def domains_controllers():
if request.method == "POST":
domain_name = request.form.get('domain', None)
project = request.form.get('project', None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
if project is None or domain_name is None or len(project) == 0:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
if mongo.db.tasks.find({
'parent_name': project,
"hack_type": "域名扫描"
}).count() > 0:
result = {"status": 403, "msg": "域名扫描项目已存在"}
return jsonify(result)
new_list = [ii for ii in domain_name.split("\n") if len(ii) > 0]
target_name = ",".join(new_list)
task_id = get_uuid()
task = {
"id": task_id,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target_name,
"task_type": "即时任务",
"hack_type": "域名扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": len(new_list),
"hidden_host": "{}",
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.subdomain_scan(task_id)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.subdomains.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
subdomains = mongo.db.subdomains.find({
'parent_name':
mongo.db.tasks.find_one({'id': task_id})["parent_name"]
})
for i in subdomains:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["域名"] = i["subdomain_name"]
new_dict["时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S")
new_dict["端口"] = i["port"]
new_dict["IP地址"] = i["ips"]
new_dict["标题"] = i["title"]
new_dict["指纹"] = i["banner"]
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有域名结果"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) is not None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"域名扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
def finger_controller():
if request.method == "POST":
project = request.form.get('project', None)
child_task_name = request.form.get('parent_project', None)
ip_address = request.form.get("ip_address", None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
if len(ip_address) != 0:
# 输入文本的方案
pid = get_uuid()
target_list = list()
for i in ip_address.split('\n'):
if len(i) > 0 and (i.startswith("http://") or i.startswith("https://")):
task_id = get_uuid()
new_dict = dict()
new_dict["http_address"] = i
new_dict["parent_name"] = project
new_dict["pid"] = task_id
new_dict["flag"] = "port"
target_list.append(new_dict)
url = i
_url = urlparse(url)
hostname = _url.hostname
port = _url.port if _url.port is not None else 80
port_dict = {"id": task_id, "address": hostname, "mac": "Null", "vendor": "Null", "port": port,
"hostname": "Null", "create_date": datetime.datetime.now(),
"end_time": datetime.datetime.now(),
"parent_name": project, "pid": pid, "http_address": i, "fofa": "", "category": "",
"service": "http"}
mongo.db.ports.insert_one(port_dict)
task = {"id": pid, "create_date": datetime.datetime.now(), "parent_name": project,
"target": str(target_list), "task_type": "即时任务", "hack_type": "指纹识别", "status": "Running",
"progress": "0.00%", "contain_id": "Null", "end_time": "Null",
"live_host": 0, "hidden_host": "{}", "total_host": 0,
"user": session.get("admin")}
conf.finger = AttribDict(
{"method": "lilith", "pid": pid, "parent_name": project, "target": target_list})
mongo.db.tasks.insert_one(task)
FingerCMS.thread_start()
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if child_task_name is not None:
# 从项目选择的方案
task_id_new = get_uuid()
task = {"id": task_id_new, "create_date": datetime.datetime.now(), "parent_name": project,
"target": "Null", "task_type": "即时任务", "hack_type": "指纹识别", "status": "Running",
"progress": "0.00%", "contain_id": "Null", "end_time": "Null",
"live_host": 0, "hidden_host": 0, "total_host": "{}", "user": session.get("admin")}
conf.finger = AttribDict(
{"method": "adam", "pid": task_id_new, "parent_name": project, "child_name": child_task_name})
mongo.db.tasks.insert_one(task)
FingerCMS.thread_start()
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task is None:
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.ports.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result, safe=False)
new_target = []
target_list = mongo.db.ports.find(
{'pid': task_id})
for i in target_list:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["地址"] = i["http_address"]
new_dict["标签"] = i["category"]
new_dict["fofa识别"] = i["fofa"]
new_dict["创建时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S")
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有结果"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) != None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {"id": get_uuid(), "hack_type": "指纹识别",
"parent_name": mongo.db.tasks.find_one({'id': task_id})["parent_name"], "file_path": path,
"status": "Finished", "user": session.get("admin"), "create_date": datetime.datetime.now(),
"full_path": full_path}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
def ports_controllers():
if request.method == "POST":
action = request.form.get("action", None)
project = request.form.get("project", None)
target_id = request.form.get("target_id", None)
ip_address = request.form.get("ip_address", None)
ports = request.form.get("ports", None)
task_id = request.form.get("task_id", None)
option = request.form.get('option', None) # full each
if action == "add":
if ports is None or action is None:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
if mongo.db.tasks.find({
'parent_name': project,
"hack_type": "端口扫描"
}).count() > 0:
result = {"status": 403, "msg": "项目已存在"}
return jsonify(result)
if target_id is None and len(ip_address) > 0:
port = ",".join(ports.split("\n"))
len_ip = get_ip_list(ip_address.split("\n"))
if not len_ip:
result = {"status": 403, "msg": "IP地址格式错误"}
return jsonify(result)
if not get_port_list(ports.split("\n")):
result = {"status": 403, "msg": "端口地址格式错误"}
return jsonify(result)
target_dict = {
"ips":
",".join([i for i in ip_address.split("\n")
if len(i) > 0]),
"ports":
port,
"rates":
10000,
"threads":
5
}
target = json.dumps(target_dict, ensure_ascii=False)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target,
"task_type": "即时任务",
"hack_type": "端口扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": len_ip,
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.ports_scan(uid)
result = {"status": 200, "msg": "任务创建成功"}
return jsonify(result)
if target_id is not None and len(ip_address) == 0:
task_subdomain = mongo.db.subdomains.find({"pid": target_id})
new_list = []
for i in task_subdomain:
lm = i["ips"]
ips = lm.split(",")
# 如果一个域名解析出了五个及以上的地址就认为是有CDN
if len(ips) < 5:
new_list = new_list + ips
ips_list = list_duplicate(new_list)
if option == "each":
port = ports.split("\n")
len_ip = get_ip_list(ips_list)
if not len_ip:
result = {"status": 403, "msg": "IP地址格式错误"}
return jsonify(result)
if not get_port_list(ports.split("\n")):
result = {"status": 403, "msg": "端口地址格式错误"}
return jsonify(result)
target_dict = {
"ips": ','.join(get_list_ip(ips_list)),
"ports": ",".join(port),
"rates": RATE,
"threads": THREADS
}
target = json.dumps(target_dict, ensure_ascii=False)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target,
"task_type": "即时任务",
"hack_type": "端口扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": len_ip,
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.ports_scan(uid)
result = {"status": 200, "msg": "任务创建成功"}
return jsonify(result)
if option == "full":
port = ports.split("\n")
new_c_list = []
for i in ips_list:
if not re.match(
r"^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
i):
continue
ip1, ip2, ip3, ip4 = i.split(".")
c_ip = f"{ip1}.{ip2}.{ip3}.1/24"
new_c_list.append(c_ip)
new_target_ip = list_duplicate(new_c_list)
targetIps = [','.join(new_target_ip), ",".join(port)]
port = ports.split("\n")
len_ip = get_ip_list(new_target_ip)
if not len_ip:
result = {"status": 403, "msg": "IP地址格式错误"}
return jsonify(result)
if not get_port_list(ports.split("\n")):
result = {"status": 403, "msg": "端口地址格式错误"}
return jsonify(result)
target_dict = {
"ips": targetIps,
"ports": ",".join(port),
"rates": RATE,
"threads": THREADS
}
target = json.dumps(target_dict, ensure_ascii=False)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": target,
"task_type": "即时任务",
"hack_type": "端口扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": 0,
"total_host": len_ip,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
Controller.ports_scan(uid)
result = {"status": 200, "msg": "任务创建成功"}
return jsonify(result)
result = {"status": 403, "msg": "任务失败"}
return jsonify(result)
else:
result = {"status": 403, "msg": "任务失败"}
return jsonify(result)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task is None:
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.ports.delete_many({'pid': task_id})
mongo.db.exports.delete_one({'id': task_id})
result = {"status": 200, "msg": "任务删除成功"}
return jsonify(result)
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.ports.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
result = {"status": 200, "msg": "任务删除成功"}
return jsonify(result)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
ports = mongo.db.ports.find({'pid': task_id})
for i in ports:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["IP地址"] = i["address"]
new_dict["端口"] = i["port"]
new_dict["服务"] = i["service"]
new_dict["指纹"] = i["banner"]
new_dict["创建时间"] = i["create_date"]
new_dict["结束时间"] = i["end_time"]
if "tag" in i:
new_dict["标签"] = i["tag"]
else:
new_dict["标签"] = "Null"
if "title" in i:
new_dict["标题"] = i["title"]
else:
new_dict["标题"] = "Null"
new_dict["服务"] = i["service"]
new_target.append(new_dict)
if mongo.db.exports.find_one({"pid": task_id}) is not None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"端口扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"pid":
task_id,
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
def pocs_controllers():
if request.method == "POST":
action = request.form.get("action", None)
project = request.form.get("project", None)
target_name = request.form.get("target_name", None)
task_id = request.form.get("task_id", None)
if action == "add":
if project is None or action is None or target_name is None:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
uid = get_uuid()
task = {
"id": uid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": "Null",
"task_type": "即时任务",
"hack_type": "POC扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": 0,
"total_host": 0,
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
ControllerPocs.thread_start(target_name, project, uid)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task is None:
result = {"status": 403, "msg": "任务不存在"}
return jsonify(result)
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.pocs.delete_many({'pid': task_id})
mongo.db.vuldocker.delete_many({'pid': task_id})
mongo.db.vuls.delete_many({'pid': task_id})
result = {"status": 200, "msg": "任务删除成功"}
return jsonify(result)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
vuls = mongo.db.vuls.find({"pid": task_id})
for i in vuls:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["时间"] = i["create_date"].strftime("%Y-%m-%d %H:%M:%S")
new_dict["IP地址"] = i["ip_address"]
new_dict["端口"] = i["port"]
new_dict["漏洞信息"] = i["vul_info"]
new_dict["漏洞名称"] = i["vul_name"]
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有漏洞"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) is None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"漏洞扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)
def domains_controllers():
if request.method == "POST":
domain_name = request.form.get('domain', type=str)
project = request.form.get('project', None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
if project == None or domain_name == None or len(project) == 0:
result = {"status": 403, "msg": "值不能为空"}
return jsonify(result)
if mongo.db.tasks.find({'parent_name': project, "hack_type": "域名扫描"}).count() > 0:
result = {"status": 403, "msg": "域名扫描项目已存在"}
return jsonify(result)
new_list = [ii for ii in domain_name.split("\n") if len(ii) > 0]
target_name = ",".join(new_list)
task_id = get_uuid()
task = {"id": task_id, "create_date": datetime.datetime.now(), "parent_name": project,
"target": target_name, "task_type": "即时任务", "hack_type": "域名扫描", "status": "Running",
"contain_id": "Null", "end_time": "Null",
"live_host": len(new_list), "hidden_host": "{}", "total_host": 0,
"user": session.get("admin")}
mongo.db.tasks.insert_one(task)
Controller.subdomain_scan(task_id)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.subdomains.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "search":
# table_name = domain_name.replace('.', '_')
# table_name = domain_name + '_resolve_result'
db = '/app/results.sqlite3'
conn = sqlite3.connect(db)
cursor = conn.cursor()
target_list = []
results = cursor.execute(f'select subdomain from "{domain_name}" ')
all_subdomains = results.fetchall()
for subdomain in all_subdomains:
target_list.append(subdomain[0])
data = {
'domain': domain_name,
'result': target_list,
}
return render(request, 'domain/domains_get',data)
def dirs_controller():
if request.method == "POST":
project = request.form.get('project', None)
child_task_name = request.form.get('target_id', None)
ip_address = request.form.get("ip_address", None)
ext = request.form.get("ext", None)
task_id = request.form.get('task_id', None)
action = request.form.get('action', None)
if action == "add":
# if mongo.db.tasks.find({'status': "Running", "hack_type": "目录扫描"}).count() > 0:
# data = {"status": 403, "msg": "现在已有项目正在运行,请稍后添加"}
# return jsonify(data)
if len(ip_address) != 0:
# 输入文本的方案
# [{'http_address': 'http://192.168.3.2:8123', 'keydict': 'common.txt', 'parent_name': '测试项目', 'pid': '141aa854-a78c-42fe-bbf4-99b7d0be37aa'},]
pid = get_uuid()
target_list = list()
for i in ip_address.split('\n'):
if len(i) > 0:
new_dict = dict()
new_dict["http_address"] = i
new_dict["keydict"] = ",".join(ast.literal_eval(ext))
new_dict["parent_name"] = project
new_dict["pid"] = pid
target_list.append(new_dict)
task = {
"id": pid,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": json.dumps(target_list, ensure_ascii=False),
"task_type": "即时任务",
"hack_type": "目录扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": len(target_list),
"total_host": "{}",
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
ControllerDirs.thread_start(method="lilith",
project=project,
task_name="s1riu5",
pid=pid)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if child_task_name is not None:
task_id_new = get_uuid()
task = {
"id": task_id_new,
"create_date": datetime.datetime.now(),
"parent_name": project,
"target": "Null",
"task_type": "即时任务",
"hack_type": "目录扫描",
"status": "Running",
"progress": "0.00%",
"contain_id": "Null",
"end_time": "Null",
"live_host": 0,
"hidden_host": 0,
"total_host": "{}",
"user": session.get("admin")
}
mongo.db.tasks.insert_one(task)
ControllerDirs.thread_start(method="adam",
project=project,
task_name=child_task_name,
pid=task_id_new)
data = {"status": 200, "msg": "项目添加成功"}
return jsonify(data)
if action == "delete":
task = mongo.db.tasks.find_one({'id': task_id})
if task["contain_id"] != "Null":
Controller.stop_contain(task["contain_id"])
mongo.db.tasks.delete_one({'id': task_id})
mongo.db.vul_dirs.delete_many({'pid': task_id})
mongo.db.exports.delete_many({'pid': task_id})
data = {"status": 200, "msg": "项目删除成功"}
return jsonify(data)
if action == "export":
if mongo.db.tasks.find_one({'id': task_id
})["status"] != "Finished":
result = {"status": 403, "msg": "任务还没有完成"}
return jsonify(result)
new_target = []
subdomains = mongo.db.dir_vuls.find({'pid': task_id})
for i in subdomains:
new_dict = dict()
new_dict["父级项目"] = i["parent_name"]
new_dict["地址"] = i["vul_path"]
new_dict["状态"] = i["status_code"]
new_dict["创建时间"] = i["create_date"]
new_target.append(new_dict)
if len(new_target) == 0:
result = {"status": 403, "msg": "没有结果"}
return jsonify(result)
if mongo.db.exports.find_one({"pid": task_id}) is not None:
result = {"status": 403, "msg": "任务已存在,请前往导出页面查看"}
return jsonify(result)
else:
# 得到即将下载文件的路径和名称
path, full_path = json_to_excel(new_target)
log = {
"id":
get_uuid(),
"hack_type":
"目录扫描",
"parent_name":
mongo.db.tasks.find_one({'id': task_id})["parent_name"],
"file_path":
path,
"status":
"Finished",
"user":
session.get("admin"),
"create_date":
datetime.datetime.now(),
"full_path":
full_path
}
mongo.db.exports.insert(log)
result = {"status": 200, "file_url": path}
return jsonify(result)
data = {"status": 403, "msg": "操作失败"}
return jsonify(data)