def __init__(self, task_id):
self.task_id = task_id
self.check_result = {} # 检测结果
self.online_target = [] # 在线目标
self.result_pool = []
self.result = []
self.week_count = 0
self.auth_db = db_name_conf()['auth_db']
self.config_db = db_name_conf()['config_db']
self.weekpasswd_db = db_name_conf()['weekpasswd_db']
self.connectiondb = connectiondb2('AuthCrack')
self.task_cursor = self.connectiondb[self.auth_db].find_one(
{"_id": ObjectId(self.task_id)})
self.task_name = self.task_cursor['task_name'] # 191030_ssh_check
self.target_list = parse_target(
self.task_cursor['target']) # [u'192.168.1.141', u'192.168.1.141']
self.service_list = self.task_cursor['service'] # [u'ssh']
self.args = self.task_cursor['args'] # u''
self.config_cursor = self.connectiondb[self.config_db].find_one(
{"config_name": settings.CONFIG_NAME})
self.processes = self.config_cursor['auth_tester_thread'] # 50
self.username_list = self.config_cursor['username_dict'] # ["root"]
self.password_list = self.config_cursor[
'password_dict'] # [u'123456', u'password', u'111111', u'666666', u'1qaz2wsx', u'1qaz2wsx3edc.com']
def __init__(self, instance_id):
self._id = instance_id
self.args_val = '-sV'
self.instance_db = db_name_conf()['instance_db']
self.portinfo_db = db_name_conf()['portinfo_db']
self.connectiondb = connectiondb2('PortScanner')
self.instance_info = self.connectiondb[self.instance_db].find_one(
{"_id": ObjectId(self._id)})
self.target_val = self.instance_info['target']
self.ports_val = self._set_attr()
def post(self):
body_data = json.loads(request.get_data().decode())
port_list = body_data['port_list']
if not port_list:
config_info = mongo_cli[config_db].find_one(
{"config_name": settings.CONFIG_NAME})
port_list = config_info['port_list']
discovery_db = db_name_conf()['discovery_db']
task_info = {
"name": body_data['name'], # 任务名
"port_list": port_list, # 自定义端口(22,80,110-446),否则使用系统设置中的端口范围
"target": body_data['target'], # 网段
"user_port": body_data['user_port'], # 0系统默认端口, 1自定义
"recursion": body_data['recursion'], # 扫描周期(0\1\7\30)
"open_web": body_data['open_web'], # 1开启web漏洞扫描
"open_poc": body_data['open_poc'], # 1开启poc扫描
"open_auth": body_data['open_auth'], # 1开启auth扫描
"user": body_data['user'], # 操作员
"create_at": int(time.time()),
"update_at": int(time.time()),
"discorvery": [],
"status": "New",
"is_delete": 0,
}
task_id = mongo_cli[discovery_db].insert_one(task_info).inserted_id
if not task_id:
response_data = self.wrap_json_response(code=ReturnCode.FAILED)
return jsonify(response_data)
data = {'task_id': '%s' % task_id}
response_data = self.wrap_json_response(data=data,
code=ReturnCode.SUCCESS)
return jsonify(response_data)
def delete(self):
"""
删除实例及其端口信息
---
tags:
- 实例管理
parameters:
- name: id
in: query
description: 实例ID
required: true
type: string
responses:
'200':
description: SUCCESS
schema:
type: dto.public_string_data_output
$ref: '#/definitions/dto.public_string_data_output'
"""
# 删除实例
# 删除端口信息
_id = request.args.get('id')
portinfo_db = db_name_conf()['portinfo_db']
mongo_cli[portinfo_db].delete_many({"instance_id": _id})
# connectiondb(instance_db).update({'_id': ObjectId(_id)}, {"$set": {"is_delete": 1}}, multi=True)
mongo_cli[instance_db].delete_one({'_id': ObjectId(_id)})
response_data = self.wrap_json_response(data='success',
code=ReturnCode.SUCCESS)
return jsonify(response_data)
def put(self):
body_data = json.loads(request.get_data().decode())
port_list = body_data['port_list']
task_id = body_data['task_id']
if not task_id:
return jsonify(
self.wrap_json_response(data=ReturnCode.WRONG_PARAMS))
if not port_list:
config_info = mongo_cli[config_db].find_one(
{"config_name": settings.CONFIG_NAME})
port_list = config_info['port_list']
discovery_db = db_name_conf()['discovery_db']
mongo_cli[discovery_db].update_one(
{"_id": ObjectId(task_id)},
{
"$set": {
# "name": body_data['name'],
"port_list": port_list,
"target": body_data['target'],
"user_port": body_data['user_port'],
"recursion": body_data['recursion'],
"open_web": body_data['open_web'],
"open_poc": body_data['open_poc'],
"open_auth": body_data['open_auth'],
"user": body_data['user'],
"discorvery": [],
# "update_at": int(time.time()),
}
})
response_data = self.wrap_json_response(data="success",
code=ReturnCode.SUCCESS)
return jsonify(response_data)
def _save_result(portinfo_id, app_name):
portinfo_db = db_name_conf()['portinfo_db']
# 看看是自定义任务还是自动化探测任务
if not portinfo_id:
return
# 自动化任务需要更新端口应用版本
connectiondb(portinfo_db).update_one({'_id': ObjectId(portinfo_id)},
{'$set': {
'product': app_name
}})
def __init__(self, task_id):
self.task_id = "{}".format(task_id)
self.result = []
self.plugin_db = db_name_conf()['plugin_db']
self.connectiondb = connectiondb2('PocsuiteScanner')
self.tasks_cursor = self.connectiondb[tasks_db].find_one(
{"_id": ObjectId(self.task_id)})
self.target_list = parse_target(self.tasks_cursor['target_list'])
self.pluginid_list = self.tasks_cursor['pluginid_list']
self.processes = self.connectiondb[config_db].find_one(
{"config_name": settings.CONFIG_NAME})['poc_thread']
self.tmp_app = '' # 如果是自动化探测任务、一个端口只会对应一个应用。比如它匹配的是flink poc, 不管匹配哪个都会是plugin_app=apache flink
def get(self):
task_id = request.args.get('id')
if not task_id:
return jsonify(
self.wrap_json_response(code=ReturnCode.WRONG_PARAMS))
discovery_db = db_name_conf()['discovery_db']
cursor = mongo_cli[discovery_db].find_one({'_id': ObjectId(task_id)})
if not cursor:
return jsonify(
self.wrap_json_response(code=ReturnCode.RESOURCE_NOT_EXISTS))
cursor['_id'] = '{}'.format(cursor['_id'])
return jsonify(
self.wrap_json_response(data=cursor, code=ReturnCode.SUCCESS))
def delete(self):
task_id = request.args.get('id')
if not task_id:
return jsonify(
self.wrap_json_response(code=ReturnCode.WRONG_PARAMS))
discovery_db = db_name_conf()['discovery_db']
dc = mongo_cli[discovery_db].delete_one({
'_id': ObjectId(task_id)
}).deleted_count
if not dc:
return jsonify(
self.wrap_json_response(code=ReturnCode.RESOURCE_NOT_EXISTS))
return jsonify(
self.wrap_json_response(data={'task_id': task_id},
code=ReturnCode.SUCCESS))
def get(self):
discovery_db = db_name_conf()['discovery_db']
cursor = mongo_cli[discovery_db].find()
array = []
for item in cursor:
item['_id'] = '{}'.format(item['_id'])
item['create_at'] = time.strftime(
"%Y-%m-%d %H:%M:%S", time.localtime(item['create_at']))
item['update_at'] = time.strftime(
"%Y-%m-%d %H:%M:%S", time.localtime(item['update_at']))
array.append(item)
total = len(array)
response_data = self.wrap_json_response(data={
"list": array,
"total": total
},
code=ReturnCode.SUCCESS)
return jsonify(response_data)
def patch(self):
task_id = request.args.get('id')
if not task_id:
return jsonify(
self.wrap_json_response(code=ReturnCode.WRONG_PARAMS))
discovery_db = db_name_conf()['discovery_db']
if not mongo_cli[discovery_db].find({
"_id": ObjectId(task_id)
}).count():
return jsonify(
self.wrap_json_response(code=ReturnCode.RESOURCE_NOT_EXISTS))
mongo_cli[discovery_db].update_one({"_id": ObjectId(task_id)},
{"$set": {
"status": "Processing"
}})
ader = AssetDiscovery(task_id)
t = Thread(target=ader.run, args=())
t.start()
return jsonify(
self.wrap_json_response(data={'task_id': task_id},
code=ReturnCode.SUCCESS))
# coding=utf-8
import time
from aquaman.modules.auto_scanner.port_scanner import PortScanner
from aquaman.modules.poc_vul.poc_scan import PocsuiteScan
from aquaman.lib.mongo_db import connectiondb, db_name_conf
from bson import ObjectId
instance_db = db_name_conf()['instance_db']
portinfo_db = db_name_conf()['portinfo_db']
class VulScanner:
def __init__(self, instance_id):
self.instance_id = instance_id
self.instance_info = connectiondb(instance_db).find_one(
{"_id": ObjectId(self.instance_id)})
self.info_list = []
self.vul_type = ''
def _get_portinfo(self):
print "PocScanner._get_portinfo"
array = connectiondb(portinfo_db).find(
{"instance_id": self.instance_id})
for item in array:
item['_id'] = "%s" % item['_id']
self.info_list.append(item)
def _save_webvul_result(self, portinfo_id, data):
connectiondb(portinfo_db).update_one(
{"_id": ObjectId(portinfo_id)},
{
# coding=utf-8
import re
import time
from aquaman.lib.metasploit.msfrpc import MsfRpcClient
from aquaman.lib.mongo_db import db_name_conf, connectiondb
from utils.public import port_service
try:
client = MsfRpcClient('mypassword', server='172.31.50.156', port=55553)
exploit_db = db_name_conf()['exploit_db']
except Exception:
print "[Warning] MsfRpcClient connect timeout..."
class MsfScanner:
def __init__(self,
ip=None,
service=None,
port=None,
app=None,
version=None):
self.ip = ip
self.service = service
self.app = app
self.port = port
self.version = version
def get_info(self, m_name):
"""
return: dict
"""
# coding=utf-8
import re
from utils.response import CommonResponseMixin, ReturnCode
from flask.views import MethodView
from flask import jsonify, request
from aquaman.lib.mongo_db import db_name_conf, mongo_cli
from bson import ObjectId
from aquaman.modules.web_vul.awvs_api import AcunetixScanner
import ast
portinfo_db = db_name_conf()['portinfo_db']
exploit_db = db_name_conf()['exploit_db']
class ServiceInfoView(CommonResponseMixin, MethodView):
# 获取端口服务漏洞详情
def get(self):
"""
# 获取端口服务漏洞详情
---
tags:
- 服务发现
definitions:
- schema:
id: dao.pocvul_taskinfo
properties:
_id:
type: string
start_date:
type: string
description: 起始日期
from random import sample
from bson import ObjectId
from aquaman.modules.automation.port_scanner import PortScanner
from aquaman.lib.mongo_db import db_name_conf, mongo_cli, connectiondb2
from apscheduler.schedulers.blocking import BlockingScheduler
from aquaman.modules.web_vul.awvs_api import AcunetixScanner
from utils.public import port_service
from string import digits, ascii_lowercase
from utils.logger import get_logger
from application import settings
# import logging
# logging.basicConfig()
log = get_logger()
tasks_db = db_name_conf()['tasks_db']
config_db = db_name_conf()['config_db']
instance_db = db_name_conf()['instance_db']
portinfo_db = db_name_conf()['portinfo_db']
auth_db = db_name_conf()['auth_db']
vulscan_db = db_name_conf()['vulscan_db']
plugin_db = db_name_conf()['plugin_db']
# Web 任务发布(内置异步)
def web_publish(target, port_info):
if 'http' not in port_info['name']: # 非Web跳过
return
print "AssetScanner.web_publish"
# target必须是IP或者域名,而且不携带协议
if port_info['port'] == '80':
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author : TideSec
# @Time : 18-5-14
# @File : parse_plugin.py
# @Desc : ""
import sys
import os
import re
from flask import Flask
sys.path.append('/home/aquaman/')
from aquaman.lib.mongo_db import connectiondb, db_name_conf
app = Flask(__name__)
plugin_db = db_name_conf()['plugin_db']
def parse_plugin(plugin_filename):
plugin_info = {}
name_pattern = re.compile(r'\s*name\s*=\s*[\'\"\[](.*)[\'\"\]]')
author_pattern = re.compile(r'author\s*=\s*[\'\"\[](.*)[\'\"\]]')
date_pattern = re.compile(r'vulDate\s*=\s*[\'\"\[](.*)[\'\"\]]')
app_pattern = re.compile(r'appName\s*=\s*[\'\"\[](.*)[\'\"\]]')
type_pattern = re.compile(r'vulType\s*=\s*[\'\"\[](.*)[\'\"\]]')
version_pattern = re.compile(r'appVersion\s*=\s*[\'\"\[](.*)[\'\"\]]')
desc_pattern = re.compile(r'desc\s*=\s*[\'\"\[](.*)[\'\"\]]')
service_pattern = re.compile(r'defaultService\s*=\s*[\'\"\[](.*)[\'\"\]]')
ports_pattern = re.compile(r'defaultPorts\s*=\s*[\'\"\[](.*)[\'\"\]]')
plugin_data = open(plugin_filename, 'r').read()
try:
# coding=utf-8
import json
from flask import jsonify, request
from flask.views import MethodView
from aquaman.lib.mongo_db import db_name_conf, mongo_cli
from application import settings
from utils.response import CommonResponseMixin, ReturnCode
config_db = db_name_conf()['config_db']
class SysConfig(MethodView, CommonResponseMixin):
def get(self):
"""
系统数据
---
tags:
- 系统设置
definitions:
- schema:
id: dao.system_config_info
properties:
_id:
type: string
config_name:
type: integer
description: 配置名
poc_thread:
type: integer
description: Poc线程扫描数
port_thread:
# -*- coding: utf-8 -*-
import re
import os
import time
import json
from flask import request, jsonify
from flask.views import MethodView
from utils.response import CommonResponseMixin, ReturnCode
from aquaman.lib.mongo_db import db_name_conf, mongo_cli
from bson import ObjectId
from threading import Thread
from aquaman.modules.poc_vul.poc_scanner import PocsuiteScanner
from aquaman.modules.poc_vul.parse_plugin import parse_plugin
from application import settings
from werkzeug.utils import secure_filename
tasks_db = db_name_conf()['tasks_db']
vul_db = db_name_conf()['vul_db']
plugin_db = db_name_conf()['plugin_db']
class PocVulTaskView(MethodView, CommonResponseMixin):
# 获取任务详情
def get(self):
"""
获取任务详情
---
tags:
- POC漏洞检测
definitions:
- schema:
id: dao.pocvul_taskinfo
# coding=utf-8
import re
import json
import time
from flask import request, jsonify
from flask.views import MethodView
from utils.response import CommonResponseMixin, ReturnCode
from aquaman.lib.mongo_db import db_name_conf, mongo_cli
from bson import ObjectId
from utils.public import parse_target
from aquaman.modules.web_vul.awvs_api import AcunetixScanner
vulscan_db = db_name_conf()['vulscan_db'] # 存储AWVS任务的
class WebVulTasksView(MethodView, CommonResponseMixin):
# 获取任务列表
def get(self):
"""
任务列表, 刷新部分任务状态
---
tags:
- Web漏洞检测
definitions:
- schema:
id: dto.webvul_tasklist_output
properties:
data:
type: object
description: 任务列表
properties:
# -*- coding: utf-8 -*-
import re
from flask import jsonify, request
from flask.views import MethodView
from utils.response import CommonResponseMixin, ReturnCode
from aquaman.lib.mongo_db import mongo_cli, db_name_conf
from bson import ObjectId
server_db = db_name_conf()['server_db']
# 资产信息
class AssetInfoView(CommonResponseMixin, MethodView):
# 获取资产详情
def get(self):
"""
获取资产详情
---
tags:
- 资产管理
definitions:
- schema:
id: dto.assetinfo_output
properties:
data:
type: dao.asset_info
$ref: '#/definitions/dao.asset_info'
description: response_data
errmsg:
type: string
description: errno
# coding=utf-8
import re
import nmap
import time
from aquaman.lib.mongo_db import db_name_conf, mongo_cli, connectiondb2
from bson import ObjectId
from aquaman.modules.automation.asset_scanner import AssetScanner
from threading import Thread
from apscheduler.schedulers.blocking import BlockingScheduler
from utils.logger import get_logger
log = get_logger()
discovery_db = db_name_conf()['discovery_db']
instance_db = db_name_conf()['instance_db']
class AssetDiscovery:
def __init__(self, task_id):
self.task_id = task_id
self.cursor = mongo_cli[discovery_db].find_one(
{'_id': ObjectId(task_id)})
self.target = self.cursor['target']
def nmap_ping_scan(self, network_prefix):
nm = nmap.PortScanner() # 设置为nmap扫描状态。
ping_scan_raw = nm.scan(
hosts=network_prefix, arguments='-sn'
) # hosts可以是单个IP地址也可以是一整个网段。 arguments就是运用什么方式扫描,-sn就是ping扫描。
host_list_ip = []
for result in ping_scan_raw['scan'].values(
): # 将scan下面的数值赋值给result,并开始遍历。
if result['status']['state'] == 'up': # 如果是up则表明对方主机是存活的。
# coding=utf-8
import time
from flask import jsonify
from flask.views import MethodView
from utils.response import ReturnCode, CommonResponseMixin
from aquaman.lib.mongo_db import mongo_cli, db_name_conf
plugin_db = db_name_conf()['plugin_db']
auth_db = db_name_conf()['auth_db']
weekpasswd_db = db_name_conf()['weekpasswd_db']
vul_db = db_name_conf()['vul_db']
tasks_db = db_name_conf()['tasks_db']
vulscan_db = db_name_conf()['vulscan_db'] # web
instance_db = db_name_conf()['instance_db']
class TopCard(MethodView, CommonResponseMixin):
def get(self):
"""
图表聚合数据
---
tags:
- 首页大盘
definitions:
- schema:
id: dao.dashboard_info
properties:
asset_count:
type: integer
description: 资产数量
vul_count:
def __init__(self):
self.auth_db = db_name_conf()['auth_db']
self.weekpasswd_db = db_name_conf()['weekpasswd_db']
self.connectiondb = connectiondb2('AuthTesterLoop')
# coding=utf-8
import re
import json
import time
from flask import jsonify, request
from flask.views import MethodView
from utils.response import CommonResponseMixin, ReturnCode
from aquaman.modules.web_vul.awvs_api import AcunetixScanner
from aquaman.modules.automation.asset_scanner import AssetScanner
from aquaman.modules.discovery.asset_descovery import AssetDiscovery
from aquaman.lib.mongo_db import mongo_cli, db_name_conf
from application import settings
from bson import ObjectId
from threading import Thread
config_db = db_name_conf()['config_db']
instance_db = db_name_conf()['instance_db']
portinfo_db = db_name_conf()['portinfo_db']
auth_db = db_name_conf()['auth_db'] # auth
tasks_db = db_name_conf()['tasks_db'] # poc
vulscan_db = db_name_conf()['vulscan_db'] # web
weekpasswd_db = db_name_conf()['weekpasswd_db'] # auth detect
vul_db = db_name_conf()['vul_db'] # poc detect
plugin_db = db_name_conf()['plugin_db']
class InstanceInfoListView(MethodView, CommonResponseMixin):
def get(self):
"""
获取实例列表
---
import time
from threading import Thread
from application import settings
from multiprocessing import Pool
from aquaman.lib.mongo_db import db_name_conf, connectiondb, connectiondb2
from utils.public import parse_target
from apscheduler.schedulers.blocking import BlockingScheduler
from bson import ObjectId
from pocsuite.api.cannon import Cannon
from func_timeout.exceptions import FunctionTimedOut
from utils.logger import get_logger
import logging
logging.basicConfig()
log = get_logger()
config_db = db_name_conf()['config_db']
tasks_db = db_name_conf()['tasks_db']
vul_db = db_name_conf()['vul_db']
def verify_poc(scan_info):
frequency = connectiondb(config_db).find_one(
{'config_name': settings.CONFIG_NAME})['poc_frequency']
plugin_name = scan_info['plugin_name']
plugin_filename = scan_info['plugin_filename']
target = scan_info['target']
info = {
"pocname": plugin_name,
"pocstring": open(plugin_filename, 'r').read(),
"mode": 'verify'
}
def __init__(self):
# 更新Mongo中AWVS的任务状态
# 定时从AWVS服务端的获取target_id的状态
self.vulscan_db = db_name_conf()['vulscan_db']
self.connectiondb = connectiondb2('AwvsTaskLoop')
