def task_run():
while not kb.task_queue.empty() and kb.thread_continue:
target, poc_module = kb.task_queue.get()
if not conf.console_mode:
poc_module = copy.deepcopy(kb.registered_pocs[poc_module])
poc_name = poc_module.name
info_msg = "running poc:'{0}' target '{1}'".format(poc_name, target)
logger.info(info_msg)
# hand user define parameters
if hasattr(poc_module, "_options"):
for item in kb.cmd_line:
value = cmd_line_options.get(item, "")
if item in poc_module.options:
poc_module.set_option(item, value)
info_msg = "Parameter {0} => {1}".format(item, value)
logger.info(info_msg)
# check must be option
for opt, v in poc_module.options.items():
# check conflict in whitelist
if opt in CMD_PARSE_WHITELIST:
info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format(
poc_name, opt)
logger.error(info_msg)
raise SystemExit
if v.require and v.value == "":
info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format(
poc=poc_name, key=opt)
logger.error(info_msg)
raise SystemExit
result = poc_module.execute(target,
headers=conf.http_headers,
mode=conf.mode,
verbose=False)
if not result:
continue
if not conf.quiet:
result.show_result()
result_status = "success" if result.is_success() else "failed"
output = AttribDict(result.to_dict())
output.update({
'target': target,
'poc_name': poc_name,
'created': time.strftime("%Y-%m-%d %X", time.localtime()),
'status': result_status
})
kb.results.append(output)
def task_run():
while not kb.task_queue.empty() and kb.thread_continue:
target, poc_module = kb.task_queue.get()
if not conf.console_mode:
poc_module = copy.deepcopy(kb.registered_pocs[poc_module])
poc_name = poc_module.name
# for hide some infomations
if conf.ppt:
length = len(target)
_target = target
if length > 15:
_target = "*" + _target[length - 9:]
else:
_target = "*" + _target[length - 3:]
info_msg = "running poc:'{0}' target '{1}'".format(poc_name, _target)
else:
info_msg = "running poc:'{0}' target '{1}'".format(poc_name, target)
logger.info(info_msg)
# hand user define parameters
if hasattr(poc_module, "_options"):
for item in kb.cmd_line:
value = cmd_line_options.get(item, "")
if item in poc_module.options:
poc_module.set_option(item, value)
info_msg = "Parameter {0} => {1}".format(item, value)
logger.info(info_msg)
# check must be option
for opt, v in poc_module.options.items():
# check conflict in whitelist
if opt in CMD_PARSE_WHITELIST:
info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format(
poc_name, opt)
logger.error(info_msg)
raise SystemExit
if v.require and v.value == "":
info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format(
poc = poc_name, key = opt)
logger.error(info_msg)
raise SystemExit
try:
result = poc_module.execute(target, headers = conf.http_headers, mode = conf.mode, verbose = False)
except PocsuiteValidationException as ex:
info_msg = "Poc:'{}' PocsuiteValidationException:{}".format(poc_name, ex)
logger.error(info_msg)
result = None
if not isinstance(result, Output) and not None:
_result = Output(poc_module)
if result:
if isinstance(result, bool):
_result.success({})
elif isinstance(result, str):
_result.success({"Info": result})
elif isinstance(result, dict):
_result.success(result)
else:
_result.success({"Info": repr(result)})
else:
_result.fail('target is not vulnerable')
result = _result
if not result:
continue
if not conf.quiet:
result.show_result()
result_status = "success" if result.is_success() else "failed"
if result_status == "success" and kb.comparison:
kb.comparison.change_success(target, True)
output = AttribDict(result.to_dict())
if conf.ppt:
# hide some information
length = len(target)
if length > 15:
target = "*" + target[length - 9:]
elif length > 8:
target = "*" + target[4:]
else:
target = "*" + target[1:]
output.update({
'target': target,
'poc_name': poc_name,
'created': time.strftime("%Y-%m-%d %X", time.localtime()),
'status': result_status
})
result_plugins_handle(output)
kb.results.append(output)
def task_run():
while not kb.task_queue.empty() and kb.thread_continue:
target, poc_module = kb.task_queue.get()
if not conf.console_mode:
poc_module = copy.deepcopy(kb.registered_pocs[poc_module])
poc_name = poc_module.name
if conf.pcap:
# start capture flow
import os
import logging
os.environ["MPLBACKEND"] = "Agg"
logging.getLogger("scapy").setLevel(logging.ERROR)
from pocsuite3.lib.utils.pcap_sniffer import Sniffer
from scapy.utils import wrpcap
sniffer = Sniffer(urlparse(target).hostname)
if sniffer.use_pcap:
if not sniffer.is_admin:
logger.warn(
"Please use administrator privileges, and the poc will continue to execute without fetching the packet"
)
conf.pcap = False
else:
sniffer.start()
# let scapy start for a while
time.sleep(1)
else:
logger.warn(
"No libpcap is detected, and the poc will continue to execute without fetching the packet"
)
conf.pcap = False
# for hide some infomations
if conf.ppt:
info_msg = "running poc:'{0}' target '{1}'".format(
poc_name, desensitization(target))
else:
info_msg = "running poc:'{0}' target '{1}'".format(
poc_name, target)
logger.info(info_msg)
# hand user define parameters
if hasattr(poc_module, "_options"):
for item in kb.cmd_line:
value = cmd_line_options.get(item, "")
if item in poc_module.options:
poc_module.set_option(item, value)
info_msg = "Parameter {0} => {1}".format(item, value)
logger.info(info_msg)
# check must be option
for opt, v in poc_module.options.items():
# check conflict in whitelist
if opt in CMD_PARSE_WHITELIST:
info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format(
poc_name, opt)
logger.error(info_msg)
raise SystemExit
if v.require and v.value == "":
info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format(
poc=poc_name, key=opt)
logger.error(info_msg)
raise SystemExit
try:
result = poc_module.execute(target,
headers=conf.http_headers,
mode=conf.mode,
verbose=False)
except PocsuiteValidationException as ex:
info_msg = "Poc:'{}' PocsuiteValidationException:{}".format(
poc_name, ex)
logger.error(info_msg)
result = None
if not isinstance(result, Output) and not None:
_result = Output(poc_module)
if result:
if isinstance(result, bool):
_result.success({})
elif isinstance(result, str):
_result.success({"Info": result})
elif isinstance(result, dict):
_result.success(result)
else:
_result.success({"Info": repr(result)})
else:
_result.fail('target is not vulnerable')
result = _result
if not result:
continue
if not conf.quiet:
result.show_result()
result_status = "success" if result.is_success() else "failed"
if result_status == "success" and kb.comparison:
kb.comparison.change_success(target, True)
output = AttribDict(result.to_dict())
if conf.ppt:
# hide some information
target = desensitization(target)
output.update({
'target': target,
'poc_name': poc_name,
'created': time.strftime("%Y-%m-%d %X", time.localtime()),
'status': result_status
})
result_plugins_handle(output)
kb.results.append(output)
if conf.pcap:
sniffer.join(20)
if not sniffer.is_alive():
filename = urlparse(target).hostname + time.strftime(
'_%Y_%m_%d_%H%M%S.pcap')
logger.info(f"pcap data has been saved in: {filename}")
wrpcap(filename, sniffer.pcap.results)
else:
logger.error("Thread terminates timeout. Failed to save pcap")
