl=bugurl,
bugname=bugname,
buggrade=redispool.hget('bugtype', bugname),
payload=payload,
bugdetail=bugdetail)
db.session.add(bug)
db.session.commit()