def tasks_dispatch_web(taskID, url): app.send_task(name='ServInfo', queue='ServInfo', kwargs=dict(taskID=taskID, url=url)) app.send_task(name='CmsFinger', queue='CmsFinger', kwargs=dict(taskID=taskID, url=url)) app.send_task( name='Wappalyzer', queue='Wappalyzer', kwargs=dict(taskID=taskID, domain=url), ) app.send_task(name='SFileScan', queue='SFileScan', kwargs=dict(taskID=taskID, url=url)) _ = MongoDB() info = _.get_one_hostscan_info(taskID) if 'domain' in info.keys() and len(info['domain']) != 0: app.send_task(name='DirScan', queue='DirScan', kwargs=dict(taskID=taskID, target=info['domain'])) else: pass
def wappalyzer(self, taskID, domain): if not domain.startswith('http'): domain = 'http://' + domain wappalyzer = Wappalyzer.latest() res = '' try: webpage = WebPage.new_from_url(domain, verify=False) res = wappalyzer.analyze(webpage) print(list(res)) x = MongoDB() x.add_wappalyzer(taskID, list(res)) except requests.exceptions.ConnectTimeout as e: print(e) # 不存在该服务也会可能出现这种异常 app.send_task( name='Wappalyzer', queue='Wappalyzer', kwargs=dict(taskID=taskID, domain=domain), ) except requests.exceptions.ConnectionError as e: # 可能是该主机不存在http服务 print(e) # app.send_task(name='Wappalyzer', # queue='Wappalyzer', # kwargs=dict(taskID=taskID, domain=domain), # ) except Exception as e: print(e) return list(res)
def on_failure(self, exc, task_id, args, kwargs, einfo): print(' task fail {}:{}:{}:{}:{}'.format(exc, task_id, args, kwargs, einfo)) if self.request.retries == 1: # 连续2次失败,把任务推给 nmap print('重试失败,推送任务到PortServScan') app.send_task(name='PortServScan', queue='PortServScan', kwargs=dict(taskID=kwargs['taskID'], ip_addr=kwargs['host'], resp='syn_normal'))
def add_task(taskID, host): # app.send_task(name='PortScan', # queue='PortScan', # kwargs=dict(taskID=taskID, host=host)) ##TODO 细化poc之前直接全扫 app.send_task(name='PortServScan', queue='PortServScan', kwargs=dict(taskID=taskID, ip_addr=host, resp='syn_normal')) app.send_task(name='IpLocation', queue='IpLocation', kwargs=dict(taskID=taskID, ip=host))
def get(request, mobile): redis_conn = get_redis_connection('code') # 参数校验 params = request.query_params serializer = SmsCodeSerializer(data=params) serializer.is_valid(raise_exception=True) # 查看用户是否频繁获取 if redis_conn.get('sms_flag_%s' % mobile): return Response(status=status.HTTP_429_TOO_MANY_REQUESTS) sms_code = '%06d' % randint(0, 999999) # 在redis中设置短信接用户缓存 redis_conn.set('sms_code_%s' % mobile, sms_code, 300) redis_conn.set('sms_flag_%s' % mobile, 1, 60) # 发送短信, 利用celery异步发送 app.send_task('send_sms_code', (mobile, sms_code)) return Response({'message': 'ok'})
# app.send_task(name='CmsFinger', # queue='CmsFinger', # kwargs=dict(taskID='5d7c96f15ded2c3496c7d368',url='blog.zzp198.cn')) # # app.send_task(name='CmsFinger', # queue='CmsFinger', # kwargs=dict(taskID='5d7c96f15ded2c3496c7d368',url='188.131.133.213')) # app.send_task(name='Wappalyzer', # queue = 'Wappalyzer', # kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', domain='123.207.155.221') # ) # app.send_task(name='PortScan', # queue = 'PortScan', # kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', host='192.168.232.112') # ) # app.send_task(name='DirScan', # queue = 'DirScan', # kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', target='https://blog.ixuchao.cn') # ) # app.send_task(name='RDPassSpray', # queue='RDPassSpray', # kwargs=dict(taskID='5d7a2f0ccb102ff5bce42783',target='10.0.83.217')) app.send_task(name='PocScan', queue='PocScan', kwargs=dict(taskID='5d7a2f0ccb102ff5bce42783', ip='127.0.0.1'))
def handle_result(taskID, ip_addr, result): for key, value in result.items(): # TODO 需要添加 只有443开放但是80未开放 的情况 和web端口更改的情况 if (key == 80 or key == 443) and 'name' in value.keys() and 'http' in value['name']: tasks_dispatch_web(taskID, ip_addr) # elif key == 443 and 'name' in value.keys() and 'http' in value['name']: # tasks_dispatch(taskID, ip_addr) if 'name' in value.keys() and re.search('ms-wbt-server', value['name'], re.I): #推送给单独爆破的脚本 app.send_task(name='RDPassSpray', queue='RDPassSpray', kwargs=dict(taskID=taskID, target=ip_addr)) if key == 8080: # TODO 找出明确特征证明使用的是st2框架 pass if 'name' in value.keys(): service = value['name'] # 详见https://svn.nmap.org/nmap/nmap-services if re.search('teedtap', service, re.I): service = 'mssql' elif 'ssh' == service or re.search('tcpwrapped', service, re.I): # 'ssh' in service: service = 'ssh' elif 'mysql' == service: service = 'mysql' # elif re.search('ms-wbt-server', service, re.I): # service = 'rdp' ## 因为hydra的rdp爆破脚本过时,支持不够广泛,这里的爆破任务推送给独立爆破脚本 elif re.search('microsoft-ds', service, re.I): service = 'smb' # elif re.search('pop3', service, re.I): #太耗费时间,成功率不高 # service = 'pop3' elif re.search('telnet', service, re.I): service = 'telnet' elif re.search('ftp', service, re.I): service = 'ftp' elif re.search('memcache', service, re.I): service = 'memcache' elif re.search('postgresql', service, re.I): service = 'postgresql' elif re.search('redis', service, re.I): service = 'redis' elif re.search('oracle', service, re.I): service = 'oracle' # elif re.search('mongod', service, re.I): ##TODO mongo 爆破 # service = 'mongod' elif 'tomcat' in service: service = 'tomcat' elif re.search('^vnc-\d{1}', service, re.I): service = 'vnc' elif 'weblogic' in service: service = 'weblogic' # elif 'imap' == service: # service = 'imap' # elif 'smtp' == service: # service = 'smtp' elif 'svn' == service: service = 'svn' else: service = 'xxx' if not service == 'xxx': app.send_task(name='HydraBrute', queue='HydraBrute', kwargs=dict(taskID=taskID, username='******', dict='small', host=ip_addr, port=key, service=service)) else: print('no name in keys')
def handle_result(taskID, ip_addr, result): for key, value in result.items(): if key == 80 and 'name' in value.keys() and 'http' in value['name']: tasks_dispatch(taskID, ip_addr) elif key == 443 and 'name' in value.keys() and 'http' in value['name']: tasks_dispatch(taskID, ip_addr) if 'name' in value.keys(): service = value['name'] ##TODO 确定输出service名称的一致性 # 详见https://svn.nmap.org/nmap/nmap-services if re.search('teedtap', service, re.I): service = 'mssql' elif 'ssh' == service or re.search('tcpwrapped', service, re.I): # 'ssh' in service: service = 'ssh' elif 'mysql' == service: service = 'mysql' elif re.search('ms-wbt-server', service, re.I): service = 'rdp' elif re.search('microsoft-ds', service, re.I): service = 'smb' # elif re.search('pop3', service, re.I): #太耗费时间,成功率不高 # service = 'pop3' elif re.search('telnet', service, re.I): service = 'telnet' elif re.search('ftp', service, re.I): service = 'ftp' elif re.search('memcache', service, re.I): service = 'memcache' elif re.search('postgresql', service, re.I): service = 'postgresql' elif re.search('redis', service, re.I): service = 'redis' elif re.search('oracle', service, re.I): service = 'oracle' # elif re.search('mongodb', service, re.I): # service = 'mongo' elif 'tomcat' in service: service = 'tomcat' elif re.search('^vnc-\d{1}', service, re.I): service = 'vnc' elif 'weblogic' in service: service = 'weblogic' # elif 'imap' == service: # service = 'imap' # elif 'smtp' == service: # service = 'smtp' elif 'svn' == service: service = 'svn' else: service = 'xxx' if not service == 'xxx': app.send_task(name='HydraBrute', queue='HydraBrute', kwargs=dict(taskID=taskID, username='******', dict='small', host=ip_addr, port=key, service=service)) else: print('no name in keys')
def add_tasks(self, taskID, host): app.send_task(name='AliveScan', queue='AliveScan', kwargs=dict(taskID=taskID, ip=host, ip_type='single'))
# @Blog : https://blog.ixuchao.cn # @File : complete_publish_test.py from utils.mongo_op import MongoDB from celery_tasks.main import app x = MongoDB() id = x.add_Ftask() # app.send_task(name='AliveScan', # queue='AliveScan', # kwargs=dict(FtaskID=str(id), ip='127.0.0.1', ip_type='single')) app.send_task(name='AliveScan', queue='AliveScan', kwargs=dict(FtaskID=str(id), ip='149.129.89.150-149.129.89.170', ip_type='range')) #149.129.60.133 # app.send_task(name='AliveScan', # queue='AliveScan', # kwargs=dict(FtaskID=str(id), ip='149.129.60.200-149.129.60.250', ip_type='range')) # app.send_task(name='AliveScan', # queue='AliveScan', # kwargs=dict(FtaskID=str(id), ip='123.207.155.221', ip_type='single')) # app.send_task(name='AliveScan', # queue='AliveScan', # kwargs=dict(FtaskID=str(id), ip='123.207.155.221', ip_type='single')) # app.send_task(name='AliveScan',
def add_serv_task(taskID, host, ports): app.send_task(name='ServScan', queue='ServScan', kwargs=dict(taskID=taskID, host=host, ports=ports))