def task_run(): while not kb.task_queue.empty() and kb.thread_continue: target, poc_module = kb.task_queue.get() if not conf.console_mode: poc_module = copy.deepcopy(kb.registered_pocs[poc_module]) poc_name = poc_module.name info_msg = "running poc:'{0}' target '{1}'".format(poc_name, target) logger.info(info_msg) # hand user define parameters if hasattr(poc_module, "_options"): for item in kb.cmd_line: value = cmd_line_options.get(item, "") if item in poc_module.options: poc_module.set_option(item, value) info_msg = "Parameter {0} => {1}".format(item, value) logger.info(info_msg) # check must be option for opt, v in poc_module.options.items(): # check conflict in whitelist if opt in CMD_PARSE_WHITELIST: info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format( poc_name, opt) logger.error(info_msg) raise SystemExit if v.require and v.value == "": info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format( poc=poc_name, key=opt) logger.error(info_msg) raise SystemExit result = poc_module.execute(target, headers=conf.http_headers, mode=conf.mode, verbose=False) if not result: continue if not conf.quiet: result.show_result() result_status = "success" if result.is_success() else "failed" output = AttribDict(result.to_dict()) output.update({ 'target': target, 'poc_name': poc_name, 'created': time.strftime("%Y-%m-%d %X", time.localtime()), 'status': result_status }) kb.results.append(output)
def listener_worker(): s = get_tcp_listener(ipv6=conf.ipv6, listen_port=int(conf.connect_back_port)) while True: try: conn, address = s.accept() conn.setblocking(1) client = AttribDict() client.conn = conn client.address = address kb.data.clients.append(client) info_msg = "new connection established from {0}".format(address[0]) logger.log(CUSTOM_LOGGING.SUCCESS, info_msg) except Exception: pass
class POC_CATEGORY: EXPLOITS = AttribDict() EXPLOITS.WEBAPP = 'WebApp' EXPLOITS.DOS = 'DoS' EXPLOITS.REMOTE = 'Remote' EXPLOITS.LOCAL = 'Local' TOOLS = AttribDict() TOOLS.CRACK = 'Crack' PROTOCOL = AttribDict() PROTOCOL.HTTP = "Http" PROTOCOL.FTP = "Ftp" PROTOCOL.SSH = "Ssh" PROTOCOL.TELENT = "Telent" PROTOCOL.REDIS = "Redis"
def init_options(input_options=AttribDict(), override_options=False): cmd_line_options.update(input_options) _set_conf_attributes() _set_poc_options(input_options) _set_kb_attributes() _merge_options(input_options, override_options) # export rules, dont run the poc in the default status if conf.rule or conf.rule_req: logger.info( "The rule export function is in use. The POC is not executed at this point" ) if conf.pocs_path: if check_path(conf.pocs_path): paths.USER_POCS_PATH = conf.pocs_path for root, dirs, files in os.walk(paths.USER_POCS_PATH): files = list( filter( lambda x: not x.startswith("__") and x.endswith( ".py"), files)) regex_rule(list(paths.USER_POCS_PATH + i for i in files)) if conf.poc: regex_rule(conf.poc) exit() # if check version if conf.show_version: exit()
def init_options(input_options=AttribDict(), override_options=False): cmd_line_options.update(input_options) _set_conf_attributes() _set_poc_options(input_options) _set_kb_attributes() _merge_options(input_options, override_options) # if check version if conf.show_version: exit()
def _set_kb_attributes(flush_all=True): """ This function set some needed attributes into the knowledge base singleton. """ debug_msg = "initializing the knowledge base" logger.debug(debug_msg) kb.abs_file_paths = set() kb.os = None kb.os_version = None kb.arch = None kb.dbms = None kb.auth_header = None kb.counters = {} kb.multi_thread_mode = False kb.thread_continue = True kb.thread_exception = False kb.word_lists = None kb.single_log_flags = set() kb.cache = AttribDict() kb.cache.addrinfo = {} kb.cache.content = {} kb.cache.regex = {} kb.data = AttribDict() kb.data.local_ips = [] kb.data.connect_back_ip = None kb.data.connect_back_port = DEFAULT_LISTENER_PORT kb.data.clients = [] kb.targets = OrderedSet() kb.plugins = AttribDict() kb.plugins.targets = AttribDict() kb.plugins.pocs = AttribDict() kb.plugins.results = AttribDict() kb.results = [] kb.current_poc = None kb.registered_pocs = AttribDict() kb.task_queue = Queue() kb.cmd_line = DIY_OPTIONS or [] kb.comparison = None
def task_run(): while not kb.task_queue.empty() and kb.thread_continue: target, poc_module = kb.task_queue.get() if not conf.console_mode: poc_module = copy.deepcopy(kb.registered_pocs[poc_module]) poc_name = poc_module.name # for hide some infomations if conf.ppt: length = len(target) _target = target if length > 15: _target = "*" + _target[length - 9:] else: _target = "*" + _target[length - 3:] info_msg = "running poc:'{0}' target '{1}'".format(poc_name, _target) else: info_msg = "running poc:'{0}' target '{1}'".format(poc_name, target) logger.info(info_msg) # hand user define parameters if hasattr(poc_module, "_options"): for item in kb.cmd_line: value = cmd_line_options.get(item, "") if item in poc_module.options: poc_module.set_option(item, value) info_msg = "Parameter {0} => {1}".format(item, value) logger.info(info_msg) # check must be option for opt, v in poc_module.options.items(): # check conflict in whitelist if opt in CMD_PARSE_WHITELIST: info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format( poc_name, opt) logger.error(info_msg) raise SystemExit if v.require and v.value == "": info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format( poc = poc_name, key = opt) logger.error(info_msg) raise SystemExit try: result = poc_module.execute(target, headers = conf.http_headers, mode = conf.mode, verbose = False) except PocsuiteValidationException as ex: info_msg = "Poc:'{}' PocsuiteValidationException:{}".format(poc_name, ex) logger.error(info_msg) result = None if not isinstance(result, Output) and not None: _result = Output(poc_module) if result: if isinstance(result, bool): _result.success({}) elif isinstance(result, str): _result.success({"Info": result}) elif isinstance(result, dict): _result.success(result) else: _result.success({"Info": repr(result)}) else: _result.fail('target is not vulnerable') result = _result if not result: continue if not conf.quiet: result.show_result() result_status = "success" if result.is_success() else "failed" if result_status == "success" and kb.comparison: kb.comparison.change_success(target, True) output = AttribDict(result.to_dict()) if conf.ppt: # hide some information length = len(target) if length > 15: target = "*" + target[length - 9:] elif length > 8: target = "*" + target[4:] else: target = "*" + target[1:] output.update({ 'target': target, 'poc_name': poc_name, 'created': time.strftime("%Y-%m-%d %X", time.localtime()), 'status': result_status }) result_plugins_handle(output) kb.results.append(output)
def init_options(input_options=AttribDict(), override_options=False): cmd_line_options.update(input_options) _set_conf_attributes() _set_poc_options(input_options) _set_kb_attributes() _merge_options(input_options, override_options)
from pocsuite3.lib.core.datatype import AttribDict from pocsuite3.lib.core.log import LOGGER # logger logger = LOGGER # object to share within function and classes command # line options and settings conf = AttribDict() # Dictionary storing # (1)targets, (2)registeredPocs, (3) bruteMode # (4)results, (5)pocFiles # (6)multiThreadMode \ threadContinue \ threadException kb = AttribDict() # object to store original command line options cmd_line_options = AttribDict() # object to store merged options (command line, configuration file and default options) merged_options = AttribDict() # pocsuite paths paths = AttribDict()
def task_run(): while not kb.task_queue.empty() and kb.thread_continue: target, poc_module = kb.task_queue.get() if not conf.console_mode: poc_module = copy.deepcopy(kb.registered_pocs[poc_module]) poc_name = poc_module.name if conf.pcap: # start capture flow import os import logging os.environ["MPLBACKEND"] = "Agg" logging.getLogger("scapy").setLevel(logging.ERROR) from pocsuite3.lib.utils.pcap_sniffer import Sniffer from scapy.utils import wrpcap sniffer = Sniffer(urlparse(target).hostname) if sniffer.use_pcap: if not sniffer.is_admin: logger.warn( "Please use administrator privileges, and the poc will continue to execute without fetching the packet" ) conf.pcap = False else: sniffer.start() # let scapy start for a while time.sleep(1) else: logger.warn( "No libpcap is detected, and the poc will continue to execute without fetching the packet" ) conf.pcap = False # for hide some infomations if conf.ppt: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, desensitization(target)) else: info_msg = "running poc:'{0}' target '{1}'".format( poc_name, target) logger.info(info_msg) # hand user define parameters if hasattr(poc_module, "_options"): for item in kb.cmd_line: value = cmd_line_options.get(item, "") if item in poc_module.options: poc_module.set_option(item, value) info_msg = "Parameter {0} => {1}".format(item, value) logger.info(info_msg) # check must be option for opt, v in poc_module.options.items(): # check conflict in whitelist if opt in CMD_PARSE_WHITELIST: info_msg = "Poc:'{0}' You can't customize this variable '{1}' because it is already taken up by the pocsuite.".format( poc_name, opt) logger.error(info_msg) raise SystemExit if v.require and v.value == "": info_msg = "Poc:'{poc}' Option '{key}' must be set,please add parameters '--{key}'".format( poc=poc_name, key=opt) logger.error(info_msg) raise SystemExit try: result = poc_module.execute(target, headers=conf.http_headers, mode=conf.mode, verbose=False) except PocsuiteValidationException as ex: info_msg = "Poc:'{}' PocsuiteValidationException:{}".format( poc_name, ex) logger.error(info_msg) result = None if not isinstance(result, Output) and not None: _result = Output(poc_module) if result: if isinstance(result, bool): _result.success({}) elif isinstance(result, str): _result.success({"Info": result}) elif isinstance(result, dict): _result.success(result) else: _result.success({"Info": repr(result)}) else: _result.fail('target is not vulnerable') result = _result if not result: continue if not conf.quiet: result.show_result() result_status = "success" if result.is_success() else "failed" if result_status == "success" and kb.comparison: kb.comparison.change_success(target, True) output = AttribDict(result.to_dict()) if conf.ppt: # hide some information target = desensitization(target) output.update({ 'target': target, 'poc_name': poc_name, 'created': time.strftime("%Y-%m-%d %X", time.localtime()), 'status': result_status }) result_plugins_handle(output) kb.results.append(output) if conf.pcap: sniffer.join(20) if not sniffer.is_alive(): filename = urlparse(target).hostname + time.strftime( '_%Y_%m_%d_%H%M%S.pcap') logger.info(f"pcap data has been saved in: {filename}") wrpcap(filename, sniffer.pcap.results) else: logger.error("Thread terminates timeout. Failed to save pcap")