예제 #1
0
def systeminfo(request):
    from spidertool import sniffertask, zmaptool, portscantask, Sqldatatask
    from spidertool.detection.fluzzdetect import fuzztask
    #    from spidertool.detection.vuldect import pocsearchtask
    resultdata = {}
    # TaskTool中定义的对象信息
    resultdata['nmapfont'] = taskcontrol.getObject().get_length(
    )  # threadtool.getqueue_size()
    resultdata['nmapfont_running'] = taskcontrol.getObject(
    ).get_current_task_num()  #get_running_size()

    resultdata['nmapback'] = sniffertask.getObject().get_length()  #
    resultdata['nmapback_running'] = sniffertask.getObject(
    ).get_current_task_num()

    resultdata['portacsn'] = portscantask.getObject().get_length()
    resultdata['portacsn_running'] = portscantask.getObject(
    ).get_current_task_num()

    resultdata['fuzz'] = fuzztask.getObject().get_length()
    resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num()

    #    resultdata['pocdect'] = pocsearchtask.getObject().get_length()
    #    resultdata['pocdect_running']=pocsearchtask.getObject().get_current_task_num()

    resultdata['sqltask'] = Sqldatatask.getObject().get_length()
    resultdata['sqltask_running'] = Sqldatatask.getObject(
    ).get_current_task_num()

    return HttpResponse(json.dumps(resultdata,
                                   skipkeys=True,
                                   default=webtool.object2dict),
                        content_type="application/json")
예제 #2
0
def systeminfo(request):
    from spidertool import sniffertask, zmaptool, portscantask, Sqldatatask
    from spidertool.template_identify.fluzzdetect import fuzztask
    from spidertool.template_identify.poc_file import pocsearchtask
    resultdata = {}
    resultdata['nmapfont'] = taskcontrol.getObject().get_length()
    resultdata['nmapfont_running'] = taskcontrol.getObject(
    ).get_current_task_num()
    resultdata['nmapback'] = sniffertask.getObject().get_length()
    resultdata['nmapback_running'] = sniffertask.getObject(
    ).get_current_task_num()
    resultdata['portacsn'] = portscantask.getObject().get_length()
    resultdata['portacsn_running'] = portscantask.getObject(
    ).get_current_task_num()
    resultdata['fuzz'] = fuzztask.getObject().get_length()
    resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num()
    resultdata['pocdect'] = pocsearchtask.getObject().get_length()
    resultdata['pocdect_running'] = pocsearchtask.getObject(
    ).get_current_task_num()
    resultdata['sqltask'] = Sqldatatask.getObject().get_length()
    resultdata['sqltask_running'] = Sqldatatask.getObject(
    ).get_current_task_num()
    return HttpResponse(json.dumps(resultdata,
                                   skipkeys=True,
                                   default=webtool.object2dict),
                        content_type="application/json")
예제 #3
0
    def __init__(self, islocalwork=config.Config.islocalwork):
        '''
        Constructor
        '''
        try:
            self.nma = nmap.PortScanner(
            )  # instantiate nmap.PortScanner object

            self.params = '-A   -Pn  -sC  -R -v  -O '


#             self.params='-sV -T4 -O '                    #快捷扫描加强版
#             self.params='-sS -sU -T4 -A -v'                                            #深入扫描
        except nmap.PortScannerError:
            print('Nmap not found', sys.exc_info()[0])

        except:
            print('Unexpected error:', sys.exc_info()[0])
        self.uploadwork = uploadtask.getObject()
        self.config = config.Config
        self.webconfig = webconfig.WebConfig
        self.sqlTool = Sqldatatask.getObject()
        self.islocalwork = islocalwork
        self.portscan = portscantask.getObject()
        import spidertool.getLocationTool as getLocationTool
        self.getlocationtool = getLocationTool.getObject()
예제 #4
0
def upload_ip_info(request):
    sqldatawork = []
    func = request.POST.get('func', '')
    dic = request.POST.get('dic', '{}')
    nowdic = eval(dic)  #存在安全隐患, 改用json库
    tempwprk = Sqldata.SqlData(
        func, nowdic)  #赋值给Sqldata类, 后期通过getXXX获取, 在Sqldatatask.py中
    sqldatawork.append(tempwprk)
    sqlTool = Sqldatatask.getObject()
    sqlTool.add_work(sqldatawork)
    works = request.POST.get('workdetail', [])
    print "nmaproute::upload_ip_info():", works
    temphosts = request.POST.get('ip', '')
    tempvendor = request.POST.get('vendor', '')
    temposfamily = request.POST.get('osfamily', '')
    temposgen = request.POST.get('osgen', '')
    tempaccuracy = request.POST.get('accuracy', '')
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    temphostname = request.POST.get('hostname', '')
    tempstate = request.POST.get('state', '')
    ipcontrol.ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
                             tempaccuracy, localtime, temphostname, tempstate)

    data = {}
    data['result'] = '1'
    return HttpResponse(json.dumps(data,
                                   skipkeys=True,
                                   default=webtool.object2dict),
                        content_type="application/json")
예제 #5
0
def storedata(ip='', port='', hackinfo=None):

    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []
    #     if islocalwork==0:
    #         work=[]
    #         dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
    #         tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic}
    #         jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata)
    #         work.append(jsondata)
    #         self.uploadwork.add_work(work)

    #     else:

    hackinfo = SQLTool.escapewordby(str(hackinfo))
    extra = ' on duplicate key update  disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, hackinfo, str(port)))

    sqldatawprk = []
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'disclosure', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)
    print 'fuzz 数据存储'
    pass
예제 #6
0
def storedata(ip='',port='',hackinfo=None):
    sqlTool=Sqldatatask.getObject()
    localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata=[]
#     if islocalwork==0:
#         work=[]
#         dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
#         tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic}
#         jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata)
#         work.append(jsondata)
#         self.uploadwork.add_work(work)
                    
#     else:

    hackinfo=SQLTool.escapewordby(str(hackinfo))
    extra=' on duplicate key update  hackinfo=\''+hackinfo+'\' , timesearch=\''+localtime+'\''
             
    insertdata.append((str(ip),port,hackinfo,str(port)))
 
 
    sqldatawprk=[]
    dic={"table":config.Config.porttable,"select_params":['ip','port','hackinfo','portnumber'],"insert_values":insertdata,"extra":extra}
                
    tempwprk=Sqldata.SqlData('inserttableinfo_byparams',dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)   
    pass
예제 #7
0
def storedata(ip='',port='',hackinfo=None):

    sqlTool=Sqldatatask.getObject()
    localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata=[]
     
    hackinfo=SQLTool.escapewordby(str(hackinfo))
    extra=' on duplicate key update  disclosure=\''+hackinfo+'\' , timesearch=\''+localtime+'\''
              
    insertdata.append((str(ip),port,hackinfo,str(port)))
    dic={"table":config.Config.porttable,"select_params":['ip','port','disclosure','portnumber'],"insert_values":insertdata,"extra":extra}

    if islocalwork==0:
        work=[]
        tempdata={"func":'inserttableinfo_byparams',"dic":dic}
        jsondata=uploaditem.UploadData(url=webconfig.WebConfig.upload_ip_info,way='POST',params=tempdata)
        work.append(jsondata)
        temp=uploadtask.getObject()
        temp.add_work(work)

                      
    else:

  
  
        sqldatawprk=[]
                 
        tempwprk=Sqldata.SqlData(func='inserttableinfo_byparams',dic)
        sqldatawprk.append(tempwprk)
        sqlTool.add_work(sqldatawprk)   
        print 'fuzz 数据存储'
        pass
예제 #8
0
def systeminfo(request):
    from spidertool import sniffertask, zmaptool,portscantask,Sqldatatask
    from spidertool.detection.fluzzdetect import fuzztask
    from spidertool.detection.vuldect import pocsearchtask
    resultdata={}
    resultdata['nmapfont']=taskcontrol.getObject().get_length()
    resultdata['nmapfont_running'] = taskcontrol.getObject().get_current_task_num()
    resultdata['nmapback']=sniffertask.getObject().get_length()
    resultdata['nmapback_running'] = sniffertask.getObject().get_current_task_num()
    resultdata['portacsn']=portscantask.getObject().get_length()
    resultdata['portacsn_running'] = portscantask.getObject().get_current_task_num()
    resultdata['fuzz']=fuzztask.getObject().get_length()
    resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num()
    resultdata['pocdect'] = pocsearchtask.getObject().get_length()
    resultdata['pocdect_running']=pocsearchtask.getObject().get_current_task_num()
    resultdata['sqltask'] = Sqldatatask.getObject().get_length()
    resultdata['sqltask_running']=Sqldatatask.getObject().get_current_task_num()
    return HttpResponse(json.dumps(resultdata,skipkeys=True,default=webtool.object2dict), content_type="application/json")
예제 #9
0
def ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
                   tempaccuracy, localtime, temphostname, tempstate):
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    sqlTool = Sqldatatask.getObject()
    #     sqldatawprk=[]
    #     dic={"table":self.config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
    #     tempwprk=Sqldata.SqlData('replaceinserttableinfo_byparams',dic)
    #     sqldatawprk.append(tempwprk)
    #     sqlTool.add_work(sqldatawprk)
    pass
예제 #10
0
def ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate):
    localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
    sqlTool=Sqldatatask.getObject()
#     sqldatawprk=[]
#     dic={"table":self.config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
#     tempwprk=Sqldata.SqlData('replaceinserttableinfo_byparams',dic)
#     sqldatawprk.append(tempwprk)
#     sqlTool.add_work(sqldatawprk)
    pass 
    
    
예제 #11
0
def upload_port_info(request):
    sqldatawprk=[]
    func=request.POST.get('func','')
    dic=request.POST.get('dic','{}')
    nowdic=eval(dic)
    tempwprk=Sqldata.SqlData(func,nowdic)
    sqldatawprk.append(tempwprk)
    sqlTool=Sqldatatask.getObject()
    sqlTool.add_work(sqldatawprk)

    data={}
    data['result']='1'
    return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")   
예제 #12
0
def upload_port_info(request):
    sqldatawprk=[]
    func=request.POST.get('func','')
    dic=request.POST.get('dic','{}')
    nowdic=eval(dic)
    tempwprk=Sqldata.SqlData(func,nowdic)
    sqldatawprk.append(tempwprk)
    sqlTool=Sqldatatask.getObject()
    sqlTool.add_work(sqldatawprk)

    data={}
    data['result']='1'
    return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")   
예제 #13
0
def upload_ip_info(request):
    sqldatawprk=[]
    func=request.POST.get('func','')
    dic=request.POST.get('dic','{}')
    nowdic=eval(dic)#存在安全隐患, 改用json库
    tempwprk=Sqldata.SqlData(func,nowdic)
    sqldatawprk.append(tempwprk)
    sqlTool=Sqldatatask.getObject()
    sqlTool.add_work(sqldatawprk)
#     works=request.POST.get('workdetail',[])
#     print works
#     tempvendor=request.POST.get('vendor','')
#     temposfamily=request.POST.get('osfamily','')
#     temposgen=request.POST.get('osgen','')
#     tempaccuracy=request.POST.get('accuracy','')
#     temphostname=request.POST.get('hostname','')
#     tempstate=request.POST.get('state','')
#     ipcontrol.ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)
    data={}
    data['result']='1'
    return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")   
예제 #14
0
def upload_ip_info(request):
    sqldatawprk=[]
    func=request.POST.get('func','')
    dic=request.POST.get('dic','{}')
    nowdic=eval(dic)#存在安全隐患, 改用json库
    tempwprk=Sqldata.SqlData(func,nowdic)
    sqldatawprk.append(tempwprk)
    sqlTool=Sqldatatask.getObject()
    sqlTool.add_work(sqldatawprk)
#     works=request.POST.get('workdetail',[])
#     print works
#     tempvendor=request.POST.get('vendor','')
#     temposfamily=request.POST.get('osfamily','')
#     temposgen=request.POST.get('osgen','')
#     tempaccuracy=request.POST.get('accuracy','')
#     temphostname=request.POST.get('hostname','')
#     tempstate=request.POST.get('state','')
#     ipcontrol.ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)
    data={}
    data['result']='1'
    return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")   
예제 #15
0
def storedata(ip='', port='', hackresults=None):
    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []
    hackresults = SQLTool.escapewordby(str(hackresults))
    extra = ' on duplicate key update hackresults=\'' + hackresults + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, hackresults, str(port)))

    sqldatawprk = []
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'hackresults', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)
    pass
예제 #16
0
def storedata(ip='', port='', hackinfo=None):

    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []

    hackinfo = SQLTool.escapewordby(str(hackinfo))
    extra = ' on duplicate key update  disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, hackinfo, str(port)))
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'disclosure', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    if islocalwork == 0:
        work = []
        tempdata = {"func": 'inserttableinfo_byparams', "dic": dic}
        jsondata = uploaditem.UploadData(
            url=webconfig.WebConfig.upload_ip_info,
            way='POST',
            params=tempdata)
        work.append(jsondata)
        temp = uploadtask.getObject()
        temp.add_work(work)

    else:

        sqldatawprk = []

        tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
        sqldatawprk.append(tempwprk)
        sqlTool.add_work(sqldatawprk)
        print 'fuzz 数据存储'
        pass
예제 #17
0
def storedata(ip='', port='', disclosures=None):
    sqlTool = Sqldatatask.getObject()
    localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
    insertdata = []
    # {'223.223.187.90:8080': [{'status': 200, 'url': '223.223.187.90:8080/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/file/Placard/upload/Imo_DownLoadUI.php?cid=1&uid=1&type=1&filename=/../../../../etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/wp-config.php~'}, {'status': 200, 'url': '223.223.187.90:8080/'}]}
    # 现在是依次遍历list集合拼接,是否可以直接返回list集合,像hackresults一样
    disclosure = ''
    # for ip_port in disclosures:
    # 	disinfo_list = disclosures[ip_port]
    # for disinfo in disinfo_list:
    #     disclosure += str(disinfo) + '\\n '
    #	    disinfo_list.remove(disinfo)

    #    print "fuzzey detect callbackfuzz: ", type(disclosures), str(disclosures)   # a dict
    disclosure = SQLTool.escapewordby(str(disclosures))
    extra = ' on duplicate key update  disclosure=\'' + disclosure + '\' , timesearch=\'' + localtime + '\''

    insertdata.append((str(ip), port, disclosure, str(port)))

    sqldatawprk = []
    dic = {
        "table": config.Config.porttable,
        "select_params": ['ip', 'port', 'disclosure', 'portnumber'],
        "insert_values": insertdata,
        "extra": extra
    }

    tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
    sqldatawprk.append(tempwprk)
    sqlTool.add_work(sqldatawprk)

    from ..vuldect import pocsearchtask
    temp = pocsearchtask.getObject()
    # head,context,ip,port,productname,keywords,nmapscript,protocol
    temp.add_work([(None, None, ip, port, None, None, disclosures, None)])
    pass