def param_address_range(self, name="address_range"): raw_input = self._custom_param.get(name) try: raw_lines = raw_input.split(",") except Exception as E: print(E) return [] ipaddress_list = [] for line in raw_lines: if '-' in line: try: startip = line.split("-")[0] endip = line.split("-")[1] ipnetwork_list = summarize_address_range( IPv4Address(startip), IPv4Address(endip)) for ipnetwork in ipnetwork_list: for ip in ipnetwork: if ip.compressed not in ipaddress_list: ipaddress_list.append(ip.compressed) except Exception as E: print(E) elif line == "": continue else: try: ipnetwork = IPv4Network(line) for ip in ipnetwork: if ip.compressed not in ipaddress_list: ipaddress_list.append(ip.compressed) except Exception as E: logger.exception(E) return ipaddress_list
def disconnect(self, close_code): try: async_to_sync(self.channel_layer.group_discard)("msfconsole", self.channel_name) Xcache.clean_msfconsoleinputcache() except Exception as E: logger.exception(E) pass
def list(engine, querystr, page=1, size=100): if engine == "FOFA": client = FOFAClient() flag = client.init_conf_from_cache() if flag is not True: context = data_return(301, NetworkSearch_MSG.get(301), {}) return context else: context = data_return(304, NetworkSearch_MSG.get(304), {}) return context try: flag, data = client.get_data(query_str=querystr, page=page, size=size) if flag is not True: context = data_return(303, NetworkSearch_MSG.get(303), {"errmsg": data}) else: context = data_return(200, CODE_MSG.get(200), data) return context except Exception as E: logger.exception(E) context = data_return(303, NetworkSearch_MSG.get(303), {"errmsg": NetworkSearch_MSG.get(303)}) return context
def split_ip(ip): try: result = tuple(int(part) for part in ip.split('.')) except Exception as E: logger.exception(E) return 0, 0, 0 return result
def list(self, request, **kwargs): try: sessionid = int(request.query_params.get('sessionid', None)) context = Route.list(sessionid=sessionid) except Exception as E: logger.exception(E) context = data_return(500, CODE_MSG.get(500), {}) return Response(context)
def _store_result_in_history(self): """存储模块运行结果到历史记录""" if self.MODULETYPE in [TAG2CH.internal]: return None opts = {} for key in self._custom_param: for option in self.OPTIONS: if option.get("name") == key: if self._custom_param.get(key) is None: continue opts[option.get("name_tag")] = self._custom_param.get(key) # 处理凭证,监听,文件等参数 try: if key == HANDLER_OPTION.get("name"): handler_dict = json.loads( self._custom_param.get(key)) # 清理无效的参数 new_params = { "PAYLOAD": handler_dict.get("PAYLOAD"), "LPORT": handler_dict.get("LPORT") } if handler_dict.get("LHOST") is not None: new_params["LHOST"] = handler_dict.get("LHOST") if handler_dict.get("RHOST") is not None: new_params["RHOST"] = handler_dict.get("RHOST") opts[option.get("name_tag")] = json.dumps( new_params) elif key == FILE_OPTION.get("name"): file_dict = json.loads(self._custom_param.get(key)) opts[option.get("name_tag")] = json.dumps({ "name": file_dict.get("name"), }) elif key == CREDENTIAL_OPTION.get("name"): credential_dict = json.loads( self._custom_param.get(key)) opts[option.get("name_tag")] = json.dumps({ "username": credential_dict.get("username"), "password": credential_dict.get("password"), "password_type": credential_dict.get("password_type"), }) except Exception as E: logger.exception(E) module_result = Xcache.get_module_result(ipaddress=self.host_ipaddress, loadpath=self.__module__) flag = Xcache.add_module_result_history( ipaddress=self.host_ipaddress, loadpath=self.__module__, opts=opts, update_time=module_result.get("update_time"), result=module_result.get("result")) return flag
def _cleanup_files(self): try: os.remove(self._src_file) except Exception as E: logger.exception(E) try: os.remove(self._exe_file) except Exception as E: logger.exception(E)
def decrypt_file_name(enfilename): key = Xcache.get_aes_key() pr = Aescrypt(key, 'ECB', '', 'utf-8') try: enfilename_url = parse.unquote(enfilename) filename = pr.aesdecrypt(enfilename_url) return filename except Exception as E: logger.exception(E) return None
def cleanup_files(self): src_file = os.path.join(TMP_DIR, f"{self.file_name}.c") exe_file = os.path.join(TMP_DIR, f"{self.file_name}.exe") try: os.remove(src_file) except Exception as E: logger.exception(E) try: os.remove(exe_file) except Exception as E: logger.exception(E)
def from_db_value(self, value, expression, connection): if not value: value = [] if isinstance(value, dict): return value # 直接将字符串转换成python内置的list try: return ast.literal_eval(value) except Exception as E: from Lib.log import logger logger.exception(E) logger.error(value) return {}
def update(cid=None, desc=None): try: orm_model = CredentialModel.objects.get(id=cid) except Exception as E: logger.exception(E) context = data_return(404, Credential_MSG.get(404), {}) return context orm_model.desc = desc orm_model.save() data = CredentialSerializer(orm_model).data context = data_return(202, Credential_MSG.get(202), data) return context
def list_all(): try: result = Xcache.list_module_result_history() for one in result: loadpath = one.get("loadpath") moduleconfig = Xcache.get_moduleconfig(loadpath) if moduleconfig is None: continue one["module_name"] = moduleconfig.get("NAME") return result except Exception as E: logger.exception(E) return []
def compile_c(self, src, arch="x64"): bindata = None exe_file = os.path.join(TMP_DIR, f"{self.file_name}.exe") cmd = self.build_cmd(src, arch) ret = subprocess.run(cmd, capture_output=True, text=True) if ret.returncode != 0: logger.warning(ret.stdout) logger.warning(ret.stderr) else: try: with open(exe_file, 'rb') as f: bindata = f.read() except Exception as E: logger.exception(E) self.cleanup_files() return bindata
def list_msf_files(): result = [] try: filelist = os.listdir(MSFLOOT) for file in filelist: filepath = os.path.join(MSFLOOT, file) if os.path.isfile(filepath): fileinfo = os.stat(filepath) enfilename = FileMsf.encrypt_file_name(file) result.append({ "name": file, "enfilename": enfilename, "size": fileinfo.st_size, "mtime": int(fileinfo.st_mtime) }) return result except Exception as E: logger.exception(E) return []
def get_city(ip): result = Xcache.get_city_reader_cache(ip) if result is not None: return result city_mmdb_dir = os.path.join(settings.BASE_DIR, 'STATICFILES', 'STATIC', 'GeoLite2-City.mmdb') city_reader = geoip2.database.Reader(city_mmdb_dir) try: response = city_reader.city(ip) except Exception as _: Xcache.set_city_reader_cache(ip, "局域网") return "局域网" country = "" try: country = response.country.name country = response.country.names['zh-CN'] except Exception as E: logger.exception(E) if country is None: country = "" subdivision = "" try: subdivision = response.subdivisions.most_specific.name subdivision = response.subdivisions.most_specific.names['zh-CN'] except Exception as _: pass if subdivision is None: subdivision = "" city = "" try: city = response.city.name city = response.city.names['zh-CN'] except Exception as _: pass if city is None: city = "" result = f"{country} {subdivision} {city}" Xcache.set_city_reader_cache(ip, result) return result
def send_text(token, chat_id, proxy, msg): if isinstance(chat_id, str): chat_id = [chat_id] elif isinstance(chat_id, list): pass else: return [] send_result = [] if proxy is None or proxy == "": try: bot = Bot(token=token) except Exception as E: logger.exception(E) return [] else: proxy_url = proxy request = telegram.utils.request.Request(proxy_url=proxy_url) try: bot = Bot(token=token, request=request) except Exception as E: logger.exception(E) return [] for one_chat_id in chat_id: try: bot.send_message(chat_id=one_chat_id, text=msg, timeout=1) send_result.append(one_chat_id) except Exception as E: logger.exception(E) logger.warning("无效的chat_id: {}".format(one_chat_id)) return send_result
def compile(self, arch="x64"): bindata = None # 生成源码文件 with open(self._src_file, "wb") as f: f.write(self.source_code.encode("utf-8")) # 编译 cmd = self._build_cmd(arch) ret = subprocess.run(cmd, capture_output=True, text=True) if ret.returncode != 0: logger.warning(ret.stdout) logger.warning(ret.stderr) else: try: with open(self._exe_file, 'rb') as f: bindata = f.read() except Exception as E: logger.exception(E) # 清理遗留文件 self._cleanup_files() return bindata
def get_alive_chat_id(token=None, proxy=None): if proxy is None or proxy == "": bot = Bot(token=token) else: proxy_url = proxy request = telegram.utils.request.Request(proxy_url=proxy_url) bot = Bot(token=token, request=request) user_chat_id_list = [] try: result = bot.get_updates() except Exception as E: logger.exception(E) return user_chat_id_list for update in result: first_name = update.effective_chat.first_name if update.effective_chat.first_name is not None else "" last_name = update.effective_chat.last_name if update.effective_chat.last_name is not None else "" one_data = { "user": "******".format(first_name, last_name), "chat_id": update.effective_chat.id } if one_data not in user_chat_id_list: user_chat_id_list.append(one_data) return user_chat_id_list
def get_windows_password(sessionid): module_type = "post" mname = "windows/gather/credentials/mimikatz" opts = {'SESSION': sessionid} output = MsfModule.run_with_output(module_type, mname, opts) try: result = json.loads(output) except Exception as E: logger.exception(E) result = {'status': False} credential_list = [] if result.get('status') is True: data = result.get('data') if isinstance(data, list): for record in data: if record.get('password') is '' or record.get( 'password').find('n.a.') >= 0: continue credential_list.append({ 'domain': record.get('domain'), 'user': record.get('user'), 'password': record.get('password') }) return credential_list
def is_valid(self): for oneEnum in self._enum_list: if oneEnum.get("name") is None: logger.exception( f"参数 {self._name} 格式不符合要求,正确格式应为字典,其中包含name及value字段")
def load_all_modules_config(): all_modules_config = [] # viper 内置模块 viper_module_count = 0 modulenames = os.listdir(os.path.join(settings.BASE_DIR, 'MODULES')) for modulename in modulenames: modulename = modulename.split(".")[0] if modulename == "__init__" or modulename == "__pycache__": # __init__.py的特殊处理 continue class_intent = importlib.import_module(f'MODULES.{modulename}') try: if isinstance(class_intent.PostModule.ATTCK, str): attck = [class_intent.PostModule.ATTCK] elif isinstance(class_intent.PostModule.ATTCK, list): attck = [class_intent.PostModule.ATTCK] else: attck = [] one_module_config = { "BROKER": class_intent.PostModule.MODULE_BROKER, # 处理器 "NAME": class_intent.PostModule.NAME, "DESC": class_intent.PostModule.DESC, "WARN": class_intent.PostModule.WARN, "AUTHOR": class_intent.PostModule.AUTHOR, "REFERENCES": class_intent.PostModule.REFERENCES, "README": class_intent.PostModule.README, "MODULETYPE": class_intent.PostModule.MODULETYPE, "OPTIONS": class_intent.PostModule.OPTIONS, "loadpath": 'MODULES.{}'.format(modulename), # post类配置 "REQUIRE_SESSION": class_intent.PostModule.REQUIRE_SESSION, "PLATFORM": class_intent.PostModule.PLATFORM, "PERMISSIONS": class_intent.PostModule.PERMISSIONS, "ATTCK": attck, # bot类配置 "SEARCH": class_intent.PostModule.SEARCH, } all_modules_config.append(one_module_config) viper_module_count += 1 except Exception as E: logger.error(E) continue logger.warning("内置模块加载完成,加载{}个模块".format(viper_module_count)) Notice.send_success(f"内置模块加载完成,加载{viper_module_count}个模块") # 自定义模块 diy_module_count = 0 modulenames = os.listdir( os.path.join(settings.BASE_DIR, 'Docker', "module")) for modulename in modulenames: modulename = modulename.split(".")[0] if modulename == "__init__" or modulename == "__pycache__": # __init__.py的特殊处理 continue try: class_intent = importlib.import_module( 'Docker.module.{}'.format(modulename)) importlib.reload(class_intent) except Exception as E: logger.exception(E) Notice.send_alert(f"加载自定义模块:{modulename} 失败") continue try: if isinstance(class_intent.PostModule.ATTCK, str): attck = [class_intent.PostModule.ATTCK] elif isinstance(class_intent.PostModule.ATTCK, list): attck = [class_intent.PostModule.ATTCK] else: attck = [] one_module_config = { "BROKER": class_intent.PostModule.MODULE_BROKER, # 处理器 "NAME": class_intent.PostModule.NAME, "DESC": class_intent.PostModule.DESC, "WARN": class_intent.PostModule.WARN, "AUTHOR": class_intent.PostModule.AUTHOR, "REFERENCES": class_intent.PostModule.REFERENCES, "README": class_intent.PostModule.README, "MODULETYPE": class_intent.PostModule.MODULETYPE, "OPTIONS": class_intent.PostModule.OPTIONS, "loadpath": 'Docker.module.{}'.format(modulename), # post类配置 "REQUIRE_SESSION": class_intent.PostModule.REQUIRE_SESSION, "PLATFORM": class_intent.PostModule.PLATFORM, "PERMISSIONS": class_intent.PostModule.PERMISSIONS, "ATTCK": attck, # bot类配置 "SEARCH": class_intent.PostModule.SEARCH, } all_modules_config.append(one_module_config) diy_module_count += 1 except Exception as E: logger.error(E) continue logger.warning("自定义模块加载完成,加载{}个模块".format(diy_module_count)) Notice.send_success(f"自定义模块加载完成,加载{diy_module_count}个模块") all_modules_config.sort(key=lambda s: (TAG2CH.get_moduletype_order( s.get('MODULETYPE')), s.get('loadpath'))) if Xcache.update_moduleconfigs(all_modules_config): return len(all_modules_config) else: return 0