def __init__(self):
self.port_scan = Port_Scan()
self.mysqldb = Mysql_db()
self.aes_crypto = Aes_Crypto()
self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
if not os.path.isdir(self.plugin_path):
raise EnvironmentError
self.items = os.listdir(self.plugin_path)
DATABASE = sys.path[0] + '/mydb.db'
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024
CORS(app, supports_credentials=True)
mysqldb = Mysql_db()
mysqldb.create_database('linbing')
mysqldb.create_user()
mysqldb.create_target()
mysqldb.create_vulnerability()
mysqldb.create_delete_target()
mysqldb.create_delete_vulnerability()
aes_crypto = Aes_Crypto()
rsa_crypto = Rsa_Crypto()
port_scan = Port_Scan()
def parse_target(target):
scan_ip = ''
try:
url_result = re.findall('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+',
target)
if url_result == []:
ip_result = re.findall(
r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b",
target)
if ip_result == []:
domain_regex = re.compile(
r'(?:[A-Z0-9_](?:[A-Z0-9-_]{0,247}[A-Z0-9])?\.)+(?:[A-Z]{2,6}|[A-Z0-9-]{2,}(?<!-))\Z',
re.IGNORECASE)
class Multiply_Thread():
def __init__(self):
self.port_scan = Port_Scan()
self.mysqldb = Mysql_db()
self.aes_crypto = Aes_Crypto()
self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
if not os.path.isdir(self.plugin_path):
raise EnvironmentError
self.items = os.listdir(self.plugin_path)
def async_exe(self, func, args = None, kwargs = None, delay = 0):
"""异步执行方法
:param func: 待执行方法
:param args: 方法args参数
:param kwargs: 方法kwargs参数
:param delay: 执行延迟时间
:return: 执行线程对象
"""
args = args or ()
kwargs = kwargs or {}
def tmp():
self.run(*args, **kwargs)
scheduler = sched.scheduler(time.time, time.sleep)
scheduler.enter(delay, 10, tmp, ())
thread = threading.Thread(target = scheduler.run)
thread.start()
return thread
def run(self, *args, **kwargs):
scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target'])
if scan_set['scanner'] == 'nmap':
scan_list = self.port_scan.nmap_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'])
else:
scan_list = self.port_scan.masscan_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'], scan_set['rate'])
self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '开始POC检测')
for ip_port in scan_list:
for item in self.items:
poc_path = os.path.join(self.plugin_path, item)
if '.py' not in poc_path:
poc_items = os.listdir(poc_path)
for poc_item in poc_items:
if poc_item.endswith(".py") and not poc_item.startswith('__'):
plugin_name = poc_item[:-3]
module = importlib.import_module('app.plugins.' + item + '.' + plugin_name)
try:
class_name = plugin_name + '_BaseVerify'
url = 'http://' + ip_port
get_class = getattr(module, class_name)(url)
result = get_class.run()
if result:
if not self.mysqldb.get_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)):
self.mysqldb.save_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(plugin_name))
else:
self.mysqldb.update_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name))
else:
pass
except:
pass
else:
continue
self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')
class Multiply_Thread():
def __init__(self, mysqldb):
self.port_scan = Port_Scan(mysqldb)
self.mysqldb = mysqldb
self.aes_crypto = Aes_Crypto()
self.plugin_path = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "plugins")
if not os.path.isdir(self.plugin_path):
raise EnvironmentError
self.items = os.listdir(self.plugin_path)
def async_exe(self, func, args=None, kwargs=None, delay=0):
"""异步执行方法
:param func: 待执行方法
:param args: 方法args参数
:param kwargs: 方法kwargs参数
:param delay: 执行延迟时间
:return: 执行线程对象
"""
args = args or ()
kwargs = kwargs or {}
def tmp():
self.run(*args, **kwargs)
scheduler = sched.scheduler(time.time, time.sleep)
scheduler.enter(delay, 10, tmp, ())
thread = threading.Thread(target=scheduler.run)
thread.start()
return thread
async def coroutine_execution(self, function, loop, semaphore, kwargs,
ip_port, plugin_name):
"""
多协程执行方法
:param func: 待执行方法
:param loop: loop 对象
:param semaphore: 协程并发数量
:param kwargs: kwargs参数,方便与数据库联动,保存到数据库
:param ip_port: 目标的ip和端口,方便与数据库联动,保存到数据库
:param plugin_name: 插件的名字,方便与数据库联动,保存到数据库
:return: 执行线程对象
"""
async with semaphore:
try:
result = await loop.run_in_executor(
None, functools.partial(function.run))
if result:
if not self.mysqldb.get_vulnerability(
kwargs['username'], kwargs['target'],
self.aes_crypto.encrypt(ip_port),
self.aes_crypto.encrypt(plugin_name)):
self.mysqldb.save_vulnerability(
kwargs['username'], kwargs['target'],
self.aes_crypto.encrypt(plugin_name),
self.aes_crypto.encrypt(ip_port),
self.aes_crypto.encrypt(plugin_name),
self.aes_crypto.encrypt(plugin_name))
else:
self.mysqldb.update_vulnerability(
kwargs['username'], kwargs['target'],
self.aes_crypto.encrypt(ip_port),
self.aes_crypto.encrypt(plugin_name))
else:
pass
except Exception as e:
#print(e)
pass
def sub_domain(self, username, target, description, domain):
"""
调用oneforall爆破子域名
:param username: 用户名
:param targer: 目标
:param description: 目标描述
:param domain: 要爆破的域名
:return:
"""
oneforall = OneForAll(domain)
datas = oneforall.run()
for domain in datas:
self.mysqldb.save_target_domain(
username, target, description,
self.aes_crypto.encrypt(domain['subdomain']),
self.aes_crypto.encrypt(domain['ip']))
#print(domain['alive'])
#print(domain['port'])
#print(domain['cdn'])
#print(domain['title'])
#print(domain['banner'])
def run(self, *args, **kwargs):
scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target'])
if kwargs['domain']:
self.mysqldb.update_scan(kwargs['username'], kwargs['target'],
'开始子域名检测')
self.sub_domain(kwargs['username'], kwargs['target'],
kwargs['description'], kwargs['domain'][0])
if scan_set['scanner'] == 'nmap':
scan_list = self.port_scan.nmap_scan(
kwargs['username'], kwargs['target'], kwargs['description'],
kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'])
else:
scan_list = self.port_scan.masscan_scan(
kwargs['username'], kwargs['target'], kwargs['description'],
kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'],
scan_set['rate'])
self.mysqldb.update_scan(kwargs['username'], kwargs['target'],
'开始POC检测')
new_loop = asyncio.new_event_loop()
asyncio.set_event_loop(new_loop)
semaphore = asyncio.Semaphore(int(scan_set['concurren_number']))
tasks = []
loop = asyncio.get_event_loop()
for ip_port in scan_list:
for item in self.items:
poc_path = os.path.join(self.plugin_path, item)
if '.py' not in poc_path:
poc_items = os.listdir(poc_path)
for poc_item in poc_items:
if poc_item.endswith(
".py") and not poc_item.startswith(
'__') and 'ajpy' not in poc_item:
plugin_name = poc_item[:-3]
module = importlib.import_module('app.plugins.' +
item + '.' +
plugin_name)
try:
class_name = plugin_name + '_BaseVerify'
url = 'http://' + ip_port
get_class = getattr(module, class_name)(url)
future = asyncio.ensure_future(
self.coroutine_execution(
get_class, loop, semaphore, kwargs,
ip_port, plugin_name))
tasks.append(future)
except Exception as e:
print(e)
pass
else:
continue
loop.run_until_complete(asyncio.wait(tasks))
self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')