def start_scan(self): connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, {'$set': { 'task_status': 'Running' }}) for self.plugin_id in self.plugin_list: threads = [] try: plugin_info = connectiondb(plugin_db).find_one( {'_id': ObjectId(self.plugin_id)}) self.plugin_filename = plugin_info['plugin_filename'].encode( "UTF-8") self.poc_name = plugin_info['plugin_name'].encode("UTF-8") self.poc_vultype = plugin_info['plugin_vultype'].encode( "UTF-8") self.poc_mode = 'verify' for i in self.target_list: t = threading.Thread(target=self.verify_poc, args=(i, )) threads.append(t) for t in threads: t.start() while True: if len(threading.enumerate()) < scanner_thread: break except Exception as e: print(e) connectiondb(tasks_db).update_one({'_id': ObjectId(self.task_id)}, { '$set': { 'task_status': '扫描完成', 'end_date': time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) } })
def local_install(): print("[*]插件初始化...") connectiondb(plugin_db).drop() path = os.getcwd() + '/../InsectsAwake/views/modules/scanner/pocsuite_plugin/' files = os.listdir(path) for file_name in files: plugin_info = get_plugin_re(path + file_name.strip()) if plugin_info is None: pass else: var = connectiondb(plugin_db).insert_one(plugin_info).inserted_id print("[*]插件初始化完成!") print("[*]当前插件数量:", connectiondb(plugin_db).count())
def local_install(): print("[*]扫描插件初始化...") connectiondb(plugin_db).drop() path = os.getcwd() + '/pocsuite_plugin/' files = os.listdir(path) for file_name in files: plugin_info = get_plugin_re(path + file_name.strip()) if plugin_info is None: pass else: db_insert = connectiondb(plugin_db).insert_one( plugin_info).inserted_id print("[*]初始化完成!")
def nmap_scanner(target_host): target_ports = connectiondb(config_db).find_one()['port_list'] result_list = [] port_scanner = nmap.PortScanner() try: # 从数据库取出的数据要进行转换 port_scanner.scan(target_host, ','.join('%s' % port for port in target_ports)) # 遍历存活端口 for i in port_scanner[target_host].all_tcp(): if port_scanner[target_host]['tcp'][i]['state'] == 'open': # port_server_data = { # 'host': 'host:' + target_host, # 'port': 'port:' + str(i), # 'port_server': 'server:' + port_scanner[target_host]['tcp'][i]['product'], # 'banner': port_scanner[target_host]['tcp'][i]['cpe'], # } port_server_data = { 'host': target_host, 'port': i, 'port_server': port_scanner[target_host]['tcp'][i]['product'], 'banner': port_scanner[target_host]['tcp'][i]['cpe'], } result_list.append(port_server_data) except Exception as e: print target_host, e return result_list
def verify_poc(self, target): self.target = target info = { "pocname": self.poc_name, "pocstring": open(self.plugin_filename, 'r').read(), "mode": self.poc_mode } invoker = Cannon(self.target.strip(), info) result = invoker.run() if result[-3][0] == 1: vul_result = { "target": result[0], "task_name": self.task_name, "task_id": self.task_id, "poc_name": result[1], "appname": result[3], "poc_vultype": self.poc_vultype, "vulversion": result[4], "scan_date": result[-2], "scan_result": result[-1], "plugin_id": self.plugin_id } db_insert = connectiondb(vul_db).insert_one(vul_result).inserted_id if db_insert: pass
def setting_view(): config_info = connectiondb(config_db).find_one() config_json = { "subdomain": '\n'.join(config_info['subdomain']), } collections_names = db_management('collection_names') return render_template('setting.html', collections_names=collections_names, config_info=config_info, config_json=config_json)
def __init__(self): self.target_list = [] self.server_db = db_name_conf()['server_db'] self.asset_db = db_name_conf()['asset_db'] self.processes_count = int( connectiondb(config_db).find_one()['port_thread']) self.asset_id = '' self.asset_name = ''
def start_brute(inc_time): schedule.enter(inc_time, 1, start_brute, (inc_time, )) subdomain_list = connectiondb(config_db).find_one()['subdomain'] for domain_text in connectiondb(domain_db).find(): if domain_text['scan_status'] == "Preparation": domain_list = domain_text['domain_text'] domain_id = domain_text['_id'] domain_name = domain_text['domain_name'] print("++++++++++ Scan Start! ++++++++++") start_date = datetime.now() connectiondb(domain_db).update_one( {'_id': ObjectId(domain_id)}, {'$set': { 'scan_status': 'Running' }}) for target in domain_list: start = DomainsBrute(target, subdomain_list, domain_id, domain_name) start.run_multi() if domain_text['scan_option'] == "Enable": for result in connectiondb(subdomain_db).find( {'domain_id': ObjectId(domain_id)}): next_subdomain = eval(result['result']).keys()[0] start = DomainsBrute(next_subdomain, subdomain_list, domain_id, domain_name) start.run_multi() connectiondb(domain_db).update_one( {'_id': ObjectId(domain_id)}, {'$set': { 'scan_status': 'Done' }}) scan_time = datetime.now() - start_date print("++++++++++ Scan Done! ++++++++++", scan_time.total_seconds())
def configuration_change(): # 端口扫描设置 if request.form.get('source') == 'port_scan': scan_port = request.form.get('scan_port') port_thread = request.form.get('port_thread') update_doc = { 'port_list': scan_port, 'port_thread': port_thread, } connectiondb(config_db).update({'config_name': {'$regex': '.*'}}, {"$set": update_doc}) return jsonify({'data': 'success'}) # 漏洞扫描设置 elif request.form.get('source') == 'scanner_config': scanner_time = request.form.get('scanner_time') scanner_thread = request.form.get('scanner_thread') update_doc = { 'scanner_time': scanner_time, 'scanner_thread': scanner_thread, } print(update_doc) connectiondb(config_db).update_one({'config_name': {'$regex': '.*'}}, {"$set": update_doc}) return jsonify({'data': 'success'}) elif request.form.get('source') == 'subdomain_scan': subdomain_dict = request.form.get('subdomain_dict').split('\n', -1) update_doc = { 'subdomain': subdomain_dict, } print(update_doc) connectiondb(config_db).update_one({'config_name': {'$regex': '.*'}}, {"$set": update_doc}) return jsonify({'data': 'success'})
def scan_pool(self): target_list = [] for target in self.target_list: target_list.append(target.strip()) scanner_pool = multiprocessing.Pool(processes=self.processes_count) # 目前只能等待一个资产库资产扫描完毕返回结果 出现意外中断 结果没有办法保存 后期要解决掉 result = scanner_pool.map(nmap_scanner, target_list) scanner_pool.close() scanner_pool.join() if result: # 删除旧数据 connectiondb(self.server_db).remove( {'asset_id': ObjectId(self.asset_id)}) for scan_result in result: for server_data in scan_result: server_data['asset_id'] = self.asset_id server_data['asset_name'] = self.asset_name server_data['scan_date'] = datetime.now().strftime( "%Y-%m-%d %H:%M:%S") db_insert = connectiondb( self.server_db).insert_one(server_data).inserted_id if db_insert: print('[*]', self.asset_id, 'The result was saved successfully')
def save_db(self, result): data = { 'domain': self.target_domain, 'result': result, 'domain_id': self.domain_id, 'domain_name': self.domain_name, 'date': datetime.now().strftime("%Y-%m-%d %H:%M:%S") } print(data) try: inserted = connectiondb( self.subdomain_db_name).insert_one(data).inserted_id if inserted: print inserted except Exception as e: print("save_db error", e)
def start_port_scan(self): print("++++++++++ Port Scan Start! ++++++++++") for asset_data in connectiondb(self.asset_db).find(): if asset_data['scan_option'] == 'Enable': target_hosts = asset_data['asset_text'] self.asset_id = asset_data['_id'] self.asset_name = asset_data['asset_name'] for target_host in target_hosts: # 处理资产库中 以URL形式存在的资产 if 'http://' in target_host or 'https://' in target_host: target_host = urlparse(target_host).netloc.split( ':')[0] self.target_list.append(target_host) else: self.target_list = target_hosts self.scan_pool() print("++++++++++ Port Scan Done! ++++++++++")
def local_install(): print("[*]插件初始化...") connectiondb(plugin_db).drop() path = os.getcwd() + '/../InsectsAwake/views/modules/scanner/pocsuite_plugin/' files = os.listdir(path) for file_name in files: plugin_info = get_plugin_re(path + file_name.strip()) if plugin_info is None: pass else: var = connectiondb(plugin_db).insert_one(plugin_info).inserted_id print("[*]插件初始化完成!") print("[*]当前插件数量:", connectiondb(plugin_db).count()) if __name__ == "__main__": local_install() connectiondb(config_db).drop() config_data = { 'port_thread': 50, 'scanner_thread': 80, 'scanner_time': 60, 'config_name': 'test', 'port_list': [20, 21, 22, 23, 80, 81, 443, 445, 544, 873, 1080, 1433, 1434, 1521, 2100, 3306, 3389, 4440, 5671, 5672, 5900, 5984, 6379, 7001, 8080, 8081, 8089, 8888, 9090, 9200, 11211, 15672, 27017, 50070], 'subdomain': '' } db_insert = connectiondb(config_db).insert_one(config_data).inserted_id
# @Desc : "" import sched import time import datetime from pocsuite.api.cannon import Cannon from bson.objectid import ObjectId import threading from InsectsAwake.views.lib.mongo_db import connectiondb, db_name_conf schedule = sched.scheduler(time.time, time.sleep) config_db = db_name_conf()['config_db'] tasks_db = db_name_conf()['tasks_db'] vul_db = db_name_conf()['vul_db'] plugin_db = db_name_conf()['plugin_db'] scanner_thread = int(connectiondb(config_db).find_one()['scanner_thread']) class PocsuiteScan: def __init__(self, inc_time): self.inc_time = inc_time self.target_list = '' self.target = '' self.plugin_list = '' self.task_name = '' self.task_id = '' self.task_status = '' self.task_plan = '' self.poc_name = '' self.poc_filename = '' self.poc_mode = ''
def periodic_tasks(self): schedule.enter(self.inc_time, 1, self.periodic_tasks, ()) # Timer(5, periodic_tasks, ()).start() for task_info in connectiondb(tasks_db).find(): self.target_list = task_info['scan_target_list'] self.plugin_list = task_info['plugin_id'] self.task_name = task_info['task_name'] self.task_status = task_info['task_status'] self.task_plan = int(task_info['task_plan']) self.task_id = task_info['_id'] end_date = task_info['end_date'] # Single task execution immediately if self.task_plan == 0 and "Preparation" in self.task_status: print("Temporary plan start...", time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())) self.start_scan() # 日扫描计划开始 if self.task_plan == 1: if "Preparation" in self.task_status: print("Day plan start......", self.task_name) # The first scan has no end time, start the task directly self.start_scan() elif "Running" in self.task_status: pass else: start_date = datetime.datetime.strptime( end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24: self.start_scan() else: pass # 周扫描计划 elif self.task_plan == 7: if "Preparation" in self.task_status: print("Weekly plan start...", self.task_name) self.start_scan() elif "Running" in self.task_status: pass else: start_date = datetime.datetime.strptime( end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24 * 7: self.start_scan() else: pass # 月扫描计划 elif self.task_plan == 30: if "Preparation" in self.task_status: print("Month plan start...", self.task_name) self.start_scan() elif "Running" in self.task_status: pass else: start_date = datetime.datetime.strptime( end_date, "%Y-%m-%d %H:%M:%S") plan_time = (datetime.datetime.now() - start_date).total_seconds() if plan_time > 60 * 60 * 24 * 30: self.start_scan() else: pass
def scanner(): config_db = db_name_conf()['config_db'] scanner_time = int(connectiondb(config_db).find_one()['scanner_time']) print('Scanner is start...') scanner_loop_execute(scanner_time)
def dev_tools(): if request.method == 'POST': collections_name = request.form.get('collections_name') db_command = request.form.get('db_command') object_id = request.form.get('object_id') result_json = {} print collections_name, db_command, object_id # 单条查询 if int(db_command) == 1: result = connectiondb(collections_name).find_one() result_json = { 'result': str(result) } # 批量查询 elif int(db_command) == 2: result = [] if not object_id == "": try: result_cursor = connectiondb(collections_name).find(object_id) for i in result_cursor: result.append(i) result_json = { 'result': str(result) } print(result_json) except Exception as e: print(e) # 返回全部数据 else: try: result_cursor = connectiondb(collections_name).find() for i in result_cursor: result.append(i) print(result) result_json = { 'result': str(result) } print(result_json) except Exception as e: print(e) # 删除集合数据 elif int(db_command) == 3: if not object_id == "": print collections_name, object_id try: connectiondb(collections_name).delete_one({'_id': ObjectId(object_id)}) result_json = { 'result': "删除" + str(collections_name) + " 成功!" } except Exception as e: print(e) else: try: connectiondb(collections_name).drop() result_json = { 'result': "删除" + str(collections_name) + " 成功!" } print(result_json) except Exception as e: print(e) return jsonify(result_json) config_info = connectiondb(config_db).find_one() collections_names = db_management('collection_names') return render_template('dev-tools.html', collections_names=collections_names, config_info=config_info)