remove ZoomEye_APIKEY, add (USERNAME / PASSWORD)

2016-10-20 22:48:01 -05:00 · 2016-10-20 22:48:01 -05:00 · 344b688ae5
parent 097a273abb
commit 344b688ae5
1 changed files with 42 additions and 12 deletions
--- a/modules/auxiliary/gather/zoomeye_search.rb
+++ b/modules/auxiliary/gather/zoomeye_search.rb
@ -35,7 +35,8 @@ class MetasploitModule < Msf::Auxiliary

      register_options(
        [
-          OptString.new('ZOOMEYE_APIKEY', [true, 'The ZoomEye API Key']),
+          OptString.new('USERNAME', [true, 'The ZoomEye username']),
+          OptString.new('PASSWORD', [true, 'The ZoomEye password']),
          OptString.new('ZOOMEYE_DORK', [true, 'The ZoomEye Dock']),
          OptEnum.new('RESOURCE', [true, 'ZoomEye Resource Type', 'host', ['host', 'web']]),
          OptInt.new('MAXPAGE', [true, 'Max amount of pages to collect', 1])
@ -53,6 +54,32 @@ class MetasploitModule < Msf::Auxiliary
    true
  end

+  def login(username, password)
+    # See more: https://www.zoomeye.org/api/doc#login
+
+    access_token = ''
+    @cli = Rex::Proto::Http::Client.new('api.zoomeye.org', 443, {}, true)
+    @cli.connect
+
+    data = {'username' => username, 'password' => password}
+    req = @cli.request_cgi({
+      'uri'    => '/user/login',
+      'method' => 'POST',
+      'data'   => data.to_json
+    })
+
+    res = @cli.send_recv(req)
+
+    unless res
+      print_error('server_response_error')
+      return
+    end
+
+    records = ActiveSupport::JSON.decode(res.body)
+    access_token = records['access_token'] if records && records.key?('access_token')
+    access_token
+  end
+
  def dork_search(dork, resource, page)
    # param: dork
    #        ex: country:cn
@ -65,22 +92,19 @@ class MetasploitModule < Msf::Auxiliary
    #        ex: [app, device]
    #         A comma-separated list of properties to get summary information

-    cli = Rex::Proto::Http::Client.new('api.zoomeye.org', 443, {}, true)
-    cli.connect
-
    begin
-      req = cli.request_cgi({
-        'uri' => "/#{resource}/search",
-        'method' => 'GET',
-        'headers' => { 'Authorization' => "JWT #{datastore['ZOOMEYE_APIKEY']}" },
+      req = @cli.request_cgi({
+        'uri'      => "/#{resource}/search",
+        'method'   => 'GET',
+        'headers'  => { 'Authorization' => "JWT #{@zoomeye_token}" },
        'vars_get' => {
-          'query' => dork,
-          'page' => page,
-          'facet' => 'ip'
+          'query'  => dork,
+          'page'   => page,
+          'facet'  => 'ip'
        }
      })

-      res = cli.send_recv(req)
+      res = @cli.send_recv(req)

    rescue ::Rex::ConnectionError, Errno::ECONNREFUSED, Errno::ETIMEDOUT
      print_error("HTTP Connection Failed")
@ -131,6 +155,12 @@ class MetasploitModule < Msf::Auxiliary
      return
    end

+    @zoomeye_token = login(datastore['USERNAME'], datastore['PASSWORD'])
+    unless @zoomeye_token
+      print_error("Unable to login api.zoomeye.org")
+      return
+    end
+
    # create ZoomEye request parameters
    dork = datastore['ZOOMEYE_DORK']
    resource = datastore['RESOURCE']