def scan_start(): while config.load()['scan_stat'].lower() == "true": try: # TODO 这两个sleep没有必要 while thread_filled(): time.sleep(5) # 取出一个等待的任务, 并将其标记为运行中 item = ReqItem() item.set_status(ITEM_STATUS.RUNNING) reqhash = item.data_obj['hash'] if not reqhash: time.sleep(10) continue request = item.data_obj['request'] # TODO 检查request值 rules = config.load_rule()['scan_type'] url = urlparse.urlparse(request['url']).query if (request['method'] == "GET" and url != "") or (request['method'] == "POST" and (request["postdata"] != "" or url != "")): t = threading.Thread(target=new_scan, args=(reqhash, item, rules)) t.start() else: # 不合规的任务直接标记为finished item.set_status(ITEM_STATUS.FINISHED) except Exception, e: out.error(str(e))
def main(): try: addr = config.load()['mix_addr'] port = int(config.load()['mix_port']) bindsocket = socket.socket() bindsocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) bindsocket.bind((addr, port)) bindsocket.listen(300) except Exception as e: conf = config.load() conf['mix_stat'] = "false" config.update(conf) our.error(e) exit() while config.load()['mix_stat'].lower() == "true": try: connstream, fromaddr = bindsocket.accept() t = threading.Thread(target=client_conn, args=(connstream, )) t.start() except Exception as e: out.error("error") print(e) if 'connstream' in dir(): connstream.close() bindsocket.close()
def load(): with open(CHECK_CONF_FILE) as con: try: conf = json.load(con) return conf except: out.error( "conf.json error, please download another one and replace it.") exit()
def main(): NIC = config.load()["scapy_network_card"] # network adapter name try: if NIC == 'all': sniff(filter="tcp", prn=lambda x: capture(x)) else: sniff(iface=NIC, filter="tcp", prn=lambda x: capture(x)) except Exception as e: error("scapy out!") conf = config.load() conf['scapy_stat'] = "false" config.update(conf)
def check_update(): out.good("Checking update...") try: res = requests.get(config.load()['check_url'], timeout=10) version = res.content if version != config.load()['version']: update() return True else: return False except: out.error("Can not connect to update server!") return False
def get(self): try: request_hash = self.get_argument("hash") request = json.loads( base64.b64decode(conn.hget("request", request_hash))) if not conn.hget("results", request_hash): results = {} stat = "success" else: results = json.loads( base64.b64decode(conn.hget("results", request_hash))) stat = results['stat'] stats = ['success', 'info', 'warning', "danger"] stat = stats[stat] if results['stat'] == 0: results = {} else: del results['stat'] for rule in list(results): if results[rule]['stat'] == 0: del results[rule] else: results[rule]['stat'] = stats[results[rule] ['stat']] messages = [] for message in results[rule]['message']: if message != "": messages.append(message) results[rule]['message'] = messages #split the url in 80 chars url = request['url'] request['url_encode'] = "" for i in range(int(len(url) / 80) + 1): request['url_encode'] += url[i * 80:i * 80 + 80] + "\n" return self.render("req.html", request=request, results=results, stat=stat) except Exception as e: out.error(str(e)) return self.write(str(e))
def scan_start(): while config.load()['scan_stat'].lower() == "true": try: while thread_filled(): time.sleep(5) reqhash = conn.rpoplpush("waiting", "running") if not reqhash: time.sleep(10) continue reqed = conn.hget("request", reqhash) request = json.loads(ds(reqed)) rules = config.load_rule()['scan_type'] url = urlparse.urlparse(request['url']).query if (request['method'] == "GET" and url != "") or (request['method'] == "POST" and (request["postdata"] != "" or url != "")): t = threading.Thread(target=new_scan, args=(reqhash, requests_convert(request), rules)) t.start() else: conn.lrem("running", 1, reqhash) conn.lpush("finished", reqhash) except Exception,e: out.error(str(e))
def get(self): try: request_hash = self.get_argument("hash") item = ReqItem(hash=request_hash) request = item.data_obj['request'] if not item.data_obj['response']: results = {} stat = "success" else: results = item.data_obj['response'] stat = results['stat'] stats = ['success', 'info', 'warning', "danger"] stat = stats[stat] if results['stat'] == 0: results = {} else: del results['stat'] for rule in results.keys(): if results[rule]['stat'] == 0: del results[rule] else: results[rule]['stat'] = stats[results[rule] ['stat']] messages = [] for message in results[rule]['message']: if message != "": messages.append(message) results[rule]['message'] = messages # split the url in 80 chars url = request['url'] request['url_encode'] = "" for i in range(len(url) / 80 + 1): request['url_encode'] += url[i * 80:i * 80 + 80] + "\n" return self.render("req.html", request=request, results=results, stat=stat) except Exception, e: out.error(str(e)) return self.write(str(e))
def get_res(data, connstream, https): try: headers = {} post = '' if data[0:7] == 'CONNECT': connstream.sendall(b"HTTP/1.1 200 Connection established\r\n\r\n") https_things(connstream) return if not re.search('(GET|POST) (.*) HTTP', data): return methods = re.findall('(GET|POST) (.*) HTTP', data)[0] url = methods[1] method = methods[0] if method == 'GET': head = data.split('\r\n')[1:] for h in head: if ': ' in h[2:]: headers[h.split(': ')[0]] = h.split(': ')[1] host = headers['Host'].replace(' ', '') if not https: uri = url else: uri = "https://%s%s" % (host, url) print(uri) content_deal(headers, host, method, postdata='', uri=uri, packet=data) if 'Host' in headers.keys(): del headers['Host'] res = requests.get(uri, headers=headers, verify=False) response = get_str(res) connstream.sendall(response.encode()) connstream.close() return elif method == 'POST': body = data.split('\r\n\r\n')[1] head = data.split('\r\n\r\n')[0].split('\r\n')[1:] for h in head: if ': ' in h[2:]: headers[h.split(': ')[0]] = h.split(': ')[1] host = headers['Host'].replace(' ', '') if not https: uri = url else: uri = "https://%s%s" % (host, url) print(uri) content_deal(headers, host, method, postdata=body, uri=uri, packet=data) if 'Host' in headers.keys(): del headers['Host'] res = requests.post(uri, headers=headers, data=body, verify=False) response = get_str(res) connstream.sendall(response.encode()) connstream.close() return except Exception as e: if 'url' in dir(): print(url) out.error("Http Error: " + str(e)) try: err = "HTTP/1.1 500 Internal Server Error\r\n" err += "Content-Length-Type: text/html;\r\n" err += "Content-Length: 17\r\n\r\n" err += "HTTP Error" connstream.sendall() connstream.close() except Exception as e: # out.error("error") # print(e) pass