def post(self):
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_phone = args.phone
key_email = args.email
key_remark = args.remark
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:越权修改其他用户')
return {'status_code': 500, 'msg': '禁止越权修改用户信息'}
user_query.phone = key_phone
user_query.email = key_email
if key_remark:
user_query.remark = key_remark
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改资料接口SQL错误:{e}')
DB.session.rollback()
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:SQL错误')
return {'status_code': 500, 'msg': '修改用户资料失败,SQL出错'}
addlog(session.get('username'), session.get('login_ip'), '修改用户资料成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户资料成功")
return {'status_code': 200}
def put(self):
'''修改用户信息'''
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_username = args.username
key_phone = args.phone
key_email = args.email
key_remark = args.remark
user_query = User.query.filter(User.username == key_username).first()
if not user_query:
return {
'status_code': 202,
'msg': f'修改用户资料失败,{key_username}用户名不存在'
}
user_query.phone = key_phone
user_query.email = key_email
user_query.remark = key_remark
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户管理接口-修改用户信息接口SQL错误:{e}')
DB.session.rollback()
addlog(session.get('username'), session.get('login_ip'),
'用户管理接口-修改用户资料失败,原因:SQL错误')
return {'status_code': 202, 'msg': f'修改用户资料失败,SQL出错'}
addlog(session.get('username'), session.get('login_ip'),
'用户管理接口-修改用户资料成功')
logger.log('INFOR', f"用户管理接口-[{session.get('username')}]修改用户资料成功")
return {'status_code': 200, 'msg': f'修改用户资料成功'}
def request_callback(future, index, datas):
result = future.result()
if isinstance(result, BaseException):
logger.log('TRACE', result.args)
name = utils.get_classname(result)
datas[index]['reason'] = name + ' ' + str(result)
datas[index]['valid'] = 0
elif isinstance(result, tuple):
resp, text = result
datas[index]['reason'] = resp.reason
datas[index]['status'] = resp.status
if resp.status == 400 or resp.status >= 500:
datas[index]['valid'] = 0
else:
datas[index]['valid'] = 1
headers = resp.headers
banner = str({
'Server': headers.get('Server'),
'Via': headers.get('Via'),
'X-Powered-By': headers.get('X-Powered-By')
})
datas[index]['banner'] = banner[1:-1]
datas[index]['header'] = str(dict(headers))[1:-1]
if isinstance(text, str):
title = get_title(text).strip()
datas[index]['title'] = utils.remove_string(title)
datas[index]['response'] = utils.remove_string(text)
def query(self):
"""
向接口查询子域并做子域匹配
"""
self.header = self.get_header()
self.proxy = self.get_proxy(self.source)
data = {
'query': f'parsed.names: {self.domain}',
'page': 1,
'fields': ['parsed.subject_dn', 'parsed.names'],
'flatten': True
}
resp = self.post(self.addr, json=data, auth=(self.id, self.secret))
if not resp:
return
json = resp.json()
status = json.get('status')
if status != 'ok':
logger.log('ALERT', status)
return
subdomains = self.match(self.domain, str(json))
self.subdomains = self.subdomains.union(subdomains)
pages = json.get('metadata').get('pages')
for page in range(2, pages + 1):
data['page'] = page
resp = self.post(self.addr, json=data, auth=(self.id, self.secret))
if not resp:
return
subdomains = self.match(self.domain, str(resp.json()))
self.subdomains = self.subdomains.union(subdomains)
def post(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_username = args.username
key_password = args.password
key_xingming = args.xingming
key_phone = args.phone
key_email = args.email
key_remark = args.remark
if session['username'] != 'root':
return {'result': {'status_code': 202}}
user_query = User.query.filter(User.username == key_username).first()
if user_query: # 用户名存在
addlog(session.get('username'), session.get('login_ip'),
f'新增用户[{key_username}]失败,原因:用户已存在')
return {'result': {'status_code': 201}}
user1 = User(username=key_username,
password=key_password,
name=key_xingming,
phone=key_phone,
email=key_email,
remark=key_remark)
DB.session.add(user1)
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户新增接口SQL错误:{e}')
DB.session.rollback()
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'),
f'新增用户[{key_username}]成功')
return {'result': {'status_code': 200}}
def post(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_xingming = args.xingming
key_phone = args.phone
key_email = args.email
key_remark = args.remark
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:越权修改其他用户')
return {'result': {'status_code': 500}}
user_query.name = key_xingming
user_query.phone = key_phone
user_query.email = key_email
if key_remark:
user_query.remark = key_remark
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改资料接口SQL错误:{e}')
DB.session.rollback()
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:SQL错误')
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'), '修改用户资料成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户资料成功")
return {'result': {'status_code': 200}}
def get(self, url, params=None, check=True, **kwargs):
"""
自定义get请求
:param str url: 请求地址
:param dict params: 请求参数
:param bool check: 检查响应
:param kwargs: 其他参数
:return: requests响应对象
"""
try:
resp = requests.get(url,
params=params,
cookies=self.cookie,
headers=self.header,
proxies=self.proxy,
timeout=self.timeout,
verify=self.verify,
**kwargs)
except Exception as e:
logger.log('ERROR', e.args)
return None
if not check:
return resp
if utils.check_response('GET', resp):
return resp
return None
def post(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_old_password = args.old_password
key_new_password = args.new_password
key_again_password = args.again_password
if key_new_password != key_again_password:
return {'result': {'status_code': 203}}
if key_old_password == key_new_password:
return {'result': {'status_code': 204}}
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:不存在此账户')
return {'result': {'status_code': 500}}
if not check_password_hash(user_query.password,
key_old_password): # 检测原密码
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:原密码不正确')
return {'result': {'status_code': 201}}
user_query.password = generate_password_hash(key_new_password) # 更新密码
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改密码接口SQL错误:{e}')
DB.session.rollback()
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'), '修改用户密码成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户密码成功")
return {'result': {'status_code': 200}}
def axfr(self, server):
"""
执行域传送
:param server: 域名服务器
"""
logger.log('DEBUG', f'尝试对{self.domain}的域名服务器{server}进行域传送')
try:
xfr = dns.query.xfr(where=server,
zone=self.domain,
timeout=5.0,
lifetime=10.0)
zone = dns.zone.from_xfr(xfr)
except Exception as e:
logger.log('DEBUG', e.args)
logger.log('DEBUG', f'对{self.domain}的域名服务器{server}进行域传送失败')
return
names = zone.nodes.keys()
for name in names:
full_domain = str(name) + '.' + self.domain
subdomain = utils.match_subdomain(self.domain, full_domain)
self.subdomains = self.subdomains.union(subdomain)
record = zone[name].to_text(name)
self.results.append(record)
if self.results:
logger.log('DEBUG', f'发现{self.domain}在{server}上的域传送记录')
logger.log('DEBUG', '\n'.join(self.results))
self.results = []
def save_json(self):
"""
将各模块结果保存为json文件
:return: 是否保存成功
"""
if not Oneforall.save_module_result:
return False
logger.log('TRACE', f'将{self.source}模块发现的子域结果保存为json文件')
path = Oneforall.result_save_path.joinpath(self.domain, self.module)
path.mkdir(parents=True, exist_ok=True)
name = self.source + '.json'
path = path.joinpath(name)
with open(path, mode='w', encoding='utf-8', errors='ignore') as file:
result = {
'domain': self.domain,
'name': self.module,
'source': self.source,
'elapsed': self.elapsed,
'count': len(self.subdomains),
'subdomains': list(self.subdomains),
'records': self.records
}
json.dump(result, file, ensure_ascii=False, indent=4)
return True
def save(self):
logger.log('DEBUG', '正在保存检查结果')
if self.format == 'txt':
data = str(self.results)
else:
data = self.results.export(self.format)
utils.save_data(self.path, data)
def run(self):
start = time.time()
logger.log('INFOR', f'开始执行{self.source}模块')
self.subdomains = utils.get_domains(self.target)
self.format = utils.check_format(self.format, len(self.subdomains))
timestamp = utils.get_timestamp()
name = f'all_subdomain_{timestamp}'
self.path = utils.check_path(self.path, name, self.format)
if self.subdomains:
logger.log('INFOR', f'正在检查子域接管风险')
self.fingerprints = get_fingerprint()
self.results.headers = ['subdomain', 'cname']
# 创建待检查的子域队列
for domain in self.subdomains:
self.subdomainq.put(domain)
# 检查线程
for _ in range(self.thread):
check_thread = Thread(target=self.check, daemon=True)
check_thread.start()
# 进度线程
progress_thread = Thread(target=self.progress, daemon=True)
progress_thread.start()
self.subdomainq.join()
self.save()
else:
logger.log('FATAL', f'获取域名失败')
end = time.time()
elapsed = round(end - start, 1)
logger.log(
'INFOR', f'{self.source}模块耗时{elapsed}秒'
f'发现{len(self.results)}个子域存在接管风险')
logger.log('DEBUG', f'结束执行{self.source}模块')
def detect_wildcard(domain):
"""
探测域名是否使用泛解析
:param str domain: 域名
:return: 如果没有使用泛解析返回False 反之返回泛解析的IP集合和ttl整型值
"""
logger.log('INFOR', f'正在探测{domain}是否使用泛解析')
token = secrets.token_hex(4)
random_subdomain = f'{token}.{domain}'
try:
resolver = resolve.dns_resolver()
answers = resolver.query(random_subdomain, 'A')
# 如果查询随机域名A记录出错 说明不存在随机子域的A记录 即没有开启泛解析
except Exception as e:
logger.log('DEBUG', e)
logger.log('INFOR', f'{domain}没有使用泛解析')
return False, None, None
ttl = answers.ttl
name = answers.name
ips = {item.address for item in answers}
logger.log('ALERT', f'{domain}使用了泛解析')
logger.log('ALERT', f'{random_subdomain} 解析到域名: {name} '
f'IP: {ips} TTL: {ttl}')
return True, ips, ttl
def delete(self):
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_scan_dict = args.vlus.replace("'", '"')
try:
key_scan_dict = json.loads(key_scan_dict)
except:
return {'status_code': 500, 'msg': '删除漏洞失败'}
for key, value in key_scan_dict.items():
url_query = SrcVul.query.filter(
SrcVul.vul_time == key_scan_dict[key]['time']).first()
if not url_query:
continue
else:
DB.session.delete(url_query)
try:
DB.session.commit()
except Exception as e:
DB.session.rollback()
logger.log('ALERT', f'批量删除漏洞任务失败,{e}')
return {'status_code': 500, 'msg': '删除漏洞失败'}
addlog(session.get('username'), session.get('login_ip'), f'批量删除漏洞成功')
logger.log('INFOR', f'批量删除漏洞成功')
return {'status_code': 200, 'msg': '删除漏洞成功'}
def post(self):
'''新增用户'''
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_username = args.username
key_password = args.password
key_phone = args.phone
key_email = args.email
key_remark = args.remark
if session['username'] != 'root':
return {'status_code': 202, 'msg': '新增用户失败,不能新增root用户'}
user_query = User.query.filter(User.username == key_username).first()
if user_query: # 用户名存在
addlog(session.get('username'), session.get('login_ip'),
f'新增用户[{key_username}]失败,原因:用户已存在')
return {'status_code': 201, 'msg': f'新增用户失败,{key_username}用户名已存在'}
user1 = User(username=key_username,
password=key_password,
phone=key_phone,
email=key_email,
remark=key_remark)
DB.session.add(user1)
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户新增接口SQL错误:{e}')
DB.session.rollback()
return {'status_code': 500, 'msg': '新增用户失败,sql错误'}
addlog(session.get('username'), session.get('login_ip'),
f'新增用户[{key_username}]成功')
return {'status_code': 200, 'msg': '新增用户成功'}
def put(self):
'''添加任务资产'''
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_task_name = args.task_name
key_task_domain = args.task_domain
src_task_query = SrcCustomer.query.filter(
SrcCustomer.cus_name == key_task_name).first()
if not src_task_query:
return {'status_code': 201, 'msg': f'不存在[{key_task_name}]厂商名,请检查'}
domain_list = list(set(key_task_domain.split())) # 过滤重复内容
for domain in domain_list:
domain1 = domain.strip()
if domain1:
srctask_sql = SrcTask.query.filter(
SrcTask.task_domain == domain1).first() # 过滤已有重复任务
if srctask_sql:
continue
src_task_queryadd = SrcTask(key_task_name, domain1)
DB.session.add(src_task_queryadd)
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', '资产任务添加接口SQL错误:%s' % e)
DB.session.rollback()
return {'status_code': 500, 'msg': f'添加资产任务失败,可能已存在该任务资产,原因:{e}'}
addlog(session.get('username'), session.get('login_ip'),
f'添加任务资产[{key_task_name}]:[{len(domain_list)}]个')
logger.log('INFOR', f'添加任务资产[{len(domain_list)}]个')
return {'status_code': 200, 'msg': '添加厂商成功'}
def get_domains(target):
"""
获取域名
:param set or str target:
:return: 域名集合
"""
domains = list()
logger.log('DEBUG', f'正在获取域名')
if isinstance(target, (set, tuple)):
domains = list(target)
elif isinstance(target, list):
domains = target
elif isinstance(target, str):
path = Path(target)
if path.is_file():
with open(target, encoding='utf-8', errors='ignore') as file:
for line in file:
domain = Domain(line.strip()).match()
if domain:
domains.append(domain)
elif Domain(target).match():
domains = [target]
logger.log('INFOR', f'获取到{len(domains)}个域名')
return domains
def post(self):
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_old_password = args.old_password
key_new_password = args.new_password
key_again_password = args.again_password
if key_new_password != key_again_password:
return {'status_code': 201, 'msg': '两次输入的新密码不一致'}
if key_old_password == key_new_password:
return {'status_code': 201, 'msg': '新密码不能和旧密码一致'}
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:不存在此账户')
return {'status_code': 201, 'msg': '修改密码失败,session失效'}
if not check_password_hash(user_query.password,
key_old_password): # 检测原密码
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:原密码不正确')
return {'status_code': 201, 'msg': '修改密码失败,旧密码不正确'}
user_query.password = generate_password_hash(key_new_password) # 更新密码
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改密码接口SQL错误:{e}')
DB.session.rollback()
return {'status_code': 201, 'msg': '修改密码失败,SQL错误'}
addlog(session.get('username'), session.get('login_ip'), '修改用户密码成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户密码成功")
return {'status_code': 200, 'msg': '修改密码成功'}
def create_table(self, table_name):
"""
创建表结构
:param str table_name: 要创建的表名
"""
table_name = table_name.replace('.', '_')
if self.exist_table(table_name):
logger.log('TRACE', f'已经存在{table_name}表')
return
logger.log('TRACE', f'正在创建{table_name}表')
self.query(f'create table "{table_name}" ('
f'id integer primary key,'
f'url text,'
f'subdomain text,'
f'port int,'
f'ips text,'
f'status int,'
f'reason text,'
f'valid int,'
f'new int,'
f'title text,'
f'banner text,'
f'header text,'
f'response text,'
f'module text,'
f'source text,'
f'elapsed float,'
f'count int)')
def post(self):
'''添加任务'''
if not session.get('status'):
return {'result': {'status_code': 401}}
if not APP.config.get('SHODAN_KEY'):
return {'result': {'status_code': 301}}
if not shodan_check(APP.config.get('SHODAN_KEY')):
return {'result': {'status_code': 202}}
args = self.parser.parse_args()
key_domain = escape(args.domain.replace('/', ''))
key_domain_name = escape(args.domain_name)
if not key_domain or not key_domain_name:
return {'result': {'status_code': 500}}
src_query = SrcDomain.query.filter(
SrcDomain.domain == key_domain).first()
if src_query: # 已经存在domain任务
return {'result': {'status_code': 201}}
SrcDomain1 = SrcDomain(domain=key_domain, domain_name=key_domain_name)
DB.session.add(SrcDomain1)
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', '主域名添加任务接口SQL错误:%s' % e)
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'),
'添加主域名任务成功,主域名为:%s' % key_domain)
logger.log('INFOR',
'添加主域名任务成功-主域名[%s]-厂商[%s]' % (key_domain, key_domain_name))
return {'result': {'status_code': 200}}
def search(self, full_search=False):
"""
向接口查询子域并做子域匹配
"""
page_num = 1
while True:
time.sleep(self.delay)
params = {'pageno': page_num, 'q': self.domain, 'type': 'code'}
try:
resp = self.get(self.addr, params=params)
except Exception as e:
logger.log('ERROR', e.args)
break
if resp.status_code != 200:
logger.log('ERROR', f'{self.source}模块搜索出错')
break
if 'class="empty-box"' in resp.text:
break
soup = BeautifulSoup(resp.text, 'lxml')
subdomains = self.match(self.domain, soup.text)
self.subdomains = self.subdomains.union(subdomains)
if not subdomains:
break
if not full_search:
# 搜索中发现搜索出的结果有完全重复的结果就停止搜索
if subdomains.issubset(self.subdomains):
break
if '<li class="disabled"><a href="###">' in resp.text:
break
if page_num > 100:
break
page_num += 1
def query(self, sql):
try:
results = self.conn.query(sql)
except Exception as e:
logger.log('ERROR', e.args)
else:
return results
def put(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_scan_dict = args.scan.replace("'", '"')
try:
key_scan_dict = json.loads(key_scan_dict)
except:
return {'result': {'status_code': 500}}
for key, value in key_scan_dict.items():
url_query = SrcVulnerabilitie.query.filter(
SrcVulnerabilitie.time == key_scan_dict[key]['time']).first()
if not url_query:
continue
else:
DB.session.delete(url_query)
try:
DB.session.commit()
except Exception as e:
DB.session.rollback()
logger.log('ALERT', f'批量删除漏洞任务失败,{e}')
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'), f'批量删除漏洞任务成功')
logger.log('INFOR', f'批量删除漏洞任务成功')
return {'result': {'status_code': 200}}
def post(self):
'''添加任务'''
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_domain = escape(args.domain.replace('/', ''))
key_domain_name = escape(args.domain_name)
if not key_domain or not key_domain_name:
return {'result': {'status_code': 500}}
src_query = SrcDomain.query.filter(
SrcDomain.domain == key_domain).first()
if src_query: # 已经存在domain任务
addlog(
session.get('username'), session.get('login_ip'),
f'添加主域名任务失败,主域名为:{key_domain},厂商为:{key_domain_name},原因:该任务已存在')
return {'result': {'status_code': 201}}
SrcDomain1 = SrcDomain(domain=key_domain, domain_name=key_domain_name)
DB.session.add(SrcDomain1)
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', '主域名添加任务接口SQL错误:%s' % e)
DB.session.rollback()
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'),
f'添加主域名任务成功,主域名为:{key_domain},厂商为:{key_domain_name}')
logger.log('INFOR',
f'添加主域名任务成功-主域名[{key_domain}]-厂商[{key_domain_name}]')
return {'result': {'status_code': 200}}
def login_github(self):
"""
登录github
:return: 登录失败返回False 成功返回True
"""
token = self.get_token()
if token is None:
logger.log('ERROR', f'{self.source}模块获取token失败')
return False
post_data = {
'commit': 'Sign in',
'utf8': '✓',
'authenticity_token': token,
'login': self.email,
'password': self.password
}
try:
resp = self.session.post(self.post_url, data=post_data)
except Exception as e:
logger.log('ERROR', e.args)
return False
if resp.status_code != 200:
return False
result = re.search(r'"user-login" content="(.*?)"', resp.text)
if result:
return True
def deal_results(self, results):
for result in results:
hostname, answer = result
if answer is None:
continue
if isinstance(answer, Exception):
# logger.log('DEBUG', f'爆破{subdomain}时出错 {str(answers)}')
continue
name, alias, ips = answer
if name.endswith('.'):
name = name[0:-1]
# 取值 如果是首次出现的IP集合 出现次数先赋值0
value = self.ips_times.setdefault(str(ips), 0)
self.ips_times[str(ips)] = value + 1
# 目前域名开启了泛解析
if self.enable_wildcard and self.wildcard_deal:
# 通过对比查询的子域和响应的子域来判断真实子域
# 去掉解析到CDN的情况
if 'cdn' in name or 'waf' in name:
continue
if not name.endswith(self.domain):
continue
# 通过对比解析到的IP集合的次数来判断真实子域
if wildcard_by_times(ips, self.ips_times):
continue
# 只添加没有出现过的子域
if hostname not in self.subdomains:
logger.log(
'INFOR', f'发现{self.domain}的子域: {hostname} '
f'解析到: {name} IP: {ips}')
self.subdomains.add(hostname)
self.records[hostname] = str(ips)[1:-1]
def addlog(username, log_ip, log_text):
'''添加用户操作日志'''
try:
logs = UserLogs(username, log_ip, log_text)
DB.session.add(logs)
DB.session.commit()
except Exception as e:
logger.log('ALERT', '用户操作日志添加到数据库失败,原因: %s' % e)
def WriteDomain(results):
'''修改主域名任务状态'''
results.flag = '子域名扫描完成'
try:
DB.session.commit()
except Exception as e:
DB.session.rollback()
logger.log('ALERT', '修改主域名任务状态SQL错误:%s' % e)
def gen_brute_domains(domain, path):
domains = set()
with open(path, encoding='utf-8', errors='ignore') as file:
for line in file:
brute_domain = line.strip() + '.' + domain
domains.add(brute_domain)
logger.log('INFOR', f'爆破字典大小:{len(domains)}')
return domains
def addlog(username, logs_ip, logs_text):
'''添加用户操作日志'''
try:
logs = UserLogs(username, logs_ip, logs_text)
DB.session.add(logs)
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户操作日志添加失败,错误代码:{e}')
DB.session.rollback()
