def items_controllers():
if request.method == "POST":
item_name = request.form.get('project', None)
action = request.form.get('action', None)
if action == "add":
item = mongo.db.items.find_one({'project': item_name})
if item != None:
data = {"status": 403, "msg": "项目已存在"}
return jsonify(data)
item_id = get_uuid()
item = {'project': item_name, 'create_date': datetime.datetime.now(), "id": item_id,
"user": session.get("admin")}
mongo.db.items.insert_one(item)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
mongo.db.items.delete_one({'project': item_name})
mongo.db.tasks.delete_many({"parent_name": item_name})
mongo.db.ports.delete_many({"parent_name": item_name})
mongo.db.subdomains.delete_many({"parent_name": item_name})
mongo.db.vuls.delete_many({"parent_name": item_name})
mongo.db.dir_vuls.delete_many({"parent_name": item_name})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
data = {"status": 403, "url_jump": "任务添加失败"}
return jsonify(data)
def domains_controllers():
if request.method == "POST":
domain_name = request.form.get('domain', None)
project = request.form.get('project', None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
if project is None or domain_name is None or len(project) == 0:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
if mongo.db.tasks.find({
'parent_name': project,
"hack_type": "域名扫描"
}).count() > 0:
result = {"status": 403, "msg": "域名扫描项目已存在"}
return jsonify(result)
new_list = [ii for ii in domain_name.split("\n") if len(ii) > 0]
target_name = ",".join(new_list)
task_id = get_uuid()
task = {
"id": task_id,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target_name,
"task_type": "即时任务",
"hack_type": "域名扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": len(new_list),
"hidden_host": "{}",
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.subdomain_scan(task_id)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.subdomains.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
subdomains = mongo.db.subdomains.find({
'parent_name':
mongo.db.tasks.find_one({'id': task_id})["parent_name"]
})
for i in subdomains:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["域名"] = i["subdomain_name"]
new_dict["时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S")
new_dict["端口"] = i["port"]
new_dict["IP地址"] = i["ips"]
new_dict["标题"] = i["title"]
new_dict["指纹"] = i["banner"]
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有域名结果"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) is not None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"域名扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
def create_attack_task(self, target_list):
"""
该函数用来进行POC扫描
:param target_list:
:return:
"""
attack_list_xunfeng = []
attack_list_s1riu5 = []
attack_list_kunpeng = []
attack_list_bugscan = []
pocs = mongo.db.pocs.find({})
pocs_list = list()
for i in pocs:
pocs_list.append(i)
for m in pocs_list:
for n in target_list:
if m["flag"] == "xunfeng":
if n["service"] == m["vul_service"]:
new_dict = dict()
new_dict["ip"] = n["address"]
new_dict["port"] = n["port"]
new_dict["poc"] = m["poc_name"]
new_dict["keyword"] = m["vul_service"]
new_dict["type_file"] = m["file_type"]
new_dict["project_name"] = self.project
attack_list_xunfeng.append(new_dict)
if "tag" in n:
if n["tag"] == m["vul_service"]:
new_dict = dict()
new_dict["ip"] = n["address"]
new_dict["port"] = n["port"]
new_dict["poc"] = m["poc_name"]
new_dict["keyword"] = m["vul_service"]
new_dict["type_file"] = m["file_type"]
new_dict["project_name"] = self.project
attack_list_xunfeng.append(new_dict)
elif m["flag"] == "kunpeng":
if "subdomain_name" in n:
attack_dict = {
'type': 'web',
'target': "web",
'netloc': n["http_address"],
"parent_name": self.project
}
if attack_dict not in attack_list_kunpeng:
attack_list_kunpeng.append(attack_dict)
else:
if n["service"] in ["http", "ssl", "https"]:
if 'http' in n["service"]:
scheme = 'http'
if n["service"] in ['https', 'ssl'
] or n["port"] == 443:
scheme = 'https'
ip_url = '{}://{}:{}'.format(
scheme, n["address"], n["port"])
attack_dict = {
'type': 'web',
'target': "web",
'netloc': ip_url,
"parent_name": self.project
}
if attack_dict not in attack_list_kunpeng:
attack_list_kunpeng.append(attack_dict)
else:
attack_dict = {
'type': 'service',
'target': n["service"],
'netloc': n["address"] + ':' + str(n["port"]),
"parent_name": self.project
}
if attack_dict not in attack_list_kunpeng:
attack_list_kunpeng.append(attack_dict)
elif m["flag"] == "bugscan":
"""
m: {'_id': ObjectId('5e2858f3a5c1fe4f0152e6c3'), 'cretae_date': datetime.datetime(2020, 1, 22, 22, 15, 15, 693000), 'vul_type': 'Null', 'file_type': 'py', 'vul_service': 'php168', 'flag': 'bugscan', 'id': '2acda09e-0964-4c52-b06f-c4188f5eeaf5', 'vul_name': 'Null', 'vul_info': 'Null', 'poc_name': 'exp_1170.py', 'vul_level': 'Null'}
n: {'_id': ObjectId('5e28ef328cd7cf0e4b791990'), 'id': '12adf194-e1ef-46ee-b552-645733f31e16', 'address': '127.0.0.1', 'mac': 'Null', 'vendor': 'Null', 'port': 8080, 'hostname': 'Null', 'create_date': datetime.datetime(2020, 1, 23, 8, 56, 18, 322000), 'end_time': datetime.datetime(2020, 1, 23, 8, 56, 18, 322000), 'parent_name': ' 测试项目', 'pid': '15ddb1f9-7792-4471-a084-2e6bfd3cc821', 'http_address': 'http://127.0.0.1', 'fofa': 'phpmyadmin,jquery,jquery-ui', 'category': 'phpmyadmin', 'service': 'http'}
"""
if m.get("vul_service", "") is not None and n.get(
"service", "") is not None:
if m.get("vul_service", "") in n.get("service", ""):
if n.get("service",
"") in ["http", "ssl", "https"]:
if 'http' in n.get("service"):
scheme = 'http'
if n.get("service") in [
'https', 'ssl'
] or n.get("port") == 443:
scheme = 'https'
target_url = '{}://{}:{}'.format(
scheme, n["address"], n["port"])
attack_dict = {
'netloc': target_url,
"poc": m["poc_name"],
"keyword": n["service"],
"parent_name": self.project
}
if attack_dict not in attack_list_bugscan:
attack_list_bugscan.append(attack_dict)
else:
target_url = '{}:{}'.format(
n["address"], n["port"])
attack_dict = {
'netloc': target_url,
"poc": m["poc_name"],
"keyword": n["service"],
"parent_name": self.project
}
if attack_dict not in attack_list_bugscan:
attack_list_bugscan.append(attack_dict)
else:
print(m, n, "service")
if m.get("vul_service") is not None and n.get(
"category") is not None:
if m.get("vul_service") in n.get("category"):
if n.get("category") in ["http", "ssl", "https"]:
if 'http' in n.get("category"):
scheme = 'http'
if n.get("category") in [
'https', 'ssl'
] or n.get("port") == 443:
scheme = 'https'
target_url = '{}://{}:{}'.format(
scheme, n["address"], n["port"])
attack_dict = {
'netloc': target_url,
"poc": m["poc_name"],
"keyword": n["service"],
"parent_name": self.project
}
if attack_dict not in attack_list_bugscan:
attack_list_bugscan.append(attack_dict)
else:
target_url = '{}:{}'.format(
n["address"], n["port"])
attack_dict = {
'netloc': target_url,
"poc": m["poc_name"],
"keyword": n["service"],
"parent_name": self.project
}
if attack_dict not in attack_list_bugscan:
attack_list_bugscan.append(attack_dict)
else:
print(m, n, "category")
# if m["vul_service"] in n["service"]:
#
# attack_dict = {'netloc': n["http_address"], "poc": m["poc_name"], "keyword": n["service"],
# "parent_name": self.project}
# if attack_dict not in attack_list_bugscan:
# attack_list_bugscan.append(attack_dict)
#
# if m["vul_service"] in n["category"]:
#
# attack_dict = {'netloc': n["http_address"], "poc": m["poc_name"], "keyword": n["category"],
# "parent_name": self.project}
# if attack_dict not in attack_list_bugscan:
# attack_list_bugscan.append(attack_dict)
poc_num = attack_list_xunfeng + attack_list_kunpeng + attack_list_bugscan
print(poc_num)
sess = mongo.db.tasks.find_one({"id": self.pid})
# 项目被删除的时候
if sess is None:
return True
if len(poc_num) == 0:
mongo.db.tasks.update_one({"id": self.pid}, {
'$set': {
'progress': "100.00%",
'status': 'Finished',
'end_time': datetime.datetime.now(),
'total_host': 0,
}
})
return True
target_dict = dict()
target_dict["xunfeng"] = attack_list_xunfeng
target_dict["kunpeng"] = attack_list_kunpeng
target_dict["bugscan"] = attack_list_bugscan
for i in target_dict.items():
if len(i[1]) != 0:
vul_id = get_uuid()
vul = {
"id": vul_id,
"parent_name": self.project,
"progress": "0.00%",
"total_num": len(i[1]),
"create_date": datetime.datetime.now(),
"end_time": "Null",
"status": "Running",
"target": json.dumps(i[1], ensure_ascii=False),
"flag": i[0],
"pid": self.pid
}
mongo.db.vuldocker.insert_one(vul)
contain = DOCKER_CLIENT.containers.run(f"ap0llo/poc:{i[0]}",
["attack", vul_id],
detach=True,
network="host",
auto_remove=True)
mongo.db.vuldocker.update_one(
{"id": self.pid}, {'$set': {
"contain_id": contain.id
}})
while True:
count = mongo.db.vuldocker.find({"pid": self.pid}).count()
now_progress = 0
for i in mongo.db.vuldocker.find({"pid": self.pid}):
progress_ = formatnum(i["progress"])
now_progress = now_progress + progress_
progress = now_progress / count
progress = '%.2f' % progress
percent = f"{progress}%"
if percent == "100.00%":
mongo.db.tasks.update_one({"id": self.pid}, {
'$set': {
'progress':
"100.00%",
'status':
'Finished',
'end_time':
datetime.datetime.now(),
'total_host':
mongo.db.vuls.find({
'pid': self.pid
}).count(),
}
})
return True
else:
mongo.db.tasks.update_one({"id": self.pid}, {
'$set': {
'progress':
percent,
"total_host":
mongo.db.vuls.find({
'pid': self.pid
}).count(),
}
})
time.sleep(3)
def finger_controller():
if request.method == "POST":
project = request.form.get('project', None)
child_task_name = request.form.get('parent_project', None)
ip_address = request.form.get("ip_address", None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
if len(ip_address) != 0:
# 输入文本的方案
pid = get_uuid()
target_list = list()
for i in ip_address.split('\n'):
if len(i) > 0 and (i.startswith("http://") or i.startswith("https://")):
task_id = get_uuid()
new_dict = dict()
new_dict["http_address"] = i
new_dict["parent_name"] = project
new_dict["pid"] = task_id
new_dict["flag"] = "port"
target_list.append(new_dict)
url = i
_url = urlparse(url)
hostname = _url.hostname
port = _url.port if _url.port is not None else 80
port_dict = {"id": task_id, "address": hostname, "mac": "Null", "vendor": "Null", "port": port,
"hostname": "Null", "create_date": datetime.datetime.now(),
"end_time": datetime.datetime.now(),
"parent_name": project, "pid": pid, "http_address": i, "fofa": "", "category": "",
"service": "http"}
mongo.db.ports.insert_one(port_dict)
task = {"id": pid, "create_date": datetime.datetime.now(), "parent_name": project,
"target": str(target_list), "task_type": "即时任务", "hack_type": "指纹识别", "status": "Running",
"progress": "0.00%", "contain_id": "Null", "end_time": "Null",
"live_host": 0, "hidden_host": "{}", "total_host": 0,
"user": session.get("admin")}
conf.finger = AttribDict(
{"method": "lilith", "pid": pid, "parent_name": project, "target": target_list})
mongo.db.tasks.insert_one(task)
FingerCMS.thread_start()
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if child_task_name is not None:
# 从项目选择的方案
task_id_new = get_uuid()
task = {"id": task_id_new, "create_date": datetime.datetime.now(), "parent_name": project,
"target": "Null", "task_type": "即时任务", "hack_type": "指纹识别", "status": "Running",
"progress": "0.00%", "contain_id": "Null", "end_time": "Null",
"live_host": 0, "hidden_host": 0, "total_host": "{}", "user": session.get("admin")}
conf.finger = AttribDict(
{"method": "adam", "pid": task_id_new, "parent_name": project, "child_name": child_task_name})
mongo.db.tasks.insert_one(task)
FingerCMS.thread_start()
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task is None:
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.ports.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result, safe=False)
new_target = []
target_list = mongo.db.ports.find(
{'pid': task_id})
for i in target_list:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["地址"] = i["http_address"]
new_dict["标签"] = i["category"]
new_dict["fofa识别"] = i["fofa"]
new_dict["创建时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S")
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有结果"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) != None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {"id": get_uuid(), "hack_type": "指纹识别",
"parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": path,
"status": "Finished", "user": session.get("admin"), "create_date": datetime.datetime.now(),
"full_path": full_path}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
def ports_controllers():
if request.method == "POST":
action = request.form.get("action", None)
project = request.form.get("project", None)
target_id = request.form.get("target_id", None)
ip_address = request.form.get("ip_address", None)
ports = request.form.get("ports", None)
task_id = request.form.get("task_id", None)
option = request.form.get('option', None) # full each
if action == "add":
if ports is None or action is None:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
if mongo.db.tasks.find({
'parent_name': project,
"hack_type": "端口扫描"
}).count() > 0:
result = {"status": 403, "msg": "项目已存在"}
return jsonify(result)
if target_id is None and len(ip_address) > 0:
port = ",".join(ports.split("\n"))
len_ip = get_ip_list(ip_address.split("\n"))
if not len_ip:
result = {"status": 403, "msg": "IP地址格式错误"}
return jsonify(result)
if not get_port_list(ports.split("\n")):
result = {"status": 403, "msg": "端口地址格式错误"}
return jsonify(result)
target_dict = {
"ips":
",".join([i for i in ip_address.split("\n")
if len(i) > 0]),
"ports":
port,
"rates":
10000,
"threads":
5
}
target = json.dumps(target_dict, ensure_ascii=False)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target,
"task_type": "即时任务",
"hack_type": "端口扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": len_ip,
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.ports_scan(uid)
result = {"status": 200, "msg": "任务创建成功"}
return jsonify(result)
if target_id is not None and len(ip_address) == 0:
task_subdomain = mongo.db.subdomains.find({"pid": target_id})
new_list = []
for i in task_subdomain:
lm = i["ips"]
ips = lm.split(",")
# 如果一个域名解析出了五个及以上的地址就认为是有CDN
if len(ips) < 5:
new_list = new_list + ips
ips_list = list_duplicate(new_list)
if option == "each":
port = ports.split("\n")
len_ip = get_ip_list(ips_list)
if not len_ip:
result = {"status": 403, "msg": "IP地址格式错误"}
return jsonify(result)
if not get_port_list(ports.split("\n")):
result = {"status": 403, "msg": "端口地址格式错误"}
return jsonify(result)
target_dict = {
"ips": ','.join(get_list_ip(ips_list)),
"ports": ",".join(port),
"rates": RATE,
"threads": THREADS
}
target = json.dumps(target_dict, ensure_ascii=False)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target,
"task_type": "即时任务",
"hack_type": "端口扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": len_ip,
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.ports_scan(uid)
result = {"status": 200, "msg": "任务创建成功"}
return jsonify(result)
if option == "full":
port = ports.split("\n")
new_c_list = []
for i in ips_list:
if not re.match(
r"^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
i):
continue
ip1, ip2, ip3, ip4 = i.split(".")
c_ip = f"{ip1}.{ip2}.{ip3}.1/24"
new_c_list.append(c_ip)
new_target_ip = list_duplicate(new_c_list)
targetIps = [','.join(new_target_ip), ",".join(port)]
port = ports.split("\n")
len_ip = get_ip_list(new_target_ip)
if not len_ip:
result = {"status": 403, "msg": "IP地址格式错误"}
return jsonify(result)
if not get_port_list(ports.split("\n")):
result = {"status": 403, "msg": "端口地址格式错误"}
return jsonify(result)
target_dict = {
"ips": targetIps,
"ports": ",".join(port),
"rates": RATE,
"threads": THREADS
}
target = json.dumps(target_dict, ensure_ascii=False)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target,
"task_type": "即时任务",
"hack_type": "端口扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": 0,
"total_host": len_ip,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.ports_scan(uid)
result = {"status": 200, "msg": "任务创建成功"}
return jsonify(result)
result = {"status": 403, "msg": "任务失败"}
return jsonify(result)
else:
result = {"status": 403, "msg": "任务失败"}
return jsonify(result)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task is None:
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.ports.delete_many({'pid': task_id})
mongo.db.exports.delete_one({'id': task_id})
result = {"status": 200, "msg": "任务删除成功"}
return jsonify(result)
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.ports.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
result = {"status": 200, "msg": "任务删除成功"}
return jsonify(result)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
ports = mongo.db.ports.find({'pid': task_id})
for i in ports:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["IP地址"] = i["address"]
new_dict["端口"] = i["port"]
new_dict["服务"] = i["service"]
new_dict["指纹"] = i["banner"]
new_dict["创建时间"] = i["create_date"]
new_dict["结束时间"] = i["end_time"]
if "tag" in i:
new_dict["标签"] = i["tag"]
else:
new_dict["标签"] = "Null"
if "title" in i:
new_dict["标题"] = i["title"]
else:
new_dict["标题"] = "Null"
new_dict["服务"] = i["service"]
new_target.append(new_dict)
if mongo.db.exports.find_one({"pid": task_id}) is not None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"端口扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"pid":
task_id,
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
def initiative_controller():
if request.method == "POST":
project = request.form.get('project', None)
child_task_name = request.form.get('parent_project', None)
ip_address = request.form.get("ip_address", None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
if len(project) == 0:
data = {"status": 403, "msg": "请指定项目名称"}
return jsonify(data)
if mongo.db.tasks.find_one({
'hack_type': '主动扫描',
'status': "Running"
}) is not None:
data = {"status": 403, "msg": "任务正在运行,请稍后添加"}
return jsonify(data)
if len(ip_address) != 0:
# 输入文本的方案
pid = get_uuid()
target_list = list()
for i in ip_address.split('\n'):
if len(i) > 0 and (i.startswith("http://")
or i.startswith("https://")):
task_id = get_uuid()
new_dict = dict()
new_dict["http_address"] = i
new_dict["parent_name"] = project
new_dict["pid"] = task_id
new_dict["flag"] = "port"
target_list.append(new_dict)
task = {
"id": pid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": json.dumps(target_list, ensure_ascii=False),
"task_type": "即时任务",
"hack_type": "主动扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": "",
"total_host": 0,
"user": session.get("admin")
}
conf.awvs = AttribDict({
"method": "lilith",
"pid": pid,
"parent_name": project,
"target": target_list
})
mongo.db.tasks.insert_one(task)
awvs = AWVS()
awvs.init()
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if child_task_name is not None:
# 从项目选择的方案
task_id_new = get_uuid()
task = {
"id": task_id_new,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": "Null",
"task_type": "即时任务",
"hack_type": "主动扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": "",
"total_host": "{}",
"user": session.get("admin")
}
conf.awvs = AttribDict({
"method": "adam",
"pid": task_id_new,
"parent_name": project,
"child_name": child_task_name
})
mongo.db.tasks.insert_one(task)
awvs = AWVS()
awvs.init()
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task is None:
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if len(task['hidden_host']) > 0:
target = json.loads(task["hidden_host"])
for i in target:
print(i)
AWVS.delete_target(i["target_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.ports.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result, safe=False)
if mongo.db.exports.find_one({"pid": task_id}) is not None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
uid = get_uuid()
log = {
"id":
uid,
"hack_type":
"主动扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
"Null",
"status":
"Running",
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
"Null"
}
mongo.db.exports.insert(log)
info = mongo.db.tasks.find_one({'id': task_id})["hidden_host"]
AWVS().generate_pdf(json.loads(info), uid)
result = {"status": 200, "msg": "任务建成,请前往导出页面"}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
def pocs_controllers():
if request.method == "POST":
action = request.form.get("action", None)
project = request.form.get("project", None)
target_name = request.form.get("target_name", None)
task_id = request.form.get("task_id", None)
if action == "add":
if project is None or action is None or target_name is None:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": "Null",
"task_type": "即时任务",
"hack_type": "POC扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": 0,
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
ControllerPocs.thread_start(target_name, project, uid)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task is None:
result = {"status": 403, "msg": "任务不存在"}
return jsonify(result)
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.pocs.delete_many({'pid': task_id})
mongo.db.vuldocker.delete_many({'pid': task_id})
mongo.db.vuls.delete_many({'pid': task_id})
result = {"status": 200, "msg": "任务删除成功"}
return jsonify(result)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
vuls = mongo.db.vuls.find({"pid": task_id})
for i in vuls:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S")
new_dict["IP地址"] = i["ip_address"]
new_dict["端口"] = i["port"]
new_dict["漏洞信息"] = i["vul_info"]
new_dict["漏洞名称"] = i["vul_name"]
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有漏洞"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) is None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"漏洞扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
def domains_controllers():
if request.method == "POST":
domain_name = request.form.get('domain', type=str)
project = request.form.get('project', None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
if project == None or domain_name == None or len(project) == 0:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
if mongo.db.tasks.find({'parent_name': project, "hack_type": "域名扫描"}).count() > 0:
result = {"status": 403, "msg": "域名扫描项目已存在"}
return jsonify(result)
new_list = [ii for ii in domain_name.split("\n") if len(ii) > 0]
target_name = ",".join(new_list)
task_id = get_uuid()
task = {"id": task_id, "create_date": datetime.datetime.now(), "parent_name": project,
"target": target_name, "task_type": "即时任务", "hack_type": "域名扫描", "status": "Running",
"contain_id": "Null", "end_time": "Null",
"live_host": len(new_list), "hidden_host": "{}", "total_host": 0,
"user": session.get("admin")}
mongo.db.tasks.insert_one(task)
Controller.subdomain_scan(task_id)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.subdomains.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "search":
# table_name = domain_name.replace('.', '_')
# table_name = domain_name + '_resolve_result'
db = '/app/results.sqlite3'
conn = sqlite3.connect(db)
cursor = conn.cursor()
target_list = []
results = cursor.execute(f'select subdomain from "{domain_name}" ')
all_subdomains = results.fetchall()
for subdomain in all_subdomains:
target_list.append(subdomain[0])
data = {
'domain': domain_name,
'result': target_list,
}
return render(request, 'domain/domains_get',data)
def dirs_controller():
if request.method == "POST":
project = request.form.get('project', None)
child_task_name = request.form.get('target_id', None)
ip_address = request.form.get("ip_address", None)
ext = request.form.get("ext", None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
# if mongo.db.tasks.find({'status': "Running", "hack_type": "目录扫描"}).count() > 0:
# data = {"status": 403, "msg": "现在已有项目正在运行,请稍后添加"}
# return jsonify(data)
if len(ip_address) != 0:
# 输入文本的方案
# [{'http_address': 'http://192.168.3.2:8123', 'keydict': 'common.txt', 'parent_name': '测试项目', 'pid': '141aa854-a78c-42fe-bbf4-99b7d0be37aa'},]
pid = get_uuid()
target_list = list()
for i in ip_address.split('\n'):
if len(i) > 0:
new_dict = dict()
new_dict["http_address"] = i
new_dict["keydict"] = ",".join(ast.literal_eval(ext))
new_dict["parent_name"] = project
new_dict["pid"] = pid
target_list.append(new_dict)
task = {
"id": pid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": json.dumps(target_list, ensure_ascii=False),
"task_type": "即时任务",
"hack_type": "目录扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": len(target_list),
"total_host": "{}",
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
ControllerDirs.thread_start(method="lilith",
project=project,
task_name="s1riu5",
pid=pid)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if child_task_name is not None:
task_id_new = get_uuid()
task = {
"id": task_id_new,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": "Null",
"task_type": "即时任务",
"hack_type": "目录扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": 0,
"total_host": "{}",
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
ControllerDirs.thread_start(method="adam",
project=project,
task_name=child_task_name,
pid=task_id_new)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.vul_dirs.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
subdomains = mongo.db.dir_vuls.find({'pid': task_id})
for i in subdomains:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["地址"] = i["vul_path"]
new_dict["状态"] = i["status_code"]
new_dict["创建时间"] = i["create_date"]
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有结果"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) is not None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"目录扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
