def Registered(request): RequestLogRecord(request, request_api="registered") if request.method == "POST": try: ShowName = json.loads(request.body).get("show_name") Username=json.loads(request.body).get("username") Passwd=json.loads(request.body).get("passwd") Email=json.loads(request.body).get("email") Key = json.loads(request.body).get("key") VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY Code = json.loads(request.body)["verification_code"].lower()#获取验证码 if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空 VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断 if VerificationCodeResult:#如果为真,进行登录验证 if registration_function_status:#判断是否开启注册功能 if len(ShowName.strip("\r\n"))==0 or len(Username.strip("\r\n"))==0 or len(Passwd.strip("\r\n"))==0 or len(Email.strip("\r\n"))==0 or len(Key.strip("\r\n"))==0:#验证数据不为空 return JsonResponse({'message': '宝贝数据呢?💚', 'code': 666, }) else: if Key==secret_key_required_for_account_registration:#判断是否符合注册值 VerifyUsername=UserInfo().VerifyUsername(Username) VerifyEmail=UserInfo().VerifyEmail(Email) if VerifyUsername or VerifyEmail: return JsonResponse({'message': '用户名或邮箱已存在', 'code': 604, }) elif (VerifyUsername is None)or(VerifyEmail is None): return JsonResponse({'message': '报错了🙄', 'code': 404, }) elif not VerifyUsername or not VerifyEmail: Token=randoms().result(250) Uid = randoms().result(100)#生成随机数,用户UID Key = randoms().result(40) #生成key值 DomainNameSystemLogKey = randoms().LowercaseAndNumbers(5) # 生成DNSLOGkey值 Md5Passwd=Md5Encryption().Md5Result(Passwd)#进行加密 UserWrite=UserInfo().Write(name=Username, show_name=ShowName, token=Token, passwd=Md5Passwd, email=Email, uid=Uid,key=Key,avatar="admin.jpg") DomainNameSystemLogKeyword().Write(uid=Uid,key=DomainNameSystemLogKey) if UserWrite: return JsonResponse({'message': '注册成功', 'code': 200, }) elif UserWrite is None: return JsonResponse({'message': '未知错误', 'code': 400, }) else: return JsonResponse({'message': '注册失败', 'code': 603, }) else: return JsonResponse({'message': '小宝贝这是非法注册哦(๑•̀ㅂ•́)و✧', 'code': 403, }) else: return JsonResponse({'message': '小宝贝你没有开启注册功能哦!!', 'code': 503, }) else: return JsonResponse({'message': "验证码错误或者过期!", 'code': 504, }) else: return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 505, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_Registered_Registered(def)", e) return JsonResponse({'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def QueryMarkdownData(request):#用来查询协同作战数据 RequestLogRecord(request, request_api="query_markdown_data") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] MarkdownName = json.loads(request.body)["markdown_name"]#传入文档名称 Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="query_markdown_data", uid=Uid) CheckPermissionsResult=MarkdownRelationship().CheckPermissions(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户 if CheckPermissionsResult:#如果属于该用户 CheckConflictResult=MarkdownInfo().CheckConflict(markdown_name=MarkdownName)#检查数据库这个文件是否存在 if CheckConflictResult:#如果文件已经有数据了 MarkdownInfoResult=MarkdownInfo().Query(markdown_name=MarkdownName)#文件数据查询 return JsonResponse({'message': MarkdownInfoResult, 'code': 200, }) else:#如果没有数据 return JsonResponse({'message': "", 'code': 200, }) else: return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CollaborationPlatform_Markdown_QueryMarkdownData(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def PackAttachment(request): #统计打包文件个数 RequestLogRecord(request, request_api="file_acquisition_pack_attachment") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="file_acquisition_pack_attachment", uid=Uid) # 查询到了在计入 Result = FileAcquisitionPack().Quantity(uid=Uid) return JsonResponse({ 'message': Result, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_FileAcquisition_Query_PackAttachment(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def SaveMarkdownData(request):#用来保存协同作战数据 RequestLogRecord(request, request_api="save_markdown_data") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] MarkdownData = json.loads(request.body)["markdown_data"]#传入保存的数据 MarkdownName = json.loads(request.body)["markdown_name"]#传入文档名称 MarkdownDataToBast64=base64.b64encode(str(MarkdownData).encode('utf-8')).decode('utf-8')#转换成base64的数据 Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="save_markdown_data", uid=Uid) CheckPermissionsResult=MarkdownRelationship().CheckPermissions(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户 if CheckPermissionsResult:#如果属于该用户 CheckConflictResult=MarkdownInfo().CheckConflict(markdown_name=MarkdownName)#检查数据库这个文件是否存在 if CheckConflictResult:#如果文件已经有数据了 if not MarkdownInfo().Update(markdown_name=MarkdownName,markdown_data=MarkdownDataToBast64):#就对数据进行更新,接着判断更新返回值 return JsonResponse({'message': "保存失败~玛卡巴卡~~", 'code': 503, }) else:#如果没有数据 MarkdownInfo().Write(markdown_name=MarkdownName,markdown_data=MarkdownDataToBast64)#就对数据进行写入 return JsonResponse({'message': "保存成功啦~阿巴阿巴~", 'code': 200, }) else: return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CollaborationPlatform_Markdown_SaveMarkdownData(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Updata(request):#更新项目数据 RequestLogRecord(request, request_api="updata_email_project") if request.method == "POST": try: EndTime = json.loads(request.body)["end_time"] Token = json.loads(request.body)["token"] Key = json.loads(request.body)["project_key"] # 项目Key Name = json.loads(request.body)["project_name"] # 项目名称 MailMessage = json.loads(request.body)["mail_message"] # 文本内容 Attachment = json.loads(request.body)["attachment"] # 附件列表 Image = json.loads(request.body)["image"] # 获取内容图片 MailTitle = json.loads(request.body)["mail_title"] # 邮件标题 Sender = json.loads(request.body)["sender"] # 发送人姓名 GoalMailbox = json.loads(request.body)["goal_mailbox"] # 目标邮箱 ForgedAddress = json.loads(request.body)["forged_address"] # 伪造发件人 Interval = json.loads(request.body)["interval"] # 邮件发送间隔 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="updata_email_project", uid=Uid) # 查询到了在计入 if len(GoalMailbox)<=0 and type(GoalMailbox)==dict: return JsonResponse({'message': "未传入邮件接收人!", 'code': 414, }) if type(Attachment)!=dict or type(Image)!=dict: return JsonResponse({'message': "附件或者图片必须传入字典类型,不可置空!", 'code': 415, }) if len(Name)==0: return JsonResponse({'message': "项目名称必须填入参数!", 'code': 416, }) if int(EndTime)-int(time.time())<10000000: ProjectStatus= EmailProject().ProjectStatus(uid=Uid,project_key=Key)#查看项目是否启动 CompilationStatus = EmailProject().CompilationStatus(uid=Uid, project_key=Key)#查看项目是否完成 if CompilationStatus: return JsonResponse({'message': "项目已经运行结束禁止修改其中内容!", 'code': 409, }) if ProjectStatus: return JsonResponse({'message': "项目已经开启禁止修改,如需修改请停止运行!", 'code': 406, }) else: Result=EmailProject().Updata(uid=Uid, mail_message=base64.b64encode(str(MailMessage).encode('utf-8')).decode('utf-8'), attachment=Attachment, project_name=Name, image=Image, mail_title=base64.b64encode(str(MailTitle).encode('utf-8')).decode('utf-8'), sender=base64.b64encode(str(Sender).encode('utf-8')).decode('utf-8'), forged_address=base64.b64encode(str(ForgedAddress).encode('utf-8')).decode('utf-8'), redis_id="", project_key=Key, end_time=EndTime, goal_mailbox=GoalMailbox,#list(set(GoalMailbox)),#去重数据 interval=Interval) if Result: return JsonResponse({'message': "更新成功!", 'code': 200, }) else: return JsonResponse({'message': "更新失败!", 'code': 507, }) else: return JsonResponse({'message': "时间间隔太长了!", 'code': 506, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Email_EmailProject_Updata(def)", e) return JsonResponse({'message': "未知错误(๑•̀ㅂ•́)و✧", 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def FilePack(request): # 下载所需文件打包 RequestLogRecord(request, request_api="file_acquisition_file_pack") if request.method == "POST": try: FileList = json.loads(request.body)["file_list"] # 文件列表 UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID PackRedis = Pack.delay(Uid, FileList) FileAcquisitionPack().Write(uid=Uid, file_name="", redis_id=PackRedis.task_id, state="0") #下发任务 return JsonResponse({ 'message': "任务下发成功(๑•̀ㅂ•́)و✧", 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_FileAcquisition_Receive_FilePack(def)", e) return JsonResponse({ 'message': '你不对劲!为什么报错了?', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Query(request): #数据表格查询 RequestLogRecord(request, request_api="email_data_graph_query") if request.method == "POST": try: Token = json.loads(request.body)["token"] ProjectKey = json.loads(request.body)["project_key"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="email_data_graph_query", uid=Uid) # 查询到了在计入 Result = EmailGraph().Query(project_key=ProjectKey, uid=Uid) return JsonResponse({ 'message': ast.literal_eval(Result), 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Email_Graph_Statistics(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def TrojanDataStatistical(request): #个人用户数据统计 RequestLogRecord(request, request_api="trojan_data_statistical") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="trojan_data_statistical", uid=Uid) Number = TrojanData().StatisticalData(uid=Uid) #获取当前用户的个数 return JsonResponse({ 'message': Number, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_TrojanOrVirus_TrojanInterface_TrojanDataStatistical(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def HTTPQuery(request): # 用于HTTP类型的DNSLOG数据查询 RequestLogRecord(request, request_api="http_domain_name_system_log") if request.method == "POST": try: Token = json.loads(request.body)["token"] NumberOfPages = json.loads(request.body)["number_of_pages"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="http_domain_name_system_log", uid=Uid) # 查询到了在计入 DomainNameSystemLogResult = DomainNameSystemLog().Query2HTTP( number_of_pages=int(NumberOfPages)) # 对解析记录进行查询 return JsonResponse({ 'message': DomainNameSystemLogResult, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_DomainNameSystemLog_Data_HTTPQuery(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def TrojanDataQuery(request): #个人用户免杀数据查询 RequestLogRecord(request, request_api="trojan_data_query") if request.method == "POST": try: Token = json.loads(request.body)["token"] NumberOfPages = json.loads(request.body)["number_of_pages"] # 页数 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="trojan_data_query", uid=Uid) AntiAntiVirusDataResult = TrojanData().Query( uid=Uid, number_of_pages=int(NumberOfPages)) # 获取当前用户的个数 return JsonResponse({ 'message': AntiAntiVirusDataResult, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_TrojanOrVirus_TrojanInterface_TrojanDataQuery(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def ApplicationCollectionQuery(request): #APP收集统一查询接口 RequestLogRecord(request, request_api="application_collection_query") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="application_collection_query", uid=Uid) # 查询到了在计入 ApplicationCollectionResult = ApplicationCollection().Query( uid=Uid) #获取查询结果 return JsonResponse({ 'message': ApplicationCollectionResult, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_ApplicationCollection_CollectionWork_ApplicationCollectionQuery(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def StatisticalMailAttachment(request): #统计邮件附件个数 RequestLogRecord(request, request_api="statistical_mail_attachment") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="statistical_mail_attachment", uid=Uid) # 查询到了在计入 StatisticalMailAttachmentResult = MailAttachment().Quantity( uid=Uid) return JsonResponse({ 'message': StatisticalMailAttachmentResult, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_Mail_MailAttachment_StatisticalMailAttachment(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def UpdatePassword(request): #更新密码 RequestLogRecord(request, request_api="update_password") if request.method == "POST": try: UserName = json.loads(request.body)["username"] OldPasswd = json.loads(request.body)["old_passwd"] NewPasswd = json.loads(request.body)["new_passwd"] VerificationCodeKey = json.loads( request.body)["verification_code_key"] #获取验证码关联的KEY Code = json.loads( request.body)["verification_code"].lower() #获取验证码 if VerificationCodeKey != None and Code != None: #判断传入数据不为空 VerificationCodeResult = VerificationCode().Query( code=Code, verification_code_key=VerificationCodeKey) #获取判断 if VerificationCodeResult: #如果为真,进行登录验证 Md5NewPasswd = Md5Encryption().Md5Result( NewPasswd) # 对新密码加密 Md5OldPasswd = Md5Encryption().Md5Result( OldPasswd) # 对旧密码加密 UpdatePassword = UserInfo().UpdatePasswd( name=UserName, old_passwd=Md5OldPasswd, new_passwd=Md5NewPasswd) if UpdatePassword: UserOperationLogRecord(request, request_api="update_password", uid=UserName) #如果修改成功写入数据库中 return JsonResponse({ 'message': '好耶!修改成功~', 'code': 200, }) else: return JsonResponse({ 'message': "输入信息有误重新输入", 'code': 404, }) else: return JsonResponse({ 'message': "验证码错误或者过期!", 'code': 503, }) else: return JsonResponse({ 'message': "验证码或者验证码秘钥不能为空!", 'code': 504, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_User_UpdatePassword(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def MarkdownImageUpload (request):#md文档专有上传位置 RequestLogRecord(request, request_api="markdown_image_upload") Token =request.headers["token"] if request.method == "POST": try: Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="markdown_image_upload", uid=Uid) # 查询到了在计入 PictureData = request.FILES.get('file', None)#获取文件数据 if 1024<PictureData.size:#最小值1KB SaveFileName=randoms().result(50)+str(int(time.time()))+".jpg"#重命名文件 SaveRoute=GetImageFilePath().Result()+SaveFileName#获得保存路径 with open(SaveRoute, 'wb') as f: for line in PictureData: f.write(line) return JsonResponse({'message': SaveFileName, 'code': 200,})#返回上传图片名称 else: return JsonResponse({'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)', 'code': 603,}) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CollaborationPlatform_Markdown_MarkdownImageUpload(def)", e) return JsonResponse({'message': '你不对劲!为什么报错了?', 'code': 169,}) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def MarkdownDataComparison (request):#md文档数据对比 RequestLogRecord(request, request_api="markdown_data_comparison") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] MarkdownData = json.loads(request.body)["new_markdown_data"]#传入新文本数据 MarkdownName = json.loads(request.body)["markdown_name"] # 传入文档名称 Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="markdown_data_comparison", uid=Uid) CheckPermissionsResult=MarkdownRelationship().CheckPermissions(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户 if CheckPermissionsResult:#如果属于该用户 MarkdownDataResult=MarkdownInfo().QueryMarkdownData(markdown_name=MarkdownName)#文件数据查询 if MarkdownDataResult==None: MarkdownDataResult=""#如果数据库中无数据 OldMarkdownData=base64.b64decode(str(MarkdownDataResult).encode('utf-8')).decode('utf-8').splitlines() NewMarkdownData=MarkdownData.splitlines() ComparisonResult=difflib.HtmlDiff().make_file(OldMarkdownData,NewMarkdownData)#对比结果 return JsonResponse({'message': ComparisonResult, 'code': 200, }) else: return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CollaborationPlatform_Markdown_MarkdownDataComparison(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def NistSearch(request):#模糊搜索 RequestLogRecord(request, request_api="nist_search") if request.method == "POST": try: Token=json.loads(request.body)["token"] NumberOfPages = json.loads(request.body)["number_of_pages"] # 页数 Severity = json.loads(request.body)["severity"] # 严重性等级 Key = json.loads(request.body)["key"] # 查询关键字 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="nist_search", uid=Uid) # 查询到了在计入 if int(NumberOfPages)<1: return JsonResponse({'message': "你家有小于1的页码?", 'code': 503, }) elif Key=="": return JsonResponse({'message': "咋了?查询不知道传数据吗?", 'code': 505, }) else: Data= NistData().Search(number_of_pages=int(NumberOfPages),key=Key,severity=Severity) # 对查询分页数据 return JsonResponse({'message': Data, 'code': 200, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CVE_NistMonitoring_Nist_NistSearch(def)", e) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def SubdomainSearch(request): # 子域名搜索函数 RequestLogRecord(request, request_api="subdomain_search") if request.method == "POST": try: Token = json.loads(request.body)["token"] Url = json.loads(request.body)["url"] #后续还有其他配置等后面再说 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="subdomain_search", uid=Uid) # 查询到了在计入 return JsonResponse({ 'message': "任务下发成功(๑•̀ㅂ•́)و✧", 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法请求哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_Subdomain_UnifiedSchedulingOfSubdomains_SubdomainSearch(def)", e) return JsonResponse({ 'message': "出现未知错误,详情看日志文件", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Statistics(request): #统计邮件获取到的数据 RequestLogRecord(request, request_api="email_receive_data_statistics") if request.method == "POST": try: Token = json.loads(request.body)["token"] ProjectKey = json.loads(request.body)["project_key"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="email_receive_data_statistics", uid=Uid) # 查询到了在计入 Result = EmailReceiveData().Statistics(project_key=ProjectKey) return JsonResponse({ 'message': Result, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Email_ReceiveData_Statistics(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def UsageQuery(request): # 用于查询CPU和硬件的使用情况 RequestLogRecord(request, request_api="system_hardware_usage_query") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="system_hardware_usage_query", uid=Uid) # 查询到了在计入 HardwareUsageRateResult = HardwareUsageRateInfo().Query( ) #对CPU和内存信息进行查询 return JsonResponse({ 'message': HardwareUsageRateResult, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_SystemInfo_HardwareInfo_UsageQuery(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Windows(request): # 用于提取保存文件后调用相应的处理函数 RequestLogRecord(request, request_api="windows_portable_execute_analysis") if request.method == "POST": try: Token =request.headers["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="windows_portable_execute_analysis", uid=Uid) # 查询到了在计入 PictureData = request.FILES.get('file', None) # 获取文件数据 if 0>=PictureData.size:#判断是不是空文件 return JsonResponse({'message': "宝贝数据这么小的嘛?", 'code': 400, }) elif portable_execute_file_size < PictureData.size: #和配置文件中做对比 FileMd5 = hashlib.md5(PictureData).hexdigest() # 文件的MD5加密 FileSha1 = hashlib.sha1(PictureData).hexdigest() # 文件的sha1加密 FileSha256 = hashlib.sha256(PictureData).hexdigest() # 文件的sha256加密 SaveFileName = str(FileSha256)+"-"+str(int(time.time())) # 重命名文件 SaveRoute = GetAnalysisFileStoragePath().Result() + SaveFileName # 获得保存路径 with open(SaveRoute, 'wb') as f: for line in PictureData: f.write(line) PortableExecute().Run(uid=Uid,md5=FileMd5,save_file_name=SaveFileName,sha1=FileSha1,sha256=FileSha256,path=SaveRoute) #接下来调用处理函数,接着再调用删除函数 return JsonResponse({'message': "成功了", 'code': 200, }) else: return JsonResponse({'message': "文件太大啦~(๑•̀ㅂ•́)و✧", 'code': 501, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_ToolsUtility_PortableExecute_Windows(def)", e) return JsonResponse({'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def CreateMarkdownProject(request):#用来创建markdown项目,目前只支持单用户,先用于测试 RequestLogRecord(request, request_api="create_markdown_project") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] MarkdownProjectName = json.loads(request.body)["markdown_project_name"]#传入项目名称 Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="create_markdown_project", uid=Uid) while True: # 用来生成markdown文件名,防止重复 MarkdownName=randoms().result(250)#markdown文件名,随机生成 CheckName=MarkdownRelationship().CheckConflict(markdown_name=MarkdownName) if not CheckName: # 如果不冲突的话跳出循环 break while True: # 用来生成邀请码,防止重复 MarkdownProjectInvitationCode=randoms().result(50)#邀请码 CheckInvitationCode=MarkdownRelationship().CheckInvitationCode(MarkdownProjectInvitationCode=MarkdownProjectInvitationCode) if not CheckInvitationCode: # 如果不冲突的话跳出循环 break MarkdownRelationship().Write(markdown_name=MarkdownName,uid=Uid,markdown_project_name=MarkdownProjectName,markdown_project_owner="1",markdown_project_invitation_code=MarkdownProjectInvitationCode) return JsonResponse({'message': "创建成功啦~玛卡玛卡~", 'code': 200, }) else: return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CollaborationPlatform_Markdown_CreateMarkdownProject(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def DeleteMarkdown (request):#删除文档项目 RequestLogRecord(request, request_api="delete_markdown") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] MarkdownName = json.loads(request.body)["markdown_name"] # 传入文档名称 Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="delete_markdown", uid=Uid) ProjectBelongsResult=MarkdownRelationship().ProjectBelongs(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户 if ProjectBelongsResult:#检查项目所属 DeleteResult=MarkdownRelationship().Delete(markdown_name=MarkdownName,uid=Uid)#删除表格 if not DeleteResult: return JsonResponse({'message': "项目删除错误", 'code': 171, }) else: MarkdownInfo().Delete(markdown_name=MarkdownName) # 删除数据,有可能会有空数据的情况 return JsonResponse({'message': "项目删除成功~", 'code': 200, }) else: return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CollaborationPlatform_Markdown_DeleteMarkdown(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, }) #数据对比函数,以及关系表中多人相关数据
def UploadAvatar(request): #文件上传功能 RequestLogRecord(request, request_api="upload_avatar") Token = request.headers["token"] if request.method == "POST": try: Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="upload_avatar", uid=Uid) # 查询到了在计入 PictureData = request.FILES.get('file', None) #获取文件数据 if 10240 < PictureData.size: #最大值10MB,最小值10KB SaveFileName = randoms().result(10) + str(int( time.time())) + ".jpg" #重命名文件 SaveRoute = GetImageFilePath().Result( ) + SaveFileName #获得保存路径 with open(SaveRoute, 'wb') as f: for line in PictureData: f.write(line) UserInfo().UpdateAvatar(avatar=SaveFileName, uid=Uid) #图片写到本地后更新用户头像 return JsonResponse({ 'message': SaveFileName, 'code': 200, }) #返回上传图片名称 else: return JsonResponse({ 'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)', 'code': 603, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_User_UploadAvatar(def)", e) return JsonResponse({ 'message': '你不对劲!为什么报错了?', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def PersonalInformation(request): #用户个人信息 RequestLogRecord(request, request_api="user_info") if request.method == "POST": try: Token = json.loads(request.body)["token"] Info = UserInfo().QueryUserInfo(Token) Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询用户名 if Info is None: return JsonResponse({ 'message': '搁着闹呢?', 'code': 404, }) elif Info != None and Uid != None: UserOperationLogRecord(request, request_api="user_info", uid=Uid) JsonValues = {} #对数据进行二次处理 JsonValues["id"] = Info["id"] JsonValues["key"] = Info["key"] JsonValues["name"] = Info["name"] JsonValues["token"] = Info["token"] JsonValues["show_name"] = Info["show_name"] JsonValues["email"] = Info["email"] JsonValues["avatar"] = Info["avatar"] return JsonResponse({ 'message': JsonValues, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_BasicFunctions_User_PersonalInformation(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def SendUserMail(request): #发送邮件信息 RequestLogRecord(request, request_api="send_user_mail") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID MailMessage = json.loads(request.body)["mail_message"] # 文本内容 Attachment = json.loads(request.body)["attachment"] # 附件列表 Image = json.loads(request.body)["image"] # 获取内容图片 MailTitle = json.loads(request.body)["mail_title"] # 邮件标题 Sender = json.loads(request.body)["sender"] # 发送人姓名 GoalMailbox = json.loads(request.body)["goal_mailbox"] # 目标邮箱 ThirdParty = json.loads(request.body)["third_party"] # 判断是否是第三方服务器 ForgedAddress = json.loads(request.body)["forged_address"] # 伪造发件人 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="send_user_mail", uid=Uid) # 查询到了在计入 SendMailForRedis = SendMail.delay(MailMessage, Attachment, Image, MailTitle, Sender, GoalMailbox, ThirdParty, ForgedAddress) #调用下发任务 MaliciousEmail().Write( uid=Uid, mail_message=base64.b64encode( str(MailMessage).encode('utf-8')).decode('utf-8'), attachment=Attachment, image=Image, mail_title=base64.b64encode( str(MailTitle).encode('utf-8')).decode('utf-8'), sender=base64.b64encode( str(Sender).encode('utf-8')).decode('utf-8'), forged_address=base64.b64encode( str(ForgedAddress).encode('utf-8')).decode('utf-8'), redis_id=SendMailForRedis.task_id) return JsonResponse({ 'message': "任务下发成功~", 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Mail_Eamil_SendUserMail(def)", e) return JsonResponse({ 'message': "未知错误(๑•̀ㅂ•́)و✧", 'code': 503, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def GenerateProject(request): #用来生成项目,并且生成文件和用户绑定 RequestLogRecord(request, request_api="create_cross_site_script_project") if request.method == "POST": try: JavaScriptFileData = json.loads( request.body)["javascript_data"] #获取前端传入的加密过的js文件数据 ProjectName = json.loads(request.body)["project_name"] #用户自定义的项目名 UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None and JavaScriptFileData != None: # 查到了UID,并且js数据不为空 UserOperationLogRecord( request, request_api="create_cross_site_script_project", uid=Uid) GetJavaScriptFilePath().Result() #获取js文件路径 while True: #如果查询确实冲突了 JavaScriptSaveFileName = randoms().result(5) #文件名 QueryJavaScriptSaveFileNameValidity = CrossSiteScriptProject( ).RepeatInvestigation( file_name=JavaScriptSaveFileName) #判断文件是否重复 if not QueryJavaScriptSaveFileNameValidity: #如果不冲突的话跳出循环 break JavaScriptSaveRoute = GetJavaScriptFilePath().Result( ) + JavaScriptSaveFileName # 获得保存路径 with open(JavaScriptSaveRoute, 'w+', encoding='UTF-8') as f: f.write( base64.b64decode( str(JavaScriptFileData).encode('utf-8')).decode( 'utf-8')) #文件内容还要加密 CrossSiteScriptProject().Write( file_name=JavaScriptSaveFileName, uid=Uid, project_name=ProjectName) #写到数据库表中 return JsonResponse({ 'message': JavaScriptSaveFileName, 'code': 200, }) #返回创建好的文件名 else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_CrossSiteScriptHub_CrossSiteScript_GenerateProject(def)", e) return JsonResponse({ 'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def CreateProxyScanProject(request): #创建代理扫描项目 RequestLogRecord(request, request_api="create_proxy_scan_project") if request.method == "POST": try: Token = json.loads(request.body)["token"] ProxyProjectName = json.loads(request.body)["proxy_project_name"] ProxyUsername = json.loads(request.body)["proxy_username"] ProxyPassword = json.loads(request.body)["proxy_password"] EndTime = json.loads(request.body)["end_time"] Uid = UserInfo().QueryUidWithToken(Token) #通过Token来查用户 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="create_proxy_scan_project", uid=Uid) #还需要查询项目名是否冲突 QueryTheResultOfTheProxyProjectName = ProxyScanList( ).QueryProxyProjectName( uid=Uid, proxy_project_name=ProxyProjectName, proxy_username=ProxyUsername) #进行代理扫描项目查询,判断是否已经存在该项目 if QueryTheResultOfTheProxyProjectName == False: Md5ProxyPassword = Md5Encryption().Md5Result( ProxyPassword) # 对密码进行MD5加密 ProxyScanList().Write( uid=Uid, end_time=EndTime, proxy_project_name=ProxyProjectName, proxy_username=ProxyUsername, proxy_password=Md5ProxyPassword) #写入表中 return JsonResponse({ 'message': '小宝贝!创建成功了呢~', 'code': 200, }) else: return JsonResponse({ 'message': '代理扫描项目创建失败!', 'code': 503, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_BasicFunctions_ProxyScan_CreateProxyScanProject(def)", e) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, }) #查询代理扫描项目
def Upload(request): #接收所需数据文件 RequestLogRecord(request, request_api="file_acquisition_receive") Key = request.headers["Key"] FileFullPath = request.headers["FileFullPath"] UUID = request.headers["UUID"] if request.method == "POST": try: Uid = UserInfo().QueryUidWithKey(Key) # 通过key来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="file_acquisition_receive", uid=Uid) # 查询到了在计入 ReceiveData = request.FILES.get('file', None) #获取文件数据 ReceiveName = ReceiveData.name # 获取文件名 if 0 < ReceiveData.size <= file_acquisition_size_max: #内容不能为空,且不能操过最大值 SaveFileName = randoms().result(10) + str( int(time.time())) #重命名文件 SaveRoute = FileAcquisitionPath().Result( ) + SaveFileName #获得保存路径 with open(SaveRoute, 'wb') as f: for line in ReceiveData: f.write(line) FileAcquisitionData().Write(uid=Uid, file_full_path=FileFullPath, old_file_name=ReceiveName, file_size=ReceiveData.size, new_file_name=SaveFileName, target_machine=UUID) return JsonResponse({ 'message': "ok", 'code': 200, }) else: return JsonResponse({ 'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)', 'code': 603, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_FileAcquisition_Receive_Upload(def)", e) return JsonResponse({ 'message': '你不对劲!为什么报错了?', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def ModifyProject(request): # 用来修改XSS项目中的数据 RequestLogRecord(request, request_api="modify_cross_site_script_project") if request.method == "POST": try: ProjectAssociatedFileName = json.loads( request.body)["project_associated_file_name"] #传入项目生成的文件名 ProjectAssociatedFileData = json.loads( request.body)["project_associated_file_data"] #传入base64加密后的数据 UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="modify_cross_site_script_project", uid=Uid) AuthorityCheck = CrossSiteScriptProject().AuthorityCheck( uid=Uid, file_name=ProjectAssociatedFileName ) # 用来校检CrossSiteScript数据库中文件名和UID相对应 if AuthorityCheck: #判断文件是属于该用户,如果属于的话就对文件进行修改 JavaScriptFilePath = GetJavaScriptFilePath().Result( ) + ProjectAssociatedFileName #获取文件位置 with open(JavaScriptFilePath, 'w+', encoding='UTF-8') as f: f.write( base64.b64decode( str(ProjectAssociatedFileData).encode( 'utf-8')).decode('utf-8')) # 文件内容还要解密 return JsonResponse({ 'message': "文件内容覆盖成功~", 'code': 200, }) else: return JsonResponse({ 'message': "你没有查询这个项目的权限哦宝贝~", 'code': 404, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_CrossSiteScriptHub_CrossSiteScript_ModifyProject(def)", e) return JsonResponse({ 'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Initialization(request): #用于初始化获取基础信息 RequestLogRecord(request, request_api="system_hardware_initialization") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="system_hardware_initialization", uid=Uid) # 查询到了在计入 MemoryInfo = psutil.virtual_memory() # 获取完整内存信息 SystemInfo = platform.platform() SystemName = platform.system() SystemType = platform.machine() UserName = platform.node() CentralProcessingUnitArchitecture = platform.processor() ServerStartTime = str(int(psutil.boot_time())) # 获取服务器启动时间 MemoryTotal = MemoryInfo.total # 系统内存总数 CentralProcessingUnitCount = psutil.cpu_count() # cpu核数 return JsonResponse({ 'message': { "central_processing_unit_architecture": CentralProcessingUnitArchitecture, "system_info": SystemInfo, "server_start_time": ServerStartTime, "system_name": SystemName, "system_type": SystemType, "user_name": UserName, "memory_total": MemoryTotal, "central_processing_unit_count": CentralProcessingUnitCount }, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_SystemInfo_HardwareInfo_Initialization(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })