【2】Golismero插件编写-TestingPlugin插件编写

火影追了近10年了，有生之年能看完么？！

地址： http://blog.csdn.net/hujkay

作者：Jekkay Hu([email protected])

关键词：golismero, web扫描器， 插件编写

时间： 2013/09/18

2.1      TestingPlugi

2.2.1测试插件编写

TestingPlugin（测试插件）是进行安全检测的插件，而安全测试分为五个阶段：recon（侦查），scan（扫描），attack（攻击），intrude（入侵）和cleanup（扫尾）。这个五个阶段对应的测试插件存放位置如下表所示。

阶段	存放位置
Recon(侦查)	Plugins/testing/recon
scan（扫描）	Plugins/testing/scan
attack（攻击）	Plugins/testing/attack
intrude（入侵）	Plugins/testing/intrude
cleanup（扫尾）	Plugins/testing/cleanup

      该五个阶段的测试插件是依次串行进行的，只有当前阶段的所有插件才会执行下一个阶段的插件，但是同一阶段的插件可以并行执行。测试插件的接口类如下所示： 

接口类	golismero.api.plugin.TestingPlugin
基类	+ golismero.api.plugin._InformationPlugin    + golismero.api.plugin.Plugin      +Object

      接口的方法如下：

接口方法	说明
_init_	x.__init__(...) initializes x; see help(type(x)) for signature
get_accepted_info()	Return a list of constants describing which data types are accepted by the recv_info method. Returns:  Data type constants. Return type:    list
recv_info(info)	Callback method to receive data to be processed. This is the most important method of a plugin. Here’s where most of the logic resides. Parameters:    info (Data) – Data to be processed.
state	Returns:  Shared plugin state variables. Return type:    PluginState
update_status(progress=None)	Plugins can call this method to tell the user of the current progress of whatever the plugin is doing. Warning Do not override this method! Note This method may not be supported in future versions of GoLismero. Parameters:    progress (float | None) – Progress percentage [0, 100] as a float, or None to indicate progress can’t be measured.

      我们就以编写一个插件findadminpage，检测页面URL中的是否含有admin关键词，如果是的话则认为暴露了管理的页面，并生成一个简单的漏洞报告消息（虽然这并不是漏洞，只是为了演示如何编写插件）。由于是检测URL中的信息上是否含有admin关键词，所以将该插件放置在scan扫描阶段比较合适。在plugins/testing/scan中创建findadminpage.golismero，内容如下：

[Core] Name = Find Admin Page Module = findadminpage.py Class = FindAdminPage   [Documentation] Description = Tries to find the admin page:  www.jike521.com/admin Author = Jekkay Hu Version = 0.1 Website = http://www.freebuf.com Copyright = Copyright (C) 2011-2013 GoLismero Project License = GNU Public License

然后再新建在plugins/testing/scan/findadminpage.py，代码如下：

#!/usr/bin/env python # -*- coding: utf-8 -*- from golismero.api.data.resource.url import Url from golismero.api.data.vulnerability.suspicious.url import SuspiciousURL from golismero.api.logger import Logger from golismero.api.plugin import TestingPlugin __license__ = """ please visit follwong website for more information http://www.freebuf.com/ """ class FindAdminPage(TestingPlugin):     """     Find the admin page of website     """     #----------------------------------------------------------------------     def __init__(self):         """Constructor"""         self._keywordlist=set(['admin.html','administrator.html'])         self._count = 0                            #----------------------------------------------------------------------     def get_accepted_info(self):         return [Url]              #----------------------------------------------------------------------     def recv_info(self, info):         """process URL here"""         if not info or type(info) is not Url:             return                  """"Tell controller """         #self.update_status(progress = None)         results=[]         # Test whether can get amount of urls[ answer is NO]         self._count += 1          try:             urlinfo=info.url.split("/")             findkey = self._keywordlist.intersection(set(urlinfo))             Logger.log_verbose("Testing %s..." %str(info.url))             if len(findkey) > 0:                 # find the admin web page                 # Report the vulnerabilities.                 des = "Find the admin webpage [%s] " % str(info.url)                 results.append(SuspiciousURL(                     url = info,                     substring = "no args",                     level = "informational",  # TODO: use the OSVDB API                     description = des))                 Logger.log_verbose(des)         except:             pass         return results

启动golismero来测试findadminpage插件，输入下列指令：

python golismero.py www.jike521.com  -e findadminpage -e spider -o result.html -r inf

其中-e spider表示启动爬虫插件，如果没有启动该插件就无法扫描到站点中的所有页面，输出的结果如下所示：

...   /----------------------------------------------\ | GoLismero 2.0.0b1 - The Web Knife            | | Contact: golismero.project<@>gmail.com       | |                                              | | Daniel Garcia Garcia a.k.a cr0hn (@ggdaniel) | | Mario Vilas (@Mario_Vilas)                   | \----------------------------------------------/   GoLismero started at 2013-09-17 16:42:50.083000 [*] GoLismero: Audit name: golismero-lkQl6jgv [*] GoLismero: Audit database: golismero-lkQl6jgv.db [*] GoLismero: Added 4 new targets to the database. [*] GoLismero: Launching tests... [*] Web Spider: Started. [*] Web Spider: Spidering URL: 'http://www.jike521.com/' [*] Web Spider: Found 21 links in URL: http://www.jike521.com/ [*] Web Spider: Started. … [*] Find Admin Page: Started. [*] Find Admin Page: Working... [*] Find Admin Page: Find Admin Page: http://www.jike521.com/ [*] Find Admin Page: Finished. [*] Find Admin Page: Working... [*] Find Admin Page: Find Admin Page: http://www.jike521.com/img/tab.js [*] Find Admin Page: Finished. [*] Find Admin Page: Find Admin Page: http://www.jike521.com/admin.html <!> Vulnerability 'generic' dicovered by plugin 'Find Admin Page'. Risk level: 0 [*] Find Admin Page: Finished. [*] Find Admin Page: Working... …

然后我们打开 result.html:

里面就有FindAdminPage插件所查找出来的漏洞信息。

2.2.2插件调试

      如果每次都启动golismero来测试插件，调试将灰常灰常麻烦，一是多进程调试非常麻烦，二是非常消耗时间，严重影响插件的开发效率，所以golismero里面提供了一个插件的测试脚本golismero/main/testing.py，我们可以直接简单地构建一个测试环境来测试脚本。比如，我们想调试一下FindAdminPage脚本，但不想通过启动glismero这个大工程，可以在在golismero的根目录下，创建一个测试脚本jekkay-test.py，内容如下：

#!/usr/bin/env python # -*- coding: utf-8 -*-   import os from os import path import sys   script = __file__ if path.islink(script):     script = path.realpath(script) here = path.split(path.abspath(script))[0] if not here:  # if it fails use cwd instead     here = path.abspath(os.getcwd()) thirdparty_libs = path.join(here, "thirdparty_libs") if path.exists(thirdparty_libs):     has_here = here in sys.path     has_thirdparty_libs = thirdparty_libs in sys.path     if not (has_here and has_thirdparty_libs):         if has_here:             sys.path.remove(here)         if has_thirdparty_libs:             sys.path.remove(thirdparty_libs)         if __name__ == "__main__":             # As a portable script: use our versions always             sys.path.insert(0, thirdparty_libs)             sys.path.insert(0, here)         else:             # When installing: prefer system version to ours             sys.path.insert(0, here)             sys.path.append(thirdparty_libs)     from golismero.main.testing import PluginTester from golismero.api.data.resource.url import Url   def main():     with PluginTester() as t:         u = Url("http://www.example.com/admin")         print t.run_plugin("testing/scan/findadminpage", u)                    if __name__ =='__main__':     main()

值得注意的话，域名默认是www.example.com，假如需要修改域名的话，那么就需要更改成下面的代码：

with PluginTester(autoinit=False) as t: t.audit_config.targets = ["http://www.mydomain.com/"]    t.init_environment()    u = BaseUrl("http://www. mydomain.com/")    print t.run_plugin("testing/recon/robots", u)

      基本测试没有问题之后，然后再启动golismero进行测试。

胡杨

2013/09/18