feat(module): Add to specify multiple targets for the module

fix a typo than lead to unable to set debug mode.

Author: TuuuNya

lib/BaseExploit.py

@@ -1,3 +1,4 @@
+from lib.ExploitOption import ExploitOption
 from lib.ExploitOptions import ExploitOptions
 from lib.ExploitResult import ExploitResult
 
@@ -12,10 +13,17 @@ class BaseExploit:
     service_version = None
     info_fields = ['name', 'description', 'author', 'references', 'disclosure_date', 'service_name', 'service_version']
 
+    multi_target = False
+    targets = []
+    target_type = None
+
     options = None
     results = None
 
     def __init__(self):
+        self.multi_target = False
+        self.target_type = None
+        self.targets = []
         self.options = ExploitOptions()
         self.results = ExploitResult()
 
@@ -25,6 +33,14 @@ def get_info(self):
             info[field_name] = getattr(self, field_name)
         return info
 
+    def register_tcp_target(self, port_value=None, timeout_value=10):
+        self.target_type = "tcp"
+        self.register_options([
+            ExploitOption(name="HOST", required=True, description="The IP address to be tested"),
+            ExploitOption(name="PORT", required=True, description="The port to be tested", value=port_value),
+            ExploitOption(name="TIMEOUT", required=True, description="Connection timeout", value=timeout_value)
+        ])
+
     def update_info(self, info):
         for name in info:
             if name in self.info_fields:

lib/Pocket.py

@@ -1,4 +1,5 @@
 import argparse
+from queue import Queue
 from lib.cmd2 import Cmd, with_category, with_argparser
 from art import text2art, art
 from utils import module
@@ -74,18 +75,31 @@ def complete_set(self, text, line, begidx, endidx):
 
     set_parser = argparse.ArgumentParser()
     set_parser.add_argument("name", help="The name of the field you want to set")
+    set_parser.add_argument("-f", "--file", action="store_true", help="Specify multiple targets")
     set_parser.add_argument("value", help="The value of the field you want to set")
 
     @with_argparser(set_parser)
     @with_category(CMD_MODULE)
     def do_set(self, args):
-        if args.value == 'debug':
+        if args.name == 'debug':
             self.debug = args.value
             return None
 
         if not self.module_instance:
             raise ModuleNotUseException()
 
+        # 使用 -f/--file 指定多个目标
+        if args.file and args.name in ["HOST", "TARGET"]:
+            try:
+                open(args.value, 'r')
+                self.module_instance.multi_target = True
+            except IOError as e:
+                self._print_item(e, color=Fore.RED)
+                return False
+        elif not args.file and args.name in ["HOST", "TARGET"]:
+            self.module_instance.multi_target = False
+            self.module_instance.targets = None
+
         self.module_instance.options.set_option(args.name, args.value)
 
     def complete_use(self, text, line, begidx, endidx):
@@ -193,6 +207,57 @@ def do_exploit(self, args):
                 self._print_item(error, color=Fore.RED)
             return False
 
+        # 处理指定多个目标的情况
+        if self.module_instance.multi_target:
+            # 读取多个目标
+            target_type = self.module_instance.target_type
+            target_field = None
+
+            if target_type == "tcp":
+                target_field = "HOST"
+            elif target_type == "http":
+                target_field = "URL"
+
+            target_filename = self.module_instance.options.get_option(target_field)
+
+            try:
+                target_file = open(target_filename, 'r')
+                self.module_instance.targets = []
+                for line in target_file.readlines():
+                    self.module_instance.targets.append(line.strip())
+                self.module_instance.multi_target = True
+            except IOError as e:
+                self._print_item(e, color=Fore.RED)
+                return False
+
+            # 将targets数组中的目标写到队列中
+            targets = self.module_instance.targets
+            targets_queue = Queue()
+            for target in targets:
+                targets_queue.put(target)
+
+            while not targets_queue.empty():
+                [target, port] = module.parse_ip_port(targets_queue.get())
+
+                exp = self.module_class.Exploit()
+                exp.options.set_option(target_field, target)
+                exp.options.set_option("TIMEOUT", self.module_instance.options.get_option("TIMEOUT"))
+                if port:
+                    exp.options.set_option("PORT", port)
+                else:
+                    exp.options.set_option("PORT", self.module_instance.options.get_option("PORT"))
+
+                exploit_result = exp.exploit()
+                if exploit_result.status:
+                    self._print_item(exploit_result.success_message)
+                else:
+                    self._print_item(exploit_result.error_message, color=Fore.RED)
+            self.poutput("{style}[*]{style_end} module execution completed".format(
+                style=Fore.BLUE + Style.BRIGHT,
+                style_end=Style.RESET_ALL
+            ))
+            return False
+
         exploit_result = self.module_instance.exploit()
         if exploit_result.status:
             self._print_item("Exploit success!")

modules/exploits/server/redis_unauthorized.py

@@ -1,6 +1,5 @@
 import socket
 from lib.BaseExploit import BaseExploit
-from lib.ExploitOption import ExploitOption
 
 
 class Exploit(BaseExploit):
@@ -17,31 +16,13 @@ def __init__(self):
             "service_name": "redis",
             "service_version": "*",
         })
-        self.register_options([
-            ExploitOption(
-                name="host",
-                required=True,
-                description="The IP of the machine to be tested",
-                value=None
-            ),
-            ExploitOption(
-                name="timeout",
-                required=False,
-                description="The timeout for connecting to redis",
-                value=10,
-            ),
-            ExploitOption(
-                name="port",
-                required=False,
-                description="redis port",
-                value=6379
-            )
-        ])
+        self.register_tcp_target(port_value=6379)
 
     def check(self):
-        host = self.options.get_option("host")
-        port = int(self.options.get_option("port"))
-        timeout = self.options.get_option("timeout")
+        host = self.options.get_option("HOST")
+        port = int(self.options.get_option("PORT"))
+        timeout = int(self.options.get_option("TIMEOUT"))
+        print(type(host), type(port), type(timeout))
         try:
             socket.setdefaulttimeout(timeout)
             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -54,14 +35,17 @@ def check(self):
                         "host": host,
                         "port": port,
                     },
-                    message="Host {} exists redis unauthorized vulnerability".format(host)
+                    message="Host {host}:{port} exists redis unauthorized vulnerability".format(host=host, port=port)
                 )
             else:
                 self.results.failure(
-                    error_message="Host {} does not exists redis unauthorized vulnerability".format(host)
+                    error_message="Host {host}:{port} does not exists redis unauthorized vulnerability".format(
+                        host=host,
+                        port=port
+                    )
                 )
         except Exception as e:
-            self.results.failure(error_message=e)
+            self.results.failure(error_message="Host {host}:{port}: {error}".format(host=host, port=port, error=e))
         return self.results
 
     def exploit(self):

utils/module.py

@@ -2,6 +2,8 @@
 from utils.files import ROOT_PATH
 from fnmatch import fnmatchcase
 from importlib import import_module
+from ipaddress import ip_address
+from urllib.parse import urlparse
 
 
 def name_convert(name):
@@ -40,3 +42,19 @@ def get_local_modules():
                     module_info['description']
                 ))
     return local_modules
+
+
+def parse_ip_port(netloc):
+    """
+    parse netloc to [ip, port]
+    :param netloc: string eg:127.0.0.1:80
+    :return: array eg: [127.0.0.1, 80]
+    """
+    try:
+        ip = str(ip_address(netloc))
+        port = None
+    except ValueError:
+        parsed = urlparse('//{}'.format(netloc))
+        ip = str(ip_address(parsed.hostname))
+        port = parsed.port
+    return ip, port