def DeleteTeamData(id):
with app.app_context():
team1 = Team.query.filter(Team.id == id).first()
#2.把这条数据删除掉
db.session.delete(team1)
#3.做数据的提交
db.session.commit()
def industrial_check(oldurl, industrialurl):
poc_class = pocdb_pocs(industrialurl)
poc_dict = poc_class.industrialpocdict
cprint(
">>>工控漏洞扫描URL: " + industrialurl + "\t可用POC个数[" + str(len(poc_dict)) +
"]", "magenta")
print("\r")
results = []
for value in poc_dict.values():
results.append(value.run())
with app.app_context():
for result in results:
try:
vulnerable, bugurl, bugname, payload, bugdetail = result
if vulnerable:
bug = BugList(oldurl=oldurl,
bugurl=bugurl,
bugname=bugname,
buggrade=redispool.hget('bugtype', bugname),
payload=payload,
bugdetail=bugdetail)
redispool.pfadd(redispool.hget('bugtype', bugname), bugurl)
redispool.pfadd(bugname, bugurl)
db.session.add(bug)
db.session.commit()
except Exception as e:
print(e)
pass
def SenFileScan(domain, redispool):
"""
敏感文件、目录扫描
字典:dict\SEN_scan.txt
:param domain:
:param
:return:
"""
pools = 20
urlList = []
for i in range(0, redispool.llen("SenScan")):
url="http://{}/{}".format(domain, redispool.lindex("SenScan", i))
urlList.append(url)
pool = ThreadPool(pools)
SenFileMessage = pool.map(UrlRequest, urlList)
pool.close()
pool.join()
if len(SenFileMessage)!=0:
with app.app_context():
for url in SenFileMessage:
try:
rep = requests.get(url, headers=core.GetHeaders(), timeout=3, verify=False)
bug = BugList(oldurl=domain, bugurl=url, bugname="SenDir",buggrade=redispool.hget('bugtype', "SenDir"),payload=url, bugdetail=rep.text)
db.session.add(bug)
except Exception as e:
print(e)
pass
db.session.commit()
return "\n".join(list(filter(None, SenFileMessage)))
def DeleteAdminData(id):
with app.app_context():
admin1 = Admin.query.filter(Admin.id == id).first()
#2.把这条数据删除掉
db.session.delete(admin1)
#3.做数据的提交
db.session.commit()
def deltask(id=1, tid=None):
with app.app_context():
tasks = scanTask.query.filter(scanTask.tid == tid).first()
db.session.delete(tasks)
db.session.commit()
flash("删除成功")
return redirect(url_for('tasks.seetask', id=id))
def saveTeamAttackEvant(sourcetid, goaltid, round, flag):
'''
该函数记录成功的攻击事件 存储在AttackRecord表中
存储数据为 攻击队伍ID 被攻击队伍ID 当前是第几轮 round
:param sourcetid:
:param goaltid:
:param round:
:return:
'''
with app.app_context():
sourceTeamName = Team.query.filter(
Team.id == sourcetid).first().teamname
goalTeamName = Team.query.filter(Team.id == goaltid).first().teamname
text = "{} 在{}轮 攻击 {} ,flag为{}".format(sourceTeamName, goalTeamName,
round, flag)
ulog = ULog(text=text)
event = AttackRecord(sourcetid=sourcetid,
goaltid=goaltid,
round=round,
flag=flag,
atttime=strftime('%Y-%m-%d %H:%M:%S',
localtime()))
db.session.add(ulog)
db.session.add(event)
db.session.commit()
def scanConsole(url, poclist, tid, pluginlist):
rep, target = getRep(url)
if not rep:
raise reqBadExceptin(url)
basemsg = GetBaseMessage(url, target, rep)
with app.app_context():
basemsgdb = BaseInfo(url=url,
tid=tid,
status=basemsg.GetStatus(),
title=basemsg.GetTitle(),
date=basemsg.GetDate(),
responseheader=basemsg.GetResponseHeader(),
Server=basemsg.GetFinger())
db.session.add(basemsgdb)
db.session.commit()
# 预处理
getPluginDepends()
time.sleep(5)
# 前置扫描
scanPocs(target, poclist, tid)
scanPlugins(target, pluginlist, tid)
results = spider(target)
# 后置扫描
for tempurl in results:
scanPocs(tempurl, poclist, tid, position=True)
scanPlugins(tempurl, pluginlist, tid, position=True)
logging.info("{} ScanEnd".format(url))
def cmspoc_check(oldurl, cmsurl):
poc_class = pocdb_pocs(cmsurl)
poc_dict = poc_class.cmspocdict
cprint(
">>>CMS漏洞扫描URL: " + cmsurl + "\t可用POC个数[" + str(len(poc_dict)) + "]",
"magenta")
cmspool.map(cmsprint, poc_dict.keys())
print("\r")
results = cmspool.map(cmscheck, poc_dict.values())
cmspool.close()
cmspool.join()
try:
with app.app_context():
for result in results:
vulnerable, bugurl, bugname, payload, bugdetail = result
if vulnerable:
bug = BugList(oldurl=oldurl,
bugurl=bugurl,
bugname=bugname,
buggrade=redispool.hget('bugtype', bugname),
payload=payload,
bugdetail=bugdetail)
db.session.add(bug)
redispool.pfadd(redispool.hget('bugtype', bugname), bugurl)
redispool.pfadd(bugname, bugurl)
db.session.commit()
except Exception as e:
print(e)
pass
def inputVulhubMsg(title, tid, addr, sshport, detail, sshname, sshpass,
dockerid):
'''
输入 vulhub 的初始环境
:param title:
:param tid:
:param addr:
:param sshport:
:param detail:
:param sshname:
:param sshpass:
:param dockerid:
:return:
'''
with app.app_context():
tempVul = Vulhub(tid=tid,
title=title,
addr=addr,
sshport=sshport,
sshname=sshname,
sshpass=sshpass,
dockerid=dockerid,
detail=detail)
db.session.add(tempVul)
db.session.commit()
return
def editVulhub(vid):
if not vid:
vid = 1
vulhub = Vulhub.query.filter(Vulhub.id == vid).first()
if request.method == 'GET':
checklist = list()
for tempfile in os.listdir(CheckDownPath):
if tempfile.endswith('.py'):
checklist.append(tempfile.split('.')[0])
return render_template('T_edit_vulhub.html',
vulhub=vulhub,
checklist=checklist)
else:
vulname = request.form.get('vulname')
addr = request.form.get('addr')
serviceport = request.form.get('serviceport')
sshport = request.form.get('sshport')
sshname = request.form.get('sshname')
sshpass = request.form.get('sshpass')
dockerid = request.form.get('dockerid')
status = bool(request.form.get('status'))
detail = request.form.get('detail')
with app.app_context():
vulhub.vulname, vulhub.addr, vulhub.serviceport, vulhub.sshport, vulhub.sshname, vulhub.sshpass, vulhub.dockerid, vulhub.status, vulhub.detail = vulname, addr, serviceport, sshport, sshname, sshpass, dockerid, status, detail
db.session.commit()
return redirect(url_for('vulhubManage'))
def delTeam(tid):
if tid:
with app.app_context():
team = Team.query.filter(Team.id == tid).first()
db.session.delete(team)
db.session.commit()
return redirect(url_for('teamManage'))
def DeleteAdminData(id):
with app.app_context():
notice1 = Notice.query.filter(Notice.id == id).first()
#2.把这条数据删除掉
db.session.delete(notice1)
#3.做数据的提交
db.session.commit()
def editAdminData(id, newcontent):
with app.app_context():
notice1 = Notice.query.filter(Notice.id == id).first()
#2.把这条数据,你需要修改的地方进行修改
notice1.username = newcontent
#3.把事务进行提交
db.session.commit()
def BugScanConsole(attackurl):
'''
动态调用类方法,减少冗余代码
将存在bug的url存在buglist表中,同时根据漏洞类型的不同,指向bugtype表中对应的漏洞类型
'''
try:
while redispool.scard(attackurl) != 0:
url = redispool.spop(attackurl)
Bug = BugScan(attackurl, url)
with app.app_context():
for value in Bugs:
vulnerable, payload, bugdetail = getattr(Bug, value)()
if vulnerable:
bug = BugList(oldurl=attackurl,
bugurl=url,
bugname=value,
buggrade=redispool.hget(
'bugtype', value),
payload=payload,
bugdetail=bugdetail)
db.session.add(bug)
db.session.commit()
Bug.POCScan()
Bug.WebLogicScan()
# time.sleep(0.5)
except Exception as e:
print(e)
pass
def SenFileScan(domain, url):
"""
敏感文件、目录扫描
字典:dict\SEN_scan.txt
:param domain:
:param
:return:
"""
pools = 20
urlList = []
for i in range(0, redispool.llen("SenScan")):
suffix = redispool.lindex("SenScan", i)
senurl = "{}/{}".format(url, suffix)
urlList.append(senurl)
pool = ThreadPool(pools)
SenFileMessage = pool.map(UrlRequest, urlList)
SenFileMessage2 = ""
pool.close()
pool.join()
url404 = "{}/springbird404page".format(url)
try:
rep404 = requests.get(url404,
headers=core.GetHeaders(),
timeout=3,
verify=False).text
except Exception as e:
print("超时")
rep404 = str(e)
pass
if len(SenFileMessage) != 0:
with app.app_context():
print("Sen file and dir : \n")
for url in SenFileMessage:
try:
if url is None:
continue
rep = requests.get(url,
headers=core.GetHeaders(),
timeout=1,
verify=False)
#添加404界面的判断,避免过多杂乱信息
if not core.is_similar_page(rep404, rep.text, radio=0.85):
print(url)
bug = BugList(oldurl=domain,
bugurl=url,
bugname="SenDir",
buggrade=redispool.hget(
'bugtype', "SenDir"),
payload=url,
bugdetail=rep.text)
SenFileMessage2 += url + "\n"
redispool.pfadd(redispool.hget('bugtype', "SenDir"),
url)
redispool.pfadd("SenDir", url)
db.session.add(bug)
except Exception as e:
# print(e)
pass
db.session.commit()
return SenFileMessage2
def editTeamData(id, newteamname, newpassword):
with app.app_context():
team1 = Team.query.filter(Team.id == id).first()
#2.把这条数据,你需要修改的地方进行修改
team1.username = newteamname
team1.password = newpassword
#3.把事务进行提交
db.session.commit()
def shields_regen(self):
with app.app_context():
ships = db.session.query(Ship).all()
for ship in ships:
if ship.shield < Ship.SHIELD[ship.type]:
ship.shield += self.SHIELDS_INCREMENT
db.session.add(ship)
db.session.commit()
def delNotice(nid):
if nid:
with app.app_context():
notice = Notice.query.filter(Notice.id == nid).first()
db.session.delete(notice)
db.session.commit()
noticeList = Notice.query.all()
return render_template('T_notice_manage.html', noticeList=noticeList)
def get_db():
"""Opens a new database connection if there is none yet for the
current application context.
"""
with app.app_context():
if not hasattr(g, 'sqlite_db'):
g.sqlite_db = connect_db()
return g.sqlite_db
def editAdminData(id, newadminname, newpassword):
with app.app_context():
admin1 = Admin.query.filter(Admin.id == id).first()
#2.把这条数据,你需要修改的地方进行修改
admin1.username = newadminname
admin1.password = newpassword
#3.把事务进行提交
db.session.commit()
def delPoc(id=None):
with app.app_context():
tempPoc = PocList.query.filter(PocList.id == id).first()
delPocFile(tempPoc.filename)
db.session.delete(tempPoc)
db.session.commit()
flash("删除成功")
return redirect(url_for('pocs.poclist'))
def getTeamAllMsg(tid):
'''
返回 tid 对应的团队 团队名,密码,token
:param tid:
:return:
'''
with app.app_context():
tempTeam = Team.query.filter(Team.id == tid).first()
return tempTeam.teamname, tempTeam.password, tempTeam.token
def delVulhub(vid):
if vid is None:
return redirect(url_for('vulhubManage'))
else:
with app.app_context():
vulhub = Vulhub.query.filter(Vulhub.id == vid).first()
db.session.delete(vulhub)
db.session.commit()
return redirect(url_for('vulhubManage'))
def delPlugin(id=None):
# print(id)
with app.app_context():
plugin = pluginList.query.filter(pluginList.id == id).first()
delPluginFile(plugin.filename)
db.session.delete(plugin)
db.session.commit()
flash("删除成功")
return redirect(url_for('plugin.pluginlist'))
def deltasks(tid=None):
with app.app_context():
tasks = Task.query.filter(Task.tid == tid).first()
scantasks = scanTask.query.filter(scanTask.pid == tasks.tid)
[db.session.delete(task) for task in scantasks]
db.session.delete(tasks)
db.session.commit()
flash("删除成功")
return redirect(url_for('tasks.tasklist'))
def saveVul(result, tid, poc):
with app.app_context():
vul = VulList(url=result['url'],
tid=tid,
pocname=poc,
result=json.dumps(result['result']['VerifyInfo']),
created=result['created'])
db.session.add(vul)
db.session.commit()
def getTeamToken(tid):
'''
返回 tid 对应的团队 token
:param tid:
:return:
'''
with app.app_context():
tempTeam = Team.query.filter(Team.id == tid).first()
return tempTeam.token
def getTeamPass(tid):
'''
返回 tid 对应的团队密码
:param tid:
:return:
'''
with app.app_context():
tempTeam = Team.query.filter(Team.id == tid).first()
return tempTeam.password
def delAllTask():
with app.app_context():
tasks = Task.query.all()
[db.session.delete(task) for task in tasks]
scantasks = scanTask.query.all()
[db.session.delete(task) for task in scantasks]
db.session.commit()
flash("删除成功")
return redirect(url_for('tasks.tasklist'))
def delDownSource(tid, downNum):
'''
删除宕机靶机所属队伍的分数
:param tid:
:return:
'''
with app.app_context():
tempSource = Team.query.filter(Team.id == tid).first()
tempSource.source -= config.CheckDown_Source * downNum
db.session.commit()
return
def saveExts(result, tid, pluginname):
with app.app_context():
extMsg = ExtList(pluginname=pluginname,
tid=tid,
result=result,
created=str(
time.strftime("%Y-%m-%d %H:%M:%S",
time.localtime())))
db.session.add(extMsg)
db.session.commit()
from init import app
from models.sale_maintainer_quota import SaleMaintainerQuota
from models.taomi_tag_model import TaomiTagMap
from libs.customer_maintainer_sea import MaintainerQuota
from libs.rpc import YaoguangRPC
with app.app_context():
fields = [
{
'key': 'vip_expire_date',
'name': 'VIP过期时间',
'order': 0,
'prefix': '',
'scope': 'maintainer',
'selections': [
{
'id': [0, 4],
'name': '0-3',
},
{
'id': [4, 8],
'name': '4-7'
},
{
'id': [8, 16],
'name': '8-15',
},
{
'id': [16, 31],
'name': '16-30',
def init_db():
"""Creates the database tables."""
with app.app_context():
db = get_db()
db.create_all()