本文整理汇总了Python中src.utils.settings.print_warning_msg函数的典型用法代码示例。如果您正苦于以下问题:Python print_warning_msg函数的具体用法?Python print_warning_msg怎么用?Python print_warning_msg使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了print_warning_msg函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: ps_check
def ps_check():
if settings.PS_ENABLED == None and menu.options.is_admin or menu.options.users or menu.options.passwords:
if settings.VERBOSITY_LEVEL >= 1:
print ""
warn_msg = "The payloads in some options that you "
warn_msg += "have chosen, are requiring the use of PowerShell. "
print settings.print_warning_msg(warn_msg)
while True:
question_msg = "Do you want to use the \"--ps-version\" option "
question_msg += "so ensure that PowerShell is enabled? [Y/n/q] > "
sys.stdout.write(settings.print_question_msg(question_msg))
ps_check = sys.stdin.readline().replace("\n","").lower()
if ps_check in settings.CHOICE_YES:
menu.options.ps_version = True
break
elif ps_check in settings.CHOICE_NO:
break
elif ps_check in settings.CHOICE_QUIT:
print ""
os._exit(0)
else:
if ps_check == "":
ps_check = "enter"
err_msg = "'" + ps_check + "' is not a valid answer."
print settings.print_error_msg(err_msg)
pass
示例2: is_empty
def is_empty(multi_parameters, http_request_method):
provided_value = []
multi_params = [s for s in multi_parameters]
for empty in multi_params:
try:
if settings.IS_JSON:
if re.findall(r'\:\"(.*)\"', empty)[0] == "":
provided_value.append(re.findall(r'\"(.*)\"\:\"', empty)[0])
elif settings.IS_XML:
if re.findall(r'>(.*)<', empty)[0] == "" or \
re.findall(r'>(.*)<', empty)[0] == " ":
provided_value.append(re.findall(r'</(.*)>', empty)[0])
elif len(empty.split("=")[1]) == 0:
provided_value.append(empty.split("=")[0])
except IndexError:
if not settings.IS_XML:
err_msg = "No parameter(s) found for testing in the provided data."
print settings.print_critical_msg(err_msg)
raise SystemExit()
provided_value = ", ".join(provided_value)
if len(provided_value) > 0:
if menu.options.skip_empty and len(multi_parameters) > 1:
skip_empty(provided_value, http_request_method)
else:
warn_msg = "The provided value"+ "s"[len(provided_value.split(",")) == 1:][::-1]
warn_msg += " for "+ http_request_method + " parameter" + "s"[len(provided_value.split(",")) == 1:][::-1]
warn_msg += " '" + provided_value + "'"
warn_msg += (' are ', ' is ')[len(provided_value.split(",")) == 1] + "empty. "
warn_msg += "Use valid "
warn_msg += "values to run properly."
print settings.print_warning_msg(warn_msg)
return True
示例3: check_for_update
def check_for_update():
try:
response = urllib2.urlopen('https://raw.githubusercontent.com/stasinopoulos/commix/master/src/utils/settings.py')
version_check = response.readlines()
for line in version_check:
line = line.rstrip()
if "VERSION = " in line:
update_version = line.replace("VERSION = ", "").replace("\"", "")
break
if float(settings.VERSION.replace(".","")) < float(update_version.replace(".","")):
warn_msg = "Current version seems to be out-of-date."
print settings.print_warning_msg(warn_msg)
while True:
question_msg = "Do you want to update to the latest version now? [Y/n] > "
sys.stdout.write(settings.print_question_msg(question_msg))
do_update = sys.stdin.readline().replace("\n","").lower()
if do_update in settings.CHOICE_YES:
updater()
os._exit(0)
elif do_update in settings.CHOICE_NO:
break
else:
if do_update == "":
do_update = "enter"
err_msg = "'" + do_update + "' is not a valid answer."
print settings.print_error_msg(err_msg)
pass
except:
print ""
pass
# eof
示例4: server_identification
def server_identification(server_banner):
found_server_banner = False
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Identifying the target server... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
for i in range(0,len(settings.SERVER_BANNERS)):
match = re.search(settings.SERVER_BANNERS[i].lower(), server_banner.lower())
if match:
if settings.VERBOSITY_LEVEL >= 1:
print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
if settings.VERBOSITY_LEVEL >= 1:
success_msg = "The target server was identified as "
success_msg += server_banner + Style.RESET_ALL + "."
print settings.print_success_msg(success_msg)
settings.SERVER_BANNER = match.group(0)
found_server_banner = True
# Set up default root paths
if "apache" in settings.SERVER_BANNER.lower():
if settings.TARGET_OS == "win":
settings.WEB_ROOT = "\\htdocs"
else:
settings.WEB_ROOT = "/var/www"
elif "nginx" in settings.SERVER_BANNER.lower():
settings.WEB_ROOT = "/usr/share/nginx"
elif "microsoft-iis" in settings.SERVER_BANNER.lower():
settings.WEB_ROOT = "\\inetpub\\wwwroot"
break
else:
if settings.VERBOSITY_LEVEL >= 1:
print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
warn_msg = "The server which was identified as '"
warn_msg += server_banner + "' seems unknown."
print settings.print_warning_msg(warn_msg)
示例5: warning_detection
def warning_detection(url, http_request_method):
try:
# Find the host part
url_part = url.split("=")[0]
request = urllib2.Request(url_part)
# Check if defined extra headers.
headers.do_check(request)
response = requests.get_request_response(request)
if response:
response = urllib2.urlopen(request)
html_data = response.read()
err_msg = ""
if "eval()'d code" in html_data:
err_msg = "'eval()'"
if "Cannot execute a blank command in" in html_data:
err_msg = "execution of a blank command,"
if "sh: command substitution:" in html_data:
err_msg = "command substitution"
if "Warning: usort()" in html_data:
err_msg = "'usort()'"
if re.findall(r"=/(.*)/&", url):
if "Warning: preg_replace():" in html_data:
err_msg = "'preg_replace()'"
url = url.replace("/&","/e&")
if "Warning: assert():" in html_data:
err_msg = "'assert()'"
if "Failure evaluating code:" in html_data:
err_msg = "code evaluation"
if err_msg != "":
warn_msg = "A failure message on " + err_msg + " was detected on page's response."
print settings.print_warning_msg(warn_msg)
return url
except urllib2.HTTPError, err_msg:
print settings.print_critical_msg(err_msg)
raise SystemExit()
示例6: application_identification
def application_identification(server_banner, url):
found_application_extension = False
if settings.VERBOSITY_LEVEL >= 1:
info_msg = "Identifying the target application ... "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
root, application_extension = splitext(urlparse(url).path)
settings.TARGET_APPLICATION = application_extension[1:].upper()
if settings.TARGET_APPLICATION:
found_application_extension = True
if settings.VERBOSITY_LEVEL >= 1:
print "[ " + Fore.GREEN + "SUCCEED" + Style.RESET_ALL + " ]"
success_msg = "The target application was identified as "
success_msg += settings.TARGET_APPLICATION + Style.RESET_ALL + "."
print settings.print_success_msg(success_msg)
# Check for unsupported target applications
for i in range(0,len(settings.UNSUPPORTED_TARGET_APPLICATION)):
if settings.TARGET_APPLICATION.lower() in settings.UNSUPPORTED_TARGET_APPLICATION[i].lower():
err_msg = settings.TARGET_APPLICATION + " exploitation is not yet supported."
print settings.print_critical_msg(err_msg)
raise SystemExit()
if not found_application_extension:
if settings.VERBOSITY_LEVEL >= 1:
print "[ " + Fore.RED + "FAILED" + Style.RESET_ALL + " ]"
warn_msg = "Heuristics have failed to identify target application."
print settings.print_warning_msg(warn_msg)
示例7: check_options
def check_options(url, cmd, cve, check_header, filename, os_shell_option, http_request_method, go_back, go_back_again):
if os_shell_option == False:
if no_result == True:
return False
else:
return True
# The "back" option
elif os_shell_option == "back":
go_back = True
return go_back, go_back_again
# The "os_shell" option
elif os_shell_option == "os_shell":
warn_msg = "You are already into the '" + os_shell_option + "' mode."
print settings.print_warning_msg(warn_msg)+ "\n"
# The "bind_tcp" option
elif os_shell_option == "bind_tcp":
go_back, go_back_again = bind_tcp_config(url, cmd, cve, check_header, filename, os_shell_option, http_request_method, go_back, go_back_again)
return go_back, go_back_again
# The "reverse_tcp" option
elif os_shell_option == "reverse_tcp":
go_back, go_back_again = reverse_tcp_config(url, cmd, cve, check_header, filename, os_shell_option, http_request_method, go_back, go_back_again)
return go_back, go_back_again
# The "quit" option
elif os_shell_option == "quit":
raise SystemExit()
示例8: hostname
def hostname(separator, TAG, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, timesec):
if settings.TARGET_OS == "win":
settings.HOSTNAME = settings.WIN_HOSTNAME
cmd = settings.HOSTNAME
if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None or menu.options.ignore_session:
# Command execution results.
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Perform target page reload (if it is required).
if settings.URL_RELOAD:
response = requests.url_reload(url, timesec)
# Evaluate injection results.
shell = cb_injector.injection_results(response, TAG, cmd)
shell = "".join(str(p) for p in shell)
session_handler.store_cmd(url, cmd, shell, vuln_parameter)
else:
shell = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
if shell:
shell = "".join(str(p) for p in shell)
success_msg = "The hostname is " + shell
sys.stdout.write(settings.print_success_msg(success_msg) + ".\n")
sys.stdout.flush()
# Add infos to logs file.
output_file = open(filename, "a")
success_msg = "The hostname is " + shell + ".\n"
output_file.write(re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + success_msg)
output_file.close()
else:
warn_msg = "Heuristics have failed to identify the hostname."
print settings.print_warning_msg(warn_msg)
示例9: powershell_version
def powershell_version(separator, TAG, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename):
cmd = settings.PS_VERSION
if alter_shell:
cmd = cmd.replace("'","\\'")
#Command execution results.
response = cb_injector.injection(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename)
# Evaluate injection results.
if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None:
# Evaluate injection results.
ps_version = cb_injector.injection_results(response, TAG, cmd)
ps_version = "".join(str(p) for p in ps_version)
session_handler.store_cmd(url, cmd, ps_version, vuln_parameter)
else:
ps_version = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
try:
if float(ps_version):
settings.PS_ENABLED = True
if settings.VERBOSITY_LEVEL >= 1:
print ""
# Output PowerShell's version number
success_msg = "The PowerShell's version number is "
success_msg += ps_version + Style.RESET_ALL + Style.BRIGHT
sys.stdout.write(settings.print_success_msg(success_msg) + ".\n")
sys.stdout.flush()
# Add infos to logs file.
output_file = open(filename, "a")
success_msg = "The PowerShell's version number is " + ps_version + ".\n"
output_file.write(" " + re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + success_msg)
output_file.close()
except ValueError:
warn_msg = "Heuristics have failed to identify PowerShell's version, "
warn_msg += "which means that some payloads or injection techniques may be failed."
print settings.print_warning_msg(warn_msg)
settings.PS_ENABLED = False
checks.ps_check_failed()
示例10: hostname
def hostname(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response):
_ = False
cmd = settings.HOSTNAME
if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None or menu.options.ignore_session:
# The main command injection exploitation.
check_how_long, output = tb_injector.injection(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timesec, http_request_method, url, vuln_parameter, alter_shell, filename, url_time_response)
session_handler.store_cmd(url, cmd, output, vuln_parameter)
_ = True
else:
output = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
shell = output
if shell:
if settings.VERBOSITY_LEVEL <= 1 and not menu.options.ignore_session and _:
print ""
success_msg = "The hostname is " + shell
sys.stdout.write(settings.print_success_msg(success_msg) + ".")
sys.stdout.flush()
# Add infos to logs file.
output_file = open(filename, "a")
success_msg = "The hostname is " + shell + ".\n"
output_file.write(re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + success_msg)
output_file.close()
else:
warn_msg = "Heuristics have failed to identify the hostname."
print settings.print_warning_msg(warn_msg)
示例11: exploitation
def exploitation(url, delay, filename, http_request_method, url_time_response):
if url_time_response >= settings.SLOW_TARGET_RESPONSE:
warn_msg = "It is highly recommended, due to serious response delays, "
warn_msg += "to skip the time-based (blind) technique and to continue "
warn_msg += "with the file-based (semiblind) technique."
print settings.print_warning_msg(warn_msg)
go_back = False
while True:
if go_back == True:
return False
question_msg = "How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > "
proceed_option = raw_input(settings.print_question_msg(question_msg)).lower()
if proceed_option.lower() in settings.CHOICE_PROCEED :
if proceed_option.lower() == "s":
from src.core.injections.semiblind.techniques.file_based import fb_handler
fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
elif proceed_option.lower() == "c":
if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
return False
elif proceed_option.lower() == "q":
raise SystemExit()
else:
if proceed_option == "":
proceed_option = "enter"
err_msg = "'" + proceed_option + "' is not a valid answer."
print settings.print_error_msg(err_msg) + "\n"
pass
else:
if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
return False
示例12: system_information
def system_information(separator, payload, TAG, timesec, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename):
if settings.TARGET_OS == "win":
settings.RECOGNISE_OS = settings.WIN_RECOGNISE_OS
cmd = settings.RECOGNISE_OS
if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None or menu.options.ignore_session:
# Command execution results.
response = fb_injector.injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
# Evaluate injection results.
target_os = fb_injector.injection_results(url, OUTPUT_TEXTFILE, timesec)
target_os = "".join(str(p) for p in target_os)
session_handler.store_cmd(url, cmd, target_os, vuln_parameter)
else:
target_os = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
if target_os:
target_os = "".join(str(p) for p in target_os)
if settings.TARGET_OS != "win":
cmd = settings.DISTRO_INFO
if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None or menu.options.ignore_session:
# Command execution results.
response = fb_injector.injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
# Perform target page reload (if it is required).
if settings.URL_RELOAD:
response = requests.url_reload(url, timesec)
# Evaluate injection results.
distro_name = fb_injector.injection_results(url, OUTPUT_TEXTFILE, timesec)
distro_name = "".join(str(p) for p in distro_name)
if len(distro_name) != 0:
target_os = target_os + " (" + distro_name + ")"
session_handler.store_cmd(url, cmd, target_os, vuln_parameter)
else:
target_os = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
if settings.TARGET_OS == "win":
cmd = settings.WIN_RECOGNISE_HP
else:
cmd = settings.RECOGNISE_HP
if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None or menu.options.ignore_session:
# Command execution results.
response = fb_injector.injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename)
# Evaluate injection results.
target_arch = fb_injector.injection_results(url, OUTPUT_TEXTFILE, timesec)
target_arch = "".join(str(p) for p in target_arch)
session_handler.store_cmd(url, cmd, target_arch, vuln_parameter)
else:
target_arch = session_handler.export_stored_cmd(url, cmd, vuln_parameter)
if target_arch:
# if settings.VERBOSITY_LEVEL >= 1:
# print ""
success_msg = "The target operating system is " + target_os + Style.RESET_ALL
success_msg += Style.BRIGHT + " and the hardware platform is " + target_arch
sys.stdout.write(settings.print_success_msg(success_msg) + ".\n")
sys.stdout.flush()
# Add infos to logs file.
output_file = open(filename, "a")
success_msg = "The target operating system is " + target_os
success_msg += " and the hardware platform is " + target_arch + ".\n"
output_file.write(re.compile(re.compile(settings.ANSI_COLOR_REMOVAL)).sub("",settings.SUCCESS_SIGN) + success_msg)
output_file.close()
else:
warn_msg = "Heuristics have failed to retrieve the system information."
print settings.print_warning_msg(warn_msg)
示例13: continue_tests
def continue_tests(err):
# If defined "--ignore-401" option, ignores HTTP Error 401 (Unauthorized)
# and continues tests without providing valid credentials.
if menu.options.ignore_401:
settings.WAF_ENABLED = True
return True
# Possible WAF/IPS/IDS
if (str(err.code) == "403" or "406") and \
not menu.options.skip_waf:
# Check if "--skip-waf" option is defined
# that skips heuristic detection of WAF/IPS/IDS protection.
settings.WAF_ENABLED = True
warn_msg = "It seems that target is protected by some kind of WAF/IPS/IDS."
print settings.print_warning_msg(warn_msg)
try:
while True:
question_msg = "Do you want to ignore the error (" + str(err.code)
question_msg += ") message and continue the tests? [Y/n/q] > "
continue_tests = raw_input(settings.print_question_msg(question_msg)).lower()
if continue_tests in settings.CHOICE_YES:
return True
elif continue_tests in settings.CHOICE_NO:
return False
elif continue_tests in settings.CHOICE_QUIT:
return False
else:
if continue_tests == "":
continue_tests = "enter"
err_msg = "'" + continue_tests + "' is not a valid answer."
print settings.print_error_msg(err_msg) + "\n"
pass
except KeyboardInterrupt:
print "\n" + Back.RED + settings.ABORTION_SIGN + "Ctrl-C was pressed!" + Style.RESET_ALL
raise SystemExit()
示例14: injection_proccess
def injection_proccess(url, check_parameter, http_request_method, filename, delay):
# User-Agent Injection / Referer Injection / Custom header Injection
if check_parameter.startswith(" "):
header_name = ""
the_type = " HTTP header "
else:
if settings.COOKIE_INJECTION:
header_name = " cookie"
else:
header_name = ""
the_type = " parameter "
check_parameter = " '" + check_parameter + "'"
# Load modules
modules_handler.load_modules(url, http_request_method, filename)
if not settings.LOAD_SESSION:
info_msg = "Setting the " + "(" + http_request_method
info_msg += ")" + check_parameter + header_name + the_type + "for tests."
print settings.print_info_msg(info_msg)
# Estimating the response time (in seconds)
delay, url_time_response = requests.estimate_response_time(url, http_request_method, delay)
# Check if it is vulnerable to classic command injection technique.
if not menu.options.tech or "c" in menu.options.tech:
if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
settings.CLASSIC_STATE = True
else:
settings.CLASSIC_STATE = False
# Check if it is vulnerable to eval-based code injection technique.
if not menu.options.tech or "e" in menu.options.tech:
if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
settings.EVAL_BASED_STATE = True
else:
settings.EVAL_BASED_STATE = False
# Check if it is vulnerable to time-based blind command injection technique.
if not menu.options.tech or "t" in menu.options.tech:
if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
settings.TIME_BASED_STATE = True
else:
settings.TIME_BASED_STATE = False
# Check if it is vulnerable to file-based semiblind command injection technique.
if not menu.options.tech or "f" in menu.options.tech:
if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
settings.FILE_BASED_STATE = True
else:
settings.FILE_BASED_STATE = False
# All injection techniques seems to be failed!
if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False :
warn_msg = "The tested (" + http_request_method + ")"
warn_msg += check_parameter + header_name + the_type
warn_msg += "seems to be not injectable."
print settings.print_warning_msg(warn_msg)
示例15: check_whitespaces
def check_whitespaces():
if settings.WHITESPACE[0] != "%20" and settings.WHITESPACE[0] != urllib.unquote("%20"):
warn_msg = "Whitespaces are important for time-relative techniques, "
warn_msg += "thus whitespace characters had been reset to default."
print settings.print_warning_msg(warn_msg)
if settings.WHITESPACE[0] != urllib.unquote("%20"):
whitespace = " "
return whitespace