def systeminfo(request): from spidertool import sniffertask, zmaptool, portscantask, Sqldatatask from spidertool.detection.fluzzdetect import fuzztask # from spidertool.detection.vuldect import pocsearchtask resultdata = {} # TaskTool中定义的对象信息 resultdata['nmapfont'] = taskcontrol.getObject().get_length( ) # threadtool.getqueue_size() resultdata['nmapfont_running'] = taskcontrol.getObject( ).get_current_task_num() #get_running_size() resultdata['nmapback'] = sniffertask.getObject().get_length() # resultdata['nmapback_running'] = sniffertask.getObject( ).get_current_task_num() resultdata['portacsn'] = portscantask.getObject().get_length() resultdata['portacsn_running'] = portscantask.getObject( ).get_current_task_num() resultdata['fuzz'] = fuzztask.getObject().get_length() resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num() # resultdata['pocdect'] = pocsearchtask.getObject().get_length() # resultdata['pocdect_running']=pocsearchtask.getObject().get_current_task_num() resultdata['sqltask'] = Sqldatatask.getObject().get_length() resultdata['sqltask_running'] = Sqldatatask.getObject( ).get_current_task_num() return HttpResponse(json.dumps(resultdata, skipkeys=True, default=webtool.object2dict), content_type="application/json")
def systeminfo(request): from spidertool import sniffertask, zmaptool, portscantask, Sqldatatask from spidertool.template_identify.fluzzdetect import fuzztask from spidertool.template_identify.poc_file import pocsearchtask resultdata = {} resultdata['nmapfont'] = taskcontrol.getObject().get_length() resultdata['nmapfont_running'] = taskcontrol.getObject( ).get_current_task_num() resultdata['nmapback'] = sniffertask.getObject().get_length() resultdata['nmapback_running'] = sniffertask.getObject( ).get_current_task_num() resultdata['portacsn'] = portscantask.getObject().get_length() resultdata['portacsn_running'] = portscantask.getObject( ).get_current_task_num() resultdata['fuzz'] = fuzztask.getObject().get_length() resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num() resultdata['pocdect'] = pocsearchtask.getObject().get_length() resultdata['pocdect_running'] = pocsearchtask.getObject( ).get_current_task_num() resultdata['sqltask'] = Sqldatatask.getObject().get_length() resultdata['sqltask_running'] = Sqldatatask.getObject( ).get_current_task_num() return HttpResponse(json.dumps(resultdata, skipkeys=True, default=webtool.object2dict), content_type="application/json")
def __init__(self, islocalwork=config.Config.islocalwork): ''' Constructor ''' try: self.nma = nmap.PortScanner( ) # instantiate nmap.PortScanner object self.params = '-A -Pn -sC -R -v -O ' # self.params='-sV -T4 -O ' #快捷扫描加强版 # self.params='-sS -sU -T4 -A -v' #深入扫描 except nmap.PortScannerError: print('Nmap not found', sys.exc_info()[0]) except: print('Unexpected error:', sys.exc_info()[0]) self.uploadwork = uploadtask.getObject() self.config = config.Config self.webconfig = webconfig.WebConfig self.sqlTool = Sqldatatask.getObject() self.islocalwork = islocalwork self.portscan = portscantask.getObject() import spidertool.getLocationTool as getLocationTool self.getlocationtool = getLocationTool.getObject()
def upload_ip_info(request): sqldatawork = [] func = request.POST.get('func', '') dic = request.POST.get('dic', '{}') nowdic = eval(dic) #存在安全隐患, 改用json库 tempwprk = Sqldata.SqlData( func, nowdic) #赋值给Sqldata类, 后期通过getXXX获取, 在Sqldatatask.py中 sqldatawork.append(tempwprk) sqlTool = Sqldatatask.getObject() sqlTool.add_work(sqldatawork) works = request.POST.get('workdetail', []) print "nmaproute::upload_ip_info():", works temphosts = request.POST.get('ip', '') tempvendor = request.POST.get('vendor', '') temposfamily = request.POST.get('osfamily', '') temposgen = request.POST.get('osgen', '') tempaccuracy = request.POST.get('accuracy', '') localtime = str(time.strftime("%Y-%m-%d %X", time.localtime())) temphostname = request.POST.get('hostname', '') tempstate = request.POST.get('state', '') ipcontrol.ip_info_upload(temphosts, tempvendor, temposfamily, temposgen, tempaccuracy, localtime, temphostname, tempstate) data = {} data['result'] = '1' return HttpResponse(json.dumps(data, skipkeys=True, default=webtool.object2dict), content_type="application/json")
def storedata(ip='', port='', hackinfo=None): sqlTool = Sqldatatask.getObject() localtime = str(time.strftime("%Y-%m-%d %X", time.localtime())) insertdata = [] # if islocalwork==0: # work=[] # dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]} # tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic} # jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata) # work.append(jsondata) # self.uploadwork.add_work(work) # else: hackinfo = SQLTool.escapewordby(str(hackinfo)) extra = ' on duplicate key update disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\'' insertdata.append((str(ip), port, hackinfo, str(port))) sqldatawprk = [] dic = { "table": config.Config.porttable, "select_params": ['ip', 'port', 'disclosure', 'portnumber'], "insert_values": insertdata, "extra": extra } tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic) sqldatawprk.append(tempwprk) sqlTool.add_work(sqldatawprk) print 'fuzz 数据存储' pass
def storedata(ip='',port='',hackinfo=None): sqlTool=Sqldatatask.getObject() localtime=str(time.strftime("%Y-%m-%d %X", time.localtime())) insertdata=[] # if islocalwork==0: # work=[] # dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]} # tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic} # jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata) # work.append(jsondata) # self.uploadwork.add_work(work) # else: hackinfo=SQLTool.escapewordby(str(hackinfo)) extra=' on duplicate key update hackinfo=\''+hackinfo+'\' , timesearch=\''+localtime+'\'' insertdata.append((str(ip),port,hackinfo,str(port))) sqldatawprk=[] dic={"table":config.Config.porttable,"select_params":['ip','port','hackinfo','portnumber'],"insert_values":insertdata,"extra":extra} tempwprk=Sqldata.SqlData('inserttableinfo_byparams',dic) sqldatawprk.append(tempwprk) sqlTool.add_work(sqldatawprk) pass
def storedata(ip='',port='',hackinfo=None): sqlTool=Sqldatatask.getObject() localtime=str(time.strftime("%Y-%m-%d %X", time.localtime())) insertdata=[] hackinfo=SQLTool.escapewordby(str(hackinfo)) extra=' on duplicate key update disclosure=\''+hackinfo+'\' , timesearch=\''+localtime+'\'' insertdata.append((str(ip),port,hackinfo,str(port))) dic={"table":config.Config.porttable,"select_params":['ip','port','disclosure','portnumber'],"insert_values":insertdata,"extra":extra} if islocalwork==0: work=[] tempdata={"func":'inserttableinfo_byparams',"dic":dic} jsondata=uploaditem.UploadData(url=webconfig.WebConfig.upload_ip_info,way='POST',params=tempdata) work.append(jsondata) temp=uploadtask.getObject() temp.add_work(work) else: sqldatawprk=[] tempwprk=Sqldata.SqlData(func='inserttableinfo_byparams',dic) sqldatawprk.append(tempwprk) sqlTool.add_work(sqldatawprk) print 'fuzz 数据存储' pass
def systeminfo(request): from spidertool import sniffertask, zmaptool,portscantask,Sqldatatask from spidertool.detection.fluzzdetect import fuzztask from spidertool.detection.vuldect import pocsearchtask resultdata={} resultdata['nmapfont']=taskcontrol.getObject().get_length() resultdata['nmapfont_running'] = taskcontrol.getObject().get_current_task_num() resultdata['nmapback']=sniffertask.getObject().get_length() resultdata['nmapback_running'] = sniffertask.getObject().get_current_task_num() resultdata['portacsn']=portscantask.getObject().get_length() resultdata['portacsn_running'] = portscantask.getObject().get_current_task_num() resultdata['fuzz']=fuzztask.getObject().get_length() resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num() resultdata['pocdect'] = pocsearchtask.getObject().get_length() resultdata['pocdect_running']=pocsearchtask.getObject().get_current_task_num() resultdata['sqltask'] = Sqldatatask.getObject().get_length() resultdata['sqltask_running']=Sqldatatask.getObject().get_current_task_num() return HttpResponse(json.dumps(resultdata,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def ip_info_upload(temphosts, tempvendor, temposfamily, temposgen, tempaccuracy, localtime, temphostname, tempstate): localtime = str(time.strftime("%Y-%m-%d %X", time.localtime())) sqlTool = Sqldatatask.getObject() # sqldatawprk=[] # dic={"table":self.config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]} # tempwprk=Sqldata.SqlData('replaceinserttableinfo_byparams',dic) # sqldatawprk.append(tempwprk) # sqlTool.add_work(sqldatawprk) pass
def ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate): localtime=str(time.strftime("%Y-%m-%d %X", time.localtime())) sqlTool=Sqldatatask.getObject() # sqldatawprk=[] # dic={"table":self.config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]} # tempwprk=Sqldata.SqlData('replaceinserttableinfo_byparams',dic) # sqldatawprk.append(tempwprk) # sqlTool.add_work(sqldatawprk) pass
def upload_port_info(request): sqldatawprk=[] func=request.POST.get('func','') dic=request.POST.get('dic','{}') nowdic=eval(dic) tempwprk=Sqldata.SqlData(func,nowdic) sqldatawprk.append(tempwprk) sqlTool=Sqldatatask.getObject() sqlTool.add_work(sqldatawprk) data={} data['result']='1' return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def upload_ip_info(request): sqldatawprk=[] func=request.POST.get('func','') dic=request.POST.get('dic','{}') nowdic=eval(dic)#存在安全隐患, 改用json库 tempwprk=Sqldata.SqlData(func,nowdic) sqldatawprk.append(tempwprk) sqlTool=Sqldatatask.getObject() sqlTool.add_work(sqldatawprk) # works=request.POST.get('workdetail',[]) # print works # tempvendor=request.POST.get('vendor','') # temposfamily=request.POST.get('osfamily','') # temposgen=request.POST.get('osgen','') # tempaccuracy=request.POST.get('accuracy','') # temphostname=request.POST.get('hostname','') # tempstate=request.POST.get('state','') # ipcontrol.ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate) data={} data['result']='1' return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def storedata(ip='', port='', hackresults=None): sqlTool = Sqldatatask.getObject() localtime = str(time.strftime("%Y-%m-%d %X", time.localtime())) insertdata = [] hackresults = SQLTool.escapewordby(str(hackresults)) extra = ' on duplicate key update hackresults=\'' + hackresults + '\' , timesearch=\'' + localtime + '\'' insertdata.append((str(ip), port, hackresults, str(port))) sqldatawprk = [] dic = { "table": config.Config.porttable, "select_params": ['ip', 'port', 'hackresults', 'portnumber'], "insert_values": insertdata, "extra": extra } tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic) sqldatawprk.append(tempwprk) sqlTool.add_work(sqldatawprk) pass
def storedata(ip='', port='', hackinfo=None): sqlTool = Sqldatatask.getObject() localtime = str(time.strftime("%Y-%m-%d %X", time.localtime())) insertdata = [] hackinfo = SQLTool.escapewordby(str(hackinfo)) extra = ' on duplicate key update disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\'' insertdata.append((str(ip), port, hackinfo, str(port))) dic = { "table": config.Config.porttable, "select_params": ['ip', 'port', 'disclosure', 'portnumber'], "insert_values": insertdata, "extra": extra } if islocalwork == 0: work = [] tempdata = {"func": 'inserttableinfo_byparams', "dic": dic} jsondata = uploaditem.UploadData( url=webconfig.WebConfig.upload_ip_info, way='POST', params=tempdata) work.append(jsondata) temp = uploadtask.getObject() temp.add_work(work) else: sqldatawprk = [] tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic) sqldatawprk.append(tempwprk) sqlTool.add_work(sqldatawprk) print 'fuzz 数据存储' pass
def storedata(ip='', port='', disclosures=None): sqlTool = Sqldatatask.getObject() localtime = str(time.strftime("%Y-%m-%d %X", time.localtime())) insertdata = [] # {'223.223.187.90:8080': [{'status': 200, 'url': '223.223.187.90:8080/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/file/Placard/upload/Imo_DownLoadUI.php?cid=1&uid=1&type=1&filename=/../../../../etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/wp-config.php~'}, {'status': 200, 'url': '223.223.187.90:8080/'}]} # 现在是依次遍历list集合拼接,是否可以直接返回list集合,像hackresults一样 disclosure = '' # for ip_port in disclosures: # disinfo_list = disclosures[ip_port] # for disinfo in disinfo_list: # disclosure += str(disinfo) + '\\n ' # disinfo_list.remove(disinfo) # print "fuzzey detect callbackfuzz: ", type(disclosures), str(disclosures) # a dict disclosure = SQLTool.escapewordby(str(disclosures)) extra = ' on duplicate key update disclosure=\'' + disclosure + '\' , timesearch=\'' + localtime + '\'' insertdata.append((str(ip), port, disclosure, str(port))) sqldatawprk = [] dic = { "table": config.Config.porttable, "select_params": ['ip', 'port', 'disclosure', 'portnumber'], "insert_values": insertdata, "extra": extra } tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic) sqldatawprk.append(tempwprk) sqlTool.add_work(sqldatawprk) from ..vuldect import pocsearchtask temp = pocsearchtask.getObject() # head,context,ip,port,productname,keywords,nmapscript,protocol temp.add_work([(None, None, ip, port, None, None, disclosures, None)]) pass