def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail("not vulnerability")
return output
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('not vulnerability')
return output
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet noting return')
return output
def save_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail()
return output
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Failed')
return output
def _verify(self):
output = Output(self)
# 验证代码
result = {
# 不管是验证模式或者攻击模式,返回结果 result 中的 key 值必须按照下面的规范来写
# [ PoC结果返回规范 ]( https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md#resultstandard )
"Result": {
"DBInfo": {
"Username": "******",
"Password": "******",
"Salt": "xxx",
"Uid": "xxx",
"Groupid": "xxx",
},
"ShellInfo": {"URL": "xxx", "Content": "xxx"},
"FileInfo": {"Filename": "xxx", "Content": "xxx"},
"XSSInfo": {"URL": "xxx", "Payload": "xxx"},
"AdminInfo": {"Uid": "xxx", "Username": "******", "Password": "******"},
"Database": {
"Hostname": "xxx",
"Username": "******",
"Password": "******",
"DBname": "xxx",
},
"VerifyInfo": {"URL": "xxx", "Postdata": "xxx", "Path": "xxx"},
"SiteAttr": {"Process": "xxx"},
"Stdout": "result output string",
}
}
if result: # result是返回结果
output.success(result)
else:
output.fail("target is not vulnerable")
return output
def parse_verify(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('not MS17-010')
return output
def parse_output(self, result):
# parse output
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet nothing returned')
return output
def parse_output(self, result={}):
output = Output(self)
if result and len(result.keys())!=0:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
def parse_result(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail("Internet Nothing returned")
return output
def parse_attack(self, result):
output = Output(self)
if result:
# if result['VerifyInfo']['Path']:
output.success(result)
# output.success('Succeed')
else:
output.fail('Fail test')
return output
def _verify(self):
output = Output(self)
response = str(self.send())
if "var fgt_lang =" in response:
result = {}
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
output.success(result)
else:
output.fail('Target is not vulnerable')
return output
def _verify(self):
output = Output(self)
# 验证代码
result = {
# 不管是验证模式或者攻击模式,返回结果 result 中的 key 值必须按照下面的规范来写
# [ PoC结果返回规范 ]( https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md#resultstandard )
'Result': {
'DBInfo': {
'Username': '******',
'Password': '******',
'Salt': 'xxx',
'Uid': 'xxx',
'Groupid': 'xxx'
},
'ShellInfo': {
'URL': 'xxx',
'Content': 'xxx'
},
'FileInfo': {
'Filename': 'xxx',
'Content': 'xxx'
},
'XSSInfo': {
'URL': 'xxx',
'Payload': 'xxx'
},
'AdminInfo': {
'Uid': 'xxx',
'Username': '******',
'Password': '******'
},
'Database': {
'Hostname': 'xxx',
'Username': '******',
'Password': '******',
'DBname': 'xxx'
},
'VerifyInfo': {
'URL': 'xxx',
'Postdata': 'xxx',
'Path': 'xxx'
},
'SiteAttr': {
'Process': 'xxx'
},
'Stdout': 'result output string'
}
}
if result: # result是返回结果
output.success(result)
else:
output.fail('target is not vulnerable')
return output
