zfsafe/tools/HydraTool.py

import os
import shlex
import re
from collections import OrderedDict
from tools.ToolBase import ToolBase

class HydraTool(ToolBase):
    def validate_instruction(self, instruction):
        timeout = 0
        current_path = os.path.dirname(os.path.realpath(__file__))
        #hydra过滤  需要判断指令中添加字典文件存不存在
        match_p = re.search(r'-P\s+([^\s]+)', instruction)
        match_l = re.search(r'-L\s+([^\s]+)', instruction)
        if match_p:
            str_p = match_p.group(1)
            #判断文件是否存在
            #if not os.path.exists(str_p):   #文件不存在要替换
            new_pass_path = os.path.join(current_path, "../payload", "passwords")
            instruction = instruction.replace(str_p,new_pass_path)
        if match_l:
            str_l = match_l.group(1)
            #判断文件是否存在
            #if not os.path.exists(str_l):
            new_user_path = os.path.join(current_path, "../payload", "users")
            instruction = instruction.replace(str_l, new_user_path)

        #不是双字典的情况加-f
        if "-l" in instruction or "-p" in instruction:
            if "-f" not in instruction:
                instruction = instruction.strip() + " -f"   #当是单密码，或单用户名时，使用成功即停止模式

        #取消-v -V
        instruction = instruction.replace(" -V "," ")
        instruction = instruction.replace(" -v "," ")
        instruction = instruction.replace(" -vV","")
        #加-o   存在个不确定项是：若没有匹配到，输出文件里面是只有一行执行的命令，没有结果描述
        if " -o" not in instruction:
            instruction  = instruction + " -o hydra_result.txt"
        # # 加 -q
        # if " -q" not in instruction:
        #     instruction = instruction + " -q"

        return instruction,timeout

    def merge_info(self,result):
        try:
            # 按行分割输出，保留非空行
            lines = [line.strip() for line in result.splitlines() if line.strip() != ""]
            # 使用有序字典统计相同行的出现次数，保持原始顺序
            counts = OrderedDict()
            for line in lines:
                if line in counts:
                    counts[line] += 1
                else:
                    counts[line] = 1
            # 生成整合后的输出，重复的行后面跟上*次数标记
            output_lines = []
            for line, count in counts.items():
                if count > 1:
                    output_lines.append(f"{line} *{count}")
                else:
                    output_lines.append(line)
            consolidated = "\n".join(output_lines)
            return consolidated
        except Exception as e:
            return result

    def analyze_result(self, result,instruction,stderr,stdout):
        #返回结果
        # result = self.merge_info(result)
        # print(result)
        #加文件后缀了
        lines = result.splitlines()
        if len(lines) == 1:
            result = "没有匹配到成功的结果"
        return result