def async_run(func, items, callback):
"""
运行任务
:param func: 异步函数对象
:param items: 异步函数参数
:param callback: 回调函数
:return:
"""
# 任务组, 最大协程数
pool = AsyncPool()
# 插入任务任务
# for i in range(100000):
# pool.submit(thread_example(i), my_callback)
for i in items:
pool.submit(func(i), callback)
# 停止事件循环
pool.release()
# 获取线程数
msg = f'Current task {pool.running}'
LOGGER.info(msg)
# 等待
pool.wait()
def command_unsetg(args):
if len(args.split(' ')) == 2:
parse = args.split(' ')
if parse[0] == 'proxy':
optProxy.__set__(None)
else:
LOGGER.warning('Please input unsetg <proxy>')
def register_option(self, key, value):
if key in self.option.keys():
if value:
self.option[key]['Current Setting'] = value
print(f'{key} => {value}')
else:
msg = f'Please input {key}\'s value'
LOGGER.warning(msg)
def eyou_rce_callback(self, future):
resp = future.result()
if resp:
if resp['code'] == 200:
result = resp['text']
LOGGER.success(result)
else:
msg = 'The target ' + str(resp['url']) + ' not vuln !'
LOGGER.info(msg)
def command_search(args):
if len(args.split(' ')) == 1:
keyword = args.split(' ')[0]
result = module_manager.search_module(keyword)
if not result:
msg = f'search {keyword} not found'
LOGGER.info(msg)
else:
search_style(result)
else:
LOGGER.warning('Please input search <keyword>')
def check_run(self):
# 运行前检查必填参数
options = self.current_module.option
for k, v in options.items():
c_set = v['Current Setting']
required = v['Required']
if not c_set and required == 'yes':
LOGGER.warning(f'{k} is not set!')
return False
return True
def spider_callback(self, future):
resp = future.result()
status = int(self.get_options('status'))
try:
if resp['code'] == status:
url = resp['url']
title = re.findall('<title>(.*?)</title>', resp['text'])[0]
msg = f'{url} - {status} - {title}'
LOGGER.success(msg)
except (TypeError, IndexError):
pass
def start(self):
"""用户输入输出循环"""
print(self.banner)
while True:
try:
command, args = self.parse_line(input(self.prompt))
if not command:
continue
self.command_handle(command, args)
except (KeyboardInterrupt, EOFError):
LOGGER.info('Interrupt: use the \'exit\' command to quit')
def rg_uac_passleak_callback(self, future):
resp = future.result()
if resp['code'] == 200:
result = resp['text']
user = re.findall('"name":"(.*?)"', result)
password = re.findall('"password":"******"', result)
for i in range(len(user)):
msg = f'name:{user[i]},password:{password[i]}'
LOGGER.success(msg)
else:
msg = 'The target ' + str(resp['url']) + ' not vuln !'
LOGGER.info(msg)
def command_exec(args):
# 执行系统命令并时时打印
msg = f'exec {args}'
LOGGER.info(msg)
process = subprocess.Popen(args,
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
while process.poll() is None:
line = process.stdout.readline()
line = line.strip()
if line:
if IS_WIN:
print(line.decode('gbk', 'ignore'))
else:
print(line.decode('utf-8', 'ignore'))
def load_module(name):
# if os.path.isdir(name):
# exp = parse_exp(name)
# for i in exp:
# path = (name + i).replace('/', '.')
# try:
# module_obj = importlib.import_module(name=path)
# if hasattr(module_obj, 'Zerooosploit'):
# pass
# except ModuleNotFoundError as e:
# LOGGER.error(e)
# else:
exp = name.replace('/', '.')
try:
global mod
mod = importlib.import_module('modules.' + exp)
if hasattr(mod, 'Zerooosploit'):
module_self = getattr(mod, 'Zerooosploit')
# print(getattr(module_self, 'show_info'))
# print('class', module_self())
return module_self()
else:
msg = f'Module {exp} doesn\'t define any object named Zerooosploit'
LOGGER.error(ModuleNotDefineException(msg))
except ModuleNotFoundError as e:
LOGGER.error(e)
except Exception as e:
LOGGER.exception(e)
def command_handle(self, command, args):
# print('1:',command, '2:',args)
if self.current_module:
if command == 'run' or command == 'exploit':
self.command_run()
elif command == 'back' or command == 'exit':
self.command_back()
elif command == 'set' and args:
self.command_set(args)
elif command == 'show' and args == 'options':
self.command_show_options()
elif command == 'show' and args == 'info':
self.command_show_info()
elif command == 'reload':
self.command_reload()
else:
LOGGER.error('Unknow command: {0}.'.format(command, args))
else:
if command == 'use':
self.module_use(args)
elif command == 'help' or command == '?':
self.command_help()
elif command == 'setg' and args:
self.command_setg(args)
elif command == 'unsetg' and args:
self.command_unsetg(args)
elif command == 'exit' or command == 'quit':
sys.exit()
elif command == 'exec' and args:
self.command_exec(args)
elif command == 'search' and args:
self.command_search(args)
elif command == 'list':
self.command_modules_list()
else:
LOGGER.error('Unknow command: {0}.'.format(command + args))
def __set__(self, value):
if 'http://' in value:
self.value = value
LOGGER.info(f'proxy => {self.value}')
elif 'socks5://' in value:
self.value = value
LOGGER.info(f'proxy => {self.value}')
else:
LOGGER.warning('Support only http:// or socks5://')
self.value = None
def __set__(self, value):
if value == 'on':
self.value = True
LOGGER.info('debug => on')
return self.value
elif value == 'off':
self.value = False
LOGGER.info('debug => off')
return self.value
else:
LOGGER.info('setg debug on/off')
return self.value
def command_reload(self):
module_metadata = self.module_metadata()
LOGGER.info(f'Reloading module {module_metadata}...')
reload_module()
self.command_back()
LOGGER.success(f'Reload complete, please use {module_metadata}')
def command_run(self):
LOGGER.info(f'Running module {self.module_metadata()}...')
if self.check_run():
self.current_module.exploit()
def get_options(self, key):
try:
return self.option[key]['Current Setting']
except KeyError:
msg = f'{key} not found'
LOGGER.warning(msg)
async def send_request_cgi(self, method, url, **kwargs):
kwargs.setdefault('timeout', self.http_timeout)
kwargs.setdefault('headers', self.http_headers)
kwargs.setdefault('verify_ssl', self.verify_ssl)
kwargs.setdefault('allow_redirects', self.http_allow_redirects)
kwargs.setdefault('proxy', self.proxy)
# 连接数限制 禁止dns缓存
conn = aiohttp.TCPConnector(use_dns_cache=False)
try:
# async with asyncio.Semaphore(rate):
async with aiohttp.ClientSession(connector=conn) as session:
# async with aiohttp.ClientSession(connector=conn) as session:
resp = await session.request(method, url, **kwargs)
LOGGER.debug(f'Requests: {method} {url}', self.debug)
text = await resp.text()
content = await resp.read()
stream_content = await resp.content.read()
resp = {
'code': resp.status,
'text': text,
'content': content,
'url': resp.url,
'stream_content': stream_content,
'headers': resp.headers,
'cookie': resp.cookies
}
LOGGER.debug(http_response_style(resp['code'], resp['headers'], resp['text'], resp['content'],
resp['stream_content']), self.debug)
return resp
except aiohttp.ClientConnectorError:
LOGGER.error(f'{url} Error: ConnectionError')
except aiohttp.ServerDisconnectedError:
LOGGER.error(f'{url} Error: ServerDisconnectedError')
except aiohttp.InvalidURL:
LOGGER.error(f'Invalid URL format: {url}')
except socket.error as e:
LOGGER.warning(e)
except KeyboardInterrupt:
LOGGER.warning('Module has been stopped')
except asyncio.TimeoutError as e:
pass
except Exception as e:
LOGGER.exception(e)
return None
def tcp_scan_callback(self, future):
ip, port, status = future.result()
if status == 'open':
msg = f'{ip} {port} {status}'
LOGGER.success(msg)
def exploit(self):
targets = get_target(self.get_options('targets'))
async_run(self.rg_uac_passleak, targets, self.rg_uac_passleak_callback)
LOGGER.info('exploit complete')
def exploit(self):
targets = get_target(self.get_options('targets'))
async_run(self.eyou_rce, targets, self.eyou_rce_callback)
LOGGER.info('exploit complete')
# if exp_info:
# self.only_insert_data('Exploit', exp_info['Name'], exp_info['Module'], exp_info['Product'], exp_info['Cve'],
# exp_info['Create_date'], exp_info['Description'], exp_info['Authors'],
# exp_info['References'])
# if aux_info:
# self.only_insert_data('Auxiliary', aux_info['Name'], aux_info['Module'], aux_info['Product'],
# aux_info['Cve'], aux_info['Create_date'], aux_info['Description'],
# aux_info['Authors'], aux_info['References'])
# except KeyError:
# pass
try:
module_manager = ModuleManager()
except (sqlite3.OperationalError, Exception) as e:
LOGGER.exception(e)
def parse_module():
exp = []
for dirpath, dirnames, filenames in os.walk('./modules/exploit'):
for file in filenames:
if file.endswith('.py') and '__init__' not in file:
if '__pycache__' not in dirpath:
exp.append(f'{dirpath}/{file}')
aux = []
for dirpath, dirnames, filenames in os.walk('./modules/auxiliary'):
for file in filenames:
if file.endswith('.py') and '__init__' not in file:
if '__pycache__' not in dirpath:
aux.append(f'{dirpath}/{file}')
