def api(): @route('/scan/', method='POST') def scan(): token = request.query.token if token: postdata = request.body.read() flag1 = request_filter(parse_request_service(postdata), '', black_rules) #url 去重 flag2 = is_duplicate( 'results', getRid(postdata)) # results 表去重,如果以及扫描过了,就不再进行扫描(不区分token去重)) flag3 = is_duplicate('requests', getRid(postdata)) # requests 表去重 if flag1 == True: if flag2 == flag3 == False: data = {'token': token, 'body': postdata} sendToMQ(data) return 'send to burp scan' else: return 'fail:repeat scan' else: return 'fail: %s' % flag1 # bottle+paste 实现非阻塞的web服务器 run(server='paste', host='0.0.0.0', port=7001, debug=True)
def run(self): # Ghost trap starts here '''Starts HTTP Service''' #This decorator handles http get requests @ghost_trap.error(404) def error404(error): if request['REMOTE_ADDR'] not in self.cookies: operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page(operating_system) return (source_page) @ghost_trap.error(505) def error505(error): if request['REMOTE_ADDR'] not in self.cookies: operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page(operating_system) return (source_page) @ghost_trap.route('/') def default_page(): self.control_settings['new connection'] = 'New connection from ' +\ request['REMOTE_ADDR'] + ' ' + ('-'*4) + ' ' + request['HTTP_USER_AGENT'] self.emit( QtCore.SIGNAL("got new connection")) # Anounce new connection if self.control_settings[ 'cookies']: # Cookie processing is enabled if request['REMOTE_ADDR'] not in self.cookies: if self.control_settings[ 'answer all']: # if True (Answer all operating systems) operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page( operating_system) return (source_page) elif self.control_settings[ 'answer windows']: # if True (Anwser only windows systems) source_page = self.get_vulnerability_page("window") return (source_page) else: source_page = self.get_vulnerability_page("linux") return (source_page) else: if self.control_settings[ 'answer all']: # if True (Answer all operating systems) operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page(operating_system) return (source_page) elif self.control_settings[ 'answer windows']: # if True (Anwser only windows systems) source_page = self.get_vulnerability_page("window") else: source_page = self.get_vulnerability_page("linux") return (source_page) # This decorator handles payload downloads @ghost_trap.route( '/' + self.directory_split(self.control_settings['windows_payload'])[0] ) # Windows payload handler def download_windows_payload(): self.cookies.append(request['REMOTE_ADDR']) # Set client cookies self.control_settings['new download'] = request[ 'REMOTE_ADDR'] + ' just downloaded the windows payload!' self.emit(QtCore.SIGNAL("new download")) executable_variable = self.directory_split( self.control_settings['windows_payload']) return (static_file(executable_variable[0], root=executable_variable[2], download=executable_variable[0])) @ghost_trap.route( '/' + self.directory_split(self.control_settings['linux_payload'])[0] ) # Linux payload handler def download_linux_payload(): self.cookies.append(request['REMOTE_ADDR']) # Set cookie self.control_settings['new download'] = request[ 'REMOTE_ADDR'] + ' just downloaded the linux payload!' # Anounce new download self.emit(QtCore.SIGNAL("new download")) executable_variable = self.directory_split( self.control_settings['linux_payload']) return (static_file(executable_variable[0], root=executable_variable[2], download=executable_variable[0])) # This decorator sends html script files to remote browser @ghost_trap.route( '/' + self.directory_split(self.control_settings['windows_webpage'])[1] + '/:filename#.*#') def html_files( filename ): # ('index.html', 'index_files', '/root/Desktop/path/') for HTML return(static_file(filename,root = self.directory_split(self.control_settings['windows_webpage'])[2] + \ self.directory_split(self.control_settings['windows_webpage'])[1] + '/')) @ghost_trap.route( '/' + self.directory_split(self.control_settings['linux_webpage'])[1] + '/:filename#.*#') def html_files( filename ): # ('index.html', 'index_files', '/root/Desktop/path/') for HTML return(static_file(filename,root = self.directory_split(self.control_settings['linux_webpage'])[2] + \ self.directory_split(self.control_settings['linux_webpage'])[1] + '/')) # debug(True) run(ghost_trap, host=str(self.control_settings['ip_address']), port=int(self.control_settings['port']), quiet=True) # run(host='127.0.0.1',port=80)
@app.post('/admin/option') @auth.check_login def option_manage_post(): '''站点基本设置POST数据''' return OptionsService.update('%s%s' % (MEMCACHE_KEY, '_option')) @app.post('/admin/black') @auth.check_login def black_manage_post(): '''黑名单管理POST数据''' _action = request.POST.get('action', '') if 'deleted' == _action: return BlackListService.delete_black() if 'add' == _action: return BlackListService.add() if __name__ == "__main__": # Interactive mode import sys port = int(sys.argv[1] if len(sys.argv) > 1 else 8888) run(app, host='0.0.0.0', port=port, reloader=True) elif 'SERVER_SOFTWARE' not in os.environ: # Mod WSGI launch import os os.chdir(os.path.dirname(__file__)) app = app
from beaker.middleware import SessionMiddleware from core import bottle from application import settings # override the template path if we have had one specified BEFORE importing the routes try: bottle.TEMPLATE_PATH = settings.TEMPLATE_PATH except: pass # now import the routes from core.routes import * from application.routes import * session_opts = { 'session.auto':True, 'session.cookie_expires': 60 * 60 * 60, 'session.key':'se', 'session.type':'file', 'session.data_dir':'/home/chris/code/_beaker_sessions', } app = SessionMiddleware(bottle.app(), session_opts) if __name__ == '__main__': with open(settings.ROOTPATH +'/app.pid','w') as f: f.write(str(os.getpid())) if settings.DEBUG: bottle.debug() bottle.run(app=app, server=settings.SERVER, reloader=settings.DEBUG, host=settings.APPHOST, port=settings.APPPORT, quiet=(settings.DEBUG==False) )
def run(self): # Ghost trap starts here '''Starts HTTP Service''' #This decorator handles http get requests @ghost_trap.error(404) def error404(error): if request['REMOTE_ADDR'] not in self.cookies: operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page(operating_system) return(source_page) @ghost_trap.error(505) def error505(error): if request['REMOTE_ADDR'] not in self.cookies: operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page(operating_system) return(source_page) @ghost_trap.route('/') def default_page(): self.control_settings['new connection'] = 'New connection from ' +\ request['REMOTE_ADDR'] + ' ' + ('-'*4) + ' ' + request['HTTP_USER_AGENT'] self.emit(QtCore.SIGNAL("got new connection")) # Anounce new connection if self.control_settings['cookies']: # Cookie processing is enabled if request['REMOTE_ADDR'] not in self.cookies: if self.control_settings['answer all']: # if True (Answer all operating systems) operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page(operating_system) return(source_page) elif self.control_settings['answer windows']: # if True (Anwser only windows systems) source_page = self.get_vulnerability_page("window") return(source_page) else: source_page = self.get_vulnerability_page("linux") return(source_page) else: if self.control_settings['answer all']: # if True (Answer all operating systems) operating_system = request['HTTP_USER_AGENT'] source_page = self.get_vulnerability_page(operating_system) return(source_page) elif self.control_settings['answer windows']: # if True (Anwser only windows systems) source_page = self.get_vulnerability_page("window") else: source_page = self.get_vulnerability_page("linux") return(source_page) # This decorator handles payload downloads @ghost_trap.route('/' + self.directory_split(self.control_settings['windows_payload'])[0]) # Windows payload handler def download_windows_payload(): self.cookies.append(request['REMOTE_ADDR']) # Set client cookies self.control_settings['new download'] = request['REMOTE_ADDR'] + ' just downloaded the windows payload!' self.emit(QtCore.SIGNAL("new download")) executable_variable = self.directory_split(self.control_settings['windows_payload']) return(static_file(executable_variable[0],root = executable_variable[2],download = executable_variable[0])) @ghost_trap.route('/' + self.directory_split(self.control_settings['linux_payload'])[0]) # Linux payload handler def download_linux_payload(): self.cookies.append(request['REMOTE_ADDR']) # Set cookie self.control_settings['new download'] = request['REMOTE_ADDR'] + ' just downloaded the linux payload!' # Anounce new download self.emit(QtCore.SIGNAL("new download")) executable_variable = self.directory_split(self.control_settings['linux_payload']) return(static_file(executable_variable[0],root = executable_variable[2],download = executable_variable[0])) # This decorator sends html script files to remote browser @ghost_trap.route('/' + self.directory_split(self.control_settings['windows_webpage'])[1]+ '/:filename#.*#') def html_files(filename): # ('index.html', 'index_files', '/root/Desktop/path/') for HTML return(static_file(filename,root = self.directory_split(self.control_settings['windows_webpage'])[2] + \ self.directory_split(self.control_settings['windows_webpage'])[1] + '/')) @ghost_trap.route('/' + self.directory_split(self.control_settings['linux_webpage'])[1]+ '/:filename#.*#') def html_files(filename): # ('index.html', 'index_files', '/root/Desktop/path/') for HTML return(static_file(filename,root = self.directory_split(self.control_settings['linux_webpage'])[2] + \ self.directory_split(self.control_settings['linux_webpage'])[1] + '/')) # debug(True) run(ghost_trap,host= str(self.control_settings['ip_address']),port=int(self.control_settings['port']),quiet=True) # run(host='127.0.0.1',port=80)
'''站点基本设置''' _data = OptionsService.get_option('%s%s'%(MEMCACHE_KEY, '_option')) return template("admin/option.html", handler=get_site_info(), data=_data) @app.post('/admin/option') @auth.check_login def option_manage_post(): '''站点基本设置POST数据''' return OptionsService.update('%s%s'%(MEMCACHE_KEY, '_option')) @app.post('/admin/black') @auth.check_login def black_manage_post(): '''黑名单管理POST数据''' _action = request.POST.get('action', '') if 'deleted' == _action: return BlackListService.delete_black() if 'add' == _action: return BlackListService.add() if __name__ == "__main__": # Interactive mode import sys port = int(sys.argv[1] if len(sys.argv) > 1 else 8888) run(app, host='0.0.0.0', port=port, reloader=True) elif 'SERVER_SOFTWARE' not in os.environ: # Mod WSGI launch import os os.chdir(os.path.dirname(__file__)) app = app