def __init__(self):
self.port_scan = Port_Scan()
self.mysqldb = Mysql_db()
self.aes_crypto = Aes_Crypto()
self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
if not os.path.isdir(self.plugin_path):
raise EnvironmentError
self.items = os.listdir(self.plugin_path)
def __init__(self, mysqldb):
self.mysqldb = mysqldb
self.aes_crypto = Aes_Crypto()
class Port_Scan():
def __init__(self, mysqldb):
self.mysqldb = mysqldb
self.aes_crypto = Aes_Crypto()
def nmap_scan(self, username, target, description, target_ip, min_port,
max_port):
"""
用nmap进行扫描
:param username: 用户名
:param target: 待扫描的目标
:param target_ip: 待扫描的目标ip
:param min_port: 扫描端口的最小值
:param max_port: 扫描端口的最大值
:return scan_list: 扫描的结果
"""
scan_list = []
print('Nmap starting.....')
self.mysqldb.update_scan(username, target, '开始扫描端口')
nm = nmap.PortScanner()
arguments = '-p %s-%s -sS -sV -Pn -T4 --open' % (min_port, max_port)
nm.scan(hosts=target_ip, arguments=arguments)
try:
for host in nm.all_hosts():
for nmap_proto in nm[host].all_protocols():
lport = nm[host][nmap_proto].keys()
lport = sorted(lport)
for nmap_port in lport:
protocol = nm[host][nmap_proto][int(nmap_port)]['name']
product = nm[host][nmap_proto][int(
nmap_port)]['product']
version = nm[host][nmap_proto][int(
nmap_port)]['version']
if not self.mysqldb.get_target_port(
username, target, nmap_port):
self.mysqldb.save_target_port(
username, target, description,
self.aes_crypto.encrypt(str(nmap_port)),
self.aes_crypto.encrypt(protocol),
self.aes_crypto.encrypt(product),
self.aes_crypto.encrypt(version))
else:
self.mysqldb.update_target_port(
username, target, description,
self.aes_crypto.encrypt(str(nmap_port)),
self.aes_crypto.encrypt(protocol),
self.aes_crypto.encrypt(product),
self.aes_crypto.encrypt(version))
scan_list.append(str(host) + ':' + str(nmap_port))
print('Nmap scanned.....')
self.mysqldb.update_scan(username, target, '端口扫描结束')
except Exception as e:
print(e)
pass
finally:
pass
return scan_list
def masscan_scan(self, username, target, description, target_ip, min_port,
max_port, rate):
"""
用masscan进行扫描
:param username: 用户名
:param target: 待扫描的目标
:param target_ip: 待扫描的目标ip
:param min_port: 扫描端口的最小值
:param max_port: 扫描端口的最大值
:param rate: 扫描速率
:return scan_list: 扫描的结果
"""
scan_list = []
print('Masscan starting.....\n')
self.mysqldb.update_scan(username, target, '开始扫描端口')
masscan_scan = masscan.PortScanner()
masscan_scan.scan(
hosts=target_ip,
ports='%s-%s' % (min_port, max_port),
arguments=
'-sS -Pn -n --randomize-hosts -v --send-eth --open --rate %s' %
(rate))
try:
for host in masscan_scan.all_hosts:
for masscan_proto in masscan_scan[host].keys():
for masscan_port in masscan_scan[host][masscan_proto].keys(
):
nm = nmap.PortScanner()
arguments = '-p %s -sS -sV -Pn -T4 --open' % (
masscan_port)
nm.scan(hosts=host, arguments=arguments)
for nmap_proto in nm[host].all_protocols():
protocol = nm[host][nmap_proto][int(
masscan_port)]['name']
product = nm[host][nmap_proto][int(
masscan_port)]['product']
version = nm[host][nmap_proto][int(
masscan_port)]['version']
if not self.mysqldb.get_target_port(
username, target, masscan_port):
self.mysqldb.save_target_port(
username, target, description,
self.aes_crypto.encrypt(str(masscan_port)),
self.aes_crypto.encrypt(protocol),
self.aes_crypto.encrypt(product),
self.aes_crypto.encrypt(version))
else:
self.mysqldb.update_target_port(
username, target, description,
self.aes_crypto.encrypt(str(masscan_port)),
self.aes_crypto.encrypt(protocol),
self.aes_crypto.encrypt(product),
self.aes_crypto.encrypt(version))
scan_list.append(
str(host) + ':' + str(masscan_port))
print('Masscan scanned.....\n')
self.mysqldb.update_scan(username, target, '端口扫描结束')
except Exception as e:
print(e)
pass
finally:
pass
return scan_list
class Multiply_Thread():
def __init__(self):
self.port_scan = Port_Scan()
self.mysqldb = Mysql_db()
self.aes_crypto = Aes_Crypto()
self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
if not os.path.isdir(self.plugin_path):
raise EnvironmentError
self.items = os.listdir(self.plugin_path)
def async_exe(self, func, args = None, kwargs = None, delay = 0):
"""异步执行方法
:param func: 待执行方法
:param args: 方法args参数
:param kwargs: 方法kwargs参数
:param delay: 执行延迟时间
:return: 执行线程对象
"""
args = args or ()
kwargs = kwargs or {}
def tmp():
self.run(*args, **kwargs)
scheduler = sched.scheduler(time.time, time.sleep)
scheduler.enter(delay, 10, tmp, ())
thread = threading.Thread(target = scheduler.run)
thread.start()
return thread
def run(self, *args, **kwargs):
scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target'])
if scan_set['scanner'] == 'nmap':
scan_list = self.port_scan.nmap_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'])
else:
scan_list = self.port_scan.masscan_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'], scan_set['rate'])
self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '开始POC检测')
for ip_port in scan_list:
for item in self.items:
poc_path = os.path.join(self.plugin_path, item)
if '.py' not in poc_path:
poc_items = os.listdir(poc_path)
for poc_item in poc_items:
if poc_item.endswith(".py") and not poc_item.startswith('__'):
plugin_name = poc_item[:-3]
module = importlib.import_module('app.plugins.' + item + '.' + plugin_name)
try:
class_name = plugin_name + '_BaseVerify'
url = 'http://' + ip_port
get_class = getattr(module, class_name)(url)
result = get_class.run()
if result:
if not self.mysqldb.get_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)):
self.mysqldb.save_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(plugin_name))
else:
self.mysqldb.update_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name))
else:
pass
except:
pass
else:
continue
self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')
os.mkdir("images")
ALLOWED_EXTENSIONS = set(['png', 'jpg', 'jpeg', 'gif']) #限制上传文件格式
DATABASE = sys.path[0] + '/mydb.db'
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024
CORS(app, supports_credentials=True)
mysqldb = Mysql_db()
mysqldb.create_database('linbing')
mysqldb.create_user()
mysqldb.create_target()
mysqldb.create_vulnerability()
mysqldb.create_delete_target()
mysqldb.create_delete_vulnerability()
aes_crypto = Aes_Crypto()
rsa_crypto = Rsa_Crypto()
port_scan = Port_Scan()
def parse_target(target):
scan_ip = ''
try:
url_result = re.findall('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+',
target)
if url_result == []:
ip_result = re.findall(
r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b",
target)
if ip_result == []:
domain_regex = re.compile(
def __init__(self):
self.mysqldb = Mysql_db()
self.aes_crypto = Aes_Crypto()
class Multiply_Thread():
def __init__(self, mysqldb):
self.port_scan = Port_Scan(mysqldb)
self.mysqldb = mysqldb
self.aes_crypto = Aes_Crypto()
self.plugin_path = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "plugins")
if not os.path.isdir(self.plugin_path):
raise EnvironmentError
self.items = os.listdir(self.plugin_path)
def async_exe(self, func, args=None, kwargs=None, delay=0):
"""异步执行方法
:param func: 待执行方法
:param args: 方法args参数
:param kwargs: 方法kwargs参数
:param delay: 执行延迟时间
:return: 执行线程对象
"""
args = args or ()
kwargs = kwargs or {}
def tmp():
self.run(*args, **kwargs)
scheduler = sched.scheduler(time.time, time.sleep)
scheduler.enter(delay, 10, tmp, ())
thread = threading.Thread(target=scheduler.run)
thread.start()
return thread
async def coroutine_execution(self, function, loop, semaphore, kwargs,
ip_port, plugin_name):
"""
多协程执行方法
:param func: 待执行方法
:param loop: loop 对象
:param semaphore: 协程并发数量
:param kwargs: kwargs参数,方便与数据库联动,保存到数据库
:param ip_port: 目标的ip和端口,方便与数据库联动,保存到数据库
:param plugin_name: 插件的名字,方便与数据库联动,保存到数据库
:return: 执行线程对象
"""
async with semaphore:
try:
result = await loop.run_in_executor(
None, functools.partial(function.run))
if result:
if not self.mysqldb.get_vulnerability(
kwargs['username'], kwargs['target'],
self.aes_crypto.encrypt(ip_port),
self.aes_crypto.encrypt(plugin_name)):
self.mysqldb.save_vulnerability(
kwargs['username'], kwargs['target'],
self.aes_crypto.encrypt(plugin_name),
self.aes_crypto.encrypt(ip_port),
self.aes_crypto.encrypt(plugin_name),
self.aes_crypto.encrypt(plugin_name))
else:
self.mysqldb.update_vulnerability(
kwargs['username'], kwargs['target'],
self.aes_crypto.encrypt(ip_port),
self.aes_crypto.encrypt(plugin_name))
else:
pass
except Exception as e:
#print(e)
pass
def sub_domain(self, username, target, description, domain):
"""
调用oneforall爆破子域名
:param username: 用户名
:param targer: 目标
:param description: 目标描述
:param domain: 要爆破的域名
:return:
"""
oneforall = OneForAll(domain)
datas = oneforall.run()
for domain in datas:
self.mysqldb.save_target_domain(
username, target, description,
self.aes_crypto.encrypt(domain['subdomain']),
self.aes_crypto.encrypt(domain['ip']))
#print(domain['alive'])
#print(domain['port'])
#print(domain['cdn'])
#print(domain['title'])
#print(domain['banner'])
def run(self, *args, **kwargs):
scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target'])
if kwargs['domain']:
self.mysqldb.update_scan(kwargs['username'], kwargs['target'],
'开始子域名检测')
self.sub_domain(kwargs['username'], kwargs['target'],
kwargs['description'], kwargs['domain'][0])
if scan_set['scanner'] == 'nmap':
scan_list = self.port_scan.nmap_scan(
kwargs['username'], kwargs['target'], kwargs['description'],
kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'])
else:
scan_list = self.port_scan.masscan_scan(
kwargs['username'], kwargs['target'], kwargs['description'],
kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'],
scan_set['rate'])
self.mysqldb.update_scan(kwargs['username'], kwargs['target'],
'开始POC检测')
new_loop = asyncio.new_event_loop()
asyncio.set_event_loop(new_loop)
semaphore = asyncio.Semaphore(int(scan_set['concurren_number']))
tasks = []
loop = asyncio.get_event_loop()
for ip_port in scan_list:
for item in self.items:
poc_path = os.path.join(self.plugin_path, item)
if '.py' not in poc_path:
poc_items = os.listdir(poc_path)
for poc_item in poc_items:
if poc_item.endswith(
".py") and not poc_item.startswith(
'__') and 'ajpy' not in poc_item:
plugin_name = poc_item[:-3]
module = importlib.import_module('app.plugins.' +
item + '.' +
plugin_name)
try:
class_name = plugin_name + '_BaseVerify'
url = 'http://' + ip_port
get_class = getattr(module, class_name)(url)
future = asyncio.ensure_future(
self.coroutine_execution(
get_class, loop, semaphore, kwargs,
ip_port, plugin_name))
tasks.append(future)
except Exception as e:
print(e)
pass
else:
continue
loop.run_until_complete(asyncio.wait(tasks))
self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')