def NewTaskId(self, **kwargs): url = "{0}/task/new".format(self.address) response = json.loads(requests.get(url).text) if response['success']: db = MySQLHander() taskid = response['taskid'] sql = "insert into task(`target`, `taskid`, `server`) VALUES (\"{0}\", \"{1}\", \"{2}\")"\ .format(kwargs['target'], taskid, self.address) if db.insert(sql) == 0L: print "Apply New TaskId Success!" else: print "Apply New Task Fail" del db return taskid else: return False
def __init__(self): mysql = MySQLHander() sql = "select writelist,blacklist,rootdomain,blackdomain from settings where id=1" mysql.query(sql) resource = mysql.fetchOneRow() self.writelist,self.blacklist,self.rootdomain,self.blackdomain = list(resource) mysql.close()
def update_settings(self, kwargs): mysql = MySQLHander() sql = "update settings set server=\"{0}\", writelist=\"{1}\", blacklist=\"{2}\", proxyaddr=\"{3}\"," \ "rootdomain=\"{4}\", blackdomain = \"{5}\" where id=1 ".format(kwargs.form['sqlmapaddr'], \ kwargs.form['writelist'],kwargs.form['blacklist'],\ kwargs.form['proxyaddr'], getrootdomain(kwargs.form['target']), getrootdomain(kwargs.url)) mysql.update(sql) mysql.close()
def GetStatusInfo(taskid): ''' :param taskid: :return: status,success ''' mysql = MySQLHander() sql = "select target,status,success from task where taskid=\"{0}\" ".format(taskid) mysql.query(sql) data = mysql.fetchOneRow() result = {"target":data[0], "status":data[1], "success":data[2]} mysql.close() return result
def SaveData(target, data): sql = "" mysql = MySQLHander() if len(data['data']) == 0: sql = "update task set success=0 where target=\"{0}\"".format(target) else: sql = "update task set data=\"{0}\",success=1 where target=\"{1}\"".format(\ Tools.dict2base64(data['data'][0]['value'][0]['data']), target) mysql.update(sql) mysql.close() return
def Thread_Handle(taskid, target): lock.acquire() sql = SqlMapAction() server = sql._get_server() url_status = "{0}/scan/{1}/status".format(server, taskid) url_log = "{0}/scan/{1}/log".format(server, taskid) url_data="{0}/scan/{1}/data".format(server, taskid) mysql = MySQLHander() response_status = json.loads(requests.get(url_status,None).text)['status'] while response_status != "terminated" and response_status!="deleting": time.sleep(2) response_status = json.loads(requests.get(url_status,None).text)['status'] sql = "update `task` set status = \"{0}\" where taskid=\"{1}\"".format(response_status, taskid) mysql.update(sql) response_data = json.loads(requests.get(url_data, None).text) if response_data==None: return False Action.SaveData(target, response_data) mysql.close() lock.release() return True
def Save_Success_Target(): while True: mysql = MySQLHander() sql = "select taskid,target,data from task where success=1 and action=0" mysql.query(sql) resource = mysql.fetchAllRows() if resource != None: for line in resource: sql = "insert into successlist(`target`, `data`) values (\"{0}\", \"{1}\")".format(line[1], line[2]) mysql.insert(sql) sql = "update task set action=1 where taskid='{0}'".format(line[0]) mysql.update(sql) print '[*] save success target {0}'.format(line[1]) mysql.close() time.sleep(3)
def __init__(self): xml = XMLDOM() self.db = MySQLHander() self.address = xml.GetElementByName('sqlmap').strip()
class SqlMapAction(object): def __init__(self): xml = XMLDOM() self.db = MySQLHander() self.address = xml.GetElementByName('sqlmap').strip() def _get_server(self): sql = "select server from settings where id = 1" self.db.query(sql) server = self.db.fetchOneRow()[0] if server == None: return False return server def NewTaskId(self, **kwargs): url = "{0}/task/new".format(self.address) response = json.loads(requests.get(url).text) if response['success']: db = MySQLHander() taskid = response['taskid'] sql = "insert into task(`target`, `taskid`, `server`) VALUES (\"{0}\", \"{1}\", \"{2}\")"\ .format(kwargs['target'], taskid, self.address) if db.insert(sql) == 0L: print "Apply New TaskId Success!" else: print "Apply New Task Fail" del db return taskid else: return False def Set_Options(self, **kwargs): server = self._get_server() if server == False: return False url = "{0}/option/{1}/set".format(server, kwargs['taskid']) if "options" in kwargs: data = json.dumps(kwargs['options']) else: data = json.dumps({}) response = json.loads(requests.post(url, data=data, headers=HEADER).text) if response['success']: message = "{0} Set Options successfully".format(time.strftime("[*%H:%M:%S]")) print(message) return True else: return False def update_settings(self, kwargs): mysql = MySQLHander() sql = "update settings set server=\"{0}\", writelist=\"{1}\", blacklist=\"{2}\", proxyaddr=\"{3}\"," \ "rootdomain=\"{4}\", blackdomain = \"{5}\" where id=1 ".format(kwargs.form['sqlmapaddr'], \ kwargs.form['writelist'],kwargs.form['blacklist'],\ kwargs.form['proxyaddr'], getrootdomain(kwargs.form['target']), getrootdomain(kwargs.url)) mysql.update(sql) mysql.close() def start_scan(self, taskid, target): server = self._get_server() url = "{0}/scan/{1}/start".format(server, taskid) data = json.dumps({"url":target}) response = json.loads(requests.post(url,data=data, headers=HEADER).text) if response['success'] == True: print "[!] start task {0} sucess".format(taskid) t = multiprocessing.Process(target=Thread_Handle,args=(taskid,target,)) taskid_thread_Dict.append(taskid) t.start() return True else: return False def StopTask(self, tasklist): if isinstance(tasklist, list) == False: return False return True flag = True for taskid in tasklist: server = self._get_server() url = "{0}/scan/{1}/stop".format(server, taskid) response = json.loads(requests.get(url,None).text) print "-----------\n",response if requests['success'] == True: print "[!] stop task {0} ok!".format(taskid) else: flag = False print "[!] stop task {0} failed!".format(taskid) return flag def Start_Spider(self, taskid, target): t = threading.Thread(target=Spider_Handle,args=(taskid,target,)) t.start() def DeleteAllTask(self): mysql = MySQLHander() sql = "select target,data from task where success=1" mysql.query(sql) slist = mysql.fetchAllRows() for line in slist: sql = "insert into successlist(`target` ,`data`) values (\"{0}\")".format(line[0], line[1]) mysql.insert(sql) sql = "delete from task" mysql.update(sql) mysql.close() print "[!] task schedule has been clear!"
def DeleteAllTask(self): mysql = MySQLHander() sql = "select target,data from task where success=1" mysql.query(sql) slist = mysql.fetchAllRows() for line in slist: sql = "insert into successlist(`target` ,`data`) values (\"{0}\")".format(line[0], line[1]) mysql.insert(sql) sql = "delete from task" mysql.update(sql) mysql.close() print "[!] task schedule has been clear!"
import requests import re import urllib2 import base64 import threading import multiprocessing import ipdb from urlparse import urlparse from func import XMLDOM, Tools, SPIDER_HEADER, getrootdomain from bs4 import BeautifulSoup from models import MySQLHander HEADER = {'Content-Type': 'application/json'} #定义MYSQL句併 mysql = MySQLHander() #threading锁 lock = threading.Lock() #taskid的队列 taskid_thread_Dict = [] global writelist, blacklist, rootdomain, blackdomain def setting_init(): sql = "select writelist,blacklist,rootdomain,blackdomain from settings where id=1" mysql.query(sql) resource = mysql.fetchOneRow() self.writelist, self.blacklist, self.rootdomain, self.blackdomain = list(