def parse_nmap_report(nmap_stdout, taskid=None):
try:
# 处理结果并写入后台数据库
nmap_report = NmapParser.parse(nmap_stdout)
# 声明后台对应的ORM数据库处理模型
my_services_backend = BackendPluginFactory.create(plugin_name='backend_service', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
my_hosts_backend = BackendPluginFactory.create(plugin_name='backend_host', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
# 开始处理扫描结果
for host in nmap_report.hosts:
# print("Nmap scan : {0}".format(host.address))
host.taskid = taskid
# 处理主机开放的服务和端口
for serv in host.services:
serv.address = host.address
serv.taskid = taskid
serv.endtime = host.endtime
if serv.state in global_log_states:
print host.address,serv.get_dict()
port_dispath.delay(host.address,base64.b64encode(json.dumps(serv.get_dict())),str(taskid))
#do_port_notify(host.address,serv.get_dict(),taskid)
#portDispath(host.address,serv.get_dict(),taskid)
serv.save(my_services_backend)
host.save(my_hosts_backend)
#todo callback
return 'Scan finished'
except Exception, e:
# 处理报表出错,返回错误结果
return e
def parse_nmap_report(nmap_stdout, taskid=None):
try:
# 处理结果并写入后台数据库
nmap_report = NmapParser.parse(nmap_stdout)
# 声明后台对应的ORM数据库处理模型
my_services_backend = BackendPluginFactory.create(plugin_name='backend_service', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
my_hosts_backend = BackendPluginFactory.create(plugin_name='backend_host', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
# 开始处理扫描结果
for host in nmap_report.hosts:
# print("Nmap scan : {0}".format(host.address))
host.taskid = taskid
# 处理主机开放的服务和端口
for serv in host.services:
serv.address = host.address
serv.taskid = taskid
serv.endtime = host.endtime
if serv.state in global_log_states:
serv.save(my_services_backend)
host.save(my_hosts_backend)
return '* Scan finished'
except Exception, e:
# 处理报表出错,返回错误结果
return e
def parse_nmap_report(nmap_stdout, taskid=None):
try:
# 处理结果并写入后台数据库
nmap_report = NmapParser.parse(nmap_stdout)
# 声明后台对应的ORM数据库处理模型
#t1 = BackendPluginFactory.create(plugin_name='mongodb', dbname='wyportmap', store='test',host='127.0.0.1',port=27017)
my_services_backend = BackendPluginFactory.create(plugin_name='backend_service_mongo', dbname='virustotal',
store='nmapscan_ports',host='127.0.0.1',port=27017)
my_hosts_backend = BackendPluginFactory.create(plugin_name='backend_host_mongo', dbname='virustotal',
store='nmapscan_ip', host='127.0.0.1', port=27017)
# 开始处理扫描结果
for host in nmap_report.hosts:
# print("Nmap scan : {0}".format(host.address))
host.taskid = taskid
# open_ports = host.get_open_ports()
# print str(open_ports)
# 处理主机开放的服务和端口l
for serv in host.services:
serv.address = host.address
serv.taskid = taskid
serv.endtime = host.endtime
if serv.state in global_log_states:
serv.save(my_services_backend)
host.save(my_hosts_backend)
return '* Scan finished'
except Exception, e:
# 处理报表出错,返回错误结果
return e
def parse_nmap_report(nmap_stdout, taskid=None):
try:
# 处理结果并写入后台数据库
nmap_report = NmapParser.parse(nmap_stdout)
# 声明后台对应的ORM数据库处理模型
my_services_backend = BackendPluginFactory.create(plugin_name='backend_service', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
my_hosts_backend = BackendPluginFactory.create(plugin_name='backend_host', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
# 开始处理扫描结果
for host in nmap_report.hosts:
# print("Nmap scan : {0}".format(host.address))
host.taskid = taskid
# 处理主机开放的服务和端口
for serv in host.services:
serv.address = host.address
serv.taskid = taskid
serv.endtime = host.endtime
if serv.state in global_log_states:
serv.save(my_services_backend)
host.save(my_hosts_backend)
return '* Scan finished'
except Exception as e:
# 处理报表出错,返回错误结果
return e
def mongo_test_factory(self):
"""Invoke factory and test that the object is of the right classes"""
#create the backend factory object
factory = BackendPluginFactory()
mongodb = factory.create(plugin_name="mongodb")
self.assertEqual(isinstance(mongodb, NmapBackendPlugin), True)
self.assertEqual(isinstance(mongodb, NmapMongoPlugin), True)
self.assertEqual(isinstance(mongodb, NmapSqlitePlugin), False)
def mongo_test_factory(self):
"""Invoke factory and test that the object is of the right classes"""
#create the backend factory object
factory = BackendPluginFactory()
mongodb = factory.create(plugin_name="mongodb")
self.assertEqual(isinstance(mongodb, NmapBackendPlugin), True)
self.assertEqual(isinstance(mongodb, NmapMongoPlugin), True)
self.assertEqual(isinstance(mongodb, NmapSqlitePlugin), False)
def mongo_test_insert(self):
""""best way to insert is to call save() of nmapreport"""
for testfile in self.flist:
fd = open(testfile['file'], 'r')
s = fd.read()
fd.close()
nr = NmapParser.parse(s)
#create the backend factory object
factory = BackendPluginFactory()
mongodb = factory.create(plugin_name="mongodb")
self.assertNotEqual(nr.save(mongodb),None)
def mongo_test_insert(self):
""""best way to insert is to call save() of nmapreport"""
for testfile in self.flist:
fd = open(testfile['file'], 'r')
s = fd.read()
fd.close()
nr = NmapParser.parse(s)
#create the backend factory object
factory = BackendPluginFactory()
mongodb = factory.create(plugin_name="mongodb")
self.assertNotEqual(nr.save(mongodb), None)
def sqliCheck(request, platform=None):
reqObj = Req(request)
#method filiter
if reqObj.method != "GET" and reqObj.method != "POST":
return None
#后缀删除
ext = getExtByUri(reqObj.uri)
if ext in ["gif", "js", "jpg", "css", "png", "ico"]:
return None
#无参数 filter
if reqObj.method != "POST" and len(reqObj.url.split('=')) == 1:
return None
my_services_backend = BackendPluginFactory.create(
plugin_name='backend_permission',
url=global_dbcoon,
echo=False,
encoding='utf-8',
pool_timeout=3600)
reqFile = req2file(reqObj.hash, request)
notify = global_notify + reqFile + "\'"
cmd = global_sqlmap + " -r " + reqFile + global_options + notify
print cmd
outPut = os.popen(cmd)
return outPut.read()
def write_result(self, nm_report):
"""
Writes nmap input report (JSON) to db as BLOB
:param id: input report of type NmapObject
:return: None
"""
report_db = BackendPluginFactory.create(plugin_name='sql', url=self.db_string)
nm_report.save(report_db)
def parse_nmap_report(nmap_stdout, taskid=None):
try:
# 处理结果并写入后台数据库
nmap_report = NmapParser.parse(nmap_stdout)
# 声明后台对应的ORM数据库处理模型
my_services_backend = BackendPluginFactory.create(
plugin_name='backend_service',
url=global_dbcoon,
echo=False,
encoding='utf-8',
pool_timeout=3600)
my_hosts_backend = BackendPluginFactory.create(
plugin_name='backend_host',
url=global_dbcoon,
echo=False,
encoding='utf-8',
pool_timeout=3600)
# 开始处理扫描结果
for host in nmap_report.hosts:
# print("Nmap scan : {0}".format(host.address))
host.taskid = taskid
# 处理主机开放的服务和端口
for serv in host.services:
serv.address = host.address
serv.taskid = taskid
serv.endtime = host.endtime
if serv.state in global_log_states:
print host.address, serv.get_dict()
port_dispath.delay(
host.address,
base64.b64encode(json.dumps(serv.get_dict())),
str(taskid))
#do_port_notify(host.address,serv.get_dict(),taskid)
#portDispath(host.address,serv.get_dict(),taskid)
serv.save(my_services_backend)
host.save(my_hosts_backend)
#todo callback
return 'Scan finished'
except Exception, e:
# 处理报表出错,返回错误结果
return e
def test_backend_factory(self):
""" test_factory BackendPluginFactory.create(**url)
Invoke factory and test that the object is of the right classes
"""
for url in self.urls:
backend = BackendPluginFactory.create(**url)
self.assertEqual(isinstance(backend, NmapBackendPlugin), True)
className = "Nmap%sPlugin" % url['plugin_name'].title()
self.assertEqual(backend.__class__.__name__, className, True)
def test_backend_factory(self):
""" test_factory BackendPluginFactory.create(**url)
Invoke factory and test that the object is of the right classes
"""
for url in self.urls:
backend = BackendPluginFactory.create(**url)
self.assertEqual(isinstance(backend, NmapBackendPlugin), True)
className = "Nmap%sPlugin" % url['plugin_name'].title()
self.assertEqual(backend.__class__.__name__, className, True)
def test_backend_insert(self):
""" test_insert
best way to insert is to call save() of nmapreport :P
"""
for nrp in self.reportList:
for url in self.urls:
#create the backend factory object
backend = BackendPluginFactory.create(**url)
#save the report
returncode = nrp.save(backend)
#test return code
self.assertNotEqual(returncode, None)
def test_backend_insert(self):
""" test_insert
best way to insert is to call save() of nmapreport :P
"""
for nrp in self.reportList:
for url in self.urls:
#create the backend factory object
backend = BackendPluginFactory.create(**url)
#save the report
returncode = nrp.save(backend)
#test return code
self.assertNotEqual(returncode, None)
def get_report(self, report_id, raw_data=False):
"""
returs nmap report from DB, converts JSON to dictionary string
:param id: report id
:return:
if raw_data == False: nmap report
if raw_data == True: raw nmap report
"""
report_db = BackendPluginFactory.create(plugin_name='sql', url=self.db_string)
rep = report_db.get(report_id)
if raw_data:
rep = rep.get_raw_data()
return rep
def get_all_reports(self, raw_data=False):
"""
returs ALL nmap report from DB, converts JSON to dictionary string
:return:
if raw_data == False: all_reports list
if raw_data == True: dict {report ID : raw nmap report}
"""
raw_list = {}
report_db = BackendPluginFactory.create(plugin_name='sql', url=self.db_string)
all_reports = report_db.getall()
if raw_data == True:
for n in all_reports:
raw_list[int(n[0])] = n[1].get_raw_data()
return raw_list
return all_reports
def test_backend_delete(self):
""" test_backend_delete
inset all report and save the returned id in a list
for each id remove the item and test if not present
"""
id_list = []
result_list = []
for url in self.urls:
backend = BackendPluginFactory.create(**url)
for nrp in self.reportList:
id_list.append(nrp.save(backend))
for rep_id in id_list:
result_list.append(backend.delete(rep_id))
self.assertEqual(backend.get(rep_id), None)
id_list = []
result_list = []
def test_backend_delete(self):
""" test_backend_delete
inset all report and save the returned id in a list
for each id remove the item and test if not present
"""
id_list = []
result_list = []
for url in self.urls:
backend = BackendPluginFactory.create(**url)
for nrp in self.reportList:
id_list.append(nrp.save(backend))
for rep_id in id_list:
result_list.append(backend.delete(rep_id))
self.assertEqual(backend.get(rep_id), None)
id_list = []
result_list = []
def get_all_reports(cls):
"""This classmethod gets a list of all NmapReport.
This is done using the libnmap SQL Plugin.
Args:
cls (cls): The class itself (not an instance)
Returns:
List of NmapReport object
"""
dbp = BackendPluginFactory.create(plugin_name='sql',
url=app.config["LIBNMAP_DB_URI"],
echo=False)
return dbp.getall()
def get_report(cls, report_id):
"""This classmethod gets one NmapReport by report_id.
This is done using the libnmap SQL Plugin.
Args:
cls (cls): The class itself (not an instance)
report_id (int): report_id
Returns:
NmapReport object
"""
dbp = BackendPluginFactory.create(plugin_name='sql',
url=app.config["LIBNMAP_DB_URI"],
echo=False)
return dbp.get(report_id=report_id)
def test_backend_get(self):
"""test_backend_get
inset all report and save the returned id in a list
then get each id and create a new list of report
compare each report (assume eq)
"""
id_list = []
result_list = []
for url in self.urls:
backend = BackendPluginFactory.create(**url)
for nrp in self.reportList:
id_list.append(nrp.save(backend))
for rep_id in id_list:
result_list.append(backend.get(rep_id))
self.assertEqual(len(result_list), len(self.reportList))
self.assertEqual((result_list), (self.reportList))
id_list = []
result_list = []
def test_backend_get(self):
""" test_backend_get
inset all report and save the returned id in a list
then get each id and create a new list of report
compare each report (assume eq)
"""
id_list = []
result_list = []
for url in self.urls:
backend = BackendPluginFactory.create(**url)
for nrp in self.reportList:
id_list.append(nrp.save(backend))
for rep_id in id_list:
result_list.append(backend.get(rep_id))
#print result_list[0]
#print self.reportList[0]
self.assertEqual(len(result_list), len(self.reportList))
self.assertEqual((result_list), (self.reportList))
id_list = []
result_list = []
def sqliCheck(request, platform = None):
reqObj = Req(request)
#method filiter
if reqObj.method != "GET" and reqObj.method != "POST":
return None
#后缀删除
ext = getExtByUri(reqObj.uri)
if ext in ["gif","js","jpg","css","png","ico"]:
return None
#无参数 filter
if reqObj.method != "POST" and len(reqObj.url.split('=')) == 1:
return None
my_services_backend = BackendPluginFactory.create(plugin_name='backend_permission', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
reqFile = req2file(reqObj.hash,request)
notify = global_notify + reqFile + "\'"
cmd = global_sqlmap+ " -r "+reqFile + global_options + notify
print cmd
outPut = os.popen(cmd)
return outPut.read()
return fileName
if __name__ == "__main__":
if len(sys.argv) == 2:
argv1 = base64.b64decode(sys.argv[1])
print sqliCheck(argv1)
elif len(sys.argv) == 3:
fh = open(sys.argv[2], 'rb')
try:
data = fh.read()
finally:
fh.close()
my_services_backend = BackendPluginFactory.create(
plugin_name='backend_permission',
url=global_dbcoon,
echo=False,
encoding='utf-8',
pool_timeout=3600)
reqObj = Req(data)
target = reqObj.host
vul_type = global_flag
vul_detail = "SQLi Vul:\n" + data
my_services_backend.add(target, vul_type, vul_detail)
#print "VUL" if permissionCheck(reqStr) else "SAFE"
sys.exit(0)
else:
print("usage: %s base64(request)" % sys.argv[0])
sys.exit(-1)
fh.close()
return fileName
if __name__ == "__main__":
if len(sys.argv) == 2:
argv1 = base64.b64decode(sys.argv[1])
print sqliCheck(argv1)
elif len(sys.argv) == 3:
fh = open(sys.argv[2],'rb')
try:
data = fh.read( )
finally:
fh.close( )
my_services_backend = BackendPluginFactory.create(plugin_name='backend_permission', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600)
reqObj = Req(data)
target = reqObj.host
vul_type = global_flag
vul_detail ="SQLi Vul:\n"+data
my_services_backend.add(target,vul_type,vul_detail)
#print "VUL" if permissionCheck(reqStr) else "SAFE"
sys.exit(0)
else:
print ("usage: %s base64(request)" % sys.argv[0])
sys.exit(-1)
def save_report(self, task_id=None):
"""This method stores the NmapReportMeta and NmapReport to db
Call this method right after the Celery Task is finished.
It will
* get a NmapTask object (by the task_id) from db
* update the NmapTask completed field in the db to 1
* get a NmapReport object (created from AsyncResult)
* save that NmapReport to db table "reports"
* save the newly create NmapReportMeta object to db
Args:
task_id (str): The task_id as a string (e.g faef323-afec3-a...)
Returns:
True or False
Raises:
Examples:
"""
try:
_nmap_task = NmapTask.get_by_task_id(task_id=task_id)
except:
return False
if _nmap_task is None:
return True
# mark nmap_task as done in table
_nmap_task.completed = 1
db.session.commit()
_report = SubNmapReport.get_report_from_async_result(task_id=task_id)
# save Meta information of Report
self.task_task_id = _nmap_task.task_id
self.task_comment = _nmap_task.comment
self.task_created = _nmap_task.created
self.task_user_id = _nmap_task.user_id
self.report_stored = datetime.datetime.utcnow()
try:
dbp = BackendPluginFactory.create(plugin_name="sql",
url=app.config["LIBNMAP_DB_URI"],
echo=False)
_id = _report.save(dbp)
self.report_id = _id
# call Address.discover which discovers and stores addresses
r = Address.discover_from_report(report_id=_id)
# save new NmapReportMeta instance to db
db.session.add(self)
db.session.commit()
return True
except Exception as e:
print e
return False