def systeminfo(request):
from spidertool import sniffertask, zmaptool, portscantask, Sqldatatask
from spidertool.detection.fluzzdetect import fuzztask
# from spidertool.detection.vuldect import pocsearchtask
resultdata = {}
# TaskTool中定义的对象信息
resultdata['nmapfont'] = taskcontrol.getObject().get_length(
) # threadtool.getqueue_size()
resultdata['nmapfont_running'] = taskcontrol.getObject(
).get_current_task_num() #get_running_size()
resultdata['nmapback'] = sniffertask.getObject().get_length() #
resultdata['nmapback_running'] = sniffertask.getObject(
).get_current_task_num()
resultdata['portacsn'] = portscantask.getObject().get_length()
resultdata['portacsn_running'] = portscantask.getObject(
).get_current_task_num()
resultdata['fuzz'] = fuzztask.getObject().get_length()
resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num()
# resultdata['pocdect'] = pocsearchtask.getObject().get_length()
# resultdata['pocdect_running']=pocsearchtask.getObject().get_current_task_num()
resultdata['sqltask'] = Sqldatatask.getObject().get_length()
resultdata['sqltask_running'] = Sqldatatask.getObject(
).get_current_task_num()
return HttpResponse(json.dumps(resultdata,
skipkeys=True,
default=webtool.object2dict),
content_type="application/json")
def systeminfo(request):
from spidertool import sniffertask, zmaptool, portscantask, Sqldatatask
from spidertool.template_identify.fluzzdetect import fuzztask
from spidertool.template_identify.poc_file import pocsearchtask
resultdata = {}
resultdata['nmapfont'] = taskcontrol.getObject().get_length()
resultdata['nmapfont_running'] = taskcontrol.getObject(
).get_current_task_num()
resultdata['nmapback'] = sniffertask.getObject().get_length()
resultdata['nmapback_running'] = sniffertask.getObject(
).get_current_task_num()
resultdata['portacsn'] = portscantask.getObject().get_length()
resultdata['portacsn_running'] = portscantask.getObject(
).get_current_task_num()
resultdata['fuzz'] = fuzztask.getObject().get_length()
resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num()
resultdata['pocdect'] = pocsearchtask.getObject().get_length()
resultdata['pocdect_running'] = pocsearchtask.getObject(
).get_current_task_num()
resultdata['sqltask'] = Sqldatatask.getObject().get_length()
resultdata['sqltask_running'] = Sqldatatask.getObject(
).get_current_task_num()
return HttpResponse(json.dumps(resultdata,
skipkeys=True,
default=webtool.object2dict),
content_type="application/json")
def __init__(self, islocalwork=config.Config.islocalwork):
'''
Constructor
'''
try:
self.nma = nmap.PortScanner(
) # instantiate nmap.PortScanner object
self.params = '-A -Pn -sC -R -v -O '
# self.params='-sV -T4 -O ' #快捷扫描加强版
# self.params='-sS -sU -T4 -A -v' #深入扫描
except nmap.PortScannerError:
print('Nmap not found', sys.exc_info()[0])
except:
print('Unexpected error:', sys.exc_info()[0])
self.uploadwork = uploadtask.getObject()
self.config = config.Config
self.webconfig = webconfig.WebConfig
self.sqlTool = Sqldatatask.getObject()
self.islocalwork = islocalwork
self.portscan = portscantask.getObject()
import spidertool.getLocationTool as getLocationTool
self.getlocationtool = getLocationTool.getObject()
def upload_ip_info(request):
sqldatawork = []
func = request.POST.get('func', '')
dic = request.POST.get('dic', '{}')
nowdic = eval(dic) #存在安全隐患, 改用json库
tempwprk = Sqldata.SqlData(
func, nowdic) #赋值给Sqldata类, 后期通过getXXX获取, 在Sqldatatask.py中
sqldatawork.append(tempwprk)
sqlTool = Sqldatatask.getObject()
sqlTool.add_work(sqldatawork)
works = request.POST.get('workdetail', [])
print "nmaproute::upload_ip_info():", works
temphosts = request.POST.get('ip', '')
tempvendor = request.POST.get('vendor', '')
temposfamily = request.POST.get('osfamily', '')
temposgen = request.POST.get('osgen', '')
tempaccuracy = request.POST.get('accuracy', '')
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
temphostname = request.POST.get('hostname', '')
tempstate = request.POST.get('state', '')
ipcontrol.ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
tempaccuracy, localtime, temphostname, tempstate)
data = {}
data['result'] = '1'
return HttpResponse(json.dumps(data,
skipkeys=True,
default=webtool.object2dict),
content_type="application/json")
def storedata(ip='', port='', hackinfo=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
# if islocalwork==0:
# work=[]
# dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
# tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic}
# jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata)
# work.append(jsondata)
# self.uploadwork.add_work(work)
# else:
hackinfo = SQLTool.escapewordby(str(hackinfo))
extra = ' on duplicate key update disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, hackinfo, str(port)))
sqldatawprk = []
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'disclosure', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
print 'fuzz 数据存储'
pass
def storedata(ip='',port='',hackinfo=None):
sqlTool=Sqldatatask.getObject()
localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata=[]
# if islocalwork==0:
# work=[]
# dic={"table":config.Config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
# tempdata={"func":'replaceinserttableinfo_byparams',"dic":dic}
# jsondata=uploaditem.UploadData(url=self.webconfig.upload_ip_info,way='POST',params=tempdata)
# work.append(jsondata)
# self.uploadwork.add_work(work)
# else:
hackinfo=SQLTool.escapewordby(str(hackinfo))
extra=' on duplicate key update hackinfo=\''+hackinfo+'\' , timesearch=\''+localtime+'\''
insertdata.append((str(ip),port,hackinfo,str(port)))
sqldatawprk=[]
dic={"table":config.Config.porttable,"select_params":['ip','port','hackinfo','portnumber'],"insert_values":insertdata,"extra":extra}
tempwprk=Sqldata.SqlData('inserttableinfo_byparams',dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
pass
def storedata(ip='',port='',hackinfo=None):
sqlTool=Sqldatatask.getObject()
localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata=[]
hackinfo=SQLTool.escapewordby(str(hackinfo))
extra=' on duplicate key update disclosure=\''+hackinfo+'\' , timesearch=\''+localtime+'\''
insertdata.append((str(ip),port,hackinfo,str(port)))
dic={"table":config.Config.porttable,"select_params":['ip','port','disclosure','portnumber'],"insert_values":insertdata,"extra":extra}
if islocalwork==0:
work=[]
tempdata={"func":'inserttableinfo_byparams',"dic":dic}
jsondata=uploaditem.UploadData(url=webconfig.WebConfig.upload_ip_info,way='POST',params=tempdata)
work.append(jsondata)
temp=uploadtask.getObject()
temp.add_work(work)
else:
sqldatawprk=[]
tempwprk=Sqldata.SqlData(func='inserttableinfo_byparams',dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
print 'fuzz 数据存储'
pass
def systeminfo(request):
from spidertool import sniffertask, zmaptool,portscantask,Sqldatatask
from spidertool.detection.fluzzdetect import fuzztask
from spidertool.detection.vuldect import pocsearchtask
resultdata={}
resultdata['nmapfont']=taskcontrol.getObject().get_length()
resultdata['nmapfont_running'] = taskcontrol.getObject().get_current_task_num()
resultdata['nmapback']=sniffertask.getObject().get_length()
resultdata['nmapback_running'] = sniffertask.getObject().get_current_task_num()
resultdata['portacsn']=portscantask.getObject().get_length()
resultdata['portacsn_running'] = portscantask.getObject().get_current_task_num()
resultdata['fuzz']=fuzztask.getObject().get_length()
resultdata['fuzz_running'] = fuzztask.getObject().get_current_task_num()
resultdata['pocdect'] = pocsearchtask.getObject().get_length()
resultdata['pocdect_running']=pocsearchtask.getObject().get_current_task_num()
resultdata['sqltask'] = Sqldatatask.getObject().get_length()
resultdata['sqltask_running']=Sqldatatask.getObject().get_current_task_num()
return HttpResponse(json.dumps(resultdata,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def ip_info_upload(temphosts, tempvendor, temposfamily, temposgen,
tempaccuracy, localtime, temphostname, tempstate):
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
sqlTool = Sqldatatask.getObject()
# sqldatawprk=[]
# dic={"table":self.config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
# tempwprk=Sqldata.SqlData('replaceinserttableinfo_byparams',dic)
# sqldatawprk.append(tempwprk)
# sqlTool.add_work(sqldatawprk)
pass
def ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate):
localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
sqlTool=Sqldatatask.getObject()
# sqldatawprk=[]
# dic={"table":self.config.iptable,"select_params": ['ip','vendor','osfamily','osgen','accurate','updatetime','hostname','state'],"insert_values": [(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)]}
# tempwprk=Sqldata.SqlData('replaceinserttableinfo_byparams',dic)
# sqldatawprk.append(tempwprk)
# sqlTool.add_work(sqldatawprk)
pass
def upload_port_info(request):
sqldatawprk=[]
func=request.POST.get('func','')
dic=request.POST.get('dic','{}')
nowdic=eval(dic)
tempwprk=Sqldata.SqlData(func,nowdic)
sqldatawprk.append(tempwprk)
sqlTool=Sqldatatask.getObject()
sqlTool.add_work(sqldatawprk)
data={}
data['result']='1'
return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def upload_port_info(request):
sqldatawprk=[]
func=request.POST.get('func','')
dic=request.POST.get('dic','{}')
nowdic=eval(dic)
tempwprk=Sqldata.SqlData(func,nowdic)
sqldatawprk.append(tempwprk)
sqlTool=Sqldatatask.getObject()
sqlTool.add_work(sqldatawprk)
data={}
data['result']='1'
return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def upload_ip_info(request):
sqldatawprk=[]
func=request.POST.get('func','')
dic=request.POST.get('dic','{}')
nowdic=eval(dic)#存在安全隐患, 改用json库
tempwprk=Sqldata.SqlData(func,nowdic)
sqldatawprk.append(tempwprk)
sqlTool=Sqldatatask.getObject()
sqlTool.add_work(sqldatawprk)
# works=request.POST.get('workdetail',[])
# print works
# tempvendor=request.POST.get('vendor','')
# temposfamily=request.POST.get('osfamily','')
# temposgen=request.POST.get('osgen','')
# tempaccuracy=request.POST.get('accuracy','')
# temphostname=request.POST.get('hostname','')
# tempstate=request.POST.get('state','')
# ipcontrol.ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)
data={}
data['result']='1'
return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def upload_ip_info(request):
sqldatawprk=[]
func=request.POST.get('func','')
dic=request.POST.get('dic','{}')
nowdic=eval(dic)#存在安全隐患, 改用json库
tempwprk=Sqldata.SqlData(func,nowdic)
sqldatawprk.append(tempwprk)
sqlTool=Sqldatatask.getObject()
sqlTool.add_work(sqldatawprk)
# works=request.POST.get('workdetail',[])
# print works
# tempvendor=request.POST.get('vendor','')
# temposfamily=request.POST.get('osfamily','')
# temposgen=request.POST.get('osgen','')
# tempaccuracy=request.POST.get('accuracy','')
# temphostname=request.POST.get('hostname','')
# tempstate=request.POST.get('state','')
# ipcontrol.ip_info_upload(temphosts,tempvendor,temposfamily,temposgen,tempaccuracy,localtime,temphostname,tempstate)
data={}
data['result']='1'
return HttpResponse(json.dumps(data,skipkeys=True,default=webtool.object2dict), content_type="application/json")
def storedata(ip='', port='', hackresults=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
hackresults = SQLTool.escapewordby(str(hackresults))
extra = ' on duplicate key update hackresults=\'' + hackresults + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, hackresults, str(port)))
sqldatawprk = []
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'hackresults', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
pass
def storedata(ip='', port='', hackinfo=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
hackinfo = SQLTool.escapewordby(str(hackinfo))
extra = ' on duplicate key update disclosure=\'' + hackinfo + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, hackinfo, str(port)))
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'disclosure', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
if islocalwork == 0:
work = []
tempdata = {"func": 'inserttableinfo_byparams', "dic": dic}
jsondata = uploaditem.UploadData(
url=webconfig.WebConfig.upload_ip_info,
way='POST',
params=tempdata)
work.append(jsondata)
temp = uploadtask.getObject()
temp.add_work(work)
else:
sqldatawprk = []
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
print 'fuzz 数据存储'
pass
def storedata(ip='', port='', disclosures=None):
sqlTool = Sqldatatask.getObject()
localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
insertdata = []
# {'223.223.187.90:8080': [{'status': 200, 'url': '223.223.187.90:8080/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/file/Placard/upload/Imo_DownLoadUI.php?cid=1&uid=1&type=1&filename=/../../../../etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/resin-doc/resource/tutorial/jndi-appconfig/test?inputFile=/etc/passwd'}, {'status': 200, 'url': '223.223.187.90:8080/wp-config.php~'}, {'status': 200, 'url': '223.223.187.90:8080/'}]}
# 现在是依次遍历list集合拼接,是否可以直接返回list集合,像hackresults一样
disclosure = ''
# for ip_port in disclosures:
# disinfo_list = disclosures[ip_port]
# for disinfo in disinfo_list:
# disclosure += str(disinfo) + '\\n '
# disinfo_list.remove(disinfo)
# print "fuzzey detect callbackfuzz: ", type(disclosures), str(disclosures) # a dict
disclosure = SQLTool.escapewordby(str(disclosures))
extra = ' on duplicate key update disclosure=\'' + disclosure + '\' , timesearch=\'' + localtime + '\''
insertdata.append((str(ip), port, disclosure, str(port)))
sqldatawprk = []
dic = {
"table": config.Config.porttable,
"select_params": ['ip', 'port', 'disclosure', 'portnumber'],
"insert_values": insertdata,
"extra": extra
}
tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
sqldatawprk.append(tempwprk)
sqlTool.add_work(sqldatawprk)
from ..vuldect import pocsearchtask
temp = pocsearchtask.getObject()
# head,context,ip,port,productname,keywords,nmapscript,protocol
temp.add_work([(None, None, ip, port, None, None, disclosures, None)])
pass
