def Registered(request):
RequestLogRecord(request, request_api="registered")
if request.method == "POST":
try:
ShowName = json.loads(request.body).get("show_name")
Username=json.loads(request.body).get("username")
Passwd=json.loads(request.body).get("passwd")
Email=json.loads(request.body).get("email")
Key = json.loads(request.body).get("key")
VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
Code = json.loads(request.body)["verification_code"].lower()#获取验证码
if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
if VerificationCodeResult:#如果为真,进行登录验证
if registration_function_status:#判断是否开启注册功能
if len(ShowName.strip("\r\n"))==0 or len(Username.strip("\r\n"))==0 or len(Passwd.strip("\r\n"))==0 or len(Email.strip("\r\n"))==0 or len(Key.strip("\r\n"))==0:#验证数据不为空
return JsonResponse({'message': '宝贝数据呢?💚', 'code': 666, })
else:
if Key==secret_key_required_for_account_registration:#判断是否符合注册值
VerifyUsername=UserInfo().VerifyUsername(Username)
VerifyEmail=UserInfo().VerifyEmail(Email)
if VerifyUsername or VerifyEmail:
return JsonResponse({'message': '用户名或邮箱已存在', 'code': 604, })
elif (VerifyUsername is None)or(VerifyEmail is None):
return JsonResponse({'message': '报错了🙄', 'code': 404, })
elif not VerifyUsername or not VerifyEmail:
Token=randoms().result(250)
Uid = randoms().result(100)#生成随机数,用户UID
Key = randoms().result(40) #生成key值
DomainNameSystemLogKey = randoms().LowercaseAndNumbers(5) # 生成DNSLOGkey值
Md5Passwd=Md5Encryption().Md5Result(Passwd)#进行加密
UserWrite=UserInfo().Write(name=Username, show_name=ShowName, token=Token, passwd=Md5Passwd,
email=Email, uid=Uid,key=Key,avatar="admin.jpg")
DomainNameSystemLogKeyword().Write(uid=Uid,key=DomainNameSystemLogKey)
if UserWrite:
return JsonResponse({'message': '注册成功', 'code': 200, })
elif UserWrite is None:
return JsonResponse({'message': '未知错误', 'code': 400, })
else:
return JsonResponse({'message': '注册失败', 'code': 603, })
else:
return JsonResponse({'message': '小宝贝这是非法注册哦(๑•̀ㅂ•́)و✧', 'code': 403, })
else:
return JsonResponse({'message': '小宝贝你没有开启注册功能哦!!', 'code': 503, })
else:
return JsonResponse({'message': "验证码错误或者过期!", 'code': 504, })
else:
return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 505, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_Registered_Registered(def)", e)
return JsonResponse({'message': '自己去看报错日志!', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def QueryMarkdownData(request):#用来查询协同作战数据
RequestLogRecord(request, request_api="query_markdown_data")
if request.method == "POST":
try:
UserToken = json.loads(request.body)["token"]
MarkdownName = json.loads(request.body)["markdown_name"]#传入文档名称
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="query_markdown_data", uid=Uid)
CheckPermissionsResult=MarkdownRelationship().CheckPermissions(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户
if CheckPermissionsResult:#如果属于该用户
CheckConflictResult=MarkdownInfo().CheckConflict(markdown_name=MarkdownName)#检查数据库这个文件是否存在
if CheckConflictResult:#如果文件已经有数据了
MarkdownInfoResult=MarkdownInfo().Query(markdown_name=MarkdownName)#文件数据查询
return JsonResponse({'message': MarkdownInfoResult, 'code': 200, })
else:#如果没有数据
return JsonResponse({'message': "", 'code': 200, })
else:
return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CollaborationPlatform_Markdown_QueryMarkdownData(def)", e)
return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def PackAttachment(request): #统计打包文件个数
RequestLogRecord(request, request_api="file_acquisition_pack_attachment")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="file_acquisition_pack_attachment",
uid=Uid) # 查询到了在计入
Result = FileAcquisitionPack().Quantity(uid=Uid)
return JsonResponse({
'message': Result,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_FileAcquisition_Query_PackAttachment(def)",
e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def SaveMarkdownData(request):#用来保存协同作战数据
RequestLogRecord(request, request_api="save_markdown_data")
if request.method == "POST":
try:
UserToken = json.loads(request.body)["token"]
MarkdownData = json.loads(request.body)["markdown_data"]#传入保存的数据
MarkdownName = json.loads(request.body)["markdown_name"]#传入文档名称
MarkdownDataToBast64=base64.b64encode(str(MarkdownData).encode('utf-8')).decode('utf-8')#转换成base64的数据
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="save_markdown_data", uid=Uid)
CheckPermissionsResult=MarkdownRelationship().CheckPermissions(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户
if CheckPermissionsResult:#如果属于该用户
CheckConflictResult=MarkdownInfo().CheckConflict(markdown_name=MarkdownName)#检查数据库这个文件是否存在
if CheckConflictResult:#如果文件已经有数据了
if not MarkdownInfo().Update(markdown_name=MarkdownName,markdown_data=MarkdownDataToBast64):#就对数据进行更新,接着判断更新返回值
return JsonResponse({'message': "保存失败~玛卡巴卡~~", 'code': 503, })
else:#如果没有数据
MarkdownInfo().Write(markdown_name=MarkdownName,markdown_data=MarkdownDataToBast64)#就对数据进行写入
return JsonResponse({'message': "保存成功啦~阿巴阿巴~", 'code': 200, })
else:
return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CollaborationPlatform_Markdown_SaveMarkdownData(def)", e)
return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Updata(request):#更新项目数据
RequestLogRecord(request, request_api="updata_email_project")
if request.method == "POST":
try:
EndTime = json.loads(request.body)["end_time"]
Token = json.loads(request.body)["token"]
Key = json.loads(request.body)["project_key"] # 项目Key
Name = json.loads(request.body)["project_name"] # 项目名称
MailMessage = json.loads(request.body)["mail_message"] # 文本内容
Attachment = json.loads(request.body)["attachment"] # 附件列表
Image = json.loads(request.body)["image"] # 获取内容图片
MailTitle = json.loads(request.body)["mail_title"] # 邮件标题
Sender = json.loads(request.body)["sender"] # 发送人姓名
GoalMailbox = json.loads(request.body)["goal_mailbox"] # 目标邮箱
ForgedAddress = json.loads(request.body)["forged_address"] # 伪造发件人
Interval = json.loads(request.body)["interval"] # 邮件发送间隔
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="updata_email_project", uid=Uid) # 查询到了在计入
if len(GoalMailbox)<=0 and type(GoalMailbox)==dict:
return JsonResponse({'message': "未传入邮件接收人!", 'code': 414, })
if type(Attachment)!=dict or type(Image)!=dict:
return JsonResponse({'message': "附件或者图片必须传入字典类型,不可置空!", 'code': 415, })
if len(Name)==0:
return JsonResponse({'message': "项目名称必须填入参数!", 'code': 416, })
if int(EndTime)-int(time.time())<10000000:
ProjectStatus= EmailProject().ProjectStatus(uid=Uid,project_key=Key)#查看项目是否启动
CompilationStatus = EmailProject().CompilationStatus(uid=Uid, project_key=Key)#查看项目是否完成
if CompilationStatus:
return JsonResponse({'message': "项目已经运行结束禁止修改其中内容!", 'code': 409, })
if ProjectStatus:
return JsonResponse({'message': "项目已经开启禁止修改,如需修改请停止运行!", 'code': 406, })
else:
Result=EmailProject().Updata(uid=Uid,
mail_message=base64.b64encode(str(MailMessage).encode('utf-8')).decode('utf-8'),
attachment=Attachment,
project_name=Name,
image=Image,
mail_title=base64.b64encode(str(MailTitle).encode('utf-8')).decode('utf-8'),
sender=base64.b64encode(str(Sender).encode('utf-8')).decode('utf-8'),
forged_address=base64.b64encode(str(ForgedAddress).encode('utf-8')).decode('utf-8'),
redis_id="",
project_key=Key,
end_time=EndTime,
goal_mailbox=GoalMailbox,#list(set(GoalMailbox)),#去重数据
interval=Interval)
if Result:
return JsonResponse({'message': "更新成功!", 'code': 200, })
else:
return JsonResponse({'message': "更新失败!", 'code': 507, })
else:
return JsonResponse({'message': "时间间隔太长了!", 'code': 506, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Email_EmailProject_Updata(def)", e)
return JsonResponse({'message': "未知错误(๑•̀ㅂ•́)و✧", 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def FilePack(request): # 下载所需文件打包
RequestLogRecord(request, request_api="file_acquisition_file_pack")
if request.method == "POST":
try:
FileList = json.loads(request.body)["file_list"] # 文件列表
UserToken = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
PackRedis = Pack.delay(Uid, FileList)
FileAcquisitionPack().Write(uid=Uid,
file_name="",
redis_id=PackRedis.task_id,
state="0") #下发任务
return JsonResponse({
'message': "任务下发成功(๑•̀ㅂ•́)و✧",
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_FileAcquisition_Receive_FilePack(def)", e)
return JsonResponse({
'message': '你不对劲!为什么报错了?',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def Query(request): #数据表格查询
RequestLogRecord(request, request_api="email_data_graph_query")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
ProjectKey = json.loads(request.body)["project_key"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="email_data_graph_query",
uid=Uid) # 查询到了在计入
Result = EmailGraph().Query(project_key=ProjectKey, uid=Uid)
return JsonResponse({
'message': ast.literal_eval(Result),
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_Email_Graph_Statistics(def)", e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def TrojanDataStatistical(request): #个人用户数据统计
RequestLogRecord(request, request_api="trojan_data_statistical")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="trojan_data_statistical",
uid=Uid)
Number = TrojanData().StatisticalData(uid=Uid) #获取当前用户的个数
return JsonResponse({
'message': Number,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_TrojanOrVirus_TrojanInterface_TrojanDataStatistical(def)",
e)
return JsonResponse({
'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def HTTPQuery(request): # 用于HTTP类型的DNSLOG数据查询
RequestLogRecord(request, request_api="http_domain_name_system_log")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
NumberOfPages = json.loads(request.body)["number_of_pages"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="http_domain_name_system_log",
uid=Uid) # 查询到了在计入
DomainNameSystemLogResult = DomainNameSystemLog().Query2HTTP(
number_of_pages=int(NumberOfPages)) # 对解析记录进行查询
return JsonResponse({
'message': DomainNameSystemLogResult,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_DomainNameSystemLog_Data_HTTPQuery(def)", e)
return JsonResponse({
'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def TrojanDataQuery(request): #个人用户免杀数据查询
RequestLogRecord(request, request_api="trojan_data_query")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
NumberOfPages = json.loads(request.body)["number_of_pages"] # 页数
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="trojan_data_query",
uid=Uid)
AntiAntiVirusDataResult = TrojanData().Query(
uid=Uid, number_of_pages=int(NumberOfPages)) # 获取当前用户的个数
return JsonResponse({
'message': AntiAntiVirusDataResult,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_TrojanOrVirus_TrojanInterface_TrojanDataQuery(def)", e)
return JsonResponse({
'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def ApplicationCollectionQuery(request): #APP收集统一查询接口
RequestLogRecord(request, request_api="application_collection_query")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="application_collection_query",
uid=Uid) # 查询到了在计入
ApplicationCollectionResult = ApplicationCollection().Query(
uid=Uid) #获取查询结果
return JsonResponse({
'message': ApplicationCollectionResult,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_ApplicationCollection_CollectionWork_ApplicationCollectionQuery(def)",
e)
return JsonResponse({
'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def StatisticalMailAttachment(request): #统计邮件附件个数
RequestLogRecord(request, request_api="statistical_mail_attachment")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="statistical_mail_attachment",
uid=Uid) # 查询到了在计入
StatisticalMailAttachmentResult = MailAttachment().Quantity(
uid=Uid)
return JsonResponse({
'message': StatisticalMailAttachmentResult,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_Mail_MailAttachment_StatisticalMailAttachment(def)", e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def UpdatePassword(request): #更新密码
RequestLogRecord(request, request_api="update_password")
if request.method == "POST":
try:
UserName = json.loads(request.body)["username"]
OldPasswd = json.loads(request.body)["old_passwd"]
NewPasswd = json.loads(request.body)["new_passwd"]
VerificationCodeKey = json.loads(
request.body)["verification_code_key"] #获取验证码关联的KEY
Code = json.loads(
request.body)["verification_code"].lower() #获取验证码
if VerificationCodeKey != None and Code != None: #判断传入数据不为空
VerificationCodeResult = VerificationCode().Query(
code=Code,
verification_code_key=VerificationCodeKey) #获取判断
if VerificationCodeResult: #如果为真,进行登录验证
Md5NewPasswd = Md5Encryption().Md5Result(
NewPasswd) # 对新密码加密
Md5OldPasswd = Md5Encryption().Md5Result(
OldPasswd) # 对旧密码加密
UpdatePassword = UserInfo().UpdatePasswd(
name=UserName,
old_passwd=Md5OldPasswd,
new_passwd=Md5NewPasswd)
if UpdatePassword:
UserOperationLogRecord(request,
request_api="update_password",
uid=UserName) #如果修改成功写入数据库中
return JsonResponse({
'message': '好耶!修改成功~',
'code': 200,
})
else:
return JsonResponse({
'message': "输入信息有误重新输入",
'code': 404,
})
else:
return JsonResponse({
'message': "验证码错误或者过期!",
'code': 503,
})
else:
return JsonResponse({
'message': "验证码或者验证码秘钥不能为空!",
'code': 504,
})
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_UpdatePassword(def)", e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def MarkdownImageUpload (request):#md文档专有上传位置
RequestLogRecord(request, request_api="markdown_image_upload")
Token =request.headers["token"]
if request.method == "POST":
try:
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="markdown_image_upload", uid=Uid) # 查询到了在计入
PictureData = request.FILES.get('file', None)#获取文件数据
if 1024<PictureData.size:#最小值1KB
SaveFileName=randoms().result(50)+str(int(time.time()))+".jpg"#重命名文件
SaveRoute=GetImageFilePath().Result()+SaveFileName#获得保存路径
with open(SaveRoute, 'wb') as f:
for line in PictureData:
f.write(line)
return JsonResponse({'message': SaveFileName, 'code': 200,})#返回上传图片名称
else:
return JsonResponse({'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)', 'code': 603,})
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CollaborationPlatform_Markdown_MarkdownImageUpload(def)", e)
return JsonResponse({'message': '你不对劲!为什么报错了?', 'code': 169,})
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def MarkdownDataComparison (request):#md文档数据对比
RequestLogRecord(request, request_api="markdown_data_comparison")
if request.method == "POST":
try:
UserToken = json.loads(request.body)["token"]
MarkdownData = json.loads(request.body)["new_markdown_data"]#传入新文本数据
MarkdownName = json.loads(request.body)["markdown_name"] # 传入文档名称
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="markdown_data_comparison", uid=Uid)
CheckPermissionsResult=MarkdownRelationship().CheckPermissions(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户
if CheckPermissionsResult:#如果属于该用户
MarkdownDataResult=MarkdownInfo().QueryMarkdownData(markdown_name=MarkdownName)#文件数据查询
if MarkdownDataResult==None:
MarkdownDataResult=""#如果数据库中无数据
OldMarkdownData=base64.b64decode(str(MarkdownDataResult).encode('utf-8')).decode('utf-8').splitlines()
NewMarkdownData=MarkdownData.splitlines()
ComparisonResult=difflib.HtmlDiff().make_file(OldMarkdownData,NewMarkdownData)#对比结果
return JsonResponse({'message': ComparisonResult, 'code': 200, })
else:
return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CollaborationPlatform_Markdown_MarkdownDataComparison(def)", e)
return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def NistSearch(request):#模糊搜索
RequestLogRecord(request, request_api="nist_search")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
NumberOfPages = json.loads(request.body)["number_of_pages"] # 页数
Severity = json.loads(request.body)["severity"] # 严重性等级
Key = json.loads(request.body)["key"] # 查询关键字
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="nist_search", uid=Uid) # 查询到了在计入
if int(NumberOfPages)<1:
return JsonResponse({'message': "你家有小于1的页码?", 'code': 503, })
elif Key=="":
return JsonResponse({'message': "咋了?查询不知道传数据吗?", 'code': 505, })
else:
Data= NistData().Search(number_of_pages=int(NumberOfPages),key=Key,severity=Severity) # 对查询分页数据
return JsonResponse({'message': Data, 'code': 200, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CVE_NistMonitoring_Nist_NistSearch(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def SubdomainSearch(request): # 子域名搜索函数
RequestLogRecord(request, request_api="subdomain_search")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Url = json.loads(request.body)["url"]
#后续还有其他配置等后面再说
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="subdomain_search",
uid=Uid) # 查询到了在计入
return JsonResponse({
'message': "任务下发成功(๑•̀ㅂ•́)و✧",
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法请求哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_Subdomain_UnifiedSchedulingOfSubdomains_SubdomainSearch(def)",
e)
return JsonResponse({
'message': "出现未知错误,详情看日志文件",
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def Statistics(request): #统计邮件获取到的数据
RequestLogRecord(request, request_api="email_receive_data_statistics")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
ProjectKey = json.loads(request.body)["project_key"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="email_receive_data_statistics",
uid=Uid) # 查询到了在计入
Result = EmailReceiveData().Statistics(project_key=ProjectKey)
return JsonResponse({
'message': Result,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_Email_ReceiveData_Statistics(def)", e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def UsageQuery(request): # 用于查询CPU和硬件的使用情况
RequestLogRecord(request, request_api="system_hardware_usage_query")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="system_hardware_usage_query",
uid=Uid) # 查询到了在计入
HardwareUsageRateResult = HardwareUsageRateInfo().Query(
) #对CPU和内存信息进行查询
return JsonResponse({
'message': HardwareUsageRateResult,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_SystemInfo_HardwareInfo_UsageQuery(def)", e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def Windows(request): # 用于提取保存文件后调用相应的处理函数
RequestLogRecord(request, request_api="windows_portable_execute_analysis")
if request.method == "POST":
try:
Token =request.headers["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="windows_portable_execute_analysis", uid=Uid) # 查询到了在计入
PictureData = request.FILES.get('file', None) # 获取文件数据
if 0>=PictureData.size:#判断是不是空文件
return JsonResponse({'message': "宝贝数据这么小的嘛?", 'code': 400, })
elif portable_execute_file_size < PictureData.size: #和配置文件中做对比
FileMd5 = hashlib.md5(PictureData).hexdigest() # 文件的MD5加密
FileSha1 = hashlib.sha1(PictureData).hexdigest() # 文件的sha1加密
FileSha256 = hashlib.sha256(PictureData).hexdigest() # 文件的sha256加密
SaveFileName = str(FileSha256)+"-"+str(int(time.time())) # 重命名文件
SaveRoute = GetAnalysisFileStoragePath().Result() + SaveFileName # 获得保存路径
with open(SaveRoute, 'wb') as f:
for line in PictureData:
f.write(line)
PortableExecute().Run(uid=Uid,md5=FileMd5,save_file_name=SaveFileName,sha1=FileSha1,sha256=FileSha256,path=SaveRoute)
#接下来调用处理函数,接着再调用删除函数
return JsonResponse({'message': "成功了", 'code': 200, })
else:
return JsonResponse({'message': "文件太大啦~(๑•̀ㅂ•́)و✧", 'code': 501, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_ToolsUtility_PortableExecute_Windows(def)", e)
return JsonResponse({'message': '自己去看报错日志!', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def CreateMarkdownProject(request):#用来创建markdown项目,目前只支持单用户,先用于测试
RequestLogRecord(request, request_api="create_markdown_project")
if request.method == "POST":
try:
UserToken = json.loads(request.body)["token"]
MarkdownProjectName = json.loads(request.body)["markdown_project_name"]#传入项目名称
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="create_markdown_project", uid=Uid)
while True: # 用来生成markdown文件名,防止重复
MarkdownName=randoms().result(250)#markdown文件名,随机生成
CheckName=MarkdownRelationship().CheckConflict(markdown_name=MarkdownName)
if not CheckName: # 如果不冲突的话跳出循环
break
while True: # 用来生成邀请码,防止重复
MarkdownProjectInvitationCode=randoms().result(50)#邀请码
CheckInvitationCode=MarkdownRelationship().CheckInvitationCode(MarkdownProjectInvitationCode=MarkdownProjectInvitationCode)
if not CheckInvitationCode: # 如果不冲突的话跳出循环
break
MarkdownRelationship().Write(markdown_name=MarkdownName,uid=Uid,markdown_project_name=MarkdownProjectName,markdown_project_owner="1",markdown_project_invitation_code=MarkdownProjectInvitationCode)
return JsonResponse({'message': "创建成功啦~玛卡玛卡~", 'code': 200, })
else:
return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CollaborationPlatform_Markdown_CreateMarkdownProject(def)", e)
return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def DeleteMarkdown (request):#删除文档项目
RequestLogRecord(request, request_api="delete_markdown")
if request.method == "POST":
try:
UserToken = json.loads(request.body)["token"]
MarkdownName = json.loads(request.body)["markdown_name"] # 传入文档名称
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="delete_markdown", uid=Uid)
ProjectBelongsResult=MarkdownRelationship().ProjectBelongs(markdown_name=MarkdownName,uid=Uid)#检查是否有权限,也就是说这个项目是否属于该用户
if ProjectBelongsResult:#检查项目所属
DeleteResult=MarkdownRelationship().Delete(markdown_name=MarkdownName,uid=Uid)#删除表格
if not DeleteResult:
return JsonResponse({'message': "项目删除错误", 'code': 171, })
else:
MarkdownInfo().Delete(markdown_name=MarkdownName) # 删除数据,有可能会有空数据的情况
return JsonResponse({'message': "项目删除成功~", 'code': 200, })
else:
return JsonResponse({'message': "小朋友不是你的东西别乱动哦~~", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CollaborationPlatform_Markdown_DeleteMarkdown(def)", e)
return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
#数据对比函数,以及关系表中多人相关数据
def UploadAvatar(request): #文件上传功能
RequestLogRecord(request, request_api="upload_avatar")
Token = request.headers["token"]
if request.method == "POST":
try:
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="upload_avatar",
uid=Uid) # 查询到了在计入
PictureData = request.FILES.get('file', None) #获取文件数据
if 10240 < PictureData.size: #最大值10MB,最小值10KB
SaveFileName = randoms().result(10) + str(int(
time.time())) + ".jpg" #重命名文件
SaveRoute = GetImageFilePath().Result(
) + SaveFileName #获得保存路径
with open(SaveRoute, 'wb') as f:
for line in PictureData:
f.write(line)
UserInfo().UpdateAvatar(avatar=SaveFileName,
uid=Uid) #图片写到本地后更新用户头像
return JsonResponse({
'message': SaveFileName,
'code': 200,
}) #返回上传图片名称
else:
return JsonResponse({
'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)',
'code': 603,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_UploadAvatar(def)", e)
return JsonResponse({
'message': '你不对劲!为什么报错了?',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def PersonalInformation(request): #用户个人信息
RequestLogRecord(request, request_api="user_info")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Info = UserInfo().QueryUserInfo(Token)
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询用户名
if Info is None:
return JsonResponse({
'message': '搁着闹呢?',
'code': 404,
})
elif Info != None and Uid != None:
UserOperationLogRecord(request,
request_api="user_info",
uid=Uid)
JsonValues = {} #对数据进行二次处理
JsonValues["id"] = Info["id"]
JsonValues["key"] = Info["key"]
JsonValues["name"] = Info["name"]
JsonValues["token"] = Info["token"]
JsonValues["show_name"] = Info["show_name"]
JsonValues["email"] = Info["email"]
JsonValues["avatar"] = Info["avatar"]
return JsonResponse({
'message': JsonValues,
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_BasicFunctions_User_PersonalInformation(def)", e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def SendUserMail(request): #发送邮件信息
RequestLogRecord(request, request_api="send_user_mail")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
MailMessage = json.loads(request.body)["mail_message"] # 文本内容
Attachment = json.loads(request.body)["attachment"] # 附件列表
Image = json.loads(request.body)["image"] # 获取内容图片
MailTitle = json.loads(request.body)["mail_title"] # 邮件标题
Sender = json.loads(request.body)["sender"] # 发送人姓名
GoalMailbox = json.loads(request.body)["goal_mailbox"] # 目标邮箱
ThirdParty = json.loads(request.body)["third_party"] # 判断是否是第三方服务器
ForgedAddress = json.loads(request.body)["forged_address"] # 伪造发件人
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="send_user_mail",
uid=Uid) # 查询到了在计入
SendMailForRedis = SendMail.delay(MailMessage, Attachment,
Image, MailTitle, Sender,
GoalMailbox, ThirdParty,
ForgedAddress) #调用下发任务
MaliciousEmail().Write(
uid=Uid,
mail_message=base64.b64encode(
str(MailMessage).encode('utf-8')).decode('utf-8'),
attachment=Attachment,
image=Image,
mail_title=base64.b64encode(
str(MailTitle).encode('utf-8')).decode('utf-8'),
sender=base64.b64encode(
str(Sender).encode('utf-8')).decode('utf-8'),
forged_address=base64.b64encode(
str(ForgedAddress).encode('utf-8')).decode('utf-8'),
redis_id=SendMailForRedis.task_id)
return JsonResponse({
'message': "任务下发成功~",
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_Mail_Eamil_SendUserMail(def)", e)
return JsonResponse({
'message': "未知错误(๑•̀ㅂ•́)و✧",
'code': 503,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def GenerateProject(request): #用来生成项目,并且生成文件和用户绑定
RequestLogRecord(request, request_api="create_cross_site_script_project")
if request.method == "POST":
try:
JavaScriptFileData = json.loads(
request.body)["javascript_data"] #获取前端传入的加密过的js文件数据
ProjectName = json.loads(request.body)["project_name"] #用户自定义的项目名
UserToken = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None and JavaScriptFileData != None: # 查到了UID,并且js数据不为空
UserOperationLogRecord(
request,
request_api="create_cross_site_script_project",
uid=Uid)
GetJavaScriptFilePath().Result() #获取js文件路径
while True: #如果查询确实冲突了
JavaScriptSaveFileName = randoms().result(5) #文件名
QueryJavaScriptSaveFileNameValidity = CrossSiteScriptProject(
).RepeatInvestigation(
file_name=JavaScriptSaveFileName) #判断文件是否重复
if not QueryJavaScriptSaveFileNameValidity: #如果不冲突的话跳出循环
break
JavaScriptSaveRoute = GetJavaScriptFilePath().Result(
) + JavaScriptSaveFileName # 获得保存路径
with open(JavaScriptSaveRoute, 'w+', encoding='UTF-8') as f:
f.write(
base64.b64decode(
str(JavaScriptFileData).encode('utf-8')).decode(
'utf-8')) #文件内容还要加密
CrossSiteScriptProject().Write(
file_name=JavaScriptSaveFileName,
uid=Uid,
project_name=ProjectName) #写到数据库表中
return JsonResponse({
'message': JavaScriptSaveFileName,
'code': 200,
}) #返回创建好的文件名
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_CrossSiteScriptHub_CrossSiteScript_GenerateProject(def)",
e)
return JsonResponse({
'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def CreateProxyScanProject(request): #创建代理扫描项目
RequestLogRecord(request, request_api="create_proxy_scan_project")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
ProxyProjectName = json.loads(request.body)["proxy_project_name"]
ProxyUsername = json.loads(request.body)["proxy_username"]
ProxyPassword = json.loads(request.body)["proxy_password"]
EndTime = json.loads(request.body)["end_time"]
Uid = UserInfo().QueryUidWithToken(Token) #通过Token来查用户
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="create_proxy_scan_project",
uid=Uid)
#还需要查询项目名是否冲突
QueryTheResultOfTheProxyProjectName = ProxyScanList(
).QueryProxyProjectName(
uid=Uid,
proxy_project_name=ProxyProjectName,
proxy_username=ProxyUsername) #进行代理扫描项目查询,判断是否已经存在该项目
if QueryTheResultOfTheProxyProjectName == False:
Md5ProxyPassword = Md5Encryption().Md5Result(
ProxyPassword) # 对密码进行MD5加密
ProxyScanList().Write(
uid=Uid,
end_time=EndTime,
proxy_project_name=ProxyProjectName,
proxy_username=ProxyUsername,
proxy_password=Md5ProxyPassword) #写入表中
return JsonResponse({
'message': '小宝贝!创建成功了呢~',
'code': 200,
})
else:
return JsonResponse({
'message': '代理扫描项目创建失败!',
'code': 503,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_BasicFunctions_ProxyScan_CreateProxyScanProject(def)", e)
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
#查询代理扫描项目
def Upload(request): #接收所需数据文件
RequestLogRecord(request, request_api="file_acquisition_receive")
Key = request.headers["Key"]
FileFullPath = request.headers["FileFullPath"]
UUID = request.headers["UUID"]
if request.method == "POST":
try:
Uid = UserInfo().QueryUidWithKey(Key) # 通过key来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="file_acquisition_receive",
uid=Uid) # 查询到了在计入
ReceiveData = request.FILES.get('file', None) #获取文件数据
ReceiveName = ReceiveData.name # 获取文件名
if 0 < ReceiveData.size <= file_acquisition_size_max: #内容不能为空,且不能操过最大值
SaveFileName = randoms().result(10) + str(
int(time.time())) #重命名文件
SaveRoute = FileAcquisitionPath().Result(
) + SaveFileName #获得保存路径
with open(SaveRoute, 'wb') as f:
for line in ReceiveData:
f.write(line)
FileAcquisitionData().Write(uid=Uid,
file_full_path=FileFullPath,
old_file_name=ReceiveName,
file_size=ReceiveData.size,
new_file_name=SaveFileName,
target_machine=UUID)
return JsonResponse({
'message': "ok",
'code': 200,
})
else:
return JsonResponse({
'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)',
'code': 603,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_FileAcquisition_Receive_Upload(def)", e)
return JsonResponse({
'message': '你不对劲!为什么报错了?',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def ModifyProject(request): # 用来修改XSS项目中的数据
RequestLogRecord(request, request_api="modify_cross_site_script_project")
if request.method == "POST":
try:
ProjectAssociatedFileName = json.loads(
request.body)["project_associated_file_name"] #传入项目生成的文件名
ProjectAssociatedFileData = json.loads(
request.body)["project_associated_file_data"] #传入base64加密后的数据
UserToken = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="modify_cross_site_script_project",
uid=Uid)
AuthorityCheck = CrossSiteScriptProject().AuthorityCheck(
uid=Uid, file_name=ProjectAssociatedFileName
) # 用来校检CrossSiteScript数据库中文件名和UID相对应
if AuthorityCheck: #判断文件是属于该用户,如果属于的话就对文件进行修改
JavaScriptFilePath = GetJavaScriptFilePath().Result(
) + ProjectAssociatedFileName #获取文件位置
with open(JavaScriptFilePath, 'w+', encoding='UTF-8') as f:
f.write(
base64.b64decode(
str(ProjectAssociatedFileData).encode(
'utf-8')).decode('utf-8')) # 文件内容还要解密
return JsonResponse({
'message': "文件内容覆盖成功~",
'code': 200,
})
else:
return JsonResponse({
'message': "你没有查询这个项目的权限哦宝贝~",
'code': 404,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write(
"Web_CrossSiteScriptHub_CrossSiteScript_ModifyProject(def)", e)
return JsonResponse({
'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def Initialization(request): #用于初始化获取基础信息
RequestLogRecord(request, request_api="system_hardware_initialization")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(
request,
request_api="system_hardware_initialization",
uid=Uid) # 查询到了在计入
MemoryInfo = psutil.virtual_memory() # 获取完整内存信息
SystemInfo = platform.platform()
SystemName = platform.system()
SystemType = platform.machine()
UserName = platform.node()
CentralProcessingUnitArchitecture = platform.processor()
ServerStartTime = str(int(psutil.boot_time())) # 获取服务器启动时间
MemoryTotal = MemoryInfo.total # 系统内存总数
CentralProcessingUnitCount = psutil.cpu_count() # cpu核数
return JsonResponse({
'message': {
"central_processing_unit_architecture":
CentralProcessingUnitArchitecture,
"system_info": SystemInfo,
"server_start_time": ServerStartTime,
"system_name": SystemName,
"system_type": SystemType,
"user_name": UserName,
"memory_total": MemoryTotal,
"central_processing_unit_count":
CentralProcessingUnitCount
},
'code': 200,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_SystemInfo_HardwareInfo_Initialization(def)",
e)
return JsonResponse({
'message': '自己去看报错日志!',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
