def get(self, *args, **kwargs):
result_dict = {
'success': 1
}
try:
target_domain = self.get_argument('domain', '')
# 上次查询的 id
since = int(self.get_argument('since', 0))
limit = int(self.get_argument('limit', 10))
limit = 30 if limit > 30 else limit
rs = db.query('SELECT `id` FROM `system_domain` WHERE `domain` = %s', target_domain)
if len(rs) == 0:
logging.debug('没有该域名')
raise Exception('no such domain')
domain_id = rs[0]['id']
logging.debug('domain_id: %s' % domain_id)
sub_domains = db.query('''
SELECT
`subdomain`, `ip`, `last_commit_time`, `origin`, `location`
FROM
`system_subdomain_result`
WHERE
`domain_id` = %s
ORDER BY
`last_commit_time`
LIMIT
%s, %s
''', domain_id, since, limit)
if len(sub_domains) > 0:
for per_domain in sub_domains:
per_domain['last_commit_time'] = per_domain['last_commit_time'].strftime('%y-%m-%d %H:%M:%S')
origin = per_domain['origin']
if origin == 'api':
per_domain['origin'] = '接口'
elif origin == 'https':
per_domain['origin'] = '证书'
elif origin == 'brute':
per_domain['origin'] = '爆破'
elif origin == 'page':
per_domain['origin'] = '页面'
else:
per_domain['origin'] = '未知'
logging.debug('domain_id: %s' % str(sub_domains))
result_dict['sub_domains'] = list(sub_domains)
else:
result_dict['sub_domains'] = list()
# 获取任务状态
task_state = get_task_state(target_domain)
result_dict['task_state'] = task_state
result_dict['is_brute'] = is_bruting(target_domain)
except Exception as e:
logging.error(traceback.format_exc())
logging.error('Caught an error: %s' % str(e))
result_dict['success'] = 0
self.write(json.dumps(result_dict))
def get_task_state(task_target):
"""返回任务状态:
-1: 不存在该任务
0: 该任务正在排队
1: 已取出, 正在运行
2: 已完成
"""
task_state = -1
try:
rs = db.query(
'''
SELECT
`state`
FROM
`system_task_records`
WHERE
`system_task_records`.`keywords` = %s
ORDER BY
`create_time`
DESC
''', task_target)
if len(rs) > 0:
task_state = int(rs[0]['state'])
except Exception as e:
logging.error('取任务状态失败.')
logging.error(traceback.format_exc())
logging.error(str(e))
return task_state
def get(self, *args, **kwargs):
target_domain = self.get_argument('domain', None)
result_json = {'success': 0}
if target_domain:
target_domain = misc.parse_domain_simple(target_domain)
if misc.is_valid_domain(target_domain):
sql = '''
SELECT
`domain_whois`
FROM
`system_domain`
WHERE
`domain` = %s
'''
try:
rs = db.query(sql, target_domain)
rr = rs[0]['domain_whois']
result_json['whois'] = json.loads(rr) if rr else {}
result_json['domain'] = target_domain
result_json['success'] = 1
except Exception as e:
logging.error('从数据库查询 whois 信息失败.')
logging.error(traceback.format_exc())
logging.error(str(e))
else:
logging.debug('获取 whois 失败, 输入域名不合法.')
else:
logging.debug('查询 whois 失败, 没有输入域名.')
self.write(json.dumps(result_json))
def get_task_id(keywords):
try:
rs = db.query(
"SELECT `id` FROM `system_task_records` WHERE `keywords` = %s ORDER BY `create_time` DESC LIMIT 1",
keywords)
return rs[0]['id']
except Exception as e:
logging.error(e)
return -1
def get(self, *args, **kwargs):
self.add_header('Cache-Control', 'no-cache')
current_user = self.get_secure_cookie(pre_system + 'username')
if not current_user:
self.redirect('/search')
elif current_user and current_user != 'root':
logging.error('not root')
self.redirect('/login')
return
sql = 'SELECT `avatar` FROM `system_admin_user` WHERE `username` = %s'
rs = db.query(sql, current_user)[0]['avatar']
logging.info(rs)
if rs.strip():
filename = rs
else:
filename = next_uuid()
logging.info(filename)
filename_url = 'static/img/avatar/{0}.png'.format(filename)
if not os.path.exists(filename_url):
if img_create(filename):
sql = '''
UPDATE `subdomain`.`system_admin_user` SET `avatar`=%s WHERE username=%s;
'''
rs = db.execute(sql, filename, current_user)
if rs:
pass
else:
filename = 'icon'
users = db.query('''
SELECT
`id`, `username`, `create_time`, `lastlogin_time`, `login_ip`, `comment`
FROM
`system_admin_user`
WHERE
`group_id` = 2
''')
self.render('user_manage.html', avatar=filename, username=current_user, users=users)
def try_restart_task(keywords):
rs = db.query(
"SELECT `id`, `state`, `finish_time` FROM `system_task_records` WHERE `keywords` = %s ORDER BY `create_time` DESC LIMIT 1",
keywords)
logging.info(rs)
if len(rs):
target_task_info = rs[0]
logging.info('type: {}, {}'.format(
type(target_task_info['finish_time']),
target_task_info['finish_time']))
if datetime.datetime.now(
) - target_task_info['finish_time'] > datetime.timedelta(minutes=5):
logging.error('超过阈值,重启任务')
push_task(keywords)
def get(self, *args, **kwargs):
# 检查用户是否登录
cookie_username = self.get_secure_cookie(pre_system + 'username')
if not cookie_username:
self.redirect('/login')
return
try:
rs = db.query('''
SELECT
`avatar`
FROM
`system_admin_user`
WHERE
`username` = %s
''', cookie_username)
avatar = rs[0]['avatar']
except Exception:
avatar = ''
# 取参数
target_domain = self.get_argument('content', '')
https = str2bool(self.get_argument('https', 'false'))
searchEngine = str2bool(self.get_argument('searchEngine', 'false'))
domain = str2bool(self.get_argument('domain', 'false'))
dictionary = str2bool(self.get_argument('dictionary', 'false'))
# 处理域名
target_domain = parse_domain_simple(target_domain)
logging.debug('target domain is: ' + target_domain)
if not is_valid_domain(target_domain):
# self.redirect('/home?error=1&msg=1')
self.render('home.html')
return
# 查询任务是否存在
task_state = get_task_state(target_domain)
# 如果任务不存在, 则创建任务
if -1 == task_state:
logging.debug('任务不存在, 创建任务.')
push_task(target_domain, dictionary)
logging.debug('创建任务 over.')
elif 0 == task_state:
logging.debug('正在排队')
elif 1 == task_state:
logging.debug('正在运行')
elif 2 == task_state:
logging.debug('已经结束')
self.render('result.html', avatar=avatar, username=cookie_username)
def get_task_id(keywords):
task_id = -1
try:
rs = db.query('''
SELECT
`id`
FROM
`system_task_records`
WHERE
`keywords` = %s
ORDER BY
`create_time`
DESC
''', keywords)
if len(rs) > 0:
task_id = int(rs[0]['id'])
except Exception as e:
logging.error('取任务状态 id 失败.')
logging.error(traceback.format_exc())
logging.error(str(e))
return task_id
def post(self, *args, **kwargs):
result_json = {'success': 0}
current_user = self.get_secure_cookie(pre_system + 'username')
if current_user != 'root':
logging.error('not root')
self.finish(result_json)
return
username = self.get_argument('username', None)
password = self.get_argument('password', None)
comment = self.get_argument('comment', '')
group_id = 2
if not(username and password):
self.finish(result_json)
return
sql = '''
INSERT INTO
`system_admin_user` (`group_id`, `username`, `password`, `create_time`, `lastlogin_time`, `comment`)
VALUES
(%s, %s, md5(%s), %s, %s, %s);
'''
try:
current_time = now()
last_login_time = original_time()
effected_row = db.update(sql, group_id, username, password, current_time, last_login_time, comment)
result_json['success'] = 1
user_data = db.query('SELECT `id`, `group_id`, `username`, `create_time`, `lastlogin_time`, `login_ip`, `comment` FROM `system_admin_user` WHERE `username` = %s', username)[0]
user_data['create_time'] = user_data['create_time'].strftime('%Y-%m-%d %H:%M:%S')
user_data['lastlogin_time'] = user_data['lastlogin_time'].strftime('%Y-%m-%d %H:%M:%S')
result_json['data'] = user_data
except Exception as e:
logging.error(traceback.format_exc())
logging.error(e.message)
self.write(result_json)
def get(self, *args, **kwargs):
target_ip = self.get_argument('target')
task_state = get_task_state(target_ip)
# 如果任务不存在, 则创建任务
if -1 == task_state:
logging.debug('任务不存在, 创建任务.')
push_task(target_ip)
logging.debug('创建任务 over.')
elif 0 == task_state:
logging.debug('正在排队')
elif 1 == task_state:
logging.debug('正在运行')
elif 2 == task_state:
logging.debug('已经结束')
try_restart_task(target_ip)
reverse_ip_data_list = []
try:
param_start = target_ip if '*' != target_ip[
-1:] else target_ip[:-1] + '1'
param_end = target_ip if '*' != target_ip[
-1:] else target_ip[:-1] + '254'
logging.info('param_start: ' + param_start)
logging.info('param_end: ' + param_end)
rs = db.query(
'''
SELECT
`d`.`domain`, inet_ntoa(`i`.`ip`) as 'ip', `di`.`url`, `di`.`title`, `di`.`create_time`, `di`.`update_time`
FROM
`system_domains` `d`, `system_domain_and_ip` `di`, `system_ips` `i`
WHERE
`d`.id = `di`.`domain_id`
AND `i`.`id` = `di`.`ip_id`
AND `i`.`ip` >= inet_aton(%s)
AND `i`.`ip` <= inet_aton(%s)
ORDER BY
`i`.`ip`
''', param_start, param_end)
reverse_ip_data = {}
# for i in rs:
# logging.info(i['ip'])
# if not reverse_ip_data.get(i['ip']):
# reverse_ip_data[i['ip']] = []
# reverse_ip_data[i['ip']].append({
# 'create_time': i['create_time'],
# 'update_time': i['update_time'],
# 'url': i['url'],
# 'title': i['title'],
# 'domain': i['domain']
# })
# for i in reverse_ip_data.keys():
# reverse_ip_data_list.append({
# 'ip': i,
# 'data': reverse_ip_data[i]
# })
for i in rs:
flag_has = False
for j in reverse_ip_data_list:
if j['ip'] == i['ip']:
flag_has = True
j['data'].append({
'create_time': i['create_time'],
'update_time': i['update_time'],
'url': i['url'],
'title': i['title'],
'domain': i['domain']
})
if not flag_has:
reverse_ip_data_list.append({
'ip':
i['ip'],
'data': [{
'create_time': i['create_time'],
'update_time': i['update_time'],
'url': i['url'],
'title': i['title'],
'domain': i['domain']
}]
})
logging.info(reverse_ip_data_list)
except Exception as e:
logging.error(traceback.format_exc())
logging.error(e)
self.render('result_reverse_ip.html',
reverse_ip_data=reverse_ip_data_list)
def get(self, *args, **kwargs):
history = list()
cookie_username = self.get_secure_cookie(pre_system + 'username')
group_id = db.query('SELECT `group_id` FROM `system_admin_user` WHERE `username` = %s', cookie_username)[0]['group_id']
if group_id == 0:
self.redirect('/admin')
return
if cookie_username:
# sql = 'select avatar from system_admin_user WHERE username=%s'
# ret = db.query(sql, cookie_username)[0]['avatar']
# if ret != '':
# filename = ret
# else:
# filename = next_uuid()
# filename_url = 'static/img/avatar/{0}.png'.format(filename)
# if not os.path.exists(filename_url):
# if img_create(filename):
# sql = '''
# UPDATE `subdomain`.`system_admin_user` SET `avatar`=%s WHERE username=%s;
#
# '''
# ret = db.execute(sql, filename, cookie_username)
# if ret:
# pass
# else:
# filename = 'icon'
# TODO: 重新建一张历史表
# sql = '''select domain from system_task_records
# where user_id=
# (select id
# from system_admin_user
# where username=%s)
# order by query_time
# limit 10
# ;
# '''
# ret = db.query(sql, cookie_username)
# if ret:
# for i in ret:
# history.append(i['domain'])
# try:
# # 多表链接查询,查询用户搜索过的域名id 以及子域名数量
# sql = '''
# select domain_id,count(subdomain) as cot
# from system_subdomain_result as r where domain_id in
# (select id from system_domain where domain in
# (select domain from system_task_records
# where user_id =
# (select id from system_admin_user where username=%s)))
# group by r.domain_id;
# '''
# ret = mysql_cursor.query(sql, cookie_username)
# except:
# pass
# if ret:
# num = len(ret) # 结果条数
# domain_list1 = list()
# for i in range(num):
# domain_id = ret[i]['domain_id']
# subdomain_count = ret[i]['cot']
# domain_list1.append(domain_id)
# names['x%s' % i] = dict()
# names['x%s' % i]['domain_id'] = domain_id
# names['x%s' % i]['count'] = subdomain_count
#
# t = tuple(domain_list1)
# sql = '''
# select r.domain,create_time
# from system_task_records r,system_domain d
# where r.domain=d.domain and d.id
# in %s;
# '''
# try:
# ret2 = mysql_cursor.query(sql, t)
# for i in range(num):
# names['x%s' % i]['domain'] = ret2[i]['domain']
# names['x%s' % i]['create_time'] = datetime.datetime.strftime(ret2[i]['create_time'],
# '%Y-%m-%d %H:%M:%S')
# history.append(names['x%s' % i])
# except:
# pass
self.render('home.html', history=history, username=cookie_username)
# self.render('login.html')
else:
self.render('login.html')