Exemple #1
0
 def __init__(self):
     self.port_scan = Port_Scan()
     self.mysqldb = Mysql_db()
     self.aes_crypto = Aes_Crypto()
     self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
     if not os.path.isdir(self.plugin_path):
         raise EnvironmentError
     self.items = os.listdir(self.plugin_path)
Exemple #2
0
class Port_Scan():
    def __init__(self):
        self.mysqldb = Mysql_db()

    def nmap_scan(self, username, target, scan_ip, min_port, max_port):
        scan_list = []
        print('Nmap starting.....')
        self.mysqldb.update_scan(username, target, '开始扫描端口')
        nm = nmap.PortScanner()
        arguments = '-p %s-%s -sS -sV -Pn -T4 --open' % (min_port, max_port)
        nm.scan(hosts = scan_ip, arguments = arguments)
        try:
            for host in nm.all_hosts():
                for nmap_proto in nm[host].all_protocols():
                    lport = nm[host][nmap_proto].keys()
                    lport = sorted(lport)
                    for nmap_port in lport:
                        scan_list.append(str(host) + ':' + str(nmap_port))
            print('Nmap scanned.....')
            self.mysqldb.update_scan(username, target, '端口扫描结束')
        except Exception as e:
            print(e)
            pass
        finally:
            pass
        return scan_list

    def masscan_scan(self, username, target, scan_ip, min_port, max_port, rate):
        scan_list = []
        print('Masscan starting.....\n')
        self.mysqldb.update_scan(username, target, '开始扫描端口')
        masscan_scan = masscan.PortScanner()
        masscan_scan.scan(hosts = scan_ip, ports = '%s-%s' % (min_port, max_port), arguments = '-sS -Pn -n --randomize-hosts -v --send-eth --open --rate %s' % (rate))
        try:
            for host in masscan_scan.all_hosts:
                for masscan_proto in masscan_scan[host].keys():
                    for masscan_port in masscan_scan[host][masscan_proto].keys():
                        scan_list.append(str(host) + ':' + str(masscan_port))
            print('Masscan scanned.....\n')
            self.mysqldb.update_scan(username, target, '端口扫描结束')
        except Exception as e:
            print(e)
            pass
        finally:
            pass
        return scan_list
Exemple #3
0
class Multiply_Thread():
    def __init__(self):
        self.port_scan = Port_Scan()
        self.mysqldb = Mysql_db()
        self.aes_crypto = Aes_Crypto()
        self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins")
        if not os.path.isdir(self.plugin_path):
            raise EnvironmentError
        self.items = os.listdir(self.plugin_path)

    def async_exe(self, func, args = None, kwargs = None, delay = 0):
        """异步执行方法
        
        :param func: 待执行方法
        :param args: 方法args参数
        :param kwargs: 方法kwargs参数
        :param delay: 执行延迟时间
        :return: 执行线程对象
        """
        args = args or ()
        kwargs = kwargs or {}
        def tmp():
            self.run(*args, **kwargs)
        scheduler = sched.scheduler(time.time, time.sleep)
        scheduler.enter(delay, 10, tmp, ())
        thread = threading.Thread(target = scheduler.run)
        thread.start()
        return thread

    def run(self, *args, **kwargs):
        scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target'])
        if scan_set['scanner'] == 'nmap':
            scan_list = self.port_scan.nmap_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'])
        else:
            scan_list = self.port_scan.masscan_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'], scan_set['rate'])
        self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '开始POC检测')
        for ip_port in scan_list:
            for item in self.items:
                poc_path = os.path.join(self.plugin_path, item)
                if '.py' not in poc_path:
                    poc_items = os.listdir(poc_path)
                    for poc_item in poc_items:
                        if poc_item.endswith(".py") and not poc_item.startswith('__'):
                            plugin_name = poc_item[:-3]
                            module = importlib.import_module('app.plugins.' + item + '.' + plugin_name)
                            try:
                                class_name = plugin_name + '_BaseVerify'
                                url = 'http://' + ip_port
                                get_class = getattr(module, class_name)(url)
                                result = get_class.run()
                                if result:
                                    if not self.mysqldb.get_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)):
                                        self.mysqldb.save_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(plugin_name))
                                    else:
                                        self.mysqldb.update_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name))
                                else:
                                    pass
                            except:
                                pass
                        else:
                            continue
        self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')
Exemple #4
0
 def __init__(self):
     self.mysqldb = Mysql_db()
Exemple #5
0
from app.aes import Aes_Crypto
from app.scan import Port_Scan
from app.multiplythread import Multiply_Thread

#UPLOAD_FOLDER = '/root/zhenjinote/note/vue/static/images'  #文件存放路径
UPLOAD_FOLDER = 'images'  #文件存放路径
if not os.path.exists("images"):
    os.mkdir("images")
ALLOWED_EXTENSIONS = set(['png', 'jpg', 'jpeg', 'gif'])  #限制上传文件格式

DATABASE = sys.path[0] + '/mydb.db'
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024
CORS(app, supports_credentials=True)
mysqldb = Mysql_db()
mysqldb.create_database('linbing')
mysqldb.create_user()
mysqldb.create_target()
mysqldb.create_vulnerability()
mysqldb.create_delete_target()
mysqldb.create_delete_vulnerability()
aes_crypto = Aes_Crypto()
rsa_crypto = Rsa_Crypto()
port_scan = Port_Scan()


def parse_target(target):
    scan_ip = ''
    try:
        url_result = re.findall('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+',
Exemple #6
0
class Port_Scan():
    def __init__(self):
        self.mysqldb = Mysql_db()

    def nmap_scan(self, username, target, target_ip, min_port, max_port):
        """
        用nmap进行扫描

        :param username: 用户名
        :param target: 待扫描的目标
        :param target_ip: 待扫描的目标ip
        :param min_port: 扫描端口的最小值
        :param max_port: 扫描端口的最大值
        :return scan_list: 扫描的结果
        """
        scan_list = []
        print('Nmap starting.....')
        self.mysqldb.update_scan(username, target, '开始扫描端口')
        nm = nmap.PortScanner()
        arguments = '-p %s-%s -sS -sV -Pn -T4 --open' % (min_port, max_port)
        nm.scan(hosts = target_ip, arguments = arguments)
        try:
            for host in nm.all_hosts():
                for nmap_proto in nm[host].all_protocols():
                    lport = nm[host][nmap_proto].keys()
                    lport = sorted(lport)
                    for nmap_port in lport:
                        protocol = nm[host][nmap_proto][int(nmap_port)]['name']
                        product = nm[host][nmap_proto][int(nmap_port)]['product']
                        version = nm[host][nmap_proto][int(nmap_port)]['version']
                        if not self.mysqldb.get_target_port(username, target, nmap_port):
                            self.mysqldb.save_target_port(username, target, nmap_port, protocol, product, version)
                         else:
                            self.mysqldb.update_target_port(username, target, nmap_port, protocol, product, version)
                        scan_list.append(str(host) + ':' + str(nmap_port))
            print('Nmap scanned.....')
            self.mysqldb.update_scan(username, target, '端口扫描结束')
        except Exception as e:
            print(e)
            pass
        finally:
            pass
        return scan_list

    def masscan_scan(self, username, target, target_ip, min_port, max_port, rate):
        """
        用masscan进行扫描

        :param username: 用户名
        :param target: 待扫描的目标
        :param target_ip: 待扫描的目标ip
        :param min_port: 扫描端口的最小值
        :param max_port: 扫描端口的最大值
        :param rate: 扫描速率
        :return scan_list: 扫描的结果
        """
        scan_list = []
        print('Masscan starting.....\n')
        self.mysqldb.update_scan(username, target, '开始扫描端口')
        masscan_scan = masscan.PortScanner()
        masscan_scan.scan(hosts = target_ip, ports = '%s-%s' % (min_port, max_port), arguments = '-sS -Pn -n --randomize-hosts -v --send-eth --open --rate %s' % (rate))
        try:
            for host in masscan_scan.all_hosts:
                for masscan_proto in masscan_scan[host].keys():
                    for masscan_port in masscan_scan[host][masscan_proto].keys():
                        nm = nmap.PortScanner()
                        arguments = '-p %s -sS -sV -Pn -T4 --open' % (masscan_port)
                        nm.scan(hosts = host, arguments = arguments)
                        for nmap_proto in nm[host].all_protocols():
                            protocol = nm[host][nmap_proto][int(masscan_port)]['name']
                            product = nm[host][nmap_proto][int(masscan_port)]['product']
                            version = nm[host][nmap_proto][int(masscan_port)]['version']
                            if not self.mysqldb.get_target_port(username, target, masscan_port):
                                self.mysqldb.save_target_port(username, target, masscan_port, protocol, product, version)
                            else:
                                self.mysqldb.update_target_port(username, target, masscan_port, protocol, product, version)
                            scan_list.append(str(host) + ':' + str(masscan_port))
            print('Masscan scanned.....\n')
            self.mysqldb.update_scan(username, target, '端口扫描结束')
        except Exception as e:
            print(e)
            pass
        finally:
            pass
        return scan_list
Exemple #7
0
 def __init__(self):
     self.mysqldb = Mysql_db()
     self.aes_crypto = Aes_Crypto()