def _wrapper(args):
try:
out = Output()
return func(args, out)
except PenError as error:
out.error(str(error))
except SearchEngineError as error:
out.error(str(error))
except KeyboardInterrupt:
out.error(u"强制退出")
finally:
out.close()
def __str__(self):
resultStr = Output.Y(u"\n原始信息:\n")
resultStr = resultStr + Output.B(
"{0:>9} : ".format('URL')) + self['meta']['url'] + "\n"
resultStr = resultStr + Output.B("{0:>9} : ".format('Status')) + str(
self['meta']['statusCode']) + "\n"
resultStr = resultStr + Output.B(
"{0:>9} : ".format('Title')) + self['meta']['title'] + "\n"
resultStr = resultStr + Output.B("{0:>9} : ".format('Headers')) + "\n"
for key, value in self['meta']['headers'].iteritems():
resultStr = resultStr + Output.G(
"{0:>20} : ".format(key)) + value + "\n"
resultStr = resultStr + Output.Y(u"\n识别结果:\n")
for key, value in self['apps'].iteritems():
appsInfo = ""
for line in value:
if line[3]:
appsInfo = appsInfo + line[0] + " " + line[3] + " ; "
else:
appsInfo = appsInfo + line[0] + " ; "
resultStr = resultStr + Output.Y(
"{0:>11} : ".format(key)) + appsInfo + "\n"
return resultStr
def __str__(self):
resultStr = ""
if self.get("FailedInfo", None):
resultStr = Output.G(u"Exploit执行失败,原因:{0}".format(
self['FailedInfo']['reason']).encode(sys.stdout.encoding))
return resultStr
for key, value in self.iteritems():
for vkey, vvalue in value.iteritems():
resultStr = resultStr + Output.R(key + ": ") + Output.Y(
vkey + ": ") + vvalue + "\n"
if not resultStr:
resultStr = Output.G(u"Exploit执行失败, 目标系统可能不存在漏洞".encode(
sys.stdout.encoding))
return resultStr
return Output.G(u"目标系统存在漏洞,验证/利用成功,具体信息:\n".encode(
sys.stdout.encoding)) + resultStr.strip()
def _hexViewContent(self, rawContent):
'''
十六进制方式显示文件内容
'''
result = ""
loopCount = len(rawContent) / 16
for i in range(loopCount + 1):
directive = Output.Y("{0:0>8}: ".format(hex(i * 16)[2:]))
result = result + directive
for j in range(16):
result = result + self._getByteHex(rawContent, i, j) + " "
result = result + " "
for j in range(16):
result = result + self._getByteReal(rawContent, i, j)
result = result + "\n"
return result
def _formatAttr(self, key, rtype):
'''
格式化exploit结果信息中的某个属性值对
rtype :
0 : 不存在漏洞
1 : 存在漏洞
2 : 有辅渗透信息(用于payload生成类型的exploit)
key : 格式化的属性
'''
result = ""
if rtype == self.NOTVUL:
if key == 'isvul':
value = u"不存在漏洞"
else:
value = self.get(key, None)
if value:
result = Output.Y("{0:>11} : ".format(key)) + Output.G(
self._encodeValue(value)) + "\n"
elif rtype == self.VUL:
if key == 'isvul':
value = u"存在漏洞"
else:
value = self.get(key, None)
if value:
result = Output.Y("{0:>11} : ".format(key)) + Output.R(
self._encodeValue(value)) + "\n"
elif rtype == self.INFO:
if key == 'isvul':
value = u"漏洞情况未知"
else:
value = self.get(key, None)
if value:
result = Output.Y("{0:>11} : {1}\n".format(
key, self._encodeValue(value)))
elif rtype == self.ERROR:
if key == 'isvul':
value = u"Exploit执行失败"
else:
value = self.get(key, None)
if value:
result = Output.Y(
"{0:>11} : ".format(key)) + self._encodeValue(value) + "\n"
else:
raise ExploitResultError(
"'isvul' attribute should be 'Result.NOTVUL/VUL/INFO/ERROR'")
return result
def _getByteReal(self, data, i, j):
if i * 16 + j >= len(data):
return " "
else:
return Output.B(self._getAsciiVirualByte(data[i * 16 + j]))