From 44456b6d13a4ff9061d01680a4c6d6f3db2e6292 Mon Sep 17 00:00:00 2001 From: linted Date: Mon, 9 Oct 2017 17:44:50 -0400 Subject: [PATCH 1/5] Started work on priv check server. This will allow for up to day vuln scans --- privcheckerserver.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100755 privcheckerserver.py diff --git a/privcheckerserver.py b/privcheckerserver.py new file mode 100755 index 0000000..6901189 --- /dev/null +++ b/privcheckerserver.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python3 +# server for hosting exploit search + +from exploitdb import exploitdb +import socketserver + + +class ExploitServer(exploitdb.ExploitSearch, socketserver.StreamReqstHandler): + def __init__(self, ip=None, port=None): + super(exploitdb.ExploitSearch).__init__() + pass + + +def main(): + exploit = ExploitServer() + +if __name__ == "__main__": + main() \ No newline at end of file From 540134ebc5371971d7663f1e15d8422af5c7dc87 Mon Sep 17 00:00:00 2001 From: linted Date: Tue, 10 Oct 2017 13:54:56 -0400 Subject: [PATCH 2/5] created initial server and handler --- privcheckerserver.py | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/privcheckerserver.py b/privcheckerserver.py index 6901189..524325d 100755 --- a/privcheckerserver.py +++ b/privcheckerserver.py @@ -4,15 +4,27 @@ from exploitdb import exploitdb import socketserver +_PORT_ = 4521 +_IP_ = '0.0.0.0' -class ExploitServer(exploitdb.ExploitSearch, socketserver.StreamReqstHandler): - def __init__(self, ip=None, port=None): - super(exploitdb.ExploitSearch).__init__() - pass +class SearchHandler(socketserver.StreamRequestHandler): + def handle(): + self.data = self.rfile.readline().strip() + results = self.server.search(data) + output = '\n'.join([''.join(k,v) for k,v in results]) + self.wfile.write(output) + #self.server <- use this is access the server + + +class ExploitServer(exploitdb.ExploitSearch, socketserver.ThreadingMixIn, socketserver.TCPServer): + def __init__(self, connectionInfo, handler): + super().__init__() + super(exploitdb.ExploitSearch).__init__(connectionInfo, handler) + def main(): - exploit = ExploitServer() + exploit = ExploitServer((_IP_, _PORT_), SearchHandler) if __name__ == "__main__": main() \ No newline at end of file From 514633b9f45ac4a0ca5f17e1ad94e11cc826ec30 Mon Sep 17 00:00:00 2001 From: linted Date: Thu, 19 Oct 2017 01:14:03 -0400 Subject: [PATCH 3/5] inital server working. current bug is that you cannot have search terms with spaces. working on fix. --- privcheckerserver.py | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/privcheckerserver.py b/privcheckerserver.py index 524325d..5e20f95 100755 --- a/privcheckerserver.py +++ b/privcheckerserver.py @@ -8,23 +8,35 @@ _IP_ = '0.0.0.0' class SearchHandler(socketserver.StreamRequestHandler): - def handle(): - self.data = self.rfile.readline().strip() - results = self.server.search(data) - output = '\n'.join([''.join(k,v) for k,v in results]) - self.wfile.write(output) - #self.server <- use this is access the server + def handle(self): + output = [] + data = self.rfile.readline().decode().strip() + while not 'done' in data: + print(data) + results = self.server.search(data) + print(results) + for exploits in results: + output.append(exploits[0]['description'] + ' id: ' + exploits[0]['id']) + data = self.rfile.readline().decode().strip() + buff = '\n'.join(output).encode() + self.wfile.write(buff) + class ExploitServer(exploitdb.ExploitSearch, socketserver.ThreadingMixIn, socketserver.TCPServer): def __init__(self, connectionInfo, handler): - super().__init__() - super(exploitdb.ExploitSearch).__init__(connectionInfo, handler) + exploitdb.ExploitSearch.__init__(self) + socketserver.TCPServer.__init__(self, connectionInfo, handler) + socketserver.ThreadingMixIn.__init__(self) + + def main(): exploit = ExploitServer((_IP_, _PORT_), SearchHandler) + print('[ ] Starting server on port ' + str(_PORT_)) + exploit.serve_forever() if __name__ == "__main__": main() \ No newline at end of file From abecafd2bb4d7e345504b7409554a7d16b3f2438 Mon Sep 17 00:00:00 2001 From: linted Date: Thu, 19 Oct 2017 02:10:23 -0400 Subject: [PATCH 4/5] added print messages and a blank line to indicate the end. --- privcheckerserver.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/privcheckerserver.py b/privcheckerserver.py index 5e20f95..de5620b 100755 --- a/privcheckerserver.py +++ b/privcheckerserver.py @@ -9,17 +9,17 @@ class SearchHandler(socketserver.StreamRequestHandler): def handle(self): - output = [] + print('[+] Connection from '+ self.client_address[0]) data = self.rfile.readline().decode().strip() - while not 'done' in data: - print(data) + while not data == '': + print('[ ] Searching for: ' + data) + output = [ ] results = self.server.search(data) - print(results) for exploits in results: output.append(exploits[0]['description'] + ' id: ' + exploits[0]['id']) + self.wfile.write('\n'.join(output).encode() + b'\n') data = self.rfile.readline().decode().strip() - buff = '\n'.join(output).encode() - self.wfile.write(buff) + print('[-] Closing connection from ' + self.client_address[0]) @@ -36,7 +36,12 @@ def __init__(self, connectionInfo, handler): def main(): exploit = ExploitServer((_IP_, _PORT_), SearchHandler) print('[ ] Starting server on port ' + str(_PORT_)) - exploit.serve_forever() + try: + exploit.serve_forever() + except: + print('[-] Caught exception. Shutting down.') + exploit.shutdown() + exploit.server_close() if __name__ == "__main__": main() \ No newline at end of file From f943f1b3c7b329077ab64636103491d26a70f4df Mon Sep 17 00:00:00 2001 From: linted Date: Thu, 19 Oct 2017 02:30:05 -0400 Subject: [PATCH 5/5] changed to only send data back if results are found. --- privcheckerserver.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/privcheckerserver.py b/privcheckerserver.py index de5620b..3a6c96a 100755 --- a/privcheckerserver.py +++ b/privcheckerserver.py @@ -17,7 +17,8 @@ def handle(self): results = self.server.search(data) for exploits in results: output.append(exploits[0]['description'] + ' id: ' + exploits[0]['id']) - self.wfile.write('\n'.join(output).encode() + b'\n') + if len(output) > 0: + self.wfile.write('\n'.join(output).encode() + b'\n') data = self.rfile.readline().decode().strip() print('[-] Closing connection from ' + self.client_address[0])