def __init__(self): self.port_scan = Port_Scan() self.mysqldb = Mysql_db() self.aes_crypto = Aes_Crypto() self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins") if not os.path.isdir(self.plugin_path): raise EnvironmentError self.items = os.listdir(self.plugin_path)
DATABASE = sys.path[0] + '/mydb.db' app = Flask(__name__) app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER app.config['MAX_CONTENT_LENGTH'] = 5 * 1024 * 1024 CORS(app, supports_credentials=True) mysqldb = Mysql_db() mysqldb.create_database('linbing') mysqldb.create_user() mysqldb.create_target() mysqldb.create_vulnerability() mysqldb.create_delete_target() mysqldb.create_delete_vulnerability() aes_crypto = Aes_Crypto() rsa_crypto = Rsa_Crypto() port_scan = Port_Scan() def parse_target(target): scan_ip = '' try: url_result = re.findall('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', target) if url_result == []: ip_result = re.findall( r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b", target) if ip_result == []: domain_regex = re.compile( r'(?:[A-Z0-9_](?:[A-Z0-9-_]{0,247}[A-Z0-9])?\.)+(?:[A-Z]{2,6}|[A-Z0-9-]{2,}(?<!-))\Z', re.IGNORECASE)
class Multiply_Thread(): def __init__(self): self.port_scan = Port_Scan() self.mysqldb = Mysql_db() self.aes_crypto = Aes_Crypto() self.plugin_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),"plugins") if not os.path.isdir(self.plugin_path): raise EnvironmentError self.items = os.listdir(self.plugin_path) def async_exe(self, func, args = None, kwargs = None, delay = 0): """异步执行方法 :param func: 待执行方法 :param args: 方法args参数 :param kwargs: 方法kwargs参数 :param delay: 执行延迟时间 :return: 执行线程对象 """ args = args or () kwargs = kwargs or {} def tmp(): self.run(*args, **kwargs) scheduler = sched.scheduler(time.time, time.sleep) scheduler.enter(delay, 10, tmp, ()) thread = threading.Thread(target = scheduler.run) thread.start() return thread def run(self, *args, **kwargs): scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target']) if scan_set['scanner'] == 'nmap': scan_list = self.port_scan.nmap_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port']) else: scan_list = self.port_scan.masscan_scan(kwargs['username'], kwargs['target'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'], scan_set['rate']) self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '开始POC检测') for ip_port in scan_list: for item in self.items: poc_path = os.path.join(self.plugin_path, item) if '.py' not in poc_path: poc_items = os.listdir(poc_path) for poc_item in poc_items: if poc_item.endswith(".py") and not poc_item.startswith('__'): plugin_name = poc_item[:-3] module = importlib.import_module('app.plugins.' + item + '.' + plugin_name) try: class_name = plugin_name + '_BaseVerify' url = 'http://' + ip_port get_class = getattr(module, class_name)(url) result = get_class.run() if result: if not self.mysqldb.get_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)): self.mysqldb.save_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(plugin_name)) else: self.mysqldb.update_vulnerability(kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)) else: pass except: pass else: continue self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')
class Multiply_Thread(): def __init__(self, mysqldb): self.port_scan = Port_Scan(mysqldb) self.mysqldb = mysqldb self.aes_crypto = Aes_Crypto() self.plugin_path = os.path.join( os.path.dirname(os.path.realpath(__file__)), "plugins") if not os.path.isdir(self.plugin_path): raise EnvironmentError self.items = os.listdir(self.plugin_path) def async_exe(self, func, args=None, kwargs=None, delay=0): """异步执行方法 :param func: 待执行方法 :param args: 方法args参数 :param kwargs: 方法kwargs参数 :param delay: 执行延迟时间 :return: 执行线程对象 """ args = args or () kwargs = kwargs or {} def tmp(): self.run(*args, **kwargs) scheduler = sched.scheduler(time.time, time.sleep) scheduler.enter(delay, 10, tmp, ()) thread = threading.Thread(target=scheduler.run) thread.start() return thread async def coroutine_execution(self, function, loop, semaphore, kwargs, ip_port, plugin_name): """ 多协程执行方法 :param func: 待执行方法 :param loop: loop 对象 :param semaphore: 协程并发数量 :param kwargs: kwargs参数,方便与数据库联动,保存到数据库 :param ip_port: 目标的ip和端口,方便与数据库联动,保存到数据库 :param plugin_name: 插件的名字,方便与数据库联动,保存到数据库 :return: 执行线程对象 """ async with semaphore: try: result = await loop.run_in_executor( None, functools.partial(function.run)) if result: if not self.mysqldb.get_vulnerability( kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)): self.mysqldb.save_vulnerability( kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name), self.aes_crypto.encrypt(plugin_name)) else: self.mysqldb.update_vulnerability( kwargs['username'], kwargs['target'], self.aes_crypto.encrypt(ip_port), self.aes_crypto.encrypt(plugin_name)) else: pass except Exception as e: #print(e) pass def sub_domain(self, username, target, description, domain): """ 调用oneforall爆破子域名 :param username: 用户名 :param targer: 目标 :param description: 目标描述 :param domain: 要爆破的域名 :return: """ oneforall = OneForAll(domain) datas = oneforall.run() for domain in datas: self.mysqldb.save_target_domain( username, target, description, self.aes_crypto.encrypt(domain['subdomain']), self.aes_crypto.encrypt(domain['ip'])) #print(domain['alive']) #print(domain['port']) #print(domain['cdn']) #print(domain['title']) #print(domain['banner']) def run(self, *args, **kwargs): scan_set = self.mysqldb.get_scan(kwargs['username'], kwargs['target']) if kwargs['domain']: self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '开始子域名检测') self.sub_domain(kwargs['username'], kwargs['target'], kwargs['description'], kwargs['domain'][0]) if scan_set['scanner'] == 'nmap': scan_list = self.port_scan.nmap_scan( kwargs['username'], kwargs['target'], kwargs['description'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port']) else: scan_list = self.port_scan.masscan_scan( kwargs['username'], kwargs['target'], kwargs['description'], kwargs['scan_ip'], scan_set['min_port'], scan_set['max_port'], scan_set['rate']) self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '开始POC检测') new_loop = asyncio.new_event_loop() asyncio.set_event_loop(new_loop) semaphore = asyncio.Semaphore(int(scan_set['concurren_number'])) tasks = [] loop = asyncio.get_event_loop() for ip_port in scan_list: for item in self.items: poc_path = os.path.join(self.plugin_path, item) if '.py' not in poc_path: poc_items = os.listdir(poc_path) for poc_item in poc_items: if poc_item.endswith( ".py") and not poc_item.startswith( '__') and 'ajpy' not in poc_item: plugin_name = poc_item[:-3] module = importlib.import_module('app.plugins.' + item + '.' + plugin_name) try: class_name = plugin_name + '_BaseVerify' url = 'http://' + ip_port get_class = getattr(module, class_name)(url) future = asyncio.ensure_future( self.coroutine_execution( get_class, loop, semaphore, kwargs, ip_port, plugin_name)) tasks.append(future) except Exception as e: print(e) pass else: continue loop.run_until_complete(asyncio.wait(tasks)) self.mysqldb.update_scan(kwargs['username'], kwargs['target'], '扫描结束')