Zeus-Scanner/lib/attacks/intel_me/__init__.py
2017-09-13 16:38:54 -05:00

67 lines
2.1 KiB
Python

import re
import socket
import lib.settings
BANNER_REGEX = re.compile("{} {}".format(lib.settings.AMT_SERVER_REGEX, lib.settings.AMT_BANNER_REGEX))
def _is_vuln(response):
if BANNER_REGEX.search(response) is not None:
return True
return False
def create_connection(host, port, proxy=None, resp_size=1024):
send_data = "GET / HTTP/1.1\r\n\r\n"
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
conn.settimeout(10)
#if proxy is None:
conn.connect((host, int(port)))
#else:
# data_list = proxy.split("://")
# conn.connect(())
conn.send(send_data)
response = conn.recv(resp_size)
conn.close()
return response
def intel_amt_main(host, proxy=None, verbose=False):
if proxy is not None:
lib.settings.logger.warning(lib.settings.set_color(
"proxies are not implemented yet, you will not be connected through your proxy...", level=30
))
ip_address = socket.gethostbyname(host)
lib.settings.logger.info(lib.settings.set_color(
"checking for Intel ME AMT exploit on host '{}' IP address '{}'...".format(host, ip_address)
))
for port in lib.settings.AMT_PORTS:
if verbose:
lib.settings.logger.debug(lib.settings.set_color(
"checking port '{}'...".format(port), level=10
))
try:
resp = create_connection(ip_address, port, proxy=proxy)
if _is_vuln(resp):
lib.settings.logger.info(lib.settings.set_color(
"host '{}' appears to be vulnerable to AMT exploit on port '{}'...".format(host, port)
))
except socket.timeout:
lib.settings.logger.warning(lib.settings.set_color(
"host '{}' timed out on port {}, assuming not vulnerable and proceeding...".format(host, port), level=30
))
pass
except Exception as e:
lib.settings.logger.exception(lib.settings.set_color(
"caught exception '{}', assuming not vulnerable and proceeding...".format(e), level=50
))