1 # -*- encoding: utf-8 -*- 2 # !/usr/bin/env python 3 4 import os 5 import traceback 6 import sys 7 import datetime 8 import re 9 import json 10 import logging 11 from threading import Lock 12 13 from suds.client import Client 14 from suds.xsd.doctor import Import, ImportDoctor 15 from concurrent.futures import ThreadPoolExecutor, as_completed 16 import nmap 17 import random 18 import time 19 20 if not os.path.dirname(os.getcwd()) in sys.path: 21 sys.path.append(os.path.dirname(os.getcwd())) 22 from exp.exploit import exploit 23 from log.exceptionLog import exceptionLog 24 from log.scanLog import scanLog 25 from log.operationLog import operationLog 26 from func_timeout import func_set_timeout 27 from func_timeout.exceptions import FunctionTimedOut 28 29 FORMAT = '[%(asctime)-15s] [%(levelname)s] [%(filename)s %(levelno)s line] %(message)s' 30 logger = logging.getLogger() 31 logging.basicConfig(format=FORMAT) 32 logger.setLevel(logging.INFO) 33 34 port_define = "1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144, \ 35 146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458, \ 36 464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687, \ 37 691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990, \ 38 992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138, \ 39 1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218, \ 40 1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417, \ 41 1433-1434,1443,1455,1461,1494,1500-1501,1503,1521-1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688, \ 42 1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972, \ 43 1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107, \ 44 2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383, \ 45 2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725, \ 46 2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3050, \ 47 3052,3071,3077,3128,3168,3211,3221,3246,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372, \ 48 3388-3390,3404,3476,3493,3511,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814, \ 49 3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111, \ 50 4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009, \ 51 5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280, \ 52 5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730, \ 53 5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952, \ 54 5959-5963,5984,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6379-6389,6443,6502,6510,6543,6547, \ 55 6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019, \ 56 7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921, \ 57 7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8235, \ 58 8254,8290-8292,8300-8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994, \ 59 9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200-9202,9207,9220,9290,9300-9303,9415,9418,9485, \ 60 9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9943-9944,9968,9998-10004,10009-10010,10012, \ 61 10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11211,11967,12000,12174, \ 62 12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016, \ 63 16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005, \ 64 20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000-27020,27352-27353,27355-27356,27715,28201, \ 65 30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443, \ 66 44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103, \ 67 51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389" 68 69 70 class netScanner(object): 71 'Scan the given ips and ports' 72 73 def __init__(self): 74 self.lock = Lock() 75 self.ports = '' 76 self.args = '' 77 self.exploitPoolSize = 240 78 self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize) 79 80 def chunks(self, l, n): 81 """Yield successive n-sized chunks from l.""" 82 for i in range(0, len(l), n): 83 yield l[i:i + n] 84 85 def doscan(self, ip, ports=None, args=None): 86 operationLog.write(ip + ' start scan') 87 if ports == None: 88 ports = self.ports 89 if args == None: 90 args = self.args 91 try: 92 nm = nmap.PortScanner() 93 nm.scan(ip, ports, args) 94 csv = nm.csv() 95 except Exception as e: 96 exstr = traceback.format_exc() 97 exceptionLog.write('Exception scan: ' + ip + ':' + ports + ' ' + args) 98 exceptionLog.write(exstr) 99 return ip + ' Exception: ' + str(e) 100 operationLog.write(ip + ' done scan') 101 return ip + ' done scan!' 102 103 @func_set_timeout(480) 104 def exploit(self, contentLine): 105 attacker = exploit() 106 contentArray = contentLine.split(';') 107 ip = contentArray[0] 108 port = int(contentArray[4]) 109 protocol_name = contentArray[5] 110 service_name = contentArray[7] 111 result = [[ip, False, ip + ':' + str(port), 'v0', 'No vulnerabilities found']] 112 if service_name == '': 113 service_name = 'None' 114 with self.lock: 115 operationLog.write( 116 ip + ':' + str(port) + ':' + protocol_name + ' with service name: ' + service_name + ' start exploit') 117 if contentArray[6] == 'open': 118 print('exploiting + ' + ip + ' ' + str(port) + ' ' + protocol_name) 119 try: 120 result = attacker.exploitall(ip, port, protocol_name, service_name) 121 except UnicodeEncodeError as e: 122 exstr = traceback.format_exc() 123 exceptionLog.write('Exception exploit: ' + ip + ':' + str(port)) 124 exceptionLog.write(str(e)) 125 with self.lock: 126 operationLog.write(ip + ':' + str(port) + ':' + protocol_name + ' UnicodeEncodeError exploit') 127 return ip + ':' + str(port) + ' Exception exploit!' 128 except Exception as e: 129 exstr = traceback.format_exc() 130 exceptionLog.write('Exception exploit: ' + ip + ':' + str(port)) 131 exceptionLog.write(exstr) 132 with self.lock: 133 operationLog.write(ip + ':' + str(port) + ':' + protocol_name + ' Exception exploit') 134 return ip + ':' + str(port) + ' Exception exploit!' 135 finally: 136 with self.lock: 137 scanLog.writeScanLog(result) 138 139 140 else: 141 result = [[ip, False, ip + ':' + str(port), 'v0', 'No vulnerabilities found']] 142 with self.lock: 143 scanLog.writeScanLog(result) 144 with self.lock: 145 operationLog.write(ip + ':' + str(port) + ':' + protocol_name + ' done exploit') 146 return ip + ':' + str(port) + ':' + protocol_name + ' done exploit!' 147 148 def exploit_time_limit(self, contentLine): 149 contentArray = contentLine.split(';') 150 ip = contentArray[0] 151 port = int(contentArray[4]) 152 protocol_name = contentArray[5] 153 service_name = contentArray[7] 154 result = [[ip, False, ip + ':' + str(port), 'v0', 'No vulnerabilities found']] 155 try: 156 return_str = self.exploit(contentLine) 157 except FunctionTimedOut as e: 158 with self.lock: 159 scanLog.writeScanLog(result) 160 operationLog.write(ip + ':' + str(port) + ':' + protocol_name + ' FunctionTimedOut exploit') 161 return ip + ':' + str(port) + ' FunctionTimedOut exploit!' 162 163 return return_str 164 165 def get_ips_from_soc(self): 166 167 ip_set = [] 168 f = open('IP2EXP.txt', 'r') 169 result = list() 170 for line in f.readlines(): 171 line = line.strip() 172 if not len(line) or line.startswith('#'): 173 continue 174 result.append(line) 175 ip_set = set(result) 176 ip_set = list(ip_set) 177 178 ip_set = set(ip_set) 179 180 return ip_set 181 182 def get_ips_alive(self, ports=None): 183 nm = nmap.PortScanner() 184 if ports == None: 185 with open('Port.txt') as portFile: 186 ports = portFile.readline().strip('\n') 187 if ports == None: 188 return 189 self.ports = ports 190 input_file_name = " -iL IP2EXP.txt" 191 self.args = input_file_name + ' -P0 -T4 -n --host-timeout 180s --min-hostgroup 100 --min-parallelism 500' 192 scinfo = nm.scan(arguments=self.args, ports=self.ports) 193 operationLog.write('nmap port scan done') 194 csv = nm.csv() 195 print(csv) 196 return csv 197 198 def main(self): 199 operationLog.write('scan started') 200 ip_set = self.get_ips_from_soc() 201 ip_set = list(ip_set) 202 # ip_set = ip_set[:-50] 203 ip_set = set(ip_set) 204 print(ip_set) 205 csv = self.get_ips_alive() 206 contents = csv.split('\r\n') 207 contents.remove(contents[0]) 208 contents.pop() 209 contents = [line for line in contents if line.find(';open;') > -1] 210 alive_ip_list = [line.split(';')[0] for line in contents] 211 random.shuffle(contents) 212 with open('PORT_OPEN.txt', mode='w') as f: 213 for contentLine in contents: 214 f.write(contentLine + '\n') 215 alive_ip_set = set(alive_ip_list) 216 dead_ip_set = ip_set - alive_ip_set 217 dead_result = [[ip, False, ip + ':No_Port_Open', 'v0', 'No vulnerabilities found'] 218 for ip in dead_ip_set] 219 with self.lock: 220 scanLog.writeScanLog(dead_result) 221 futures = [] 222 result = [] 223 result = self.exploitPool.map(self.exploit_time_limit, contents) 224 operationLog.write('start exploit') 225 self.exploitPool.shutdown() 226 # operationLog.write(len(result)) 227 operationLog.write('scan finished') 228 return result 229 230 def test(self): 231 operationLog.write('test scan started') 232 ip_set = self.get_ips_from_soc() 233 ip_set = list(ip_set) 234 # ip_set = ip_set[:-50] 235 ip_set = set(ip_set) 236 print(ip_set) 237 csv = self.get_ips_alive() 238 contents = csv.split('\r\n') 239 contents.remove(contents[0]) 240 contents.pop() 241 contents = [line for line in contents if line.find(';open;') > -1] 242 alive_ip_list = [line.split(';')[0] for line in contents] 243 random.shuffle(contents) 244 futures = [] 245 result = [] 246 with open('PORT_OPEN.txt', mode='w') as f: 247 for contentLine in contents: 248 f.write(contentLine + '\n') 249 alive_ip_set = set(alive_ip_list) 250 dead_ip_set = ip_set - alive_ip_set 251 dead_result = [[ip, False, ip + ':No_Port_Open', 'v0', 'No vulnerabilities found'] 252 for ip in dead_ip_set] 253 with self.lock: 254 scanLog.writeScanLog(dead_result) 255 contents = list(self.chunks(contents, self.exploitPoolSize)) 256 for tmp_ips in contents: 257 tmp_result = self.exploitPool.map(self.exploit_time_limit, tmp_ips) 258 operationLog.write('test start exploit') 259 self.exploitPool.shutdown() 260 operationLog.write('test shutdown') 261 result.extend(tmp_result) 262 operationLog.write('test stop exploit') 263 self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize) 264 operationLog.write('test scan finished') 265 return result 266 267 268 269 def find_port_open(self, from_file='', to_file='', ips=['10.34.121.0/24'], how='nmap', 270 port='21,22,23,25,445,139,3389,3306,1521,8081', include_file='finger_ip.txt', rate=100): 271 logger.info('%s%s ' % (how, port)) 272 logger.info('=====' * 5) 273 scan_result = [] 274 if how == 'masscan': 275 mas = masscan_zte.PortScanner() 276 if from_file != '': 277 arg = '--rate %s --retries 0 --wait 10 -iL %s' % (rate, from_file) 278 else: 279 with open(include_file, 'wt') as f: 280 f.writelines([ip + '\n' for ip in ips]) 281 arg = '--rate %s --retries 0 --wait 10 -iL %s' % (rate, include_file) 282 scan_result = list(mas.scan(ports=port, arguments=arg)['scan'].keys()) 283 elif how == 'nmap': 284 nm = nmap.PortScanner() 285 if from_file != '': 286 arg = '-P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s --max-rate %s --randomize-hosts -iL %s' % ( 287 rate, rate, from_file) 288 else: 289 with open(include_file, 'wt') as f: 290 f.writelines([ip + '\n' for ip in ips]) 291 arg = '-P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s --max-rate %s --randomize-hosts -iL %s' % ( 292 rate, rate, include_file) 293 nm.scan(ports=port, arguments=arg) 294 scan_list = nm.csv().split('\r\n') 295 header = scan_list.pop(0).split(';') 296 scan_list.pop() 297 298 logger.info('%s%s' % (len(scan_list), port)) 299 logger.info('=====' * 8) 300 if to_file != '': 301 with open(to_file, 'wt') as f: 302 f.writelines([ip + '\n' for ip in scan_list]) 303 return scan_list 304 305 def exploit_multiple_ips(self, ips, ports): 306 operationLog.write('test scan started') 307 scan_list = self.find_port_open(ips=ips, port=ports) 308 futures = [] 309 result = [] 310 scan_list = [line for line in scan_list if line.find(';open;') > -1] 311 for contentLine in scan_list: 312 futures.append(self.exploitPool.submit(self.exploit, contentLine)) 313 314 for x in as_completed(futures): 315 result.append(x.result()) 316 317 operationLog.write('test scan finished') 318 return result 319 320 321 if __name__ == '__main__': 322 323 scanner = netScanner() 324 try: 325 #result = scanner.main() 326 result = scanner.test() 327 with open('scandone.txt', mode='w') as f: 328 for line in result: 329 f.write(line + '\n') 330 except Exception as e: 331 exstr = traceback.format_exc() 332 print(exstr) 333 exceptionLog.write(exstr)
1945
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
