def param_address_range(self, name="address_range"):
raw_input = self._custom_param.get(name)
try:
raw_lines = raw_input.split(",")
except Exception as E:
print(E)
return []
ipaddress_list = []
for line in raw_lines:
if '-' in line:
try:
startip = line.split("-")[0]
endip = line.split("-")[1]
ipnetwork_list = summarize_address_range(
IPv4Address(startip), IPv4Address(endip))
for ipnetwork in ipnetwork_list:
for ip in ipnetwork:
if ip.compressed not in ipaddress_list:
ipaddress_list.append(ip.compressed)
except Exception as E:
print(E)
elif line == "":
continue
else:
try:
ipnetwork = IPv4Network(line)
for ip in ipnetwork:
if ip.compressed not in ipaddress_list:
ipaddress_list.append(ip.compressed)
except Exception as E:
logger.exception(E)
return ipaddress_list
def disconnect(self, close_code):
try:
async_to_sync(self.channel_layer.group_discard)("msfconsole", self.channel_name)
Xcache.clean_msfconsoleinputcache()
except Exception as E:
logger.exception(E)
pass
def list(engine, querystr, page=1, size=100):
if engine == "FOFA":
client = FOFAClient()
flag = client.init_conf_from_cache()
if flag is not True:
context = data_return(301, NetworkSearch_MSG.get(301), {})
return context
else:
context = data_return(304, NetworkSearch_MSG.get(304), {})
return context
try:
flag, data = client.get_data(query_str=querystr,
page=page,
size=size)
if flag is not True:
context = data_return(303, NetworkSearch_MSG.get(303),
{"errmsg": data})
else:
context = data_return(200, CODE_MSG.get(200), data)
return context
except Exception as E:
logger.exception(E)
context = data_return(303, NetworkSearch_MSG.get(303),
{"errmsg": NetworkSearch_MSG.get(303)})
return context
def split_ip(ip):
try:
result = tuple(int(part) for part in ip.split('.'))
except Exception as E:
logger.exception(E)
return 0, 0, 0
return result
def list(self, request, **kwargs):
try:
sessionid = int(request.query_params.get('sessionid', None))
context = Route.list(sessionid=sessionid)
except Exception as E:
logger.exception(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def _store_result_in_history(self):
"""存储模块运行结果到历史记录"""
if self.MODULETYPE in [TAG2CH.internal]:
return None
opts = {}
for key in self._custom_param:
for option in self.OPTIONS:
if option.get("name") == key:
if self._custom_param.get(key) is None:
continue
opts[option.get("name_tag")] = self._custom_param.get(key)
# 处理凭证,监听,文件等参数
try:
if key == HANDLER_OPTION.get("name"):
handler_dict = json.loads(
self._custom_param.get(key))
# 清理无效的参数
new_params = {
"PAYLOAD": handler_dict.get("PAYLOAD"),
"LPORT": handler_dict.get("LPORT")
}
if handler_dict.get("LHOST") is not None:
new_params["LHOST"] = handler_dict.get("LHOST")
if handler_dict.get("RHOST") is not None:
new_params["RHOST"] = handler_dict.get("RHOST")
opts[option.get("name_tag")] = json.dumps(
new_params)
elif key == FILE_OPTION.get("name"):
file_dict = json.loads(self._custom_param.get(key))
opts[option.get("name_tag")] = json.dumps({
"name":
file_dict.get("name"),
})
elif key == CREDENTIAL_OPTION.get("name"):
credential_dict = json.loads(
self._custom_param.get(key))
opts[option.get("name_tag")] = json.dumps({
"username":
credential_dict.get("username"),
"password":
credential_dict.get("password"),
"password_type":
credential_dict.get("password_type"),
})
except Exception as E:
logger.exception(E)
module_result = Xcache.get_module_result(ipaddress=self.host_ipaddress,
loadpath=self.__module__)
flag = Xcache.add_module_result_history(
ipaddress=self.host_ipaddress,
loadpath=self.__module__,
opts=opts,
update_time=module_result.get("update_time"),
result=module_result.get("result"))
return flag
def _cleanup_files(self):
try:
os.remove(self._src_file)
except Exception as E:
logger.exception(E)
try:
os.remove(self._exe_file)
except Exception as E:
logger.exception(E)
def decrypt_file_name(enfilename):
key = Xcache.get_aes_key()
pr = Aescrypt(key, 'ECB', '', 'utf-8')
try:
enfilename_url = parse.unquote(enfilename)
filename = pr.aesdecrypt(enfilename_url)
return filename
except Exception as E:
logger.exception(E)
return None
def cleanup_files(self):
src_file = os.path.join(TMP_DIR, f"{self.file_name}.c")
exe_file = os.path.join(TMP_DIR, f"{self.file_name}.exe")
try:
os.remove(src_file)
except Exception as E:
logger.exception(E)
try:
os.remove(exe_file)
except Exception as E:
logger.exception(E)
def from_db_value(self, value, expression, connection):
if not value:
value = []
if isinstance(value, dict):
return value
# 直接将字符串转换成python内置的list
try:
return ast.literal_eval(value)
except Exception as E:
from Lib.log import logger
logger.exception(E)
logger.error(value)
return {}
def update(cid=None, desc=None):
try:
orm_model = CredentialModel.objects.get(id=cid)
except Exception as E:
logger.exception(E)
context = data_return(404, Credential_MSG.get(404), {})
return context
orm_model.desc = desc
orm_model.save()
data = CredentialSerializer(orm_model).data
context = data_return(202, Credential_MSG.get(202), data)
return context
def list_all():
try:
result = Xcache.list_module_result_history()
for one in result:
loadpath = one.get("loadpath")
moduleconfig = Xcache.get_moduleconfig(loadpath)
if moduleconfig is None:
continue
one["module_name"] = moduleconfig.get("NAME")
return result
except Exception as E:
logger.exception(E)
return []
def compile_c(self, src, arch="x64"):
bindata = None
exe_file = os.path.join(TMP_DIR, f"{self.file_name}.exe")
cmd = self.build_cmd(src, arch)
ret = subprocess.run(cmd, capture_output=True, text=True)
if ret.returncode != 0:
logger.warning(ret.stdout)
logger.warning(ret.stderr)
else:
try:
with open(exe_file, 'rb') as f:
bindata = f.read()
except Exception as E:
logger.exception(E)
self.cleanup_files()
return bindata
def list_msf_files():
result = []
try:
filelist = os.listdir(MSFLOOT)
for file in filelist:
filepath = os.path.join(MSFLOOT, file)
if os.path.isfile(filepath):
fileinfo = os.stat(filepath)
enfilename = FileMsf.encrypt_file_name(file)
result.append({
"name": file,
"enfilename": enfilename,
"size": fileinfo.st_size,
"mtime": int(fileinfo.st_mtime)
})
return result
except Exception as E:
logger.exception(E)
return []
def get_city(ip):
result = Xcache.get_city_reader_cache(ip)
if result is not None:
return result
city_mmdb_dir = os.path.join(settings.BASE_DIR, 'STATICFILES',
'STATIC', 'GeoLite2-City.mmdb')
city_reader = geoip2.database.Reader(city_mmdb_dir)
try:
response = city_reader.city(ip)
except Exception as _:
Xcache.set_city_reader_cache(ip, "局域网")
return "局域网"
country = ""
try:
country = response.country.name
country = response.country.names['zh-CN']
except Exception as E:
logger.exception(E)
if country is None:
country = ""
subdivision = ""
try:
subdivision = response.subdivisions.most_specific.name
subdivision = response.subdivisions.most_specific.names['zh-CN']
except Exception as _:
pass
if subdivision is None:
subdivision = ""
city = ""
try:
city = response.city.name
city = response.city.names['zh-CN']
except Exception as _:
pass
if city is None:
city = ""
result = f"{country} {subdivision} {city}"
Xcache.set_city_reader_cache(ip, result)
return result
def send_text(token, chat_id, proxy, msg):
if isinstance(chat_id, str):
chat_id = [chat_id]
elif isinstance(chat_id, list):
pass
else:
return []
send_result = []
if proxy is None or proxy == "":
try:
bot = Bot(token=token)
except Exception as E:
logger.exception(E)
return []
else:
proxy_url = proxy
request = telegram.utils.request.Request(proxy_url=proxy_url)
try:
bot = Bot(token=token, request=request)
except Exception as E:
logger.exception(E)
return []
for one_chat_id in chat_id:
try:
bot.send_message(chat_id=one_chat_id, text=msg, timeout=1)
send_result.append(one_chat_id)
except Exception as E:
logger.exception(E)
logger.warning("无效的chat_id: {}".format(one_chat_id))
return send_result
def compile(self, arch="x64"):
bindata = None
# 生成源码文件
with open(self._src_file, "wb") as f:
f.write(self.source_code.encode("utf-8"))
# 编译
cmd = self._build_cmd(arch)
ret = subprocess.run(cmd, capture_output=True, text=True)
if ret.returncode != 0:
logger.warning(ret.stdout)
logger.warning(ret.stderr)
else:
try:
with open(self._exe_file, 'rb') as f:
bindata = f.read()
except Exception as E:
logger.exception(E)
# 清理遗留文件
self._cleanup_files()
return bindata
def get_alive_chat_id(token=None, proxy=None):
if proxy is None or proxy == "":
bot = Bot(token=token)
else:
proxy_url = proxy
request = telegram.utils.request.Request(proxy_url=proxy_url)
bot = Bot(token=token, request=request)
user_chat_id_list = []
try:
result = bot.get_updates()
except Exception as E:
logger.exception(E)
return user_chat_id_list
for update in result:
first_name = update.effective_chat.first_name if update.effective_chat.first_name is not None else ""
last_name = update.effective_chat.last_name if update.effective_chat.last_name is not None else ""
one_data = {
"user": "******".format(first_name, last_name),
"chat_id": update.effective_chat.id
}
if one_data not in user_chat_id_list:
user_chat_id_list.append(one_data)
return user_chat_id_list
def get_windows_password(sessionid):
module_type = "post"
mname = "windows/gather/credentials/mimikatz"
opts = {'SESSION': sessionid}
output = MsfModule.run_with_output(module_type, mname, opts)
try:
result = json.loads(output)
except Exception as E:
logger.exception(E)
result = {'status': False}
credential_list = []
if result.get('status') is True:
data = result.get('data')
if isinstance(data, list):
for record in data:
if record.get('password') is '' or record.get(
'password').find('n.a.') >= 0:
continue
credential_list.append({
'domain': record.get('domain'),
'user': record.get('user'),
'password': record.get('password')
})
return credential_list
def is_valid(self):
for oneEnum in self._enum_list:
if oneEnum.get("name") is None:
logger.exception(
f"参数 {self._name} 格式不符合要求,正确格式应为字典,其中包含name及value字段")
def load_all_modules_config():
all_modules_config = []
# viper 内置模块
viper_module_count = 0
modulenames = os.listdir(os.path.join(settings.BASE_DIR, 'MODULES'))
for modulename in modulenames:
modulename = modulename.split(".")[0]
if modulename == "__init__" or modulename == "__pycache__": # __init__.py的特殊处理
continue
class_intent = importlib.import_module(f'MODULES.{modulename}')
try:
if isinstance(class_intent.PostModule.ATTCK, str):
attck = [class_intent.PostModule.ATTCK]
elif isinstance(class_intent.PostModule.ATTCK, list):
attck = [class_intent.PostModule.ATTCK]
else:
attck = []
one_module_config = {
"BROKER": class_intent.PostModule.MODULE_BROKER, # 处理器
"NAME": class_intent.PostModule.NAME,
"DESC": class_intent.PostModule.DESC,
"WARN": class_intent.PostModule.WARN,
"AUTHOR": class_intent.PostModule.AUTHOR,
"REFERENCES": class_intent.PostModule.REFERENCES,
"README": class_intent.PostModule.README,
"MODULETYPE": class_intent.PostModule.MODULETYPE,
"OPTIONS": class_intent.PostModule.OPTIONS,
"loadpath": 'MODULES.{}'.format(modulename),
# post类配置
"REQUIRE_SESSION": class_intent.PostModule.REQUIRE_SESSION,
"PLATFORM": class_intent.PostModule.PLATFORM,
"PERMISSIONS": class_intent.PostModule.PERMISSIONS,
"ATTCK": attck,
# bot类配置
"SEARCH": class_intent.PostModule.SEARCH,
}
all_modules_config.append(one_module_config)
viper_module_count += 1
except Exception as E:
logger.error(E)
continue
logger.warning("内置模块加载完成,加载{}个模块".format(viper_module_count))
Notice.send_success(f"内置模块加载完成,加载{viper_module_count}个模块")
# 自定义模块
diy_module_count = 0
modulenames = os.listdir(
os.path.join(settings.BASE_DIR, 'Docker', "module"))
for modulename in modulenames:
modulename = modulename.split(".")[0]
if modulename == "__init__" or modulename == "__pycache__": # __init__.py的特殊处理
continue
try:
class_intent = importlib.import_module(
'Docker.module.{}'.format(modulename))
importlib.reload(class_intent)
except Exception as E:
logger.exception(E)
Notice.send_alert(f"加载自定义模块:{modulename} 失败")
continue
try:
if isinstance(class_intent.PostModule.ATTCK, str):
attck = [class_intent.PostModule.ATTCK]
elif isinstance(class_intent.PostModule.ATTCK, list):
attck = [class_intent.PostModule.ATTCK]
else:
attck = []
one_module_config = {
"BROKER": class_intent.PostModule.MODULE_BROKER, # 处理器
"NAME": class_intent.PostModule.NAME,
"DESC": class_intent.PostModule.DESC,
"WARN": class_intent.PostModule.WARN,
"AUTHOR": class_intent.PostModule.AUTHOR,
"REFERENCES": class_intent.PostModule.REFERENCES,
"README": class_intent.PostModule.README,
"MODULETYPE": class_intent.PostModule.MODULETYPE,
"OPTIONS": class_intent.PostModule.OPTIONS,
"loadpath": 'Docker.module.{}'.format(modulename),
# post类配置
"REQUIRE_SESSION": class_intent.PostModule.REQUIRE_SESSION,
"PLATFORM": class_intent.PostModule.PLATFORM,
"PERMISSIONS": class_intent.PostModule.PERMISSIONS,
"ATTCK": attck,
# bot类配置
"SEARCH": class_intent.PostModule.SEARCH,
}
all_modules_config.append(one_module_config)
diy_module_count += 1
except Exception as E:
logger.error(E)
continue
logger.warning("自定义模块加载完成,加载{}个模块".format(diy_module_count))
Notice.send_success(f"自定义模块加载完成,加载{diy_module_count}个模块")
all_modules_config.sort(key=lambda s: (TAG2CH.get_moduletype_order(
s.get('MODULETYPE')), s.get('loadpath')))
if Xcache.update_moduleconfigs(all_modules_config):
return len(all_modules_config)
else:
return 0
