Ejemplo n.º 1
0
 def post(self, request):
     '''
     扫描配置
     '''
     conn = mongo.MongoConn()
     result = []
     dict_list = conn.db['Config'].find()
     for item in dict_list:
         if item and 'config' in item:
             dict = item['config']
             for conf in dict:
                 if conf.find('_') > 0:
                     item_type = "list"
                 else:
                     item_type = "word"
                 result.append({
                     "show": item_type,
                     "conftype": item['type'],
                     "type": conf,
                     "info": dict[conf]["info"],
                     "help": dict[conf]["help"],
                     "value": dict[conf]["value"]
                 })
     if result:
         result = sorted(result, key=lambda x: x["show"], reverse=True)
     return Response({"status": 200, "msg": u'成功', "data": result})
Ejemplo n.º 2
0
    def post(self, request):
        """
        重新执行任务
        """

        tid = request.data.get('taskid', '')
        conn = mongo.MongoConn()
        task = conn.db['Task'].find_one({'_id': ObjectId(tid)})

        # 一次性任务,并且已经扫描完成
        if task and task['plan'] == 0 and task['status'] == 2:
            # 修改扫描状态
            result = conn.db['Task'].update({'_id': ObjectId(tid)},
                                            {'$set': {
                                                'status': 0
                                            }})
            if result:
                return Response({"status": 200, "msg": u'执行成功', "data": {}})
            else:
                return Response({
                    "status": 500,
                    "msg": u"执行失败!",
                    "error": u"执行失败!"
                })
        else:
            return Response({
                "status": 500,
                "msg": u"执行失败!",
                "error": u"执行失败!"
            })
Ejemplo n.º 3
0
 def post(self, request):
     """
     插件类型列表
     """
     conn = mongo.MongoConn()
     cursor = conn.db['Plugin'].find().distinct('type')
     result = []
     for item in cursor:
         result.append(item)
     context = {"status": 200, "msg": u'查询成功', "data": result}
     return Response(context)
Ejemplo n.º 4
0
 def delete(self, request, id=None):
     '''
     删除任务
     '''
     conn = mongo.MongoConn()
     if id:
         result = conn.db['Task'].delete_one({'_id': ObjectId(id)})
         if result.deleted_count > 0:
             result = conn.db['Result'].delete_many(
                 {'task_id': ObjectId(id)})
             return Response({"status": 200, "msg": u'删除成功', "data": {}})
     return Response({"status": 500, "msg": u"执行失败!", "error": u"执行失败!"})
Ejemplo n.º 5
0
    def post(self, request):
        '''
        添加任务
        '''
        title = request.data.get('title', '')
        plugin = request.data.get('plugin', '')
        condition = unquote(request.data.get('condition', ''))
        plan = request.data.get('plan', 0)
        ids = request.data.get('ids', '')
        isupdate = request.data.get('isupdate', '0')

        conn = mongo.MongoConn()
        if plugin:
            targets = []
            # 当前页结果选择
            for i in ids.split(','):
                tar = [i.split(':')[0], int(i.split(':')[1])]
                targets.append(tar)
            temp_result = True
            for p in plugin.split(','):
                query = querylogic(condition.strip().split(';'))
                item = {
                    'status': 0,
                    'title': title,
                    'plugin': p,
                    'condition': condition,
                    'time': datetime.now(),
                    'target': targets,
                    'plan': int(plan),
                    'isupdate': int(isupdate),
                    'query': dumps(query)
                }
                insert_reuslt = conn.db['Task'].insert(item)
                if not insert_reuslt:
                    temp_result = False
            if temp_result:
                return Response({"status": 200, "msg": u'添加成功', "data": {}})
            else:
                return Response({
                    "status": 500,
                    "msg": u"执行失败!",
                    "error": u"执行失败!"
                })
        else:
            return Response({
                "status": 500,
                "msg": u"执行失败!",
                "error": u"执行失败!"
            })
Ejemplo n.º 6
0
    def get(self, request):
        '''
        根据类型和危害等级查询插件
        '''
        type = request.query_params.get('type', '')
        risk = request.query_params.get('risk', '')
        query = {}
        if type:
            query['type'] = type
        if risk:
            query['level'] = risk
        conn = mongo.MongoConn()

        cursor = conn.db['Plugin'].find(query)
        result = []
        for item in cursor:
            result.append({'name': item['name'], 'info': item['info']})
        context = {"status": 200, "msg": u'查询成功', "data": result}
        return Response(context)
Ejemplo n.º 7
0
 def post(self, request):
     length = request.data.get("number", 10)
     start = request.data.get("start", 0)
     conn = mongo.MongoConn()
     cursor = conn.db['Plugin'].find().sort('add_time',
                                            -1).limit(length).skip(start)
     count = cursor.count()
     result = []
     for item in cursor:
         item['_id'] = str(item['_id'])
         result.append(item)
     context = {
         'draw': 0,
         'recordsTotal': count,
         'recordsFiltered': count,
         'data': result,
         'result': 'ok'
     }
     return Response(context)
Ejemplo n.º 8
0
    def post(self, request):
        '''
        修改配置
        '''
        conftype = request.data.get("conftype", '')
        type = request.data.get('type', '')
        value = request.data.get('value', '')

        if type and value and conftype:
            conn = mongo.MongoConn()
            if type == 'Masscan' or type == 'Port_list':
                origin_value = conn.db['Config'].find_one(
                    {'type': 'nascan'})["config"][type]["value"]
                value = str(origin_value.split('|')[0]) + '|' + str(value)
            elif type == 'Port_list':
                origin_value = conn.db['Config'].find_one(
                    {'type': 'nascan'})["config"]['Port_list']["value"]
                value = value + '|' + origin_value.split('|')[1]
            elif type == 'Masscan':
                path = conn.db['Config'].find_one(
                    {'type': 'nascan'})["config"]["Masscan"]["value"]
                if len(path.split('|')) == 3:
                    path = path.split('|')[1] + "|" + path.split('|')[2]
                else:
                    path = path.split('|')[1]
                if value == '1':
                    value = '1|' + path
                else:
                    value = '0|' + path
            result = conn.db['Config'].update(
                {"type": conftype},
                {'$set': {
                    'config.' + type + '.value': value
                }})
            return Response({"status": 200, "msg": u'成功', "data": {}})
        else:
            return Response({
                "status": 500,
                "msg": u"修改失败!",
                "error": u"修改失败!"
            })
Ejemplo n.º 9
0
 def post(self, request):
     '''
     任务列表
     '''
     length = request.data.get("number", 10)
     start = request.data.get("start", 0)
     conn = mongo.MongoConn()
     cursor = conn.db['Task'].find().sort('time',
                                          -1).limit(length).skip(start)
     count = cursor.count()
     result = []
     for item in cursor:
         item['_id'] = str(item['_id'])
         item['time'] = datetime.strftime(item['time'], '%Y-%m-%d %H:%M:%S')
         result.append(item)
     context = {
         'draw': 0,
         'recordsTotal': count,
         'recordsFiltered': count,
         'data': result,
         'result': 'ok'
     }
     return Response(context)
Ejemplo n.º 10
0
 def post(self, request):
     """
     搜索
     """
     length = request.data.get("number", 10)
     start = request.data.get("start", 0)
     search = request.data.get("search[value]", '')
     result = []
     conn = mongo.MongoConn()
     query = querylogic(search.strip().split(';'))
     cursor = conn.db['Info'].find(query).sort('time', -1).limit(length).skip(start)
     count = cursor.count()
     for item in cursor:
         item['_id'] = str(item['_id'])
         item['time'] = datetime.strftime(item['time'], '%Y-%m-%d %H:%M:%S')
         result.append(item)
     context = {
         'draw': 0,
         'recordsTotal': count,
         'recordsFiltered': count,
         'data': result,
         'result': 'ok'
     }
     return Response(context)
Ejemplo n.º 11
0
    def post(self, request):
        '''
        任务结果列表
        '''
        taskid = request.data.get("search[value]", 0)
        taskdate = request.data.get('taskdate', "")

        length = request.data.get("number", 10)
        start = request.data.get("start", 0)
        conn = mongo.MongoConn()

        result_list = []
        vulcount = 0
        lastscan = []
        if taskid:
            lastscan = conn.db["Result"].distinct(
                'task_date', {'task_id': ObjectId(taskid)})
        if len(lastscan) > 0:
            lastscan.sort(reverse=True)
            if taskdate:  # 根据扫描批次查看结果
                cursor = conn.db['Result'].find({
                    'task_id':
                    ObjectId(id),
                    'task_date':
                    datetime.strptime(taskdate, "%Y-%m-%d %H:%M:%S.%f")
                }).sort('time', -1).limit(length).skip(start)
            else:  # 查看最新批次结果
                cursor = conn.db['Result'].find({
                    'task_id': ObjectId(taskid),
                    'task_date': lastscan[0]
                }).sort('time', -1).limit(length).skip(start)
            vulcount = cursor.count()
            for item in cursor:
                result_list.append({
                    'ip':
                    item['ip'],
                    'port':
                    item['port'],
                    'info':
                    item['info'],
                    'vul_level':
                    item['vul_info']['vul_level'],
                    'time':
                    datetime.strftime(item['time'], '%Y-%m-%d %H:%M:%S')
                })

            # 速度优化,数据量多采取不同的方式查询
            if len(result_list) > 100:
                ip_hostname = {}
                hostname = conn.db['Info'].aggregate([{
                    '$match': {
                        'hostname': {
                            '$ne': None
                        }
                    }
                }, {
                    '$project': {
                        '_id': 0,
                        'ip': 1,
                        'hostname': 1
                    }
                }])
                for _ in hostname:
                    if 'hostname' in hostname:
                        ip_hostname[_["ip"]] = _["hostname"]
                for _ in result_list:
                    if 'ip' in ip_hostname:
                        _['hostname'] = ip_hostname[_["ip"]]
                    else:
                        _['hostname'] = ''
            else:
                for _ in result_list:
                    hostname = conn.db['Info'].find_one({'ip': _['ip']})
                    if hostname and 'hostname' in hostname:
                        _['hostname'] = hostname['hostname']
                    else:
                        _['hostname'] = ''

        context = {
            'draw': 0,
            'recordsTotal': vulcount,
            'recordsFiltered': vulcount,
            'data': result_list,
            'result': 'ok'
        }
        return Response(context)