def create_task(self, id, pid, type, task_type, ip, port,
attack_task_id_dict):
"""
创建爆破子任务
:param pid:
:return:
"""
try:
portcrack = PortCrack()
portcrack.id = pid
if task_type == "create":
PortCrackChild.objects.create(id=id,
ip=ip,
port=port,
pid=portcrack,
start_time=currenttime(),
status="running",
type=type,
progress="0.00")
return True, id
elif task_type == "start":
# 获取暂停任务的id
id = attack_task_id_dict[ip + port]
PortCrackChild.objects.filter(id=id, status="pause").update(
pid=portcrack, status="running", end_time=currenttime())
return True, id
except:
print traceback.format_exc()
return False, id
def exploit(self):
while True:
if self.cms_queue.empty() is False:
obj = CmsInfo.objects.get(id=self.id)
if obj is None or obj.status == "stop":
#print "任务【%s】被删除" % self.id
break
exp_info = eval(str(self.cms_queue.get()))
# 不要忘记请求图片类型,无法获取content
cms_name = exp_info.get("cms")
version = exp_info.get("version")
keyword = exp_info.get("keyword")
cms_md5 = exp_info.get("md5")
url = self.host + exp_info.get("url")
http = Http('http', self.host, "")
html_content, code = http.post_(url)
# 计算进度
progress = 1 - float(
format(
float(self.cms_queue.qsize()) /
float(self.cms_queue_oldsize), '.4f'))
progress = '%.2f' % (progress * 100)
# 实时日志
log = "【%s】正在测试【%s】" % (str(progress) + "%", str(url))
#print log
CmsInfo.objects.filter(id=self.id, locker="false").update(
end_time=currenttime(),
status="running",
progress=progress,
log=str(log))
# 如果有关键字,就用关键字比较
if code == 200:
md5 = self.get_md5_value(html_content)
if cms_md5 == "" or cms_md5 is None:
# 当md5为空时,比较关键字
if keyword in html_content:
self.save(exp_info, keyword, cms_name, version)
break
if md5 == cms_md5:
self.save(exp_info, md5, cms_name, version)
break
else:
CmsInfo.objects.filter(id=self.id, locker="false").update(
end_time=currenttime(),
status="success",
progress="100",
log="【%s】检测完成" % self.host,
locker="true")
self.cms_queue.queue.clear()
break
def update_task(self,pid):
"""
更新总任务状态
:param pid:
:return:
"""
while True:
#print "正在执行"
portcrack = None
try:
portcrack = PortCrack.objects.get(id=pid)
except:
print "任务id【%s】不存在了" % pid
return
if portcrack.status == "pause":
return
child_set = portcrack.portcrackchild_set.all()
# 所有任务长度
all_length = len(child_set)
# 未完成任务
not_success = child_set.filter(Q(status="running") | Q(status="pause"))
# 已完成任务个数
success_num = all_length - len(not_success)
now_progress = 0
log = ""
# 在总进度中统计爆破成功的用户名密码[{"ip":"","port":"","username":"","password":""}]
portcrack_success = []
# 统计总任务进度
for child in child_set:
progress_ = self.formatnum(child.progress)
now_progress = now_progress + progress_
# 统计日志
log = log + str(child.log) + "\n"
if child.status == "success" and child.progress == "100":
portcrack_success.append({"ip":child.ip.encode("utf-8"),"port":child.port.encode("utf-8"),"username":child.username.encode("utf-8"),"password":child.password.encode("utf-8")})
# 计算总任务进度
progress = now_progress/(all_length)
# 当所有的任务都不为running时说明都爆破完成了,无论是成功还是失败。
if success_num == all_length:
PortCrack.objects.filter(id=pid).update(end_time=currenttime(),status="success",result=str(portcrack_success),progress="100",log="爆破结束,结果请看详情\n" + log)
return
else:
PortCrack.objects.filter(id=pid).update(end_time=currenttime(),result=str(portcrack_success),progress=str(progress),log=log)
# 每2秒轮询一次
time.sleep(2)
def __init__(self, host, threads):
self.threads = threads
self.host = host
self.id = ""
self.cms_queue_oldsize = 0
self.cms = False
# 初始化字典
cms_info_file = open(os.getcwd() + "/AnyScanUI/cms/" + 'cms_info.json')
# cms信息Queue
cms_queue = Queue.Queue(maxsize=10)
try:
cms_info_str = cms_info_file.read()
cms_info = eval(cms_info_str)
self.cms_queue = Queue.Queue(maxsize=len(cms_info))
self.cms_queue_oldsize = len(cms_info)
for info in cms_info:
self.cms_queue.put(info)
id = str(uuid.uuid1())
self.id = id
# 初始化数据库数据
CmsInfo.objects.create(id=id,
start_time=currenttime(),
status="running",
host=self.host,
threads=self.threads,
progress="0.00")
except:
print traceback.format_exc()
finally:
cms_info_file.close()
def __init__(self, urls, payload, threads, commond):
self.payload = payload
if type(urls) == str:
self.targets = urls.split(",")
elif type(urls) == list:
self.targets = urls
self.threads = threads
self.commond = commond
# target信息Queue
self.target_queue = Queue.Queue(maxsize=len(self.targets))
self.target_queue_old_size = len(self.targets)
try:
for target in self.targets:
self.target_queue.put(target)
print self.target_queue.qsize()
self.pid = str(uuid.uuid1())
self.parent = poc_main()
self.parent.id = self.pid
# 初始化数据库主数据
poc_main.objects.create(id=self.pid,
start_time=currenttime(),
status="running",
commond=self.commond,
threads=self.threads,
progress="0.00")
except:
print traceback.format_exc()
def __init__(self, commond="", count=1000, tn="json", threads=10):
self.commond = commond
#rn——一页显示多少条,最大50
self.rn = 50
#pn—— pn = rn * (当前页数) 页数从0开始为第一页
self.pn = 0
self.tn = tn
self.threads = threads
self.id = str(uuid.uuid1())
# 计算所有要查询的http请求次数
self.pn_queue = Queue.Queue(maxsize=count / self.rn)
# 保存搜集到的url
self.targets_queue = Queue.Queue(maxsize=count)
for i in range(0, count / self.rn):
self.pn_queue.put(i * self.rn)
print i * self.rn
# 初始化数据库记录
poc_urls.objects.create(id=self.id,
start_time=currenttime(),
status="running",
commond=self.commond,
threads=self.threads,
counts=0,
log="【%s】正在采集【%s】相关网站" %
(str(0), self.commond))
def save(self, exp_info, keyword, cms_name, version):
"""
保存检测成功感的日志
:param exp_info:
:param keyword:
:param cms_name:
:param version:
:return:
"""
self.cms = True
log = "【%s】检测成功,Payload为【%s】,CMS为【%s】,版本信息【%s】" % (
self.host, exp_info.get("url"), cms_name, version)
CmsInfo.objects.filter(id=self.id, locker="false").update(
end_time=currenttime(),
status="success",
progress="100",
log=str(log),
locker="true",
cms=cms_name,
version=version,
keyword=keyword,
payload=exp_info.get("url"))
self.cms_queue.queue.clear()
def exploit(self):
host = self.host
while True:
if self.cms_queue.empty() is False:
obj = CmsInfo.objects.get(id=self.id)
if obj is None:
print "任务【%s】被删除" % self.id
break
if obj.status == "stop":
print "任务【%s】被停止" % self.id
break
exp_info = self.cms_queue.get()
exp_info = eval(str(exp_info))
# 不要忘记请求图片类型,无法获取content
cms_name = exp_info.get("cms")
version = exp_info.get("version")
keyword = exp_info.get("keyword")
url = host + exp_info.get("url")
http = Http('http', host, "")
html_content, redirect_url = http.post_(url)
# 计算进度
progress = 1 - float(
format(
float(self.cms_queue.qsize()) /
float(self.cms_queue_oldsize), '.4f'))
progress = '%.2f' % (progress * 100)
# 实时日志
log = "【%s】正在测试【%s】" % (str(progress) + "%", str(url))
print log
CmsInfo.objects.filter(id=self.id, locker="false").update(
end_time=currenttime(),
status="running",
progress=progress,
log=str(log))
# 如果有关键字,就用关键字比较
if keyword != "" and keyword is not None:
if html_content is None:
print "检测失败" + url
self.cms = False
continue
if keyword.upper() in html_content.upper():
self.cms = True
print "检测成功2" + url
log = "【%s】检测成功,Payload为【%s】,关键字【%s】,CMS为【%s】,版本信息【%s】" % (
host, exp_info.get("url"), keyword, cms_name,
version)
CmsInfo.objects.filter(id=self.id,
locker="false").update(
end_time=currenttime(),
status="success",
progress="100",
log=str(log),
locker="true",
cms=cms_name,
version=version,
keyword=keyword,
payload=exp_info.get("url"))
self.cms_queue.queue.clear()
break
else:
# 当没有关键字,只能通过文件来判断是否存在时,需要检测重定向url是否为原来的url,如果不是说明文件不存在
if html_content is not None and redirect_url == url:
self.cms = True
print "检测成功3" + url
log = "【%s】检测成功,Payload为【%s】,关键字【%s】,CMS为【%s】,版本信息【%s】" % (
host, exp_info.get("url"), keyword, cms_name,
version)
CmsInfo.objects.filter(id=self.id,
locker="false").update(
end_time=currenttime(),
status="success",
progress="100",
log=log,
locker="true",
cms=cms_name,
version=version,
payload=exp_info.get("url"))
self.cms_queue.queue.clear()
break
else:
self.cms = False
print "检测失败" + url
continue
else:
CmsInfo.objects.filter(id=self.id, locker="false").update(
end_time=currenttime(),
status="success",
progress="100",
log="【%s】检测完成" % host,
locker="true")
self.cms_queue.queue.clear()
break
def run(self):
reload(sys)
sys.setdefaultencoding('utf8')
ip_ = str(self.param["ip"])
port_ = str(self.param["port"])
# 当前任务id
id_ = str(self.param["id"])
# 当前任务爆破功能函数
callback = self.param["callback"]
# 获取单个爆破线程
thread = self.__attackObject.getThreads()
# 攻击类型
attack_type = self.param["attack_type"]
portcrackchild = None
while True:
#print "正在破解"
if self.__attackObject.locker.get(ip_ + port_) is True:
# 清空队列
self.__attackObject.getAttack_queue_dict(ip_ +
port_).queue.clear()
PortCrackChild.objects.filter(id=id_, locker="false").update(
end_time=currenttime(),
status="success",
progress=str("100"),
log=self.__attackObject.getFinishLog((ip_, port_)))
print "任务被停止1 %s" % ip_
break
try:
# 获取当前爆破任务的状态,如果已经是lock状态,那么任务暂停。
portcrackchild = PortCrackChild.objects.get(id=id_)
# 如果任务不存在了,直接结束任务
except:
# 将当前的字典queue对象保存到数据库,在下次启动是读取该queue进行爆破
crack_list = list(
self.__attackObject.getAttack_queue_dict(ip_ +
port_).queue)
print "任务被停止2 %s" % ip_
break
if portcrackchild.status == "pause":
# 将当前的字典queue对象保存到数据库,在下次启动是读取该queue进行爆破
crack_list = list(
self.__attackObject.getAttack_queue_dict(ip_ +
port_).queue)
# 保存当前任务的状态,主要是剩余的字典
if self.__attackObject.getAttack_queue_dict(ip_ +
port_).qsize() > 0:
__crack_list = json.dumps(crack_list)
#print __crack_list
PortCrackChild.objects.filter(
id=id_,
locker="false").update(attack_queue_list=__crack_list,
end_time=currenttime(),
threads=thread)
print "任务被暂停3 %s" % ip_
# 清空队列
self.__attackObject.getAttack_queue_dict(ip_ +
port_).queue.clear()
break
username_ = ""
password_ = ""
if self.__attackObject.getAttack_queue_dict(
ip_ + port_).empty() is False:
# 获取当前爆破字典queue
up_ = self.__attackObject.getAttack_queue_dict(ip_ +
port_).get()
username_ = str(up_[0])
password_ = str(up_[1])
# 计算进度
c_size = self.__attackObject.getAttack_queue_dict(
ip_ + port_).qsize()
o_size = self.__attackObject.getAttack_queue_size_dict(ip_ +
port_)
progress = 1 - float(
format(float(c_size) / float(o_size), '.4f'))
progress = '%.2f' % (progress * 100)
param = (ip_, port_, attack_type, progress + "%", username_,
password_)
print "正在爆破 %s:%s" % (ip_, port_)
# 读取log日志
log = self.__attackObject.getLog(param)
# 如果连接成功,说明用户名密码正确
if callback(ip_, username_, password_):
# 清空队列
self.__attackObject.getAttack_queue_dict(
ip_ + port_).queue.clear()
self.__attackObject.locker[ip_ + port_] = True
PortCrackChild.objects.filter(
id=id_, locker="false").update(
end_time=currenttime(),
status="success",
locker="true",
username=username_,
password=password_,
progress=str("100"),
log=self.__attackObject.getSuccessLog(
(ip_, port_, attack_type, username_,
password_)))
print "破解成功,填充线程队列 %s" % self.__attackObject.threads_queue.qsize(
)
for i in range(0, thread):
self.__attackObject.threads_queue.put("")
break
else:
# 更新日志数据
PortCrackChild.objects.filter(
id=id_, locker="false").update(end_time=currenttime(),
old_queue_size=o_size,
type=attack_type,
progress=str(progress),
log=str(log),
threads=thread)
else:
print "任务被停止4 %s" % ip_
# 如果字典队列空了,那么直接关掉跳出循环,更新为爆破完成,暂时为success
if self.__attackObject.locker.get(ip_ + port_) != True:
self.__attackObject.locker[ip_ + port_] = True
PortCrackChild.objects.filter(
id=id_, locker="false").update(end_time=currenttime(),
status="success",
progress=str("100"))
def exploit(self):
"""
exploit
:return:
"""
try:
while True:
if self.target_queue.empty() is False:
try:
target = str(self.target_queue.get())
status = False
keyword = ""
try:
code = compile(self.payload, '<string>', 'exec')
runtime = {"target": target}
exec code in runtime
status = runtime.get("status")
keyword = runtime.get("keyword")
if status is None or keyword is None:
status = False
keyword = ""
except:
pass
id = str(uuid.uuid1())
poc_chil.objects.create(id=id,
pid=self.parent,
commond=self.commond,
vulnerable=status,
host=target,
keyword=keyword)
# 计算进度
progress = 1 - float(
format(
float(self.target_queue.qsize()) /
float(self.target_queue_old_size), '.4f'))
progress = '%.2f' % (progress * 100)
# log
log = "【%s】正在测试【%s】" % (str(progress) + "%", target)
poc_main.objects.filter(id=self.pid,
locker="false").update(
end_time=currenttime(),
status="running",
log=log,
progress=progress)
except:
pass
print traceback.format_exc()
else:
#print "空了"
# 需要检测的目标为空了,更新主任务数据
poc_main.objects.filter(id=self.pid,
locker="false").update(
end_time=currenttime(),
status="success",
log="所有网站均已验证完成",
locker="true",
progress="100")
break
except:
print traceback.format_exc()
def exploit(self):
while True:
if self.pn_queue.empty() == False:
try:
reload(sys)
sys.setdefaultencoding("utf-8")
response = None
content = None
try:
response = requests.get(self.target(),
verify=True,
timeout=10)
if response.content is None: continue
content = json.loads(response.content)
except:
print content
continue
response.close()
entry = content.get("feed").get("entry")
for en in entry:
__title = en.get("title")
__url = en.get("url")
__pn = en.get("pn")
__id = str(uuid.uuid1())
if __url is not None:
__e = {
"id": __id,
"name": __title,
"url": __url,
"pn": __pn,
"children": [{
"name": __url
}]
}
self.targets_queue.put(__e)
# 先将数据取出来,定义一次,以防止其他线程干扰
__tmp_queue = self.targets_queue
#__targets__ = self.format(repeat(list(__tmp_queue.queue)))
__targets__ = list(__tmp_queue.queue)
__len__ = __tmp_queue.qsize()
poc_urls.objects.filter(
id=self.id, locker="false").update(
end_time=currenttime(),
counts=__len__,
log="【%s】正在采集【%s】相关网站" %
(str(__len__), self.commond),
urls=json.dumps(__targets__))
except Exception as e:
poc_urls.objects.filter(id=self.id, locker="false").update(
end_time=currenttime(),
status="success",
log="采集【%s】相关网站异常" % (self.commond))
print traceback.format_exc()
print('获取百度内容失败,原因:%s' % e)
return None
else:
poc_urls.objects.filter(id=self.id, locker="false").update(
end_time=currenttime(),
status="success",
locker="true",
log="采集完成【%s】相关网站" % (self.commond))
break