Пример #1
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         rport = int(request.query_params.get('rport', None))
     except Exception as _:
         rport = None
     try:
         lport = int(request.query_params.get('lport', None))
     except Exception as _:
         lport = None
     try:
         sessionid = int(request.query_params.get('sessionid', None))
     except Exception as _:
         sessionid = None
     try:
         lhost = request.query_params.get('lhost', None)
         rhost = request.query_params.get('rhost', None)
         portfwdtype = str(request.query_params.get('type', None))
         context = PortFwd.destory(portfwdtype=portfwdtype,
                                   rport=rport, lport=lport,
                                   lhost=lhost, rhost=rhost,
                                   sessionid=sessionid)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #2
0
 def add_or_update(hid=None,
                   port=None,
                   proxy=None,
                   banner=None,
                   service=None):
     default_dict = {
         'hid': hid,
         'proxy': proxy,
         'port': port,
         'banner': banner,
         'service': service,
         'update_time': int(time.time())
     }  # 没有此主机数据时新建
     model, created = PortServiceModel.objects.get_or_create(
         hid=hid, port=port, defaults=default_dict)
     if created is True:
         return True  # 新建后直接返回
     # 有历史数据
     with transaction.atomic():
         try:
             model = PortServiceModel.objects.select_for_update().get(
                 hid=hid, port=port)
             model.proxy = proxy
             model.banner = banner
             model.service = service
             model.save()
             return True
         except Exception as E:
             logger.error(E)
             return False
Пример #3
0
 def create(self, request, **kwargs):
     moduletype = request.data.get('moduletype', None)
     if moduletype is None:  # 默认模块
         try:
             sessionid = int(request.data.get('sessionid', None))
             ipaddress = request.data.get('ipaddress', None)
             loadpath = str(request.data.get('loadpath', None))
             custom_param = str(request.data.get('custom_param', None))
             context = PostModuleActuator.create_post(
                 loadpath=loadpath,
                 sessionid=sessionid,
                 ipaddress=ipaddress,
                 custom_param=custom_param)
         except Exception as E:
             logger.error(E)
             context = data_return(500, CODE_MSG.get(500), {})
         return Response(context)
     elif moduletype == "Bot":
         try:
             ipportlist = request.data.get('ipportlist', None)
             loadpath = str(request.data.get('loadpath', None))
             custom_param = str(request.data.get('custom_param', None))
             context = PostModuleActuator.create_bot(
                 ipportlist=ipportlist,
                 loadpath=loadpath,
                 custom_param=custom_param)
         except Exception as E:
             logger.error(E)
             context = data_return(500, CODE_MSG.get(500), {})
         return Response(context)
     else:
         context = data_return(500, CODE_MSG.get(500), {})
         return Response(context)
Пример #4
0
 def destroy(sessionid=None):
     if sessionid is None or sessionid <= 0:
         context = data_return(304, Session_MSG.get(304), {})
         return context
     else:
         params = [sessionid]
         try:
             result = RpcClient.call(Method.SessionStop, params, timeout=12)
             if result is None:  # 删除超时
                 Notice.send_success(
                     f"{Session_MSG.get(202)} SID: {sessionid}")
                 context = data_return(202, Session_MSG.get(202), {})
                 return context
             elif result.get('result') == 'success':
                 Notice.send_success(
                     f"{Session_MSG.get(201)} SID: {sessionid}")
                 context = data_return(201, Session_MSG.get(201), {})
                 return context
             else:
                 Notice.send_warning(
                     f"{Session_MSG.get(301)} SID: {sessionid}")
                 context = data_return(301, Session_MSG.get(301), {})
                 return context
         except Exception as E:
             logger.error(E)
             Notice.send_warning(f"{Session_MSG.get(301)} SID: {sessionid}")
             context = data_return(301, Session_MSG.get(301), {})
             return context
Пример #5
0
    def destory_host(ipaddress=None):
        # 删除相关缓存信息
        # 删除缓存的session命令行结果
        # 255.255.255.255 特殊处理
        if ipaddress == "255.255.255.255":
            return False

        Xcache.del_sessionio_cache(ipaddress=ipaddress)
        # 删除缓存的模块结果
        Xcache.del_module_result_by_ipaddress(ipaddress=ipaddress)
        # 删除缓存的模块历史结果
        Xcache.del_module_result_history_by_ipaddress(ipaddress=ipaddress)

        try:
            # 删除主表信息
            HostModel.objects.filter(ipaddress=ipaddress).delete()
            # 删除关联表信息
            for OneModel in Host.REGISTER_DESTORY:
                OneModel.objects.filter(ipaddress=ipaddress).delete()
            # 删除edge表信息
            EdgeModel.objects.filter(source=ipaddress).delete()
            EdgeModel.objects.filter(target=ipaddress).delete()
            return True
        except Exception as E:
            logger.error(E)
            return False
Пример #6
0
    def create(self, request, **kwargs):
        try:
            lport = int(request.data.get('lport', None))
        except Exception as _:
            lport = None
        try:
            rport = int(request.data.get('rport', None))
        except Exception as _:
            rport = None
        try:
            sessionid = int(request.data.get('sessionid', None))
        except Exception as _:
            sessionid = None

        try:
            portfwdtype = request.data.get('type', None)
            lhost = request.data.get('lhost', None)
            rhost = request.data.get('rhost', None)
            context = PortFwd.create(portfwdtype=portfwdtype,
                                     lhost=lhost, lport=lport, rhost=rhost, rport=rport,
                                     sessionid=sessionid)
        except Exception as E:
            logger.error(E)
            context = data_return(500, CODE_MSG.get(500), {})
        return Response(context)
Пример #7
0
 def list(self, request, **kwargs):
     try:
         context = Credential.list()
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), [])
     return Response(context)
Пример #8
0
    def putin_post_python_module_queue(self, post_module_intent=None):
        try:
            # 存储uuid
            tmp_self_uuid = str(uuid.uuid1())

            # 清空历史记录
            post_module_intent.clean_log()

            logger.warning("模块放入列表:{} job_id: {} uuid: {}".format(post_module_intent.NAME, None, tmp_self_uuid))
            post_module_intent.module_self_uuid = tmp_self_uuid
            self.ModuleJobsScheduler.add_job(func=post_module_intent._thread_run, max_instances=1, id=tmp_self_uuid)

            # 放入缓存队列,用于后续删除任务,存储结果等
            req = {
                'broker': post_module_intent.MODULE_BROKER,
                'uuid': tmp_self_uuid,
                'module': post_module_intent,
                'time': int(time.time()),
                'job_id': None,
            }
            Xcache.create_module_task(req)
            Notice.send_info(
                "模块: {} {} 开始执行".format(post_module_intent.NAME, post_module_intent.target_str))
            return True
        except Exception as E:
            logger.error(E)
            return False
Пример #9
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         context = Transport.destory(query_params=request.query_params)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #10
0
    def list(self, request, **kwargs):
        """查询数据库中的信息"""
        try:
            enfilename = request.query_params.get('en', None)
            filename = FileMsf.decrypt_file_name(enfilename)
            if filename is None:
                context = data_return(500, CODE_MSG.get(500), {})
                return Response(context)
            binary_data = FileMsf.read_msf_file(filename)
            if binary_data is None:
                context = data_return(304, HostFile_MSG.get(304), {})
                return context

            response = HttpResponse(binary_data)
            response['Content-Type'] = 'application/octet-stream'
            response['Content-Disposition'] = f'attachment;filename="{filename}"'
            response['Code'] = 200
            response['Message'] = quote(FileMsf_MSG.get(203))
            remote_client = request.META.get("HTTP_X_REAL_IP")

            Notice.send_info(f"IP: {remote_client} 下载文件 : {filename}")
            return response
        except Exception as E:
            logger.error(E)
            context = data_return(500, CODE_MSG.get(500), {})
            return Response(context)
Пример #11
0
 def list(self, request, **kwargs):
     try:
         context = Notice.list_notices()
         context = data_return(200, CODE_MSG.get(200), context)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #12
0
 def list(self, request, **kwargs):
     try:
         hid = int(request.query_params.get('hid', -1))
         context = Vulnerability.list(hid=hid)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), [])
     return Response(context)
Пример #13
0
 def destory(hid=None, port=None):
     try:
         PortServiceModel.objects.filter(hid=hid, port=port).delete()
         context = data_return(204, PortService_MSG.get(204), {})
     except Exception as E:
         logger.error(E)
         context = data_return(304, PortService_MSG.get(304), {})
     return context
Пример #14
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         jobid = int(request.query_params.get('jobid', None))
         context = Handler.destroy(jobid)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #15
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         loader_uuid = request.query_params.get('uuid', None)
         context = LazyLoader.destory(loader_uuid)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #16
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         filename = str(request.query_params.get('name', None))
         context = FileMsf.destory(filename)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #17
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         Notice.clean_notices()
         context = data_return(201, Notice_MSG.get(201), {})
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #18
0
    def destroy(self, request, *args, **kwargs):
        try:

            context = PostModuleResultHistory.destory()
        except Exception as E:
            logger.error(E)
            context = data_return(500, CODE_MSG.get(500), {})
        return Response(context)
Пример #19
0
 def destory(cid=None):
     try:
         CredentialModel.objects.filter(id=cid).delete()
         context = data_return(204, Credential_MSG.get(204), {})
     except Exception as E:
         logger.error(E)
         context = data_return(304, Credential_MSG.get(304), {})
     return context
Пример #20
0
 def list(self, request, **kwargs):
     try:
         sessionid = int(request.query_params.get('sessionid', None))
         context = Transport.list(sessionid=sessionid)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #21
0
 def store_log_from_sub(message=None):
     body = message.get('data')
     try:
         msf_module_logs_dict = json.loads(body)
         Notice.send(f"MSF> {msf_module_logs_dict.get('content')}", level=msf_module_logs_dict.get("level"))
     except Exception as E:
         logger.error(E)
         return False
Пример #22
0
 def destory(vid=None):
     try:
         VulnerabilityModel.objects.filter(id=vid).delete()
         context = data_return(204, Vulnerability_MSG.get(204), {})
     except Exception as E:
         logger.error(E)
         context = data_return(304, Vulnerability_MSG.get(304), {})
     return context
Пример #23
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         ipaddress = request.query_params.get('ipaddress', None)
         context = SessionIO.destroy(ipaddress)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #24
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         vid = int(request.query_params.get('id', None))
         context = Vulnerability.destory(vid=vid)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #25
0
 def list(self, request, **kwargs):
     try:
         ipaddress = request.query_params.get('ipaddress', None)
         context = Vulnerability.list(ipaddress=ipaddress)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), [])
     return Response(context)
Пример #26
0
    def list_jobs():
        """获取后台任务列表,包括msf任务及本地多模块任务"""

        msf_jobs_dict = Job.list_msfrpc_jobs_no_cache()
        if msf_jobs_dict is None:  # msfrpc临时异常
            uncheck = True  # 跳过任务检查
            msf_jobs_dict = {}
        else:
            uncheck = False

        reqs = Xcache.list_module_tasks()
        reqs_temp = []
        for req in reqs:
            # post python module
            if req.get("job_id") is None:
                req["moduleinfo"] = PostModuleSerializer(req.get("module"),
                                                         many=False).data
                req["moduleinfo"]['_custom_param'] = Job._deal_dynamic_param(
                    req["moduleinfo"]['_custom_param'])
                req.pop("module")  # 弹出module实例
                reqs_temp.append(req)
                continue

            # post msf module
            # 跳过任务检查
            if uncheck:
                req["moduleinfo"] = PostModuleSerializer(req.get("module"),
                                                         many=False).data
                req.pop("module")  # 弹出module实例
                req["moduleinfo"]['_custom_param'] = Job._deal_dynamic_param(
                    req["moduleinfo"]['_custom_param'])
                reqs_temp.append(req)
                continue
            elif msf_jobs_dict.get(str(req.get("job_id"))) is not None:
                req["moduleinfo"] = PostModuleSerializer(req.get("module"),
                                                         many=False).data
                req["moduleinfo"]['_custom_param'] = Job._deal_dynamic_param(
                    req["moduleinfo"]['_custom_param'])
                req.pop("module")  # 弹出module实例
                reqs_temp.append(req)
                continue
            else:
                # 清除失效的任务
                if int(time.time()) - req.get("time") >= 30:
                    logger.error(f"清除失效的任务: {req.get('module').NAME}")
                    logger.error(req)
                    Xcache.del_module_task_by_uuid(req.get("uuid"))
                else:
                    # 如果创建时间不足30秒,则等待callback处理数据
                    req["moduleinfo"] = PostModuleSerializer(req.get("module"),
                                                             many=False).data
                    req["moduleinfo"][
                        '_custom_param'] = Job._deal_dynamic_param(
                            req["moduleinfo"]['_custom_param'])
                    req.pop("module")
                    reqs_temp.append(req)
                    continue
        return reqs_temp
Пример #27
0
 def list(ipaddress=None):
     data = Vulnerability.list_vulnerability(ipaddress=ipaddress)
     try:
         format_data = Vulnerability.format_source_module(data)
     except Exception as E:
         format_data = data
         logger.error(E)
     context = data_return(200, CODE_MSG.get(200), format_data)
     return context
Пример #28
0
 def create(self, request, **kwargs):
     try:
         file = request.FILES['file']
         context = FileMsf.create(file=file)
         return Response(context)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
         return Response(context)
Пример #29
0
 def destroy(self, request, pk=None, **kwargs):
     try:
         ipaddress = request.query_params.get('ipaddress', None)
         port = int(request.query_params.get('port', None))
         context = PortService.destory(ipaddress=ipaddress, port=port)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)
Пример #30
0
 def list(self, request, **kwargs):
     try:
         hid = int(request.query_params.get('hid', None))
         loadpath = str(request.query_params.get('loadpath', None))
         context = PostModuleResult.list(hid=hid, loadpath=loadpath)
     except Exception as E:
         logger.error(E)
         context = data_return(500, CODE_MSG.get(500), {})
     return Response(context)