def tasks_dispatch_web(taskID, url):
app.send_task(name='ServInfo',
queue='ServInfo',
kwargs=dict(taskID=taskID, url=url))
app.send_task(name='CmsFinger',
queue='CmsFinger',
kwargs=dict(taskID=taskID, url=url))
app.send_task(
name='Wappalyzer',
queue='Wappalyzer',
kwargs=dict(taskID=taskID, domain=url),
)
app.send_task(name='SFileScan',
queue='SFileScan',
kwargs=dict(taskID=taskID, url=url))
_ = MongoDB()
info = _.get_one_hostscan_info(taskID)
if 'domain' in info.keys() and len(info['domain']) != 0:
app.send_task(name='DirScan',
queue='DirScan',
kwargs=dict(taskID=taskID, target=info['domain']))
else:
pass
def wappalyzer(self, taskID, domain):
if not domain.startswith('http'):
domain = 'http://' + domain
wappalyzer = Wappalyzer.latest()
res = ''
try:
webpage = WebPage.new_from_url(domain, verify=False)
res = wappalyzer.analyze(webpage)
print(list(res))
x = MongoDB()
x.add_wappalyzer(taskID, list(res))
except requests.exceptions.ConnectTimeout as e:
print(e)
# 不存在该服务也会可能出现这种异常
app.send_task(
name='Wappalyzer',
queue='Wappalyzer',
kwargs=dict(taskID=taskID, domain=domain),
)
except requests.exceptions.ConnectionError as e:
# 可能是该主机不存在http服务
print(e)
# app.send_task(name='Wappalyzer',
# queue='Wappalyzer',
# kwargs=dict(taskID=taskID, domain=domain),
# )
except Exception as e:
print(e)
return list(res)
def on_failure(self, exc, task_id, args, kwargs, einfo):
print(' task fail {}:{}:{}:{}:{}'.format(exc, task_id, args, kwargs,
einfo))
if self.request.retries == 1:
# 连续2次失败,把任务推给 nmap
print('重试失败,推送任务到PortServScan')
app.send_task(name='PortServScan',
queue='PortServScan',
kwargs=dict(taskID=kwargs['taskID'],
ip_addr=kwargs['host'],
resp='syn_normal'))
def add_task(taskID, host):
# app.send_task(name='PortScan',
# queue='PortScan',
# kwargs=dict(taskID=taskID, host=host))
##TODO 细化poc之前直接全扫
app.send_task(name='PortServScan',
queue='PortServScan',
kwargs=dict(taskID=taskID, ip_addr=host, resp='syn_normal'))
app.send_task(name='IpLocation',
queue='IpLocation',
kwargs=dict(taskID=taskID, ip=host))
def get(request, mobile):
redis_conn = get_redis_connection('code')
# 参数校验
params = request.query_params
serializer = SmsCodeSerializer(data=params)
serializer.is_valid(raise_exception=True)
# 查看用户是否频繁获取
if redis_conn.get('sms_flag_%s' % mobile):
return Response(status=status.HTTP_429_TOO_MANY_REQUESTS)
sms_code = '%06d' % randint(0, 999999)
# 在redis中设置短信接用户缓存
redis_conn.set('sms_code_%s' % mobile, sms_code, 300)
redis_conn.set('sms_flag_%s' % mobile, 1, 60)
# 发送短信, 利用celery异步发送
app.send_task('send_sms_code', (mobile, sms_code))
return Response({'message': 'ok'})
# app.send_task(name='CmsFinger',
# queue='CmsFinger',
# kwargs=dict(taskID='5d7c96f15ded2c3496c7d368',url='blog.zzp198.cn'))
#
# app.send_task(name='CmsFinger',
# queue='CmsFinger',
# kwargs=dict(taskID='5d7c96f15ded2c3496c7d368',url='188.131.133.213'))
# app.send_task(name='Wappalyzer',
# queue = 'Wappalyzer',
# kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', domain='123.207.155.221')
# )
# app.send_task(name='PortScan',
# queue = 'PortScan',
# kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', host='192.168.232.112')
# )
# app.send_task(name='DirScan',
# queue = 'DirScan',
# kwargs=dict(taskID='5d7a2f0ccb102ff5bce42782', target='https://blog.ixuchao.cn')
# )
# app.send_task(name='RDPassSpray',
# queue='RDPassSpray',
# kwargs=dict(taskID='5d7a2f0ccb102ff5bce42783',target='10.0.83.217'))
app.send_task(name='PocScan',
queue='PocScan',
kwargs=dict(taskID='5d7a2f0ccb102ff5bce42783', ip='127.0.0.1'))
def handle_result(taskID, ip_addr, result):
for key, value in result.items():
# TODO 需要添加 只有443开放但是80未开放 的情况 和web端口更改的情况
if (key == 80 or key
== 443) and 'name' in value.keys() and 'http' in value['name']:
tasks_dispatch_web(taskID, ip_addr)
# elif key == 443 and 'name' in value.keys() and 'http' in value['name']:
# tasks_dispatch(taskID, ip_addr)
if 'name' in value.keys() and re.search('ms-wbt-server', value['name'],
re.I):
#推送给单独爆破的脚本
app.send_task(name='RDPassSpray',
queue='RDPassSpray',
kwargs=dict(taskID=taskID, target=ip_addr))
if key == 8080:
# TODO 找出明确特征证明使用的是st2框架
pass
if 'name' in value.keys():
service = value['name']
# 详见https://svn.nmap.org/nmap/nmap-services
if re.search('teedtap', service, re.I):
service = 'mssql'
elif 'ssh' == service or re.search('tcpwrapped', service,
re.I): # 'ssh' in service:
service = 'ssh'
elif 'mysql' == service:
service = 'mysql'
# elif re.search('ms-wbt-server', service, re.I):
# service = 'rdp'
## 因为hydra的rdp爆破脚本过时,支持不够广泛,这里的爆破任务推送给独立爆破脚本
elif re.search('microsoft-ds', service, re.I):
service = 'smb'
# elif re.search('pop3', service, re.I): #太耗费时间,成功率不高
# service = 'pop3'
elif re.search('telnet', service, re.I):
service = 'telnet'
elif re.search('ftp', service, re.I):
service = 'ftp'
elif re.search('memcache', service, re.I):
service = 'memcache'
elif re.search('postgresql', service, re.I):
service = 'postgresql'
elif re.search('redis', service, re.I):
service = 'redis'
elif re.search('oracle', service, re.I):
service = 'oracle'
# elif re.search('mongod', service, re.I): ##TODO mongo 爆破
# service = 'mongod'
elif 'tomcat' in service:
service = 'tomcat'
elif re.search('^vnc-\d{1}', service, re.I):
service = 'vnc'
elif 'weblogic' in service:
service = 'weblogic'
# elif 'imap' == service:
# service = 'imap'
# elif 'smtp' == service:
# service = 'smtp'
elif 'svn' == service:
service = 'svn'
else:
service = 'xxx'
if not service == 'xxx':
app.send_task(name='HydraBrute',
queue='HydraBrute',
kwargs=dict(taskID=taskID,
username='******',
dict='small',
host=ip_addr,
port=key,
service=service))
else:
print('no name in keys')
def handle_result(taskID, ip_addr, result):
for key, value in result.items():
if key == 80 and 'name' in value.keys() and 'http' in value['name']:
tasks_dispatch(taskID, ip_addr)
elif key == 443 and 'name' in value.keys() and 'http' in value['name']:
tasks_dispatch(taskID, ip_addr)
if 'name' in value.keys():
service = value['name']
##TODO 确定输出service名称的一致性
# 详见https://svn.nmap.org/nmap/nmap-services
if re.search('teedtap', service, re.I):
service = 'mssql'
elif 'ssh' == service or re.search('tcpwrapped', service,
re.I): # 'ssh' in service:
service = 'ssh'
elif 'mysql' == service:
service = 'mysql'
elif re.search('ms-wbt-server', service, re.I):
service = 'rdp'
elif re.search('microsoft-ds', service, re.I):
service = 'smb'
# elif re.search('pop3', service, re.I): #太耗费时间,成功率不高
# service = 'pop3'
elif re.search('telnet', service, re.I):
service = 'telnet'
elif re.search('ftp', service, re.I):
service = 'ftp'
elif re.search('memcache', service, re.I):
service = 'memcache'
elif re.search('postgresql', service, re.I):
service = 'postgresql'
elif re.search('redis', service, re.I):
service = 'redis'
elif re.search('oracle', service, re.I):
service = 'oracle'
# elif re.search('mongodb', service, re.I):
# service = 'mongo'
elif 'tomcat' in service:
service = 'tomcat'
elif re.search('^vnc-\d{1}', service, re.I):
service = 'vnc'
elif 'weblogic' in service:
service = 'weblogic'
# elif 'imap' == service:
# service = 'imap'
# elif 'smtp' == service:
# service = 'smtp'
elif 'svn' == service:
service = 'svn'
else:
service = 'xxx'
if not service == 'xxx':
app.send_task(name='HydraBrute',
queue='HydraBrute',
kwargs=dict(taskID=taskID,
username='******',
dict='small',
host=ip_addr,
port=key,
service=service))
else:
print('no name in keys')
def add_tasks(self, taskID, host):
app.send_task(name='AliveScan',
queue='AliveScan',
kwargs=dict(taskID=taskID, ip=host, ip_type='single'))
# @Blog : https://blog.ixuchao.cn
# @File : complete_publish_test.py
from utils.mongo_op import MongoDB
from celery_tasks.main import app
x = MongoDB()
id = x.add_Ftask()
# app.send_task(name='AliveScan',
# queue='AliveScan',
# kwargs=dict(FtaskID=str(id), ip='127.0.0.1', ip_type='single'))
app.send_task(name='AliveScan',
queue='AliveScan',
kwargs=dict(FtaskID=str(id),
ip='149.129.89.150-149.129.89.170',
ip_type='range'))
#149.129.60.133
# app.send_task(name='AliveScan',
# queue='AliveScan',
# kwargs=dict(FtaskID=str(id), ip='149.129.60.200-149.129.60.250', ip_type='range'))
# app.send_task(name='AliveScan',
# queue='AliveScan',
# kwargs=dict(FtaskID=str(id), ip='123.207.155.221', ip_type='single'))
# app.send_task(name='AliveScan',
# queue='AliveScan',
# kwargs=dict(FtaskID=str(id), ip='123.207.155.221', ip_type='single'))
# app.send_task(name='AliveScan',
def add_serv_task(taskID, host, ports):
app.send_task(name='ServScan',
queue='ServScan',
kwargs=dict(taskID=taskID, host=host, ports=ports))