init first

README.MD

@@ -0,0 +1,20 @@
+## w9scan
+本地完美调用bugscan的插件运行的扫描器
+
+## Requirement
+- require python 2.7
+- 不需要安装其他第三方库
+- 支持Windos/Linux  win10 Ubuntu 测试成功
+
+## FAQ
+- 1.兼容bugscan插件？
+- 程序设计就是通过调用bugscan插件运行的，bugscan插件均为网上收集
+
+## 免责
+w9scan扫描器项目仅用于学习，其他目的一概不允许。
+
+## Useage
+python w9scan.py
+
+## Thx
+- 感谢一位网友提供了部分bugscan代码

lib/core/common.py

@@ -0,0 +1,105 @@
+#!/usr/bin/env python
+
+from lib.core.data import paths
+import sys
+import os
+from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT
+from lib.core.settings import banner as banner1
+from lib.core.log import logger
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+def weAreFrozen():
+    """
+    Returns whether we are frozen via py2exe.
+    This will affect how we find out where we are located.
+    Reference: http://www.py2exe.org/index.cgi/WhereAmI
+    """
+
+    return hasattr(sys, "frozen")
+
+def isListLike(value):
+    """
+    Returns True if the given value is a list-like instance
+
+    >>> isListLike([1, 2, 3])
+    True
+    >>> isListLike(u'2')
+    False
+    """
+
+    return isinstance(value, (list, tuple, set))
+
+def getUnicode(value, encoding=None, noneToNull=False):
+    """
+    Return the unicode representation of the supplied value:
+
+    >>> getUnicode(u'test')
+    u'test'
+    >>> getUnicode('test')
+    u'test'
+    >>> getUnicode(1)
+    u'1'
+    """
+
+    if noneToNull and value is None:
+        return "NULL"
+
+    if isinstance(value, unicode):
+        return value
+    elif isinstance(value, basestring):
+        while True:
+            try:
+                return unicode(value, encoding or "utf8")
+            except UnicodeDecodeError, ex:
+                try:
+                    return unicode(value, "utf8")
+                except:
+                    value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:]
+    elif isListLike(value):
+        value = list(getUnicode(_, encoding, noneToNull) for _ in value)
+        return value
+    else:
+        try:
+            return unicode(value)
+        except UnicodeDecodeError:
+            return unicode(str(value), errors="ignore")  # encoding ignored for non-basestring instances
+
+def setPaths(rootPath):
+    """
+    Sets absolute paths for project directories and files
+    """
+
+    paths.w9scan_ROOT_PATH = rootPath
+
+    # sqlmap paths
+    paths.w9scan_Plugin_Path = os.path.join(paths.w9scan_ROOT_PATH, "plugins")
+
+def banner():
+    print banner1
+
+def Get_lineNumber_fileName():
+    File_Obj = sys._getframe().f_back
+
+    f_line = File_Obj.f_lineno  # get code line
+    f_co_name = File_Obj.f_code.co_name  # get code function
+
+    try:
+        ff_line = File_Obj.f_back.f_lineno
+        ff_co_name = File_Obj.f_back.f_code.co_name
+
+    except:
+        ff_co_name = File_Obj.f_code.co_filename
+        ff_line = f_line
+
+    logger.info('%s:%d <= %s:%d' % (f_co_name,
+                                     f_line,
+                                     ff_co_name,
+                                     ff_line))
+
+    return '%s:%d <= %s:%d' % (f_co_name,
+                               f_line,
+                               ff_co_name,
+                               ff_line)

lib/core/data.py

@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.datatype import AttribDict
+
+# w9scan paths
+paths = AttribDict()
+
+# w9scan cmder
+cmdLineOptions = AttribDict()

lib/core/datatype.py

@@ -0,0 +1,106 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import copy
+import types
+
+class AttribDict(dict):
+    """
+    This class defines the sqlmap object, inheriting from Python data
+    type dictionary.
+
+    >>> foo = AttribDict()
+    >>> foo.bar = 1
+    >>> foo.bar
+    1
+    """
+
+    def __init__(self, indict=None, attribute=None):
+        if indict is None:
+            indict = {}
+
+        # Set any attributes here - before initialisation
+        # these remain as normal attributes
+        self.attribute = attribute
+        dict.__init__(self, indict)
+        self.__initialised = True
+
+        # After initialisation, setting attributes
+        # is the same as setting an item
+
+    def __getattr__(self, item):
+        """
+        Maps values to attributes
+        Only called if there *is NOT* an attribute with this name
+        """
+
+        try:
+            return self.__getitem__(item)
+        except KeyError:
+            raise AttributeError("unable to access item '%s'" % item)
+
+    def __setattr__(self, item, value):
+        """
+        Maps attributes to values
+        Only if we are initialised
+        """
+
+        # This test allows attributes to be set in the __init__ method
+        if "_AttribDict__initialised" not in self.__dict__:
+            return dict.__setattr__(self, item, value)
+
+        # Any normal attributes are handled normally
+        elif item in self.__dict__:
+            dict.__setattr__(self, item, value)
+
+        else:
+            self.__setitem__(item, value)
+
+    def __getstate__(self):
+        return self.__dict__
+
+    def __setstate__(self, dict):
+        self.__dict__ = dict
+
+    def __deepcopy__(self, memo):
+        retVal = self.__class__()
+        memo[id(self)] = retVal
+
+        for attr in dir(self):
+            if not attr.startswith('_'):
+                value = getattr(self, attr)
+                if not isinstance(value, (types.BuiltinFunctionType, types.FunctionType, types.MethodType)):
+                    setattr(retVal, attr, copy.deepcopy(value, memo))
+
+        for key, value in self.items():
+            retVal.__setitem__(key, copy.deepcopy(value, memo))
+
+        return retVal
+
+class InjectionDict(AttribDict):
+    def __init__(self):
+        AttribDict.__init__(self)
+
+        self.place = None
+        self.parameter = None
+        self.ptype = None
+        self.prefix = None
+        self.suffix = None
+        self.clause = None
+        self.notes = []  # Note: https://github.com/sqlmapproject/sqlmap/issues/1888
+
+        # data is a dict with various stype, each which is a dict with
+        # all the information specific for that stype
+        self.data = AttribDict()
+
+        # conf is a dict which stores current snapshot of important
+        # options used during detection
+        self.conf = AttribDict()
+
+        self.dbms = None
+        self.dbms_version = None
+        self.os = None

lib/core/exploit.py

@@ -0,0 +1,83 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# @Author: w8ay
+# @Date:   2017年12月19日 12:04:55
+import os
+from lib.core.data import paths
+import imp
+from lib.core.log import *
+from lib.core.common import Get_lineNumber_fileName
+from thirdparty import miniCurl
+from lib.utils import until
+
+class Exploit_run(object):
+
+    def __init__(self,url):
+        self.hash_pycode_Lists = {}
+        self.url = url
+        filter_func = lambda file: (True, False)['__init__' in file or 'pyc' in file]
+        dir_exploit = filter(filter_func, os.listdir(paths.w9scan_Plugin_Path))
+        try:
+            for exp in dir_exploit:
+                with open(os.path.join(paths.w9scan_Plugin_Path,exp), 'rb') as f:
+                    reads = str(f.read())
+                    f.close()
+                    self.hash_pycode_Lists.setdefault(exp, reads)
+        except Exception as error_info:
+            print error_info
+
+        print '[***] Fetch %d new plugins' % len(self.hash_pycode_Lists)
+
+    def _load_module(self,chunk,name='<w9scan>'):
+        pluginObj = imp.new_module(str(name))
+        exec chunk in pluginObj.__dict__
+        return pluginObj
+
+    def load_modules(self,service,url):
+        # 内部载入所有模块，并且判断服务名是否正确
+        for k, v in self.hash_pycode_Lists.iteritems():
+            pluginObj = self._load_module(v)
+            pluginObj.task_push = self.task_push
+            pluginObj.curl = miniCurl.Curl()
+            pluginObj.security_note = self._security_note
+            pluginObj.security_info = self._security_info
+            pluginObj.security_warning = self._security_warning
+            pluginObj.security_hole = self._security_hole
+            pluginObj.util = until
+
+            try:
+
+                pluginObj_tuple = pluginObj.assign(service, url)
+
+                if not isinstance(pluginObj_tuple, tuple):  # 判断是否是元组
+                    continue
+                bool_value, agrs = pluginObj_tuple[0],pluginObj_tuple[1]
+
+                #print k,bool_value,agrs
+                if (bool_value):
+                    #print service,k,agrs
+                    print "[***] Load Plugins %s for service '%s'" %(k,service)
+                    pluginObj.audit(agrs)
+            except Exception as error_info:
+
+                print service,k,error_info
+
+    def _work(self):
+        # 程序内部工作线程
+        pass
+
+    def _security_note(self, body, uuid=None):
+        logger._print(body,BLUE)
+
+    def _security_info(self, body, uuid=None):
+        logger.info(body)
+
+    def _security_warning(self, body, uuid=None):
+        logger._print(body,YELLOW)
+
+    def _security_hole(self, body, uuid=None):
+        logger._print(body,RED)
+
+    def task_push(self, serviceType, target_info, uuid=None, target=None, pr=-1):
+        self.load_modules(serviceType,target_info)
+        pass