def storedata(ip='', port='', hackinfo=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
# if islocalwork==0:
# work=[]
# dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
# tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic}
# jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata)
# work.append(jsondata)
# self.uploadwork.add_work(work)
# else:
hackinfo = SQLTool.escapewordby(str(hackinfo))
extra = ' on duplicate key update disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, hackinfo, str(port)))
sqldatawprk = []
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'disclosure', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
print 'fuzz 数据存储'
pass
def upload_ip_info(request):
sqldatawork = []
func = request.POST.get('func', '')
dic = request.POST.get('dic', '{}')
nowdic = eval(dic) #存在安全隐患, 改用json库
tempwprk = Sqldata.SqlData(
func, nowdic) #赋值给Sqldata类, 后期通过getXXX获取, 在Sqldatatask.py中
sqldatawork.append(tempwprk)
sqlTool = Sqldatatask.getObject()
sqlTool.add_work(sqldatawork)
works = request.POST.get('workdetail', [])
print "nmaproute::upload_ip_info():", works
temphosts = request.POST.get('ip', '')
tempvendor = request.POST.get('vendor', '')
temposfamily = request.POST.get('osfamily', '')
temposgen = request.POST.get('osgen', '')
tempaccuracy = request.POST.get('accuracy', '')
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
temphostname = request.POST.get('hostname', '')
tempstate = request.POST.get('state', '')
ipcontrol.ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
tempaccuracy, localtime, temphostname, tempstate)
data = {}
data['result'] = '1'
return HttpResponse(json.dumps(data,
skipkeys=True,
default=webtool.object2dict),
content_type="application/json")
def upload_port_info(request):
sqldatawprk=[]
func=request.POST.get('func','')
dic=request.POST.get('dic','{}')
nowdic=eval(dic)
tempwprk=Sqldata.SqlData(func,nowdic)
sqldatawprk.append(tempwprk)
sqlTool=Sqldatatask.getObject()
sqlTool.add_work(sqldatawprk)
data={}
data['result']='1'
return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
tempaccuracy, localtime, temphostname, tempstate):
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
sqlTool = Sqldatatask.getObject()
sqldatawprk = []
dic = {
"table":
localconfig.iptable,
"select_params": [
'ip', 'vendor', 'osfamily', 'osgen', 'accurate', 'updatetime',
'hostname', 'state'
],
"insert_values": [(temphosts, tempvendor, temposfamily, temposgen,
tempaccuracy, localtime, temphostname, tempstate)]
}
tempwprk = Sqldata.SqlData('replaceinserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
pass
def upload_ip_info(request):
sqldatawprk=[]
func=request.POST.get('func','')
dic=request.POST.get('dic','{}')
nowdic=eval(dic)#存在安全隐患, 改用json库
tempwprk=Sqldata.SqlData(func,nowdic)
sqldatawprk.append(tempwprk)
sqlTool=Sqldatatask.getObject()
sqlTool.add_work(sqldatawprk)
# works=request.POST.get('workdetail',[])
# print works
# tempvendor=request.POST.get('vendor','')
# temposfamily=request.POST.get('osfamily','')
# temposgen=request.POST.get('osgen','')
# tempaccuracy=request.POST.get('accuracy','')
# temphostname=request.POST.get('hostname','')
# tempstate=request.POST.get('state','')
# ipcontrol.ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)
data={}
data['result']='1'
return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def storedata(ip='', port='', hackresults=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
hackresults = SQLTool.escapewordby(str(hackresults))
extra = ' on duplicate key update hackresults=\'' + hackresults + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, hackresults, str(port)))
sqldatawprk = []
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'hackresults', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
pass
def storedata(ip='', port='', hackinfo=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
hackinfo = SQLTool.escapewordby(str(hackinfo))
extra = ' on duplicate key update disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, hackinfo, str(port)))
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'disclosure', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
if islocalwork == 0:
work = []
tempdata = {"func": 'inserttableinfo_byparams', "dic": dic}
jsondata = uploaditem.UploadData(
url=webconfig.WebConfig.upload_ip_info,
way='POST',
params=tempdata)
work.append(jsondata)
temp = uploadtask.getObject()
temp.add_work(work)
else:
sqldatawprk = []
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
print 'fuzz 数据存储'
pass
def storedata(ip='', port='', disclosures=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
# {'223.223.187.90:8080': [{'status': 200, 'url': '223.223.187.90:8080/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/file/Placard/upload/Imo_DownLoadUI.php?cid=1&uid=1&type=1&filename=/../../../../etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/wp-config.php~'}, {'status': 200, 'url': '223.223.187.90:8080/'}]}
# 现在是依次遍历list集合拼接,是否可以直接返回list集合,像hackresults一样
disclosure = ''
# for ip_port in disclosures:
# disinfo_list = disclosures[ip_port]
# for disinfo in disinfo_list:
# disclosure += str(disinfo) + '\\n '
# disinfo_list.remove(disinfo)
# print "fuzzey detect callbackfuzz: ", type(disclosures), str(disclosures) # a dict
disclosure = SQLTool.escapewordby(str(disclosures))
extra = ' on duplicate key update disclosure=\'' + disclosure + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, disclosure, str(port)))
sqldatawprk = []
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'disclosure', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
from ..vuldect import pocsearchtask
temp = pocsearchtask.getObject()
# head,context,ip,port,productname,keywords,nmapscript,protocol
temp.add_work([(None, None, ip, port, None, None, disclosures, None)])
pass
def callback_result(self, scan_result):
print '——————'
tmp = scan_result
for i in tmp['scan'].keys():
host = i
result = ''
try:
temphosts = str(host)
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
self.getlocationtool.add_work([temphosts]) #查询ip地址
try:
tempvendor = 'null'
temposfamily = 'null'
temposgen = 'null'
tempaccuracy = 'null'
if len(tmp['scan'][host]['osmatch']) > 0 and len(
tmp['scan'][host]['osmatch'][0]['osclass']) > 0:
tempvendor = str(
tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
'vendor', 'null'))
temposfamily = str(
tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
'osfamily', 'null'))
temposgen = str(
tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
'osgen', 'null'))
tempaccuracy = str(
tmp['scan'][host]['osmatch'][0]['osclass'][0].get(
'accuracy', 'null'))
temphostname = ''
for i in tmp['scan'][host]['hostnames']:
temphostname += str(i.get('name', 'null')) + ' '
tempstate = str(tmp['scan'][host]['status'].get(
'state', 'null'))
if self.islocalwork == 0:
work = []
dic = {
"table":
self.config.iptable,
"select_params": [
'ip', 'vendor', 'osfamily', 'osgen',
'accurate', 'updatetime', 'hostname', 'state'
],
"insert_values":
[(temphosts, tempvendor, temposfamily, temposgen,
tempaccuracy, localtime, temphostname, tempstate)
]
}
tempdata = {
"func": 'replaceinserttableinfo_byparams',
"dic": dic
}
jsondata = uploaditem.UploadData(
url=self.webconfig.upload_ip_info,
way='POST',
params=tempdata)
work.append(jsondata)
self.uploadwork.add_work(work)
else:
sqldatawprk = []
dic = {
"table":
self.config.iptable,
"select_params": [
'ip', 'vendor', 'osfamily', 'osgen',
'accurate', 'updatetime', 'hostname', 'state'
],
"insert_values":
[(temphosts, tempvendor, temposfamily, temposgen,
tempaccuracy, localtime, temphostname, tempstate)
]
}
tempwprk = Sqldata.SqlData(
'replaceinserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
self.sqlTool.add_work(sqldatawprk)
except Exception, e:
print 'nmap system error' + str(e)
if 'tcp' in tmp['scan'][host].keys():
ports = tmp['scan'][host]['tcp'].keys()
for port in ports:
# portinfo = " port : %s name:%s state : %s product : %s version :%s script:%s \n" %(port,tmp['scan'][host]['tcp'][port].get('name',''),tmp['scan'][host]['tcp'][port].get('state',''), tmp['scan'][host]['tcp'][port].get('product',''),tmp['scan'][host]['tcp'][port].get('version',''),tmp['scan'][host]['tcp'][port].get('script',''))
tempport = str(port)
tempportname = str(tmp['scan'][host]['tcp'][port].get(
'name', ''))
tempportstate = str(tmp['scan'][host]['tcp'][port].get(
'state', ''))
tempproduct = str(tmp['scan'][host]['tcp'][port].get(
'product', ''))
tempportversion = str(
tmp['scan'][host]['tcp'][port].get('version', ''))
tempscript = str(tmp['scan'][host]['tcp'][port].get(
'script', ''))
# self.sqlTool.replaceinserttableinfo_byparams(table=self.config.porttable,select_params= ['ip','port','timesearch','state','name','product','version','script'],insert_values= [(temphosts,tempport,localtime,tempportstate,tempportname,tempproduct,tempportversion,tempscript)])
if self.islocalwork == 0:
work = []
dic = {
"table":
self.config.porttable,
"select_params": [
'ip', 'port', 'timesearch', 'state',
'name', 'product', 'version', 'script',
'portnumber'
],
"insert_values":
[(temphosts, tempport, localtime,
tempportstate, tempportname, tempproduct,
tempportversion, tempscript, str(tempport))]
}
tempdata = {
"func": 'replaceinserttableinfo_byparams',
"dic": dic
}
jsondata = uploaditem.UploadData(
url=self.webconfig.upload_port_info,
way='POST',
params=tempdata)
work.append(jsondata)
self.uploadwork.add_work(work)
else:
sqldatawprk = []
dic = {
"table":
self.config.porttable,
"select_params": [
'ip', 'port', 'timesearch', 'state',
'name', 'product', 'version', 'script',
'portnumber'
],
"insert_values":
[(temphosts, tempport, localtime,
tempportstate, tempportname, tempproduct,
tempportversion, tempscript, str(tempport))]
}
tempwprk = Sqldata.SqlData(
'replaceinserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
self.sqlTool.add_work(sqldatawprk)
self.portscan.add_work([
(tempportname, temphosts, tempport,
tempportstate, tempproduct, tempscript)
])
elif 'udp' in tmp['scan'][host].keys():
ports = tmp['scan'][host]['udp'].keys()
for port in ports:
# portinfo = " port : %s name:%s state : %s product : %s version :%s script:%s \n" %(port,tmp['scan'][host]['udp'][port].get('name',''),tmp['scan'][host]['udp'][port].get('state',''), tmp['scan'][host]['udp'][port].get('product',''),tmp['scan'][host]['udp'][port].get('version',''),tmp['scan'][host]['udp'][port].get('script',''))
# result = result + portinfo
tempport = str(port)
tempportname = str(tmp['scan'][host]['udp'][port].get(
'name', ''))
tempportstate = str(tmp['scan'][host]['udp'][port].get(
'state', ''))
tempproduct = str(tmp['scan'][host]['udp'][port].get(
'product', ''))
tempportversion = str(
tmp['scan'][host]['udp'][port].get('version', ''))
tempscript = str(tmp['scan'][host]['udp'][port].get(
'script', ''))
# self.sqlTool.replaceinserttableinfo_byparams(table=self.config.porttable,select_params= ['ip','port','timesearch','state','name','product','version','script'],insert_values= [(temphosts,tempport,localtime,tempportstate,tempportname,tempproduct,tempportversion,tempscript)])
if self.islocalwork == 0:
work = []
dic = {
"table":
self.config.porttable,
"select_params": [
'ip', 'port', 'timesearch', 'state',
'name', 'product', 'version', 'script',
'portnumber'
],
"insert_values":
[(temphosts, tempport, localtime,
tempportstate, tempportname, tempproduct,
tempportversion, tempscript, str(tempport))]
}
tempdata = {
"func": 'replaceinserttableinfo_byparams',
"dic": dic
}
jsondata = uploaditem.UploadData(
url=self.webconfig.upload_port_info,
way='POST',
params=tempdata)
work.append(jsondata)
self.uploadwork.add_work(work)
else:
sqldatawprk = []
dic = {
"table":
self.config.porttable,
"select_params": [
'ip', 'port', 'timesearch', 'state',
'name', 'product', 'version', 'script',
'portnumber'
],
"insert_values":
[(temphosts, tempport, localtime,
tempportstate, tempportname, tempproduct,
tempportversion, tempscript, str(tempport))]
}
tempwprk = Sqldata.SqlData(
'replaceinserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
self.sqlTool.add_work(sqldatawprk)
except Exception, e:
print 'nmap error' + str(e)