def task_run(): while not kb.task_queue.empty() and kb.thread_continue: target, poc_module = kb.task_queue.get() if not conf.console_mode: poc_module = copy.deepcopy(kb.registered_pocs[poc_module]) poc_name = poc_module.name # for hide some infomations if conf.ppt: length = len(target) _target = target if length > 15: _target = "*" + _target[length - 9:] else: _target = "*" + _target[length - 3:] info_msg = "running poc:'{0}' target '{1}'".format(poc_name, _target) else: info_msg = "running poc:'{0}' target '{1}'".format(poc_name, target) logger.info(info_msg) # hand user define parameters if hasattr(poc_module, "_options"): for item in kb.cmd_line: value = cmd_line_options.get(item, "") if item in poc_module.options: poc_module.set_option(item, value) info_msg = "Parameter {0} => {1}".format(item, value) logger.info(info_msg) # check must be option for opt, v in poc_module.options.items(): # check conflict in whitelist if opt in CMD_PARSE_WHITELIST: info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format( poc_name, opt) logger.error(info_msg) raise SystemExit if v.require and v.value == "": info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format( poc = poc_name, key = opt) logger.error(info_msg) raise SystemExit try: result = poc_module.execute(target, headers = conf.http_headers, mode = conf.mode, verbose = False) except PocsuiteValidationException as ex: info_msg = "Poc:'{}' PocsuiteValidationException:{}".format(poc_name, ex) logger.error(info_msg) result = None if not isinstance(result, Output) and not None: _result = Output(poc_module) if result: if isinstance(result, bool): _result.success({}) elif isinstance(result, str): _result.success({"Info": result}) elif isinstance(result, dict): _result.success(result) else: _result.success({"Info": repr(result)}) else: _result.fail('target is not vulnerable') result = _result if not result: continue if not conf.quiet: result.show_result() result_status = "success" if result.is_success() else "failed" if result_status == "success" and kb.comparison: kb.comparison.change_success(target, True) output = AttribDict(result.to_dict()) if conf.ppt: # hide some information length = len(target) if length > 15: target = "*" + target[length - 9:] elif length > 8: target = "*" + target[4:] else: target = "*" + target[1:] output.update({ 'target': target, 'poc_name': poc_name, 'created': time.strftime("%Y-%m-%d %X", time.localtime()), 'status': result_status }) result_plugins_handle(output) kb.results.append(output)
def task_run(): while not kb.task_queue.empty() and kb.thread_continue: target, poc_module = kb.task_queue.get() if not conf.console_mode: poc_module = copy.deepcopy(kb.registered_pocs[poc_module]) poc_name = poc_module.name if conf.pcap: # start capture flow import os import logging os.environ["MPLBACKEND"] = "Agg" logging.getLogger("scapy").setLevel(logging.ERROR) from pocsuite3.lib.utils.pcap_sniffer import Sniffer from scapy.utils import wrpcap sniffer = Sniffer(urlparse(target).hostname) if sniffer.use_pcap: if not sniffer.is_admin: logger.warn( "Please use administrator privileges, and the poc will continue to execute without fetching the packet" ) conf.pcap = False else: sniffer.start() # let scapy start for a while time.sleep(1) else: logger.warn( "No libpcap is detected, and the poc will continue to execute without fetching the packet" ) conf.pcap = False # for hide some infomations if conf.ppt: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, desensitization(target)) else: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, target) logger.info(info_msg) # hand user define parameters if hasattr(poc_module, "_options"): for item in kb.cmd_line: value = cmd_line_options.get(item, "") if item in poc_module.options: poc_module.set_option(item, value) info_msg = "Parameter {0} => {1}".format(item, value) logger.info(info_msg) # check must be option for opt, v in poc_module.options.items(): # check conflict in whitelist if opt in CMD_PARSE_WHITELIST: info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format( poc_name, opt) logger.error(info_msg) raise SystemExit if v.require and v.value == "": info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format( poc=poc_name, key=opt) logger.error(info_msg) raise SystemExit try: result = poc_module.execute(target, headers=conf.http_headers, mode=conf.mode, verbose=False) except PocsuiteValidationException as ex: info_msg = "Poc:'{}' PocsuiteValidationException:{}".format( poc_name, ex) logger.error(info_msg) result = None if not isinstance(result, Output) and not None: _result = Output(poc_module) if result: if isinstance(result, bool): _result.success({}) elif isinstance(result, str): _result.success({"Info": result}) elif isinstance(result, dict): _result.success(result) else: _result.success({"Info": repr(result)}) else: _result.fail('target is not vulnerable') result = _result if not result: continue if not conf.quiet: result.show_result() result_status = "success" if result.is_success() else "failed" if result_status == "success" and kb.comparison: kb.comparison.change_success(target, True) output = AttribDict(result.to_dict()) if conf.ppt: # hide some information target = desensitization(target) output.update({ 'target': target, 'poc_name': poc_name, 'created': time.strftime("%Y-%m-%d %X", time.localtime()), 'status': result_status }) result_plugins_handle(output) kb.results.append(output) if conf.pcap: sniffer.join(20) if not sniffer.is_alive(): filename = urlparse(target).hostname + time.strftime( '_%Y_%m_%d_%H%M%S.pcap') logger.info(f"pcap data has been saved in: {filename}") wrpcap(filename, sniffer.pcap.results) else: logger.error("Thread terminates timeout. Failed to save pcap")