def Updata(request):#更新项目数据
RequestLogRecord(request, request_api="updata_email_project")
if request.method == "POST":
try:
EndTime = json.loads(request.body)["end_time"]
Token = json.loads(request.body)["token"]
Key = json.loads(request.body)["project_key"] # 项目Key
Name = json.loads(request.body)["project_name"] # 项目名称
MailMessage = json.loads(request.body)["mail_message"] # 文本内容
Attachment = json.loads(request.body)["attachment"] # 附件列表
Image = json.loads(request.body)["image"] # 获取内容图片
MailTitle = json.loads(request.body)["mail_title"] # 邮件标题
Sender = json.loads(request.body)["sender"] # 发送人姓名
GoalMailbox = json.loads(request.body)["goal_mailbox"] # 目标邮箱
ForgedAddress = json.loads(request.body)["forged_address"] # 伪造发件人
Interval = json.loads(request.body)["interval"] # 邮件发送间隔
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="updata_email_project", uid=Uid) # 查询到了在计入
if len(GoalMailbox)<=0 and type(GoalMailbox)==dict:
return JsonResponse({'message': "未传入邮件接收人!", 'code': 414, })
if type(Attachment)!=dict or type(Image)!=dict:
return JsonResponse({'message': "附件或者图片必须传入字典类型,不可置空!", 'code': 415, })
if len(Name)==0:
return JsonResponse({'message': "项目名称必须填入参数!", 'code': 416, })
if int(EndTime)-int(time.time())<10000000:
ProjectStatus= EmailProject().ProjectStatus(uid=Uid,project_key=Key)#查看项目是否启动
CompilationStatus = EmailProject().CompilationStatus(uid=Uid, project_key=Key)#查看项目是否完成
if CompilationStatus:
return JsonResponse({'message': "项目已经运行结束禁止修改其中内容!", 'code': 409, })
if ProjectStatus:
return JsonResponse({'message': "项目已经开启禁止修改,如需修改请停止运行!", 'code': 406, })
else:
Result=EmailProject().Updata(uid=Uid,
mail_message=base64.b64encode(str(MailMessage).encode('utf-8')).decode('utf-8'),
attachment=Attachment,
project_name=Name,
image=Image,
mail_title=base64.b64encode(str(MailTitle).encode('utf-8')).decode('utf-8'),
sender=base64.b64encode(str(Sender).encode('utf-8')).decode('utf-8'),
forged_address=base64.b64encode(str(ForgedAddress).encode('utf-8')).decode('utf-8'),
redis_id="",
project_key=Key,
end_time=EndTime,
goal_mailbox=GoalMailbox,#list(set(GoalMailbox)),#去重数据
interval=Interval)
if Result:
return JsonResponse({'message': "更新成功!", 'code': 200, })
else:
return JsonResponse({'message': "更新失败!", 'code': 507, })
else:
return JsonResponse({'message': "时间间隔太长了!", 'code': 506, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Updata(def)", e)
return JsonResponse({'message': "未知错误(๑•̀ㅂ•́)و✧", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Run(request):#运行项目
RequestLogRecord(request, request_api="run_email_project")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
Key = json.loads(request.body)["project_key"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="run_email_project", uid=Uid) # 查询到了在计入
#下发任务后修改项目状态(下发任务留空),任务完成后项目就不可修改
ProjectResult=EmailProject().Query(uid=Uid,project_key=Key)#获取目标
if ProjectResult[13]=="0" and ProjectResult[15]=="0":
TargetList=ast.literal_eval(ProjectResult[2])#目标
MailMessage = base64.b64decode(str(ProjectResult[6]).encode('utf-8')).decode('utf-8') # 正文内容,需要用base64加密
Attachment = ast.literal_eval(ProjectResult[7]) # 附件文件,需要传入json格式,使用的是本地名称
Image = ast.literal_eval(ProjectResult[8]) # 图片文件,使用列表形式窜入
MailTitle =base64.b64decode(str(ProjectResult[9]).encode('utf-8')).decode('utf-8') # 邮件头
Sender = base64.b64decode(str(ProjectResult[10]).encode('utf-8')).decode('utf-8') # 发送人名称
ForgedAddress = base64.b64decode(str(ProjectResult[11]).encode('utf-8')).decode('utf-8') # 伪造的发件人地址
Interval = ProjectResult[14] # 邮件发送间隔
if TargetList!=0:
SendMailForRedis = SendMail.delay(MailMessage, Attachment, Image, MailTitle, Sender, TargetList,
ForgedAddress,Interval,Key) # 调用下发任务
EmailProject().UpdataRedis(uid=Uid, project_key=Key, redis_id = SendMailForRedis.task_id)
Result = EmailProject().ModifyProjectStatus(uid=Uid, project_key=Key, project_status="1")
if Result:
return JsonResponse({'message': "项目启动成功!", 'code': 200, })
else:
return JsonResponse({'message': "项目启动失败!", 'code': 505, })
else:
return JsonResponse({'message': "不存在目标无法启动!", 'code': 406, })
else:
return JsonResponse({'message': "项目已经启动或者已经完成!", 'code': 410, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Run(def)", e)
return JsonResponse({'message': "未知错误,请查看日志(๑•̀ㅂ•́)و✧", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Statistics(request):#统计项目个数
RequestLogRecord(request, request_api="mail_project_statistics")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="mail_project_statistics", uid=Uid) # 查询到了在计入
Result=EmailProject().Statistics(uid=Uid)
return JsonResponse({'message': Result, 'code': 200, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Statistics(def)", e)
return JsonResponse({'message': "未知错误,请查看日志(๑•̀ㅂ•́)و✧", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Creation(request):#创建生成项目
RequestLogRecord(request, request_api="create_email_project")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="create_email_project", uid=Uid) # 查询到了在计入
Key=randoms().result(10)#生成Key
Result=EmailProject().Write(uid=Uid,project_key=Key)
if Result:
return JsonResponse({'message': Key, 'code': 200, })
else:
return JsonResponse({'message': "创建失败!", 'code': 505, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Creation(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Manufacture(**kwargs):
ProjectKey = kwargs.get("project_key")
Uid = kwargs.get("uid")
Dataset = {}
ProjectResult = EmailProject().Query(uid=Uid,
project_key=ProjectKey) #获取目标
TargetList = ast.literal_eval(ProjectResult[2]) # 目标
Fooled = [
dict(t) for t in set([
tuple(d.items())
for d in EmailReceiveData().NotNull(project_key=ProjectKey)
])
] #上钩数据,查询出来后进行去重
Open = [
dict(t) for t in set([
tuple(d.items())
for d in EmailReceiveData().IsNull(project_key=ProjectKey)
])
] #打开邮件数据,查询出来后进行去重
Open2Email = [t for t in [d["email"] for d in Open]] #提取出邮件值
Fooled2Email = [t for t in [d["email"] for d in Fooled]] # 提取出邮件值
for i in TargetList: #数据处理
TotalAmount = len(TargetList[i]) #总数
OpenHits = 0 #点开邮件命中了数量
FooledHits = 0 #上钩了的命中数量
for x in TargetList[i]:
if x in Open2Email:
OpenHits += 1
elif x in Fooled2Email:
FooledHits += 1
Dataset[i] = {
"total_amount": TotalAmount,
"open_hits": OpenHits,
"fooled_hits": FooledHits
} #统计BU的数据
Dataset["open_email_user_data"] = Open2Email
Dataset["hooked_email_user_data"] = Fooled2Email
EmailGraph().Updata(project_key=ProjectKey,
uid=Uid,
graph_data=str(Dataset))
def Summary(request):#查询邮件摘要详情
RequestLogRecord(request, request_api="email_project_summary")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
NumberOfPages=json.loads(request.body)["number_of_pages"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="email_project_summary", uid=Uid) # 查询到了在计入
if int(NumberOfPages)>0:
Result=EmailProject().Summary(uid=Uid,number_of_pages=int(NumberOfPages))
return JsonResponse({'message': Result, 'code': 200, })
else:
return JsonResponse({'message': "你家页数是负数的????", 'code': 400, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Summary(def)", e)
return JsonResponse({'message': "未知错误,请查看日志(๑•̀ㅂ•́)و✧", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Stop(request):#运行项目
RequestLogRecord(request, request_api="stop_email_project")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
Key = json.loads(request.body)["project_key"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="stop_email_project", uid=Uid) # 查询到了在计入
#结束任务后修改项目状态(结束任务留空)
Result=EmailProject().ModifyProjectStatus(uid=Uid,project_key=Key,project_status="0")
if Result:
return JsonResponse({'message': "项目停止成功!", 'code': 200, })
else:
return JsonResponse({'message': "项目停止失败!", 'code': 505, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Stop(def)", e)
return JsonResponse({'message': "未知错误,请查看日志(๑•̀ㅂ•́)و✧", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Details(request):#查询邮件详情
RequestLogRecord(request, request_api="email_project_details")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
Key = json.loads(request.body)["project_key"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="email_project_details", uid=Uid) # 查询到了在计入
Result=EmailProject().Query(uid=Uid,project_key=Key)
JsonValues={}
JsonValues["goal_mailbox"] = ast.literal_eval(Result[2])
JsonValues["end_time"] = Result[3]
JsonValues["project_key"] = Result[4]
JsonValues["project_name"] = Result[5]
JsonValues["mail_message"] = Result[6]
JsonValues["attachment"] = ast.literal_eval(Result[7])
JsonValues["image"] = ast.literal_eval(Result[8])
JsonValues["mail_title"] = Result[9]
JsonValues["sender"] = Result[10]
JsonValues["forged_address"] = Result[11]
JsonValues["redis_id"] = Result[12]
JsonValues["compilation_status"] = Result[13]
JsonValues["interval"] = Result[14]
JsonValues["project_status"] = Result[15]
JsonValues["creation_time "] = Result[16]
return JsonResponse({'message': JsonValues, 'code': 200, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Details(def)", e)
return JsonResponse({'message': "未知错误,请查看日志(๑•̀ㅂ•́)و✧", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Monitor(request, data): #用于接收信息的监控
RequestLogRecord(request, request_api="email")
GetRequestFragment = "" #项目ID
try:
GetRequestFragment = re.search(r'/[a-zA-Z0-9]{10}',
str(request.get_full_path),
re.I).group(0)[1:11]
#print(GetRequestFragment[1:11])
except Exception as e:
ErrorLog().Write(
"Web_Email_ReceiveData_Monitor(def)-GetRequestFragment", e)
EndTime = EmailProject().MonitorQuery(
project_key=GetRequestFragment) #查询项目接受数据时间
if EndTime != None and int(EndTime) > int(time.time()): #判断项目是否结束
if request.method == "POST":
try:
Key = ""
if request.headers["Content-Type"] == "application/json":
DataPackInfo = request.body #获取post数据包信息
IncidentalData = json.loads(request.body) # 除了key以外的数据
Key = IncidentalData.pop('key') # 获取md5值,顺便删除了该值
if len(IncidentalData) <= 0: # 判断是否为空数据
IncidentalData = ""
else:
DataPackInfo = str(request.POST.dict()).encode(
'utf-8') #转换成字典后再换装byte类型穿给加密函数
IncidentalData = request.POST.dict() # 除了key以外的数据
Key = IncidentalData.pop('key') # 获取md5值,顺便删除了该值
if len(IncidentalData) <= 0: # 判断是否为空数据
IncidentalData = ""
#HeadersInfo = str(request.headers).encode('utf-8')#获取头信息
Result = EmailDetails().EmailAndDepartment(
email_md5=Key, project_key=GetRequestFragment)
if len(Key) == 32 and Result is not None:
EmailReceiveData().Write(
full_url=str(request.build_absolute_uri()),
request_method="POST",
project_key=GetRequestFragment,
target=Key,
email=Result[0],
department=Result[1],
data_pack_info=base64.b64encode(DataPackInfo).decode(
'utf-8'),
incidental_data=base64.b64encode(
str(IncidentalData).encode('utf-8')).decode(
'utf-8'))
except Exception as e:
ErrorLog().Write("Web_Email_ReceiveData_Monitor(def)-POST", e)
elif request.method == "GET":
try:
ParameterInfo = str(request.GET.dict()).encode(
'utf-8') #获取参数信息
# HeadersInfo=str(request.headers).encode('utf-8')#获取头信息
IncidentalData = request.GET.dict() #除了key以外的数据
Key = IncidentalData.pop('key') #获取md5值,顺便删除了该值
if len(IncidentalData) <= 0: #判断是否为空数据
IncidentalData = ""
Result = EmailDetails().EmailAndDepartment(
email_md5=Key, project_key=GetRequestFragment)
if len(Key) == 32 and Result is not None:
EmailReceiveData().Write(
full_url=str(request.build_absolute_uri()),
request_method="GET",
project_key=GetRequestFragment,
target=Key,
email=Result[0],
department=Result[1],
data_pack_info=base64.b64encode(ParameterInfo).decode(
'utf-8'),
incidental_data=base64.b64encode(
str(IncidentalData).encode('utf-8')).decode(
'utf-8'))
except Exception as e:
ErrorLog().Write("Web_Email_ReceiveData_Monitor(def)-GET", e)
return HttpResponse("")
def SendMail(MailMessage, Attachment, Image, MailTitle, Sender, GoalMailbox,
ForgedAddress, Interval, Key):
# 邮件内容
TempFilePath = GetTempFilePath().Result()
MailUploadFilePath = GetMailUploadFilePath().Result() # 本地文件路径
for Department in GoalMailbox: #循环获取部门
for Target in GoalMailbox[Department]: # 向多个目标发送
time.sleep(float(Interval)) #邮件发送间隔
MD5 = hashlib.md5(Target.encode()).hexdigest() #计算文件MD5值
try:
EmailBox = MIMEMultipart() # 创建容器
EmailBox['From'] = Header(Sender + "<" + ForgedAddress + ">",
'utf-8') # 发送人
EmailBox['To'] = Header(Target) # 发给谁
EmailBox['Subject'] = Header(MailTitle, 'utf-8') # 标题
EmailBox["Accept-Language"] = "zh-CN"
EmailBox["Accept-Charset"] = "ISO-8859-1,utf-8"
# 消息正文
TextMessage = MIMEMultipart('alternative')
EmailBox.attach(TextMessage)
MailMessage = Template(MailMessage).render(
md5=MD5) #对里面的模板进行处理,目前固定为{{ md5 }}占位符
TextMessage.attach(MIMEText(MailMessage, 'html', 'utf-8'))
# 发送附件
for i in Attachment:
AttachmentTemp = TempFilePath + i # 文件名字
AttachmentName = MailUploadFilePath + Attachment[
i] # 文件真实名字
shutil.copy(AttachmentName, AttachmentTemp) # 复制到temp目录
AttachmentData = MIMEApplication(
open(AttachmentTemp,
'rb').read()) # 使用temp文件的重命名文件进行发送
AttachmentData.add_header('Content-Disposition',
'attachment',
filename=i)
TextMessage.attach(AttachmentData)
# 正文图片
for x in Image:
ImageTemp = TempFilePath + x # 文件名字
ImageName = MailUploadFilePath + Image[x] # 文件真实名字
shutil.copy(ImageName, ImageTemp) # 复制到temp目录
pic = MIMEApplication(open(ImageTemp, 'rb').read())
pic.add_header("Content-Disposition",
"attachment",
filename=x)
pic.add_header('Content-ID', '<' + x + '>')
pic.add_header("X-Attachment-Id", "x")
TextMessage.attach(pic)
SMTP = smtplib.SMTP()
if email_test: #判断是否测试用例
SMTP.connect(third_party_mail_host, 25) # 25 为 SMTP 端口号
SMTP.login(third_party_mail_user, third_party_mail_pass)
SMTP.sendmail(third_party_mail_user, Target,
EmailBox.as_string())
else:
SMTP.connect(local_mail_host, 25) # 25 为 SMTP 端口号
#SMTP.set_debuglevel(True)
SMTP.sendmail(local_mail_user, Target,
EmailBox.as_string())
SMTP.quit()
SMTP.close()
EmailDetails().Write(email=Target,
email_md5=MD5,
status="1",
project_key=Key,
department=Department)
except Exception as e:
ErrorLog().Write("Mail delivery failed->" + str(Target), e)
EmailDetails().Write(email=Target,
email_md5=MD5,
status="-1",
project_key=Key,
department=Department)
EmailProject().ProjectCompletion(redis_id=SendMail.request.id) #修改为完工