def scanOneRange(self,startip,endip): ip_list = [] tmp_list = [] domain_list = [] #数据库记录 db = DBHelper() sql = "insert into job_status (status,path) values(%d,%s)" % (0,file_name) db.execute_ddl_sql('safe_jobs',sql) myscanner = Scanner() ip_reverse = IPReverse() ip_list = myscanner.WebScanner(startip,endip) for x in ip_list: tmp_list = ip_reverse.getDomainsList(x) if tmp_list == None: continue domain_list.extend(tmp_list) content = '' for url in domain_list: res = self.exp.exploit(url) if not res: record = 'Exploit Failed:Unknown' content += record else: record = 'Exploit Success:%s\t\t%s' % (url,str(res)) content += record self.file.write(record) sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content) print sql db.execute_ddl_sql("safe_jobs",sql) self.file.close()
def scanAll(self): global file_name #数据库记录 db = DBHelper() sql = "insert into job_status (status,path) values(%d,%s)" % (0,file_name) db.execute_ddl_sql('safe_jobs',sql) #获取全部的域名列表 domain_list = [] query = { 'query':{ 'match_all':{} }, '_source':['domain'] } res = self.es.search(body=query,index='safecat',doc_type='hostcrawler',size=1000000) for x in res['hits']['hits']: domain_list.append(x['_source']['domain']) #开始载入exp扫描并写入记录文件 print '[+]Start scanning in mode all,please wait...' content = '' for url in domain_list: res = self.exp.exploit(url) if not res: record = '%s\t\t\tFailed\n' % url content += record else: record = '%s\t\t\t%s\n' % (url,str(res)) content += record self.file.write(record) #任务完成,写入数据库 sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content) print sql db.execute_ddl_sql("safe_jobs",sql) self.file.close()
def scanByQuery(self,query): content = '' #数据库记录 db = DBHelper() sql = "insert into job_status (status,path) values(%s,'%s')" % ('0',file_name) db.execute_ddl_sql('safecat_jobs',sql) #生成报告头 self.exp_list = self.loadExploit() self.file.write('domain\t\t\tattack_results\n') query_dsl = self.queryParser(query) query_res = self.es.search(body=query_dsl,index='safecat',doc_type='hostcrawler',size=100000) domain_list = [ x['_source']['domain'] for x in query_res['hits']['hits'] ] for target in domain_list: target = self.httptools.get_standard_url(target) print '[+]TargetHOST:%s' % target for obj in self.exp_list: res = obj.exploit(target) if not res: record = '%s\t\t\tFailed\n' % target content += record print record else: record = '%s\t\t\t%s\n' % (target,res) content += record print record self.file.write(record) content = content.replace('\n',' ') sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content) print sql db.execute_ddl_sql("safecat_jobs",sql) self.file.close()
def scanOneHost(self,target): #数据库记录 content = '' db = DBHelper() sql = "insert into job_status (status,path) values(%s,'%s')" % ('0',file_name) db.execute_ddl_sql('safecat_jobs',sql) print '[+]Start scanning in mode single...' res = self.exp.exploit(target) if not res: print '%s Exploit Failed:Unknown' % domain content += '%s\tExploit\tFailed:Unknown' % domain else: print 'Exploit Success:%s\t\t%s' % (x,str(res)) content = '%sExploit\tSuccess:%s\t\t%s' % (domain,x,str(res)) content = content.replace('\n',' ') sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content) print sql db.execute_ddl_sql("safecat_jobs",sql)
def scanByDomain(self,domain): #数据库记录 content = '' db = DBHelper() sql = "insert into job_status (status) values(%s)" % '0' db.execute_ddl_sql('safecat_jobs',sql) self.exp_list = self.loadExploit() self.file.write('domain\t\tattack_results') domain = self.httptools.get_standard_url(domain) for obj in self.exp_list: res = obj.exploit(domain) if not res: print '%s Exploit Failed:Unknown' % domain content += '%s\tExploit\tFailed:Unknown' % domain else: print 'Exploit Success:%s\t\t%s' % (x,str(res)) content = '%sExploit\tSuccess:%s\t\t%s' % (domain,x,str(res)) sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ('1',content) print sql db.execute_ddl_sql("safecat_jobs",sql)
def scanByQuery(self, query): content = '' #数据库记录 db = DBHelper() sql = "insert into job_status (status,path) values(%s,'%s')" % ( '0', file_name) db.execute_ddl_sql('safecat_jobs', sql) #生成报告头 self.exp_list = self.loadExploit() self.file.write('domain\t\t\tattack_results\n') query_dsl = self.queryParser(query) query_res = self.es.search(body=query_dsl, index='safecat', doc_type='hostcrawler', size=100000) domain_list = [ x['_source']['domain'] for x in query_res['hits']['hits'] ] for target in domain_list: target = self.httptools.get_standard_url(target) print '[+]TargetHOST:%s' % target for obj in self.exp_list: res = obj.exploit(target) if not res: record = '%s\t\t\tFailed\n' % target content += record print record else: record = '%s\t\t\t%s\n' % (target, res) content += record print record self.file.write(record) content = content.replace('\n', ' ') sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ( '1', content) print sql db.execute_ddl_sql("safecat_jobs", sql) self.file.close()
def scanByDomain(self, domain): #数据库记录 content = '' db = DBHelper() sql = "insert into job_status (status) values(%s)" % '0' db.execute_ddl_sql('safecat_jobs', sql) self.exp_list = self.loadExploit() self.file.write('domain\t\tattack_results') domain = self.httptools.get_standard_url(domain) for obj in self.exp_list: res = obj.exploit(domain) if not res: print '%s Exploit Failed:Unknown' % domain content += '%s\tExploit\tFailed:Unknown' % domain else: print 'Exploit Success:%s\t\t%s' % (x, str(res)) content = '%sExploit\tSuccess:%s\t\t%s' % (domain, x, str(res)) sql = '''update job_status set status=%s,content='%s' where id=(select tmp.id from (select id from job_status order by id desc limit 1)tmp)''' % ( '1', content) print sql db.execute_ddl_sql("safecat_jobs", sql)