Python3漏洞扫描工具 ( Python3 插件式框架 )

Ŀ¼

• Python3 漏洞检测工具 -- lance
  • screenshot
  • requirements
  • 关键代码
  • usage
  • documents
    • README
    • Guide
    • Change Log
    • TODO list
  • Any advice or sugggestions
  • 目录结构

lance, a simple version of the vulnerability detection framework based on Python3.

基于Python3的简单版漏洞检测框架 -- lance

可以自定义poc或exp插件，可以 指定 要加载的poc或exp。

再次添加了logging模块来控制输出，同时也支持Linux平台的彩色输出提示。

代码已经上传到Github : https://github.com/b4zinga/lance

screenshot

requirements

python

def loadPlugin(url, poc=None):     """load all plugins.     """     if "://" not in url:         url = "http://" + url     url = url.strip("/")     logger.info("Target url: %s" % url)      plugin_path = os.path.join(os.path.dirname(os.path.dirname(os.path.realpath(__file__))),"plugins")     if not os.path.isdir(plugin_path):         logger.warning("%s is not a directory! " % plugin_path)         raise EnvironmentError     logger.info("Plugin path: %s " % plugin_path)          items = os.listdir(plugin_path)     if poc:         logger.infxito("Loading %s plugins." % poc)     else:         poc=""     for item in items:         if item.endswith(".py") and not item.startswith(‘__‘):             plugin_name = item[:-3]             if poc in plugin_name:                 logger.info("Loading plugin: %s" % plugin_name)                  module = importlib.import_module("plugins." + plugin_name)                  try:                     result = module.run(url)                     if result:                         logger.success(result)                     else:                         logger.error("Not Vulnerable %s " % plugin_name)                 except:                     logger.warning("ConnectionError ")             else:                 continue      logger.info("Finished")

usage

please run python3 lance.py -h for help.

root@kali:~/lance# python3 lance.py  usage: python lance.py  lance. By b4zinga@outlook.com  optional arguments:   -h, --help  show this help message and exit  Target:   -u URL      target url.  Module:   -m module   poc or exp to be loaded. defaul is all.

documents

README

说明文档 : https://github.com/b4zinga/lance/blob/master/README.md

Guide

Guide : https://github.com/b4zinga/lance/blob/master/docs/Guide.md

Change Log

ChangeLog : https://github.com/b4zinga/lance/blob/master/docs/ChangeLog.md

 2018/07/20  - 添加logging模块，支持日志  - 添加彩色输出（目前支持Linux下Py3，Win下的Py3暂不支持颜色）    2018/07/18  - 程序基本功能实现, 可以运行  - 可以实现`-u URL`指定URl, `-m plugin`指定只加载含有"plugin"关键字的插件, 如"weblogic"

TODO list

TODOList : https://github.com/b4zinga/lance/blob/master/docs/TODOList.md

• [] 添加多线程

• [x] 终端颜色区分结果

• [x] 添加日志

• [] more...

Any advice or sugggestions

Please mail to b4zinga@outlook.com

if you have poc or exp , mail me.

lance │  lance.py │  README.md │ ├―docs │      ChangeLog.md │      Guide.md │      screenshot1.png │      screenshot2.png │      TODOList.md │ ├―lib │      ansistrm.py │      cli.py │      cmdline.py │      convert.py │      data.py │      loader.py │      log.py │      __init__.py │ └―plugins         activemq_movefile.py         activemq_putfile.py         activemq_weakpwd.py         discuz_faqsql.py         elasticSearch_dir_traversal.py         elasticSearch_dir_traversal2.py         elasticSearch_remote_code_exec.py         elasticSearch_remote_code_exec2.py         redis_unauth.py         struts2_053.py         weblogic_ssrf.py         weblogic_weakpasswd.py         weblogic_xmldecoder.py         __init__.py 

代码已经上传到Github : https://github.com/b4zinga/lance

原文：https://www.cnblogs.com/0x4D75/p/9345958.html