|
|
|
|
import os
|
|
|
|
|
import shlex
|
|
|
|
|
import re
|
|
|
|
|
from tools.ToolBase import ToolBase
|
|
|
|
|
|
|
|
|
|
class HydraTool(ToolBase):
|
|
|
|
|
def validate_instruction(self, instruction):
|
|
|
|
|
timeout = 0
|
|
|
|
|
current_path = os.path.dirname(os.path.realpath(__file__))
|
|
|
|
|
#hydra过滤 需要判断指令中添加字典文件存不存在
|
|
|
|
|
match_p = re.search(r'-P\s+([^\s]+)', instruction)
|
|
|
|
|
match_l = re.search(r'-L\s+([^\s]+)', instruction)
|
|
|
|
|
if match_p:
|
|
|
|
|
str_p = match_p.group(1)
|
|
|
|
|
#判断文件是否存在
|
|
|
|
|
if not os.path.exists(str_p): #文件不存在要替换
|
|
|
|
|
new_pass_path = os.path.join(current_path, "../payload", "passwords")
|
|
|
|
|
instruction = instruction.replace(str_p,new_pass_path)
|
|
|
|
|
if match_l:
|
|
|
|
|
str_l = match_l.group(1)
|
|
|
|
|
#判断文件是否存在
|
|
|
|
|
if not os.path.exists(str_l):
|
|
|
|
|
new_user_path = os.path.join(current_path, "../payload", "users")
|
|
|
|
|
instruction = instruction.replace(str_l, new_user_path)
|
|
|
|
|
|
|
|
|
|
if "-l" in instruction or "-p" in instruction:
|
|
|
|
|
if "-f" not in instruction:
|
|
|
|
|
instruction = instruction + " -f" #当是单密码,或单用户名时,使用成功即停止模式
|
|
|
|
|
|
|
|
|
|
return instruction,timeout
|
|
|
|
|
|
|
|
|
|
def analyze_result(self, result,instruction,stderr,stdout):
|
|
|
|
|
#返回结果
|
|
|
|
|
return result
|
