def create_repoter(self):
main_url = DatabaseType(self.projectTag).getURLfromDB()
parse_url = urlparse(main_url)
host = parse_url.netloc
reportType = CommandLines().cmd().report
reportTypes = reportType.split(',')
if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes or "html" in reportTypes:
self.log.info(Utils().tellTime() + Utils().getMyWord("{report_creat}"))
if "html" in reportTypes:
nameHtml = "reports" + os.sep + host + "-" + self.projectTag + ".html"
if os.path.exists("reports" + os.sep + "res"):
pass
else:
Utils().copyPath("doc" + os.sep + "template" + os.sep + "html" + os.sep + "res","reports")
try:
CreatHtml(self.projectTag,nameHtml).CreatMe()
self.log.debug("html模板正常")
except Exception as e:
self.log.error("[Err] %s" % e)
if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes:
Docx_replace(self.projectTag).mainReplace()
if "doc" in reportTypes:
nameDoc = "reports" + os.sep + host + "-" + self.projectTag + ".docx"
Docx_replace(self.projectTag).docMove(nameDoc)
if "txt" in reportTypes:
nameTxt = "reports" + os.sep + host + "-" + self.projectTag + ".txt"
CreatTxt(self.projectTag,nameTxt).CreatMe()
if "pdf" in reportTypes:
namePdf = "reports" + os.sep + host + "-" + self.projectTag + ".pdf"
CreatPdf(self.projectTag,namePdf).CreatMe()
Docx_replace(self.projectTag).docDel()
if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes or "html" in reportTypes:
time.sleep(2) #waiting
self.log.info(Utils().tellTime() + Utils().getMyWord("{report_fini}"))
def getBaseurl(self, filePath):
baseURL = CommandLines().cmd().baseurl
if baseURL == None:
self.baseUrlPaths.append("/") # 加入一个默认的
with open(filePath, "r", encoding="utf-8",errors="ignore") as js_path:
baseUrlStr = js_path.read()
for baseurlRegx in self.baseUrlRegxs:
baseurLists = re.findall(baseurlRegx, baseUrlStr)
for baseurlPath in baseurLists:
if baseurlPath != '' and '/' in baseurlPath and baseurlPath != "/" and len(baseurlPath) > 3 and len(
baseurlPath) < 20:
for apiExt in self.apiExts.split(","):
if apiExt not in baseurlPath:
flag = 1
else:
flag = 0
break
if flag:
if baseurlPath[0] == "/":
baseurlPath = baseurlPath[1:]
if "?" in baseurlPath:
baseurlPath = baseurlPath.split("?")[0]
self.baseUrlPaths.append(baseurlPath)
else:
self.baseUrlPaths.append(baseurlPath)
else:
baseURLs = baseURL.split(',')
self.baseUrlPaths = baseURLs
def dealJs(self, js_paths): # 生成js绝对路径
res = urlparse(self.url) # 处理url多余部分
if res.path == "":
baseUrl = res.scheme + "://" + res.netloc + "/"
else:
baseUrl = res.scheme + "://" + res.netloc + res.path
if res.path[-1:] != "/": # 文件夹没"/",若输入的是文件也会被加上,但是影响不大
baseUrl = baseUrl + "/"
if self.url[-1:] != "/": # 有文件的url
tmpPath = res.path.split('/')
tmpPath = tmpPath[:] # 防止解析报错
del tmpPath[-1]
baseUrl = res.scheme + "://" + res.netloc + "/".join(tmpPath) + "/"
for jsPath in js_paths: # 路径处理多种情况./ ../ / http
if jsPath[:2] == "./":
jsPath = jsPath.replace("./", "")
jsRealPath = baseUrl + jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:3] == "../":
dirCount = jsPath.count('../')
tmpCount = 1
jsPath = jsPath.replace("../", "")
new_tmpPath = tmpPath[:] # 防止解析报错
while tmpCount <= dirCount:
del new_tmpPath[-1]
tmpCount = tmpCount + 1
baseUrl = res.scheme + "://" + res.netloc + "/".join(
new_tmpPath) + "/"
jsRealPath = baseUrl + jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:1] == "/":
jsRealPath = res.scheme + "://" + res.netloc + jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:4] == "http":
jsRealPath = jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:2] == "//": # 自适应域名js
jsRealPath = res.scheme + ":" + jsPath
self.jsRealPaths.append(jsRealPath)
else:
#jsRealPath = res.scheme + "://" + res.netloc + "/" + jsPath
jsRealPath = baseUrl + jsPath #我感觉我原来的逻辑写错了
self.jsRealPaths.append(jsRealPath)
self.log.info(Utils().tellTime() +
Utils().getMyWord("{pares_js_fini_1}") +
str(len(self.jsRealPaths)) +
Utils().getMyWord("{pares_js_fini_2}"))
domain = res.netloc
if ":" in domain:
domain = str(domain).replace(":", "_")
DownloadJs(self.jsRealPaths,
self.options).downloadJs(self.projectTag, domain, 0)
extJS = CommandLines().cmd().js
if extJS != None:
extJSs = extJS.split(',')
DownloadJs(extJSs,
self.options).downloadJs(self.projectTag, res.netloc, 0)
def RandomBanner():
# BannerList = [Banner1,Banner2,Banner3,Banner4]
if CommandLines().cmd().silent == None:
print(Banner7)
print("©2021 Poc-Sir、KpLi0rn、Liucy、RachesseHS、Lupin-III")
print("Project Hub: https://github.com/rtcatc/Packer-Fuzzer")
print(Utils().getMyWord("{xhlj}") + "\n")
def getMyWord(self, someWord):
lang = CommandLines().cmd().language
if lang:
localLang = lang
else:
localLang = locale.getdefaultlocale()[0][0:2]
try:
myWord = readConfig.ReadConfig().getLang(localLang,someWord)[0]
except:
myWord = readConfig.ReadConfig().getLang('en',someWord)[0] #默认英语
return myWord
def set_logger(self):
if not self.logger.handlers:
self.fh = logging.FileHandler(self.log_name, "w", encoding="utf-8")
self.fh.setLevel(logging.DEBUG)
self.chd = logging.StreamHandler()
if CommandLines().cmd().silent != None:
self.chd.setLevel(
logging.ERROR
) # 设置为notset,可以打印debug、info、warning、error、critical的日志级别
else: #静默模式不显示INFO
self.chd.setLevel(logging.INFO)
self.formatter = logging.Formatter(
"[%(levelname)s]--%(asctime)s-%(filename)s->%(funcName)s line:%(lineno)d: %(message)s\n"
)
self.formatter_info = logging.Formatter()
self.chd.setFormatter(self.formatter_info)
self.fh.setFormatter(self.formatter)
self.logger.addHandler(self.fh)
self.logger.addHandler(self.chd)
def baseUrlDevelop(self):
# print(", ".join(output)) 要改进压缩在一起并输入在log内
if CommandLines().cmd().baseurl == None:
if len(self.baseUrlPaths) > 3:
if self.options.silent != None:
self.baseUrlPaths = self.baseUrlPaths[:2]
else:
if len(self.baseUrlPaths) > 7:
self.baseUrlPaths = self.baseUrlPaths[:7]
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{base_dir_list}"))
print(", ".join(self.baseUrlPaths))
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{api_top5_list}"))
output = []
for api in self.apiPaths[:5]:
if "§§§" in api:
api = api.split("§§§")[0]
output.append(api)
else:
output.append(api)
print(", ".join(output))
baseurls = input("[!] " + Utils().getMyWord("{new_base_dir}"))
if "," in baseurls:
base = baseurls.split(",")
else:
base = baseurls
self.baseUrlPaths.clear() #直接清除重置
for baseurl in base:
if baseurl not in self.baseUrlPaths:
self.baseUrlPaths.append(baseurl)
elif len(self.baseUrlPaths) < 3:
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{base_dir_list}"))
print(", ".join(self.baseUrlPaths))
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{api_top5_list}"))
output = []
for api in self.apiPaths[:5]:
if "§§§" in api:
api = api.split("§§§")[0]
output.append(api)
else:
output.append(api)
print(", ".join(output))
def docxReplace(self, document):
cmd = CommandLines().cmd()
ipAddr = testProxy(cmd,0)
end_time = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
report_time = time.strftime("%Y-%m-%d %H:%M", time.localtime())
main_url = DatabaseType(self.projectTag).getURLfromDB()
parse_url = urlparse(main_url)
host = parse_url.netloc
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id from js_file"
cursor.execute(sql)
js_all_files = cursor.fetchall()
js_num = len(js_all_files)
sql = "select path from js_file"
cursor.execute(sql)
jsfilelist = cursor.fetchall()
js_paths=''
for js in jsfilelist:
jspath = "◆ " + js[0] + "\n"
js_paths = js_paths + jspath
sql ="select id from api_tree where success = 1 or success = 2"
cursor.execute(sql)
api_list = cursor.fetchall()
api_num = len(api_list)
vuln_infos = Docx_replace(self.projectTag).vuln_judge()
vuln_h_num = vuln_infos[1]
vuln_m_num = vuln_infos[2]
vuln_l_num = vuln_infos[3]
vuln_num = vuln_h_num + vuln_m_num + vuln_l_num
vuln_score = vuln_infos[0]
if vuln_score >= 18:
sec_lv = Utils().getMyWord("{risk_h}")
elif vuln_score < 18 and vuln_score >= 10:
sec_lv = Utils().getMyWord("{risk_m}")
elif vuln_score < 10 and vuln_score >= 5:
sec_lv = Utils().getMyWord("{risk_l}")
else:
sec_lv = Utils().getMyWord("{risk_n}")
sql = "select vaule from info where name='time'"
cursor.execute(sql)
time_in_info = cursor.fetchone()
timeArray = time.localtime(int(time_in_info[0]))
start_time = time.strftime("%Y-%m-%d %H:%M:%S", timeArray)
type = CommandLines().cmd().type
if type == "simple":
scan_type = Utils().getMyWord("{mode_simple}")
else:
scan_type = Utils().getMyWord("{mode_adv}")
scan_min = int(end_time.split(":")[-2]) - int(start_time.split(":")[-2])
if int(scan_min) >= 1:
end_time_one = int(end_time.split(":")[-1]) + int(scan_min) * 60
scan_time = int(end_time_one) - int(start_time.split(":")[-1])
else:
scan_time = int(end_time.split(":")[-1]) - int(start_time.split(":")[-1])
vuln_list = ''
sql = "select id from vuln where type='unAuth'"
cursor.execute(sql)
num_auth = cursor.fetchall()
if len(num_auth) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_unauth_num}") + str(len(num_auth)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='CORS'"
cursor.execute(sql)
num_cors = cursor.fetchall()
if len(num_cors) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_cors_num}") + str(len(num_cors)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='INFO'"
cursor.execute(sql)
num_info = cursor.fetchall()
if len(num_info) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_info_num}") + str(len(num_info)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='passWord'"
cursor.execute(sql)
num_passWord = cursor.fetchall()
if len(num_passWord) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_passWord_num}") + str(len(num_passWord)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='BAC'"
cursor.execute(sql)
num_BAC = cursor.fetchall()
if len(num_BAC) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_BAC_num}") + str(len(num_BAC)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='upLoad'"
cursor.execute(sql)
num_upload = cursor.fetchall()
if len(num_upload) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_upload_num}") + str(
len(num_upload)) + Utils().getMyWord(
"{ge}") + "\n"
sql = "select id from vuln where type='SQL'"
cursor.execute(sql)
num_sql = cursor.fetchall()
if len(num_sql) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_sql_num}") + str(
len(num_sql)) + Utils().getMyWord(
"{ge}") + "\n"
cookies = CommandLines().cmd().cookie
if cookies:
extra_cookies = cookies
else:
extra_cookies = Utils().getMyWord("{no_extra_cookies}")
head = CommandLines().cmd().head
if head != "Cache-Control:no-cache":
extra_head = head
else:
extra_head = Utils().getMyWord("{no_extra_head}")
try:
DICT = {
"{report_number}": "PF-API-" + self.projectTag,
"{report_date}": "%s" % (report_time),
"{target_host}": "%s" % (host),
"{target_url}": "%s" % (main_url),
"{js_num}": "%s" % (js_num),
"{start_time}": "%s" % (start_time),
"{scan_time}" :"%s" % (scan_time),
"{scan_type}": "%s" % (scan_type),
"{api_num}": "%s" % (api_num),
"{vuln_num}": "%s" % (vuln_num),
"{vuln_h_num}": "%s" % (vuln_h_num),
"{vuln_m_num}": "%s" % (vuln_m_num),
"{vuln_l_num}": "%s" % (vuln_l_num),
"{unauth_vuln}": "%s" % ("unauth_vuln"),
"{vuln_list}": "%s" % (vuln_list),
"{scan_ip}": "%s" % (ipAddr),
"{extra_cookies}": "%s" % (extra_cookies),
"{extra_head}": "%s" % (extra_head)
}
self.log.debug("word—report正常替换")
except Exception as e:
self.log.error("[Err] %s" % e)
for table in document.tables:
for row in range(len(table.rows)):
for col in range(len(table.columns)):
for key, value in DICT.items():
if key in table.cell(row, col).text:
table.cell(row, col).text = table.cell(row, col).text.replace(key, value)
for para in document.paragraphs:
for i in range(len(para.runs)):
for key, value in DICT.items():
if key in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace(key, value)
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{js_list}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{js_list}", "%s" % (js_paths))
para.runs[i].font.size = Pt(10)
para.runs[i].font.name = "Arial"
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{end_time}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{end_time}", "%s" % (end_time))
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{sec_lv}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{sec_lv}", "%s" % (sec_lv))
para.runs[i].font.size = Pt(14)
if sec_lv == Utils().getMyWord("{risk_n}"):
para.runs[i].font.color.rgb = RGBColor(139,137,137)
elif sec_lv == Utils().getMyWord("{risk_l}"):
para.runs[i].font.color.rgb = RGBColor(46, 139,87)
elif sec_lv == Utils().getMyWord("{risk_m}"):
para.runs[i].font.color.rgb = RGBColor(205, 55, 0)
elif sec_lv == Utils().getMyWord("{risk_h}"):
para.runs[i].font.color.rgb = RGBColor(238, 0, 0)
try:
Creat_vuln_detail(self.projectTag).creat_detail(document)
self.log.debug("正确获取vuln_detail替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
try:
Creat_api(self.projectTag).creat_api(document)
self.log.debug("正确获取api替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
try:
Creat_suggest(self.projectTag).creat_suggest(document)
self.log.debug("正确获取suggest替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
return document
# !/usr/bin/env python3
# -*- encoding: utf-8 -*-
from lib.Controller import Project
from lib.TestProxy import testProxy
from lib.common.banner import RandomBanner
from lib.common.cmdline import CommandLines
from lib.common.readConfig import ReadConfig
class Program():
def __init__(self, options):
self.options = options
def check(self):
url = self.options.url
t = Project(url, self.options)
t.parseStart()
if __name__ == '__main__':
cmd = CommandLines().cmd()
testProxy(cmd, 1)
tt = Program(cmd)
tt.check()