예제 #1
0
def config_view():
    '''显示配置页面
    '''
    if request.method == 'GET':
        return render_template('config.html')

    config_data = load_config()
    
    return jsonify(config_data)
예제 #2
0
def config_save_whatweb_view():
    '''保存whatweb设置
    '''
    whatweb_config = {'bin': request.form.get('whatweb_bin')}

    config_jsondata = load_config()
    config_jsondata.update(whatweb=whatweb_config)

    save_config(config_jsondata)
    return jsonify({'status': 'success'})
예제 #3
0
def config_save_nmap_view():
    '''保存NMAP设置
    '''
    nmap_config = {'nmap_bin': request.form.get('nmap_bin'), 'masscan_bin': request.form.get('masscan_bin'),'port': request.form.get('nmap_port'),
                   'tech': request.form.get('nmap_tech'), 'rate': request.form.get('nmap_rate'), 
                   'ping': _str2bool(request.form.get('nmap_ping'))}

    config_jsondata = load_config()
    config_jsondata.update(nmap=nmap_config)

    save_config(config_jsondata)
    return jsonify({'status': 'success'})
예제 #4
0
    def __init__(self):
        super().__init__()

        # 任务名称
        self.task_name = 'whatweb'
        # 任务描述
        self.task_description = '调用whatweb获取CMS指纹'
        # 参数
        self.source = 'whatweb'
        self.result_attr_keys = ('whatweb', 'title', 'server')
        self.threads = 5
        self.whatweb_threads = 5
        # 默认的参数
        config_jsondata = load_config()
        self.whatweb_bin = config_jsondata['whatweb']['bin']
예제 #5
0
파일: masscan.py 프로젝트: 5l1v3r1/nemo-3
    def __init__(self):
        super().__init__()

        # 任务名称
        self.task_name = 'masscan'
        # 任务描述
        self.task_description = '调用masscan进行端口扫描'
        # 参数
        self.org_id = None
        self.source = 'portscan'
        # 默认的参数
        self.target = []
        config_datajson = load_config()
        self.port = config_datajson['nmap']['port']
        self.rate = config_datajson['nmap']['rate']
        self.masscan_bin = config_datajson['nmap']['masscan_bin']
예제 #6
0
    def __get_top_ports_by_nmap(self, top_number):
        '''调用nmap获得--top-ports的定义
        '''
        config_datajson = load_config()
        with NamedTemporaryFile('w+t') as f:
            nmap_bin = [config_datajson['nmap']['nmap_bin'], '-v', '-oG', f.name,
                        '--top-ports', str(top_number)]
            # 调用nmap
            child = subprocess.Popen(nmap_bin, stdout=subprocess.PIPE)
            child.wait()
            # 读取结果
            p_re = r'TCP\(' + str(top_number) + r';(.+?)\)'
            m = re.findall(p_re, ''.join(f.read()))
            if m:
                return m[0]

        # top 100 port:
        return '7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157'
예제 #7
0
파일: nmap.py 프로젝트: 5l1v3r1/nemo-3
    def __init__(self):
        super().__init__()

        # 任务名称
        self.task_name = 'nmap'
        # 任务描述
        self.task_description = '调用nmap进行端口扫描'
        # 参数
        self.org_id = None
        self.source = 'portscan'
        self.result_attr_keys = ('service', 'banner')
        # 默认的参数
        self.target = []
        config_datajson = load_config()
        self.port = config_datajson['nmap']['port']
        self.rate = config_datajson['nmap']['rate']
        self.tech = config_datajson['nmap']['tech']
        self.ping = config_datajson['nmap']['ping']
        self.nmap_bin = config_datajson['nmap']['nmap_bin']
예제 #8
0
    def __init__(self):
        super().__init__()

        # 任务名称
        self.task_name = 'ipportbase'
        # 任务描述
        self.task_description = '端口扫描'
        # 参数
        self.source = 'ipportbase'
        self.result_attr_keys = ('service', 'banner')
        # 默认的参数
        config_datajson = load_config()
        self.port = config_datajson['nmap']['port']
        self.rate = config_datajson['nmap']['rate']
        self.tech = config_datajson['nmap']['tech']
        self.ping = config_datajson['nmap']['ping']
        self.nmap_bin = config_datajson['nmap']['nmap_bin']
        self.masscan_bin = config_datajson['nmap']['masscan_bin']
        self.exclude = None
예제 #9
0
    def __init__(self):
        super().__init__()

        # 任务名称
        self.task_name = 'whatweb'
        # 任务描述
        self.task_description = '调用whatweb获取CMS指纹'
        # 参数
        self.org_id = None
        self.source = 'whatweb'
        self.result_attr_keys = ('whatweb', 'title', 'server')
        self.threads = 5
        self.whatweb_threads = 5
        # 默认的参数
        self.target = []
        config_jsondata = load_config()
        self.whatweb_bin = config_jsondata['whatweb']['bin']
        # 设置port黑名单,避免无意义的浪费时间和资源
        # 根据使用的结果统计的top-ports (包括custome)
        # 7,9,13,17,19,21,22,23,25,53,79,80,81,85,88,100,106,110,111,113,119,143,144,179,199,389,427,
        # 443,444,514,515,543,554,631,636,646,880,902,990,993,1000,1010,1025,1026,1027,1028,1029,1030,1054,1055,1080,
        # 1111,1296,1322,1433,1556,1688,1723,1801,1900,1935,1947,2000,2001,2020,2049,2103,2105,2107,2121,2179,2200,2222,
        # 2383,2869,3000,3128,3300,3301,3306,3476,4001,4242,5000,5003,5051,5060,5357,5432,5555,5800,5900,5989,
        # 6000,6001,6006,6379,6543,6565,6667,6668,7000,7001,7002,7070,7443,7777,7778,7921,
        # 8000,8008,8009,8010,8031,8042,8080,8081,8083,8084,8085,8086,8087,8088,8099,8100,8181,8291,8300,8443,8800,8888,
        # 9001,9009,9010,9081,9090,9100,9878,9999,10000,10001,10002,10003,10004,10009,10012,10022,11111,11433,11521,12345,
        # 13306,13307,13314,13315,13389,13782,14000,15432,15900,15901,16379,17001,17002,17003,17004,17005,17006,17007,17008,17009,17010,
        # 18080,18081,18082,18083,18084,18085,18086,18087,18088,18089,19000,19001,19002,19003,19007,19008,19009,
        # 19100,19101,19102,19103,19104,19108,19200,19207,19315,20000,20020,20021,20162,37017,37021,37024,
        # 49152,49153,49154,49155,49156,49157,49158,49159,49160,49161,49163,49165,49167,49175,49176,50000,50500
        self.black_port = [
            '7', '9', '13', '17', '19', '21', '22', '23', '25', '26', '37',
            '53', '100', '106', '110', '111', '113', '119', '135', '138',
            '139', '143', '144', '145', '161', '179', '199', '389', '427',
            '444', '445', '514', '515', '543', '554', '631', '636', '646',
            '880', '902', '990', '993', '1433', '1521', '3306', '5432', '3389',
            '5900', '5901', '5902', '49152', '49153', '49154', '49155',
            '49156', '49157', '49158', '49159', '49160', '49161', '49163',
            '49165', '49167', '49175', '49176', '13306', '11521', '15432',
            '11433', '13389', '15900', '15901'
        ]
예제 #10
0
def task_start_portscan_view():
    '''启动IP端口扫描任务
    '''
    taskapi = TaskAPI()
    config_datajson = load_config()
    try:
        # 获取参数
        target = request.form.get('target', default='')
        portscan = request.form.get('portscan')
        port = request.form.get(
            'port', default=config_datajson['nmap']['port'])
        org_id = request.form.get('org_id', type=int, default=None)
        rate = request.form.get(
            'rate', type=int, default=config_datajson['nmap']['rate'])
        nmap_tech = request.form.get(
            'nmap_tech', type=str, default=config_datajson['nmap']['tech'])
        iplocation = request.form.get('iplocation')
        ping = request.form.get('ping')
        whatweb = request.form.get('whatweb')
        fofasearch = request.form.get('fofasearch')
        shodansearch = request.form.get('shodansearch')
        subtask = request.form.get('subtask')
        portscan_bin = request.form.get('bin')
        httpx = request.form.get('httpx')
        exclude = request.form.get('exclude')

        if not target:
            return jsonify({'status': 'fail', 'msg': 'no target or port'})
        result = {'status': 'success', 'result': {'task-id': 0}}
        # 格式化tatget
        target = list(set([x.strip() for x in target.split('\n')]))
        # 子任务模式,将每一个目标拆按行成分成多个目标分别启动
        if _str2bool(subtask):
            task_target = [[x] for x in target]
        else:
            task_target = [target]
        for t in task_target:
            # 任务选项options
            options = {'target': t, 'port': port, 'bin': portscan_bin,
                       'org_id': org_id, 'rate': rate, 'ping': _str2bool(ping), 'tech': nmap_tech,
                       'iplocation': _str2bool(iplocation), 'exclude': exclude,
                       'whatweb': _str2bool(whatweb), 'httpx': _str2bool(httpx),
                       }
            # 启动portscan任务
            if _str2bool(portscan):
                result = taskapi.start_task(
                    'portscan', kwargs={'options': deepcopy(options)})
            # IP归属地:如果有portscan任务,则在portscan启动,否则单独启动任务
            if _str2bool(iplocation) and not _str2bool(portscan):
                result = taskapi.start_task(
                    'iplocation', kwargs={'options': deepcopy(options)})
            # 启动FOFA搜索任务
            if _str2bool(fofasearch):
                result = taskapi.start_task(
                    'fofasearch', kwargs={'options': deepcopy(options)})
            # 启动Shodan搜索任务
            if _str2bool(shodansearch):
                result = taskapi.start_task('shodansearch', kwargs={
                    'options': deepcopy(options)})

        return jsonify(result)
    except Exception as e:
        logger.error(traceback.format_exc())
        print(e)
        return jsonify({'status': 'fail', 'msg': str(e)})