Beispiel #1
0
 def __init__(self):
     self.port_scan = Port_Scan()
     self.mysqldb = Mysql_db()
     self.aes_crypto = Aes_Crypto()
     self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
     if not os.path.isdir(self.plugin_path):
         raise EnvironmentError
     self.items = os.listdir(self.plugin_path)
Beispiel #2
0
 def __init__(self, mysqldb):
     self.mysqldb = mysqldb
     self.aes_crypto = Aes_Crypto()
Beispiel #3
0
class Port_Scan():
    def __init__(self, mysqldb):
        self.mysqldb = mysqldb
        self.aes_crypto = Aes_Crypto()

    def nmap_scan(self, username, target, description, target_ip, min_port,
                  max_port):
        """
        用nmap进行扫描

        :param username: 用户名
        :param target: 待扫描的目标
        :param target_ip: 待扫描的目标ip
        :param min_port: 扫描端口的最小值
        :param max_port: 扫描端口的最大值
        :return scan_list: 扫描的结果
        """
        scan_list = []
        print('Nmap starting.....')
        self.mysqldb.update_scan(username, target, '开始扫描端口')
        nm = nmap.PortScanner()
        arguments = '-p %s-%s -sS -sV -Pn -T4 --open' % (min_port, max_port)
        nm.scan(hosts=target_ip, arguments=arguments)
        try:
            for host in nm.all_hosts():
                for nmap_proto in nm[host].all_protocols():
                    lport = nm[host][nmap_proto].keys()
                    lport = sorted(lport)
                    for nmap_port in lport:
                        protocol = nm[host][nmap_proto][int(nmap_port)]['name']
                        product = nm[host][nmap_proto][int(
                            nmap_port)]['product']
                        version = nm[host][nmap_proto][int(
                            nmap_port)]['version']
                        if not self.mysqldb.get_target_port(
                                username, target, nmap_port):
                            self.mysqldb.save_target_port(
                                username, target, description,
                                self.aes_crypto.encrypt(str(nmap_port)),
                                self.aes_crypto.encrypt(protocol),
                                self.aes_crypto.encrypt(product),
                                self.aes_crypto.encrypt(version))
                        else:
                            self.mysqldb.update_target_port(
                                username, target, description,
                                self.aes_crypto.encrypt(str(nmap_port)),
                                self.aes_crypto.encrypt(protocol),
                                self.aes_crypto.encrypt(product),
                                self.aes_crypto.encrypt(version))
                        scan_list.append(str(host) + ':' + str(nmap_port))
            print('Nmap scanned.....')
            self.mysqldb.update_scan(username, target, '端口扫描结束')
        except Exception as e:
            print(e)
            pass
        finally:
            pass
        return scan_list

    def masscan_scan(self, username, target, description, target_ip, min_port,
                     max_port, rate):
        """
        用masscan进行扫描

        :param username: 用户名
        :param target: 待扫描的目标
        :param target_ip: 待扫描的目标ip
        :param min_port: 扫描端口的最小值
        :param max_port: 扫描端口的最大值
        :param rate: 扫描速率
        :return scan_list: 扫描的结果
        """
        scan_list = []
        print('Masscan starting.....\n')
        self.mysqldb.update_scan(username, target, '开始扫描端口')
        masscan_scan = masscan.PortScanner()
        masscan_scan.scan(
            hosts=target_ip,
            ports='%s-%s' % (min_port, max_port),
            arguments=
            '-sS -Pn -n --randomize-hosts -v --send-eth --open --rate %s' %
            (rate))
        try:
            for host in masscan_scan.all_hosts:
                for masscan_proto in masscan_scan[host].keys():
                    for masscan_port in masscan_scan[host][masscan_proto].keys(
                    ):
                        nm = nmap.PortScanner()
                        arguments = '-p %s -sS -sV -Pn -T4 --open' % (
                            masscan_port)
                        nm.scan(hosts=host, arguments=arguments)
                        for nmap_proto in nm[host].all_protocols():
                            protocol = nm[host][nmap_proto][int(
                                masscan_port)]['name']
                            product = nm[host][nmap_proto][int(
                                masscan_port)]['product']
                            version = nm[host][nmap_proto][int(
                                masscan_port)]['version']
                            if not self.mysqldb.get_target_port(
                                    username, target, masscan_port):
                                self.mysqldb.save_target_port(
                                    username, target, description,
                                    self.aes_crypto.encrypt(str(masscan_port)),
                                    self.aes_crypto.encrypt(protocol),
                                    self.aes_crypto.encrypt(product),
                                    self.aes_crypto.encrypt(version))
                            else:
                                self.mysqldb.update_target_port(
                                    username, target, description,
                                    self.aes_crypto.encrypt(str(masscan_port)),
                                    self.aes_crypto.encrypt(protocol),
                                    self.aes_crypto.encrypt(product),
                                    self.aes_crypto.encrypt(version))
                            scan_list.append(
                                str(host) + ':' + str(masscan_port))
            print('Masscan scanned.....\n')
            self.mysqldb.update_scan(username, target, '端口扫描结束')
        except Exception as e:
            print(e)
            pass
        finally:
            pass
        return scan_list
Beispiel #4
0
class Multiply_Thread():
    def __init__(self):
        self.port_scan = Port_Scan()
        self.mysqldb = Mysql_db()
        self.aes_crypto = Aes_Crypto()
        self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
        if not os.path.isdir(self.plugin_path):
            raise EnvironmentError
        self.items = os.listdir(self.plugin_path)

    def async_exe(self, func, args = None, kwargs = None, delay = 0):
        """异步执行方法
        
        :param func: 待执行方法
        :param args: 方法args参数
        :param kwargs: 方法kwargs参数
        :param delay: 执行延迟时间
        :return: 执行线程对象
        """
        args = args or ()
        kwargs = kwargs or {}
        def tmp():
            self.run(*args, **kwargs)
        scheduler = sched.scheduler(time.time, time.sleep)
        scheduler.enter(delay, 10, tmp, ())
        thread = threading.Thread(target = scheduler.run)
        thread.start()
        return thread

    def run(self, *args, **kwargs):
        scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target'])
        if scan_set['scanner'] == 'nmap':
            scan_list = self.port_scan.nmap_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'])
        else:
            scan_list = self.port_scan.masscan_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'], scan_set['rate'])
        self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '开始POC检测')
        for ip_port in scan_list:
            for item in self.items:
                poc_path = os.path.join(self.plugin_path, item)
                if '.py' not in poc_path:
                    poc_items = os.listdir(poc_path)
                    for poc_item in poc_items:
                        if poc_item.endswith(".py") and not poc_item.startswith('__'):
                            plugin_name = poc_item[:-3]
                            module = importlib.import_module('app.plugins.' + item + '.' + plugin_name)
                            try:
                                class_name = plugin_name + '_BaseVerify'
                                url = 'http://' + ip_port
                                get_class = getattr(module, class_name)(url)
                                result = get_class.run()
                                if result:
                                    if not self.mysqldb.get_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)):
                                        self.mysqldb.save_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(plugin_name))
                                    else:
                                        self.mysqldb.update_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name))
                                else:
                                    pass
                            except:
                                pass
                        else:
                            continue
        self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')
Beispiel #5
0
    os.mkdir("images")
ALLOWED_EXTENSIONS = set(['png', 'jpg', 'jpeg', 'gif'])  #限制上传文件格式

DATABASE = sys.path[0] + '/mydb.db'
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024
CORS(app, supports_credentials=True)
mysqldb = Mysql_db()
mysqldb.create_database('linbing')
mysqldb.create_user()
mysqldb.create_target()
mysqldb.create_vulnerability()
mysqldb.create_delete_target()
mysqldb.create_delete_vulnerability()
aes_crypto = Aes_Crypto()
rsa_crypto = Rsa_Crypto()
port_scan = Port_Scan()


def parse_target(target):
    scan_ip = ''
    try:
        url_result = re.findall('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+',
                                target)
        if url_result == []:
            ip_result = re.findall(
                r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b",
                target)
            if ip_result == []:
                domain_regex = re.compile(
Beispiel #6
0
 def __init__(self):
     self.mysqldb = Mysql_db()
     self.aes_crypto = Aes_Crypto()
Beispiel #7
0
class Multiply_Thread():
    def __init__(self, mysqldb):
        self.port_scan = Port_Scan(mysqldb)
        self.mysqldb = mysqldb
        self.aes_crypto = Aes_Crypto()
        self.plugin_path = os.path.join(
            os.path.dirname(os.path.realpath(__file__)), "plugins")
        if not os.path.isdir(self.plugin_path):
            raise EnvironmentError
        self.items = os.listdir(self.plugin_path)

    def async_exe(self, func, args=None, kwargs=None, delay=0):
        """异步执行方法
        
        :param func: 待执行方法
        :param args: 方法args参数
        :param kwargs: 方法kwargs参数
        :param delay: 执行延迟时间
        :return: 执行线程对象
        """
        args = args or ()
        kwargs = kwargs or {}

        def tmp():
            self.run(*args, **kwargs)

        scheduler = sched.scheduler(time.time, time.sleep)
        scheduler.enter(delay, 10, tmp, ())
        thread = threading.Thread(target=scheduler.run)
        thread.start()
        return thread

    async def coroutine_execution(self, function, loop, semaphore, kwargs,
                                  ip_port, plugin_name):
        """
        多协程执行方法
        
        :param func: 待执行方法
        :param loop: loop 对象
        :param semaphore: 协程并发数量
        :param kwargs: kwargs参数,方便与数据库联动,保存到数据库
        :param ip_port: 目标的ip和端口,方便与数据库联动,保存到数据库
        :param plugin_name: 插件的名字,方便与数据库联动,保存到数据库
        :return: 执行线程对象
        """

        async with semaphore:
            try:
                result = await loop.run_in_executor(
                    None, functools.partial(function.run))
                if result:
                    if not self.mysqldb.get_vulnerability(
                            kwargs['username'], kwargs['target'],
                            self.aes_crypto.encrypt(ip_port),
                            self.aes_crypto.encrypt(plugin_name)):
                        self.mysqldb.save_vulnerability(
                            kwargs['username'], kwargs['target'],
                            self.aes_crypto.encrypt(plugin_name),
                            self.aes_crypto.encrypt(ip_port),
                            self.aes_crypto.encrypt(plugin_name),
                            self.aes_crypto.encrypt(plugin_name))
                    else:
                        self.mysqldb.update_vulnerability(
                            kwargs['username'], kwargs['target'],
                            self.aes_crypto.encrypt(ip_port),
                            self.aes_crypto.encrypt(plugin_name))
                else:
                    pass
            except Exception as e:
                #print(e)
                pass

    def sub_domain(self, username, target, description, domain):
        """
        调用oneforall爆破子域名
        
        :param username: 用户名
        :param targer: 目标
        :param description: 目标描述
        :param domain: 要爆破的域名
        :return:
        """

        oneforall = OneForAll(domain)
        datas = oneforall.run()
        for domain in datas:
            self.mysqldb.save_target_domain(
                username, target, description,
                self.aes_crypto.encrypt(domain['subdomain']),
                self.aes_crypto.encrypt(domain['ip']))
            #print(domain['alive'])
            #print(domain['port'])
            #print(domain['cdn'])
            #print(domain['title'])
            #print(domain['banner'])

    def run(self, *args, **kwargs):
        scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target'])
        if kwargs['domain']:
            self.mysqldb.update_scan(kwargs['username'], kwargs['target'],
                                     '开始子域名检测')
            self.sub_domain(kwargs['username'], kwargs['target'],
                            kwargs['description'], kwargs['domain'][0])
        if scan_set['scanner'] == 'nmap':
            scan_list = self.port_scan.nmap_scan(
                kwargs['username'], kwargs['target'], kwargs['description'],
                kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'])
        else:
            scan_list = self.port_scan.masscan_scan(
                kwargs['username'], kwargs['target'], kwargs['description'],
                kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'],
                scan_set['rate'])
        self.mysqldb.update_scan(kwargs['username'], kwargs['target'],
                                 '开始POC检测')

        new_loop = asyncio.new_event_loop()
        asyncio.set_event_loop(new_loop)
        semaphore = asyncio.Semaphore(int(scan_set['concurren_number']))
        tasks = []
        loop = asyncio.get_event_loop()

        for ip_port in scan_list:
            for item in self.items:
                poc_path = os.path.join(self.plugin_path, item)
                if '.py' not in poc_path:
                    poc_items = os.listdir(poc_path)
                    for poc_item in poc_items:
                        if poc_item.endswith(
                                ".py") and not poc_item.startswith(
                                    '__') and 'ajpy' not in poc_item:
                            plugin_name = poc_item[:-3]
                            module = importlib.import_module('app.plugins.' +
                                                             item + '.' +
                                                             plugin_name)
                            try:
                                class_name = plugin_name + '_BaseVerify'
                                url = 'http://' + ip_port
                                get_class = getattr(module, class_name)(url)
                                future = asyncio.ensure_future(
                                    self.coroutine_execution(
                                        get_class, loop, semaphore, kwargs,
                                        ip_port, plugin_name))
                                tasks.append(future)
                            except Exception as e:
                                print(e)
                                pass
                        else:
                            continue

        loop.run_until_complete(asyncio.wait(tasks))
        self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')