Skip to content

How to use the cannon api

Jump to bottom Edit New page
Vex Woo edited this page Oct 17, 2016 · 1 revision

What is the cannon api ?

Cannon is a autopwn feature, and developers can scan multi targets based on it with the custom poc modules. If you want more, please view cannon-api code.

Cannon Class

Cannon is a class which handles poc(s) parameters and registers poc(s).

class Cannon():

    def __init__(self, target, info={}, mode='veirfy', params={}, headers={}, timeout=30):
        self.target = target
        self.pocString = info["pocstring"]
        self.pocName = info["pocname"].replace('.', '')
        self.mode = mode if mode in ('verify', 'attack') else 'verify'
        self.delmodule = False
        self.params = params
        conf.isPycFile = info.get('ispycfile', False)
        conf.httpHeaders = HTTP_DEFAULT_HEADER
        # fix issue #112
        conf.retry = 0
        if headers:
            conf.httpHeaders.update(headers)

        try:
            kb.registeredPocs
        except Exception:
            kb.registeredPocs = {}

...
...

If you want to register a poc, a necessary poc unit is needed.

from pocsuite.api.cannon import Cannon

info = {"pocname": "PoC的名字",
        "pocstring": "Poc Code",   # Python Code Here
        "mode": "verify( or attack)"
        }

target = "test.site"
invoker = Cannon(target, info)  # 生成用来引用 Pocsuite 的实例
result = invoker.run()			# 调用 Pocsuite, result 保存了 Pocsuite 执行的返回结果

How to use the cannon api ?

  • pocname: Poc Name.
  • pocstring: Poc Code, not Poc Path.
  • mode: verify mode, or attack mode.
#!/usr/bin/python
# coding:utf-8

from pocsuite.api.cannon import Cannon
info = {"pocname": "dlink_command_php_exec_noauth",
        "pocstring": open("./modules/dlink_command_php_exec_noauth.py").read(),
        "mode": "verify"}

target = "www.justfordemo.com"
invoker = Cannon(target, info)
result = invoker.run()
print result

('www.justfordemo.com',            # 测试站点
 'dlink_command_php_exec_noauth',  # poc名字
 '78176',                          # seebug id
 'D-Link',                         # poc针对应用
 'DIR-300, DIR-600',               # 目标应用版本
 (0, 'Internet nothing returned'), # poc执行后返回的成功、失败或异常等信息
 '2016-10-17 07:50:56',            # 时间
 '{}'                              # poc返回的result字典, 格式参照docs/CODING.md#poc-结果返回规范
)

How to know the scan result status ?

Please attention (0, 'Internet nothing returned').

ID 返回信息 ID说明
0 Fail PoC 正常执行,但是检测不存在漏洞
1 Success PoC 正常执行,且检测存在漏洞
2 NotImplementedError PoC 执行时发生 NotImplementedError 异常
3.0 ConnectionError PoC 执行时发生 ConnectionError 异常
3.1 HTTPError PoC 执行时发生 HTTPError 异常
3.2 ConnectTimeout PoC 执行时发生 ConnectTimeout 异常
3.3 TooManyRedirects PoC 执行时发生 TooManyRedirects 异常
4 Other PoC 执行时发生其他异常
Add a custom footer

Pocsuite Wiki Pages

  • Home Welcome to Pocsuite!
Clone this wiki locally