def __init__(self, task_id): self.task_id = task_id self.check_result = {} # 检测结果 self.online_target = [] # 在线目标 self.result_pool = [] self.result = [] self.week_count = 0 self.auth_db = db_name_conf()['auth_db'] self.config_db = db_name_conf()['config_db'] self.weekpasswd_db = db_name_conf()['weekpasswd_db'] self.connectiondb = connectiondb2('AuthCrack') self.task_cursor = self.connectiondb[self.auth_db].find_one( {"_id": ObjectId(self.task_id)}) self.task_name = self.task_cursor['task_name'] # 191030_ssh_check self.target_list = parse_target( self.task_cursor['target']) # [u'192.168.1.141', u'192.168.1.141'] self.service_list = self.task_cursor['service'] # [u'ssh'] self.args = self.task_cursor['args'] # u'' self.config_cursor = self.connectiondb[self.config_db].find_one( {"config_name": settings.CONFIG_NAME}) self.processes = self.config_cursor['auth_tester_thread'] # 50 self.username_list = self.config_cursor['username_dict'] # ["root"] self.password_list = self.config_cursor[ 'password_dict'] # [u'123456', u'password', u'111111', u'666666', u'1qaz2wsx', u'1qaz2wsx3edc.com']
def __init__(self, instance_id): self._id = instance_id self.args_val = '-sV' self.instance_db = db_name_conf()['instance_db'] self.portinfo_db = db_name_conf()['portinfo_db'] self.connectiondb = connectiondb2('PortScanner') self.instance_info = self.connectiondb[self.instance_db].find_one( {"_id": ObjectId(self._id)}) self.target_val = self.instance_info['target'] self.ports_val = self._set_attr()
def post(self): body_data = json.loads(request.get_data().decode()) port_list = body_data['port_list'] if not port_list: config_info = mongo_cli[config_db].find_one( {"config_name": settings.CONFIG_NAME}) port_list = config_info['port_list'] discovery_db = db_name_conf()['discovery_db'] task_info = { "name": body_data['name'], # 任务名 "port_list": port_list, # 自定义端口(22,80,110-446),否则使用系统设置中的端口范围 "target": body_data['target'], # 网段 "user_port": body_data['user_port'], # 0系统默认端口, 1自定义 "recursion": body_data['recursion'], # 扫描周期(0\1\7\30) "open_web": body_data['open_web'], # 1开启web漏洞扫描 "open_poc": body_data['open_poc'], # 1开启poc扫描 "open_auth": body_data['open_auth'], # 1开启auth扫描 "user": body_data['user'], # 操作员 "create_at": int(time.time()), "update_at": int(time.time()), "discorvery": [], "status": "New", "is_delete": 0, } task_id = mongo_cli[discovery_db].insert_one(task_info).inserted_id if not task_id: response_data = self.wrap_json_response(code=ReturnCode.FAILED) return jsonify(response_data) data = {'task_id': '%s' % task_id} response_data = self.wrap_json_response(data=data, code=ReturnCode.SUCCESS) return jsonify(response_data)
def delete(self): """ 删除实例及其端口信息 --- tags: - 实例管理 parameters: - name: id in: query description: 实例ID required: true type: string responses: '200': description: SUCCESS schema: type: dto.public_string_data_output $ref: '#/definitions/dto.public_string_data_output' """ # 删除实例 # 删除端口信息 _id = request.args.get('id') portinfo_db = db_name_conf()['portinfo_db'] mongo_cli[portinfo_db].delete_many({"instance_id": _id}) # connectiondb(instance_db).update({'_id': ObjectId(_id)}, {"$set": {"is_delete": 1}}, multi=True) mongo_cli[instance_db].delete_one({'_id': ObjectId(_id)}) response_data = self.wrap_json_response(data='success', code=ReturnCode.SUCCESS) return jsonify(response_data)
def put(self): body_data = json.loads(request.get_data().decode()) port_list = body_data['port_list'] task_id = body_data['task_id'] if not task_id: return jsonify( self.wrap_json_response(data=ReturnCode.WRONG_PARAMS)) if not port_list: config_info = mongo_cli[config_db].find_one( {"config_name": settings.CONFIG_NAME}) port_list = config_info['port_list'] discovery_db = db_name_conf()['discovery_db'] mongo_cli[discovery_db].update_one( {"_id": ObjectId(task_id)}, { "$set": { # "name": body_data['name'], "port_list": port_list, "target": body_data['target'], "user_port": body_data['user_port'], "recursion": body_data['recursion'], "open_web": body_data['open_web'], "open_poc": body_data['open_poc'], "open_auth": body_data['open_auth'], "user": body_data['user'], "discorvery": [], # "update_at": int(time.time()), } }) response_data = self.wrap_json_response(data="success", code=ReturnCode.SUCCESS) return jsonify(response_data)
def _save_result(portinfo_id, app_name): portinfo_db = db_name_conf()['portinfo_db'] # 看看是自定义任务还是自动化探测任务 if not portinfo_id: return # 自动化任务需要更新端口应用版本 connectiondb(portinfo_db).update_one({'_id': ObjectId(portinfo_id)}, {'$set': { 'product': app_name }})
def __init__(self, task_id): self.task_id = "{}".format(task_id) self.result = [] self.plugin_db = db_name_conf()['plugin_db'] self.connectiondb = connectiondb2('PocsuiteScanner') self.tasks_cursor = self.connectiondb[tasks_db].find_one( {"_id": ObjectId(self.task_id)}) self.target_list = parse_target(self.tasks_cursor['target_list']) self.pluginid_list = self.tasks_cursor['pluginid_list'] self.processes = self.connectiondb[config_db].find_one( {"config_name": settings.CONFIG_NAME})['poc_thread'] self.tmp_app = '' # 如果是自动化探测任务、一个端口只会对应一个应用。比如它匹配的是flink poc, 不管匹配哪个都会是plugin_app=apache flink
def get(self): task_id = request.args.get('id') if not task_id: return jsonify( self.wrap_json_response(code=ReturnCode.WRONG_PARAMS)) discovery_db = db_name_conf()['discovery_db'] cursor = mongo_cli[discovery_db].find_one({'_id': ObjectId(task_id)}) if not cursor: return jsonify( self.wrap_json_response(code=ReturnCode.RESOURCE_NOT_EXISTS)) cursor['_id'] = '{}'.format(cursor['_id']) return jsonify( self.wrap_json_response(data=cursor, code=ReturnCode.SUCCESS))
def delete(self): task_id = request.args.get('id') if not task_id: return jsonify( self.wrap_json_response(code=ReturnCode.WRONG_PARAMS)) discovery_db = db_name_conf()['discovery_db'] dc = mongo_cli[discovery_db].delete_one({ '_id': ObjectId(task_id) }).deleted_count if not dc: return jsonify( self.wrap_json_response(code=ReturnCode.RESOURCE_NOT_EXISTS)) return jsonify( self.wrap_json_response(data={'task_id': task_id}, code=ReturnCode.SUCCESS))
def get(self): discovery_db = db_name_conf()['discovery_db'] cursor = mongo_cli[discovery_db].find() array = [] for item in cursor: item['_id'] = '{}'.format(item['_id']) item['create_at'] = time.strftime( "%Y-%m-%d %H:%M:%S", time.localtime(item['create_at'])) item['update_at'] = time.strftime( "%Y-%m-%d %H:%M:%S", time.localtime(item['update_at'])) array.append(item) total = len(array) response_data = self.wrap_json_response(data={ "list": array, "total": total }, code=ReturnCode.SUCCESS) return jsonify(response_data)
def patch(self): task_id = request.args.get('id') if not task_id: return jsonify( self.wrap_json_response(code=ReturnCode.WRONG_PARAMS)) discovery_db = db_name_conf()['discovery_db'] if not mongo_cli[discovery_db].find({ "_id": ObjectId(task_id) }).count(): return jsonify( self.wrap_json_response(code=ReturnCode.RESOURCE_NOT_EXISTS)) mongo_cli[discovery_db].update_one({"_id": ObjectId(task_id)}, {"$set": { "status": "Processing" }}) ader = AssetDiscovery(task_id) t = Thread(target=ader.run, args=()) t.start() return jsonify( self.wrap_json_response(data={'task_id': task_id}, code=ReturnCode.SUCCESS))
# coding=utf-8 import time from aquaman.modules.auto_scanner.port_scanner import PortScanner from aquaman.modules.poc_vul.poc_scan import PocsuiteScan from aquaman.lib.mongo_db import connectiondb, db_name_conf from bson import ObjectId instance_db = db_name_conf()['instance_db'] portinfo_db = db_name_conf()['portinfo_db'] class VulScanner: def __init__(self, instance_id): self.instance_id = instance_id self.instance_info = connectiondb(instance_db).find_one( {"_id": ObjectId(self.instance_id)}) self.info_list = [] self.vul_type = '' def _get_portinfo(self): print "PocScanner._get_portinfo" array = connectiondb(portinfo_db).find( {"instance_id": self.instance_id}) for item in array: item['_id'] = "%s" % item['_id'] self.info_list.append(item) def _save_webvul_result(self, portinfo_id, data): connectiondb(portinfo_db).update_one( {"_id": ObjectId(portinfo_id)}, {
# coding=utf-8 import re import time from aquaman.lib.metasploit.msfrpc import MsfRpcClient from aquaman.lib.mongo_db import db_name_conf, connectiondb from utils.public import port_service try: client = MsfRpcClient('mypassword', server='172.31.50.156', port=55553) exploit_db = db_name_conf()['exploit_db'] except Exception: print "[Warning] MsfRpcClient connect timeout..." class MsfScanner: def __init__(self, ip=None, service=None, port=None, app=None, version=None): self.ip = ip self.service = service self.app = app self.port = port self.version = version def get_info(self, m_name): """ return: dict """
# coding=utf-8 import re from utils.response import CommonResponseMixin, ReturnCode from flask.views import MethodView from flask import jsonify, request from aquaman.lib.mongo_db import db_name_conf, mongo_cli from bson import ObjectId from aquaman.modules.web_vul.awvs_api import AcunetixScanner import ast portinfo_db = db_name_conf()['portinfo_db'] exploit_db = db_name_conf()['exploit_db'] class ServiceInfoView(CommonResponseMixin, MethodView): # 获取端口服务漏洞详情 def get(self): """ # 获取端口服务漏洞详情 --- tags: - 服务发现 definitions: - schema: id: dao.pocvul_taskinfo properties: _id: type: string start_date: type: string description: 起始日期
from random import sample from bson import ObjectId from aquaman.modules.automation.port_scanner import PortScanner from aquaman.lib.mongo_db import db_name_conf, mongo_cli, connectiondb2 from apscheduler.schedulers.blocking import BlockingScheduler from aquaman.modules.web_vul.awvs_api import AcunetixScanner from utils.public import port_service from string import digits, ascii_lowercase from utils.logger import get_logger from application import settings # import logging # logging.basicConfig() log = get_logger() tasks_db = db_name_conf()['tasks_db'] config_db = db_name_conf()['config_db'] instance_db = db_name_conf()['instance_db'] portinfo_db = db_name_conf()['portinfo_db'] auth_db = db_name_conf()['auth_db'] vulscan_db = db_name_conf()['vulscan_db'] plugin_db = db_name_conf()['plugin_db'] # Web 任务发布(内置异步) def web_publish(target, port_info): if 'http' not in port_info['name']: # 非Web跳过 return print "AssetScanner.web_publish" # target必须是IP或者域名,而且不携带协议 if port_info['port'] == '80':
#!/usr/bin/env python # -*- coding: utf-8 -*- # @Author : TideSec # @Time : 18-5-14 # @File : parse_plugin.py # @Desc : "" import sys import os import re from flask import Flask sys.path.append('/home/aquaman/') from aquaman.lib.mongo_db import connectiondb, db_name_conf app = Flask(__name__) plugin_db = db_name_conf()['plugin_db'] def parse_plugin(plugin_filename): plugin_info = {} name_pattern = re.compile(r'\s*name\s*=\s*[\'\"\[](.*)[\'\"\]]') author_pattern = re.compile(r'author\s*=\s*[\'\"\[](.*)[\'\"\]]') date_pattern = re.compile(r'vulDate\s*=\s*[\'\"\[](.*)[\'\"\]]') app_pattern = re.compile(r'appName\s*=\s*[\'\"\[](.*)[\'\"\]]') type_pattern = re.compile(r'vulType\s*=\s*[\'\"\[](.*)[\'\"\]]') version_pattern = re.compile(r'appVersion\s*=\s*[\'\"\[](.*)[\'\"\]]') desc_pattern = re.compile(r'desc\s*=\s*[\'\"\[](.*)[\'\"\]]') service_pattern = re.compile(r'defaultService\s*=\s*[\'\"\[](.*)[\'\"\]]') ports_pattern = re.compile(r'defaultPorts\s*=\s*[\'\"\[](.*)[\'\"\]]') plugin_data = open(plugin_filename, 'r').read() try:
# coding=utf-8 import json from flask import jsonify, request from flask.views import MethodView from aquaman.lib.mongo_db import db_name_conf, mongo_cli from application import settings from utils.response import CommonResponseMixin, ReturnCode config_db = db_name_conf()['config_db'] class SysConfig(MethodView, CommonResponseMixin): def get(self): """ 系统数据 --- tags: - 系统设置 definitions: - schema: id: dao.system_config_info properties: _id: type: string config_name: type: integer description: 配置名 poc_thread: type: integer description: Poc线程扫描数 port_thread:
# -*- coding: utf-8 -*- import re import os import time import json from flask import request, jsonify from flask.views import MethodView from utils.response import CommonResponseMixin, ReturnCode from aquaman.lib.mongo_db import db_name_conf, mongo_cli from bson import ObjectId from threading import Thread from aquaman.modules.poc_vul.poc_scanner import PocsuiteScanner from aquaman.modules.poc_vul.parse_plugin import parse_plugin from application import settings from werkzeug.utils import secure_filename tasks_db = db_name_conf()['tasks_db'] vul_db = db_name_conf()['vul_db'] plugin_db = db_name_conf()['plugin_db'] class PocVulTaskView(MethodView, CommonResponseMixin): # 获取任务详情 def get(self): """ 获取任务详情 --- tags: - POC漏洞检测 definitions: - schema: id: dao.pocvul_taskinfo
# coding=utf-8 import re import json import time from flask import request, jsonify from flask.views import MethodView from utils.response import CommonResponseMixin, ReturnCode from aquaman.lib.mongo_db import db_name_conf, mongo_cli from bson import ObjectId from utils.public import parse_target from aquaman.modules.web_vul.awvs_api import AcunetixScanner vulscan_db = db_name_conf()['vulscan_db'] # 存储AWVS任务的 class WebVulTasksView(MethodView, CommonResponseMixin): # 获取任务列表 def get(self): """ 任务列表, 刷新部分任务状态 --- tags: - Web漏洞检测 definitions: - schema: id: dto.webvul_tasklist_output properties: data: type: object description: 任务列表 properties:
# -*- coding: utf-8 -*- import re from flask import jsonify, request from flask.views import MethodView from utils.response import CommonResponseMixin, ReturnCode from aquaman.lib.mongo_db import mongo_cli, db_name_conf from bson import ObjectId server_db = db_name_conf()['server_db'] # 资产信息 class AssetInfoView(CommonResponseMixin, MethodView): # 获取资产详情 def get(self): """ 获取资产详情 --- tags: - 资产管理 definitions: - schema: id: dto.assetinfo_output properties: data: type: dao.asset_info $ref: '#/definitions/dao.asset_info' description: response_data errmsg: type: string description: errno
# coding=utf-8 import re import nmap import time from aquaman.lib.mongo_db import db_name_conf, mongo_cli, connectiondb2 from bson import ObjectId from aquaman.modules.automation.asset_scanner import AssetScanner from threading import Thread from apscheduler.schedulers.blocking import BlockingScheduler from utils.logger import get_logger log = get_logger() discovery_db = db_name_conf()['discovery_db'] instance_db = db_name_conf()['instance_db'] class AssetDiscovery: def __init__(self, task_id): self.task_id = task_id self.cursor = mongo_cli[discovery_db].find_one( {'_id': ObjectId(task_id)}) self.target = self.cursor['target'] def nmap_ping_scan(self, network_prefix): nm = nmap.PortScanner() # 设置为nmap扫描状态。 ping_scan_raw = nm.scan( hosts=network_prefix, arguments='-sn' ) # hosts可以是单个IP地址也可以是一整个网段。 arguments就是运用什么方式扫描,-sn就是ping扫描。 host_list_ip = [] for result in ping_scan_raw['scan'].values( ): # 将scan下面的数值赋值给result,并开始遍历。 if result['status']['state'] == 'up': # 如果是up则表明对方主机是存活的。
# coding=utf-8 import time from flask import jsonify from flask.views import MethodView from utils.response import ReturnCode, CommonResponseMixin from aquaman.lib.mongo_db import mongo_cli, db_name_conf plugin_db = db_name_conf()['plugin_db'] auth_db = db_name_conf()['auth_db'] weekpasswd_db = db_name_conf()['weekpasswd_db'] vul_db = db_name_conf()['vul_db'] tasks_db = db_name_conf()['tasks_db'] vulscan_db = db_name_conf()['vulscan_db'] # web instance_db = db_name_conf()['instance_db'] class TopCard(MethodView, CommonResponseMixin): def get(self): """ 图表聚合数据 --- tags: - 首页大盘 definitions: - schema: id: dao.dashboard_info properties: asset_count: type: integer description: 资产数量 vul_count:
def __init__(self): self.auth_db = db_name_conf()['auth_db'] self.weekpasswd_db = db_name_conf()['weekpasswd_db'] self.connectiondb = connectiondb2('AuthTesterLoop')
# coding=utf-8 import re import json import time from flask import jsonify, request from flask.views import MethodView from utils.response import CommonResponseMixin, ReturnCode from aquaman.modules.web_vul.awvs_api import AcunetixScanner from aquaman.modules.automation.asset_scanner import AssetScanner from aquaman.modules.discovery.asset_descovery import AssetDiscovery from aquaman.lib.mongo_db import mongo_cli, db_name_conf from application import settings from bson import ObjectId from threading import Thread config_db = db_name_conf()['config_db'] instance_db = db_name_conf()['instance_db'] portinfo_db = db_name_conf()['portinfo_db'] auth_db = db_name_conf()['auth_db'] # auth tasks_db = db_name_conf()['tasks_db'] # poc vulscan_db = db_name_conf()['vulscan_db'] # web weekpasswd_db = db_name_conf()['weekpasswd_db'] # auth detect vul_db = db_name_conf()['vul_db'] # poc detect plugin_db = db_name_conf()['plugin_db'] class InstanceInfoListView(MethodView, CommonResponseMixin): def get(self): """ 获取实例列表 ---
import time from threading import Thread from application import settings from multiprocessing import Pool from aquaman.lib.mongo_db import db_name_conf, connectiondb, connectiondb2 from utils.public import parse_target from apscheduler.schedulers.blocking import BlockingScheduler from bson import ObjectId from pocsuite.api.cannon import Cannon from func_timeout.exceptions import FunctionTimedOut from utils.logger import get_logger import logging logging.basicConfig() log = get_logger() config_db = db_name_conf()['config_db'] tasks_db = db_name_conf()['tasks_db'] vul_db = db_name_conf()['vul_db'] def verify_poc(scan_info): frequency = connectiondb(config_db).find_one( {'config_name': settings.CONFIG_NAME})['poc_frequency'] plugin_name = scan_info['plugin_name'] plugin_filename = scan_info['plugin_filename'] target = scan_info['target'] info = { "pocname": plugin_name, "pocstring": open(plugin_filename, 'r').read(), "mode": 'verify' }
def __init__(self): # 更新Mongo中AWVS的任务状态 # 定时从AWVS服务端的获取target_id的状态 self.vulscan_db = db_name_conf()['vulscan_db'] self.connectiondb = connectiondb2('AwvsTaskLoop')