def plugins_scan_by_subdomain():
if request.method == "POST":
json_data = request.get_json()
plugins_id_list = json_data['plugins_id_list']
domains_list = json_data['domains_list']
#对domains_list做空白字符处理
if domains_list[-1] == "":
domains_list.pop(-1)
# 调用celery任务
r = check_plugins_task.delay(plugins_id_list, domains_list)
# taskid入库
insert_taskid_db({
"task_id":
r.task_id,
"add_time":
get_current_time(),
"task_type":
"pluginscan",
"plugin_list":
plugins_id_list,
"domain_list":
domains_list,
"task_info":
"对{0}等{1}个域名进行插件扫描,插件id为{2}等{3}个".format(domains_list[0],
len(domains_list),
plugins_id_list[0],
len(plugins_id_list))
})
return {"code": 200, "msg": "plugin scan task success"}
return {"code": 201, "msg": "POST method need"}
def save_sub_domains(self):
while not self.sub_domain_exist_result_queue.empty():
self.sub_domain_exist_result_list.append(
self.sub_domain_exist_result_queue.get())
#去重存库 存入pa_domain,完成了域名扫描,修改task_process状态
pa_domain.update_one({"domain": self.domain}, {
"$set": {
"subdomain": self.sub_domain_exist_result_list,
"task_subdomain_process": 1
}
})
#存入二级域名
for i in range(len(self.sub_domain_exist_result_list)):
pa_sub_domain.insert({
"subdomain":
self.sub_domain_exist_result_list[i]['sub_domain'],
"sub_domain_ip":
self.sub_domain_exist_result_list[i]['ip']
})
for j in range(len(self.sub_domain_exist_result_list[i]['ip'])):
# 存入ip
#先判断数据库里有没有这个ip
if not pa_ip.find_one(
{"ip": self.sub_domain_exist_result_list[i]['ip'][j]}):
pa_ip.insert({
"ip":
self.sub_domain_exist_result_list[i]['ip'][j],
"scaned_num":
0,
"add_time":
get_current_time(),
"port": []
})
def save_scan_data(self):
data = self.mas.scan_result['scan']
port_open_list = []
for key in data:
for k in data[key]['tcp']:
if (data[key]['tcp'][k]['state'] == 'open'):
port_open_list.append(k)
#插入ip,如果插入的ip已经存在,则更新即可
index = pa_ip.find_one({"ip": key})
if index:
#ip存在的话,只需要更新端口,并且增加扫描次数即可
new_scaned_num = index['scaned_num'] + 1
pa_ip.update_one({"ip": key}, {
"$set": {
"port": port_open_list,
"scaned_num": new_scaned_num
}
})
else:
#不存在的话,直接插入一个新的即可
pa_ip.insert({
"ip": key,
"port": port_open_list,
"add_time": get_current_time(),
"has_scaned": True
})
def save_sub_domains(self):
while not self.sub_domain_exist_result_queue.empty():
self.sub_domain_exist_result_list.append(
self.sub_domain_exist_result_queue.get())
#去重存库 存入pa_domain
pa_domain.update_one(
{"domain": self.domain},
{"$set": {
"subdomain": self.sub_domain_exist_result_list
}})
#存入二级域名
for i in range(len(self.sub_domain_exist_result_list)):
pa_sub_domain.insert({
"subdomain":
self.sub_domain_exist_result_list[i]['sub_domain']
})
for j in range(len(self.sub_domain_exist_result_list[i]['ip'])):
# 存入ip
#先判断数据库里有没有这个ip
if not pa_ip.find_one(
{"ip": self.sub_domain_exist_result_list[i]['ip'][j]}):
pa_ip.insert({
"ip":
self.sub_domain_exist_result_list[i]['ip'][j],
"has_scaned":
False,
"add_time":
get_current_time(),
"last_scan_time":
""
})
def scan_ip():
domain = request.args.get("domain")
#在数据库搜索该domain的索引
domain_index = pa_domain.find_one({"domain": domain})
if domain_index:
# 声明ip_list
ip_list = []
#获取整个domain所对应的ip
for item in domain_index['subdomain']:
for ip_s in item['ip']:
ip_list.append(ip_s)
#对ip_list去重
ip_list = list(set(ip_list))
#调用scan_ip 任务 传入主域名和对应的ip列表
r = scan_ip_task.delay(domain, ip_list)
# taskid入库
insert_taskid_db({
"task_id":
r.task_id,
"add_time":
get_current_time(),
"task_type":
"ip_scan",
"ip_list":
ip_list,
"task_info":
"对{0}域名下的{1}等{2}个ip进行端口扫描".format(domain, ip_list[0], len(ip_list))
})
return {"code": 200, "msg": "添加扫描任务成功"}
return {"code": 201, "msg": "未找到该域名所对应ip"}
def check(host):
result = []
uris = ['readme.md', 'README.MD', 'readme.MD', 'README.md']
schemes = ['http', 'https']
result_http = False
result_https = False
for scheme in schemes:
target = "{0}://{1}/".format(scheme, host)
try:
for uri in uris:
url = target + uri
requests.packages.urllib3.disable_warnings()
response = requests.get(url,
headers=headers,
verify=False,
timeout=7)
if response.status_code == 200 and response.headers.get(
'Content-Type') in [
'application/octet-stream', 'text/markdown'
]:
if len(response.text) and response.text[0] not in [
'<', '{', '['
]:
output = response.text
if scheme == 'http':
result_http = (True, scheme, host, url, output)
if scheme == 'https':
result_https = (True, scheme, host, url, output)
except Exception as e:
pass
result.append(result_http)
result.append(result_https)
print(result)
#入库
if len(result) > 0:
for info in result:
if info:
pa_vuln.insert({
"host": info[2],
"vuln_proof": info[4],
"vuln_url": info[3],
"plugin_id": 1,
"plugin_info": "用来探测网站是否存在readme文件",
"add_time": get_current_time()
})
return result
def plggins_scan_by_maindomain():
if request.method == "POST":
#获取POST过来的数据
json_data = request.get_json()
plugins_id_list = json_data['plugins_id_list']
domain = json_data['domain']
#声明二级域名的列表
subdomain_list = []
#通过domain获取所有的该domain的二级域名
index = pa_domain.find_one({"domain": domain})
if index:
subdomain = index['subdomain']
for sub in subdomain:
subdomain_list.append(sub["sub_domain"])
#没有在数据库中找到该主域名
else:
return {
"code": 202,
"msg": "did not find domain {0}".format(domain)
}
if len(subdomain_list) > 0:
# 调用celery任务,并且获取任务id
r = check_plugins_task.delay(plugins_id_list, subdomain_list)
#记录任务id
insert_taskid_db({
"task_id":
r.task_id,
"add_time":
get_current_time(),
"task_type":
"pluginscan",
"plugin_list":
plugins_id_list,
"domain_list":
subdomain_list,
"task_info":
"对{0}域名下的{1}个子域名进行插件扫描,插件id为{2}等{3}个".format(
domain, len(subdomain_list), plugins_id_list[0],
len(plugins_id_list))
})
return {"code": 200, "msg": "plugin scan task success"}
return {"code": 201, "msg": "POST method need"}