Ejemplo n.º 1
0
def tasks_dispatch_web(taskID, url):
    app.send_task(name='ServInfo',
                  queue='ServInfo',
                  kwargs=dict(taskID=taskID, url=url))

    app.send_task(name='CmsFinger',
                  queue='CmsFinger',
                  kwargs=dict(taskID=taskID, url=url))

    app.send_task(
        name='Wappalyzer',
        queue='Wappalyzer',
        kwargs=dict(taskID=taskID, domain=url),
    )
    app.send_task(name='SFileScan',
                  queue='SFileScan',
                  kwargs=dict(taskID=taskID, url=url))
    _ = MongoDB()
    info = _.get_one_hostscan_info(taskID)
    if 'domain' in info.keys() and len(info['domain']) != 0:
        app.send_task(name='DirScan',
                      queue='DirScan',
                      kwargs=dict(taskID=taskID, target=info['domain']))
    else:
        pass
Ejemplo n.º 2
0
def wappalyzer(self, taskID, domain):
    if not domain.startswith('http'):
        domain = 'http://' + domain
    wappalyzer = Wappalyzer.latest()
    res = ''
    try:
        webpage = WebPage.new_from_url(domain, verify=False)
        res = wappalyzer.analyze(webpage)
        print(list(res))
        x = MongoDB()
        x.add_wappalyzer(taskID, list(res))
    except requests.exceptions.ConnectTimeout as e:
        print(e)
        # 不存在该服务也会可能出现这种异常
        app.send_task(
            name='Wappalyzer',
            queue='Wappalyzer',
            kwargs=dict(taskID=taskID, domain=domain),
        )
    except requests.exceptions.ConnectionError as e:
        # 可能是该主机不存在http服务
        print(e)
        # app.send_task(name='Wappalyzer',
        #               queue='Wappalyzer',
        #               kwargs=dict(taskID=taskID, domain=domain),
        #               )
    except Exception as e:
        print(e)
    return list(res)
Ejemplo n.º 3
0
 def on_failure(self, exc, task_id, args, kwargs, einfo):
     print(' task fail {}:{}:{}:{}:{}'.format(exc, task_id, args, kwargs,
                                              einfo))
     if self.request.retries == 1:
         # 连续2次失败,把任务推给 nmap
         print('重试失败,推送任务到PortServScan')
         app.send_task(name='PortServScan',
                       queue='PortServScan',
                       kwargs=dict(taskID=kwargs['taskID'],
                                   ip_addr=kwargs['host'],
                                   resp='syn_normal'))
Ejemplo n.º 4
0
def add_task(taskID, host):
    # app.send_task(name='PortScan',
    #               queue='PortScan',
    #               kwargs=dict(taskID=taskID, host=host))
    ##TODO 细化poc之前直接全扫

    app.send_task(name='PortServScan',
                  queue='PortServScan',
                  kwargs=dict(taskID=taskID, ip_addr=host, resp='syn_normal'))
    app.send_task(name='IpLocation',
                  queue='IpLocation',
                  kwargs=dict(taskID=taskID, ip=host))
Ejemplo n.º 5
0
    def get(request, mobile):
        redis_conn = get_redis_connection('code')

        # 参数校验
        params = request.query_params
        serializer = SmsCodeSerializer(data=params)
        serializer.is_valid(raise_exception=True)

        # 查看用户是否频繁获取
        if redis_conn.get('sms_flag_%s' % mobile):
            return Response(status=status.HTTP_429_TOO_MANY_REQUESTS)

        sms_code = '%06d' % randint(0, 999999)

        # 在redis中设置短信接用户缓存
        redis_conn.set('sms_code_%s' % mobile, sms_code, 300)
        redis_conn.set('sms_flag_%s' % mobile, 1, 60)

        # 发送短信, 利用celery异步发送
        app.send_task('send_sms_code', (mobile, sms_code))
        return Response({'message': 'ok'})
Ejemplo n.º 6
0
# app.send_task(name='CmsFinger',
#               queue='CmsFinger',
#               kwargs=dict(taskID='5d7c96f15ded2c3496c7d368',url='blog.zzp198.cn'))
#
# app.send_task(name='CmsFinger',
#               queue='CmsFinger',
#               kwargs=dict(taskID='5d7c96f15ded2c3496c7d368',url='188.131.133.213'))

# app.send_task(name='Wappalyzer',
#               queue = 'Wappalyzer',
#               kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', domain='123.207.155.221')
#               )

# app.send_task(name='PortScan',
#               queue = 'PortScan',
#               kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', host='192.168.232.112')
#               )

# app.send_task(name='DirScan',
#               queue = 'DirScan',
#               kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', target='https://blog.ixuchao.cn')
#               )

# app.send_task(name='RDPassSpray',
#               queue='RDPassSpray',
#               kwargs=dict(taskID='5d7a2f0ccb102ff5bce42783',target='10.0.83.217'))

app.send_task(name='PocScan',
              queue='PocScan',
              kwargs=dict(taskID='5d7a2f0ccb102ff5bce42783', ip='127.0.0.1'))
Ejemplo n.º 7
0
def handle_result(taskID, ip_addr, result):
    for key, value in result.items():
        # TODO 需要添加 只有443开放但是80未开放  的情况 和web端口更改的情况
        if (key == 80 or key
                == 443) and 'name' in value.keys() and 'http' in value['name']:
            tasks_dispatch_web(taskID, ip_addr)
        # elif key == 443 and 'name' in value.keys() and 'http' in value['name']:
        #     tasks_dispatch(taskID, ip_addr)
        if 'name' in value.keys() and re.search('ms-wbt-server', value['name'],
                                                re.I):
            #推送给单独爆破的脚本
            app.send_task(name='RDPassSpray',
                          queue='RDPassSpray',
                          kwargs=dict(taskID=taskID, target=ip_addr))
        if key == 8080:
            # TODO 找出明确特征证明使用的是st2框架
            pass

        if 'name' in value.keys():
            service = value['name']
            # 详见https://svn.nmap.org/nmap/nmap-services
            if re.search('teedtap', service, re.I):
                service = 'mssql'
            elif 'ssh' == service or re.search('tcpwrapped', service,
                                               re.I):  # 'ssh' in service:
                service = 'ssh'
            elif 'mysql' == service:
                service = 'mysql'
            # elif re.search('ms-wbt-server', service, re.I):
            #     service = 'rdp'
            ## 因为hydra的rdp爆破脚本过时,支持不够广泛,这里的爆破任务推送给独立爆破脚本
            elif re.search('microsoft-ds', service, re.I):
                service = 'smb'
            # elif re.search('pop3', service, re.I):  #太耗费时间,成功率不高
            #     service = 'pop3'
            elif re.search('telnet', service, re.I):
                service = 'telnet'
            elif re.search('ftp', service, re.I):
                service = 'ftp'
            elif re.search('memcache', service, re.I):
                service = 'memcache'
            elif re.search('postgresql', service, re.I):
                service = 'postgresql'
            elif re.search('redis', service, re.I):
                service = 'redis'
            elif re.search('oracle', service, re.I):
                service = 'oracle'
            # elif re.search('mongod', service, re.I):  ##TODO mongo 爆破
            #     service = 'mongod'
            elif 'tomcat' in service:
                service = 'tomcat'
            elif re.search('^vnc-\d{1}', service, re.I):
                service = 'vnc'
            elif 'weblogic' in service:
                service = 'weblogic'
            # elif 'imap' == service:
            #     service = 'imap'
            # elif 'smtp' == service:
            #     service = 'smtp'
            elif 'svn' == service:
                service = 'svn'
            else:
                service = 'xxx'
            if not service == 'xxx':
                app.send_task(name='HydraBrute',
                              queue='HydraBrute',
                              kwargs=dict(taskID=taskID,
                                          username='******',
                                          dict='small',
                                          host=ip_addr,
                                          port=key,
                                          service=service))
        else:
            print('no name in keys')
Ejemplo n.º 8
0
def handle_result(taskID, ip_addr, result):
    for key, value in result.items():
        if key == 80 and 'name' in value.keys() and 'http' in value['name']:
            tasks_dispatch(taskID, ip_addr)
        elif key == 443 and 'name' in value.keys() and 'http' in value['name']:
            tasks_dispatch(taskID, ip_addr)
        if 'name' in value.keys():
            service = value['name']
            ##TODO 确定输出service名称的一致性
            # 详见https://svn.nmap.org/nmap/nmap-services
            if re.search('teedtap', service, re.I):
                service = 'mssql'
            elif 'ssh' == service or re.search('tcpwrapped', service,
                                               re.I):  # 'ssh' in service:
                service = 'ssh'
            elif 'mysql' == service:
                service = 'mysql'
            elif re.search('ms-wbt-server', service, re.I):
                service = 'rdp'
            elif re.search('microsoft-ds', service, re.I):
                service = 'smb'
            # elif re.search('pop3', service, re.I):  #太耗费时间,成功率不高
            #     service = 'pop3'
            elif re.search('telnet', service, re.I):
                service = 'telnet'
            elif re.search('ftp', service, re.I):
                service = 'ftp'
            elif re.search('memcache', service, re.I):
                service = 'memcache'
            elif re.search('postgresql', service, re.I):
                service = 'postgresql'
            elif re.search('redis', service, re.I):
                service = 'redis'
            elif re.search('oracle', service, re.I):
                service = 'oracle'
            # elif re.search('mongodb', service, re.I):
            #     service = 'mongo'
            elif 'tomcat' in service:
                service = 'tomcat'
            elif re.search('^vnc-\d{1}', service, re.I):
                service = 'vnc'
            elif 'weblogic' in service:
                service = 'weblogic'
            # elif 'imap' == service:
            #     service = 'imap'
            # elif 'smtp' == service:
            #     service = 'smtp'
            elif 'svn' == service:
                service = 'svn'
            else:
                service = 'xxx'
            if not service == 'xxx':
                app.send_task(name='HydraBrute',
                              queue='HydraBrute',
                              kwargs=dict(taskID=taskID,
                                          username='******',
                                          dict='small',
                                          host=ip_addr,
                                          port=key,
                                          service=service))
        else:
            print('no name in keys')
Ejemplo n.º 9
0
 def add_tasks(self, taskID, host):
     app.send_task(name='AliveScan',
                   queue='AliveScan',
                   kwargs=dict(taskID=taskID, ip=host, ip_type='single'))
Ejemplo n.º 10
0
# @Blog    : https://blog.ixuchao.cn
# @File    : complete_publish_test.py

from utils.mongo_op import MongoDB
from celery_tasks.main import app

x = MongoDB()
id = x.add_Ftask()

# app.send_task(name='AliveScan',
#               queue='AliveScan',
#               kwargs=dict(FtaskID=str(id), ip='127.0.0.1', ip_type='single'))

app.send_task(name='AliveScan',
              queue='AliveScan',
              kwargs=dict(FtaskID=str(id),
                          ip='149.129.89.150-149.129.89.170',
                          ip_type='range'))

#149.129.60.133
# app.send_task(name='AliveScan',
#               queue='AliveScan',
#               kwargs=dict(FtaskID=str(id), ip='149.129.60.200-149.129.60.250', ip_type='range'))

# app.send_task(name='AliveScan',
#               queue='AliveScan',
#               kwargs=dict(FtaskID=str(id), ip='123.207.155.221', ip_type='single'))
# app.send_task(name='AliveScan',
#               queue='AliveScan',
#               kwargs=dict(FtaskID=str(id), ip='123.207.155.221', ip_type='single'))
# app.send_task(name='AliveScan',
Ejemplo n.º 11
0
def add_serv_task(taskID, host, ports):
    app.send_task(name='ServScan',
                  queue='ServScan',
                  kwargs=dict(taskID=taskID, host=host, ports=ports))