Beispiel #1
0
def tasks_dispatch_web(taskID, url):
    app.send_task(name='ServInfo',
                  queue='ServInfo',
                  kwargs=dict(taskID=taskID, url=url))

    app.send_task(name='CmsFinger',
                  queue='CmsFinger',
                  kwargs=dict(taskID=taskID, url=url))

    app.send_task(
        name='Wappalyzer',
        queue='Wappalyzer',
        kwargs=dict(taskID=taskID, domain=url),
    )
    app.send_task(name='SFileScan',
                  queue='SFileScan',
                  kwargs=dict(taskID=taskID, url=url))
    _ = MongoDB()
    info = _.get_one_hostscan_info(taskID)
    if 'domain' in info.keys() and len(info['domain']) != 0:
        app.send_task(name='DirScan',
                      queue='DirScan',
                      kwargs=dict(taskID=taskID, target=info['domain']))
    else:
        pass
Beispiel #2
0
def wappalyzer(self, taskID, domain):
    if not domain.startswith('http'):
        domain = 'http://' + domain
    wappalyzer = Wappalyzer.latest()
    res = ''
    try:
        webpage = WebPage.new_from_url(domain, verify=False)
        res = wappalyzer.analyze(webpage)
        print(list(res))
        x = MongoDB()
        x.add_wappalyzer(taskID, list(res))
    except requests.exceptions.ConnectTimeout as e:
        print(e)
        # 不存在该服务也会可能出现这种异常
        app.send_task(
            name='Wappalyzer',
            queue='Wappalyzer',
            kwargs=dict(taskID=taskID, domain=domain),
        )
    except requests.exceptions.ConnectionError as e:
        # 可能是该主机不存在http服务
        print(e)
        # app.send_task(name='Wappalyzer',
        #               queue='Wappalyzer',
        #               kwargs=dict(taskID=taskID, domain=domain),
        #               )
    except Exception as e:
        print(e)
    return list(res)
Beispiel #3
0
def main(taskID, target, thread_num, load_config_file):
    """
    main fuction of dirmap 
    """

    # set paths of project
    paths.ROOT_PATH = os.path.dirname(os.path.abspath(__file__))
    setPaths()

    scan_param = {
        'thread_num': thread_num,
        'target_input': target,  # single or range or mask
        'target_file': '',
        'load_config_file': load_config_file,
        'debug': False
    }
    # received command >> cmdLineOptions
    cmdLineOptions.update(scan_param)

    # loader script,target,working way(threads? gevent?),output_file from cmdLineOptions
    # and send it to conf
    initOptions(cmdLineOptions)  # 扫描中的全部参数放到conf中
    # run!
    run()
    print(result)
    _ = MongoDB()
    _.add_web_dir(taskID, result)
    return result
Beispiel #4
0
def nmapscan(self, taskID, host, ports):
    '''
    :param host: str
    :param ports: str list
    :return: None or json data
    '''
    # 接受从masscan上扫描出来的结果
    # 为了可以多线程使用,此函数支持多线程调用
    nm = nmap.PortScanner()
    argument = "-sV -sS -Pn --host-timeout 1m -p{}".format(','.join(ports))
    try:
        ret = nm.scan(host, arguments=argument)
    except nmap.PortScannerError as e:
        print(e)
        return None
    except:
        print('22222')
        return None

    if host in ret["scan"]:
        try:
            result = ret["scan"][host]["tcp"]
        except KeyError:
            return None
        print(result)
        _ = MongoDB()
        _.add_port_serv(taskID, json.dumps(result))

    handle_result(taskID, host, result)
Beispiel #5
0
def portscan(self, taskID, host, ports='0-10000', rate=1000):
    try:
        mas = masscan.PortScanner()
    except masscan.PortScannerError:
        print("masscan binary not found", sys.exc_info()[0])
    except masscan.NetworkConnectionError:
        print("-------------------")
    except:
        print("Unexpected error:", sys.exc_info()[0])
    try:
        mas.scan(host, ports, sudo=False, arguments="--rate {}".format(rate))
    except masscan.NetworkConnectionError or masscan.PortScannerError as e:
        print(e)
        print('当前重试次数', self.request.retries)
        raise self.retry(exc=e, countdown=1,
                         max_retries=1)  #最大重试次数1,对一个ip最多扫描2次结束
        # app.send_task(name='PortServScan',
        #               queue='PortServScan',
        #               kwargs=dict(taskID=taskID, ip_addr=host, resp='syn_normal'))
    else:
        PortResult = {}
        for host in mas.all_hosts:
            PortResult.update(mas[host]['tcp'])
        print(PortResult)
        _ = MongoDB()
        _.add_open_ports(taskID, json.dumps(PortResult))

        ports = []
        for _ in PortResult.keys():
            ports.append(str(_))
        add_serv_task(taskID, host, ports)
Beispiel #6
0
def fingerscan(self, taskID, url, proxy=0, thread=50, time=5):
    url = add_http(url)
    # os.system("cd "+BASE_DIR+"/ScanMoudle/webscan/fingerdetect/")
    cmd = [
        'python2', 'TideFinger.py', '-u', url, '-p',
        str(proxy), '-m',
        str(thread), '-t',
        str(time)
    ]
    cmd = ' '.join(cmd)
    print(cmd)
    result = subprocess.Popen(cmd,
                              shell=True,
                              stdout=subprocess.PIPE,
                              cwd=PROJECT_PATH +
                              "/ScanMoudle/webscan/fingerdetect/")
    res = str(result.stdout.read())[2:-3]
    # print(json.dumps(res))
    try:
        print(res)
        json.loads(res)
        _ = MongoDB()
        _.add_cms_finger(taskID, res)
    except Exception as e:
        print(e)
    return res
Beispiel #7
0
def handle_data(ip_list, alive_ip, FtaskID):
    for ip in ip_list:
        if str(ip) not in alive_ip.keys():
            alive_ip[str(ip)] = {'state': 'down', 'reason': ''}
    _ = MongoDB()
    print(alive_ip)
    alive_task_id = _.add_alive_status_with_FtaskID(json.dumps(alive_ip),
                                                    FtaskID)
    print("alive_task_id", alive_task_id)
    for ip, taskID in alive_task_id.items():
        add_task(taskID, ip)
Beispiel #8
0
def poc(self, taskID, ip):
    if ipaddress.ip_address(ip).is_private:  #判断是否是内网ip
        d = {
            "country_id": "internal icon-disc",
            "country": "Internal Ip",
            "region": ""
        }
        return d
    interface = geoip(ip)
    _ = MongoDB()
    _.add_ip_location(taskID, json.dumps(interface))
    return interface
Beispiel #9
0
def namp_port_scan(self, taskID, ip_addr, resp):
    scanner = nmap.PortScanner()
    # 1)SYN ACK Scan == syn
    # 2)UDP Scan  == udp
    # 3)Comprehensive Scan == com
    if resp == 'syn_normal':
        # 5900开始是VNC端口号
        scanner.scan(
            ip_addr,
            '21,22,23,25,80,110,115,139,143,443,445,547,1433,1521,3306,3690,3389,5432,5901,5902,5903,6379,7001,8080,11211,27017',
            '-sV -sS -Pn')

    if resp == 'syn':
        scanner.scan(ip_addr, '1-1024', '-v -sS')
        print(scanner[ip_addr]['tcp'])
        print("Ip Status: ", scanner[ip_addr]['status'])

    elif resp == 'udp':  # udp扫描在大网络环境下不准确
        scanner.scan(ip_addr, '1-1024', '-v -sU')
        print("Open Ports: ", scanner[ip_addr]['udp'].keys())

    elif resp == 'com':
        scanner.scan(ip_addr, '1-1024', '-v -sS -sV -sC -A -O')

    else:
        pass

    result_open = {}
    result_filter = {}
    result_other = {}
    if 'tcp' in scanner[ip_addr].keys() or 'udp' in scanner[ip_addr].keys():
        if resp == 'com' or resp == 'syn' or resp == 'syn_normal':
            resp = 'tcp'
        for key, value in scanner[ip_addr][resp[:3]].items():
            if value['state'] == 'open':
                result_open[key] = value
            elif value['state'] == 'filtered':
                result_filter[key] = value
            else:
                result_other[key] = value

    # print(result_open)
    x = MongoDB()
    x.add_port_sev_result(taskID, json.dumps(result_open))

    handle_result(taskID, ip_addr, result_open)
    return result_open
Beispiel #10
0
def ServInfo(self, taskID, url):
    compile_ip = re.compile(
        '^(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$'
    )
    if compile_ip.match(url):
        url = "http://" + url
    # url = "http://blog.zzp198.cn"
    # url = 'https://blog.ixuchao.cn'
    res = WebEye(url)
    res.run()
    cms = res.cms_list
    if 'Server' in cms.keys():
        del cms['Server']
    print(cms)
    _ = MongoDB()
    _.add_cms_finger(taskID, json.dumps(cms))
    return cms
Beispiel #11
0
    def handle_data_x(self):
        handle_ip = dict()
        for _ in self.dict_ip.items():
            for __ in _[1]:
                if not __ in handle_ip.keys():
                    handle_ip[__] = set()
                handle_ip[__].add(_[0])
        for _ in handle_ip.items():
            handle_ip[_[0]] = list(_[1])
        print("handle_ip:",handle_ip)
        _ = MongoDB()
        taskIDs = _.add_child_tasks(self.taskID, handle_ip)

        i = 0
        for _ in handle_ip.keys():
            self.add_tasks(str(taskIDs[i]),_)
            i += 1
        return handle_ip
Beispiel #12
0
def run():
    initEngine()
    # print(xscan.target.qsize())
    if xscan.thread_mode:
        set_thread_lock()
        print('nulti thread mode, number is {}'.format(xscan.current_tc_count))
        for _ in range(xscan.thread_coroutine_num):
            t = threading.Thread(target=xpoc, name=str(_))
            t.setDaemon(True)
            t.start()
        while xscan.current_tc_count > 0 and xscan.is_continue:
            time.sleep(0.01)
    else:
        print('Coroutine mode, number is {}'.format(
            xscan.thread_coroutine_num))

        gevent.joinall(
            [gevent.spawn(xpoc) for _ in range(0, xscan.thread_coroutine_num)])

    print('\n')
    msg = '%s found | %s remaining | %s scanned in %.2f seconds' % (
        xscan.found_count, xscan.target.qsize(), xscan.scan_count,
        time.time() - xscan.start_time)

    print(msg)
    # 结果加入MongoDB
    res = {}
    if len(xscan.result_dic) != 0:
        res = {scan_option.poc_name: xscan.result_dic}
    elif len(xscan.result) != 0:
        res = {
            scan_option.poc_name: {
                'payload': xscan.result,
                'post_data': '',
                'info': ''
            }
        }
    if 'taskID' in scan_option.keys():
        taskID = scan_option.taskID
        from utils.mongo_op import MongoDB
        x = MongoDB()
        x.add_poc_vuln(taskID, json.dumps(res))  # key相同会覆盖原有数据
    print(res)
Beispiel #13
0
def nmap_alive_scan_single_with_taskid(ip, taskID):
    nm = nmap.PortScanner()
    result = nm.scan(hosts=ip, arguments='-sn')
    _ = MongoDB()
    if len(result['scan'].values()):
        _.add_alive_status(taskID, result['scan'][ip]['status'])
        add_task(taskID, ip)
    else:
        _.add_alive_status(taskID, {'status': 'down', 'reason': ''})
Beispiel #14
0
def handle_result(taskID, result, service):
    print("this is the begin")
    x = result.strip('\n').split(' ')
    if result is 's':
        _result = {
            'redis': {
                'service': service,
                'port': x[0].strip('[').split(']')[0],
                'login': '',
                'password': ''
            }
        }
    else:
        _result = {
            x[0].strip('[').split(']')[1][1:]: {
                'service': service,
                'port': x[0].strip('[').split(']')[0],
                'login': x[6].strip(),
                'password': x[10].strip()
            }
        }
    print(_result)
    x = MongoDB()
    x.add_weak_pass_service(taskID, json.dumps(_result))
Beispiel #15
0
def RDPassSpray(self, taskID, target):
    _ = main(taskID, target)
    mon = MongoDB()
    mon.add_weak_pass_service(
        taskID, json.dumps(_))  # 最终一定要在主task函数中调用 Mongo存储, 同时方便return
    return _
Beispiel #16
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time    : 8/8/19 5:18 PM
# @Author  : Archerx
# @Blog    : https://blog.ixuchao.cn
# @File    : complete_publish_test.py

from utils.mongo_op import MongoDB
from celery_tasks.main import app

x = MongoDB()
id = x.add_Ftask()

# app.send_task(name='AliveScan',
#               queue='AliveScan',
#               kwargs=dict(FtaskID=str(id), ip='127.0.0.1', ip_type='single'))

app.send_task(name='AliveScan',
              queue='AliveScan',
              kwargs=dict(FtaskID=str(id),
                          ip='149.129.89.150-149.129.89.170',
                          ip_type='range'))

#149.129.60.133
# app.send_task(name='AliveScan',
#               queue='AliveScan',
#               kwargs=dict(FtaskID=str(id), ip='149.129.60.200-149.129.60.250', ip_type='range'))

# app.send_task(name='AliveScan',
#               queue='AliveScan',
#               kwargs=dict(FtaskID=str(id), ip='123.207.155.221', ip_type='single'))