这是indexloc提供的服务,不要输入任何密码
Skip to content

Better exploit searching #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 30 commits into from
Feb 5, 2018
Merged

Better exploit searching #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
38c112e
first itteration of new search server
linted Jan 25, 2018
970dda9
fixed global issue and added more to whitelist
linted Jan 26, 2018
b28a607
added things missing from last commit
linted Jan 26, 2018
a62be29
added splat of the list to popen
linted Jan 26, 2018
6830155
changed to cutting down of the version number to see if we get more r…
linted Jan 26, 2018
c72e529
added some error handling so the server doesn't die whenever an excep…
linted Jan 26, 2018
ed0709d
Just realized I'm an idiot of changing a string to byteString and bac…
linted Jan 26, 2018
7129bb0
fixed miss matches ) and added better formating to a print statement
linted Jan 26, 2018
f1112f5
I guess it did actually need byte strings and it just lied to me..
linted Jan 26, 2018
f98377e
forgot to switch the logig from black list to whitelist
linted Jan 26, 2018
17d166f
moved searchsploit check to pre-main() and made the search loop cleaner?
linted Jan 26, 2018
0b5e000
fixed miss used variables
linted Jan 26, 2018
731cd51
fixed trying to concat a list to a string
linted Jan 26, 2018
1023a3e
stupid )'s will be the end of me
linted Jan 26, 2018
61b1877
stupid )'s will be the end of me
linted Jan 26, 2018
4e75c0c
changed to json output of searchsploit and checking it to make sure w…
linted Jan 26, 2018
20fff39
fixed miss used variable
linted Jan 26, 2018
5368eca
changed to a pool of workers to take care of the searching
linted Jan 26, 2018
c31064a
fixed missing except
linted Jan 26, 2018
3057292
Trying another way to pass this iterable to be pickled
linted Jan 26, 2018
8fa10a4
added proper termination of the pool
linted Jan 26, 2018
82dc7c7
fixed miss named var
linted Jan 26, 2018
cf0aea6
got pools working
linted Jan 26, 2018
7203d23
moved away from using searchsploit and started parsing the csv on our…
linted Jan 28, 2018
0c77ce8
removed the required ip and port, that was a dumb idea and i regreted…
linted Jan 28, 2018
c36bfde
added a new line after every output, and moved the section header to …
linted Jan 28, 2018
1d2c8e9
One day I will eradicate the world of the ). I will destroy them so t…
linted Jan 28, 2018
4678dd8
Today is not that day
linted Jan 28, 2018
3437cf5
forgot to rejoin the query
linted Jan 28, 2018
9e02bf2
removed submodule dependency
linted Jan 28, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions .gitmodules
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +0,0 @@
[submodule "exploitdb"]
path = exploitdb
url = https://github.com/mattoufoutu/exploitdb.git
1 change: 0 additions & 1 deletion exploitdb
Open in desktop
Submodule exploitdb deleted from 52f898
103 changes: 70 additions & 33 deletions privcheckerserver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,48 +2,56 @@
# server for hosting exploit search

try:
from exploitdb import exploitdb
except:
import os
print("-"*80)
print('Submodule not found. Setting up...')
os.system('cd exploitdb; git submodule init; git submodule update')
print("-"*80)
print("Please run again for full functionality.")
exit()
import socketserver
import socketserver
from os.path import isfile
import argparse
import multiprocessing
from csv import DictReader
except Exception as e:
print("Caught exception: {}\nAre you running with python3?".format(e))
exit(1)


_PORT_ = 4521
_IP_ = '0.0.0.0'
_SEARCHSPLOIT_ = "/usr/share/exploitdb/files_exploits.csv"

class SearchHandler(socketserver.StreamRequestHandler):
def handle(self):
print('[+] Connection from '+ self.client_address[0])
data = self.rfile.readline().decode().strip()
while not data == '':
print('[ ] Searching for: ' + data)
output = [ ]
results = self.server.search(data)
for exploits in results:
output.append(exploits[0]['description'] + ' id: ' + exploits[0]['id'])
if len(output) > 0:
print(''.join(output))
self.wfile.write('\n'.join(output).encode() + b'\n')
data = self.rfile.readline().decode().strip()
print('[-] Closing connection from ' + self.client_address[0])



class ExploitServer(exploitdb.ExploitSearch, socketserver.ThreadingMixIn, socketserver.TCPServer):
def __init__(self, connectionInfo, handler):
exploitdb.ExploitSearch.__init__(self)
socketserver.TCPServer.__init__(self, connectionInfo, handler)
socketserver.ThreadingMixIn.__init__(self)

try:
print('[+] Connection from '+ self.client_address[0])
self.pool = multiprocessing.Pool(10)
for output in self.pool.imap(SearchHandler.search, iter(self.rfile.readline, b'\n')):
if output:
print(output)
self.wfile.write(output.encode() + b'\n')

self.pool.close()
print('[$] Closing connection from {}\n'.format(self.client_address[0]))
self.pool.join()
except Exception as e:
self.pool.terminate()
self.wfile.write('[-] Exception Caught: {}'.format(e).encode())
print("[-] Exception Caught: {}".format(e))
self.pool.join()

@classmethod
def search(cls, data):
query = data.decode().strip().split(" ")
query[-1] = query[-1][:3] #cut down on the last item which should be the version number
output = []
for rows in ExploitServer.exploitDatabase:
if all([term in rows["description"] for term in query]):
output.append('\t'.join((rows["description"], rows["file"])))
if output:
return "[ ] " + "\n".join([' '.join(query), *output])




class ExploitServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
exploitDatabase = []


def main():
exploit = ExploitServer((_IP_, _PORT_), SearchHandler)
print('[ ] Starting server on port ' + str(_PORT_))
Expand All @@ -55,4 +63,33 @@ def main():
exploit.server_close()

if __name__ == "__main__":
#parse the args
parser = argparse.ArgumentParser()
parser.add_argument("-i", "--ip", help="Ip to listen on")
parser.add_argument("-p", "--port", help="Port to listen on")
parser.add_argument("-f", "--file", help="The exploit csv to use")
args = parser.parse_args()
if args.ip:
_IP_ = args.ip
if args.port:
_PORT_ = args.port
if args.file:
_SEARCHSPLOIT_ = args.file

if not isfile(_SEARCHSPLOIT_):
print("[-] Cannot find csv databse: {}\nFor more details visit: https://github.com/offensive-security/exploit-database".format(_SEARCHSPLOIT_))
exit(2)

#parse the exploit database and collect all the results
try:
with open(_SEARCHSPLOIT_) as Fin:
reader = DictReader(Fin)
for lines in reader:
#add the database to the exploit server for non global persistance... or maybe it is technically still global?
ExploitServer.exploitDatabase.append(lines)
except Exception as e:
print("[-] Exception caught while attempting to parse database file. {}".format(e))
exit(3)

print("[ ] Starting up")
main()