Codebase list faraday-plugins / c19a85b faraday_plugins / plugins / repo / sshdefaultscan / plugin.py
c19a85b

Tree @c19a85b (Download .tar.gz)

plugin.py @c19a85braw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
"""
Faraday Penetration Test IDE
Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information
"""
from faraday_plugins.plugins.plugin import PluginBase
import re

__author__ = "Andres Tarantini"
__copyright__ = "Copyright (c) 2015 Andres Tarantini"
__credits__ = ["Andres Tarantini"]
__license__ = "MIT"
__version__ = "0.0.1"
__maintainer__ = "Andres Tarantini"
__email__ = "[email protected]"
__status__ = "Development"


class SSHDefaultScanPlugin(PluginBase):
    """
    Handle sshdefaultscan (https://github.com/atarantini/sshdefaultscan) output
    using --batch and --batch-template; supports --username and --password
    """

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.id = "sshdefaultscan"
        self.name = "sshdefaultscan"
        self.plugin_version = "0.0.1"
        self.version = "1.0.0"
        self._command_regex = re.compile(
            r'^(python sshdefaultscan.py|\./sshdefaultscan.py)\s+.*?')
        self._completition = {"--fast": "Fast scan mode"}

    def parseOutputString(self, output):
        for line in [line.strip() for line in output.split("\n")]:
            output_rexeg_match = re.match(
                r".*:.*@\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$", line)
            if output_rexeg_match:
                credentials, address = line.split("@")
                host = self.createAndAddHost(address)
                service = self.createAndAddServiceToHost(host, "ssh", protocol="tcp", ports=[22])
                username, password = credentials.split(":")
                cred = self.createAndAddCredToService(
                    host, service, username, password)
                vuln = self.createAndAddVulnToService(
                    host,
                    service,
                    "Default credentials",
                    desc="The SSH server have default credentials ({username}:{password})".format(
                        username=username,
                        password=password
                    ),
                    severity=3
                )


    def processCommandString(self, username, current_path, command_string):
        super().processCommandString(username, current_path, command_string)
        if "--batch" not in command_string:
            return "{command} --batch --batch-template {template}".format(
                command=command_string,
                template="{username}:{password}@{host}"
            )
        else:
            return None


def createPlugin(*args, **kwargs):
    return SSHDefaultScanPlugin(*args, **kwargs)