update readme

Shaoliu Wu · Shaoliu Wu · commit 282f6663f6e5 · 2020-02-06T12:56:59.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -127,3 +127,10 @@ dmypy.json
 
 # Pyre type checker
 .pyre/
+
+# temp files
+*.json
+*.txt
+
+# idea
+.idea/
diff --git a/README.md b/README.md
@@ -4,5 +4,28 @@
 
 原作者已经写的非常好了，在这里做了部分的 bug 修改，部分脚本 poc 未生效，配置错误。之前在做一次内网渗透，扫了一圈，发现 CVE-2017-10271 与 CVE-2019-2890，当时就郁闷了，怎么跨度这么大，中间的漏洞一个都没有，难道还有修一半，漏一半的，查了一下发现部分 poc 无法使用。在这个项目里面对脚本做了一些修改，提高准确率。
 
-后续进行说明更新，目前修改 ws.py 里面的目标就行，批量的方法就不多说了
+# 快速开始
 
+### 依赖
+
++ python >= 3.6
+
+进入项目目录，使用以下命令安装依赖库
+
+```
+$ pip3 install requests
+```
+
+### 使用说明
+
+```
+usage: ws.py [-h] -t TARGETS [TARGETS ...] [-o OUTPUT]
+
+optional arguments:
+  -h, --help            帮助信息
+  -t TARGETS [TARGETS ...], --targets TARGETS [TARGETS ...]
+                        直接填入目标或文件列表（默认使用端口7001）. 例子：
+                        127.0.0.1:7001
+  -o OUTPUT, --output OUTPUT
+                        输出 json 结果的路径。默认不输出结果
+```
diff --git a/stars/__init__.py b/stars/__init__.py
@@ -23,8 +23,10 @@ class ResultCode(BaseState):
     EXISTS = 20
     # not exists anything
     NOTEXISTS = 40
-    # not exists anything
+    # timeout
     TIMEOUT = 50
+    # error
+    ERROR = 60
     # detect finish
     FINISH = 100
 
@@ -48,6 +50,7 @@ def __init__(self):
         self.ext_msg: Dict[str, List[str]] = {}
         for key in rc:
             code = rc[key]
+            print(1000, code)
             self.ext_msg[code] = []
             if code == result_code.START:
                 self.ext_msg[code].append('[*] Start to detect {call} for {target}.')
@@ -64,12 +67,20 @@ def __init__(self):
                     self.ext_msg[code].append('[*] Please verify {call} vulnerability manually!')
             if code == result_code.TIMEOUT:
                 self.ext_msg[code].append('[!] Target {target} detect timeout!')
+            if code == result_code.ERROR:
+                self.ext_msg[code].append('[!] Target {target} connection error!')
             if code == result_code.FINISH:
                 self.ext_msg[code].append('---------------- Heartless Split Line ----------------')
+            print(1000, self.ext_msg)
 
     def light_and_msg(self, dip, dport, *arg, **kwargs):
         self.msg(f'{dip}:{dport}', result_code.START)
-        res, data = self.light_up(dip, dport, *arg, **kwargs)
+        res = False
+        data = {}
+        try:
+            res, data = self.light_up(dip, dport, *arg, **kwargs)
+        except ConnectionAbortedError:
+            self.msg(f'{dip}:{dport}', result_code.ERROR)
         if res:
             self.msg(f'{dip}:{dport}', result_code.EXISTS)
         else:
diff --git a/ws.py b/ws.py
@@ -1,12 +1,53 @@
 #!/usr/bin/env python3
 # _*_ coding:utf-8 _*_
+import json
+import os
+import re
+import time
+
 import stars
 import stars._import
 
 if __name__ == '__main__':
-    dip = '10.0.179.247'
-    dport = '8001'
-    for group_name in stars.universe.actived:
-        for star in stars.universe.actived[group_name]:
-            instance = star()
-            instance.light_and_msg(dip, dport)
+    import argparse
+
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-t', '--targets', required=True, nargs='+',
+                        help='target, or targets file(default port 7001). eg. 127.0.0.1:7001')
+    parser.add_argument('-o', '--output', type=str, help='Path to json output(default without output).')
+    args = parser.parse_args()
+
+
+    if args.output and not os.path.isdir(args.output):
+        print('error! output expected folder.')
+        exit(1)
+
+    m_target = {}
+    for target in args.targets:
+        t_list = []
+        if os.path.isfile(target):
+            with open(target) as _f:
+                for it in _f.read().split('\n'):
+                    res = re.search(r'^(\d{,3}\.\d{,3}\.\d{,3}\.\d{,3})([ :](\d{,5}))?$', it)
+                    if res:
+                        port = res.group(3) if res.group(3) else '7001'
+                        id = res.group(1) + ':' + port
+                        m_target[id] = {'ip': res.group(1), 'port': port}
+        else:
+            res = re.search(r'^(\d{,3}\.\d{,3}\.\d{,3}\.\d{,3})([ :](\d{,5}))?$', target)
+            if res:
+                port = res.group(3) if res.group(3) else '7001'
+                id = res.group(1) + ':' + port
+                m_target[id] = {'ip': res.group(1), 'port': port}
+
+    for key in m_target:
+        for group_name in stars.universe.actived:
+            for star in stars.universe.actived[group_name]:
+                instance = star()
+                res, msg = instance.light_and_msg(m_target[key]['ip'], m_target[key]['port'])
+                ikey = instance.info['CVE'] if instance.info['CVE'] else instance.info['NAME']
+                m_target[key][ikey] = res
+
+    if args.output:
+        with open(os.path.join(args.output, f'{int(time.time())}.json'), 'w') as _f:
+            _f.write(json.dumps(m_target))
