expdb/exploit_tool.py at master · PrettyUp/expdb · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import re

from search_engine import SearchEngine
from config.setting import IP_LISTS, START_NUMBER, TOTAL_COUNT, SEARCH_TYPE
from dao.src_db_dao import ExploitToolDao, DBInit

# 即所谓的抓鸡工具
class ExploitTool:
    def __init__(self):
        db_init = DBInit()
        self.exploit_tool_dao = ExploitToolDao(db_init.session)
        self.search_engine = SearchEngine()
        pass

    # 指定ip获取适用的cve、msf模块、edb模块
    def specify_ip_search_exploits(self,search_type="cve"):
        ip_lists = IP_LISTS
        # ip_lists = ['192.146.137.131','37.233.84.212']
        for ip in ip_lists:
            services = self.search_engine.shodan_ip_get_services(ip)
            for service in services:
                version= re.search("[.|\d]+",service['version'])
                records = []
                if search_type == "cve":
                    if version is not None:
                        records = self.exploit_tool_dao.query_cve_entry_by_service(service['product'],version)
                elif search_type == "msf":
                    if version is not None:
                        records = self.exploit_tool_dao.query_msf_module_by_service(service['product'],version)
                if len(records) != 0:
                    for record in records:
                        for row in record:
                            print(f"{row}")
                else:
                    print(f"sorry,{service['product']}/{service['version']} have not any {search_type}")

    # 获取存在最新的cve、msf模块、edb模块的ip
    def random_exploit_search_ips(self,search_type="cve"):
        start_number = START_NUMBER
        total_count = TOTAL_COUNT
        records = []
        if search_type == "cve":
            records = self.exploit_tool_dao.query_ip_by_last_cve(start_number,total_count)
        elif search_type == "msf":
            records = self.exploit_tool_dao.query_ip_by_last_msf(start_number,total_count)
        for record in records:
            print(f"{record}")
            # for row in record:
            #     print(f"{row}")
                # print(f"{row.affect_product}-{row.affect_version} start to collect ip")
                # if row.affect_version == "" or row.affect_version == "-":
                #     ip_list = self.search_engine.shodan_service_get_ips(row.affect_product)
                # else:
                #     ip_list = self.search_engine.shodan_service_get_ips(row.affect_product,row.affect_version)
                # for ip in ip_list:
                #     print(f"{row}----{ip}")

        pass

if __name__ == "__main__":
    exploit_tool = ExploitTool()
    search_type = SEARCH_TYPE
    exploit_tool.random_exploit_search_ips(search_type)
    # exploit_tool.specify_ip_exploit()