def __parse_conf_file(self): parser = DefaultConfigParser() # Utf-8 to avoid encoding issues parser.read(EXPLOITS_CONF, 'utf8') for section in parser.sections(): # Vulnerable product name product = parser.safe_get(section, 'product', '', None) if not product: raise SettingsException('No vulnerable product name specified for ' \ '[{}]'.format(section)) # Vulnerability description description = parser.safe_get(section, 'description', '', None) if not description: raise SettingsException('Missing vulnerability description for ' \ '[{}]'.format(section)) # Vulnerability type type_ = parser.safe_get(section, 'type', '', None) if type_ not in SUPPORTED_TYPES: raise SettingsException( 'Unsupported vulnerability type for [{}]'.format(section)) # Detection command detection_rawcmd = parser.safe_get(section, 'detection_cmd', '', None) # Detection command output success detection_success = parser.safe_get(section, 'detection_success', '', None) if detection_rawcmd and len( detection_rawcmd) > 0 and not detection_success: raise SettingsException('Missing "detection_success" for [{}] since ' \ '"detection_cmd" is defined'.format(section)) # Exploit command exploit_rawcmd = parser.safe_get(section, 'exploit_cmd', '', None) # Exploit RCE output exploit_rce_output = parser.safe_get_boolean( section, 'exploit_rce_output', True) # Exploit command output success (for auto test when exploit_rce_output == True) exploit_success = parser.safe_get(section, 'exploit_success', '', None) if exploit_rawcmd and \ len(exploit_rawcmd) > 0 and \ exploit_rce_output and \ not exploit_success: raise SettingsException( 'Missing "exploit_success" for [{}] since ' '"exploit_cmd" is defined and "exploit_rce_output=true"'. format(section)) exploit = Exploit(section, product, description, type_, detection_rawcmd, detection_success, exploit_rawcmd, exploit_rce_output, exploit_success) self.exploits.append(exploit)
def __parse_conf_file(self): parser = DefaultConfigParser() # Utf-8 to avoid encoding issues parser.read(EXPLOITS_CONF, 'utf8') for section in parser.sections(): type_ = parser.safe_get(section, 'type', '', None) if type_ not in SUPPORTED_TYPES: raise SettingsException('Unsupported exploit type for [{}]'.format(type_)) rawcmd = parser.safe_get(section, 'command', '', None) if not rawcmd: raise SettingsException('No command specified for [{}]'.format(rawcmd)) description = parser.safe_get(section, 'description', '', None) success = parser.safe_get(section, 'success', '', None) exploit = Exploit(section, description, type_, rawcmd, success) self.exploits.append(exploit)