Exemplo n.º 1
0
def Query(request):  # 用于查询DNSLOG数据
    RequestLogRecord(request, request_api="domain_name_system_log")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            NumberOfPages = json.loads(request.body)["number_of_pages"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="domain_name_system_log",
                                       uid=Uid)  # 查询到了在计入
                DomainNameSystemLogResult = DomainNameSystemLog().Query(
                    number_of_pages=int(NumberOfPages))  #对解析记录进行查询
                return JsonResponse({
                    'message': DomainNameSystemLogResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_DomainNameSystemLog_DomainNameSystemData_Query(def)", e)
            return JsonResponse({
                'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 2
0
def ReadTemplate(request):  #用读取数据库中模板文件
    RequestLogRecord(request, request_api="read_cross_site_script_template")
    if request.method == "POST":
        try:
            UserToken = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(
                    request,
                    request_api="read_cross_site_script_template",
                    uid=Uid)
                TemplateData = CrossSiteScriptTemplate().Query(
                    uid=Uid)  #查询用户自定义的模板数据
                return JsonResponse({
                    'message': TemplateData,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_CrossSiteScriptHub_TemplateManagement_ReadTemplate(def)",
                e)
            return JsonResponse({
                'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 3
0
Arquivo: User.py Projeto: sXOR/Medusa
def PersonalInformation(request):#用户个人信息
    RequestLogRecord(request, request_api="personal_information")
    if request.method == "POST":
        try:
            Token=json.loads(request.body)["token"]
            Info=UserInfo().QueryUserInfo(Token)
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询用户名
            if Uid!=None: # 查到了UID
                UserOperationLogRecord(request, request_api="personal_information", uid=Uid)
            if Info is None:
                return JsonResponse({'message': '搁着闹呢?', 'code': 404, })
            elif Info != None:
                JsonValues = {}#对数据进行二次处理
                JsonValues["id"] = Info["id"]
                JsonValues["key"] = Info["key"]
                JsonValues["name"] = Info["name"]
                JsonValues["token"] = Info["token"]
                JsonValues["show_name"] = Info["show_name"]
                JsonValues["email"] = Info["email"]
                JsonValues["avatar"] = Info["avatar"]
                return JsonResponse({'message': JsonValues, 'code': 200, })


        except Exception as e:
            ErrorLog().Write("Web_Api_User_PersonalInformation(def)", e)
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 4
0
def UpdateKey(request):  #更新Key
    RequestLogRecord(request, request_api="update_key")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            NewKey = randoms().result(40)  #生成随机的key,有可能会重复,这边先暂时不管了,这概论太j8低了
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="update_key",
                                       uid=Uid)  # 查询到了在计入
                UpdateKeyResult = UserInfo().UpdateKey(uid=Uid,
                                                       key=NewKey)  #获取值查看是否成功
                if UpdateKeyResult:
                    return JsonResponse({
                        'message': '呐呐呐呐!修改成功了呢~',
                        'code': 200,
                    })
                else:
                    return JsonResponse({
                        'message': "输入信息有误重新输入",
                        'code': 404,
                    })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write("Web_BasicFunctions_User_UpdateKey(def)", e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 5
0
def QueryMarkdownProject(request):  #用来查询用户所有的项目信息
    RequestLogRecord(request, request_api="query_markdown_project")
    if request.method == "POST":
        try:
            UserToken = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="query_markdown_project",
                                       uid=Uid)

                QueryResult = MarkdownRelationship().Query(uid=Uid)  #查询的结果返回
                return JsonResponse({
                    'message': QueryResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非操作哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_CollaborationPlatform_Markdown_QueryMarkdownProject(def)",
                e)
            return JsonResponse({
                'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 6
0
def NistStatistics(request):  #对当前的CVE个数进行统计
    RequestLogRecord(request, request_api="nist_statistics")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="nist_statistics",
                                       uid=Uid)  # 查询到了在计入
                SearchResult = NistData().StatisticalData()  #统计的个数
                return JsonResponse({
                    'message': SearchResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_CommonVulnerabilitiesAndExposuresMonitor_VulnerabilityNumberMonitoring_Nist_NistStatistics(def)",
                e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 7
0
def GithubQuery(request):  #查询github监控数据
    RequestLogRecord(request, request_api="github_monitor")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="github_monitor",
                                       uid=Uid)  # 查询到了在计入
                GithubMonitorResult = GithubCveApi().Query()  #获取github数据
                return JsonResponse({
                    'message': GithubMonitorResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_CommonVulnerabilitiesAndExposuresMonitor_VulnerabilityUtilizationMonitoring_Github_GithubQuery(def)",
                e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 8
0
def Query(request):  #数据表格查询
    RequestLogRecord(request, request_api="email_data_graph_query")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            ProjectKey = json.loads(request.body)["project_key"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="email_data_graph_query",
                                       uid=Uid)  # 查询到了在计入
                Result = EmailGraph().Query(project_key=ProjectKey, uid=Uid)
                return JsonResponse({
                    'message': ast.literal_eval(Result),
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write("Web_Email_Graph_Statistics(def)", e)
            return JsonResponse({
                'message': '自己去看报错日志!',
                'code': 169,
            })

    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 9
0
def UpdatePassword(request):  #更新密码
    RequestLogRecord(request, request_api="update_password")
    if request.method == "POST":
        try:
            UserName = json.loads(request.body)["username"]
            OldPasswd = json.loads(request.body)["old_passwd"]
            NewPasswd = json.loads(request.body)["new_passwd"]
            UpdatePassword = UserInfo().UpdatePasswd(name=UserName,
                                                     old_passwd=OldPasswd,
                                                     new_passwd=NewPasswd)
            if UpdatePassword:
                UserOperationLogRecord(request,
                                       request_api="login",
                                       uid=UserName)  #如果修改成功写入数据库中
                return JsonResponse({
                    'message': '修改成功~',
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "输入信息有误重新输入",
                    'code': 404,
                })
        except Exception as e:
            ErrorLog().Write("Web_Api_User_UpdatePassword(def)", e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 10
0
def ScanInformationQuery(request):  #查询关系表
    RequestLogRecord(request, request_api="scan_information_query")
    if request.method == "POST":
        try:
            UserToken = json.loads(request.body)["token"]
            ActiveScanId = json.loads(request.body)["active_scan_id"]
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="scan_information_query",
                                       uid=Uid)
                MedusaQueryResult = ScanInformation().Query(
                    uid=Uid, active_scan_id=ActiveScanId)
                if MedusaQueryResult != None:
                    return JsonResponse({
                        'message': MedusaQueryResult,
                        'code': 200,
                    })
                else:
                    return JsonResponse({
                        'message': '数据库炸了BOOM~🐈',
                        'code': 404,
                    })
        except Exception as e:
            ErrorLog().Write(
                "Web_Api_VulnerabilityQuery_ScanInformationQuery(def)", e)
            return JsonResponse({
                'message': '莎酱被玩坏啦ヽ(・ω・´メ)',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 11
0
def Statistics(request):  #统计邮件获取到的数据
    RequestLogRecord(request, request_api="email_receive_data_statistics")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            ProjectKey = json.loads(request.body)["project_key"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(
                    request,
                    request_api="email_receive_data_statistics",
                    uid=Uid)  # 查询到了在计入
                Result = EmailReceiveData().Statistics(project_key=ProjectKey)
                return JsonResponse({
                    'message': Result,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write("Web_Email_ReceiveData_Statistics(def)", e)
            return JsonResponse({
                'message': '自己去看报错日志!',
                'code': 169,
            })

    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 12
0
def ActiveScanListQuery(request):  #主动扫描列表查询
    RequestLogRecord(request, request_api="active_scan_list_query")
    if request.method == "POST":
        try:
            UserToken = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="active_scan_list_query",
                                       uid=Uid)
                ActiveScanListQueryResult = ActiveScanList().Query(uid=Uid)
                if ActiveScanListQueryResult != None:
                    return JsonResponse({
                        'message': ActiveScanListQueryResult,
                        'code': 200,
                    })
                else:
                    return JsonResponse({
                        'message': '数据库出问题了🐈',
                        'code': 404,
                    })
        except Exception as e:
            ErrorLog().Write(
                "Web_Api_VulnerabilityQuery_ActiveScanListQuery(def)", e)
            return JsonResponse({
                'message': '莎酱被玩坏啦(>^ω^<)喵',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 13
0
def MedusaValueQuery(request):  #查询单个漏洞
    RequestLogRecord(request, request_api="medusa_query")
    if request.method == "POST":
        try:
            UserToken = json.loads(request.body)["token"]
            ScanInfoId = json.loads(request.body)["scan_info_id"]
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="medusa_query",
                                       uid=Uid)
                MedusaQueryResult = MedusaQuery().Query(
                    uid=Uid, scan_info_id=ScanInfoId)
                if MedusaQueryResult != None:
                    return JsonResponse({
                        'message': MedusaQueryResult,
                        'code': 200,
                    })
                else:
                    return JsonResponse({
                        'message': '数据库GG了🐈',
                        'code': 404,
                    })
        except Exception as e:
            ErrorLog().Write(
                "Web_Api_VulnerabilityQuery_MedusaValueQuery(def)", e)
            return JsonResponse({
                'message': '莎酱被玩坏啦ヾ(=・ω・=)o',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 14
0
def Statistics(request):  #对当前整体数据进行统计
    RequestLogRecord(request, request_api="domain_name_system_log_statistics")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(
                    request,
                    request_api="domain_name_system_log_statistics",
                    uid=Uid)  # 查询到了在计入
                SearchResult = DomainNameSystemLog().StatisticalData()  #统计的个数
                return JsonResponse({
                    'message': SearchResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_DomainNameSystemLog_DomainNameSystemData_Statistics(def)",
                e)
            return JsonResponse({
                'message': "呐呐呐!莎酱被玩坏啦(>^ω^<)",
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 15
0
def FishingDataStatistics(request):  #统计钓鱼获取到的数据
    RequestLogRecord(request, request_api="fishing_data_statistics")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            RequestKey = json.loads(request.body)["request_key"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="fishing_data_statistics",
                                       uid=Uid)  # 查询到了在计入
                Result = FishingData().Quantity(request_key=RequestKey)
                return JsonResponse({
                    'message': Result,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write("Web_Mail_FishingData_FishingDataStatistics(def)",
                             e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 16
0
def Scan(request):
    RequestLogRecord(request, request_api="vulnerability_scanning")
    if request.method == "POST":
        try:
            ReceiveData=json.loads(request.body)
            ScanUrl=ReceiveData["url"]
            ScanToken= ReceiveData["token"]
            ScanModule = ReceiveData["module"]
            ScanProcess = ReceiveData["process"]
            ScanAgentHeader = ReceiveData["header"]
            ScanProxy = ReceiveData["proxy"]
            if ScanProxy==0:#如果传入0表示关闭该功能
                ScanProxy=None

            if type(ScanProcess)==int:#判断类型
                Uid=UserInfo().QueryUidWithToken(ScanToken)#如果登录成功后就来查询用户名
                if Uid!=None:
                    UserOperationLogRecord(request, request_api="vulnerability_scanning", uid=Uid)
                    ActiveScanId=ActiveScanList().Write(uid=Uid,url=ScanUrl,proxy=ScanProxy,status=0,module=ScanModule,process=ScanProcess)#写入用户关系表,然后返回sid下发给任务
                    RedisActiveScanTask= MedusaScan.delay(ScanUrl,ScanModule,ScanProcess,ScanAgentHeader,ScanProxy,Uid=Uid,ActiveScanId=ActiveScanId)#调用扫描处理函数
                    ActiveScanList().UpdateRedisId(uid=Uid,active_scan_id=ActiveScanId,redis_id=RedisActiveScanTask.task_id)
                    return JsonResponse({'message': '任务下发成功👌', 'code': 200, })
                else:
                    return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })

            else:
                return JsonResponse({'message': '类型错误!', 'code': 666, })

        except Exception as e:
            ErrorLog().Write("Web_Api_VulnerabilityQuery_ActiveScanListQuery(def)", e)
            return JsonResponse({'message': '莎酱被玩坏掉嘞QAQ', 'code': 169, })
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 17
0
def GithubMonitor(request):  #查询github监控数据
    RequestLogRecord(request, request_api="github_monitor")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="github_monitor",
                                       uid=Uid)  # 查询到了在计入
                GithubMonitorResult = GithubCveApi().Query()  #获取github数据
                return JsonResponse({
                    'message': GithubMonitorResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "非法查询哦宝贝!",
                    'code': 404,
                })
        except Exception as e:
            ErrorLog().Write("Web_Api_User_UpdateShowName(def)", e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 18
0
def GithubSearch(request):  #搜索数据接口
    RequestLogRecord(request, request_api="github_monitor_search")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            Name = json.loads(request.body)["name"]  #查询值
            NumberOfPages = json.loads(request.body)["number_of_pages"]  # 页数
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="github_monitor_search",
                                       uid=Uid)  # 查询到了在计入
                Data = {}  # 最终包含个数和当前页数数据
                Data["amount"] = GithubCveApi().SearchStatistics(name=Name)
                Data["data"] = GithubCveApi().Search(
                    name=Name, number_of_pages=int(NumberOfPages))  # 模糊搜索
                return JsonResponse({
                    'message': Data,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_CommonVulnerabilitiesAndExposuresMonitor_VulnerabilityUtilizationMonitoring_Github_GithubSearch(def)",
                e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 19
0
def NistDataDetailedQuery(request):  #查询单个CVE细节数据
    RequestLogRecord(request, request_api="nist_data_detailed_query")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            CommonVulnerabilitiesAndExposures = json.loads(
                request.body)["common_vulnerabilities_and_exposures"]  #CVE编号
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="nist_data_detailed_query",
                                       uid=Uid)  # 查询到了在计入
                SearchResult = NistData().DetailedQuery(
                    common_vulnerabilities_and_exposures=
                    CommonVulnerabilitiesAndExposures)  #获取数据
                return JsonResponse({
                    'message': SearchResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_CommonVulnerabilitiesAndExposuresMonitor_VulnerabilityNumberMonitoring_Nist_NistDataDetailedQuery(def)",
                e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 20
0
def GenerateVerificationCode(request):  #生成验证码函数
    RequestLogRecord(request, request_api="get_verification_code")
    if request.method == "GET":
        try:
            RandomVerificationCode = randoms().LowercaseAndNumbers(
                6)  #获取小写的字符串
            RandomVerificationCodeKey = randoms().result(250)  #生成验证码相关联的key
            PictureBitstream = ImageCaptcha().generate(
                RandomVerificationCode).read()  #获取图片比特流
            VerificationCode().Write(
                code=RandomVerificationCode,
                verification_code_key=RandomVerificationCodeKey)  #把值写入到数据库中
            Result = HttpResponse(PictureBitstream)  #把图片比特流复制给返回包
            Result[
                'VerificationCodeKey'] = RandomVerificationCodeKey  #把值传到返回包的头中
            Result[
                'Access-Control-Expose-Headers'] = "VerificationCodeKey"  #添加头内容保证前端能够获取到值
            return Result
        except Exception as e:
            ErrorLog().Write(
                "Web_BasicFunctions_VerificationCode_GenerateVerificationCode(def)",
                e)
            return JsonResponse({
                'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用GET请求',
            'code': 500,
        })
Exemplo n.º 21
0
def UpdateShowName(request):  #更新显示名字
    RequestLogRecord(request, request_api="update_show_name")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            NewShowName = json.loads(request.body)["new_show_name"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="update_show_name",
                                       uid=Uid)  # 查询到了在计入
                UpdateShowNameResult = UserInfo().UpdateShowName(
                    uid=Uid, show_name=NewShowName)  #获取值查看是否成功
                if UpdateShowNameResult:
                    return JsonResponse({
                        'message': '好诶!修改成功~',
                        'code': 200,
                    })
                else:
                    return JsonResponse({
                        'message': "输入信息有误重新输入",
                        'code': 404,
                    })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write("Web_BasicFunctions_User_UpdateShowName(def)", e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 22
0
def Initialization(request):#用于初始化获取基础信息
    RequestLogRecord(request, request_api="system_hardware_initialization")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request, request_api="system_hardware_initialization", uid=Uid)  # 查询到了在计入
                MemoryInfo = psutil.virtual_memory()  # 获取完整内存信息
                SystemInfo=platform.platform()
                SystemName=platform.system()
                SystemType=platform.machine()
                UserName= platform.node()
                CentralProcessingUnitArchitecture=platform.processor()
                ServerStartTime = str(int(psutil.boot_time()))  # 获取服务器启动时间
                MemoryTotal = MemoryInfo.total  # 系统内存总数
                CentralProcessingUnitCount = psutil.cpu_count()  # cpu核数
                return JsonResponse({'message': {"central_processing_unit_architecture":CentralProcessingUnitArchitecture,
                                                "system_info":SystemInfo,
                                                 "server_start_time":ServerStartTime,
                                                 "system_name":SystemName,
                                                 "system_type":SystemType,
                                                 "user_name":UserName,
                                                 "memory_total":MemoryTotal,
                                                 "central_processing_unit_count":CentralProcessingUnitCount},'code': 200,})
            else:
                return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
        except Exception as e:
            ErrorLog().Write("Web_SystemInfo_HardwareInfo_Initialization(def)", e)
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 23
0
def Linux(request):  # 用于提取保存文件后调用相应的处理函数
    RequestLogRecord(request, request_api="linux_executable_linkable_format_analysis")
    if request.method == "POST":
        try:
            Token =request.headers["token"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request, request_api="linux_executable_linkable_format_analysis", uid=Uid)  # 查询到了在计入
                PictureData = request.FILES.get('file', None)  # 获取文件数据
                if 0>=PictureData.size:#判断是不是空文件
                    return JsonResponse({'message': "宝贝数据这么小的嘛?", 'code': 400, })
                elif portable_execute_file_size < PictureData.size:  #和配置文件中做对比
                    SaveFileName = str(int(time.time()))   # 重命名文件
                    SaveRoute = GetAnalysisFileStoragePath().Result() + SaveFileName  # 获得保存路径
                    with open(SaveRoute, 'wb') as f:
                        for line in PictureData:
                            f.write(line)
                    #接下来调用处理函数,接着再调用删除函数
                    return JsonResponse({'message': "成功了", 'code': 200, })
                else:
                    return JsonResponse({'message': "文件太大啦~(๑•̀ㅂ•́)و✧", 'code': 501, })
            else:
                return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
        except Exception as e:
            ErrorLog().Write("Web_ToolsUtility_ExecutableLinkableFormat_Linux(def)", e)
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 24
0
def UsageQuery(request):  # 用于查询CPU和硬件的使用情况
    RequestLogRecord(request, request_api="system_hardware_usage_query")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(
                    request,
                    request_api="system_hardware_usage_query",
                    uid=Uid)  # 查询到了在计入
                HardwareUsageRateResult = HardwareUsageRateInfo().Query(
                )  #对CPU和内存信息进行查询
                return JsonResponse({
                    'message': HardwareUsageRateResult,
                    'code': 200,
                })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write("Web_SystemInfo_HardwareInfo_Initialization(def)",
                             e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 25
0
def SaveMarkdownData(request):  #用来保存协同作战数据
    RequestLogRecord(request, request_api="save_markdown_data")
    if request.method == "POST":
        try:
            UserToken = json.loads(request.body)["token"]
            MarkdownData = json.loads(request.body)["markdown_data"]  #传入保存的数据
            MarkdownName = json.loads(request.body)["markdown_name"]  #传入文档名称
            MarkdownDataToBast64 = base64.b64encode(
                str(MarkdownData).encode('utf-8')).decode(
                    'utf-8')  #转换成base64的数据
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="save_markdown_data",
                                       uid=Uid)
                CheckPermissionsResult = MarkdownRelationship(
                ).CheckPermissions(markdown_name=MarkdownName,
                                   uid=Uid)  #检查是否有权限,也就是说这个项目是否属于该用户
                if CheckPermissionsResult:  #如果属于该用户
                    CheckConflictResult = MarkdownInfo().CheckConflict(
                        markdown_name=MarkdownName)  #检查数据库这个文件是否存在
                    if CheckConflictResult:  #如果文件已经有数据了
                        if not MarkdownInfo().Update(
                                markdown_name=MarkdownName,
                                markdown_data=MarkdownDataToBast64
                        ):  #就对数据进行更新,接着判断更新返回值
                            return JsonResponse({
                                'message': "保存失败~玛卡巴卡~~",
                                'code': 503,
                            })
                    else:  #如果没有数据
                        MarkdownInfo().Write(
                            markdown_name=MarkdownName,
                            markdown_data=MarkdownDataToBast64)  #就对数据进行写入
                    return JsonResponse({
                        'message': "保存成功啦~阿巴阿巴~",
                        'code': 200,
                    })
                else:
                    return JsonResponse({
                        'message': "小朋友不是你的东西别乱动哦~~",
                        'code': 404,
                    })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write(
                "Web_CollaborationPlatform_Markdown_SaveMarkdownData(def)", e)
            return JsonResponse({
                'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemplo n.º 26
0
def GenerateProject(request):#用来生成项目,并且生成文件和用户绑定
    RequestLogRecord(request, request_api="create_cross_site_script_project")
    if request.method == "POST":
        try:
            JavaScriptFileData = json.loads(request.body)["javascript_data"]#获取前端传入的加密过的js文件数据
            ProjectName = json.loads(request.body)["project_name"]#项目名
            UserToken = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None and JavaScriptFileData!=None:  # 查到了UID,并且js数据不为空
                UserOperationLogRecord(request, request_api="create_cross_site_script_project", uid=Uid)
                GetJavaScriptFilePath().Result()#获取js文件路径
                while True:#如果查询确实冲突了
                    JavaScriptSaveFileName=randoms().result(5)#文件名
                    QueryJavaScriptSaveFileNameValidity = CrossSiteScriptProject().RepeatInvestigation(file_name=JavaScriptSaveFileName)#判断文件是否重复
                    if not QueryJavaScriptSaveFileNameValidity:#如果不冲突的话跳出循环
                        break
                JavaScriptSaveRoute = GetJavaScriptFilePath().Result() + JavaScriptSaveFileName  # 获得保存路径
                with open(JavaScriptSaveRoute, 'wb') as f:
                    f.write(base64.b64decode(str(JavaScriptFileData).encode('utf-8')))#文件内容还要加密
                CrossSiteScriptProject().Write(file_name=JavaScriptSaveFileName,uid=Uid,project_name=ProjectName)#写到数据库表中
                return JsonResponse({'message': "欧拉欧拉欧拉欧拉欧拉欧拉欧拉欧拉(๑•̀ㅂ•́)و✧", 'code': 200, })
            else:
                return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
        except Exception as e:
            ErrorLog().Write("Web_CrossSiteScriptHub_CrossSiteScript_GenerateProject(def)", e)
            return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 27
0
Arquivo: User.py Projeto: sXOR/Medusa
def Login(request):#用户登录,每次登录成功都会刷新一次Token
    RequestLogRecord(request, request_api="login")
    if request.method == "POST":
        try:
            Username=json.loads(request.body)["username"]
            Passwd=json.loads(request.body)["passwd"]
            Md5Passwd=Md5Encryption().Md5Result(Passwd)#对密码加密
            UserLogin=UserInfo().UserLogin(Username,Md5Passwd)
            if UserLogin is None:
                return JsonResponse({'message': '账号或密码错误', 'code': 604, })

            else:
                while True:#如果查询确实冲突了
                    Token = randoms().result(250)
                    QueryTokenValidity = UserInfo().QueryTokenValidity(Token)#用来查询Token是否冲突了
                    if not QueryTokenValidity:#如果不冲突的话跳出循环
                        break
                UpdateToken=UserInfo().UpdateToken(name=Username, token=Token)#接着更新Token
                if UpdateToken:#如果更新成功了
                    Uid = UserInfo().QueryUidWithToken(Token)  # 查询UID
                    UserOperationLogRecord(request, request_api="login", uid=Uid)
                    return JsonResponse({'message': Token, 'code': 200, })
        except Exception as e:
            ErrorLog().Write("Web_Api_User_LogIn(def)", e)
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 28
0
def Scan(request):
    RequestLogRecord(request, request_api="scan")
    if request.method == "POST":
        try:
            ReceiveData=json.loads(request.body)
            ScanUrl=ReceiveData["url"]
            ScanToken= ReceiveData["token"]
            ScanModule = ReceiveData["module"]
            ScanThreads = ReceiveData["threads"]
            ScanAgentHeader = ReceiveData["header"]
            ScanProxy = ReceiveData["proxy"]
            if type(ScanThreads)==int:#判断类型
                TokenQueryReturnValue=UserInfo().TokenAuthentication(token=ScanToken)
                if TokenQueryReturnValue:#如果Token存在
                    UserName=UserInfo().QueryUserNameWithToken(ScanToken)#如果登录成功后就来查询用户名
                    UserOperationLogRecord(request, request_api="scan", uid=UserName)
                    if UserName!=None:
                        Sid=ActiveScanList().Write(uid=UserName,url=ScanUrl,proxy=ScanProxy,status=0,module=ScanModule,threads=ScanThreads)#写入用户关系表,然后返回sid下发给任务
                        MedusaScan.delay(ScanUrl,ScanModule,ScanThreads,ScanAgentHeader,ScanProxy,Uid=UserName,Sid=Sid)#调用扫描处理函数
                        return JsonResponse({'message': '任务下发成功👌', 'code': 200, })
                    else:
                        return JsonResponse({'message': '诶诶诶诶???怎么会查不到用户名呢????', 'code': 404, })
                else:
                    return JsonResponse({'message': '请登录获取令牌秘钥~', 'code': 404, })
            else:
                return JsonResponse({'message': '类型错误!', 'code': 500, })

        except:
            return JsonResponse({'message': '请求不合法!', 'code': 500, })
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 29
0
Arquivo: User.py Projeto: sXOR/Medusa
def UploadAvatar(request):#文件上传功能
    RequestLogRecord(request, request_api="upload_avatar")
    Token =request.headers["token"]
    if request.method == "POST":
        try:
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request, request_api="upload_avatar", uid=Uid)  # 查询到了在计入
                PictureData = request.FILES.get('file', None)#获取文件数据
                if 10240<PictureData.size:#最大值10MB,最小值10KB
                    SaveFileName=randoms().result(10)+str(int(time.time()))+".jpg"#重命名文件
                    SaveRoute=GetImageFilePath().Result()+SaveFileName#获得保存路径
                    with open(SaveRoute, 'wb') as f:
                        for line in PictureData:
                            f.write(line)
                    UserInfo().UpdateAvatar(avatar=SaveFileName,uid=Uid)#图片写到本地后更新用户头像
                    return JsonResponse({'message': SaveFileName, 'code': 200,})#返回上传图片名称
                else:
                    return JsonResponse({'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)',  'code': 603,})
            else:
                return JsonResponse({'message': '宝贝没有用户你要插到哪里去呢?', 'code': 404, })
        except Exception as e:
            ErrorLog().Write("Web_Api_User_UploadAvatar(def)", e)
            return JsonResponse({'message': '你不对劲!为什么报错了?',  'code': 169,})
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemplo n.º 30
0
def UpdatePassword(request):#更新密码
    RequestLogRecord(request, request_api="update_password")
    if request.method == "POST":
        try:
            UserName=json.loads(request.body)["username"]
            OldPasswd=json.loads(request.body)["old_passwd"]
            NewPasswd = json.loads(request.body)["new_passwd"]
            VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
            Code = json.loads(request.body)["verification_code"].lower()#获取验证码

            if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
                VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
                if VerificationCodeResult:#如果为真,进行登录验证
                    Md5NewPasswd = Md5Encryption().Md5Result(NewPasswd)  # 对新密码加密
                    Md5OldPasswd = Md5Encryption().Md5Result(OldPasswd)  # 对旧密码加密
                    UpdatePassword=UserInfo().UpdatePasswd(name=UserName,old_passwd=Md5OldPasswd,new_passwd=Md5NewPasswd)
                    if UpdatePassword:
                        UserOperationLogRecord(request, request_api="update_password", uid=UserName)#如果修改成功写入数据库中
                        return JsonResponse({'message': '好耶!修改成功~', 'code': 200, })
                    else:
                        return JsonResponse({'message': "输入信息有误重新输入", 'code': 404, })
                else:
                    return JsonResponse({'message': "验证码错误或者过期!", 'code': 503, })
            else:
                return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 504, })
        except Exception as e:
            ErrorLog().Write("Web_BasicFunctions_User_UpdatePassword(def)", e)
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })