def list(self, request, **kwargs):
"""查询数据库中的信息"""
try:
enfilename = request.query_params.get('en', None)
filename = FileMsf.decrypt_file_name(enfilename)
if filename is None:
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
binary_data = FileMsf.read_msf_file(filename)
if binary_data is None:
context = data_return(304, HostFile_MSG.get(304), {})
return context
response = HttpResponse(binary_data)
response['Content-Type'] = 'application/octet-stream'
response['Content-Disposition'] = f'attachment;filename="{filename}"'
response['Code'] = 200
response['Message'] = quote(FileMsf_MSG.get(203))
remote_client = request.META.get("HTTP_X_REAL_IP")
Notice.send_info(f"IP: {remote_client} 下载文件 : {filename}")
return response
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def destroy(self, request, pk=None, **kwargs):
try:
filename = str(request.query_params.get('name', None))
context = FileMsf.destory(filename)
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def create(self, request, **kwargs):
try:
file = request.FILES['file']
context = FileMsf.create(file=file)
return Response(context)
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def list(self, request, **kwargs):
"""查询数据库中的信息"""
try:
filename = request.query_params.get('name', None)
action = request.query_params.get('action', None)
context = FileMsf.list(filename, action)
if isinstance(context, dict):
return Response(context)
else:
return context
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def list(kind=None):
if kind == "lhost":
# 获取pem秘钥文件,用于https监听配置
files = FileMsf.list_msf_files()
pem_files = []
for file in files:
name = file.get("name")
if name.lower().endswith(".pem"):
pem_files.append(name)
conf = Xcache.get_lhost_config()
if conf is None:
conf = {'lhost': None, "pem_files": pem_files}
else:
conf["pem_files"] = pem_files
elif kind == "telegram":
conf = Xcache.get_telegram_conf()
if conf is None:
conf = {
"token": "",
"chat_id": [],
"proxy": "",
"alive": False
}
elif kind == "dingding":
conf = Xcache.get_dingding_conf()
if conf is None:
conf = {"access_token": "", "keyword": "", "alive": False}
elif kind == "serverchan":
conf = Xcache.get_serverchan_conf()
if conf is None:
conf = {"sendkey": "", "alive": False}
elif kind == "FOFA":
conf = Xcache.get_fofa_conf()
if conf is None:
conf = {"email": "", "key": "", "alive": False}
elif kind == "sessionmonitor":
conf = Xcache.get_sessionmonitor_conf()
else:
context = data_return(301, Setting_MSG.get(301), {})
return context
context = data_return(200, CODE_MSG.get(200), conf)
return context
def download_file(self, filepath=None):
"""返回下载的文件内容,二进制数据"""
opts = {
'OPERATION': 'download',
'SESSION': self.sessionid,
'SESSION_FILE': filepath
}
result = MSFModule.run('post',
'multi/manage/file_system_operation_api',
opts,
timeout=300) # 后台运行
if result is None:
return None
filename = os.path.basename(filepath)
binary_data = FileMsf.read_msf_file(filename)
if binary_data is None:
return None
else:
return binary_data
def _deal_dynamic_option(one_module_config=None):
"""处理handler及凭证等动态变化参数,返回处理后参数列表"""
options = one_module_config.get('OPTIONS')
for option in options:
# handler处理
if option.get('name') == HANDLER_OPTION.get("name"):
option['enum_list'] = Handler.list_handler_config()
if len(option['enum_list']) == 1: # 只有一个监听
option['default'] = option['enum_list'][0].get("value")
# 凭证处理
elif option.get('name') == CREDENTIAL_OPTION.get("name"):
credentials = Credential.list_credential()
tmp_enum_list = []
try:
if option.get('extra_data') is None or option.get(
'extra_data').get('password_type') is None:
pass
else:
type_list = option.get('extra_data').get(
'password_type')
for credential in credentials:
if credential.get('password_type') in type_list:
name = "用户名:{} | 密码:{} | 标签:{} | 主机:{}".format(
credential.get('username'),
credential.get('password'),
credential.get('tag'),
credential.get('host_ipaddress'))
import json
value = json.dumps(credential)
tmp_enum_list.append({
'name': name,
'value': value
})
option['enum_list'] = tmp_enum_list
except Exception as E:
logger.warning(E)
# 文件处理
elif option.get('name') == FILE_OPTION.get("name"):
if option.get('extra_data') is None or option.get(
'extra_data').get('file_extension') is None:
file_extension_list = None
else:
file_extension_list = option.get('extra_data').get(
'file_extension')
files = FileMsf.list_msf_files()
tmp_enum_list = []
for file in files:
import json
# {
# "filename": "test",
# "filesize": 0,
# "mtime": 1552273961
# },
name = file.get("name")
size = FileSession.get_size_in_nice_string(
file.get('size'))
mtime = file.get("mtime")
style_time = time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime(mtime))
show = False # 是否满足文件后缀要求
if isinstance(file_extension_list, list):
for ext in file_extension_list:
if name.lower().endswith(ext.lower()):
show = True
else:
show = True
if show:
name = "文件: {} 大小: {} 修改时间: {}".format(
name, size, style_time)
value = json.dumps(file)
tmp_enum_list.append({'name': name, 'value': value})
option['enum_list'] = tmp_enum_list
return one_module_config