lunaexploit.py

import lunascan
import parasehttp

import time

class lunaexploit(object):
    def __init__(self):
        self.exp_list = ['ref_xss','sqli','helloworld_exp']

    def adjust(self):
        self.exp_list = ['ref_xss','sqli']  #['ref_xss','sqli']

    def lunascan(self,luna_file,luna_sqlite,luna_report,host_port,luna_output,luna_scan,luna_exp_list,luna_conf):
        
        now = 0
        for i,every_body in enumerate(luna_file.bodylist):

            if len(every_body) == 0:
                continue
            
            now += 1
            luna_parase = parasehttp.parasehttp()
            luna_output.standard_output(host_port[0],host_port[1],len(luna_file.bodylist)-len(luna_file.filterlist),now)
            is_dynamic = luna_parase.parase(luna_file,every_body)
            if is_dynamic == -1:
                continue
            cgi_type = luna_parase.cgi.split('.')[-1]

            if (cgi_type in ['css','js','swf','jpg','xml'])  or luna_sqlite.cgi_key_exist(luna_sqlite.hostid,luna_parase):
                continue

            time.sleep(3)
            luna_sqlite.insert_cgi(luna_sqlite.hostid,luna_parase.cgi,luna_parase.method_type,luna_parase.get_key_list,luna_parase.get_value_list,luna_parase.post_key_list,luna_parase.post_value_list)
            luna_scan.sethttp(luna_parase)
            
            for exp in luna_exp_list:
                module = __import__("exp."+exp,{},{},list(exp))
                luna_exp = getattr(module, exp)()
                before_scan_control = luna_exp.before_scan(luna_scan,luna_report)
            
                if luna_exp.do_scan and before_scan_control:
                
                    luna_scan.v_scan(luna_report,luna_parase,luna_exp,luna_conf)


    def exploit(self,luna_file,luna_sqlite,luna_report,host_port,luna_output,luna_conf):
        luna_scan = lunascan.lunascan(host_port[0],host_port[1])
        self.lunascan(luna_file,luna_sqlite,luna_report,host_port,luna_output,luna_scan,self.exp_list,luna_conf)