Exemplo n.º 1
0
    def task(self,req,threadname):
        self.logger and self.logger.info('%s 端口扫描 执行任务中%s', threadname,str(datetime.datetime.now()))
#         print req[0],req[1],req[2],req[3]
        if req[3]!='open':
            return ''
        ip=req[1]
        port=req[2]
        productname=req[4]
        nmapscript=req[5]
        head=None
        ans=None
        hackinfo=''
        keywords=''
        if req[0]=='http' or req[0]=='https':
            if ip[0:4]=='http':
                address=ip+':'+port
            else:
                if  port=='443':
                    address='https'+'://'+ip+':'+port
                else:
                    
                    address=req[0]+'://'+ip+':'+port
            print address
            head,ans = self.connectpool.getConnect(address)
            from template_identify import page_identify
            keywords,hackinfo=page_identify.identify_main(head=head,context=ans,ip=ip,port=port,productname=productname,protocol=req[0],nmapscript=nmapscript)
        else:
            head,ans,keywords,hackinfo=self.portscan.do_scan(head=head,context=ans,ip=ip,port=port,name=req[0],productname=productname,nmapscript=nmapscript)
        
#         print ans
#         self.sqlTool.connectdb()
        localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
        insertdata=[]
        temp=str(ans)

        head=SQLTool.escapewordby(head)
        msg=SQLTool.escapewordby(temp)
        hackinfomsg=SQLTool.escapewordby(hackinfo)
        keywords=SQLTool.escapewordby(keywords)
        import Sqldata
        insertdata.append((ip,port,localtime,str(head),msg,str(port),hackinfomsg,keywords))
                                         
        extra=' on duplicate key update  detail=\''+msg+'\' ,head=\''+str(head)+'\', timesearch=\''+localtime+'\',hackinfo=\''+hackinfomsg+'\',keywords=\''+str(keywords)+'\''
        sqldatawprk=[]
        dic={"table":self.config.porttable,"select_params":['ip','port','timesearch','detail','head','portnumber','hackinfo','keywords'],"insert_values":insertdata,"extra":extra}
        tempwprk=Sqldata.SqlData('inserttableinfo_byparams',dic)
        sqldatawprk.append(tempwprk)
        self.sqlTool.add_work(sqldatawprk)
#         inserttableinfo_byparams(table=self.config.porttable,select_params=['ip','port','timesearch','detail'],insert_values=insertdata,extra=extra)


#         self.sqlTool.closedb()
       
        
        self.logger and self.logger.info('%s 端口扫描 任务结束%s', threadname,str(datetime.datetime.now()))

        
        
        
        return ans
Exemplo n.º 2
0
    def task(self,req,threadname):
        self.logger and self.logger.info('%s 端口扫描 执行任务中%s', threadname,str(datetime.datetime.now()))
#         print req[0],req[1],req[2],req[3]

        if req[3]!='open':
            return ''
        ip=req[1]
        port=req[2]
        productname=req[4]
        nmapscript=req[5]
        head=None
        ans=None
        hackinfo=''
        keywords=''

        if (req[0]=='http' or req[0]=='https') or (req[0]=='tcpwrapped' and port in ['80','8080','7001']):

            if ip[0:4]=='http':
                address=ip+':'+port
            else:
                if  port=='443':
                    address='https'+'://'+ip+':'+port

                else:
                    if req[0]=='tcpwrapped' and port in ['80','8080','7001']:
                        address = 'http://' + ip + ':' + port
                    else:
                        address=req[0]+'://'+ip+':'+port


            head,ans = self.connectpool.getConnect(address)
            from template_identify import page_identify
            keywords,hackinfo=page_identify.identify_main(head=head,context=ans,ip=ip,port=port,productname=productname,protocol=req[0],nmapscript=nmapscript)
        else:
            head,ans,keywords,hackinfo=self.portscan.do_scan(head=head,context=ans,ip=ip,port=port,name=req[0],productname=productname,nmapscript=nmapscript)
            pass
#         print ans
#         self.sqlTool.connectdb()
        localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
        insertdata=[]
        temp=str(ans)

        head=SQLTool.escapewordby('{'+head+'}')
        msg=SQLTool.escapewordby('{'+temp+'}')
        hackinfomsg=SQLTool.escapewordby(hackinfo)
        keywords=SQLTool.escapewordby(keywords)
        import Sqldata
        insertdata.append((ip,port,localtime,msg,str(head),str(port),hackinfomsg,keywords))
                                         
        extra=' on duplicate key update  detail=\''+msg+'\' ,head=\''+str(head)+'\', timesearch=\''+localtime+'\',hackinfo=\''+hackinfomsg+'\',keywords=\''+str(keywords)+'\''
        sqldatawprk=[]
        dic={"table":self.config.porttable,"select_params":['ip','port','timesearch','detail','head','portnumber','hackinfo','keywords'],"insert_values":insertdata,"extra":extra}
        tempwprk=Sqldata.SqlData('inserttableinfo_byparams',dic)
        sqldatawprk.append(tempwprk)
        self.sqlTool.add_work(sqldatawprk)
#         inserttableinfo_byparams(table=self.config.porttable,select_params=['ip','port','timesearch','detail'],insert_values=insertdata,extra=extra)


#         self.sqlTool.closedb()
       
        
        self.logger and self.logger.info('%s 端口扫描 任务结束%s', threadname,str(datetime.datetime.now()))

        
        
        
        return ans
Exemplo n.º 3
0
    def task(self, req, threadname):
        print threadname + '执行任务中' + str(datetime.datetime.now())

        #         print req[0],req[1],req[2],req[3]
        if req[3] != 'open':
            return ''
        ip = req[1]
        port = req[2]
        productname = req[4]
        nmapscript = req[5]
        head = None
        ans = None
        hackinfo = ''
        keywords = ''
        if req[0] == 'http' or req[0] == 'https':
            if ip[0:4] == 'http':
                address = ip + ':' + port
            else:
                if port == '443':
                    address = 'https' + '://' + ip + ':' + port
                else:

                    address = req[0] + '://' + ip + ':' + port
            print address
            head, ans = self.connectpool.getConnect(address)
            from template_identify import page_identify
            keywords, hackinfo = page_identify.identify_main(
                head=head,
                context=ans,
                ip=ip,
                port=port,
                productname=productname,
                protocol=req[0],
                nmapscript=nmapscript)
        else:
            head, ans, keywords, hackinfo = self.portscan.do_scan(
                head=head,
                context=ans,
                ip=ip,
                port=port,
                name=req[0],
                productname=productname,
                nmapscript=nmapscript)

        localtime = str(time.strftime("%Y-%m-%d %X", time.localtime()))
        insertdata = []
        temp = str(ans)
        head = SQLTool.escapeword(head)
        msg = SQLTool.escapeword(temp)
        hackinfomsg = SQLTool.escapeword(hackinfo)
        keywords = SQLTool.escapewordby(keywords)
        insertdata.append((ip, port, localtime, str(head), msg, str(port),
                           hackinfomsg, keywords))

        extra = ' on duplicate key update  detail=\'' + msg + '\' ,head=\'' + str(
            head
        ) + '\', timesearch=\'' + localtime + '\',hackinfo=\'' + hackinfomsg + '\',keywords=\'' + str(
            keywords) + '\''
        sqldatawprk = []
        dic = {
            "table":
            self.config.porttable,
            "select_params": [
                'ip', 'port', 'timesearch', 'detail', 'head', 'portnumber',
                'hackinfo', 'keywords'
            ],
            "insert_values":
            insertdata,
            "extra":
            extra
        }

        if self.islocalwork == 0:
            tempdata = {"func": 'inserttableinfo_byparams', "dic": dic}
            jsondata = uploaditem.UploadData(
                url=self.webconfig.upload_port_info,
                way='POST',
                params=tempdata)
            sqldatawprk.append(jsondata)
            self.uploadwork.add_work(sqldatawprk)
        else:

            tempwprk = Sqldata.SqlData('inserttableinfo_byparams', dic)
            sqldatawprk.append(tempwprk)
            self.sqlTool.add_work(sqldatawprk)


#         inserttableinfo_byparams(table=self.config.porttable,select_params=['ip','port','timesearch','detail'],insert_values=insertdata,extra=extra)

#         self.sqlTool.closedb()
        print threadname + '任务结束' + str(datetime.datetime.now())

        return ans
Exemplo n.º 4
0
    def task(self,req,threadname):
        # print ("\n======================portscantask::task() req:%s======================\n"%str(req))
        if req[3]!='open':
            return ''
        protocal = req[0]
        ip = req[1]
        port = req[2]
        productname = req[4]
        nmapscript = req[5]
        head = None
        page = None
        hackresults = ''
        keywords = ''
        webkey = ''
        webtitle = ''
        self.logger.info(' 端口[%s:%s]扫描%s执行任务中%s', protocal, port, threadname, str(datetime.datetime.now()))
        if port in ['3306', '873', '22', '21']:
            # mysql/ftp/rsync/ssh四个检测,暴力破解尝试登录;head和page无返回,为空
            head, page, keywords, hackresults = self.portscan.do_scan(head=head,context=page,ip=ip,port=port,name=protocal,productname=productname,nmapscript=nmapscript)
            import webutil
            webinfo = webutil.getwebinfo(page)
            webkey = webinfo['keywords']
            webtitle = webinfo['title']
            self.logger.info('webutil.getwebinfo(%s:%s) method_2 \nkeywords:%s\ntitle:%s\n', ip, str(port), webkey, webtitle)
            # 7001端口是Freak88, Weblogic默认端口
            # if (protocal == 'http' or protocal == 'https') or (protocal in ['tcpwrapped', 'None'] and port in ['80','8080','7001']):
        else:
            if port == '443':
                address = 'https' + '://' + ip + ':' + port
            elif ip[0:4] == 'http':
                address = ip + ':' + port
            else:
                address = 'http://' + ip + ':' + port
            # if ip[0:4] == 'http':
            #     address = ip+':'+port
            # else:
            #     if port == '443':
            #         address='https'+'://'+ip+':'+port
            #     else:
            #         if protocal == 'tcpwrapped' and port in ['80','8080','7001']:
            #             address = 'http://' + ip + ':' + port
            #         else: # None, 不合法?ftp/smtp...貌似无法访问,都是error
            #             address = protocal+'://'+ip+':'+port
            # 获取网页反馈的头部和整个网页信息(urllib2, requests)
            self.logger.info('get %s\'s head and context', address)
            head, page = self.connectpool.getConnect(address)
            import webutil
            # 获取网页的关键词和网站标题
            webinfo = webutil.getwebinfo(page)
            webkey = webinfo['keywords']
            webtitle = webinfo['title']
            self.logger.info('webutil.getwebinfo(%s) method_1 \nkeywords:%s\ntitle:%s\n', address, webkey, webtitle)

            try:
                # 调用检测功能(http/poc/fuzz,目前只开源了fuzz检测)
                # httpdect(headdect) 可以获得keywords和hackresults信息, 后续要探究下这部分怎么解析, 所以目前返回的结果为空
                # pocsearch 后续也要加入
                from detection import page_identify
                keywords, hackresults = page_identify.identify_main(head=head,context=page,ip=ip,port=port,productname=productname,protocol=protocal,nmapscript=nmapscript)
            except:
                pass

#         print page
#         self.sqlTool.connectdb()
        localtime=str(time.strftime("%Y-%m-%d %X", time.localtime()))
        insertdata=[]
        temp = str(page)

    	# 通过转义存入数据库,不然一些\'和sql语句冲突,无法存入!str(word).replace("'", "'")
	# str(MySQLdb.escape_string(str(decodestr(word))))
        head = SQLTool.escapewordby('{'+head+'}')
        msg = SQLTool.escapewordby('{'+temp+'}')
        hackresultsmsg = SQLTool.escapewordby(str(hackresults))
        keywords = SQLTool.escapewordby(str(keywords))
        import Sqldata
        insertdata.append((ip,port,localtime,msg,str(head),str(port),hackresultsmsg,keywords,webkey,webtitle))

        extra = ' on duplicate key update  detail=\''+msg+'\' ,head=\''+str(head)+'\', timesearch=\''+localtime+'\', hackresults=\''+hackresultsmsg+'\',keywords=\''+str(keywords)+'\',webkeywords=\''+webkey+'\',webtitle=\''+webtitle+'\''
        sqldatawprk = []
        dic = {"table":self.config.porttable,"select_params":['ip','port','timesearch','detail','head','portnumber','hackresults','keywords','webkeywords','webtitle'],"insert_values":insertdata,"extra":extra}
        tempwprk = Sqldata.SqlData('inserttableinfo_byparams',dic)
        sqldatawprk.append(tempwprk)
        self.sqlTool.add_work(sqldatawprk)
#         inserttableinfo_byparams(table=self.config.porttable,select_params=['ip','port','timesearch','detail'],insert_values=insertdata,extra=extra)

#         self.sqlTool.closedb()
        self.logger.info('%s 端口[%s]扫描任务结束%s', port, threadname,str(datetime.datetime.now()))
        return page