def filter(request):
offset = req_get_param_int(request, 'offset')
count = req_get_param_int(request, 'count')
field = req_get_param(request, 'field')
value = req_get_param(request, 'value')
# 查找利用信息
result_cursor = firmware_db.filter(field, value)
if result_cursor is None:
return app_err(Error.INVALID_REQ_PARAM)
item_list = list(result_cursor)
# 获取信息总数,并判断指定偏移量是否越界
total = len(item_list)
if total == 0 or offset >= total:
return app_err_p(Error.NO_MORE_DATA, {'total': total, 'count': 0})
# 读取指定位置和数量的利用信息
if count > total - offset:
count = total - offset
item_list = item_list[offset:offset + count]
#SysLog.success('查询漏洞', '成功查询漏洞信息,查询到漏洞信息总数={}'.format(len(item_list)))
return app_ok_p({
'total': total,
'count': len(item_list),
'items': item_list
})
def poc_search(request):
offset = req_get_param_int(request, 'offset')
count = req_get_param_int(request, 'count')
value = req_get_param(request, 'value')
# 查找利用信息
result_cursor = firmware_db.search(value)
item_list = list(result_cursor)
# 获取信息总数,并判断指定偏移量是否越界
total = len(item_list)
if total == 0 or offset >= total:
return app_err_p(Error.NO_MORE_DATA, {'total': total, 'count': 0})
# 读取指定位置和数量的利用信息
if count > total - offset:
count = total - offset
item_list = item_list[offset:offset + count]
# 查询poc信息,添加到漏洞信息中
# poc_list = []
for item in item_list:
poc = firmware_pocs.fetch_no_content(item['firmware_id'])
item['poc'] = poc
# poc_list.append(poc)
#SysLog.success('搜索POC', '成功搜索POC文件,总数={}'.format(len(item_list)))
return sys_app_ok_p({
'total': total,
'count': len(item_list),
'items': item_list
})
def search(request):
offset = req_get_param_int(request, 'offset')
count = req_get_param_int(request, 'count')
value = req_get_param(request, 'value')
# 查找利用信息
result_cursor = firmware_db.search(value)
item_list = list(result_cursor)
# 获取信息总数,并判断指定偏移量是否越界
total = len(item_list)
if total == 0 or offset >= total:
return app_err_p(Error.NO_MORE_DATA, {'total': total, 'count': 0})
# 读取指定位置和数量的利用信息
if count > total - offset:
count = total - offset
item_list = item_list[offset:offset + count]
# 为性能测试中降低CPU使用率,小段延时
time.sleep(1.0)
#SysLog.success('搜索漏洞', '成功搜索漏洞信息,查询到漏洞信息总数={}'.format(len(item_list)))
return app_ok_p({
'total': total,
'count': len(item_list),
'items': item_list
})
def binwalk_scan_opcodes(request):
filename = req_get_param(request, 'filename')
#print(filename)
# filename = "D:/code/work/firmwareanalyze/HC5611.bin"
structure = ''
try:
for module in binwalk.scan(filename, opcodes=True, quiet=True):
print("%s Results:" % module.name)
for result in module.results:
print("\t%s 0x%.8X %s" % (result.file.path, result.offset, result.description))
if ("X86" in result.description.upper()):
structure = 'X86'
break
elif ("ARM" in result.description.upper()):
structure = "ARM"
break
elif ("MIPS" in result.description.upper()):
structure = "MIPS"
break
else:
structure = "PowerPC"
break
except binwalk.ModuleException as e:
print("Critical failure:", e)
return sys_app_err('ERROR_INTERNAL_ERROR')
return sys_app_ok_p({'structure': structure,})
def angr_convert_code(request):
try:
filename = req_get_param(request, 'filename')
arch = getarch(filename)
proj = angr.Project(filename, load_options={
'main_opts': {
'backend': 'blob',
'base_addr': 0,
'arch': arch,
},
})
print(proj.arch)
state = proj.factory.entry_state()
#### Blocks
block = proj.factory.block(proj.entry) # lift a block of code from the program's entry point
pp = block.pp() # pretty-print a disassembly to stdout
print(block.instructions) # how many instructions are there?
print(block.instruction_addrs) # what are the addresses of the instructions?
print(block.capstone) # capstone disassembly
print(block.vex) # VEX IRSB (that's a python internal address, not a program address)
except binwalk.ModuleException as e:
print("Critical failure:", e)
return sys_app_err('ERROR_INTERNAL_ERROR')
return sys_app_ok_p({'code': str(block.vex),})
def fetch(request):
firmware_id = req_get_param(request, 'firmware_id')
if StrUtils.is_blank(firmware_id):
return sys_app_err('ERROR_INVALID_PARAMETER')
doc = firmware_db.fetch(firmware_id)
if doc is None:
#SysLog.fail('提取漏洞', '没有提取到漏洞信息(ID={})'.format(firmware_id))
return sys_app_err('ERROR_FWID_NOT_FOUND')
#SysLog.success('提取漏洞', '成功提取漏洞信息(ID={})'.format(firmware_id))
return app_ok_p(doc)
def poc_fetch(request):
firmware_id = req_get_param(request, 'firmware_id')
# doc = firmware_db.fetch(firmware_id)
poc = firmware_pocs.fetch(firmware_id)
if poc is None:
return sys_app_err('ERROR_FWPOC_NOT_FOUND')
print(poc['aliases'])
#SysLog.success('提取POC', '成功提取漏洞的POC(漏洞ID={})'.format(firmware_id))
# doc['poc'] = poc
return sys_app_ok_p(poc)
def poc_delete(request):
firmware_id = req_get_param(request, 'firmware_id')
if StrUtils.is_blank(firmware_id):
return app_err(Error.INVALID_REQ_PARAM)
# 删除POC
if not firmware_pocs.delete(firmware_id):
#SysLog.fail('删除POC', '删除POC失败(漏洞ID={})'.format(firmware_id))
return app_err(Error.EDB_POC_NOT_FOUND)
#SysLog.success('删除POC', '成功删除漏洞的POC(漏洞ID={})'.format(firmware_id))
return app_ok()
def binwalk_scan_signature(request):
filename = req_get_param(request, 'filename')
result_list = list()
try:
for module in binwalk.scan(filename, signature=True, quiet=True):
print("%s Results:" % module.name)
for result in module.results:
result_list.append("\t%s 0x%.8X %s" % (result.file.path, result.offset, result.description))
print("\t%s 0x%.8X %s" % (result.file.path, result.offset, result.description))
except binwalk.ModuleException as e:
print("Critical failure:", e)
return sys_app_ok_p({'decode': result_list})
def delete(request):
firmware_id = req_get_param(request, "firmware_id")
if not firmware_db.custom_firmware_id(firmware_id):
#SysLog.fail('删除漏洞', '删除漏洞(ID={})失败,只有定制的漏洞信息才能进行删除操作。'.format(firmware_id))
return firmware_db.err_not_custom()
# firmware_id不存在,表示没有可以删除的漏洞信息条目
if not firmware_db.exist_firmware_id(firmware_id):
#SysLog.fail('删除漏洞', '删除漏洞失败,该漏洞(ID={})不存在。'.format(firmware_id))
return app_err(Error.firmware_id_NOT_FOUND)
result = firmware_db.delete(firmware_id)
# 本版本不检查成功与否
#SysLog.success('删除漏洞', '成功删除漏洞信息,漏洞ID={}'.format(firmware_id))
return app_ok()
def poc_download(request):
firmware_id = req_get_param(request, 'firmware_id')
item = firmware_pocs.fetch(firmware_id)
if item is None:
return sys_app_err('ERROR_FWPOC_NOT_FOUND')
file_name = item['aliases']
# 对文本类型的文件名称增加txt后缀
download_name = SysUtils.add_plain_text_file_suffix(file_name)
# 设置响应内容的文件下载参数
response = HttpResponse(item['content'],
content_type='application/octet-stream')
response['Content-Disposition'] = 'attachment;filename="%s"' % (
urlquote(download_name))
#SysLog.success('下载POC', '成功下载POC文件,漏洞ID={}'.format(firmware_id))
return response
def angr_recognize(request):
try:
filename = req_get_param(request, 'filename')
arch = getarch(filename)
proj = angr.Project(filename, load_options={
'main_opts': {
'backend': 'blob',
'base_addr': 0,
'arch': arch,
},
})
except binwalk.ModuleException as e:
print("Critical failure:", e)
return sys_app_err('ERROR_INTERNAL_ERROR')
return sys_app_ok_p({'functions': "",})
def binwalk_file_test(request):
filename = req_get_param(request, 'filename')
try:
for module in binwalk.scan(filename, filesystem=True, quiet=True):
for result in module.results:
if result.file.path in module.extractor.output:
# These are files that binwalk carved out of the original firmware image, a la dd
if result.offset in module.extractor.output[result.file.path].carved:
print
"Carved data from offset 0x%X to %s" % (
result.offset, module.extractor.output[result.file.path].carved[result.offset])
# These are files/directories created by extraction utilities (gunzip, tar, unsquashfs, etc)
if result.offset in module.extractor.output[result.file.path].extracted:
print
"Extracted %d files from offset 0x%X to '%s' using '%s'" % (
len(module.extractor.output[result.file.path].extracted[result.offset].files),
result.offset,
module.extractor.output[result.file.path].extracted[result.offset].files[0],
module.extractor.output[result.file.path].extracted[result.offset].command)
except binwalk.ModuleException as e:
print("Critical failure:", e)
return sys_app_err('ERROR_INTERNAL_ERROR')
return sys_app_ok_p({'extract': 'ok',})
def fwdownload(request):
print("run into fwdownload")
homepage = req_get_param(request, 'url')
print(homepage)
# http://127.0.0.1:8000/firmwarefetch/fwdownload/?url=http://www.luyoudashi.com/roms
# 爬取下载固件
# firmware = Firmware()
# 普联 TP-Link
savepath = "TP-Link"
# firmware.makedir(savepath)
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-13350-"
for i in range(5): # 控制爬取的页数
# firmware.get_firmware(url, i+1)
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 水星 Mercury
savepath = "Mercury"
firmware_db.makedir(savepath)
# url = "http://www.luyoudashi.com/roms/vendor-8080-"
url = homepage + "/roms/vendor-8080-"
for i in range(2): # 控制爬取的页数
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 智能固件 OpenWRT
# 迅捷 Fast
savepath = "Fast"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-4588.html"
get_firmware(url, savepath)
# 斐讯 Phicomm http://www.luyoudashi.com/roms/vendor-11367.html
savepath = "Phicomm"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-11367-"
for i in range(2): # 控制爬取的页数
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 腾达 Tenda
savepath = "Tenda"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-12997-"
for i in range(4): # 控制爬取的页数
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 磊科 Netcore
savepath = "Netcore"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-8806-"
for i in range(2): # 控制爬取的页数
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 网件 NETGEAR
savepath = "NETGEAR"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-8819-"
for i in range(2): # 控制爬取的页数
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 小米 Xiaomi
savepath = "Xiaomi"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-14593.html"
get_firmware(url, savepath)
# D-Link 固件下载
savepath = "D-Link"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-3132-"
for i in range(2): # 控制爬取的页数
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 极路由 HiWiFi
savepath = "HiWiFi"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-16501.html"
for i in range(2): # 控制爬取的页数
url = url + str(i + 1) + ".html"
get_firmware(url, savepath)
break
# 新路由 Newifi
savepath = "Newifi"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-16502.html"
get_firmware(url, savepath)
# 华硕 ASUS
savepath = "ASUS"
firmware_db.makedir(savepath)
url = homepage + "/roms/vendor-1130.html"
get_firmware(url, savepath)
# if fwdownload is None:
# return app_err(Error.FAIL_QUERY)
# else:
return sys_app_ok_p('ERROR_OK')
def fwdownloadex(request):
# print(Sys_code_err)
print("run into fwdownload")
homepage = req_get_param(request, 'url')
print(homepage)
savepath = os.getcwd() + "\\firmware"
if os.path.isdir(savepath):
pass
else:
os.mkdir(savepath)
firmware_id = firmware_db.get_suggest_firmware_id(None)
item = {
# 'fw_manufacturer': firmware_manufacturer,
# 'application_mode': application_mode,
# 'fw_version': firmware_version,
# 'fw_size': firmware_size,
# 'pub_date': pub_date,
# 'fw_file_name': filename,
'firmware_id': firmware_id
}
try:
"""
download file from internet
:param url: path to download from
:param savepath: path to save files
:return: None
"""
def reporthook(a, b, c):
"""
显示下载进度
:param a: 已经下载的数据块
:param b: 数据块的大小
:param c: 远程文件大小
:return: None
"""
print("\rdownloading: %5.1f%%" % (a * b * 100.0 / c), end="")
filename = os.path.basename(homepage)
# 判断是否为合法下载文件名 .zip .bin .img .rar .exe ...
filetype = 'zip,bin,img,rar,exe'
file_list = filename.split('.')
result = file_list[file_list.__len__() - 1] in filetype
print(result)
if not result:
#
return sys_app_err_p(
'ERROR_FETCH_FILE_TYPE',
{'filetype': file_list[file_list.__len__() - 1]})
# 判断文件是否存在,如果不存在则下载
if not os.path.isfile(os.path.join(savepath, filename)):
print('Downloading data from %s' % homepage)
urlretrieve(homepage,
os.path.join(savepath, filename),
reporthook=reporthook)
item['fw_file_name'] = filename
item['application_mode'] = file_list[0]
item['fw_manufacturer'] = ''
firmware_db.add(item)
pathfilename = savepath + "\\" + filename
with open(pathfilename, 'rb') as myimage:
data = myimage.read()
firmware_pocs.add(firmware_id, filename, data)
print('\nDownload finished!')
else:
print('File already exsits!')
# 获取文件大小
filesize = os.path.getsize(os.path.join(savepath, filename))
# 文件大小默认以Bytes计, 转换为Mb
print('File size = %.2f Mb' % (filesize / 1024 / 1024))
return sys_app_ok_p('ERROR_OK')
except Exception as e:
print(e)
return sys_app_err(e)