Python3漏洞扫描工具 ( Python3 插件式框架 )
Posted 0x4d75
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Python3漏洞扫描工具 ( Python3 插件式框架 )相关的知识,希望对你有一定的参考价值。
目录
Python3 漏洞检测工具 -- lance
lance, a simple version of the vulnerability detection framework based on Python3.
基于Python3的简单版漏洞检测框架 -- lance
可以自定义poc或exp插件,可以 指定 要加载的poc或exp。
再次添加了logging模块来控制输出,同时也支持Linux平台的彩色输出提示。
代码已经上传到Github : https://github.com/b4zinga/lance
screenshot
requirements
python
关键代码
def loadPlugin(url, poc=None):
"""load all plugins.
"""
if "://" not in url:
url = "http://" + url
url = url.strip("/")
logger.info("Target url: %s" % url)
plugin_path = os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))),"plugins")
if not os.path.isdir(plugin_path):
logger.warning("%s is not a directory! " % plugin_path)
raise EnvironmentError
logger.info("Plugin path: %s " % plugin_path)
items = os.listdir(plugin_path)
if poc:
logger.infxito("Loading %s plugins." % poc)
else:
poc=""
for item in items:
if item.endswith(".py") and not item.startswith(‘__‘):
plugin_name = item[:-3]
if poc in plugin_name:
logger.info("Loading plugin: %s" % plugin_name)
module = importlib.import_module("plugins." + plugin_name)
try:
result = module.run(url)
if result:
logger.success(result)
else:
logger.error("Not Vulnerable %s " % plugin_name)
except:
logger.warning("ConnectionError ")
else:
continue
logger.info("Finished")
usage
please run python3 lance.py -h
for help.
[email protected]:~/lance# python3 lance.py
usage: python lance.py
lance. By [email protected]
optional arguments:
-h, --help show this help message and exit
Target:
-u URL target url.
Module:
-m module poc or exp to be loaded. defaul is all.
documents
README
说明文档 : https://github.com/b4zinga/lance/blob/master/README.md
Guide
Guide : https://github.com/b4zinga/lance/blob/master/docs/Guide.md
Change Log
ChangeLog : https://github.com/b4zinga/lance/blob/master/docs/ChangeLog.md
2018/07/20
- 添加logging模块,支持日志
- 添加彩色输出(目前支持Linux下Py3,Win下的Py3暂不支持颜色)
2018/07/18
- 程序基本功能实现, 可以运行
- 可以实现`-u URL`指定URl, `-m plugin`指定只加载含有"plugin"关键字的插件, 如"weblogic"
TODO list
TODOList : https://github.com/b4zinga/lance/blob/master/docs/TODOList.md
[] 添加多线程
[x] 终端颜色区分结果
[x] 添加日志
[] more...
Any advice or sugggestions
Please mail to [email protected]
if you have poc or exp , mail me.
目录结构
lance
│ lance.py
│ README.md
│
├─docs
│ ChangeLog.md
│ Guide.md
│ screenshot1.png
│ screenshot2.png
│ TODOList.md
│
├─lib
│ ansistrm.py
│ cli.py
│ cmdline.py
│ convert.py
│ data.py
│ loader.py
│ log.py
│ __init__.py
│
└─plugins
activemq_movefile.py
activemq_putfile.py
activemq_weakpwd.py
discuz_faqsql.py
elasticSearch_dir_traversal.py
elasticSearch_dir_traversal2.py
elasticSearch_remote_code_exec.py
elasticSearch_remote_code_exec2.py
redis_unauth.py
struts2_053.py
weblogic_ssrf.py
weblogic_weakpasswd.py
weblogic_xmldecoder.py
__init__.py
代码已经上传到Github : https://github.com/b4zinga/lance
以上是关于Python3漏洞扫描工具 ( Python3 插件式框架 )的主要内容,如果未能解决你的问题,请参考以下文章