def main(): global SCRIPT, TASK, RESULT banner() #显示banner信息 register() #向Queue注册 while True: if GetTaskAndScript(): #获取脚本及任务 SCRIPT = load_string_to_module(SCRIPT) #加载脚本 worker = WorkeBee(SCRIPT, TASK) #WorkeBee初始化 worker.run() #WorkeBee运行 RESULT = worker.get_result() #获取结果 # print(RESULT) submission() time.sleep(1)
def init(config: dict): #print("[*] target:{}".format(config["url"])) patch_session() # 加载poc,首先遍历出路径 _pocs = [] for root, dirs, files in os.walk(PATHS_POCS): files = filter(lambda x: not x.startswith("__") and x.endswith( ".py") and x not in config.get("poc", []), files) # 过滤掉__init__.py文件以及指定poc文件 _pocs.extend(map(lambda x: os.path.join(root, x), files)) # 根据路径加载PoC for poc in _pocs: with open(poc, 'r') as f: model = load_string_to_module(f.read()) POCS.append(model)
def hand_domain(self, serviceType): target = serviceType["target"] logger.info(target) # 添加这条记录 collector.add_domain(target) # 发起请求 try: r = requests.get(target, timeout=30, verify=False, allow_redirects=False) collector.add_domain_info(target, { "headers": r.headers, "body": r.text, "status_code": r.status_code }) except Exception as e: logger.error("request url error:" + str(e)) collector.del_domain(target) return logger.debug("target:{} over,start to scan".format(target)) # Get hostname hostname = urlparse(target).netloc.split(":")[0] if not is_ip_address_format(hostname): try: _ip = socket.gethostbyname(hostname) collector.add_domain_info(target, {"ip": _ip}) except: pass else: collector.add_domain_info(target, {"ip": hostname}) work_list = [ webeye.poc, webtitle.poc, wappalyzer.poc, password_found.poc ] if IS_START_PLUGINS: work_list.append(crossdomain.poc) work_list.append(directory_browse.poc) work_list.append(gitleak.poc) work_list.append(iis_parse.poc) work_list.append(phpinfo.poc) work_list.append(svnleak.poc) work_list.append(tomcat_leak.poc) work_list.append(whatcms.poc) # WorkList.append(bakfile.poc) # 去除备份文件扫描模块,原因:太费时 # th = [] # try: # for func in work_list: # i = threading.Thread(target=func, args=(target,)) # i.start() # th.append(i) # for thi in th: # thi.join() # except Exception as e: # logger.error("domain plugin threading error {}:{}".format(repr(Exception), str(e))) for func in work_list: try: func(target) except Exception as e: logger.error("domain plugin threading error {}:{}".format( repr(Exception), str(e))) logger.debug("target:{} End of scan".format(target)) infos = collector.get_domain(target) _pocs = [] temp = {} if IS_START_PLUGINS and "CMS" in infos: if infos.get("app"): temp["app"] = [] temp["app"].append(infos["CMS"]) else: temp["app"] = [infos["CMS"]] # update domain app collector.add_domain_info(target, temp) if temp.get("app"): keywords = temp["app"] # 远程读取插件 pocs = load_remote_poc() for poc in pocs: for keyword in keywords: if poc["name"] == keyword: webfile = poc["webfile"] logger.debug("load {0} poc:{1} poc_time:{2}".format( poc["type"], webfile, poc["time"])) # 加载插件 code = requests.get(webfile).text obj = load_string_to_module(code, webfile) _pocs.append(obj) # 并发执行插件 if _pocs: executor = futures.ThreadPoolExecutor(len(_pocs)) fs = [] for f in _pocs: taks = executor.submit(f.poc, target) fs.append(taks) for f in futures.as_completed(fs): try: res = f.result() except Exception as e: res = None logger.error("load poc error:{} error:{}".format( target, str(e))) if res: name = res.get("name") or "scan_" + str(time.time()) collector.add_domain_bug(target, {name: res}) collector.send_ok(target)