def POST(self): originParams = web.input() options = (("dbname", "string", "1-50"), ) if not os.path.exists("log"): os.mkdir("log") if not os.path.exists(os.path.join("static", "attachment")): os.mkdir(os.path.join("static", "attachment")) if not os.path.exists(os.path.join("static", "tmp")): os.mkdir(os.path.join("static", "tmp")) if not os.path.exists("data"): os.mkdir("data") if not os.path.exists(os.path.join("data", "database")): os.mkdir(os.path.join("data", "database")) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) try: CONF.db.name = str(params.dbname) except WIPError as error: raise web.internalerror("Configure file parse error.") try: Database.create() except DBError as error: raise web.internalerror("Databae creating error," + str(error)) CONF.isinstall = True CONF.save() return jsonSuccess()
def GET(self): params = web.input() try: comment = Comment.get(params.id.strip()) except AttributeError: raise web.internalerror("Missing parameter.") except FieldError as error: raise web.internalerror(error) except WIPError as error: RTD.log.error(error) raise web.internalerror("Internal ERROR!") if not comment: return jsonFail() #delete attachment if comment.attachment: if os.path.exists( os.path.join("static", "attachment", comment.attachment)): os.remove( os.path.join("static", "attachment", comment.attachment)) comment.remove() return jsonSuccess()
def POST(self): params = web.input() kw = { k: params[k].strip() for k in ("id", "name", "url", "info", "level", "description") } Comment.where(id=params.id.strip()).update(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = { k: params[k].strip() for k in ("name", "url", "info", "level", "description", "host_id") } Comment.insert(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = { k: params[k].strip() for k in ("name", "url", "ip", "whois", "description", "level") } Project.where(id=params.id.strip()).update(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = { k: params[k].strip() for k in ("title", "url", "ip", "port", "protocol", "level", "os", "server_info", "middleware", "description") } Host.where(id=params.id.strip()).update(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = { k: params[k].strip() for k in ("title", "url", "ip", "port", "protocol", "level", "os", "server_info", "middleware", "description", "project_id") } Host.insert(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = { k: params[k].strip() for k in ("name", "url", "ip", "level", "whois", "description") } project = Project(**kw) project.save() return jsonSuccess()
def POST(self): originParams = web.input() options = (("nmappath", "string", "1-200"), ) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) CONF.nmap = None if str(params.nmappath) == "nmap" else str( params.nmappath) CONF.save() return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') originParams = web.input() options = ( ("domain","string","1-200"), ("type","integer","0-3"), ("project_id","integer","") ) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) domain = params.domain.lower() protocol = "" port = None #resolve protocol if domain.startswith("http://"): protocol = "http" domain = domain[7:] port = 80 elif domain.startswith("https://"): protocol = "https" domain = domain[8:] port = 443 elif "://" in domain: raise web.internalerror("unrecognized protocol, should be 'http' or 'https'.") #resolve port try: pos = domain.rindex(":") except ValueError: pass else: try: port = int(domain[pos+1:]) except ValueError: pass domain = domain[:pos] if not protocol: protocol = "http" if not port: port = 80 task = ServiceIdentifyPlugin(ptype=int(params.type)) | DataSavePlugin(projectid=params.project_id) host = Host(url=domain,protocol=protocol,port=port) task.dostart([host]) return jsonSuccess()
def POST(self): originParams = web.input() options = ( ("nmappath","string","1-200"), ) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) CONF.nmap = None if str(params.nmappath)=="nmap" else str(params.nmappath) CONF.save() return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') originParams = web.input() options = (("domain", "string", "1-200"), ("type", "integer", "0-3"), ("project_id", "integer", "")) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) domain = params.domain.lower() protocol = "" port = None #resolve protocol if domain.startswith("http://"): protocol = "http" domain = domain[7:] port = 80 elif domain.startswith("https://"): protocol = "https" domain = domain[8:] port = 443 elif "://" in domain: raise web.internalerror( "unrecognized protocol, should be 'http' or 'https'.") #resolve port try: pos = domain.rindex(":") except ValueError: pass else: try: port = int(domain[pos + 1:]) except ValueError: pass domain = domain[:pos] if not protocol: protocol = "http" if not port: port = 80 task = ServiceIdentifyPlugin(ptype=int(params.type)) | DataSavePlugin( projectid=params.project_id) host = Host(url=domain, protocol=protocol, port=port) task.dostart([host]) return jsonSuccess()
def GET(self): web.header('Content-Type', 'application/json') params = web.input() try: hid = str(int(params.id)) except AttributeError as error: RTD.log.error(error) raise web.internalerror(error) try: Host.delete(hid) except (KeyError, AttributeError, FieldError, ModelError, DBError) as error: RTD.log.error(error) raise web.internalerror(error) return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input(projectfile={}) try: fileName = params.projectfile.filename fileStr = params.projectfile.value except AttributeError: raise web.internalerror("Missing parameter.") projectDict = json.loads(fileStr) hosts = projectDict.get("hosts", []) try: del projectDict['hosts'] except KeyError: pass try: Project(**projectDict).save() except DBError as error: raise web.internalerror("failed to insert project " + str(error)) projectid = Project.where( name=projectDict.get('name')).getsraw('id')[0]['id'] for host in hosts: vuls = host.get("vuls", []) comments = host.get("comments", []) try: del host['vuls'] del host['comments'] except KeyError: pass host['project_id'] = projectid Host(**host).save() kwargs = { key: host[key] for key in ['url', 'ip', 'port'] if key in host } hostid = Host.where(**kwargs).getsraw('id')[0]['id'] for vul in vuls: vul['host_id'] = hostid Vul(**vul).save() for comment in comments: comment['host_id'] = hostid Comment(**comment).save() return jsonSuccess()
def GET(self): params = web.input() if not params.id.strip().isdigit(): raise web.internalerror("Parameter type error.") host = Host.get(params.id.strip()) vuls = Vul.where(host_id=host.id).gets("id") for vul in vuls: vul.remove() comments = Comment.where(host_id=host.id).gets("id") for comment in comments: comment.remove() host.remove() return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input(projectfile={}) try: fileName = params.projectfile.filename fileStr = params.projectfile.value except AttributeError: raise web.internalerror("Missing parameter.") projectDict = json.loads(fileStr) hosts = projectDict.get("hosts",[]) try: del projectDict['hosts'] except KeyError: pass try: Project(**projectDict).save() except DBError as error: raise web.internalerror("failed to insert project "+str(error)) projectid = Project.where(name=projectDict.get('name')).getsraw('id')[0]['id'] for host in hosts: vuls = host.get("vuls",[]) comments = host.get("comments",[]) try: del host['vuls'] del host['comments'] except KeyError: pass host['project_id'] = projectid Host(**host).save() kwargs = {key:host[key] for key in ['url','ip','port'] if key in host} hostid = Host.where(**kwargs).getsraw('id')[0]['id'] for vul in vuls: vul['host_id'] = hostid Vul(**vul).save() for comment in comments: comment['host_id'] = hostid Comment(**comment).save() return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input() rawParam = web.data() try: projectid = int(params.project_id) except AttributeError as error: RTD.log.error(error) raise web.internalerror(error) rawParamList = [x.split("=") for x in rawParam.split("&")] ipList = [x[1] for x in rawParamList if x[0]=="iplist"] hosts = [Host(ip=x) for x in ipList] defaultValue = {"tmp":1} task = SubnetScanPlugin() | ServiceIdentifyPlugin(ptype=1) | DataSavePlugin(defaultValue=defaultValue,projectid=projectid) task.dostart(hosts) return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input(dictfile={}) try: fileName = params.dictfile.filename dtype = int(params.type) except AttributeError: raise web.internalerror("Missing parameter.") if dtype == 0: fileNameFull = os.path.join("data","wordlist","dnsbrute",fileName) else: raise web.internalerror("dict type error.") try: fd = open(fileNameFull, "w") fd.write(params.dictfile.value) except IOError as error: raise web.internalerror('Write dictfile failed!') return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input(dictfile={}) try: fileName = params.dictfile.filename dtype = int(params.type) except AttributeError: raise web.internalerror("Missing parameter.") if dtype == 0: fileNameFull = os.path.join("data", "wordlist", "dnsbrute", fileName) else: raise web.internalerror("dict type error.") try: fd = open(fileNameFull, "w") fd.write(params.dictfile.value) except IOError as error: raise web.internalerror('Write dictfile failed!') return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') originParams = web.input() options = (("database", "string", "1-50"), ) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) oldDB = CONF.db.name CONF.db.name = str(params.database) dblist = os.listdir(os.path.join("data", "database")) if params.database not in dblist: try: Database.create() except DBError as error: CONF.db.name = oldDB raise web.internalerror("Databae creating error," + str(error)) CONF.save() return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input() rawParam = web.data() try: projectid = int(params.project_id) except AttributeError as error: RTD.log.error(error) raise web.internalerror(error) rawParamList = [x.split("=") for x in rawParam.split("&")] ipList = [x[1] for x in rawParamList if x[0] == "iplist"] hosts = [Host(ip=x) for x in ipList] defaultValue = {"tmp": 1} task = SubnetScanPlugin() | ServiceIdentifyPlugin( ptype=1) | DataSavePlugin(defaultValue=defaultValue, projectid=projectid) task.dostart(hosts) return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input() rawParam = web.data() try: projectid = int(params.project_id) except AttributeError as error: RTD.log.error(error) raise web.internalerror(error) rawParamList = [x.split("=") for x in rawParam.split("&")] dictList = [x[1] for x in rawParamList if x[0]=="dictlist"] options = ( ("domain","url",""), ) try: domainParams = formatParam(params, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) task = None if "dnsbrute" in params.keys(): task = DnsBrutePlugin(dictList) if "googlehacking" in params.keys(): task = (task + GoogleHackingPlugin()) if task else GoogleHackingPlugin() if "zonetrans" in params.keys(): task = (task + ZoneTransPlugin()) if task else ZoneTransPlugin() if task is None: task = GoogleHackingPlugin() task = task | ServiceIdentifyPlugin() | DataSavePlugin(projectid=projectid) host = Host(url=domainParams.domain) task.dostart([host]) return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') params = web.input() rawParam = web.data() try: projectid = int(params.project_id) except AttributeError as error: RTD.log.error(error) raise web.internalerror(error) rawParamList = [x.split("=") for x in rawParam.split("&")] dictList = [x[1] for x in rawParamList if x[0] == "dictlist"] options = (("domain", "url", ""), ) try: domainParams = formatParam(params, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) task = None if "dnsbrute" in params.keys(): task = DnsBrutePlugin(dictList) if "googlehacking" in params.keys(): task = (task + GoogleHackingPlugin()) if task else GoogleHackingPlugin() if "zonetrans" in params.keys(): task = (task + ZoneTransPlugin()) if task else ZoneTransPlugin() if task is None: task = GoogleHackingPlugin() task = task | ServiceIdentifyPlugin() | DataSavePlugin( projectid=projectid) host = Host(url=domainParams.domain) task.dostart([host]) return jsonSuccess()
def GET(self): params = web.input() try: comment = Comment.get(params.id.strip()) except AttributeError: raise web.internalerror("Missing parameter.") except FieldError as error: raise web.internalerror(error) except WIPError as error: RTD.log.error(error) raise web.internalerror("Internal ERROR!") if not comment: return jsonFail() #delete attachment if comment.attachment: if os.path.exists(os.path.join("static","attachment",comment.attachment)): os.remove(os.path.join("static","attachment",comment.attachment)) comment.remove() return jsonSuccess()
def POST(self): originParams = web.input() options = ( ("dbname","string","1-50"), ) if not os.path.exists("log"): os.mkdir("log") if not os.path.exists(os.path.join("static","attachment")): os.mkdir(os.path.join("static","attachment")) if not os.path.exists(os.path.join("static","tmp")): os.mkdir(os.path.join("static","tmp")) if not os.path.exists("data"): os.mkdir("data") if not os.path.exists(os.path.join("data","database")): os.mkdir(os.path.join("data","database")) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) try: CONF.db.name = str(params.dbname) except WIPError as error: raise web.internalerror("Configure file parse error.") try: Database.create() except DBError as error: raise web.internalerror("Databae creating error,"+str(error)) CONF.isinstall = True CONF.save() return jsonSuccess()
def POST(self): web.header('Content-Type', 'application/json') originParams = web.input() options = ( ("database","string","1-50"), ) try: params = formatParam(originParams, options) except ParamError as error: raise web.internalerror("Parameter error, {0}.".format(error)) oldDB = CONF.db.name CONF.db.name = str(params.database) dblist = os.listdir(os.path.join("data","database")) if params.database not in dblist: try: Database.create() except DBError as error: CONF.db.name = oldDB raise web.internalerror("Databae creating error,"+str(error)) CONF.save() return jsonSuccess()
def POST(self): params = web.input() kw = {k:params[k].strip() for k in ("name","url","ip","level","whois","description")} project = Project(**kw) project.save() return jsonSuccess()
def GET(self): params = web.input() Vul.delete(params.id.strip()) return jsonSuccess()
def POST(self): params = web.input() kw = {k:params[k].strip() for k in ("name","url","ip","whois","description","level")} Project.where(id=params.id.strip()).update(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = {k:params[k].strip() for k in ("title","url","ip","port","protocol","level","os","server_info","middleware","description","project_id")} Host.insert(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = {k:params[k].strip() for k in ("title","url","ip","port","protocol","level","os","server_info","middleware","description")} Host.where(id=params.id.strip()).update(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = {k:params[k].strip() for k in ("name","url","info","level","description","host_id")} Comment.insert(**kw) return jsonSuccess()
def POST(self): params = web.input() kw = {k:params[k].strip() for k in ("id","name","url","info","level","description")} Comment.where(id=params.id.strip()).update(**kw) return jsonSuccess()