def getSubDomains(self, host=None):
if host == None:
host = self.host
services = {}
services["host"] = host
pl = PluginLoader(None, services)
pl.runEachPlugin(BASEDIR + "/plugins/Info_Collect/subdomain.py")
print pl.services
subdomains = pl.services["subdomains"]
return subdomains
def getSubDomains(self, host=None):
if host == None:
host = self.host
services = {}
services['host'] = host
pl = PluginLoader(None, services)
pl.runEachPlugin(PLUGINDIR + '/Info_Collect/subdomain.py')
print pl.services
subdomains = pl.services['subdomains']
return subdomains
def getSubDomains(self,host=None):
if host == None:
host = self.host
services={}
services['host'] = host
pl = PluginLoader(None,services)
pl.runEachPlugin(PLUGINDIR+'/Info_Collect/subdomain.py')
print pl.services
subdomains = pl.services['subdomains']
return subdomains
def getNeiboorHosts(self,ip=None):
if ip == None:
ip = self.ip
services={}
services['ip'] = ip
pl = PluginLoader(None,services)
pl.runEachPlugin(PLUGINDIR+'/Info_Collect/neighborhost.py')
neighborhosts = []
if pl.services.has_key('neighborhosts'):
neighborhosts = pl.services['neighborhosts']
return neighborhosts
def getNeiboorHosts(self, ip=None):
if ip == None:
ip = self.ip
services = {}
services["ip"] = ip
pl = PluginLoader(None, services)
pl.runEachPlugin(BASEDIR + "/plugins/Info_Collect/neighborhost.py")
neighborhosts = []
if pl.services.has_key("neighborhosts"):
neighborhosts = pl.services["neighborhosts"]
return neighborhosts
def getNeiboorHosts(self, ip=None):
if ip == None:
ip = self.ip
services = {}
services['ip'] = ip
pl = PluginLoader(None, services)
pl.runEachPlugin(PLUGINDIR + '/Info_Collect/neighborhost.py')
neighborhosts = []
if pl.services.has_key('neighborhosts'):
neighborhosts = pl.services['neighborhosts']
return neighborhosts
def __init__(self, name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
for t in self.pluginOpts:
o = t[0]
v = t[1]
if (v[0] == '[' and v[-1] == ']') or (v[0] == '{'
and v[-1] == '}'):
v = eval(v)
self.services[o] = v
def scan(self): ''' ''' try: # Step 3 print '>>>Step3: run each sub task' self.pls = [] for each_service in self.services: pl = PluginLoader(None,each_service,self.target) self.pls.append(pl) results = [] # 改用map_async的方式 proPool = MyPool(10) p = proPool.map_async(procFunc,self.pls) try: results = p.get() except KeyboardInterrupt,e: # proPool.terminate() print "Caught KeyboardInterrupt, terminating workers" proPool.terminate() # newpls = [] # for res in results: # newpls.append(res) # self.pls = newpls # self._saveResultToFile() self._saveResultToWeb()
def getHttpPorts(self, ip=None):
if ip == None:
ip = self.ip
services = {}
services['ip'] = ip
# get all opened ports
pl = PluginLoader(None, services)
pl.runEachPlugin(PLUGINDIR + '/Info_Collect/portscan.py')
ports = {}
if pl.services.has_key('port_detail'):
ports = pl.services['port_detail']
# get http ports
httpports = []
for eachport in ports.keys():
if ports[eachport]['name'] == 'http':
httpports.append(eachport)
print 'httpports:\t', httpports
return httpports
def getHttpPorts(self, ip=None):
if ip == None:
ip = self.ip
services = {}
services["ip"] = ip
# get all opened ports
pl = PluginLoader(None, services)
pl.runEachPlugin(BASEDIR + "/plugins/Info_Collect/portscan.py")
ports = {}
if pl.services.has_key("port_detail"):
ports = pl.services["port_detail"]
# get http ports
httpports = []
for eachport in ports.keys():
if ports[eachport]["name"] == "http":
httpports.append(eachport)
print "httpports:\t", httpports
return httpports
def getHttpPorts(self,ip=None):
if ip == None:
ip = self.ip
services={}
services['ip'] = ip
# get all opened ports
pl = PluginLoader(None,services)
pl.runEachPlugin(PLUGINDIR+'/Info_Collect/portscan.py')
ports = {}
if pl.services.has_key('port_detail'):
ports = pl.services['port_detail']
# get http ports
httpports = []
for eachport in ports.keys():
if ports[eachport]['name'] == 'http':
httpports.append(eachport)
print 'httpports:\t',httpports
return httpports
def scan(self):
''' '''
try:
# Step 3
globalVar.mainlogger.info('[*][*] Step3: run each sub task')
# globalVar.undone_targets = []
print 'globalVar.undone_targets=', globalVar.undone_targets
print 'self.services=',
pprint(self.services)
self.pls = []
for each_service in self.services:
pl = PluginLoader(None, each_service, self.targetname,
self.pluginargs)
self.pls.append(pl)
results = []
# 改用map_async的方式
# proPool = multiprocessing.Pool(10)
proPool = MyPool(self.threads)
p = proPool.map_async(procFunc, self.pls)
proPool.close()
try:
proPool.join()
except KeyboardInterrupt, e:
# print "Caught KeyboardInterrupt, terminating workers"
# while True:
# print '---------->>hahahaha main thread caught ctrl+c'
globalVar.mainlogger.error(
'Caught KeyboardInterrupt, terminating workers')
globalVar.mainlogger.info('[*] All Done')
# # 改用map_async的方式
# proPool = MyPool(10)
# p = proPool.map_async(procFunc,self.pls)
# try:
# results = p.get()
# except KeyboardInterrupt,e:
# # proPool.terminate()
# print "Caught KeyboardInterrupt, terminating workers"
# proPool.terminate()
# newpls = []
# for res in results:
# newpls.append(res)
# self.pls = newpls
# self._saveResultToFile()
self._saveResultToWeb()
def __init__(self, name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
print self.pluginOpts
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
# for t in self.pluginOpts:
# o=t[0]
# v=t[1]
# # print o,v
# if type(v)!=int:
# # print type(v)
# if(v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}'):
# v = eval(v)
# # print v
# self.services[o] = v
# # print self.services
self.services.update(self.pluginOpts)
def __init__(self,name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
for t in self.pluginOpts:
o=t[0]
v=t[1]
if (v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}'):
v = eval(v)
self.services[o] = v
def __init__(self,name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
print self.pluginOpts
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
for t in self.pluginOpts:
o=t[0]
v=t[1]
# print o,v
if type(v)!=int:
# print type(v)
if(v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}'):
v = eval(v)
# print v
self.services[o] = v
# print self.services
print 'done'
def __init__(self,name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
print self.pluginOpts
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
# for t in self.pluginOpts:
# o=t[0]
# v=t[1]
# # print o,v
# if type(v)!=int:
# # print type(v)
# if(v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}'):
# v = eval(v)
# # print v
# self.services[o] = v
# # print self.services
self.services.update(self.pluginOpts)
def scan(self):
''' '''
try:
globalVar.mainlogger.info('[*][*] Step3: run each sub task')
proPool = MyPool(self.threads)
for each_service in self.services:
pl = PluginLoader(None,each_service,self.target)
proPool.apply_async(procFunc,(pl,self.pluginfilepath))
# 改用map_async的方式
# proPool = multiprocessing.Pool(10)
# proPool = MyPool(multiprocessing.cpu_count())
# p = proPool.map_async(procFunc,self.pls)
proPool.close()
try:
proPool.join()
except KeyboardInterrupt,e:
globalVar.mainlogger.error('Caught KeyboardInterrupt, terminating workers')
globalVar.mainlogger.info('[*] All Done')
self._saveResultToWeb()
def infoGather(self,depth=1):
try:
# Step 2
print '>>>Step2: gathing info'
for i in range(depth):
print '>>>',i,'<<<'
print globalVar.done_targets
print 'id(globalVar.undone_targets)=\t',id(globalVar.undone_targets)
print 'globalVar.undone_targets=',globalVar.undone_targets
if globalVar.undone_targets:
# Step1:
services = []
pls = []
# print globalVar.undone_targets
tmpundone = copy.deepcopy(globalVar.undone_targets)
for each_target in tmpundone:
# print tmpundone
# print each_target
service = {}
service_type = self._getServiceType(each_target)
# print service_type
service[service_type] = each_target
services.append(service)
globalVar.target_lock.acquire()
globalVar.undone_targets.remove(each_target)
globalVar.done_targets.append(each_target)
globalVar.target_lock.release()
pprint(services)
# sys.exit()
for each_service in services:
pl = PluginLoader(BASEDIR+'/plugins/Info_Collect',each_service,'_'+self.target)
pls.append(pl)
# globalVar.target_lock.acquire()
# globalVar.done_targets += globalVar.undone_targets
# globalVar.undone_targets = []
# globalVar.target_lock.release()
# Step2:
results = []
# 改用map_async的方式
proPool = MyPool(10)
p = proPool.map_async(procFunc,pls)
try:
results = p.get()
# while True:
# print 'globalVar.undone_targets=',globalVar.undone_targets
# time.sleep(1)
# pass
except KeyboardInterrupt,e:
# proPool.terminate()
print "Caught KeyboardInterrupt, terminating workers"
proPool.terminate()
newpls = []
for res in results:
newpls.append(res)
self.pls = self.pls + newpls
for pl in self.pls:
service = pl.services
service['alreadyrun'] = True
self.services.append(service)
self.pls = []
for each_target in globalVar.undone_targets:
service = {}
service_type = self._getServiceType(each_target)
# print service_type
service[service_type] = each_target
self.services.append(service)
pprint(self.services)
class m:
'''mst plugin's class'''
def __init__(self,name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
print self.pluginOpts
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
# for t in self.pluginOpts:
# o=t[0]
# v=t[1]
# # print o,v
# if type(v)!=int:
# # print type(v)
# if(v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}'):
# v = eval(v)
# # print v
# self.services[o] = v
# # print self.services
self.services.update(self.pluginOpts)
# for key in self.pluginOpts:
# if key in ('url','ip','host','timeout'):
# self.services[key] = self.pluginOpts[key]
# print 'done'
def info(self):
'''display plugin infos'''
color.cprint("PLUGIN INFOS",YELLOW)
color.cprint("============",GREY)
color.cprint("PARAMETER VALUE",YELLOW)
color.cprint("-"*15+" "+"-"*20,GREY)
for key in self.pluginInfo.keys():
p=key
v=self.pluginInfo[p]
color.cprint("%-15s"%p,CYAN,0)
color.cprint("%-s"%v,PURPLE)
def opt(self):
'''display plugin opts'''
# print self.pluginOpts
color.cprint("PLUGIN OPTS",YELLOW)
color.cprint("===========",GREY)
color.cprint("%-15s %-20s %-40s"%("PARAMETER","VALUE","DESCRIPTION"),YELLOW)
color.cprint("%-15s %-20s %-40s"%("-"*15,"-"*20,"-"*40),GREY)
# for n in self.pluginOpts:
# p=n[0]
# v=n[1]
# d=n[2]
# color.cprint("%-15s"%p,CYAN,0)
# color.cprint("%-20s"%self.services[p],PURPLE,0)
# color.cprint("%-40s"%d,GREEN)
for key in self.pluginOpts.keys():
p=key
color.cprint("%-15s"%p,CYAN,0)
color.cprint("%-20s"%self.pluginOpts[p],PURPLE)
def setp(self,p,v):
'''set plugin par value'''
# p=p.upper()
if self.pluginOpts.has_key(p):
color.cprint("[*] SET %s=>%s"%(p,v),YELLOW)
value = eval(v) if (v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}') else v
self.pluginOpts[p] = value
self.services[p] = value
print self.pluginOpts
else:
color.cprint("[*] NO PARA %s" % p,YELLOW)
def run(self):
'''start run !!'''
try:
color.cprint("[*] Start run..",YELLOW)
self.plugin.runAudit(self.pluginPath, self.pluginOpts, self.services)
except Exception,e:
color.cprint("[!] Err:%s"%e,RED)
def infoGather(self, depth=None):
if depth == None:
depth = self.gatherdepth
try:
# Step 2
globalVar.mainlogger.info('[*][*] Step2: gathing info')
self.services = []
for i in range(depth):
globalVar.mainlogger.info('[*][*][-] >>> depth: %d <<<' % i)
# print globalVar.done_targets
# print 'id(globalVar.undone_targets)=\t',id(globalVar.undone_targets)
globalVar.depth_now = globalVar.depth_now + 1
if globalVar.undone_targets:
# Step1:
services = []
pls = []
# print globalVar.undone_targets
tmpundone = copy.deepcopy(globalVar.undone_targets)
for each_target in tmpundone:
# print tmpundone
# print each_target
service = {}
service_type = self._getServiceType(each_target)
# print service_type
if globalVar.depth_now > self.gatherdepth:
service['nogather'] = True
service[service_type] = each_target
services.append(service)
globalVar.target_lock.acquire()
globalVar.undone_targets.remove(each_target)
globalVar.done_targets.append(each_target)
globalVar.target_lock.release()
# pprint(services)
# sys.exit()
for each_service in services:
pl = PluginLoader(BASEDIR + '/plugins/Info_Collect',
each_service, '_' + self.target)
pls.append(pl)
# globalVar.target_lock.acquire()
# globalVar.done_targets += globalVar.undone_targets
# globalVar.undone_targets = []
# globalVar.target_lock.release()
# Step2:
results = []
# 改用map_async的方式
# proPool = multiprocessing.Pool(10)
proPool = MyPool(self.threads)
p = proPool.map_async(procFunc, pls)
proPool.close()
try:
proPool.join()
except KeyboardInterrupt, e:
print "Caught KeyboardInterrupt, terminating workers"
results = p.get()
for service in results:
# print service
service['alreadyrun'] = True
self.services.append(service)
print 'globalVar.undone_targets=', globalVar.undone_targets
print 'self.services=',
pprint(self.services)
for each_target in globalVar.undone_targets:
print each_target
service = {}
service_type = self._getServiceType(each_target)
# print service_type
service[service_type] = each_target
service['nogather'] = True
self.services.append(service)
globalVar.mainlogger.info('Targets:')
for service in self.services:
globalVar.mainlogger.info('\t' + str(service))
class m:
'''mst plugin's class'''
def __init__(self,name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
for t in self.pluginOpts:
o=t[0]
v=t[1]
if (v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}'):
v = eval(v)
self.services[o] = v
def info(self):
'''display plugin infos'''
color.cprint("PLUGIN INFOS",YELLOW)
color.cprint("============",GREY)
color.cprint("PARAMETER VALUE",YELLOW)
color.cprint("-"*15+" "+"-"*20,GREY)
for key in self.pluginInfo.keys():
p=key
v=self.pluginInfo[p]
color.cprint("%-15s"%p,CYAN,0)
color.cprint("%-s"%v,PURPLE)
def opt(self):
'''display plugin opts'''
# print self.pluginOpts
color.cprint("PLUGIN OPTS",YELLOW)
color.cprint("===========",GREY)
color.cprint("%-15s %-20s %-40s"%("PARAMETER","VALUE","DESCRIPTION"),YELLOW)
color.cprint("%-15s %-20s %-40s"%("-"*15,"-"*20,"-"*40),GREY)
for n in self.pluginOpts:
p=n[0]
v=n[1]
d=n[2]
color.cprint("%-15s"%p,CYAN,0)
color.cprint("%-20s"%self.services[p],PURPLE,0)
color.cprint("%-40s"%d,GREEN)
def setp(self,p,v):
'''set plugin par value'''
# p=p.upper()
if self.services.has_key(p):
color.cprint("[*] SET %s=>%s"%(p,v),YELLOW)
self.services[p]=eval(v) if (v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}') else v
# print self.services
else:
color.cprint("[*] NO PARA %s" % p,YELLOW)
def run(self):
'''start run !!'''
try:
color.cprint("[*] Start run..",YELLOW)
self.plugin.runAudit(self.pluginPath,self.services)
except Exception,e:
color.cprint("[!] Err:%s"%e,RED)
class m:
'''mst plugin's class'''
def __init__(self, name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
for t in self.pluginOpts:
o = t[0]
v = t[1]
if (v[0] == '[' and v[-1] == ']') or (v[0] == '{'
and v[-1] == '}'):
v = eval(v)
self.services[o] = v
def info(self):
'''display plugin infos'''
color.cprint("PLUGIN INFOS", YELLOW)
color.cprint("============", GREY)
color.cprint("PARAMETER VALUE", YELLOW)
color.cprint("-" * 15 + " " + "-" * 20, GREY)
for key in self.pluginInfo.keys():
p = key
v = self.pluginInfo[p]
color.cprint("%-15s" % p, CYAN, 0)
color.cprint("%-s" % v, PURPLE)
def opt(self):
'''display plugin opts'''
# print self.pluginOpts
color.cprint("PLUGIN OPTS", YELLOW)
color.cprint("===========", GREY)
color.cprint(
"%-15s %-20s %-40s" % ("PARAMETER", "VALUE", "DESCRIPTION"),
YELLOW)
color.cprint("%-15s %-20s %-40s" % ("-" * 15, "-" * 20, "-" * 40),
GREY)
for n in self.pluginOpts:
p = n[0]
v = n[1]
d = n[2]
color.cprint("%-15s" % p, CYAN, 0)
color.cprint("%-20s" % self.services[p], PURPLE, 0)
color.cprint("%-40s" % d, GREEN)
def setp(self, p, v):
'''set plugin par value'''
# p=p.upper()
if self.services.has_key(p):
color.cprint("[*] SET %s=>%s" % (p, v), YELLOW)
self.services[p] = eval(v) if (v[0] == '[' and v[-1] == ']') or (
v[0] == '{' and v[-1] == '}') else v
# print self.services
else:
color.cprint("[*] NO PARA %s" % p, YELLOW)
def run(self):
'''start run !!'''
try:
color.cprint("[*] Start run..", YELLOW)
self.plugin.runAudit(self.pluginPath, self.services)
except Exception, e:
color.cprint("[!] Err:%s" % e, RED)
def startScan(self, services=None):
''' '''
try:
print '>>>starting scan'
self._noticeStartToWeb()
self._initGlobalVar()
# get subdomains
print '>>>collecting subdomain info'
subdomains = self.getSubDomains(self.host)
print 'subdomains:\t', subdomains
# get hosts
hosts = {}
print '>>>for each subdomain, collecting neiborhood host info'
for eachdomain in subdomains:
tmpip = socket.gethostbyname(eachdomain)
if tmpip not in hosts.keys():
tmphosts = self.getNeiboorHosts(tmpip)
hosts[tmpip] = tmphosts
if eachdomain not in tmphosts:
hosts[tmpip].append(eachdomain)
else:
if eachdomain not in hosts[tmpip]:
hosts[tmpip].append(eachdomain)
print 'hosts:\t', hosts
# get urls
urls = {}
for eachip in hosts.keys():
ip_hosts = hosts[eachip]
httpports = self.getHttpPorts(eachip)
urls[eachip] = self.generateUrl(eachip, ip_hosts, httpports)
# just for test
# urls = {'106.185.36.44': ['http://www.hengtiansoft.com','http://www.leesec.com']}
# urls = {'172.16.15.2': []}
# urls = {'106.185.36.44': ['http://87.230.29.167:80']}
self.urls = urls
print 'urls\t', urls
# get services
print '>>>starting scan each host'
pls = []
# ip type scan
for eachip in urls.keys():
services = {}
if eachip != self.ip:
services['issubdomain'] = True
services['ip'] = eachip
pl = PluginLoader(None, services, outputpath=self.host)
pls.append(pl)
print 'scan start:\t', pl.services
# http type scan
for eachip in urls.keys():
for eachurl in urls[eachip]:
services = {}
# not subdomain
if self.domain not in eachurl:
services['isneighborhost'] = True
services['url'] = eachurl
pl = PluginLoader(None, services, outputpath=self.host)
pls.append(pl)
print 'scan start:\t', pl.services
results = []
# for eachpl in pls:
# results.append(proPool.apply_async(procFunc,(eachpl,)))
# proPool.close()
# try:
# proPool.join()
# except KeyboardInterrupt,e:
# # isexit = raw_input('Sure to exit?yes/no')
# # if isexit.lower() == 'y' or isexit.lower() == 'yes':
# proPool.terminate()
# 改用map_async的方式
proPool = multiprocessing.Pool(10)
p = proPool.map_async(procFunc, pls)
try:
results = p.get(0xFFFF)
except KeyboardInterrupt, e:
print "Caught KeyboardInterrupt, terminating workers"
newpls = []
for res in results:
newpls.append(res)
self.pls = newpls
self._setResult(urls=self.urls, pls=newpls)
#self._saveResultToFile(pls)
self._saveResultToWeb()
class m:
'''mst plugin's class'''
def __init__(self, name):
'''exec plugin code'''
self.pluginPath = BASEDIR + '/' + name
self.plugin = PluginLoader()
self.services = {}
self.pluginOpts = self.plugin.getPluginOpts(self.pluginPath)
print self.pluginOpts
self.pluginInfo = self.plugin.getPluginInfo(self.pluginPath)
# for t in self.pluginOpts:
# o=t[0]
# v=t[1]
# # print o,v
# if type(v)!=int:
# # print type(v)
# if(v[0]=='[' and v[-1] == ']') or (v[0]=='{' and v[-1] == '}'):
# v = eval(v)
# # print v
# self.services[o] = v
# # print self.services
self.services.update(self.pluginOpts)
# for key in self.pluginOpts:
# if key in ('url','ip','host','timeout'):
# self.services[key] = self.pluginOpts[key]
# print 'done'
def info(self):
'''display plugin infos'''
color.cprint("PLUGIN INFOS", YELLOW)
color.cprint("============", GREY)
color.cprint("PARAMETER VALUE", YELLOW)
color.cprint("-" * 15 + " " + "-" * 20, GREY)
for key in self.pluginInfo.keys():
p = key
v = self.pluginInfo[p]
color.cprint("%-15s" % p, CYAN, 0)
color.cprint("%-s" % v, PURPLE)
def opt(self):
'''display plugin opts'''
# print self.pluginOpts
color.cprint("PLUGIN OPTS", YELLOW)
color.cprint("===========", GREY)
color.cprint(
"%-15s %-20s %-40s" % ("PARAMETER", "VALUE", "DESCRIPTION"),
YELLOW)
color.cprint("%-15s %-20s %-40s" % ("-" * 15, "-" * 20, "-" * 40),
GREY)
# for n in self.pluginOpts:
# p=n[0]
# v=n[1]
# d=n[2]
# color.cprint("%-15s"%p,CYAN,0)
# color.cprint("%-20s"%self.services[p],PURPLE,0)
# color.cprint("%-40s"%d,GREEN)
for key in self.pluginOpts.keys():
p = key
color.cprint("%-15s" % p, CYAN, 0)
color.cprint("%-20s" % self.pluginOpts[p], PURPLE)
def setp(self, p, v):
'''set plugin par value'''
# p=p.upper()
if self.pluginOpts.has_key(p):
color.cprint("[*] SET %s=>%s" % (p, v), YELLOW)
value = eval(v) if (v[0] == '[' and v[-1] == ']') or (
v[0] == '{' and v[-1] == '}') else v
self.pluginOpts[p] = value
self.services[p] = value
print self.pluginOpts
else:
color.cprint("[*] NO PARA %s" % p, YELLOW)
def run(self):
'''start run !!'''
try:
color.cprint("[*] Start run..", YELLOW)
self.plugin.runAudit(self.pluginPath, self.pluginOpts,
self.services)
except Exception, e:
color.cprint("[!] Err:%s" % e, RED)
def startScan(self, services=None):
''' '''
print '>>>starting scan'
self._noticeStartToWeb()
# get subdomains
print '>>>collecting subdomain info'
subdomains = self.getSubDomains(self.host)
print 'subdomains:\t', subdomains
# get hosts
hosts = {}
print '>>>for each subdomain, collecting neiborhood host info'
for eachdomain in subdomains:
tmp = {}
tmpip = socket.gethostbyname(eachdomain)
if tmpip not in hosts.keys():
tmphosts = self.getNeiboorHosts(tmpip)
hosts[tmpip] = tmphosts
if eachdomain not in tmphosts:
hosts[tmpip].append(eachdomain)
else:
if eachdomain not in hosts[tmpip]:
hosts[tmpip].append(eachdomain)
print 'hosts:\t', hosts
# get urls
urls = {}
for eachip in hosts.keys():
ip_hosts = hosts[eachip]
httpports = self.getHttpPorts(eachip)
urls[eachip] = self.generateUrl(eachip, ip_hosts, httpports)
self.urls = urls
print 'urls\t', urls
# get services
print '>>>starting scan each host'
pls = []
# ip type scan
for eachip in urls.keys():
services = {}
if eachip != self.ip:
services['issubdomain'] = True
services['ip'] = eachip
pl = PluginLoader(None, services, outputpath=self.host)
pls.append(pl)
print 'scan start:\t', pl.services
# http type scan
for eachip in urls.keys():
for eachurl in urls[eachip]:
services = {}
# not subdomain
if self.domain not in eachurl:
services['isneighborhost'] = True
services['url'] = eachurl
pl = PluginLoader(None, services, outputpath=self.host)
pls.append(pl)
print 'scan start:\t', pl.services
self.pls = pls
#print pls
mthpls = []
for eachpl in pls:
#print eachpl.services
if eachpl.services.has_key('ip'):
threadName = eachpl.services['ip']
elif eachpl.services.has_key('url'):
threadName = eachpl.services['url']
else:
threadName = 'Unknow'
print 'An unknow scanner services found:\t', eachpl.services
sys.exit(0)
mthpl = MutiScanner(self.lock, threadName, eachpl)
mthpls.append(mthpl)
for eachmthpl in mthpls:
eachmthpl.start()
for eachmthpl in mthpls:
eachmthpl.join()
self.setResult(urls=self.urls, pls=pls)
#self.saveResultToFile(pls)
self._saveResultToWeb()
def startScan(self, services=None):
''' '''
print '>>>starting scan'
self._noticeStartToWeb()
# get subdomains
print '>>>collecting subdomain info'
subdomains = self.getSubDomains(self.host)
print 'subdomains:\t', subdomains
# get hosts
hosts = {}
print '>>>for each subdomain, collecting neiborhood host info'
for eachdomain in subdomains:
tmpip = socket.gethostbyname(eachdomain)
if tmpip not in hosts.keys():
tmphosts = self.getNeiboorHosts(tmpip)
hosts[tmpip] = tmphosts
if eachdomain not in tmphosts:
hosts[tmpip].append(eachdomain)
else:
if eachdomain not in hosts[tmpip]:
hosts[tmpip].append(eachdomain)
print 'hosts:\t', hosts
# get urls
urls = {}
for eachip in hosts.keys():
ip_hosts = hosts[eachip]
httpports = self.getHttpPorts(eachip)
urls[eachip] = self.generateUrl(eachip, ip_hosts, httpports)
# urls = {'106.185.36.44': []}
self.urls = urls
print 'urls\t', urls
# get services
print '>>>starting scan each host'
pls = []
# ip type scan
for eachip in urls.keys():
services = {}
if eachip != self.ip:
services['issubdomain'] = True
services['ip'] = eachip
pl = PluginLoader(None, services, outputpath=self.host)
pls.append(pl)
print 'scan start:\t', pl.services
# http type scan
for eachip in urls.keys():
for eachurl in urls[eachip]:
services = {}
# not subdomain
if self.domain not in eachurl:
services['isneighborhost'] = True
services['url'] = eachurl
pl = PluginLoader(None, services, outputpath=self.host)
pls.append(pl)
print 'scan start:\t', pl.services
self.pls = pls
results = []
proPool = multiprocessing.Pool(10)
for eachpl in pls:
results.append(proPool.apply_async(procFunc, (eachpl, )))
proPool.close()
proPool.join()
newpls = []
for res in results:
newpls.append(res.get())
self.pls = newpls
self.setResult(urls=self.urls, pls=newpls)
#self.saveResultToFile(pls)
self._saveResultToWeb()
