def items_controllers(): if request.method == "POST": item_name = request.form.get('project', None) action = request.form.get('action', None) if action == "add": item = mongo.db.items.find_one({'project': item_name}) if item != None: data = {"status": 403, "msg": "项目已存在"} return jsonify(data) item_id = get_uuid() item = {'project': item_name, 'create_date': datetime.datetime.now(), "id": item_id, "user": session.get("admin")} mongo.db.items.insert_one(item) data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if action == "delete": mongo.db.items.delete_one({'project': item_name}) mongo.db.tasks.delete_many({"parent_name": item_name}) mongo.db.ports.delete_many({"parent_name": item_name}) mongo.db.subdomains.delete_many({"parent_name": item_name}) mongo.db.vuls.delete_many({"parent_name": item_name}) mongo.db.dir_vuls.delete_many({"parent_name": item_name}) data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) data = {"status": 403, "url_jump": "任务添加失败"} return jsonify(data)
def domains_controllers(): if request.method == "POST": domain_name = request.form.get('domain', None) project = request.form.get('project', None) task_id = request.form.get('task_id', None) action = request.form.get('action', None) if action == "add": if project is None or domain_name is None or len(project) == 0: result = {"status": 403, "msg": "值不能为空"} return jsonify(result) if mongo.db.tasks.find({ 'parent_name': project, "hack_type": "域名扫描" }).count() > 0: result = {"status": 403, "msg": "域名扫描项目已存在"} return jsonify(result) new_list = [ii for ii in domain_name.split("\n") if len(ii) > 0] target_name = ",".join(new_list) task_id = get_uuid() task = { "id": task_id, "create_date": datetime.datetime.now(), "parent_name": project, "target": target_name, "task_type": "即时任务", "hack_type": "域名扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": len(new_list), "hidden_host": "{}", "total_host": 0, "user": session.get("admin") } mongo.db.tasks.insert_one(task) Controller.subdomain_scan(task_id) data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if action == "delete": task = mongo.db.tasks.find_one({'id': task_id}) if task["contain_id"] != "Null": Controller.stop_contain(task["contain_id"]) mongo.db.tasks.delete_one({'id': task_id}) mongo.db.subdomains.delete_many({'pid': task_id}) mongo.db.exports.delete_many({'pid': task_id}) data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) if action == "export": if mongo.db.tasks.find_one({'id': task_id })["status"] != "Finished": result = {"status": 403, "msg": "任务还没有完成"} return jsonify(result) new_target = [] subdomains = mongo.db.subdomains.find({ 'parent_name': mongo.db.tasks.find_one({'id': task_id})["parent_name"] }) for i in subdomains: new_dict = dict() new_dict["父级项目"] = i["parent_name"] new_dict["域名"] = i["subdomain_name"] new_dict["时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S") new_dict["端口"] = i["port"] new_dict["IP地址"] = i["ips"] new_dict["标题"] = i["title"] new_dict["指纹"] = i["banner"] new_target.append(new_dict) if len(new_target) == 0: result = {"status": 403, "msg": "没有域名结果"} return jsonify(result) if mongo.db.exports.find_one({"pid": task_id}) is not None: result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"} return jsonify(result) else: # 得到即将下载文件的路径和名称 path, full_path = json_to_excel(new_target) log = { "id": get_uuid(), "hack_type": "域名扫描", "parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": path, "status": "Finished", "user": session.get("admin"), "create_date": datetime.datetime.now(), "full_path": full_path } mongo.db.exports.insert(log) result = {"status": 200, "file_url": path} return jsonify(result) data = {"status": 403, "msg": "操作失败"} return jsonify(data)
def create_attack_task(self, target_list): """ 该函数用来进行POC扫描 :param target_list: :return: """ attack_list_xunfeng = [] attack_list_s1riu5 = [] attack_list_kunpeng = [] attack_list_bugscan = [] pocs = mongo.db.pocs.find({}) pocs_list = list() for i in pocs: pocs_list.append(i) for m in pocs_list: for n in target_list: if m["flag"] == "xunfeng": if n["service"] == m["vul_service"]: new_dict = dict() new_dict["ip"] = n["address"] new_dict["port"] = n["port"] new_dict["poc"] = m["poc_name"] new_dict["keyword"] = m["vul_service"] new_dict["type_file"] = m["file_type"] new_dict["project_name"] = self.project attack_list_xunfeng.append(new_dict) if "tag" in n: if n["tag"] == m["vul_service"]: new_dict = dict() new_dict["ip"] = n["address"] new_dict["port"] = n["port"] new_dict["poc"] = m["poc_name"] new_dict["keyword"] = m["vul_service"] new_dict["type_file"] = m["file_type"] new_dict["project_name"] = self.project attack_list_xunfeng.append(new_dict) elif m["flag"] == "kunpeng": if "subdomain_name" in n: attack_dict = { 'type': 'web', 'target': "web", 'netloc': n["http_address"], "parent_name": self.project } if attack_dict not in attack_list_kunpeng: attack_list_kunpeng.append(attack_dict) else: if n["service"] in ["http", "ssl", "https"]: if 'http' in n["service"]: scheme = 'http' if n["service"] in ['https', 'ssl' ] or n["port"] == 443: scheme = 'https' ip_url = '{}://{}:{}'.format( scheme, n["address"], n["port"]) attack_dict = { 'type': 'web', 'target': "web", 'netloc': ip_url, "parent_name": self.project } if attack_dict not in attack_list_kunpeng: attack_list_kunpeng.append(attack_dict) else: attack_dict = { 'type': 'service', 'target': n["service"], 'netloc': n["address"] + ':' + str(n["port"]), "parent_name": self.project } if attack_dict not in attack_list_kunpeng: attack_list_kunpeng.append(attack_dict) elif m["flag"] == "bugscan": """ m: {'_id': ObjectId('5e2858f3a5c1fe4f0152e6c3'), 'cretae_date': datetime.datetime(2020, 1, 22, 22, 15, 15, 693000), 'vul_type': 'Null', 'file_type': 'py', 'vul_service': 'php168', 'flag': 'bugscan', 'id': '2acda09e-0964-4c52-b06f-c4188f5eeaf5', 'vul_name': 'Null', 'vul_info': 'Null', 'poc_name': 'exp_1170.py', 'vul_level': 'Null'} n: {'_id': ObjectId('5e28ef328cd7cf0e4b791990'), 'id': '12adf194-e1ef-46ee-b552-645733f31e16', 'address': '127.0.0.1', 'mac': 'Null', 'vendor': 'Null', 'port': 8080, 'hostname': 'Null', 'create_date': datetime.datetime(2020, 1, 23, 8, 56, 18, 322000), 'end_time': datetime.datetime(2020, 1, 23, 8, 56, 18, 322000), 'parent_name': ' 测试项目', 'pid': '15ddb1f9-7792-4471-a084-2e6bfd3cc821', 'http_address': 'http://127.0.0.1', 'fofa': 'phpmyadmin,jquery,jquery-ui', 'category': 'phpmyadmin', 'service': 'http'} """ if m.get("vul_service", "") is not None and n.get( "service", "") is not None: if m.get("vul_service", "") in n.get("service", ""): if n.get("service", "") in ["http", "ssl", "https"]: if 'http' in n.get("service"): scheme = 'http' if n.get("service") in [ 'https', 'ssl' ] or n.get("port") == 443: scheme = 'https' target_url = '{}://{}:{}'.format( scheme, n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: target_url = '{}:{}'.format( n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: print(m, n, "service") if m.get("vul_service") is not None and n.get( "category") is not None: if m.get("vul_service") in n.get("category"): if n.get("category") in ["http", "ssl", "https"]: if 'http' in n.get("category"): scheme = 'http' if n.get("category") in [ 'https', 'ssl' ] or n.get("port") == 443: scheme = 'https' target_url = '{}://{}:{}'.format( scheme, n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: target_url = '{}:{}'.format( n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: print(m, n, "category") # if m["vul_service"] in n["service"]: # # attack_dict = {'netloc': n["http_address"], "poc": m["poc_name"], "keyword": n["service"], # "parent_name": self.project} # if attack_dict not in attack_list_bugscan: # attack_list_bugscan.append(attack_dict) # # if m["vul_service"] in n["category"]: # # attack_dict = {'netloc': n["http_address"], "poc": m["poc_name"], "keyword": n["category"], # "parent_name": self.project} # if attack_dict not in attack_list_bugscan: # attack_list_bugscan.append(attack_dict) poc_num = attack_list_xunfeng + attack_list_kunpeng + attack_list_bugscan print(poc_num) sess = mongo.db.tasks.find_one({"id": self.pid}) # 项目被删除的时候 if sess is None: return True if len(poc_num) == 0: mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'total_host': 0, } }) return True target_dict = dict() target_dict["xunfeng"] = attack_list_xunfeng target_dict["kunpeng"] = attack_list_kunpeng target_dict["bugscan"] = attack_list_bugscan for i in target_dict.items(): if len(i[1]) != 0: vul_id = get_uuid() vul = { "id": vul_id, "parent_name": self.project, "progress": "0.00%", "total_num": len(i[1]), "create_date": datetime.datetime.now(), "end_time": "Null", "status": "Running", "target": json.dumps(i[1], ensure_ascii=False), "flag": i[0], "pid": self.pid } mongo.db.vuldocker.insert_one(vul) contain = DOCKER_CLIENT.containers.run(f"ap0llo/poc:{i[0]}", ["attack", vul_id], detach=True, network="host", auto_remove=True) mongo.db.vuldocker.update_one( {"id": self.pid}, {'$set': { "contain_id": contain.id }}) while True: count = mongo.db.vuldocker.find({"pid": self.pid}).count() now_progress = 0 for i in mongo.db.vuldocker.find({"pid": self.pid}): progress_ = formatnum(i["progress"]) now_progress = now_progress + progress_ progress = now_progress / count progress = '%.2f' % progress percent = f"{progress}%" if percent == "100.00%": mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'total_host': mongo.db.vuls.find({ 'pid': self.pid }).count(), } }) return True else: mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': percent, "total_host": mongo.db.vuls.find({ 'pid': self.pid }).count(), } }) time.sleep(3)
def finger_controller(): if request.method == "POST": project = request.form.get('project', None) child_task_name = request.form.get('parent_project', None) ip_address = request.form.get("ip_address", None) task_id = request.form.get('task_id', None) action = request.form.get('action', None) if action == "add": if len(ip_address) != 0: # 输入文本的方案 pid = get_uuid() target_list = list() for i in ip_address.split('\n'): if len(i) > 0 and (i.startswith("http://") or i.startswith("https://")): task_id = get_uuid() new_dict = dict() new_dict["http_address"] = i new_dict["parent_name"] = project new_dict["pid"] = task_id new_dict["flag"] = "port" target_list.append(new_dict) url = i _url = urlparse(url) hostname = _url.hostname port = _url.port if _url.port is not None else 80 port_dict = {"id": task_id, "address": hostname, "mac": "Null", "vendor": "Null", "port": port, "hostname": "Null", "create_date": datetime.datetime.now(), "end_time": datetime.datetime.now(), "parent_name": project, "pid": pid, "http_address": i, "fofa": "", "category": "", "service": "http"} mongo.db.ports.insert_one(port_dict) task = {"id": pid, "create_date": datetime.datetime.now(), "parent_name": project, "target": str(target_list), "task_type": "即时任务", "hack_type": "指纹识别", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": "{}", "total_host": 0, "user": session.get("admin")} conf.finger = AttribDict( {"method": "lilith", "pid": pid, "parent_name": project, "target": target_list}) mongo.db.tasks.insert_one(task) FingerCMS.thread_start() data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if child_task_name is not None: # 从项目选择的方案 task_id_new = get_uuid() task = {"id": task_id_new, "create_date": datetime.datetime.now(), "parent_name": project, "target": "Null", "task_type": "即时任务", "hack_type": "指纹识别", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": 0, "total_host": "{}", "user": session.get("admin")} conf.finger = AttribDict( {"method": "adam", "pid": task_id_new, "parent_name": project, "child_name": child_task_name}) mongo.db.tasks.insert_one(task) FingerCMS.thread_start() data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if action == "delete": task = mongo.db.tasks.find_one({'id': task_id}) if task is None: data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) if task["contain_id"] != "Null": Controller.stop_contain(task["contain_id"]) mongo.db.tasks.delete_one({'id': task_id}) mongo.db.ports.delete_many({'pid': task_id}) mongo.db.exports.delete_many({'pid': task_id}) data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) if action == "export": if mongo.db.tasks.find_one({'id': task_id})["status"] != "Finished": result = {"status": 403, "msg": "任务还没有完成"} return jsonify(result, safe=False) new_target = [] target_list = mongo.db.ports.find( {'pid': task_id}) for i in target_list: new_dict = dict() new_dict["父级项目"] = i["parent_name"] new_dict["地址"] = i["http_address"] new_dict["标签"] = i["category"] new_dict["fofa识别"] = i["fofa"] new_dict["创建时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S") new_target.append(new_dict) if len(new_target) == 0: result = {"status": 403, "msg": "没有结果"} return jsonify(result) if mongo.db.exports.find_one({"pid": task_id}) != None: result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"} return jsonify(result) else: # 得到即将下载文件的路径和名称 path, full_path = json_to_excel(new_target) log = {"id": get_uuid(), "hack_type": "指纹识别", "parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": path, "status": "Finished", "user": session.get("admin"), "create_date": datetime.datetime.now(), "full_path": full_path} mongo.db.exports.insert(log) result = {"status": 200, "file_url": path} return jsonify(result) data = {"status": 403, "msg": "操作失败"} return jsonify(data)
def ports_controllers(): if request.method == "POST": action = request.form.get("action", None) project = request.form.get("project", None) target_id = request.form.get("target_id", None) ip_address = request.form.get("ip_address", None) ports = request.form.get("ports", None) task_id = request.form.get("task_id", None) option = request.form.get('option', None) # full each if action == "add": if ports is None or action is None: result = {"status": 403, "msg": "值不能为空"} return jsonify(result) if mongo.db.tasks.find({ 'parent_name': project, "hack_type": "端口扫描" }).count() > 0: result = {"status": 403, "msg": "项目已存在"} return jsonify(result) if target_id is None and len(ip_address) > 0: port = ",".join(ports.split("\n")) len_ip = get_ip_list(ip_address.split("\n")) if not len_ip: result = {"status": 403, "msg": "IP地址格式错误"} return jsonify(result) if not get_port_list(ports.split("\n")): result = {"status": 403, "msg": "端口地址格式错误"} return jsonify(result) target_dict = { "ips": ",".join([i for i in ip_address.split("\n") if len(i) > 0]), "ports": port, "rates": 10000, "threads": 5 } target = json.dumps(target_dict, ensure_ascii=False) uid = get_uuid() task = { "id": uid, "create_date": datetime.datetime.now(), "parent_name": project, "target": target, "task_type": "即时任务", "hack_type": "端口扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": len_ip, "total_host": 0, "user": session.get("admin") } mongo.db.tasks.insert_one(task) Controller.ports_scan(uid) result = {"status": 200, "msg": "任务创建成功"} return jsonify(result) if target_id is not None and len(ip_address) == 0: task_subdomain = mongo.db.subdomains.find({"pid": target_id}) new_list = [] for i in task_subdomain: lm = i["ips"] ips = lm.split(",") # 如果一个域名解析出了五个及以上的地址就认为是有CDN if len(ips) < 5: new_list = new_list + ips ips_list = list_duplicate(new_list) if option == "each": port = ports.split("\n") len_ip = get_ip_list(ips_list) if not len_ip: result = {"status": 403, "msg": "IP地址格式错误"} return jsonify(result) if not get_port_list(ports.split("\n")): result = {"status": 403, "msg": "端口地址格式错误"} return jsonify(result) target_dict = { "ips": ','.join(get_list_ip(ips_list)), "ports": ",".join(port), "rates": RATE, "threads": THREADS } target = json.dumps(target_dict, ensure_ascii=False) uid = get_uuid() task = { "id": uid, "create_date": datetime.datetime.now(), "parent_name": project, "target": target, "task_type": "即时任务", "hack_type": "端口扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": len_ip, "total_host": 0, "user": session.get("admin") } mongo.db.tasks.insert_one(task) Controller.ports_scan(uid) result = {"status": 200, "msg": "任务创建成功"} return jsonify(result) if option == "full": port = ports.split("\n") new_c_list = [] for i in ips_list: if not re.match( r"^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", i): continue ip1, ip2, ip3, ip4 = i.split(".") c_ip = f"{ip1}.{ip2}.{ip3}.1/24" new_c_list.append(c_ip) new_target_ip = list_duplicate(new_c_list) targetIps = [','.join(new_target_ip), ",".join(port)] port = ports.split("\n") len_ip = get_ip_list(new_target_ip) if not len_ip: result = {"status": 403, "msg": "IP地址格式错误"} return jsonify(result) if not get_port_list(ports.split("\n")): result = {"status": 403, "msg": "端口地址格式错误"} return jsonify(result) target_dict = { "ips": targetIps, "ports": ",".join(port), "rates": RATE, "threads": THREADS } target = json.dumps(target_dict, ensure_ascii=False) uid = get_uuid() task = { "id": uid, "create_date": datetime.datetime.now(), "parent_name": project, "target": target, "task_type": "即时任务", "hack_type": "端口扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": 0, "total_host": len_ip, "user": session.get("admin") } mongo.db.tasks.insert_one(task) Controller.ports_scan(uid) result = {"status": 200, "msg": "任务创建成功"} return jsonify(result) result = {"status": 403, "msg": "任务失败"} return jsonify(result) else: result = {"status": 403, "msg": "任务失败"} return jsonify(result) if action == "delete": task = mongo.db.tasks.find_one({'id': task_id}) if task is None: mongo.db.tasks.delete_one({'id': task_id}) mongo.db.ports.delete_many({'pid': task_id}) mongo.db.exports.delete_one({'id': task_id}) result = {"status": 200, "msg": "任务删除成功"} return jsonify(result) if task["contain_id"] != "Null": Controller.stop_contain(task["contain_id"]) mongo.db.tasks.delete_one({'id': task_id}) mongo.db.ports.delete_many({'pid': task_id}) mongo.db.exports.delete_many({'pid': task_id}) result = {"status": 200, "msg": "任务删除成功"} return jsonify(result) if action == "export": if mongo.db.tasks.find_one({'id': task_id })["status"] != "Finished": result = {"status": 403, "msg": "任务还没有完成"} return jsonify(result) new_target = [] ports = mongo.db.ports.find({'pid': task_id}) for i in ports: new_dict = dict() new_dict["父级项目"] = i["parent_name"] new_dict["IP地址"] = i["address"] new_dict["端口"] = i["port"] new_dict["服务"] = i["service"] new_dict["指纹"] = i["banner"] new_dict["创建时间"] = i["create_date"] new_dict["结束时间"] = i["end_time"] if "tag" in i: new_dict["标签"] = i["tag"] else: new_dict["标签"] = "Null" if "title" in i: new_dict["标题"] = i["title"] else: new_dict["标题"] = "Null" new_dict["服务"] = i["service"] new_target.append(new_dict) if mongo.db.exports.find_one({"pid": task_id}) is not None: result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"} return jsonify(result) else: # 得到即将下载文件的路径和名称 path, full_path = json_to_excel(new_target) log = { "id": get_uuid(), "hack_type": "端口扫描", "parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": path, "status": "Finished", "pid": task_id, "user": session.get("admin"), "create_date": datetime.datetime.now(), "full_path": full_path } mongo.db.exports.insert(log) result = {"status": 200, "file_url": path} return jsonify(result)
def initiative_controller(): if request.method == "POST": project = request.form.get('project', None) child_task_name = request.form.get('parent_project', None) ip_address = request.form.get("ip_address", None) task_id = request.form.get('task_id', None) action = request.form.get('action', None) if action == "add": if len(project) == 0: data = {"status": 403, "msg": "请指定项目名称"} return jsonify(data) if mongo.db.tasks.find_one({ 'hack_type': '主动扫描', 'status': "Running" }) is not None: data = {"status": 403, "msg": "任务正在运行,请稍后添加"} return jsonify(data) if len(ip_address) != 0: # 输入文本的方案 pid = get_uuid() target_list = list() for i in ip_address.split('\n'): if len(i) > 0 and (i.startswith("http://") or i.startswith("https://")): task_id = get_uuid() new_dict = dict() new_dict["http_address"] = i new_dict["parent_name"] = project new_dict["pid"] = task_id new_dict["flag"] = "port" target_list.append(new_dict) task = { "id": pid, "create_date": datetime.datetime.now(), "parent_name": project, "target": json.dumps(target_list, ensure_ascii=False), "task_type": "即时任务", "hack_type": "主动扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": "", "total_host": 0, "user": session.get("admin") } conf.awvs = AttribDict({ "method": "lilith", "pid": pid, "parent_name": project, "target": target_list }) mongo.db.tasks.insert_one(task) awvs = AWVS() awvs.init() data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if child_task_name is not None: # 从项目选择的方案 task_id_new = get_uuid() task = { "id": task_id_new, "create_date": datetime.datetime.now(), "parent_name": project, "target": "Null", "task_type": "即时任务", "hack_type": "主动扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": "", "total_host": "{}", "user": session.get("admin") } conf.awvs = AttribDict({ "method": "adam", "pid": task_id_new, "parent_name": project, "child_name": child_task_name }) mongo.db.tasks.insert_one(task) awvs = AWVS() awvs.init() data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if action == "delete": task = mongo.db.tasks.find_one({'id': task_id}) if task is None: data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) if len(task['hidden_host']) > 0: target = json.loads(task["hidden_host"]) for i in target: print(i) AWVS.delete_target(i["target_id"]) mongo.db.tasks.delete_one({'id': task_id}) mongo.db.ports.delete_many({'pid': task_id}) mongo.db.exports.delete_many({'pid': task_id}) data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) if action == "export": if mongo.db.tasks.find_one({'id': task_id })["status"] != "Finished": result = {"status": 403, "msg": "任务还没有完成"} return jsonify(result, safe=False) if mongo.db.exports.find_one({"pid": task_id}) is not None: result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"} return jsonify(result) else: uid = get_uuid() log = { "id": uid, "hack_type": "主动扫描", "parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": "Null", "status": "Running", "user": session.get("admin"), "create_date": datetime.datetime.now(), "full_path": "Null" } mongo.db.exports.insert(log) info = mongo.db.tasks.find_one({'id': task_id})["hidden_host"] AWVS().generate_pdf(json.loads(info), uid) result = {"status": 200, "msg": "任务建成,请前往导出页面"} return jsonify(result) data = {"status": 403, "msg": "操作失败"} return jsonify(data)
def pocs_controllers(): if request.method == "POST": action = request.form.get("action", None) project = request.form.get("project", None) target_name = request.form.get("target_name", None) task_id = request.form.get("task_id", None) if action == "add": if project is None or action is None or target_name is None: result = {"status": 403, "msg": "值不能为空"} return jsonify(result) uid = get_uuid() task = { "id": uid, "create_date": datetime.datetime.now(), "parent_name": project, "target": "Null", "task_type": "即时任务", "hack_type": "POC扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": 0, "total_host": 0, "user": session.get("admin") } mongo.db.tasks.insert_one(task) ControllerPocs.thread_start(target_name, project, uid) data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if action == "delete": task = mongo.db.tasks.find_one({'id': task_id}) if task is None: result = {"status": 403, "msg": "任务不存在"} return jsonify(result) if task["contain_id"] != "Null": Controller.stop_contain(task["contain_id"]) mongo.db.tasks.delete_one({'id': task_id}) mongo.db.pocs.delete_many({'pid': task_id}) mongo.db.vuldocker.delete_many({'pid': task_id}) mongo.db.vuls.delete_many({'pid': task_id}) result = {"status": 200, "msg": "任务删除成功"} return jsonify(result) if action == "export": if mongo.db.tasks.find_one({'id': task_id })["status"] != "Finished": result = {"status": 403, "msg": "任务还没有完成"} return jsonify(result) new_target = [] vuls = mongo.db.vuls.find({"pid": task_id}) for i in vuls: new_dict = dict() new_dict["父级项目"] = i["parent_name"] new_dict["时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S") new_dict["IP地址"] = i["ip_address"] new_dict["端口"] = i["port"] new_dict["漏洞信息"] = i["vul_info"] new_dict["漏洞名称"] = i["vul_name"] new_target.append(new_dict) if len(new_target) == 0: result = {"status": 403, "msg": "没有漏洞"} return jsonify(result) if mongo.db.exports.find_one({"pid": task_id}) is None: result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"} return jsonify(result) else: # 得到即将下载文件的路径和名称 path, full_path = json_to_excel(new_target) log = { "id": get_uuid(), "hack_type": "漏洞扫描", "parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": path, "status": "Finished", "user": session.get("admin"), "create_date": datetime.datetime.now(), "full_path": full_path } mongo.db.exports.insert(log) result = {"status": 200, "file_url": path} return jsonify(result) data = {"status": 403, "msg": "操作失败"} return jsonify(data)
def domains_controllers(): if request.method == "POST": domain_name = request.form.get('domain', type=str) project = request.form.get('project', None) task_id = request.form.get('task_id', None) action = request.form.get('action', None) if action == "add": if project == None or domain_name == None or len(project) == 0: result = {"status": 403, "msg": "值不能为空"} return jsonify(result) if mongo.db.tasks.find({'parent_name': project, "hack_type": "域名扫描"}).count() > 0: result = {"status": 403, "msg": "域名扫描项目已存在"} return jsonify(result) new_list = [ii for ii in domain_name.split("\n") if len(ii) > 0] target_name = ",".join(new_list) task_id = get_uuid() task = {"id": task_id, "create_date": datetime.datetime.now(), "parent_name": project, "target": target_name, "task_type": "即时任务", "hack_type": "域名扫描", "status": "Running", "contain_id": "Null", "end_time": "Null", "live_host": len(new_list), "hidden_host": "{}", "total_host": 0, "user": session.get("admin")} mongo.db.tasks.insert_one(task) Controller.subdomain_scan(task_id) data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if action == "delete": task = mongo.db.tasks.find_one({'id': task_id}) if task["contain_id"] != "Null": Controller.stop_contain(task["contain_id"]) mongo.db.tasks.delete_one({'id': task_id}) mongo.db.subdomains.delete_many({'pid': task_id}) mongo.db.exports.delete_many({'pid': task_id}) data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) if action == "search": # table_name = domain_name.replace('.', '_') # table_name = domain_name + '_resolve_result' db = '/app/results.sqlite3' conn = sqlite3.connect(db) cursor = conn.cursor() target_list = [] results = cursor.execute(f'select subdomain from "{domain_name}" ') all_subdomains = results.fetchall() for subdomain in all_subdomains: target_list.append(subdomain[0]) data = { 'domain': domain_name, 'result': target_list, } return render(request, 'domain/domains_get',data)
def dirs_controller(): if request.method == "POST": project = request.form.get('project', None) child_task_name = request.form.get('target_id', None) ip_address = request.form.get("ip_address", None) ext = request.form.get("ext", None) task_id = request.form.get('task_id', None) action = request.form.get('action', None) if action == "add": # if mongo.db.tasks.find({'status': "Running", "hack_type": "目录扫描"}).count() > 0: # data = {"status": 403, "msg": "现在已有项目正在运行,请稍后添加"} # return jsonify(data) if len(ip_address) != 0: # 输入文本的方案 # [{'http_address': 'http://192.168.3.2:8123', 'keydict': 'common.txt', 'parent_name': '测试项目', 'pid': '141aa854-a78c-42fe-bbf4-99b7d0be37aa'},] pid = get_uuid() target_list = list() for i in ip_address.split('\n'): if len(i) > 0: new_dict = dict() new_dict["http_address"] = i new_dict["keydict"] = ",".join(ast.literal_eval(ext)) new_dict["parent_name"] = project new_dict["pid"] = pid target_list.append(new_dict) task = { "id": pid, "create_date": datetime.datetime.now(), "parent_name": project, "target": json.dumps(target_list, ensure_ascii=False), "task_type": "即时任务", "hack_type": "目录扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": len(target_list), "total_host": "{}", "user": session.get("admin") } mongo.db.tasks.insert_one(task) ControllerDirs.thread_start(method="lilith", project=project, task_name="s1riu5", pid=pid) data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if child_task_name is not None: task_id_new = get_uuid() task = { "id": task_id_new, "create_date": datetime.datetime.now(), "parent_name": project, "target": "Null", "task_type": "即时任务", "hack_type": "目录扫描", "status": "Running", "progress": "0.00%", "contain_id": "Null", "end_time": "Null", "live_host": 0, "hidden_host": 0, "total_host": "{}", "user": session.get("admin") } mongo.db.tasks.insert_one(task) ControllerDirs.thread_start(method="adam", project=project, task_name=child_task_name, pid=task_id_new) data = {"status": 200, "msg": "项目添加成功"} return jsonify(data) if action == "delete": task = mongo.db.tasks.find_one({'id': task_id}) if task["contain_id"] != "Null": Controller.stop_contain(task["contain_id"]) mongo.db.tasks.delete_one({'id': task_id}) mongo.db.vul_dirs.delete_many({'pid': task_id}) mongo.db.exports.delete_many({'pid': task_id}) data = {"status": 200, "msg": "项目删除成功"} return jsonify(data) if action == "export": if mongo.db.tasks.find_one({'id': task_id })["status"] != "Finished": result = {"status": 403, "msg": "任务还没有完成"} return jsonify(result) new_target = [] subdomains = mongo.db.dir_vuls.find({'pid': task_id}) for i in subdomains: new_dict = dict() new_dict["父级项目"] = i["parent_name"] new_dict["地址"] = i["vul_path"] new_dict["状态"] = i["status_code"] new_dict["创建时间"] = i["create_date"] new_target.append(new_dict) if len(new_target) == 0: result = {"status": 403, "msg": "没有结果"} return jsonify(result) if mongo.db.exports.find_one({"pid": task_id}) is not None: result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"} return jsonify(result) else: # 得到即将下载文件的路径和名称 path, full_path = json_to_excel(new_target) log = { "id": get_uuid(), "hack_type": "目录扫描", "parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": path, "status": "Finished", "user": session.get("admin"), "create_date": datetime.datetime.now(), "full_path": full_path } mongo.db.exports.insert(log) result = {"status": 200, "file_url": path} return jsonify(result) data = {"status": 403, "msg": "操作失败"} return jsonify(data)