mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
67 lines
2.1 KiB
Python
67 lines
2.1 KiB
Python
import re
|
|
import socket
|
|
|
|
import lib.settings
|
|
|
|
|
|
BANNER_REGEX = re.compile("{} {}".format(lib.settings.AMT_SERVER_REGEX, lib.settings.AMT_BANNER_REGEX))
|
|
|
|
|
|
def _is_vuln(response):
|
|
if BANNER_REGEX.search(response) is not None:
|
|
return True
|
|
return False
|
|
|
|
|
|
def create_connection(host, port, proxy=None, resp_size=1024):
|
|
send_data = "GET / HTTP/1.1\r\n\r\n"
|
|
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
conn.settimeout(10)
|
|
|
|
#if proxy is None:
|
|
conn.connect((host, int(port)))
|
|
#else:
|
|
# data_list = proxy.split("://")
|
|
# conn.connect(())
|
|
|
|
conn.send(send_data)
|
|
response = conn.recv(resp_size)
|
|
conn.close()
|
|
return response
|
|
|
|
|
|
def intel_amt_main(host, proxy=None, verbose=False):
|
|
if proxy is not None:
|
|
lib.settings.logger.warning(lib.settings.set_color(
|
|
"proxies are not implemented yet, you will not be connected through your proxy...", level=30
|
|
))
|
|
|
|
ip_address = socket.gethostbyname(host)
|
|
lib.settings.logger.info(lib.settings.set_color(
|
|
"checking for Intel ME AMT exploit on host '{}' IP address '{}'...".format(host, ip_address)
|
|
))
|
|
for port in lib.settings.AMT_PORTS:
|
|
if verbose:
|
|
lib.settings.logger.debug(lib.settings.set_color(
|
|
"checking port '{}'...".format(port), level=10
|
|
))
|
|
|
|
try:
|
|
resp = create_connection(ip_address, port, proxy=proxy)
|
|
|
|
if _is_vuln(resp):
|
|
lib.settings.logger.info(lib.settings.set_color(
|
|
"host '{}' appears to be vulnerable to AMT exploit on port '{}'...".format(host, port)
|
|
))
|
|
except socket.timeout:
|
|
lib.settings.logger.warning(lib.settings.set_color(
|
|
"host '{}' timed out on port {}, assuming not vulnerable and proceeding...".format(host, port), level=30
|
|
))
|
|
pass
|
|
except Exception as e:
|
|
lib.settings.logger.exception(lib.settings.set_color(
|
|
"caught exception '{}', assuming not vulnerable and proceeding...".format(e), level=50
|
|
))
|
|
|
|
|
|
|