コード例 #1
0
def storedata(ip='', port='', hackinfo=None):

    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []
    #     if islocalwork==0:
    #         work=[]
    #         dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
    #         tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic}
    #         jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata)
    #         work.append(jsondata)
    #         self.uploadwork.add_work(work)

    #     else:

    hackinfo = SQLTool.escapewordby(str(hackinfo))
    extra = ' on duplicate key update  disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, hackinfo, str(port)))

    sqldatawprk = []
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'disclosure', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)
    print 'fuzz 数据存储'
    pass
コード例 #2
0
def upload_ip_info(request):
    sqldatawork = []
    func = request.POST.get('func', '')
    dic = request.POST.get('dic', '{}')
    nowdic = eval(dic)  #存在安全隐患, 改用json库
    tempwprk = Sqldata.SqlData(
        func, nowdic)  #赋值给Sqldata类, 后期通过getXXX获取, 在Sqldatatask.py中
    sqldatawork.append(tempwprk)
    sqlTool = Sqldatatask.getObject()
    sqlTool.add_work(sqldatawork)
    works = request.POST.get('workdetail', [])
    print "nmaproute::upload_ip_info():", works
    temphosts = request.POST.get('ip', '')
    tempvendor = request.POST.get('vendor', '')
    temposfamily = request.POST.get('osfamily', '')
    temposgen = request.POST.get('osgen', '')
    tempaccuracy = request.POST.get('accuracy', '')
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    temphostname = request.POST.get('hostname', '')
    tempstate = request.POST.get('state', '')
    ipcontrol.ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
                             tempaccuracy, localtime, temphostname, tempstate)

    data = {}
    data['result'] = '1'
    return HttpResponse(json.dumps(data,
                                   skipkeys=True,
                                   default=webtool.object2dict),
                        content_type="application/json")
コード例 #3
0
def upload_port_info(request):
    sqldatawprk=[]
    func=request.POST.get('func','')
    dic=request.POST.get('dic','{}')
    nowdic=eval(dic)
    tempwprk=Sqldata.SqlData(func,nowdic)
    sqldatawprk.append(tempwprk)
    sqlTool=Sqldatatask.getObject()
    sqlTool.add_work(sqldatawprk)

    data={}
    data['result']='1'
    return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")   
コード例 #4
0
def ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
                   tempaccuracy, localtime, temphostname, tempstate):
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    sqlTool = Sqldatatask.getObject()
    sqldatawprk = []
    dic = {
        "table":
        localconfig.iptable,
        "select_params": [
            'ip', 'vendor', 'osfamily', 'osgen', 'accurate', 'updatetime',
            'hostname', 'state'
        ],
        "insert_values": [(temphosts, tempvendor, temposfamily, temposgen,
                           tempaccuracy, localtime, temphostname, tempstate)]
    }
    tempwprk = Sqldata.SqlData('replaceinserttableinfo_byparams', dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)
    pass
コード例 #5
0
def upload_ip_info(request):
    sqldatawprk=[]
    func=request.POST.get('func','')
    dic=request.POST.get('dic','{}')
    nowdic=eval(dic)#存在安全隐患, 改用json库
    tempwprk=Sqldata.SqlData(func,nowdic)
    sqldatawprk.append(tempwprk)
    sqlTool=Sqldatatask.getObject()
    sqlTool.add_work(sqldatawprk)
#     works=request.POST.get('workdetail',[])
#     print works
#     tempvendor=request.POST.get('vendor','')
#     temposfamily=request.POST.get('osfamily','')
#     temposgen=request.POST.get('osgen','')
#     tempaccuracy=request.POST.get('accuracy','')
#     temphostname=request.POST.get('hostname','')
#     tempstate=request.POST.get('state','')
#     ipcontrol.ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)
    data={}
    data['result']='1'
    return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")   
コード例 #6
0
def storedata(ip='', port='', hackresults=None):
    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []
    hackresults = SQLTool.escapewordby(str(hackresults))
    extra = ' on duplicate key update hackresults=\'' + hackresults + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, hackresults, str(port)))

    sqldatawprk = []
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'hackresults', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)
    pass
コード例 #7
0
ファイル: callbackfuzz.py プロジェクト: the-404/normal_hack
def storedata(ip='', port='', hackinfo=None):

    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []

    hackinfo = SQLTool.escapewordby(str(hackinfo))
    extra = ' on duplicate key update  disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, hackinfo, str(port)))
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'disclosure', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    if islocalwork == 0:
        work = []
        tempdata = {"func": 'inserttableinfo_byparams', "dic": dic}
        jsondata = uploaditem.UploadData(
            url=webconfig.WebConfig.upload_ip_info,
            way='POST',
            params=tempdata)
        work.append(jsondata)
        temp = uploadtask.getObject()
        temp.add_work(work)

    else:

        sqldatawprk = []

        tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
        sqldatawprk.append(tempwprk)
        sqlTool.add_work(sqldatawprk)
        print 'fuzz 数据存储'
        pass
コード例 #8
0
def storedata(ip='', port='', disclosures=None):
    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []
    # {'223.223.187.90:8080': [{'status': 200, 'url': '223.223.187.90:8080/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/file/Placard/upload/Imo_DownLoadUI.php?cid=1&uid=1&type=1&filename=/../../../../etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/wp-config.php~'}, {'status': 200, 'url': '223.223.187.90:8080/'}]}
    # 现在是依次遍历list集合拼接,是否可以直接返回list集合,像hackresults一样
    disclosure = ''
    # for ip_port in disclosures:
    # 	disinfo_list = disclosures[ip_port]
    # for disinfo in disinfo_list:
    #     disclosure += str(disinfo) + '\\n '
    #	    disinfo_list.remove(disinfo)

    #    print "fuzzey detect callbackfuzz: ", type(disclosures), str(disclosures)   # a dict
    disclosure = SQLTool.escapewordby(str(disclosures))
    extra = ' on duplicate key update  disclosure=\'' + disclosure + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, disclosure, str(port)))

    sqldatawprk = []
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'disclosure', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)

    from ..vuldect import pocsearchtask
    temp = pocsearchtask.getObject()
    # head,context,ip,port,productname,keywords,nmapscript,protocol
    temp.add_work([(None, None, ip, port, None, None, disclosures, None)])
    pass
コード例 #9
0
    def callback_result(self, scan_result):

        print '——————'
        tmp = scan_result

        for i in tmp['scan'].keys():

            host = i
            result = ''
            try:

                temphosts = str(host)
                localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
                self.getlocationtool.add_work([temphosts])  #查询ip地址
                try:
                    tempvendor = 'null'
                    temposfamily = 'null'
                    temposgen = 'null'
                    tempaccuracy = 'null'
                    if len(tmp['scan'][host]['osmatch']) > 0 and len(
                            tmp['scan'][host]['osmatch'][0]['osclass']) > 0:
                        tempvendor = str(
                            tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
                                'vendor', 'null'))

                        temposfamily = str(
                            tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
                                'osfamily', 'null'))

                        temposgen = str(
                            tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
                                'osgen', 'null'))

                        tempaccuracy = str(
                            tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
                                'accuracy', 'null'))

                    temphostname = ''
                    for i in tmp['scan'][host]['hostnames']:
                        temphostname += str(i.get('name', 'null')) + ' '

                    tempstate = str(tmp['scan'][host]['status'].get(
                        'state', 'null'))
                    if self.islocalwork == 0:
                        work = []
                        dic = {
                            "table":
                            self.config.iptable,
                            "select_params": [
                                'ip', 'vendor', 'osfamily', 'osgen',
                                'accurate', 'updatetime', 'hostname', 'state'
                            ],
                            "insert_values":
                            [(temphosts, tempvendor, temposfamily, temposgen,
                              tempaccuracy, localtime, temphostname, tempstate)
                             ]
                        }
                        tempdata = {
                            "func": 'replaceinserttableinfo_byparams',
                            "dic": dic
                        }
                        jsondata = uploaditem.UploadData(
                            url=self.webconfig.upload_ip_info,
                            way='POST',
                            params=tempdata)
                        work.append(jsondata)
                        self.uploadwork.add_work(work)

                    else:
                        sqldatawprk = []
                        dic = {
                            "table":
                            self.config.iptable,
                            "select_params": [
                                'ip', 'vendor', 'osfamily', 'osgen',
                                'accurate', 'updatetime', 'hostname', 'state'
                            ],
                            "insert_values":
                            [(temphosts, tempvendor, temposfamily, temposgen,
                              tempaccuracy, localtime, temphostname, tempstate)
                             ]
                        }
                        tempwprk = Sqldata.SqlData(
                            'replaceinserttableinfo_byparams', dic)
                        sqldatawprk.append(tempwprk)
                        self.sqlTool.add_work(sqldatawprk)
                except Exception, e:
                    print 'nmap system error' + str(e)

                if 'tcp' in tmp['scan'][host].keys():
                    ports = tmp['scan'][host]['tcp'].keys()

                    for port in ports:
                        #                     portinfo = " port : %s  name:%s  state : %s  product : %s version :%s  script:%s \n" %(port,tmp['scan'][host]['tcp'][port].get('name',''),tmp['scan'][host]['tcp'][port].get('state',''),   tmp['scan'][host]['tcp'][port].get('product',''),tmp['scan'][host]['tcp'][port].get('version',''),tmp['scan'][host]['tcp'][port].get('script',''))
                        tempport = str(port)
                        tempportname = str(tmp['scan'][host]['tcp'][port].get(
                            'name', ''))
                        tempportstate = str(tmp['scan'][host]['tcp'][port].get(
                            'state', ''))
                        tempproduct = str(tmp['scan'][host]['tcp'][port].get(
                            'product', ''))
                        tempportversion = str(
                            tmp['scan'][host]['tcp'][port].get('version', ''))
                        tempscript = str(tmp['scan'][host]['tcp'][port].get(
                            'script', ''))

                        #                         self.sqlTool.replaceinserttableinfo_byparams(table=self.config.porttable,select_params= ['ip','port','timesearch','state','name','product','version','script'],insert_values= [(temphosts,tempport,localtime,tempportstate,tempportname,tempproduct,tempportversion,tempscript)])

                        if self.islocalwork == 0:
                            work = []
                            dic = {
                                "table":
                                self.config.porttable,
                                "select_params": [
                                    'ip', 'port', 'timesearch', 'state',
                                    'name', 'product', 'version', 'script',
                                    'portnumber'
                                ],
                                "insert_values":
                                [(temphosts, tempport, localtime,
                                  tempportstate, tempportname, tempproduct,
                                  tempportversion, tempscript, str(tempport))]
                            }
                            tempdata = {
                                "func": 'replaceinserttableinfo_byparams',
                                "dic": dic
                            }
                            jsondata = uploaditem.UploadData(
                                url=self.webconfig.upload_port_info,
                                way='POST',
                                params=tempdata)
                            work.append(jsondata)
                            self.uploadwork.add_work(work)
                        else:
                            sqldatawprk = []
                            dic = {
                                "table":
                                self.config.porttable,
                                "select_params": [
                                    'ip', 'port', 'timesearch', 'state',
                                    'name', 'product', 'version', 'script',
                                    'portnumber'
                                ],
                                "insert_values":
                                [(temphosts, tempport, localtime,
                                  tempportstate, tempportname, tempproduct,
                                  tempportversion, tempscript, str(tempport))]
                            }
                            tempwprk = Sqldata.SqlData(
                                'replaceinserttableinfo_byparams', dic)
                            sqldatawprk.append(tempwprk)
                            self.sqlTool.add_work(sqldatawprk)
                            self.portscan.add_work([
                                (tempportname, temphosts, tempport,
                                 tempportstate, tempproduct, tempscript)
                            ])

                elif 'udp' in tmp['scan'][host].keys():
                    ports = tmp['scan'][host]['udp'].keys()
                    for port in ports:
                        #                         portinfo = " port : %s  name:%s  state : %s  product : %s version :%s  script:%s \n" %(port,tmp['scan'][host]['udp'][port].get('name',''),tmp['scan'][host]['udp'][port].get('state',''),   tmp['scan'][host]['udp'][port].get('product',''),tmp['scan'][host]['udp'][port].get('version',''),tmp['scan'][host]['udp'][port].get('script',''))
                        #                         result = result + portinfo
                        tempport = str(port)
                        tempportname = str(tmp['scan'][host]['udp'][port].get(
                            'name', ''))
                        tempportstate = str(tmp['scan'][host]['udp'][port].get(
                            'state', ''))
                        tempproduct = str(tmp['scan'][host]['udp'][port].get(
                            'product', ''))
                        tempportversion = str(
                            tmp['scan'][host]['udp'][port].get('version', ''))
                        tempscript = str(tmp['scan'][host]['udp'][port].get(
                            'script', ''))

                        #                         self.sqlTool.replaceinserttableinfo_byparams(table=self.config.porttable,select_params= ['ip','port','timesearch','state','name','product','version','script'],insert_values= [(temphosts,tempport,localtime,tempportstate,tempportname,tempproduct,tempportversion,tempscript)])

                        if self.islocalwork == 0:
                            work = []
                            dic = {
                                "table":
                                self.config.porttable,
                                "select_params": [
                                    'ip', 'port', 'timesearch', 'state',
                                    'name', 'product', 'version', 'script',
                                    'portnumber'
                                ],
                                "insert_values":
                                [(temphosts, tempport, localtime,
                                  tempportstate, tempportname, tempproduct,
                                  tempportversion, tempscript, str(tempport))]
                            }
                            tempdata = {
                                "func": 'replaceinserttableinfo_byparams',
                                "dic": dic
                            }
                            jsondata = uploaditem.UploadData(
                                url=self.webconfig.upload_port_info,
                                way='POST',
                                params=tempdata)
                            work.append(jsondata)
                            self.uploadwork.add_work(work)
                        else:
                            sqldatawprk = []
                            dic = {
                                "table":
                                self.config.porttable,
                                "select_params": [
                                    'ip', 'port', 'timesearch', 'state',
                                    'name', 'product', 'version', 'script',
                                    'portnumber'
                                ],
                                "insert_values":
                                [(temphosts, tempport, localtime,
                                  tempportstate, tempportname, tempproduct,
                                  tempportversion, tempscript, str(tempport))]
                            }
                            tempwprk = Sqldata.SqlData(
                                'replaceinserttableinfo_byparams', dic)
                            sqldatawprk.append(tempwprk)
                            self.sqlTool.add_work(sqldatawprk)
            except Exception, e:
                print 'nmap error' + str(e)