def my_msg():
fuckoff = config_content['fuck_off']
content = request.json
print("---------------------------------------------------------")
try:
groupId = content['group_id']
except BaseException:
groupId = False
userId = content['user_id']
if groupId and groupId in [160958474]:
if content['post_type'] == 'message':
try:
message = content['message'].encode('utf-8')
for ban_word in config_content['ban_word']:
if ban_word in "".join(message.lower().split()):
msg = {
'reply':
', big brother is watching you! 禁言半小时以示惩戒!!!'
}
api.group_ban(groupId, userId, miu_num=1800)
return Response(json.dumps(msg),
mimetype='application/json')
# 直接@我
if atMe in message:
if "".join((message.split())) == atMe:
reply = config_content['fuck_reply']
msg = {'reply': choice(reply)}
return Response(json.dumps(msg),
mimetype='application/json')
elif any([
'傻' in "".join(
(message.split())) and '逼' in "".join(
(message.split())), '傻' in "".join(
(message.split())) and '屌' in "".join(
(message.split())), '傻' in "".join(
(message.split()))
and '狗' in "".join(
(message.split())), '屎' in "".join(
(message.split())) and '狗' in "".join(
(message.split())), '垃' in "".join(
(message.split()))
and '圾' in "".join(
(message.split())), '傻' in "".join(
(message.split())) and '吊' in "".join(
(message.split())), '智' in "".join(
(message.split()))
and '障' in "".join(
(message.split())), '爸' in "".join(
(message.split())) and '爸' in "".join(
(message.split())), '子' in "".join(
(message.split()))
and '儿' in "".join(
(message.split())), 'sb' in "".join(
(message.lower().split())), '笔' in "".join(
(message.split())) and '煞' in "".join(
(message.split()))
]):
msg = {'reply': ', 骂我? 小伙计你内心很浮躁嘛! 送你个禁言1小时,不用谢!'}
api.group_ban(groupId, userId, miu_num=3600)
return Response(json.dumps(msg),
mimetype='application/json')
elif "食用" in message:
use_msg = config_content['usage_method']
msg = use_msg.strip().lstrip("\n").rstrip("\n")
api.send_msg(msg, 'user_id', userId)
elif any([
'help' in message, '--help' in message, '功能'
in message, '-h' in message
]):
function_list = "\n" + \
config_content['function_list'].rstrip("\n")
msg = {'reply': function_list}
return Response(json.dumps(msg),
mimetype='application/json')
elif 'searchforum' in message:
data = message.split(' ')
result = forum_search(data[2])
msg = {'reply': result}
return Response(json.dumps(msg),
mimetype='application/json')
# 检索SSR服务器
elif 'py' in message:
ssr_list = api.get_ssr_link()
api.send_msg(ssr_list, 'user_id', userId)
elif "天气" in message:
at_user, keyword = message.split(' ')
city_name = keyword.decode("utf8", "ignore")
msg = api.query_weather(city_name[:-2])
if msg:
return api.send_msg(
msg.strip().lstrip("\n").strip("\n"),
'group_id', groupId)
elif len(message.split(' ')) == 3:
at_user, keyword, target = message.split(' ')
if target in ['127.0.0.1', 'localhost']:
msg = {'reply': ', 你过界了!'}
return Response(json.dumps(msg),
mimetype='application/json')
if keyword == 'showpoc':
result = api.exploit().show(target)
msg = {'reply': result}
return Response(json.dumps(msg),
mimetype='application/json')
elif keyword == 'search':
result = api.exploit_api(keyword=target, search=1)
msg = {
'reply': "\n".join(result)
} if result else {
'reply': "[-]未发现该POC"
}
return Response(json.dumps(msg),
mimetype='application/json')
elif keyword in [
'cms', 'information', 'system', 'hardware',
'industrial'
]:
result = api.exploit_api(keyword=keyword,
url=target)
print(result)
msg = {
'reply': "\n".join(result)
} if result else {
'reply': "[-]未发现安全漏洞"
}
return Response(json.dumps(msg),
mimetype='application/json')
elif keyword == 'whatcms':
result = api.exploit_api(keyword=keyword,
url=target)
msg = {
'reply': result
} if result else {
'reply': "未识别成功"
}
return Response(json.dumps(msg),
mimetype='application/json')
elif keyword == 'nmap':
try:
msg = {
'reply':
requests.get(
"https://api.hackertarget.com/nmap/?q={target}"
.format(target=target.replace(
"http:", "").replace("https:", "").
replace("/", ""))).text
}
except BaseException:
msg = {'reply': "输入有误"}
return Response(json.dumps(msg),
mimetype='application/json')
else:
msg = {'reply': choice(fuckoff)}
return Response(json.dumps(msg),
mimetype='application/json')
elif len(message.split(' ')) == 4:
at_user, keyword, search_key, num_txt = message.split(
' ')
if "search" in message:
result = api.exploit_api(keyword=search_key,
search=1,
url=host_txt)
msg = {
'reply': "\n".join(result)
} if result else {
'reply': "[-]未发现安全漏洞"
}
return Response(json.dumps(msg),
mimetype='application/json')
elif keyword == 'protocols':
result = api.scan_protocols(search_key,
num_txt,
rule=False)
api.send_msg(result, 'user_id', userId)
else:
msg = {'reply': choice(fuckoff)}
return Response(json.dumps(msg),
mimetype='application/json')
elif len(message.split(' ')) == 5:
at_user, keyword, sec_key, thir_key, four_key = message.split(
' ')
if keyword == 'protocols':
result = api.scan_protocols(sec_key,
four_key,
thir_key,
rule=False)
api.send_msg(result, 'user_id', userId)
elif len(message.split(' ')) == 6:
at_user, keyword, sec_key, thir_key, four_key, firt_key = message.split(
' ')
if keyword == 'protocols':
if thir_key == "TO":
result = api.scan_protocols(
"[" + sec_key + " " + thir_key + " " +
four_key + "]", firt_key)
api.send_msg(result, 'user_id', userId)
else:
msg = {'reply': choice(fuckoff)}
return Response(json.dumps(msg),
mimetype='application/json')
else:
pass
except Exception as e:
print(e)
elif content['post_type'] == 'notice':
if content['notice_type'] == 'group_increase':
msg = "欢迎大佬['" + str(content['user_id']) + \
"']入群, 请爆照,爆三围, 否则会享受群内特殊Py照顾!"
return api.send_msg(msg, 'group_id', groupId)
res = {'msg': 'ok'}
return Response(json.dumps(res), mimetype='application/json')
def show_poc(usage_method, user_id, function_list, message, group_id):
target = message.split(' ')[2]
result = api.exploit().show(target)
return str(result)
def my_msg():
fuckoff = ['你说j2呢???', '不会用别瞎艾特', '什么玩意?你看看能help(-h;--help)不?', '???mdzz']
content = request.json
print("---------------------------------------------------------")
try:
groupId = content['group_id']
except BaseException:
groupId = False
userId = content['user_id']
if groupId and groupId in [160958474, 134860850]:
if content['post_type'] == 'message':
try:
message = content['message'].encode('utf-8')
if any(['ssr' in "".join((message.lower().split())),
'vpn' in "".join((message.lower().split())),
'p**n' in "".join((message.lower().split())),
'翻' in message and '墙' in message,
'暗' in message and '网' in message,
'黑产' in "".join((message.split())),
'习近平' in "".join((message.split())),
'酸酸乳' in "".join((message.split())),
'virtual' in "".join((message.lower().split())) and 'private' in "".join((message.lower().split())) and 'network' in "".join((message.lower().split())),
'gfw' in "".join((message.lower().split()))]):
msg = {
'reply': ', big brother is watching you! 禁言半小时以示惩戒!!!'}
# msg_id = content['message_id']
group_ban(groupId, userId, miu_num=1800)
return Response(
json.dumps(msg), mimetype='application/json')
# 直接@我
elif atMe in message:
if "".join((message.split())) == atMe:
reply = [
',艾特我干嘛? 有事儿说事儿,没事儿滚去日站!!!',
',别瞎鸡儿艾特我!!!',
',滚粗,白了否恩?!!',
',走开,嘤嘤嘤!!!',
',敲里吗,听见没有!!!',
',人家用小拳拳锤你胸口,哼!!!',
',艾特我干啥, 我在重构!!!',
',去去去,一边玩儿去,滚蛋!!!',
',葫芦娃,葫芦娃,一棵藤上七朵花!!!',
',干啥小崽子!!!',
',哪凉快哪待着!!!']
msg = {'reply': choice(reply)}
return Response(
json.dumps(msg), mimetype='application/json')
elif any(['傻' in "".join((message.split())) and '逼' in "".join((message.split())),
'傻' in "".join((message.split())) and '屌' in "".join((message.split())),
'傻' in "".join((message.split())) and '狗' in "".join((message.split())),
'屎' in "".join((message.split())) and '狗' in "".join((message.split())),
'垃' in "".join((message.split())) and '圾' in "".join((message.split())),
'傻' in "".join((message.split())) and '吊' in "".join((message.split())),
'智' in "".join((message.split())) and '障' in "".join((message.split())),
'爸' in "".join((message.split())) and '爸' in "".join((message.split())),
'子' in "".join((message.split())) and '儿' in "".join((message.split())),
'sb' in "".join((message.lower().split())),
'笔' in "".join((message.split())) and '煞' in "".join((message.split()))]):
msg = {
'reply': ', 骂我? 小伙计你内心很浮躁嘛! 送你个禁言1小时,不用谢!'}
group_ban(groupId, userId, miu_num=3600)
return Response(
json.dumps(msg), mimetype='application/json')
elif "食用" in message:
use_msg = '''
查询已知Poc:@我 showpoc system
查询已知Poc:@我 showpoc hardware
查询SSR: @我 py
查询SSR: @我 python
查询全部SSR: @我 allpy
查询全部SSR: @我 allpython
扫描子网工控设备:@我 protocols 111.200.232.0 1 --> 默认扫描子网 /24 返回第一页查询
扫描子网工控设备:@我 protocols 111.200.232.0 24 2 --> 扫描子网 /24 返回第二页查询
扫描子网工控设备:@我 protocols 111.200.232.0 16 1 --> 扫描子网段 /16 返回第一页查询
扫描子网工控设备:@我 protocols 111.200.232.77 TO 111.200.234.222 1 --> 扫描网段 返回第一页查询
查询天气:@我 北京市天气
查询天气:@我 朝阳区天气
查询天气:@我 Beijing天气
'''
msg = use_msg.strip().lstrip("\n").rstrip("\n")
send_msg(msg, 'user_id', userId)
elif any(['help' in message,
'--help' in message,
'功能' in message,
'-h' in message]):
function_list = '''
| 功能列表 |
--------------------------------------------------------------
找骂: 直接@ME
搜索论坛: @ME searchforum keyword
显示所有Poc:@ME showallpoc keyword(cms;hardware;industrial;system;information)
TCP端口扫描:@ME nmap host
CMS识别:@ME whatcms host
CMS漏洞扫描: @ME cms host
信息搜集: @ME information host
系统漏洞扫描: @ME system host
物联网设备安全检测: @ME hardware host
工控安全检测: @ME industrial host
搜索POC: @ME search keywords
搜索并使用POC进行安全检测: @ME search keywords host
神奇的梯子: @ME python(py)
子网工控设备扫描(返回页内容): @ME protocols subnet sub_num(16/24) pge_num
查询天气: @ME ??市(区)天气
使用方法: @ME 食用
--------------------------------------------------------------
'''
function_list = "\n" + function_list.strip().rstrip("\n")
msg = {'reply': function_list}
return Response(
json.dumps(msg), mimetype='application/json')
elif 'searchforum' in message:
data = message.split(' ')
keyword = data[2]
result = forum_search(keyword)
print(result)
msg = {'reply': result}
return Response(
json.dumps(msg), mimetype='application/json')
# 检索SSR服务器
elif any(['allpy' in message,
'allpython' in message]):
ssr_list = ssr_work("./spider/ss_ssr.txt") + ssr_work("../spider/ss.txt")
ssr_info = ("\n".join(ssr_list))
send_msg(ssr_info, 'user_id', userId)
elif any(['py' in message,
'python' in message]):
ssr_list = ssr_work("./spider/ss_ssr.txt")
send_msg(choice(ssr_list), 'user_id', userId)
elif "天气" in message:
at_user, keyword = message.split(' ')
city_name = keyword.decode("utf8", "ignore")
msg = query_weather(city_name[:-2])
if msg:
return send_msg(
msg.strip().lstrip("\n").strip("\n"), 'group_id', groupId)
elif len(message.split(' ')) == 3:
at_user, keyword, target = message.split(' ')
if target in ['127.0.0.1', 'localhost']:
msg = {'reply': ', 你过界了!'}
return Response(
json.dumps(msg), mimetype='application/json')
if keyword == 'showpoc':
result = api.exploit().show(target)
msg = {'reply': result}
return Response(
json.dumps(msg), mimetype='application/json')
elif keyword == 'search':
result = exploit_api(keyword=target, search=1)
msg = {
'reply': "\n".join(result)} if result else {
'reply': "[-]未发现该POC"}
return Response(
json.dumps(msg), mimetype='application/json')
elif keyword in ['cms', 'information', 'system', 'hardware', 'industrial']:
result = exploit_api(keyword=keyword, url=target)
print(result)
msg = {
'reply': "\n".join(result)} if result else {
'reply': "[-]未发现安全漏洞"}
return Response(
json.dumps(msg), mimetype='application/json')
elif keyword == 'whatcms':
result = exploit_api(keyword=keyword, url=target)
msg = {
'reply': result} if result else {
'reply': "未识别成功"}
return Response(
json.dumps(msg), mimetype='application/json')
elif keyword == 'nmap':
try:
msg = {
'reply': requests.get(
"https://api.hackertarget.com/nmap/?q={target}".format(
target=target.replace(
"http:", "").replace(
"https:", "").replace(
"/", ""))).text}
except BaseException:
msg = {'reply': "输入有误"}
return Response(
json.dumps(msg), mimetype='application/json')
else:
msg = {'reply': choice(fuckoff)}
return Response(
json.dumps(msg), mimetype='application/json')
elif len(message.split(' ')) == 4:
at_user, keyword, search_key, num_txt = message.split(
' ')
if "search" in message:
result = exploit_api(
keyword=search_key, search=1, url=host_txt)
msg = {
'reply': "\n".join(result)} if result else {
'reply': "[-]未发现安全漏洞"}
return Response(
json.dumps(msg), mimetype='application/json')
elif keyword == 'protocols':
result = scan_protocols(
search_key, num_txt, rule=False)
send_msg(result, 'user_id', userId)
else:
msg = {'reply': choice(fuckoff)}
return Response(
json.dumps(msg), mimetype='application/json')
elif len(message.split(' ')) == 5:
at_user, keyword, sec_key, thir_key, four_key = message.split(
' ')
if keyword == 'protocols':
result = scan_protocols(
sec_key, four_key, thir_key, rule=False)
send_msg(result, 'user_id', userId)
elif len(message.split(' ')) == 6:
at_user, keyword, sec_key, thir_key, four_key, firt_key = message.split(
' ')
if keyword == 'protocols':
if thir_key == "TO":
result = scan_protocols(
"[" + sec_key + " " + thir_key + " " + four_key + "]", firt_key)
send_msg(result, 'user_id', userId)
else:
msg = {'reply': choice(fuckoff)}
return Response(
json.dumps(msg), mimetype='application/json')
else:
pass
except Exception as e:
print(e)
elif content['post_type'] == 'notice':
if content['notice_type'] == 'group_increase':
msg = "欢迎大佬['" + str(content['user_id']) + \
"']入群, 请爆照,爆三围, 否则会享受群内特殊Py照顾!"
return send_msg(msg, 'group_id', groupId)
res = {'msg': 'ok'}
return Response(json.dumps(res), mimetype='application/json')