def vuln_judge(self):
vuln_judges = []
vuln_h_num = [0,6]
vuln_m_num = [0,2]
vuln_l_num = [0,1]
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from vuln"
cursor.execute(sql)
vuln_infos = cursor.fetchall()
for vuln_info in vuln_infos:
if vuln_info[3] == "INFO":
vuln_m_num[0] = vuln_m_num[0] + 1
if vuln_info[3] == "unAuth" and vuln_info[4] == 1:
vuln_m_num[0] = vuln_m_num[0] + 1
if vuln_info[3] == "CORS":
vuln_l_num[0] = vuln_l_num[0] + 1
if vuln_info[3] == "unAuth" and vuln_info[4] == 2:
vuln_l_num[0] = vuln_l_num[0] + 1
if vuln_info[3] == "passWord":
vuln_h_num[0] = vuln_h_num[0] + 1
if vuln_info[3] == "BAC":
vuln_m_num[0] = vuln_m_num[0] + 1
if vuln_info[3] == "upLoad":
vuln_h_num[0] = vuln_h_num[0] + 1
vuln_score = vuln_h_num[0]*vuln_h_num[1] + vuln_m_num[0]*vuln_m_num[1] + vuln_l_num[0]*vuln_l_num[1]
vuln_judges.append(vuln_score)
vuln_judges.append(vuln_h_num[0])
vuln_judges.append(vuln_m_num[0])
vuln_judges.append(vuln_l_num[0])
return vuln_judges
def bacTest(self):
try:
whole_list = []
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree where success = 1 or success = 2"
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
for apiInfo in apiTreeInfo:
name_list=[]
api_option = apiInfo[3]
api_path = apiInfo[1]
if api_option:
json_strs = json.loads(api_option)
if json_strs["type"] == "post":
json_strs = json.loads(api_option)["post"]
else:
json_strs = json.loads(api_option)["get"]
# 循环遍历
for json_str in json_strs:
json_default = json_str["default"] # 获取default参数的数值
# 如果是数字
if json_default.isdigit():
# for json_str in json_strs:
# print(json_str["name"])
name_list.append(json_str["name"])
# BacTest(self.projectTag).startTest(name_list,api_path,api_option)
self.startTest(name_list,api_path,api_option)
break
except Exception as e:
self.log.error("[Err] %s" % e)
def sqlTest(self):
whole_list = []
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
# success=1 的情况是get的情况 success=2的情况是post的情况
sql = "select * from api_tree where success = 1 or success = 2"
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
for apiInfo in apiTreeInfo:
name_list = []
api_option = apiInfo[3]
api_path = apiInfo[1]
json_strs = json.loads(api_option)
if json_strs["type"] == "post":
json_strs = json.loads(api_option)["post"]
else:
json_strs = json.loads(api_option)["get"]
for json_str in json_strs:
json_default = json_str["default"]
if json_default.isdigit():
for json_str in json_strs:
name_list.append(json_str["name"])
self.startTest(name_list, api_path, api_option)
break
def apiComplete(self):
self.baseUrlPaths = list(set(self.baseUrlPaths)) # list去重
self.apiPaths = list(set(self.apiPaths))
url = DatabaseType(self.projectTag).getURLfromDB()
if "#" in url: # 帮我检测下此处逻辑
url = url.split("#")[0]
res = urlparse(url)
tmpUrl = res.path.split("/")
if "." in tmpUrl[-1]:
del tmpUrl[-1]
hostURL = res.scheme + "://" + res.netloc + "/"
url = res.scheme + "://" + res.netloc + "/".join(tmpUrl)
if url[-1:] != "/":
url = url + "/"
for baseurl in self.baseUrlPaths:
for apiPath in self.apiPaths:
if baseurl == "/":
completeUrl1 = url + apiPath
completeUrl2 = hostURL + apiPath
self.completeUrls.append(completeUrl1)
self.completeUrls.append(completeUrl2)
else:
completeUrl1 = url + baseurl + apiPath
completeUrl2 = hostURL + baseurl + apiPath
self.completeUrls.append(completeUrl1)
self.completeUrls.append(completeUrl2)
self.completeUrls = list(set(self.completeUrls))
for completeUrl in self.completeUrls:
if "//" in completeUrl.split("//", 1)[1]:
completeUrl = completeUrl.split("//", 1)[0] + "//" + completeUrl.split("//", 1)[1].replace("//", "/")
completeApiPath = completeUrl.split("§§§")[0]
filePath = completeUrl.split("§§§")[1]
DatabaseType(self.projectTag).apiRecordToDB(filePath, completeApiPath)
self.log.info(Utils().tellTime() + Utils().getMyWord("{total_api_num}") + str(len(self.completeUrls)))
def checkSpiltingTwice(self, projectPath):
self.log.info(Utils().tellTime() +
Utils().getMyWord("{check_codesplit_twice}"))
for parent, dirnames, filenames in os.walk(projectPath,
followlinks=True):
for filename in filenames:
if filename != self.projectTag + ".db":
tmpName = filename.split(".")
if len(tmpName) == 4:
localFileName = "." + tmpName[-2] + ".js"
self.localFileNames.append(localFileName)
remotePath = DatabaseType(
self.projectTag).getJsUrlFromDB(
filename, projectPath)
tmpRemotePath = remotePath.split("/")
del tmpRemotePath[-1]
newRemotePath = "/".join(tmpRemotePath) + "/"
self.remotePaths.append(newRemotePath)
self.remotePaths = list(set(self.remotePaths))
if len(self.localFileNames) > 3: # 一切随缘
localFileName = self.localFileNames[0]
for baseurl in self.remotePaths:
tmpRemoteFileURLs = []
res = urlparse(baseurl)
i = 0
while i < 500:
remoteFileURL = baseurl + str(i) + localFileName
i = i + 1
tmpRemoteFileURLs.append(remoteFileURL)
GroupBy(tmpRemoteFileURLs, self.options).stat()
tmpRemoteFileURLs = GroupBy(tmpRemoteFileURLs,
self.options).start()
for remoteFileURL in tmpRemoteFileURLs:
self.remoteFileURLs.append(remoteFileURL)
else:
for localFileName in self.localFileNames:
for baseurl in self.remotePaths:
tmpRemoteFileURLs = []
res = urlparse(baseurl)
i = 0
while i < 500:
remoteFileURL = baseurl + str(i) + localFileName
i = i + 1
tmpRemoteFileURLs.append(remoteFileURL)
GroupBy(tmpRemoteFileURLs, self.options).stat()
tmpRemoteFileURLs = GroupBy(tmpRemoteFileURLs,
self.options).start()
for remoteFileURL in tmpRemoteFileURLs:
self.remoteFileURLs.append(remoteFileURL)
if self.remoteFileURLs != []:
self.remoteFileURLs = list(set(self.remoteFileURLs)) # 其实不会重复
self.log.info(Utils().tellTime() +
Utils().getMyWord("{check_codesplit_twice_fini_1}") +
str(len(self.remoteFileURLs)) +
Utils().getMyWord("{check_codesplit_twice_fini_2}"))
DownloadJs(self.remoteFileURLs,
self.options).downloadJs(self.projectTag, res.netloc,
999) # 999表示爆破
def jsCodeCompile(self, jsCode, jsFilePath):
try:
self.log.info(Utils().tellTime() +
Utils().getMyWord("{get_codesplit}"))
variable = re.findall(r'\[.\]', jsCode)
if "[" and "]" in variable[0]:
variable = variable[0].replace("[", "").replace("]", "")
jsCodeFunc = "function js_compile(%s){js_url=" % (
variable) + jsCode + "\nreturn js_url}"
pattern_jscode = re.compile(r"\(\{\}\[(.*?)\]\|\|.\)", re.DOTALL)
flag_code = pattern_jscode.findall(jsCodeFunc)
if flag_code:
jsCodeFunc = jsCodeFunc.replace(
"({}[%s]||%s)" % (flag_code[0], flag_code[0]),
flag_code[0])
pattern1 = re.compile(r"\{(.*?)\:")
pattern2 = re.compile(r"\,(.*?)\:")
nameList1 = pattern1.findall(jsCode)
nameList2 = pattern2.findall(jsCode)
nameList = nameList1 + nameList2
nameList = list(set(nameList))
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
localFile = jsFilePath.split(os.sep)[-1]
sql = "insert into js_split_tree(jsCode,js_name) values('%s','%s')" % (
jsCode, localFile)
cursor.execute(sql)
connect.commit()
cursor.execute("select id from js_split_tree where js_name='%s'" %
(localFile))
jsSplitId = cursor.fetchone()[0]
cursor.execute("select path from js_file where local='%s'" %
(localFile))
jsUrlPath = cursor.fetchone()[0]
connect.close()
if "exec" not in jsCode and "spawn" not in jsCode: # 防止黑吃黑被命令执行
jsCompileResult = execjs.compile(jsCodeFunc)
for name in nameList:
if "\"" in name:
name = name.replace("\"", "")
if "undefined" not in jsCompileResult.call(
"js_compile", name):
jsFileName = jsCompileResult.call("js_compile", name)
self.jsFileNames.append(jsFileName)
self.log.info(Utils().tellTime() +
Utils().getMyWord("{run_codesplit_s}") +
str(len(self.jsFileNames)))
self.getRealFilePath(jsSplitId, self.jsFileNames, jsUrlPath)
self.log.debug("jscodecomplie模块正常")
except Exception as e:
self.log.error("[Err] %s" % e) # 这块有问题,逻辑要改进
return 0
def collect_api_str(self):
whole_post_str = ""
whole_get_str = ""
projectPath = DatabaseType(self.projectTag).getPathfromDB()
for parent, dirnames, filenames in os.walk(projectPath,
followlinks=True):
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree where success = 1 or success = 2"
cursor.execute(sql)
api_list = cursor.fetchall()
for api in api_list:
api_post_list = ""
api_get_list = ""
api_id = "§§§" + str(api[0]) + "§§§\n"
for filename in filenames:
if filename != self.projectTag + ".db":
filePath = os.path.join(parent, filename)
with open(filePath,
"r",
encoding="utf-8",
errors="ignore") as f:
js_strs = f.readlines()
count = 0
for js_str in js_strs:
count = count + 1
locationInfo = re.search(api[2], js_str)
if locationInfo != None:
startInfoEnds = js_strs[count - 5:count +
5]
startstring = ""
for startInfoEnd in startInfoEnds:
startstring = startstring + startInfoEnd
if "post" in startstring:
api_post_list = api_post_list + startstring
else:
api_get_list = api_get_list + startstring
if api_post_list:
whole_post_str = whole_post_str + api_post_list + api_id
if api_get_list:
whole_get_str = whole_get_str + api_get_list + api_id
whole_str = []
whole_str.append(whole_post_str)
# with open("post.js","w",encoding="utf-8") as f:
# f.write(whole_post_str)
# f.close()
whole_str.append(whole_get_str)
# with open("get.js","w",encoding="utf-8") as f:
# f.write(whole_get_str)
# f.close()
return whole_str
def tree_list(self, document):
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select path from api_tree where success = 1 or success = 2"
cursor.execute(sql)
apinfo = cursor.fetchall()
sql = "select path from js_file"
cursor.execute(sql)
jsInfo = cursor.fetchall()
jsInfo = jsInfo + apinfo
list1 = [[] for i in range(len(jsInfo))]
k = 0
for js in jsInfo:
js = js[0]
path = js.split("/")[3:]
list1[k].append(path)
k = k + 1
for i in range(len(list1)):
for j in range(len(list1[i][0])):
if not j == 0:
list1[i][0][j] = list1[i][0][j - 1] + "-->" * j + list1[i][0][j]
list_max = []
for i in range(len(list1)):
for j in range(len(list1[i])):
maxlen = len(list1[i][j])
list_max.append(maxlen)
maxlen = max(list_max)
level_list = [[] for i in range(maxlen)]
for i in range(len(list1)):
for j in range(maxlen):
if list1[i][0][j:j + 1] != []:
level_list[j].append(list1[i][0][j:j + 1][0])
new_level_list = []
for i in level_list:
param = list(set(i))
new_level_list.append(param)
level_add = 1
main_url = DatabaseType(self.projectTag).getURLfromDB()
parse_url = urlparse(main_url)
host = parse_url.netloc
self.treeStr = self.treeStr + host + "\n"
for trunk in new_level_list[0]:
self.treeStr = self.treeStr + ("|----" + trunk) + "\n"
self.loop_branch(new_level_list, level_add, trunk)
para1 = Creat_tree(self.projectTag).locat_suggest(document)
para2 = para1.insert_paragraph_before("")
run2 = para2.add_run("当前网站资源树如下:")
run2.font.name = "Arial"
run2.font.size = Pt(11)
run2.font.bold = True
Creat_tree(self.projectTag).creat_table(document, self.treeStr, para2)
def startInfoTest(self):
projectPath = DatabaseType(self.projectTag).getPathfromDB()
for parent, dirnames, filenames in os.walk(projectPath,
followlinks=True):
for filename in filenames:
if filename != self.projectTag + ".db":
filePath = os.path.join(parent, filename)
with open(filePath, "r", encoding="utf-8",
errors="ignore") as jsPath:
js_str = jsPath.read()
for infoTest in self.info_Test.split(","):
info_re = infoTest.split("§§§")[0]
infoTest_re = info_re + r"\:\s?\"(.*?)\""
info_strs = re.findall(infoTest_re, js_str)
location_info = re.search(infoTest_re, js_str)
infoRe = infoTest.split("§§§")[0]
infoTestRe = infoRe + r"\:\s?\"(.*?)\""
infoLast = infoTest.split("§§§")[1]
infoStr = re.findall(infoTestRe, js_str)
locationInfo = re.search(infoTestRe, js_str)
if locationInfo != None:
startInfo = locationInfo.span()[0]
startInfoEnd = js_str[startInfo -
77:startInfo +
77].replace("\'", "\"")
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB(
) + self.projectTag + ".db"
connect = sqlite3.connect(
os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
if infoStr[0]:
try:
jsId = DatabaseType(
self.projectTag).getJsIDFromDB(
filename, projectPath)
sql = "insert into vuln(api_id,js_id,response_b,response_h,sure,type,des) values ('" + str(
7777777
) + "','" + str(jsId) + "','" + str(
infoStr[0]) + "','" + str(
startInfoEnd
) + "','" + str(
1
) + "','" + "INFO" + "','" + str(
infoLast) + "')"
cursor.execute(sql)
connect.close()
except Exception as e:
self.log.error("[Err] %s" % e)
jsPath.close()
def getIDFromDB(self):
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id,from_js from api_tree where path=\"" + self.path + "\""
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
if len(apiTreeInfo) != 0:
try:
self.api_id = int(apiTreeInfo[0][0]) # 对应路径的api_id
self.from_js = int(apiTreeInfo[0][1]) # 对应路径的from_js
except Exception as e:
self.log.error("[Err] %s" % e)
def vulntestStart(self,options):
# 获取from_js 和api_id
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id,from_js from api_tree where path=\"" + self.path + "\""
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
if len(apiTreeInfo) != 0:
api_id = int(apiTreeInfo[0][0]) # 对应路径的api_id
from_js = int(apiTreeInfo[0][1]) # 对应路径的from_js
message = str(readConfig.ReadConfig().getValue('vulnTest', 'login')[0]).split(',')
# get类型返回的数据列表
getdatas = self.getdatas
# post类型返回的数据列表
postdatas = self.postdatas
jsonpostdata = self.jsonposts
# post请求
if len(getdatas) == 0:
postobj = PostsDataText(self.path, options)
# 传入post的数据和json的数据 线程池跑
# postobj.res.items 是返回的结果
postobj.run(postdatas, jsonpostdata)
for key, value in postobj.res.items():
#print(key + ": " + value)
for flag in message:
if flag in str(value):
# 进行数据裤的插入
try:
DatabaseType(self.projectTag).insertWeakPassInfoIntoDB(api_id,from_js,str(key), str(value))
except Exception as e:
self.log.error("[Err] %s" % e)
# get请求
if len(postdatas) == 0:
getobj = ApiText(getdatas, options)
getobj.run()
for key, value in getobj.res.items():
for flag in message:
if flag in str(value):
# 进行数据裤的插入
try:
DatabaseType(self.projectTag).insertWeakPassInfoIntoDB(api_id,from_js,str(key), str(value))
except Exception as e:
self.log.error("[Err] %s" % e)
def uploadTest(self):
try:
for uploadtest in self.uploadtest_list.split(","):
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree where name = '%s'"%(uploadtest)
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
for apiInfo in apiTreeInfo:
up_list = []
api_path = apiInfo[1]
up_list.append(api_path)
#print(up_list[0])
self.startTest(up_list[0])
except Exception as e:
self.log.error("[Err] %s" % e)
def apiUnAuthTest(self):
try:
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree where success = 1 or success = 2"
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
for apiInfo in apiTreeInfo:
for resultFilter in self.resultFilters.split(","):
try:
if resultFilter not in apiInfo[4]:
flag = 1
else:
flag = 0
break
except:
flag = 0
if flag:
# print(apiInfo[4])
self.api_UnAuth_result.append(apiInfo[4])
sql = "select from_js from api_tree where id=('%s')" % apiInfo[
0]
cursor.execute(sql)
js_id = cursor.fetchone()
for unauth_not_sure in self.unauth_not_sure.split(","):
if unauth_not_sure not in apiInfo[4]:
flag = 1
else:
flag = 0
break
if flag:
sql = "insert into vuln(api_id,js_id,response_b,sure,type) values ('%s','%s','%s','%s','unAuth')" % (
apiInfo[0], js_id[0], apiInfo[4], 1)
else:
sql = "insert into vuln(api_id,js_id,response_b,sure,type) values ('%s','%s','%s','%s','unAuth')" % (
apiInfo[0], js_id[0], apiInfo[4], 2)
cursor.execute(sql)
connect.close()
except Exception as e:
self.log.error("[Err] %s" % e)
def passwordTest(self):
for passwordtests in self.passwordtest_list.split(","):
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree where name = '%s'"%(passwordtests)
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
for apiInfo in apiTreeInfo:
pass_list = []
api_path = apiInfo[1]
pass_list.append(api_path)
api_option = apiInfo[3]
if api_option:
pass_list.append(api_option)
for passwordusers in self.passworduser_list.split(","):
if passwordusers in api_option:
pass_list.append(passwordusers)
flag = 1
break
else:
flag = 0
pass_list.append("none")
if flag:
for passwordpass in self.passwordpass_list.split(","):
if passwordpass in api_option:
pass_list.append(passwordpass)
flag = 1
break
else:
flag = 0
pass_list.append("none")
# PasswordTest(self.projectTag).startTest(pass_list[0],pass_list[1],pass_list[2],pass_list[3])
if (pass_list[3] != "none") and (pass_list[2] != "none"):
self.startTest(pass_list[0],pass_list[1],pass_list[2],pass_list[3])
def startTest(self,name,path,option):
try:
self.path = path
# 数据库读取
name = "".join(name)
# 处理完成后的get请求
get_param = []
get_burp = [] # 爆破参数集合
# {"type":"get","get":[{"name":"id","default":"1"}]}
datas = json.loads(option)
method = datas["type"]
data = datas[method]
# get 请求部分参数
if method == "get":
domain = self.path.split("?")[0] # 获取主域名
for value in data:
get_name = value["name"] # get 请求的参数
get_default = value["default"] # get 请求的参数值
if get_name == name: # 如果参数等于name
for value in range(1,6):
get_req = str("".join(name)) + "=" + str(value) # 进行拼姐
get_burp.append(get_req) # 遍历后的参数
# 筛选出来 只有一个还是说 有多个
elif get_name!=None:
param = get_name + "=" + get_default
get_param.append(param)
if len(get_param) == 0:
for value in get_burp:
get_result = domain + "?" + value
self.get_results.append(get_result)
else:
for value in get_burp:
get_result = domain + "?" + value +"&"+ "&".join(get_param)
self.get_results.append(get_result)
# 返回数据包比较大小功能
"""
数据库
"""
# get 请求 测试
get_resp_lens = {}
try:
get_obj = ApiText(self.get_results,self.options)
get_obj.run()
get_texts = get_obj.res
except Exception as e:
self.log.error("[Err] %s" % e)
# 遍历字典中的元素
for req,resp in get_texts.items():
# 返回数据大小
resp_body = len(resp)
get_resp_lens[req] = resp_body
# 筛选
get_select_list = set()
get_all_list = []
for value in get_resp_lens.values():
get_select_list.add(int(value))
get_all_list.append(value)
get_resp_data1 = ""
get_resp_data2 = ""
get_req_data1 = ""
get_req_data2 = ""
# 页面返回包数据 {10496, 7588, 7246,7738}
# 只要有三个不同
# get_select_list = list(get_select_list)
get_repeat_nums = dict(Counter(get_all_list))
get_repeat_num = int("".join([str(key) for key, value in get_repeat_nums.items() if value > 1])) # 获取到我们重复的数据
if len(get_select_list) >=3:
# 需要写入到数据库中
for key,value in get_resp_lens.items():
value = int(value)
# if value in get_select_list: # 如果数值在set中说明是不同的
if value != get_repeat_num:
get_resp_data1 = get_texts[key]
get_req_data1 = str(key)
# if value not in get_select_list:
if value == get_repeat_num:
get_resp_data2 = get_texts[key]
get_req_data2 = str(key)
# 写入数据库的data
get_data = str(get_resp_data1) + "§§§" + str(get_resp_data2)
get_req = get_req_data1 + "§§§" + get_req_data2
# 写入数据库
# 数据库连接
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id,from_js from api_tree where path=\"" + self.path + "\""
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
if len(apiTreeInfo) != 0:
api_id = int(apiTreeInfo[0][0]) # 对应路径的api_id
from_js = int(apiTreeInfo[0][1]) # 对应路径的from_js
# 数据库连接
try:
DatabaseType(self.projectTag).insertBacInfoIntoDB(api_id,from_js,get_req,quote(get_data))
except Exception as e:
self.log.error("[Err] %s" % e)
post_json_burp = []
post_json_prama = {}
post_json = {}
post_burp = []
post_param = []
# post 请求参数部分
if method == "post":
for value in data:
post_name = value["name"] # post 请求的参数
post_default = value["default"] # post 请求的参数值
if post_name == name:
post_num = int(post_default)
# 对参数做一个循环遍历
for value in range(1,6):
post_json[name] = value
post_req = str("".join(name)) + "=" + str(value)
post_burp.append(post_req)
# json加入列表需要使用copy方法
post_json_burp.append(post_json.copy())
else:
param = post_name + "=" + post_default
post_param.append(param)
# 存储json类型
post_json_prama[post_name] = post_default
for data in post_json_burp:
for key,value in data.items():
post_json_prama[key] = value
self.post_json_results.append(post_json_prama.copy())
for value in post_burp:
post_result = value + "&" + "&".join(post_param)
self.post_data_results.append(post_result)
# post请求测试
post_resp_data1 = ""
post_resp_data2 = ""
post_req_data1 = ""
post_req_data2 = ""
post_resp_lens = {}
try:
post_obj = PostsDataText(self.path,self.options)
post_obj.run(self.post_data_results,self.post_json_results)
post_texts = post_obj.res
except Exception as e:
self.log.error("[Err] %s" % e)
# key对应的是传输过去的data value 对应的是返回数值
# 获取 返回数据包的五个数值
for req_data,resp in post_texts.items():
resp_body = len(resp)
# 存入字典 建立键值对
post_resp_lens[req_data] = resp_body
post_select_list = set()
post_all_list = []
for value in post_resp_lens.values():
post_select_list.add(int(value))
post_all_list.append(value)
post_repeat_nums = dict(Counter(post_all_list))
post_repeat_num = int("".join([str(key) for key, value in post_repeat_nums.items() if value > 1])) # 获取到我们重复的数据
if len(post_select_list) >= 3:
# 需要写入到数据库中
for key,value in post_resp_lens.items():
value = int(value)
if value != post_repeat_num:
post_resp_data1 = post_texts[key]
post_req_data1 = str(key)
if value == post_repeat_num:
post_resp_data2 = post_texts[key]
post_req_data2 = str(key)
# 写入数据库的data
post_data = str(post_resp_data1) + "§§§" + str(post_resp_data2)
post_req = post_req_data1 + "§§§" + post_req_data2
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id,from_js from api_tree where path=\"" + self.path + "\""
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
if len(apiTreeInfo) != 0:
api_id = int(apiTreeInfo[0][0]) # 对应路径的api_id
from_js = int(apiTreeInfo[0][1]) # 对应路径的from_js
try:
DatabaseType(self.projectTag).insertBacInfoIntoDB(api_id,from_js,post_req,post_data)
except Exception as e:
self.log.error("[Err] %s" % e)
except Exception as e:
self.log.error("[Err] %s" % e)
def creat_api(self, document):
para1 = Creat_api(self.projectTag).locat_api(document)
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree"
cursor.execute(sql)
api_infos = cursor.fetchall()
for api_info in api_infos:
if api_info[5] == 1 or api_info[5] == 2:
para2 = para1.insert_paragraph_before("")
api_path = api_info[1]
sql = "select path from js_file where id='%s'" % (api_info[6])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para2.add_run(Utils().getMyWord("{r_api_addr}") +
"\n")
run2.font.name = "Arial"
run2.font.size = Pt(11)
run2.font.bold = True
run3 = para2.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(11)
run4 = para2.add_run("\n" +
Utils().getMyWord("{r_api_r_js}") +
"\n")
run4.font.name = "Arial"
run4.font.size = Pt(11)
run4.font.bold = True
run5 = para2.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(11)
run6 = para2.add_run("\n" +
Utils().getMyWord("{r_api_res}") + "")
run6.font.name = "Arial"
run6.font.size = Pt(11)
run6.font.bold = True
try:
if api_info[4] == None:
api_info1 = "\" \""
api_info_unicode = json.dumps(
json.loads(api_info1),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_api(self.projectTag).creat_table(
document, api_info_unicode, para2)
else:
api_info_unicode = json.dumps(json.loads(
api_info[4]),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_api(self.projectTag).creat_table(
document, api_info_unicode, para2)
self.log.debug("api_info正常")
except Exception as e:
if api_info[4] == None:
api_info1 = "\" \""
Creat_api(self.projectTag).creat_table(
document, api_info1, para2)
else:
Creat_api(self.projectTag).creat_table(
document, api_info[4], para2)
self.log.error("[Err] %s" % e)
def docxReplace(self, document):
cmd = CommandLines().cmd()
ipAddr = testProxy(cmd,0)
end_time = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
report_time = time.strftime("%Y-%m-%d %H:%M", time.localtime())
main_url = DatabaseType(self.projectTag).getURLfromDB()
parse_url = urlparse(main_url)
host = parse_url.netloc
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id from js_file"
cursor.execute(sql)
js_all_files = cursor.fetchall()
js_num = len(js_all_files)
sql = "select path from js_file"
cursor.execute(sql)
jsfilelist = cursor.fetchall()
js_paths=''
for js in jsfilelist:
jspath = "◆ " + js[0] + "\n"
js_paths = js_paths + jspath
sql ="select id from api_tree where success = 1 or success = 2"
cursor.execute(sql)
api_list = cursor.fetchall()
api_num = len(api_list)
vuln_infos = Docx_replace(self.projectTag).vuln_judge()
vuln_h_num = vuln_infos[1]
vuln_m_num = vuln_infos[2]
vuln_l_num = vuln_infos[3]
vuln_num = vuln_h_num + vuln_m_num + vuln_l_num
vuln_score = vuln_infos[0]
if vuln_score >= 18:
sec_lv = Utils().getMyWord("{risk_h}")
elif vuln_score < 18 and vuln_score >= 10:
sec_lv = Utils().getMyWord("{risk_m}")
elif vuln_score < 10 and vuln_score >= 5:
sec_lv = Utils().getMyWord("{risk_l}")
else:
sec_lv = Utils().getMyWord("{risk_n}")
sql = "select vaule from info where name='time'"
cursor.execute(sql)
time_in_info = cursor.fetchone()
timeArray = time.localtime(int(time_in_info[0]))
start_time = time.strftime("%Y-%m-%d %H:%M:%S", timeArray)
type = CommandLines().cmd().type
if type == "simple":
scan_type = Utils().getMyWord("{mode_simple}")
else:
scan_type = Utils().getMyWord("{mode_adv}")
scan_min = int(end_time.split(":")[-2]) - int(start_time.split(":")[-2])
if int(scan_min) >= 1:
end_time_one = int(end_time.split(":")[-1]) + int(scan_min) * 60
scan_time = int(end_time_one) - int(start_time.split(":")[-1])
else:
scan_time = int(end_time.split(":")[-1]) - int(start_time.split(":")[-1])
vuln_list = ''
sql = "select id from vuln where type='unAuth'"
cursor.execute(sql)
num_auth = cursor.fetchall()
if len(num_auth) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_unauth_num}") + str(len(num_auth)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='CORS'"
cursor.execute(sql)
num_cors = cursor.fetchall()
if len(num_cors) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_cors_num}") + str(len(num_cors)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='INFO'"
cursor.execute(sql)
num_info = cursor.fetchall()
if len(num_info) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_info_num}") + str(len(num_info)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='passWord'"
cursor.execute(sql)
num_passWord = cursor.fetchall()
if len(num_passWord) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_passWord_num}") + str(len(num_passWord)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='BAC'"
cursor.execute(sql)
num_BAC = cursor.fetchall()
if len(num_BAC) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_BAC_num}") + str(len(num_BAC)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='upLoad'"
cursor.execute(sql)
num_upload = cursor.fetchall()
if len(num_upload) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_upload_num}") + str(
len(num_upload)) + Utils().getMyWord(
"{ge}") + "\n"
sql = "select id from vuln where type='SQL'"
cursor.execute(sql)
num_sql = cursor.fetchall()
if len(num_sql) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_sql_num}") + str(
len(num_sql)) + Utils().getMyWord(
"{ge}") + "\n"
cookies = CommandLines().cmd().cookie
if cookies:
extra_cookies = cookies
else:
extra_cookies = Utils().getMyWord("{no_extra_cookies}")
head = CommandLines().cmd().head
if head != "Cache-Control:no-cache":
extra_head = head
else:
extra_head = Utils().getMyWord("{no_extra_head}")
try:
DICT = {
"{report_number}": "PF-API-" + self.projectTag,
"{report_date}": "%s" % (report_time),
"{target_host}": "%s" % (host),
"{target_url}": "%s" % (main_url),
"{js_num}": "%s" % (js_num),
"{start_time}": "%s" % (start_time),
"{scan_time}" :"%s" % (scan_time),
"{scan_type}": "%s" % (scan_type),
"{api_num}": "%s" % (api_num),
"{vuln_num}": "%s" % (vuln_num),
"{vuln_h_num}": "%s" % (vuln_h_num),
"{vuln_m_num}": "%s" % (vuln_m_num),
"{vuln_l_num}": "%s" % (vuln_l_num),
"{unauth_vuln}": "%s" % ("unauth_vuln"),
"{vuln_list}": "%s" % (vuln_list),
"{scan_ip}": "%s" % (ipAddr),
"{extra_cookies}": "%s" % (extra_cookies),
"{extra_head}": "%s" % (extra_head)
}
self.log.debug("word—report正常替换")
except Exception as e:
self.log.error("[Err] %s" % e)
for table in document.tables:
for row in range(len(table.rows)):
for col in range(len(table.columns)):
for key, value in DICT.items():
if key in table.cell(row, col).text:
table.cell(row, col).text = table.cell(row, col).text.replace(key, value)
for para in document.paragraphs:
for i in range(len(para.runs)):
for key, value in DICT.items():
if key in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace(key, value)
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{js_list}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{js_list}", "%s" % (js_paths))
para.runs[i].font.size = Pt(10)
para.runs[i].font.name = "Arial"
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{end_time}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{end_time}", "%s" % (end_time))
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{sec_lv}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{sec_lv}", "%s" % (sec_lv))
para.runs[i].font.size = Pt(14)
if sec_lv == Utils().getMyWord("{risk_n}"):
para.runs[i].font.color.rgb = RGBColor(139,137,137)
elif sec_lv == Utils().getMyWord("{risk_l}"):
para.runs[i].font.color.rgb = RGBColor(46, 139,87)
elif sec_lv == Utils().getMyWord("{risk_m}"):
para.runs[i].font.color.rgb = RGBColor(205, 55, 0)
elif sec_lv == Utils().getMyWord("{risk_h}"):
para.runs[i].font.color.rgb = RGBColor(238, 0, 0)
try:
Creat_vuln_detail(self.projectTag).creat_detail(document)
self.log.debug("正确获取vuln_detail替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
try:
Creat_api(self.projectTag).creat_api(document)
self.log.debug("正确获取api替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
try:
Creat_suggest(self.projectTag).creat_suggest(document)
self.log.debug("正确获取suggest替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
return document
def creat_suggest(self, document):
para1 = Creat_suggest(self.projectTag).locat_suggest(document)
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from vuln"
cursor.execute(sql)
vuln_infos = cursor.fetchall()
flag1 = flag2 = flag3 = flag4 = flag5 = flag6 = flag7 = 0
for vuln_info in vuln_infos:
if vuln_info[3] == "unAuth":
flag1 = 1
elif vuln_info[3] == "INFO":
flag2 = 1
elif vuln_info[3] == "CORS":
flag3 = 1
elif vuln_info[3] == "SQL":
flag4 = 1
elif vuln_info[3] == "upLoad":
flag5 = 1
elif vuln_info[3] == "passWord":
flag6 = 1
elif vuln_info[3] == "BAC":
flag7 = 1
para2 = para1.insert_paragraph_before("")
if flag1 == 1:
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_unauth_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " + Utils().getMyWord("{r_sug_unauth_2}") +
"\n" + "◆ " +
Utils().getMyWord("{r_sug_unauth_3}") + "\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
self.creat_num = self.creat_num + 1
if flag2 == 1:
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_info_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " + Utils().getMyWord("{r_sug_info_2}") +
"\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
self.creat_num = self.creat_num + 1
if flag3 == 1:
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_cors_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " + Utils().getMyWord("{r_sug_cors_2}") +
"\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
self.creat_num = self.creat_num + 1
if flag4 == 1:
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_sqli_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " + Utils().getMyWord("{r_sug_sqli_2}") +
"\n" + "◆ " +
Utils().getMyWord("{r_sug_sqli_3}") + "\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
self.creat_num = self.creat_num + 1
if flag5 == 1:
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_upload_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " + Utils().getMyWord("{r_sug_upload_2}") +
"\n" + "◆ " +
Utils().getMyWord("{r_sug_upload_2}") + "\n" +
Utils().getMyWord("{r_sug_upload_3}") + "\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
self.creat_num = self.creat_num + 1
if flag6 == 1:
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_password_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " +
Utils().getMyWord("{r_sug_password_2}") +
"\n" + "◆ " +
Utils().getMyWord("{r_sug_password_3}") +
"\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
self.creat_num = self.creat_num + 1
if flag7 == 1:
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_bac_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " + Utils().getMyWord("{r_sug_bac_2}") +
"\n" + "◆ " +
Utils().getMyWord("{r_sug_bac_3}") + "\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
self.creat_num = self.creat_num + 1
run = para2.add_run("4." + str(self.creat_num) +
Utils().getMyWord("{r_sug_g_1}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(14)
run.font.bold = True
run2 = para2.add_run("◆ " + Utils().getMyWord("{r_sug_g_2}") + "\n" +
"◆ " + Utils().getMyWord("{r_sug_g_3}") + "\n" +
"◆ " + Utils().getMyWord("{r_sug_g_4}") + "\n" +
"◆ " + Utils().getMyWord("{r_sug_g_5}") + "\n" +
"◆ " + Utils().getMyWord("{r_sug_g_6}") + "\n")
run2.font.name = "Arial"
run2.font.size = Pt(10)
def startTest(self, path):
if self.options.cookie != None:
self.header = {
'User-Agent': random.choice(self.UserAgent),
'Content-Type': 'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Cookie': self.options.cookie,
self.options.head.split(':')[0]:
self.options.head.split(':')[1]
}
else:
self.header = {
'User-Agent': random.choice(self.UserAgent),
'Content-Type': 'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
self.options.head.split(':')[0]:
self.options.head.split(':')[1]
}
data = "".join(str(time.time()).split("."))
#print(data)
rands = bytes().fromhex(data)
ext_fuzz = tqdm([
'asp;.jpg', 'asp.jpg', 'asp;jpg', 'asp/1.jpg', 'asp{}.jpg'.format(
quote('%00')), 'asp .jpg', 'asp_.jpg', 'asa', 'cer', 'cdx',
'ashx', 'asmx', 'xml', 'htr', 'asax', 'asaspp', 'asp;+2.jpg',
'asp;.jpg', 'asp.jpg', 'asp;jpg', 'asp/1.jpg', 'asp{}.jpg'.format(
quote('%00')), 'asp .jpg', 'asp_.jpg', 'asa', 'cer', 'cdx',
'ashx', 'asmx', 'xml', 'htr', 'asax', 'asaspp', 'asp;+2.jpg',
'asPx', 'aspx .jpg', 'aspx_.jpg', 'aspx;+2.jpg', 'asaspxpx',
'php1', 'php2', 'php3', 'php4', 'php5', 'pHp', 'php .jpg',
'php_.jpg', 'php.jpg', 'php. .jpg', 'jpg/.php', 'php.123',
'jpg/php', 'jpg/1.php', 'jpg{}.php'.format(quote('%00')),
'php{}.jpg'.format(quote('%00')), 'php:1.jpg', 'php::$DATA',
'php::$DATA......', 'ph\np', '.jsp.jpg.jsp', 'jspa', 'jsps',
'jspx', 'jspf', 'jsp .jpg', 'jsp_.jpg'
])
flag = 0
try:
# python3 随机生成字符串
sslFlag = int(self.options.ssl_flag)
for ext in ext_fuzz:
# 进度条
ext_fuzz.set_description("Processing %s" % ext)
files = {
"file":
("{}.{}".format(random.randint(1, 100), ext),
(b"\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\xD7"
+ rands))
}
if sslFlag == 1:
resp = requests.post(path,
files=files,
headers=self.header,
proxies=self.proxy_data,
verify=False)
else:
resp = requests.post(path,
files=files,
headers=self.header,
proxies=self.proxy_data)
# 如果上传失败了就继续上传
# 全部走一遍报错
for fail in str(self.upload_fail).split(","):
# 如果返回的信息有失败的
if fail in resp.text:
flag = 1
if flag == 0:
for success in str(self.upload_success).split(","):
if success in resp.text:
#print("文件上传成功")
req_body = resp.request.body
resp_text = resp.text
# 写入数据库
#print(req_body)
#print(resp_text)
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB(
) + self.projectTag + ".db"
connect = sqlite3.connect(
os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id,from_js from api_tree where path=\"" + path + "\""
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
if len(apiTreeInfo) != 0:
#print(apiTreeInfo)
try:
api_id = int(
apiTreeInfo[0][0]) # 对应路径的api_id
from_js = int(
apiTreeInfo[0][1]) # 对应路径的from_js
# 数据库连接
DatabaseType(self.projectTag
).insertUploadInfoIntoDB(
api_id, from_js,
quote(req_body),
resp_text)
except Exception as e:
self.log.error("[Err] %s" % e)
raise getoutofloop()
except getoutofloop:
pass
def FuzzerCollect(self):
templates_post_str = """
{
"type": "post",
"post": [
{result_post}
],
"get": [
{result_get}
]
}"""
try:
whole_str = FuzzerParam(self.projectTag).collect_api_str()
self.log.debug("collect_api_str模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
j = 0
k = 1
for i in range(int((len(whole_str[0].split('§§§')) - 1) / 2)):
sleep(0.1)
result_id = whole_str[0].split('§§§')[k]
result_post = FuzzerParam(self.projectTag).result_method_1(
whole_str[0].split('§§§')[j])
j = j + 2
k = k + 2
if result_post[0]:
replace_str_post = ""
for c in range(len(result_post[0])):
if "\"" not in result_post[1][c]:
default_value = FuzzerParam(
self.projectTag).creatAlpha(3)
else:
default_value = result_post[1][c]
default_value = default_value.replace("\"", "")
for default_judge in self.default_judges.split(","):
if default_judge in default_value:
flag = 1
break
else:
flag = 0
if flag:
default_value = FuzzerParam(
self.projectTag).creatNum(3)
str = "\t{\n\t\t\"name\":\"" + result_post[0][
c] + "\",\n" + "\t\t\"default\":\"" + default_value + "\"\n\t}\n\t,\n"
replace_str_post = replace_str_post + str
templates_post_str = templates_post_str.replace(
"{result_post}", replace_str_post[:-2])
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(
projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_post_str, result_id)
cursor.execute(sql)
l = 0
m = 1
for i in range(int((len(whole_str[1].split('§§§')) - 1) / 2)):
result_id = whole_str[1].split('§§§')[m]
try:
result_get = FuzzerParam(self.projectTag).result_method_1(
whole_str[1].split('§§§')[l])
self.log.debug("result_method_1正常")
except Exception as e:
self.log.error("[Err] %s" % e)
l = l + 2
m = m + 2
if result_get[0]:
replace_str_get = ""
for c in range(len(result_get[0])):
if "\"" not in result_get[1][c]:
default_value = FuzzerParam(
self.projectTag).creatAlpha(3)
else:
default_value = result_get[1][c]
default_value = default_value.replace("\"", "")
for default_judge in self.default_judges.split(","):
if default_judge in default_value:
flag = 1
break
else:
flag = 0
if flag:
default_value = FuzzerParam(
self.projectTag).creatNum(3)
str = "\t{\n\t\t\"name\":\"" + result_get[0][
c] + "\",\n" + "\t\t\"default\":\"" + default_value + "\"\n\t}\n\t,\n"
replace_str_get = replace_str_get + str
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(
projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select option from api_tree where id='%s'" % (result_id)
cursor.execute(sql)
options = cursor.fetchall()
for option in options:
if option[0]:
templates_get_str = option[0]
templates_get_str = templates_get_str.replace(
"{result_get}", replace_str_get[:-2])
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_get_str, result_id)
else:
templates_get_str = """
{
"type": "get",
"post": [
],
"get": [
{result_get}
]
}"""
templates_get_str = templates_get_str.replace(
"{result_get}", replace_str_get[:-2])
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_get_str, result_id)
cursor.execute(sql)
else:
for option in options:
if option[0]:
templates_get_str = option[0]
templates_get_str = templates_get_str.replace(
"{result_get}", "")
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_get_str, result_id)
cursor.execute(sql)
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree where success = 1 or success = 2"
cursor.execute(sql)
api_list = cursor.fetchall()
templates_post_new_str = """
{
"type": "post",
"post": [
],
"get": [
]
}
"""
for api in api_list:
if api[3]:
option = api[3]
option = option.replace("{result_get}", "")
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
option, api[0])
cursor.execute(sql)
else:
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_post_new_str, api[0])
cursor.execute(sql)
sql = "select * from api_tree where success = 1 or success = 2"
cursor.execute(sql)
api_list = cursor.fetchall()
sql = "select * from api_tree where option='%s'" % (
templates_post_new_str)
cursor.execute(sql)
#总共需要暴力提取的数量,可以用这快做进度条
num_vio = cursor.fetchall()
# print(len(num_vio))
num = len(num_vio)
for n in trange(num):
time.sleep(1)
a = 0
for api in api_list:
option = api[3]
if option == templates_post_new_str:
a = a + 1
templates_post_str = """
{
"type": "post",
"post": [
{result_post}
],
"get": [
{result_get}
]
}"""
whole_str = FuzzerParam(self.projectTag).collect_api_str()
j = 0
k = 1
for i in range(int((len(whole_str[0].split('§§§')) - 1) / 2)):
result_id = int(whole_str[0].split('§§§')[k])
try:
result_post = FuzzerParam(
self.projectTag).violent_method(
whole_str[0].split('§§§')[j])
self.log.debug("暴力提取模块正常——post")
except Exception as e:
self.log.error("[Err] %s" % e)
j = j + 2
k = k + 2
if result_id == int(api[0]):
if result_post[0]:
replace_str_post = ""
for j in range(len(result_post[0])):
default_value = result_post[1][j]
str = "\t{\n\t\t\"name\":\"" + result_post[0][
j] + "\",\n" + "\t\t\"default\":\"" + default_value + "\"\n\t}\n\t,\n"
replace_str_post = replace_str_post + str
templates_post_str = templates_post_str.replace(
"{result_post}", replace_str_post[:-2])
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB(
) + self.projectTag + ".db"
connect = sqlite3.connect(
os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_post_str, result_id)
cursor.execute(sql)
break
l = 0
m = 1
for i in range(int((len(whole_str[1].split('§§§')) - 1) / 2)):
result_id = int(whole_str[1].split('§§§')[m])
try:
result_get = FuzzerParam(
self.projectTag).violent_method(
whole_str[1].split('§§§')[l])
self.log.debug("暴力提取模块正常——get")
except Exception as e:
self.log.error("[Err] %s" % e)
l = l + 2
m = m + 2
if result_id == int(api[0]):
if result_get[0]:
replace_str_get = ""
for j in range(len(result_get[0])):
default_value = result_get[1][j]
str = "\t{\n\t\t\"name\":\"" + result_get[0][
j] + "\",\n" + "\t\t\"default\":\"" + default_value + "\"\n\t}\n\t,\n"
replace_str_get = replace_str_get + str
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB(
) + self.projectTag + ".db"
connect = sqlite3.connect(
os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select option from api_tree where id='%s'" % (
result_id)
cursor.execute(sql)
options = cursor.fetchall()
for option in options:
new_str = json.loads(option[0].replace(
"{result_get}", "").replace("\'", "\""))
if new_str["post"]:
templates_get_str = option[0]
templates_get_str = templates_get_str.replace(
"{result_get}", replace_str_get[:-2])
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_get_str, result_id)
else:
templates_get_str = """
{
"type": "get",
"post": [
],
"get": [
{result_get}
]
}"""
templates_get_str = templates_get_str.replace(
"{result_get}", replace_str_get[:-2])
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
templates_get_str, result_id)
cursor.execute(sql)
else:
for option in options:
new_str = json.loads(option[0].replace(
"{result_get}", "").replace("\'", "\""))
sql = "UPDATE api_tree set option='%s' where id='%s'" % (
new_str, result_id)
cursor.execute(sql)
break
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree where success = 1 or success = 2"
cursor.execute(sql)
api_list = cursor.fetchall()
for api in api_list:
option = api[3]
option = option.replace("{result_get}",
"").replace("{result_post}", "")
sql = "UPDATE api_tree set option='%s' where id='%s'" % (option,
api[0])
cursor.execute(sql)
def creat_detail(self, document):
para1 = Creat_vuln_detail(self.projectTag).locat_detail(document)
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from vuln"
cursor.execute(sql)
vuln_infos = cursor.fetchall()
k = len(vuln_infos)
try:
for vuln_info in vuln_infos:
if vuln_info[3] == "unAuth" and vuln_info[4] == 1:
sql = "select * from api_tree where id='%s'" % (
vuln_info[1])
cursor.execute(sql)
api_infos = cursor.fetchall()
for api_info in api_infos:
para2 = para1.insert_paragraph_before("")
UserLogin = api_info[2]
api_path = api_info[1]
run = para2.add_run(
"2." + str(self.creat_num) + " " + str(UserLogin) +
Utils().getMyWord("{r_vuln_unauth}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(16)
run.font.bold = True
sql = "select path from js_file where id='%s'" % (
vuln_info[2])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para2.add_run(
Utils().getMyWord("{r_api_addr}"))
run2.font.name = "Arial"
run2.font.size = Pt(10)
run2.font.bold = True
run3 = para2.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(10)
run4 = para2.add_run(
"\n" + Utils().getMyWord("{r_api_js}"))
run4.font.name = "Arial"
run4.font.size = Pt(10)
run4.font.bold = True
run5 = para2.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5 = para2.add_run(
"\n" + Utils().getMyWord("{r_api_res}"))
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5.font.bold = True
self.creat_num = self.creat_num + 1
vuln_info_js_unicode = json.dumps(
json.loads(vuln_info[6]),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info_js_unicode, para2)
elif vuln_info[3] == "unAuth" and vuln_info[4] == 2:
sql = "select * from api_tree where id='%s'" % (
vuln_info[1])
cursor.execute(sql)
api_infos = cursor.fetchall()
for api_info in api_infos:
para2 = para1.insert_paragraph_before("")
UserLogin = api_info[2]
api_path = api_info[1]
run = para2.add_run(
"2." + str(self.creat_num) + " " + str(UserLogin) +
Utils().getMyWord("{r_vuln_unauth_maybe}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(16)
run.font.bold = True
sql = "select path from js_file where id='%s'" % (
vuln_info[2])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para2.add_run(
Utils().getMyWord("{r_api_addr}"))
run2.font.name = "Arial"
run2.font.size = Pt(10)
run2.font.bold = True
run3 = para2.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(10)
run4 = para2.add_run(
"\n" + Utils().getMyWord("{r_api_js}"))
run4.font.name = "Arial"
run4.font.size = Pt(10)
run4.font.bold = True
run5 = para2.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5 = para2.add_run(
"\n" + Utils().getMyWord("{r_api_res}"))
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5.font.bold = True
self.creat_num = self.creat_num + 1
vuln_info_js_unicode = json.dumps(
json.loads(vuln_info[6]),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info_js_unicode, para2)
elif vuln_info[3] == "INFO":
sql = "select * from js_file where id='%s'" % (
vuln_info[2])
cursor.execute(sql)
js_infos = cursor.fetchall()
for js_info in js_infos:
js_name = js_info[1]
js_path = js_info[2]
para2 = para1.insert_paragraph_before("")
run = para2.add_run(
"2." + str(self.creat_num) + " " + str(js_name) +
Utils().getMyWord("{r_vuln_info}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(16)
run.font.bold = True
run2 = para2.add_run(Utils().getMyWord("{r_js_path}"))
run2.font.name = "Arial"
run2.font.size = Pt(10)
run2.font.bold = True
run3 = para2.add_run(js_path)
run3.font.name = "Arial"
run3.font.size = Pt(10)
run4 = para2.add_run("\n" +
Utils().getMyWord("{r_js_des}"))
run4.font.name = "Arial"
run4.font.size = Pt(10)
run4.font.bold = True
run5 = para2.add_run(vuln_info[8])
run5.font.name = "Arial"
run5.font.size = Pt(10)
run6 = para2.add_run(
"\n" + Utils().getMyWord("{r_js_detial}"))
run6.font.name = "Arial"
run6.font.size = Pt(10)
run6.font.bold = True
self.creat_num = self.creat_num + 1
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info[7], para2)
elif vuln_info[3] == "CORS":
sql = "select vaule from info where name='%s'" % ("host")
cursor.execute(sql)
infos = cursor.fetchall()
for info in infos:
api_path = info[0]
para2 = Creat_vuln_detail(
self.projectTag).insert_paragraph_after(para1)
para3 = para2.insert_paragraph_before("")
run5 = para3.add_run("2." + str(self.creat_num) + " " +
str(api_path) +
Utils().getMyWord("{r_vuln_CORS}") +
"\n")
run5.font.name = "Arial"
run5.font.size = Pt(16)
run5.font.bold = True
run6 = para3.add_run("网址:")
run6.font.name = "Arial"
run6.font.size = Pt(10)
run6.font.bold = True
run7 = para3.add_run(api_path)
run7.font.name = "Arial"
run7.font.size = Pt(10)
run8 = para3.add_run("\n" + "{response_head}")
run8.font.name = "Arial"
run8.font.size = Pt(10)
run8.font.bold = True
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info[7], para2)
run9 = para2.add_run("\n" + "{request_head}")
run9.font.name = "Arial"
run9.font.size = Pt(10)
run9.font.bold = True
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info[5], para3)
for vuln_info in vuln_infos:
if vuln_info[3] == "passWord":
sql = "select * from api_tree where id='%s'" % (
vuln_info[1])
cursor.execute(sql)
api_infos = cursor.fetchall()
for api_info in api_infos:
para2 = Creat_vuln_detail(
self.projectTag).insert_paragraph_after(para1)
para3 = para2.insert_paragraph_before("")
UserLogin = api_info[2]
api_path = api_info[1]
run = para3.add_run(
"2." + str(k - self.creat_num1 + 1) + " " +
str(UserLogin) +
Utils().getMyWord("{r_vuln_passWord}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(16)
run.font.bold = True
sql = "select path from js_file where id='%s'" % (
vuln_info[2])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para3.add_run(
Utils().getMyWord("{r_api_addr}"))
run2.font.name = "Arial"
run2.font.size = Pt(10)
run2.font.bold = True
run3 = para3.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(10)
run4 = para3.add_run(
"\n" + Utils().getMyWord("{r_api_js}"))
run4.font.name = "Arial"
run4.font.size = Pt(10)
run4.font.bold = True
run5 = para3.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5 = para3.add_run(
"\n" + Utils().getMyWord("{r_api_res}"))
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5.font.bold = True
self.creat_num1 = self.creat_num1 + 1
vuln_info_js_unicode = json.dumps(
json.loads(vuln_info[6]),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info_js_unicode, para2)
run6 = para2.add_run(
Utils().getMyWord("{request_info}"))
run6.font.name = "Arial"
run6.font.size = Pt(10)
run6.font.bold = True
vuln_info_js_unicode = json.dumps(
json.loads(vuln_info[5]),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info_js_unicode, para3)
# sql = "select vaule from info where name='%s'" % ("url")
# cursor.execute(sql)
# infos = cursor.fetchall()
# for info in infos:
# para2 = para1.insert_paragraph_before("")
# api_path = info[0]
# run = para2.add_run("2." + str(self.creat_num1) + " " + str(api_path) + Utils().getMyWord("{r_vuln_CORS}") + "\n")
# run.font.name = "Arial"
# run.font.size = Pt(16)
# run.font.bold = True
# run2 = para2.add_run("网址:")
# run2.font.name = "Arial"
# run2.font.size = Pt(10)
# run2.font.bold = True
# run3 = para2.add_run(api_path)
# run3.font.name = "Arial"
# run3.font.size = Pt(10)
# run4 = para2.add_run("\n" + "请求头:")
# run4.font.name = "Arial"
# run4.font.size = Pt(10)
# run4.font.bold = True
# self.creat_num1 = self.creat_num1 + 1
# Creat_vuln_detail(self.projectTag).creat_table(document, vuln_info[5], para2)
# para4 = para2.insert_paragraph_before("")
# run5 = para4.add_run("\n" + "响应头:")
# run5.font.name = "Arial"
# run5.font.size = Pt(10)
# run5.font.bold = True
# Creat_vuln_detail(self.projectTag).creat_table(document, vuln_info[7], para4)
elif vuln_info[3] == "BAC":
sql = "select * from api_tree where id='%s'" % (
vuln_info[1])
cursor.execute(sql)
api_infos = cursor.fetchall()
for api_info in api_infos:
para2 = Creat_vuln_detail(
self.projectTag).insert_paragraph_after(para1)
para3 = para2.insert_paragraph_before("")
UserLogin = api_info[2]
api_path = api_info[1]
run = para3.add_run("2." +
str(k - self.creat_num1 + 1) +
" " + str(UserLogin) +
Utils().getMyWord("{r_vuln_bac}") +
"\n")
run.font.name = "Arial"
run.font.size = Pt(16)
run.font.bold = True
sql = "select path from js_file where id='%s'" % (
vuln_info[2])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para3.add_run(
Utils().getMyWord("{r_api_addr}"))
run2.font.name = "Arial"
run2.font.size = Pt(10)
run2.font.bold = True
run3 = para3.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(10)
run4 = para3.add_run(
"\n" + Utils().getMyWord("{r_api_js}"))
run4.font.name = "Arial"
run4.font.size = Pt(10)
run4.font.bold = True
run5 = para3.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5 = para3.add_run(
"\n" + Utils().getMyWord("{request_info}"))
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5.font.bold = True
self.creat_num1 = self.creat_num1 + 1
info1 = "请求内容1: " + vuln_info[5].split("§§§")[
0] + "\n\n" + "请求内容2: " + vuln_info[5].split(
"§§§")[1]
info2 = "响应内容1: " + vuln_info[6].split("§§§")[
0] + "\n\n" + "响应内容2: " + vuln_info[6].split(
"§§§")[1]
Creat_vuln_detail(self.projectTag).creat_table(
document, info2, para2)
run6 = para2.add_run(
"\n" + Utils().getMyWord("{r_api_res}"))
run6.font.name = "Arial"
run6.font.size = Pt(10)
run6.font.bold = True
Creat_vuln_detail(self.projectTag).creat_table(
document, info1, para3)
elif vuln_info[3] == "upLoad":
sql = "select * from api_tree where id='%s'" % (
vuln_info[1])
cursor.execute(sql)
api_infos = cursor.fetchall()
for api_info in api_infos:
para2 = Creat_vuln_detail(
self.projectTag).insert_paragraph_after(para1)
para3 = para2.insert_paragraph_before("")
UserLogin = api_info[2]
api_path = api_info[1]
run = para3.add_run(
"2." + str(k - self.creat_num1 + 1) + " " +
str(UserLogin) +
Utils().getMyWord("{r_vuln_upload}") + "\n")
run.font.name = "Arial"
run.font.size = Pt(16)
run.font.bold = True
sql = "select path from js_file where id='%s'" % (
vuln_info[2])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para3.add_run(
Utils().getMyWord("{r_api_addr}"))
run2.font.name = "Arial"
run2.font.size = Pt(10)
run2.font.bold = True
run3 = para3.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(10)
run4 = para3.add_run(
"\n" + Utils().getMyWord("{r_api_js}"))
run4.font.name = "Arial"
run4.font.size = Pt(10)
run4.font.bold = True
run5 = para3.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5 = para3.add_run(
"\n" + Utils().getMyWord("{request_info}"))
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5.font.bold = True
self.creat_num1 = self.creat_num1 + 1
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info[6], para2)
run6 = para2.add_run(
"\n" + Utils().getMyWord("{r_api_res}"))
run6.font.name = "Arial"
run6.font.size = Pt(10)
run6.font.bold = True
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info[5], para3)
elif vuln_info[3] == "SQL":
para2 = Creat_vuln_detail(
self.projectTag).insert_paragraph_after(para1)
para3 = para2.insert_paragraph_before("")
UserLogin = api_info[2]
api_path = api_info[1]
run = para3.add_run("2." + str(k - self.creat_num1 + 1) +
" " + str(UserLogin) +
Utils().getMyWord("{r_vuln_sql}") +
"\n")
run.font.name = "Arial"
run.font.size = Pt(16)
run.font.bold = True
sql = "select path from js_file where id='%s'" % (
vuln_info[2])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para3.add_run(Utils().getMyWord("{r_api_addr}"))
run2.font.name = "Arial"
run2.font.size = Pt(10)
run2.font.bold = True
run3 = para3.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(10)
run4 = para3.add_run("\n" +
Utils().getMyWord("{r_api_js}"))
run4.font.name = "Arial"
run4.font.size = Pt(10)
run4.font.bold = True
run5 = para3.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5 = para3.add_run(
"\n" + Utils().getMyWord("{request_info}"))
run5.font.name = "Arial"
run5.font.size = Pt(10)
run5.font.bold = True
self.creat_num1 = self.creat_num1 + 1
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info[6], para2)
run6 = para2.add_run("\n" +
Utils().getMyWord("{r_api_res}"))
run6.font.name = "Arial"
run6.font.size = Pt(10)
run6.font.bold = True
Creat_vuln_detail(self.projectTag).creat_table(
document, vuln_info[5], para3)
self.log.debug("vuln_detail模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)