def list(loadpath=None):
all_modules_config = Xcache.list_moduleconfigs()
if all_modules_config is None:
PostModuleConfig.load_all_modules_config()
all_modules_config = Xcache.list_moduleconfigs()
# 删除内部模块
for one in all_modules_config[:]:
if one.get('MODULETYPE') == TAG2CH.internal:
all_modules_config.remove(one)
if loadpath is None:
for one in all_modules_config:
one['OPTIONS'] = []
context = data_return(200, CODE_MSG.get(200), all_modules_config)
return context
else:
for one_module_config in all_modules_config:
if one_module_config.get('loadpath') == loadpath:
# 动态处理handler和凭证选项
new_module_config = PostModuleConfig._deal_dynamic_option(
one_module_config=one_module_config)
context = data_return(200, CODE_MSG.get(200),
new_module_config)
return context
# 没有找到模块
context = data_return(200, CODE_MSG.get(200), {})
return context
def create(self, request, **kwargs):
moduletype = request.data.get('moduletype', None)
if moduletype is None: # 默认模块
try:
sessionid = int(request.data.get('sessionid', None))
ipaddress = request.data.get('ipaddress', None)
loadpath = str(request.data.get('loadpath', None))
custom_param = str(request.data.get('custom_param', None))
context = PostModuleActuator.create_post(
loadpath=loadpath,
sessionid=sessionid,
ipaddress=ipaddress,
custom_param=custom_param)
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
elif moduletype == "Bot":
try:
ipportlist = request.data.get('ipportlist', None)
loadpath = str(request.data.get('loadpath', None))
custom_param = str(request.data.get('custom_param', None))
context = PostModuleActuator.create_bot(
ipportlist=ipportlist,
loadpath=loadpath,
custom_param=custom_param)
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
else:
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def create(socks_type=None, port=None):
if socks_type == "msf_socks4a":
opts = {'SRVHOST': '0.0.0.0', 'SRVPORT': port}
flag, lportsstr = is_empty_ports(port)
if flag is not True:
# 端口已占用
context = data_return(408, CODE_MSG.get(408), {})
return context
result = MSFModule.run(module_type="auxiliary",
mname="server/socks4a_api",
opts=opts,
runasjob=True)
if isinstance(result,
dict) is not True or result.get('job_id') is None:
opts['job_id'] = None
context = data_return(303, Socks_MSG.get(303), opts)
else:
job_id = int(result.get('job_id'))
if Job.is_msf_job_alive(job_id):
opts['job_id'] = int(result.get('job_id'))
Notice.send_success("新建msf_socks4a代理成功,Port: {}".format(
opts.get('SRVPORT'), opts.get('job_id')))
context = data_return(201, Socks_MSG.get(201), opts)
else:
context = data_return(306, Socks_MSG.get(306), opts)
return context
elif socks_type == "msf_socks5":
opts = {'SRVHOST': '0.0.0.0', 'SRVPORT': port}
flag, lportsstr = is_empty_ports(port)
if flag is not True:
# 端口已占用
context = data_return(408, CODE_MSG.get(408), {})
return context
result = MSFModule.run(module_type="auxiliary",
mname="server/socks5_api",
opts=opts,
runasjob=True)
if isinstance(result,
dict) is not True or result.get('job_id') is None:
opts['job_id'] = None
context = data_return(303, Socks_MSG.get(303), opts)
else:
job_id = int(result.get('job_id'))
if Job.is_msf_job_alive(job_id):
opts['job_id'] = int(result.get('job_id'))
Notice.send_success("新建msf_socks5代理成功,Port: {}".format(
opts.get('SRVPORT'), opts.get('job_id')))
context = data_return(201, Socks_MSG.get(201), opts)
else:
context = data_return(306, Socks_MSG.get(306), opts)
return context
def list(engine, querystr, page=1, size=100):
if engine == "FOFA":
client = FOFAClient()
flag = client.init_conf_from_cache()
if flag is not True:
context = data_return(301, NetworkSearch_MSG.get(301), {})
return context
else:
context = data_return(304, NetworkSearch_MSG.get(304), {})
return context
try:
flag, data = client.get_data(query_str=querystr,
page=page,
size=size)
if flag is not True:
context = data_return(303, NetworkSearch_MSG.get(303),
{"errmsg": data})
else:
context = data_return(200, CODE_MSG.get(200), data)
return context
except Exception as E:
logger.exception(E)
context = data_return(303, NetworkSearch_MSG.get(303),
{"errmsg": NetworkSearch_MSG.get(303)})
return context
def destory(subnet=None, netmask=None, sessionid=None):
opts = {
'CMD': 'delete',
'SUBNET': subnet,
'NETMASK': netmask,
'SESSION': sessionid
}
result = MSFModule.run(module_type="post",
mname="multi/manage/routeapi",
opts=opts)
if result is None:
context = data_return(505, CODE_MSG.get(505), [])
return context
try:
result_dict = json.loads(result)
except Exception as E:
logger.warning(E)
context = data_return(306, Route_MSG.get(306), {})
return context
if result_dict.get('status') is True:
Notice.send_info(f"删除路由,SID:{sessionid} {subnet}/{netmask}")
context = data_return(204, Route_MSG.get(204), {})
return context
else:
context = data_return(304, Route_MSG.get(304), {})
return context
def list():
hosts = Host.list_hosts()
for host in hosts:
hid = host.get('id')
host['portService'] = PortService.list_by_hid(hid)
context = data_return(200, CODE_MSG.get(200), hosts)
return context
def list(sessionid=None):
result_list = PortFwd.list_portfwd()
if sessionid is None or sessionid == -1:
context = data_return(200, CODE_MSG.get(200), result_list)
return context
else:
tmplist = []
try:
for one in result_list:
if one.get('sessionid') == sessionid:
tmplist.append(one)
except Exception as E:
logger.warning(E)
context = data_return(200, CODE_MSG.get(200), tmplist)
return context
def list():
hosts = Host.list_hosts()
for host in hosts:
ipaddress = host.get('ipaddress')
host['portService'] = PortService.list_by_ipaddress(ipaddress)
context = data_return(200, CODE_MSG.get(200), hosts)
return context
def destroy(self, request, *args, **kwargs):
try:
context = PostModuleResultHistory.destory()
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def list(ipaddress=None):
data = Vulnerability.list_vulnerability(ipaddress=ipaddress)
try:
format_data = Vulnerability.format_source_module(data)
except Exception as E:
format_data = data
logger.error(E)
context = data_return(200, CODE_MSG.get(200), format_data)
return context
def list(self, request, **kwargs):
try:
hid = int(request.query_params.get('hid', None))
loadpath = str(request.query_params.get('loadpath', None))
context = PostModuleResult.list(hid=hid, loadpath=loadpath)
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return Response(context)
def list():
from Msgrpc.Handle.handler import Handler
data = Xcache.list_lazyloader()
handlers = Handler.list_handler_config()
context = data_return(200, CODE_MSG.get(200), {
"lazyloaders": data,
"handlers": handlers
})
return context
def list(sessionid=None):
if sessionid is None or sessionid == -1:
context = data_return(306, TRANSPORT_MSG.get(306), {})
return context
else:
result_list = Transport.list_transport(sessionid)
context = data_return(200, CODE_MSG.get(200), result_list)
return context
def list():
orm_models = CredentialModel.objects.all().order_by('username')
data = CredentialSerializer(orm_models, many=True).data
try:
format_data = Credential.format_tag(data)
except Exception as E:
format_data = data
logger.error(E)
context = data_return(200, CODE_MSG.get(200), format_data)
return context
def list(filename=None, action=None):
if filename is None: # 列出所有文件
result = FileMsf.list_msf_files()
for one in result:
one['format_size'] = FileSession.get_size_in_nice_string(one.get('size'))
def sort_files(a, b):
if a['mtime'] < b['mtime']:
return 1
if a['mtime'] > b['mtime']:
return -1
return 0
# 根据时间排序
result_sorted = sorted(result, key=functools.cmp_to_key(sort_files))
context = data_return(200, CODE_MSG.get(200), result_sorted)
return context
else: # 下载文件
binary_data = FileMsf.read_msf_file(filename)
if binary_data is None:
context = data_return(303, FileMsf_MSG.get(303), {})
return context
if action == "view":
b64data = base64.b64encode(binary_data)
ext = os.path.splitext(filename)[-1]
if ext in ['.jpeg', '.png', '.jpg']:
context = data_return(200, CODE_MSG.get(200), {"type": "img", "data": b64data})
return context
else:
context = data_return(200, CODE_MSG.get(200), {"type": "txt", "data": b64data})
return context
response = HttpResponse(binary_data)
response['Content-Type'] = 'application/octet-stream'
response['Code'] = 200
response['Message'] = parse.quote(FileMsf_MSG.get(203))
# 中文特殊处理
urlpart = parse.quote(os.path.splitext(filename)[0], 'utf-8')
leftpart = os.path.splitext(filename)[-1]
response['Content-Disposition'] = f"{urlpart}{leftpart}"
return response
def list(sessionid=None):
if sessionid is None or sessionid <= 0:
context = data_return(304, Session_MSG.get(304), {})
return context
session_interface = SessionLib(sessionid,
rightinfo=True,
uacinfo=True,
pinfo=True)
result = SessionLibSerializer(session_interface).data
context = data_return(200, CODE_MSG.get(200), result)
return context
def list(ipaddress=None, loadpath=None):
result = Xcache.get_module_result(ipaddress=ipaddress,
loadpath=loadpath)
result_dict = {
"ipaddress": ipaddress,
"loadpath": loadpath,
"update_time": result.get("update_time"),
"result": result.get("result")
}
context = data_return(200, CODE_MSG.get(200), result_dict)
return context
def destroy_adv_job(task_uuid=None, job_id=None, broker=None):
try:
if broker == BROKER.post_python_job:
flag = aps_module.delete_job_by_uuid(task_uuid)
if flag is not True:
context = data_return(304, Job_MSG.get(304), {})
return context
else:
context = data_return(204, Job_MSG.get(204), {
"uuid": task_uuid,
"job_id": job_id
})
return context
elif broker == BROKER.post_msf_job:
req = Xcache.get_module_task_by_uuid(task_uuid=task_uuid)
common_module_instance = req.get("module")
Xcache.del_module_task_by_uuid(task_uuid)
params = [job_id]
result = RpcClient.call(Method.JobStop, params)
if result is None:
context = data_return(305, Job_MSG.get(305), {})
return context
if result.get('result') == 'success':
# 发送通知
Notice.send_info("模块: {} {} 手动删除完成".format(
common_module_instance.NAME,
common_module_instance.target_str))
context = data_return(204, Job_MSG.get(204), {
"uuid": task_uuid,
"job_id": job_id
})
return context
else:
context = data_return(304, Job_MSG.get(304), {})
return context
elif broker == BROKER.bot_msf_job:
flag = Xcache.del_bot_wait_by_group_uuid(task_uuid)
if flag is not True:
context = data_return(304, Job_MSG.get(304), {})
return context
else:
context = data_return(204, Job_MSG.get(204),
{"uuid": task_uuid})
return context
else:
context = data_return(304, Job_MSG.get(304), {})
return context
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return context
def list(hid=None, loadpath=None):
host = Host.get_by_hid(hid)
result = Xcache.get_module_result(ipaddress=host.get("ipaddress"),
loadpath=loadpath)
result_dict = {
"hid": hid,
"loadpath": loadpath,
"update_time": result.get("update_time"),
"result": result.get("result")
}
context = data_return(200, CODE_MSG.get(200), result_dict)
return context
def list(sessionid=None):
result = Route.list_route()
if isinstance(result, list):
if sessionid is not None or sessionid == -1:
tmproutes = []
for route in result:
if sessionid == route.get('session'):
tmproutes.append(route)
context = data_return(200, CODE_MSG.get(200),
{"route": tmproutes})
return context
else:
context = data_return(200, CODE_MSG.get(200),
{"route": result})
return context
else:
logger.warning(result)
context = data_return(306, Route_MSG.get(306), {})
return context
def list(kind=None):
if kind == "lhost":
# 获取pem秘钥文件,用于https监听配置
files = FileMsf.list_msf_files()
pem_files = []
for file in files:
name = file.get("name")
if name.lower().endswith(".pem"):
pem_files.append(name)
conf = Xcache.get_lhost_config()
if conf is None:
conf = {'lhost': None, "pem_files": pem_files}
else:
conf["pem_files"] = pem_files
elif kind == "telegram":
conf = Xcache.get_telegram_conf()
if conf is None:
conf = {
"token": "",
"chat_id": [],
"proxy": "",
"alive": False
}
elif kind == "dingding":
conf = Xcache.get_dingding_conf()
if conf is None:
conf = {"access_token": "", "keyword": "", "alive": False}
elif kind == "serverchan":
conf = Xcache.get_serverchan_conf()
if conf is None:
conf = {"sendkey": "", "alive": False}
elif kind == "FOFA":
conf = Xcache.get_fofa_conf()
if conf is None:
conf = {"email": "", "key": "", "alive": False}
elif kind == "sessionmonitor":
conf = Xcache.get_sessionmonitor_conf()
else:
context = data_return(301, Setting_MSG.get(301), {})
return context
context = data_return(200, CODE_MSG.get(200), conf)
return context
def update(ipaddress=None, sessionid=None):
old_result = Xcache.get_sessionio_cache(ipaddress)
if sessionid is None or sessionid == -1:
context = data_return(202, SessionIO_MSG.get(202), old_result)
return context
try:
params = [sessionid]
result = RpcClient.call(Method.SessionMeterpreterRead, params)
if result is None or (isinstance(result, dict) is not True):
context = data_return(303, SessionIO_MSG.get(303), old_result)
return context
new_bufer = result.get('data')
result = Xcache.add_sessionio_cache(ipaddress, new_bufer)
context = data_return(200, CODE_MSG.get(200), result) # code特殊处理
except Exception as E:
logger.error(E)
context = data_return(306, SessionIO_MSG.get(405), old_result)
return context
def create(subnet=None, netmask=None, sessionid=None, autoroute=None):
if autoroute is True:
# 调用autoroute
opts = {'CMD': 'autoadd', 'SESSION': sessionid}
else:
opts = {
'CMD': 'add',
'SUBNET': subnet,
'NETMASK': netmask,
'SESSION': sessionid
}
result = MSFModule.run(module_type="post",
mname="multi/manage/routeapi",
opts=opts)
if result is None:
context = data_return(505, CODE_MSG.get(505), [])
return context
try:
result_dict = json.loads(result)
except Exception as E:
logger.warning(E)
context = data_return(306, Route_MSG.get(306), [])
return context
if result_dict.get('status') is True:
if isinstance(result_dict.get('data'), list):
if autoroute:
Notice.send_success(f"新增路由,SID:{sessionid} 自动模式")
else:
Notice.send_success(
f"新增路由,SID:{sessionid} {subnet}/{netmask}")
context = data_return(201, Route_MSG.get(201),
result_dict.get('data'))
else:
context = data_return(305, Route_MSG.get(305), [])
return context
else:
context = data_return(305, Route_MSG.get(305), [])
return context
def list():
route_list = Route.list_route()
socks_list = Socks.list_msf_socks()
portfwds = PortFwd.list_portfwd()
# 检查host对应的路由信息
ipaddresses = []
hosts = Host.list_hosts()
for onehost in hosts:
ipaddresses.append(onehost.get("ipaddress"))
route_session_list = Route.get_match_route_for_ipaddress_list(
ipaddresses)
if route_session_list is None:
for host in hosts:
host['route'] = {'type': 'DIRECT', 'data': None}
else:
try:
for host, route_session in zip(hosts, route_session_list):
sessionid = route_session.get('session')
if sessionid is None:
# TODO 处理socks代理类型
host['route'] = {'type': 'DIRECT', 'data': None}
else:
host['route'] = {'type': 'ROUTE', 'data': sessionid}
except Exception as E:
logger.error(E)
result = {
'socks': socks_list,
'routes': route_list,
'portfwds': portfwds,
'hostsRoute': hosts
}
context = data_return(200, CODE_MSG.get(200), result)
return context
def list():
handlers = Handler.list_handler()
context = data_return(200, CODE_MSG.get(200), handlers)
return context
def list(ipaddress=None):
result = PortService.list_by_ipaddress(ipaddress)
context = data_return(200, CODE_MSG.get(200), result)
return context
def set_cache(cache_data):
Xcache.set_network_topology_cache(cache_data)
context = data_return(201, CODE_MSG.get(201), {})
return context
def load_cache():
cache_data = Xcache.get_network_topology_cache()
if cache_data is None:
cache_data = {}
context = data_return(200, CODE_MSG.get(200), cache_data)
return context
def list(hid=None):
result = PortService.list_by_hid(hid)
context = data_return(200, CODE_MSG.get(200), result)
return context
def list(sessionid=None,
filepath=None,
dirpath=None,
operation=None,
arg=""):
if operation == "list" and sessionid is not None and dirpath is not None: # 列目录
formatdir = FileSession.deal_path(dirpath)
opts = {
'OPERATION': 'list',
'SESSION': sessionid,
'SESSION_DIR': formatdir
}
result = MSFModule.run('post',
'multi/manage/file_system_operation_api',
opts,
runasjob=False,
timeout=12)
if result is None:
context = data_return(301, FileSession_MSG.get(301), {})
return context
try:
result = json.loads(result)
except Exception as E:
logger.warning(E)
context = data_return(302, FileSession_MSG.get(302), {})
return context
if result.get('status') is not True:
context = data_return(303, FileSession_MSG.get(303), {})
return context
else:
data = result.get('data')
entries = data.get('entries')
path = data.get('path')
for one in entries:
if len(one.get('mode').split('/')) > 1:
one['format_mode'] = one.get('mode').split('/')[1]
else:
one['format_mode'] = ''
if one.get('total_space') is not None and one.get(
'free_space') is not None:
use_space = one.get('total_space') - one.get(
'free_space')
one['format_size'] = FileSession.get_size_in_nice_string(
use_space)
one['format_mode'] = '{}|{}'.format(
FileSession.get_size_in_nice_string(
one.get('free_space')),
FileSession.get_size_in_nice_string(
one.get('total_space')))
else:
one['format_size'] = FileSession.get_size_in_nice_string(
one.get('size'))
if one.get('size') is None or one.get(
'size') >= 1024 * 100:
one['cat_able'] = False
else:
one['cat_able'] = True
if one.get('type') in [
'directory', 'file', 'fixed', "remote"
]:
one['absolute_path'] = os.path.join(
path,
one.get('name')).replace('\\\\',
'/').replace('\\', '/')
elif one.get('type') in ['fix', 'cdrom']:
one['absolute_path'] = "{}".format(one.get('name'))
else:
one['absolute_path'] = "{}".format(path)
context = data_return(200, CODE_MSG.get(200), data)
return context
elif operation == 'pwd' and sessionid is not None: # 列当前目录
opts = {'OPERATION': 'pwd', 'SESSION': sessionid}
result = MSFModule.run('post',
'multi/manage/file_system_operation_api',
opts,
runasjob=False,
timeout=12)
if result is None:
context = data_return(301, FileSession_MSG.get(301), {})
return context
try:
result = json.loads(result)
except Exception as E:
logger.warning(E)
context = data_return(302, FileSession_MSG.get(302), {})
return context
if result.get('status') is not True:
context = data_return(303, FileSession_MSG.get(303), {})
return context
else:
data = result.get('data')
entries = data.get('entries')
path = data.get('path')
for one in entries:
one['format_size'] = FileSession.get_size_in_nice_string(
one.get('size'))
if one.get('size') >= 1024 * 100:
one['cat_able'] = False
else:
one['cat_able'] = True
if one.get('type') in ['directory', 'file']:
one['absolute_path'] = os.path.join(
path,
one.get('name')).replace('\\\\',
'/').replace('\\', '/')
elif one.get('type') in ['fix', 'cdrom']:
one['absolute_path'] = "{}".format(one.get('name'))
else:
one['absolute_path'] = "{}".format(path)
if len(one.get('mode').split('/')) > 1:
one['format_mode'] = one.get('mode').split('/')[1]
else:
one['format_mode'] = ''
context = data_return(200, CODE_MSG.get(200), data)
return context
elif operation == 'download' and sessionid is not None and filepath is not None: # 下载文件
opts = {
'OPERATION': 'download',
'SESSION': sessionid,
'SESSION_FILE': filepath
}
result = MSFModule.run('post',
'multi/manage/file_system_operation_api',
opts,
runasjob=True) # 后台运行
if result is None:
context = data_return(301, FileSession_MSG.get(301), {})
return context
else:
context = data_return(200, CODE_MSG.get(200), result)
return context
elif operation == "run": # 执行文件
opts = {
'OPERATION': 'execute',
'SESSION': sessionid,
'SESSION_FILE': filepath,
'ARGS': arg
}
result = MSFModule.run('post',
'multi/manage/file_system_operation_api',
opts,
runasjob=True) # 后台运行
if result is None:
context = data_return(301, FileSession_MSG.get(301), {})
return context
else:
context = data_return(202, FileSession_MSG.get(202), result)
return context
elif operation == "cat": # 查看文件
opts = {
'OPERATION': 'cat',
'SESSION': sessionid,
'SESSION_FILE': filepath
}
moduleresult = MSFModule.run(
'post',
'multi/manage/file_system_operation_api',
opts,
runasjob=False,
timeout=12) # 后台运行
if moduleresult is None:
context = data_return(301, FileSession_MSG.get(301), {})
return context
else:
try:
moduleresult = json.loads(moduleresult)
except Exception as E:
logger.warning(E)
context = data_return(302, FileSession_MSG.get(302), {})
return context
if moduleresult.get("status"):
filedata = base64.b64decode(
moduleresult.get("data")).decode("utf-8", 'ignore')
result = {"data": filedata, "reason": filepath}
context = data_return(200, CODE_MSG.get(200), result)
return context
else:
result = {
"data": None,
"reason": moduleresult.get("message")
}
context = data_return(303, FileSession_MSG.get(303),
result)
return context
elif operation == "cd": # 查看文件
formatdir = FileSession.deal_path(dirpath)
opts = {
'OPERATION': 'cd',
'SESSION': sessionid,
'SESSION_DIR': formatdir
}
moduleresult = MSFModule.run(
'post',
'multi/manage/file_system_operation_api',
opts,
runasjob=False,
timeout=12) # 后台运行
if moduleresult is None:
context = data_return(301, FileSession_MSG.get(301), {})
return context
else:
try:
moduleresult = json.loads(moduleresult)
except Exception as E:
logger.warning(E)
context = data_return(302, FileSession_MSG.get(302), {})
return context
if moduleresult.get("status"):
result = {}
context = data_return(203, FileSession_MSG.get(203),
result)
return context
else:
result = {
"data": None,
"reason": moduleresult.get("message")
}
context = data_return(303, FileSession_MSG.get(303),
result)
return context
else:
context = data_return(306, FileSession_MSG.get(306), {})
return context