def create_repoter(self):
main_url = DatabaseType(self.projectTag).getURLfromDB()
parse_url = urlparse(main_url)
host = parse_url.netloc
reportType = CommandLines().cmd().report
reportTypes = reportType.split(',')
if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes or "html" in reportTypes:
self.log.info(Utils().tellTime() + Utils().getMyWord("{report_creat}"))
if "html" in reportTypes:
nameHtml = "reports" + os.sep + host + "-" + self.projectTag + ".html"
if os.path.exists("reports" + os.sep + "res"):
pass
else:
Utils().copyPath("doc" + os.sep + "template" + os.sep + "html" + os.sep + "res","reports")
try:
CreatHtml(self.projectTag,nameHtml).CreatMe()
self.log.debug("html模板正常")
except Exception as e:
self.log.error("[Err] %s" % e)
if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes:
Docx_replace(self.projectTag).mainReplace()
if "doc" in reportTypes:
nameDoc = "reports" + os.sep + host + "-" + self.projectTag + ".docx"
Docx_replace(self.projectTag).docMove(nameDoc)
if "txt" in reportTypes:
nameTxt = "reports" + os.sep + host + "-" + self.projectTag + ".txt"
CreatTxt(self.projectTag,nameTxt).CreatMe()
if "pdf" in reportTypes:
namePdf = "reports" + os.sep + host + "-" + self.projectTag + ".pdf"
CreatPdf(self.projectTag,namePdf).CreatMe()
Docx_replace(self.projectTag).docDel()
if "doc" in reportTypes or "pdf" in reportTypes or "txt" in reportTypes or "html" in reportTypes:
time.sleep(2) #waiting
self.log.info(Utils().tellTime() + Utils().getMyWord("{report_fini}"))
def creatInsideJs(self, tag, host, scriptInside, url): # 生成html的script的文件
try:
jsRealPath = url
jsFilename = "7777777.script.inside.html.js" #随便来一个
jsTag = Utils().creatTag(6)
PATH = "tmp/" + tag + "_" + host + "/" + tag + ".db"
conn = sqlite3.connect(os.sep.join(PATH.split('/')))
cursor = conn.cursor()
conn.isolation_level = None
sql = "insert into js_file(name,path,local) values('%s','%s','%s')" % (
jsFilename, jsRealPath, jsTag + "." + jsFilename)
cursor.execute(sql)
conn.commit()
self.log.info(Utils().tellTime() +
Utils().getMyWord("{downloading}") + jsFilename)
with open(
"tmp" + os.sep + tag + "_" + host + os.sep + jsTag + "." +
jsFilename, "wb") as js_file:
js_file.write(str.encode(scriptInside))
js_file.close()
cursor.execute(
"UPDATE js_file SET success = 1 WHERE local='%s';" %
(jsTag + "." + jsFilename))
conn.commit()
conn.close()
except Exception as e:
self.log.error("[Err] %s" % e)
def apiComplete(self):
self.baseUrlPaths = list(set(self.baseUrlPaths)) # list去重
self.apiPaths = list(set(self.apiPaths))
url = DatabaseType(self.projectTag).getURLfromDB()
if "#" in url: # 帮我检测下此处逻辑
url = url.split("#")[0]
res = urlparse(url)
tmpUrl = res.path.split("/")
if "." in tmpUrl[-1]:
del tmpUrl[-1]
hostURL = res.scheme + "://" + res.netloc + "/"
url = res.scheme + "://" + res.netloc + "/".join(tmpUrl)
if url[-1:] != "/":
url = url + "/"
for baseurl in self.baseUrlPaths:
for apiPath in self.apiPaths:
if baseurl == "/":
completeUrl1 = url + apiPath
completeUrl2 = hostURL + apiPath
self.completeUrls.append(completeUrl1)
self.completeUrls.append(completeUrl2)
else:
completeUrl1 = url + baseurl + apiPath
completeUrl2 = hostURL + baseurl + apiPath
self.completeUrls.append(completeUrl1)
self.completeUrls.append(completeUrl2)
self.completeUrls = list(set(self.completeUrls))
for completeUrl in self.completeUrls:
if "//" in completeUrl.split("//", 1)[1]:
completeUrl = completeUrl.split("//", 1)[0] + "//" + completeUrl.split("//", 1)[1].replace("//", "/")
completeApiPath = completeUrl.split("§§§")[0]
filePath = completeUrl.split("§§§")[1]
DatabaseType(self.projectTag).apiRecordToDB(filePath, completeApiPath)
self.log.info(Utils().tellTime() + Utils().getMyWord("{total_api_num}") + str(len(self.completeUrls)))
def checkSpiltingTwice(self, projectPath):
self.log.info(Utils().tellTime() +
Utils().getMyWord("{check_codesplit_twice}"))
for parent, dirnames, filenames in os.walk(projectPath,
followlinks=True):
for filename in filenames:
if filename != self.projectTag + ".db":
tmpName = filename.split(".")
if len(tmpName) == 4:
localFileName = "." + tmpName[-2] + ".js"
self.localFileNames.append(localFileName)
remotePath = DatabaseType(
self.projectTag).getJsUrlFromDB(
filename, projectPath)
tmpRemotePath = remotePath.split("/")
del tmpRemotePath[-1]
newRemotePath = "/".join(tmpRemotePath) + "/"
self.remotePaths.append(newRemotePath)
self.remotePaths = list(set(self.remotePaths))
if len(self.localFileNames) > 3: # 一切随缘
localFileName = self.localFileNames[0]
for baseurl in self.remotePaths:
tmpRemoteFileURLs = []
res = urlparse(baseurl)
i = 0
while i < 500:
remoteFileURL = baseurl + str(i) + localFileName
i = i + 1
tmpRemoteFileURLs.append(remoteFileURL)
GroupBy(tmpRemoteFileURLs, self.options).stat()
tmpRemoteFileURLs = GroupBy(tmpRemoteFileURLs,
self.options).start()
for remoteFileURL in tmpRemoteFileURLs:
self.remoteFileURLs.append(remoteFileURL)
else:
for localFileName in self.localFileNames:
for baseurl in self.remotePaths:
tmpRemoteFileURLs = []
res = urlparse(baseurl)
i = 0
while i < 500:
remoteFileURL = baseurl + str(i) + localFileName
i = i + 1
tmpRemoteFileURLs.append(remoteFileURL)
GroupBy(tmpRemoteFileURLs, self.options).stat()
tmpRemoteFileURLs = GroupBy(tmpRemoteFileURLs,
self.options).start()
for remoteFileURL in tmpRemoteFileURLs:
self.remoteFileURLs.append(remoteFileURL)
if self.remoteFileURLs != []:
self.remoteFileURLs = list(set(self.remoteFileURLs)) # 其实不会重复
self.log.info(Utils().tellTime() +
Utils().getMyWord("{check_codesplit_twice_fini_1}") +
str(len(self.remoteFileURLs)) +
Utils().getMyWord("{check_codesplit_twice_fini_2}"))
DownloadJs(self.remoteFileURLs,
self.options).downloadJs(self.projectTag, res.netloc,
999) # 999表示爆破
def dealJs(self, js_paths): # 生成js绝对路径
res = urlparse(self.url) # 处理url多余部分
if res.path == "":
baseUrl = res.scheme + "://" + res.netloc + "/"
else:
baseUrl = res.scheme + "://" + res.netloc + res.path
if res.path[-1:] != "/": # 文件夹没"/",若输入的是文件也会被加上,但是影响不大
baseUrl = baseUrl + "/"
if self.url[-1:] != "/": # 有文件的url
tmpPath = res.path.split('/')
tmpPath = tmpPath[:] # 防止解析报错
del tmpPath[-1]
baseUrl = res.scheme + "://" + res.netloc + "/".join(tmpPath) + "/"
for jsPath in js_paths: # 路径处理多种情况./ ../ / http
if jsPath[:2] == "./":
jsPath = jsPath.replace("./", "")
jsRealPath = baseUrl + jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:3] == "../":
dirCount = jsPath.count('../')
tmpCount = 1
jsPath = jsPath.replace("../", "")
new_tmpPath = tmpPath[:] # 防止解析报错
while tmpCount <= dirCount:
del new_tmpPath[-1]
tmpCount = tmpCount + 1
baseUrl = res.scheme + "://" + res.netloc + "/".join(
new_tmpPath) + "/"
jsRealPath = baseUrl + jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:1] == "/":
jsRealPath = res.scheme + "://" + res.netloc + jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:4] == "http":
jsRealPath = jsPath
self.jsRealPaths.append(jsRealPath)
elif jsPath[:2] == "//": # 自适应域名js
jsRealPath = res.scheme + ":" + jsPath
self.jsRealPaths.append(jsRealPath)
else:
#jsRealPath = res.scheme + "://" + res.netloc + "/" + jsPath
jsRealPath = baseUrl + jsPath #我感觉我原来的逻辑写错了
self.jsRealPaths.append(jsRealPath)
self.log.info(Utils().tellTime() +
Utils().getMyWord("{pares_js_fini_1}") +
str(len(self.jsRealPaths)) +
Utils().getMyWord("{pares_js_fini_2}"))
domain = res.netloc
if ":" in domain:
domain = str(domain).replace(":", "_")
DownloadJs(self.jsRealPaths,
self.options).downloadJs(self.projectTag, domain, 0)
extJS = CommandLines().cmd().js
if extJS != None:
extJSs = extJS.split(',')
DownloadJs(extJSs,
self.options).downloadJs(self.projectTag, res.netloc, 0)
def requestUrl(self):
headers = self.header
url = self.url
self.log.info(Utils().tellTime() + Utils().getMyWord("{target_url}") + url)
self.log.info(Utils().tellTime() + Utils().getMyWord("{pares_js}"))
if self.options.ssl_flag == 1:
demo = requests.get(url=url, headers=headers, proxies=self.proxy_data,verify=False).text
else:
demo = requests.get(url=url, headers=headers,proxies=self.proxy_data,).text
demo = demo.replace("<!--", "").replace("-->", "") # 删去html注释
soup = BeautifulSoup(demo, "html.parser")
for item in soup.find_all("script"):
jsPath = item.get("src")
if jsPath: # 处理src空情况
self.jsPaths.append(jsPath)
jsPathInScript = item.text #处理script标签里面的js内容
jsPathInScript = jsPathInScript.encode()
if jsPathInScript:
#self.jsPathInScripts.append(jsPathInScript)
jsTag = Utils().creatTag(6)
res = urlparse(self.url)
domain = res.netloc
if ":" in domain:
domain = str(domain).split(":")[0]
PATH = "tmp/" + self.projectTag + "_" + domain +'/' + self.projectTag + ".db"
conn = sqlite3.connect(os.sep.join(PATH.split('/')))
cursor = conn.cursor()
conn.isolation_level = None
if "#" in self.url:
inurl = self.url.split("#")[0] + "/§§§"
else:
inurl = self.url + "/§§§"
sql = "insert into js_file(name,path,local) values('%s','%s','%s')" % (jsTag + ".js" , inurl , jsTag + ".js")
cursor.execute(sql)
with open("tmp" + os.sep + self.projectTag + "_" + domain + os.sep + jsTag + ".js", "wb") as js_file:
js_file.write(jsPathInScript)
js_file.close()
cursor.execute("UPDATE js_file SET success = 1 WHERE local='%s';" % (jsTag + ".js"))
conn.commit()
conn.close()
for item in soup.find_all("link"): # 防止使用link标签情况
jsPath = item.get("href")
if jsPath[-2:] == "js": # 防止提取css
self.jsPaths.append(jsPath)
try:
jsInScript = self.scriptCrawling(demo)
self.log.debug("scriptCrawling模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
for jsPath in jsInScript:
self.jsPaths.append(jsPath)
try:
self.dealJs(self.jsPaths)
self.log.debug("dealjs函数正常")
except Exception as e:
self.log.error("[Err] %s" % e)
def run(self):
# target = (url for url in self.urls)
self.log.info(Utils().tellTime() + Utils().getMyWord("{response_start}"))
nums = len(self.urls)
for _ in trange(nums):
sleep(0.01)
pool = ThreadPoolExecutor(20)
allTask = [pool.submit(self.check, domain) for domain in self.urls]
wait(allTask, return_when=ALL_COMPLETED)
return self.res
def jsCodeCompile(self, jsCode, jsFilePath):
try:
self.log.info(Utils().tellTime() +
Utils().getMyWord("{get_codesplit}"))
variable = re.findall(r'\[.\]', jsCode)
if "[" and "]" in variable[0]:
variable = variable[0].replace("[", "").replace("]", "")
jsCodeFunc = "function js_compile(%s){js_url=" % (
variable) + jsCode + "\nreturn js_url}"
pattern_jscode = re.compile(r"\(\{\}\[(.*?)\]\|\|.\)", re.DOTALL)
flag_code = pattern_jscode.findall(jsCodeFunc)
if flag_code:
jsCodeFunc = jsCodeFunc.replace(
"({}[%s]||%s)" % (flag_code[0], flag_code[0]),
flag_code[0])
pattern1 = re.compile(r"\{(.*?)\:")
pattern2 = re.compile(r"\,(.*?)\:")
nameList1 = pattern1.findall(jsCode)
nameList2 = pattern2.findall(jsCode)
nameList = nameList1 + nameList2
nameList = list(set(nameList))
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
localFile = jsFilePath.split(os.sep)[-1]
sql = "insert into js_split_tree(jsCode,js_name) values('%s','%s')" % (
jsCode, localFile)
cursor.execute(sql)
connect.commit()
cursor.execute("select id from js_split_tree where js_name='%s'" %
(localFile))
jsSplitId = cursor.fetchone()[0]
cursor.execute("select path from js_file where local='%s'" %
(localFile))
jsUrlPath = cursor.fetchone()[0]
connect.close()
if "exec" not in jsCode and "spawn" not in jsCode: # 防止黑吃黑被命令执行
jsCompileResult = execjs.compile(jsCodeFunc)
for name in nameList:
if "\"" in name:
name = name.replace("\"", "")
if "undefined" not in jsCompileResult.call(
"js_compile", name):
jsFileName = jsCompileResult.call("js_compile", name)
self.jsFileNames.append(jsFileName)
self.log.info(Utils().tellTime() +
Utils().getMyWord("{run_codesplit_s}") +
str(len(self.jsFileNames)))
self.getRealFilePath(jsSplitId, self.jsFileNames, jsUrlPath)
self.log.debug("jscodecomplie模块正常")
except Exception as e:
self.log.error("[Err] %s" % e) # 这块有问题,逻辑要改进
return 0
def checkCodeSpilting(self, jsFilePath):
jsOpen = open(jsFilePath, 'r', encoding='UTF-8',errors="ignore") # 防编码报错
jsFile = jsOpen.readlines()
jsFile = str(jsFile) # 二次转换防报错
if "document.createElement(\"script\");" in jsFile:
self.log.info(Utils().tellTime() + Utils().getMyWord("{maybe_have_codesplit}") + Utils().getFilename(jsFilePath))
pattern = re.compile(r"\w\.p\+(.*?)\.js", re.DOTALL)
jsCodeList = pattern.findall(jsFile)
for jsCode in jsCodeList:
jsCode = jsCode + ".js\""
self.jsCodeCompile(jsCode, jsFilePath)
def recoverStart(self):
projectPath = DatabaseType(self.projectTag).getPathfromDB()
for parent, dirnames, filenames in os.walk(projectPath, followlinks=True):
for filename in filenames:
if filename != self.projectTag + ".db":
filePath = os.path.join(parent, filename)
self.checkCodeSpilting(filePath)
try:
self.checkSpiltingTwice(projectPath)
self.log.debug("checkSpiltingTwice模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
self.log.info(Utils().tellTime() + Utils().getMyWord("{check_js_fini}"))
def jsBlacklist(self):
newList = self.jsRealPaths[:] # 防止遍历不全
for jsRealPath in newList: # 遍历js路径
res = urlparse(jsRealPath)
jsRealPathDomain = res.netloc.lower() # js的主域名
jsRealPathFilename = Utils().getFilename(
jsRealPath).lower() # 获取js名称
for blacklistDomain in self.blacklist_domains.split(
","): # 遍历黑名单列表
if blacklistDomain in jsRealPathDomain:
flag = 1
break
else:
flag = 0
if flag: # 判断js路径中是否存在黑名单
self.jsRealPaths.remove(jsRealPath) # 如果有就进行删除
for blacklistFilename in self.blacklistFilenames.split(","):
if blacklistFilename in jsRealPathFilename:
flag = 1
break
else:
flag = 0
if flag:
if jsRealPath in self.jsRealPaths:
self.jsRealPaths.remove(jsRealPath)
return self.jsRealPaths
def run(self):
if self.options.cookie != None:
header = {
'User-Agent': random.choice(self.UserAgent),
'Content-Type': 'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Cookie': self.options.cookie,
self.options.head.split(':')[0]:
self.options.head.split(':')[1]
}
else:
header = {
'User-Agent': random.choice(self.UserAgent),
'Content-Type': 'application/x-www-form-urlencoded',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
self.options.head.split(':')[0]:
self.options.head.split(':')[1]
}
proxy_data = {
'http': self.options.proxy,
'https': self.options.proxy,
}
testWeb = requests.get(self.options.url,
proxies=proxy_data,
headers=header,
timeout=7).text.strip()
for ban in self.ban_title:
if ban in testWeb:
print(
Utils().tellTime() +
"After a SaoCaoZuo your IP seems to be blocked by GeZhong 666666 de WAF !"
)
def getRealFilePath(self, jsSplitId, jsFileNames, jsUrlpath):
# 我是没见过webpack异步加载的js和放异步的js不在同一个目录下的,这版先不管不同目录的情况吧
jsRealPaths = []
res = urlparse(jsUrlpath)
if "§§§" in jsUrlpath: # html中script情況
jsUrlpath = jsUrlpath.split('§§§')[0]
tmpUrl = jsUrlpath.split("/")
if "." in tmpUrl[-1]:
del tmpUrl[-1]
base_url = "/".join(tmpUrl)
for jsFileName in jsFileNames:
jsFileName = base_url + jsFileName
jsRealPaths.append(jsFileName)
else:
tmpUrl = jsUrlpath.split("/")
del tmpUrl[-1]
base_url = "/".join(tmpUrl) + "/"
for jsFileName in jsFileNames:
jsFileName = Utils().getFilename(jsFileName) # 获取js名称
jsFileName = base_url + jsFileName
jsRealPaths.append(jsFileName)
try:
DownloadJs(jsRealPaths,self.options).downloadJs(self.projectTag, res.netloc, jsSplitId)
self.log.debug("downjs功能正常")
except Exception as e:
self.log.error("[Err] %s" % e)
def RandomBanner():
# BannerList = [Banner1,Banner2,Banner3,Banner4]
if CommandLines().cmd().silent == None:
print(Banner7)
print("©2021 Poc-Sir、KpLi0rn、Liucy、RachesseHS、Lupin-III")
print("Project Hub: https://github.com/rtcatc/Packer-Fuzzer")
print(Utils().getMyWord("{xhlj}") + "\n")
def testProxy(options, show):
try:
url = "http://ifconfig.me/ip"
proxy_data = {
'http': options.proxy,
'https': options.proxy,
}
ipAddr = "127.0.0.1"
ipAddr = requests.get(url, proxies=proxy_data, timeout=7,
verify=False).text.strip()
if show == 1:
print("[+] " + Utils().getMyWord("{connect_s}") + ipAddr)
return ipAddr
except:
if show == 1:
print("[!] " + Utils().getMyWord("{connect_f}"))
return ipAddr
def apiViolentCollect(self, filePath):
violentRe = r'(?isu)"([^"]+)'
with open(filePath, "r", encoding="utf-8",errors="ignore") as jsPath:
print(Utils().tellTime() + Utils().getMyWord("{api_violent_file}") + Utils().getFilename(filePath))
apiStr = jsPath.read()
apiLists = re.findall(violentRe, apiStr)
for apiPath in apiLists:
if apiPath != '' and '/' in apiPath and apiPath != "/":
for apiExt in self.apiExts.split(","):
if apiExt not in apiPath:
flag = 1
else:
flag = 0
break
if flag:
if "?" in apiPath:
apiPath = apiPath.split("?")[0]
self.apiPaths.append(apiPath + "§§§" + filePath)
else:
self.apiPaths.append(apiPath + "§§§" + filePath)
def testProxy(options, show):
try:
# url = "http://ifconfig.me/ip" 这节点居然不能用了...
# url = "https://api.my-ip.io/ip" 备用一个 Backup
url = "http://api.ipify.org/?format=txt"
proxy_data = {
'http': options.proxy,
'https': options.proxy,
}
ipAddr = "127.0.0.1"
ipAddr = requests.get(url, proxies=proxy_data, timeout=7,
verify=False).text.strip()
if show == 1:
if options.silent == None:
print("[+] " + Utils().getMyWord("{connect_s}") + ipAddr)
return ipAddr
except:
if show == 1:
if options.silent == None:
print("[!] " + Utils().getMyWord("{connect_f}"))
return ipAddr
def downloadJs(self, tag, host, spiltId): # 下载js文件
if self.options.cookie != None:
header = {
'User-Agent': random.choice(self.UserAgent),
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Cookie': self.options.cookie,
self.options.head.split(':')[0]: self.options.head.split(':')[1]
}
else:
header = {
'User-Agent': random.choice(self.UserAgent),
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
self.options.head.split(':')[0]: self.options.head.split(':')[1]
}
self.jsRealPaths = list(set(self.jsRealPaths))# list清单去重
try:
self.jsRealPaths = self.jsBlacklist() # 不能放for循环内
self.log.debug("js黑名单函数正常")
except Exception as e:
self.log.error("[Err] %s" % e)
for jsRealPath in self.jsRealPaths:
jsFilename = Utils().getFilename(jsRealPath)
jsTag = Utils().creatTag(6)
PATH = "tmp/" + tag + "_" + host + "/" + tag + ".db"
conn = sqlite3.connect(os.sep.join(PATH.split('/')))
cursor = conn.cursor()
conn.isolation_level = None
checkSql = "select * from js_file where name = '" + jsFilename + "'"
if spiltId == 0:
sql = "insert into js_file(name,path,local) values('%s','%s','%s')" % (
jsFilename, jsRealPath, jsTag + "." + jsFilename)
else:
sql = "insert into js_file(name,path,local,spilt) values('%s','%s','%s',%d)" % (
jsFilename, jsRealPath, jsTag + "." + jsFilename, spiltId)
cursor.execute(checkSql)
res = cursor.fetchall()
if len(res) > 0:
self.log.info(Utils().tellTime() + Utils().getMyWord("{have_it}") + jsFilename)
conn.close()
else:
cursor.execute(sql)
conn.commit()
# headers = {
# "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"}
self.log.info(Utils().tellTime() + Utils().getMyWord("{downloading}") + jsFilename)
sslFlag = int(self.options.ssl_flag)
if sslFlag == 1:
jsFileData = requests.get(url=jsRealPath, headers=header, proxies=self.proxy_data, verify=False).content
else:
jsFileData = requests.get(url=jsRealPath, proxies=self.proxy_data, headers=header).content
with open("tmp" + os.sep + tag + "_" + host + os.sep + jsTag + "." + jsFilename, "wb") as js_file:
js_file.write(jsFileData)
js_file.close()
cursor.execute("UPDATE js_file SET success = 1 WHERE local='%s';" % (jsTag + "." + jsFilename))
conn.commit()
conn.close()
def baseUrlDevelop(self):
# print(", ".join(output)) 要改进压缩在一起并输入在log内
if CommandLines().cmd().baseurl == None:
if len(self.baseUrlPaths) > 3:
if self.options.silent != None:
self.baseUrlPaths = self.baseUrlPaths[:2]
else:
if len(self.baseUrlPaths) > 7:
self.baseUrlPaths = self.baseUrlPaths[:7]
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{base_dir_list}"))
print(", ".join(self.baseUrlPaths))
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{api_top5_list}"))
output = []
for api in self.apiPaths[:5]:
if "§§§" in api:
api = api.split("§§§")[0]
output.append(api)
else:
output.append(api)
print(", ".join(output))
baseurls = input("[!] " + Utils().getMyWord("{new_base_dir}"))
if "," in baseurls:
base = baseurls.split(",")
else:
base = baseurls
self.baseUrlPaths.clear() #直接清除重置
for baseurl in base:
if baseurl not in self.baseUrlPaths:
self.baseUrlPaths.append(baseurl)
elif len(self.baseUrlPaths) < 3:
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{base_dir_list}"))
print(", ".join(self.baseUrlPaths))
creatLog().get_logger().info(Utils().tellTime() + Utils().getMyWord("{api_top5_list}"))
output = []
for api in self.apiPaths[:5]:
if "§§§" in api:
api = api.split("§§§")[0]
output.append(api)
else:
output.append(api)
print(", ".join(output))
def apireCoverStart(self):
projectPath = DatabaseType(self.projectTag).getPathfromDB()
# projectPath = "tmp/_/"
for parent, dirnames, filenames in os.walk(projectPath,
followlinks=True):
for filename in filenames:
if filename != self.projectTag + ".db":
filePath = os.path.join(parent, filename)
try:
self.apiCollect(filePath)
self.getBaseurl(filePath)
self.log.debug("api收集和baseurl提取成功")
except Exception as e:
self.log.error("[Err] %s" % e)
if len(self.apiPaths) < 30: # 提取结果过少时暴力破解
self.log.info(Utils().tellTime() +
Utils().getMyWord("{total_api_auto}"))
for parent, dirnames, filenames in os.walk(projectPath,
followlinks=True):
for filename in filenames:
if filename != self.projectTag + ".db":
filePath = os.path.join(parent, filename)
try:
self.apiViolentCollect(filePath)
self.log.debug("自动api暴力提取模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
else:
self.log.info(Utils().tellTime() +
Utils().getMyWord("{total_api_1}") +
str(len(self.apiPaths)) +
Utils().getMyWord("{total_api_2}"))
if self.options.silent != None:
open_violent = "Y"
else:
open_violent = input(Utils().tellTime() +
Utils().getMyWord("{open_violent_input}"))
if open_violent == "Y" or open_violent == "y":
for parent, dirnames, filenames in os.walk(projectPath,
followlinks=True):
for filename in filenames:
if filename != self.projectTag + ".db":
filePath = os.path.join(parent, filename)
try:
self.apiViolentCollect(filePath)
self.log.debug("手动api暴力提取模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
self.apiComplete()
def advtestStart(self, options):
try:
self.log.info(Utils().tellTime() +
Utils().getMyWord("{password_test}"))
passwordtest = PasswordTest(self.projectTag)
passwordtest.passwordTest()
passwordtest.vulntestStart(options)
self.log.debug("passwordTest模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
# 水平越权 ok
try:
self.log.info(Utils().tellTime() + Utils().getMyWord("{bac_test}"))
bactest = BacTest(self.projectTag, self.options)
bactest.bacTest()
self.log.debug("BacTest模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
# 文件上传 fuzz 检测模块
try:
self.log.info(Utils().tellTime() +
Utils().getMyWord("{upload_test}"))
uploadtest = UploadTest(self.projectTag, self.options)
uploadtest.uploadTest()
self.log.debug("UploadTest模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
# sql注入检测模块
try:
self.log.info(Utils().tellTime() + Utils().getMyWord("{sql_test}"))
sqltest = SqlTest(self.projectTag, self.options)
sqltest.sqlTest()
self.log.debug("SqlTest模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
def testStart(self, url):
self.log.info(Utils().tellTime() + Utils().getMyWord("{unauth_test}"))
try:
UnAuthTest(self.projectTag).apiUnAuthTest()
self.log.debug("UnAuthTest模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
self.log.info(Utils().tellTime() + Utils().getMyWord("{info_test}"))
try:
InfoTest(self.projectTag).startInfoTest()
self.log.debug("InfoTest模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
self.log.info(Utils().tellTime() + Utils().getMyWord("{cors_test}"))
try:
cors = CorsTest(url, self.options)
cors.testStart()
if cors.flag == 1:
DatabaseType(self.projectTag).insertCorsInfoIntoDB(
cors.header, cors.res)
self.log.debug("CorsTest模块正常")
except Exception as e:
self.log.error("[Err] %s" % e)
def parseStart(self):
projectTag = logs
if self.options.silent != None:
print("[TAG]" + projectTag)
DatabaseType(projectTag).createDatabase()
ParseJs(projectTag, self.url, self.options).parseJsStart()
path_log = os.path.abspath(log_name)
path_db = os.path.abspath(
DatabaseType(projectTag).getPathfromDB() + projectTag + ".db")
creatLog().get_logger().info("[!] " + Utils().getMyWord("{db_path}") +
path_db) #显示数据库文件路径
creatLog().get_logger().info("[!] " + Utils().getMyWord("{log_path}") +
path_log) #显示log文件路径
checkResult = CheckPacker(projectTag, self.url,
self.options).checkStart()
if checkResult == 1 or checkResult == 777: #打包器检测模块
if checkResult != 777: #确保检测报错也能运行
creatLog().get_logger().info(
"[!] " + Utils().getMyWord("{check_pack_s}"))
RecoverSpilt(projectTag, self.options).recoverStart()
else:
creatLog().get_logger().info("[!] " +
Utils().getMyWord("{check_pack_f}"))
Apicollect(projectTag, self.options).apireCoverStart()
apis = DatabaseType(projectTag).apiPathFromDB() # 从数据库中提取出来的api
self.codes = ApiResponse(apis, self.options).run()
DatabaseType(projectTag).insertResultFrom(self.codes)
getPaths = DatabaseType(projectTag).sucesssPathFromDB() # 获取get请求的path
getTexts = ApiText(getPaths, self.options).run() # 对get请求进行一个获取返回包
postMethod = DatabaseType(
projectTag).wrongMethodFromDB() # 获取post请求的path
if len(postMethod) != 0:
postText = PostApiText(postMethod, self.options).run()
DatabaseType(projectTag).insertTextFromDB(postText)
DatabaseType(projectTag).insertTextFromDB(getTexts)
if self.options.type == "adv":
creatLog().get_logger().info("[!] " +
Utils().getMyWord("{adv_start}"))
creatLog().get_logger().info(Utils().tellTime() +
Utils().getMyWord("{beauty_js}"))
BeautyJs(projectTag).rewrite_js()
creatLog().get_logger().info(Utils().tellTime() +
Utils().getMyWord("{fuzzer_param}"))
FuzzerParam(projectTag).FuzzerCollect()
creatLog().get_logger().info(Utils().tellTime() +
Utils().getMyWord("{response_end}"))
vulnTest(projectTag, self.options).testStart(self.url)
if self.options.type == "adv":
vulnTest(projectTag, self.options).advtestStart(self.options)
if self.options.ext == "on":
creatLog().get_logger().info("[+] " +
Utils().getMyWord("{ext_start}"))
loadExtensions(projectTag, self.options).runExt()
creatLog().get_logger().info("[-] " +
Utils().getMyWord("{ext_end}"))
vuln_num = Docx_replace(projectTag).vuln_judge()
co_vuln_num = vuln_num[1] + vuln_num[2] + vuln_num[3]
creatLog().get_logger().info(
"[!] " + Utils().getMyWord("{co_discovery}") + str(co_vuln_num) +
Utils().getMyWord("{effective_vuln}") + ": " +
Utils().getMyWord("{r_l_h}") + str(vuln_num[1]) +
Utils().getMyWord("{ge}") + ", " + Utils().getMyWord("{r_l_m}") +
str(vuln_num[2]) + Utils().getMyWord("{ge}") + ", " +
Utils().getMyWord("{r_l_l}") + str(vuln_num[3]) +
Utils().getMyWord("{ge}"))
CreateReport(projectTag).create_repoter()
creatLog().get_logger().info("[-] " + Utils().getMyWord("{all_end}"))
def creat_api(self, document):
para1 = Creat_api(self.projectTag).locat_api(document)
projectDBPath = DatabaseType(
self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select * from api_tree"
cursor.execute(sql)
api_infos = cursor.fetchall()
for api_info in api_infos:
if api_info[5] == 1 or api_info[5] == 2:
para2 = para1.insert_paragraph_before("")
api_path = api_info[1]
sql = "select path from js_file where id='%s'" % (api_info[6])
cursor.execute(sql)
js_paths = cursor.fetchall()
for js_path in js_paths:
run2 = para2.add_run(Utils().getMyWord("{r_api_addr}") +
"\n")
run2.font.name = "Arial"
run2.font.size = Pt(11)
run2.font.bold = True
run3 = para2.add_run(api_path)
run3.font.name = "Arial"
run3.font.size = Pt(11)
run4 = para2.add_run("\n" +
Utils().getMyWord("{r_api_r_js}") +
"\n")
run4.font.name = "Arial"
run4.font.size = Pt(11)
run4.font.bold = True
run5 = para2.add_run(js_path[0])
run5.font.name = "Arial"
run5.font.size = Pt(11)
run6 = para2.add_run("\n" +
Utils().getMyWord("{r_api_res}") + "")
run6.font.name = "Arial"
run6.font.size = Pt(11)
run6.font.bold = True
try:
if api_info[4] == None:
api_info1 = "\" \""
api_info_unicode = json.dumps(
json.loads(api_info1),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_api(self.projectTag).creat_table(
document, api_info_unicode, para2)
else:
api_info_unicode = json.dumps(json.loads(
api_info[4]),
sort_keys=True,
indent=4,
ensure_ascii=False)
Creat_api(self.projectTag).creat_table(
document, api_info_unicode, para2)
self.log.debug("api_info正常")
except Exception as e:
if api_info[4] == None:
api_info1 = "\" \""
Creat_api(self.projectTag).creat_table(
document, api_info1, para2)
else:
Creat_api(self.projectTag).creat_table(
document, api_info[4], para2)
self.log.error("[Err] %s" % e)
def docxReplace(self, document):
cmd = CommandLines().cmd()
ipAddr = testProxy(cmd,0)
end_time = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
report_time = time.strftime("%Y-%m-%d %H:%M", time.localtime())
main_url = DatabaseType(self.projectTag).getURLfromDB()
parse_url = urlparse(main_url)
host = parse_url.netloc
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id from js_file"
cursor.execute(sql)
js_all_files = cursor.fetchall()
js_num = len(js_all_files)
sql = "select path from js_file"
cursor.execute(sql)
jsfilelist = cursor.fetchall()
js_paths=''
for js in jsfilelist:
jspath = "◆ " + js[0] + "\n"
js_paths = js_paths + jspath
sql ="select id from api_tree where success = 1 or success = 2"
cursor.execute(sql)
api_list = cursor.fetchall()
api_num = len(api_list)
vuln_infos = Docx_replace(self.projectTag).vuln_judge()
vuln_h_num = vuln_infos[1]
vuln_m_num = vuln_infos[2]
vuln_l_num = vuln_infos[3]
vuln_num = vuln_h_num + vuln_m_num + vuln_l_num
vuln_score = vuln_infos[0]
if vuln_score >= 18:
sec_lv = Utils().getMyWord("{risk_h}")
elif vuln_score < 18 and vuln_score >= 10:
sec_lv = Utils().getMyWord("{risk_m}")
elif vuln_score < 10 and vuln_score >= 5:
sec_lv = Utils().getMyWord("{risk_l}")
else:
sec_lv = Utils().getMyWord("{risk_n}")
sql = "select vaule from info where name='time'"
cursor.execute(sql)
time_in_info = cursor.fetchone()
timeArray = time.localtime(int(time_in_info[0]))
start_time = time.strftime("%Y-%m-%d %H:%M:%S", timeArray)
type = CommandLines().cmd().type
if type == "simple":
scan_type = Utils().getMyWord("{mode_simple}")
else:
scan_type = Utils().getMyWord("{mode_adv}")
scan_min = int(end_time.split(":")[-2]) - int(start_time.split(":")[-2])
if int(scan_min) >= 1:
end_time_one = int(end_time.split(":")[-1]) + int(scan_min) * 60
scan_time = int(end_time_one) - int(start_time.split(":")[-1])
else:
scan_time = int(end_time.split(":")[-1]) - int(start_time.split(":")[-1])
vuln_list = ''
sql = "select id from vuln where type='unAuth'"
cursor.execute(sql)
num_auth = cursor.fetchall()
if len(num_auth) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_unauth_num}") + str(len(num_auth)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='CORS'"
cursor.execute(sql)
num_cors = cursor.fetchall()
if len(num_cors) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_cors_num}") + str(len(num_cors)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='INFO'"
cursor.execute(sql)
num_info = cursor.fetchall()
if len(num_info) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_info_num}") + str(len(num_info)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='passWord'"
cursor.execute(sql)
num_passWord = cursor.fetchall()
if len(num_passWord) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_passWord_num}") + str(len(num_passWord)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='BAC'"
cursor.execute(sql)
num_BAC = cursor.fetchall()
if len(num_BAC) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_BAC_num}") + str(len(num_BAC)) + Utils().getMyWord("{ge}") + "\n"
sql = "select id from vuln where type='upLoad'"
cursor.execute(sql)
num_upload = cursor.fetchall()
if len(num_upload) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_upload_num}") + str(
len(num_upload)) + Utils().getMyWord(
"{ge}") + "\n"
sql = "select id from vuln where type='SQL'"
cursor.execute(sql)
num_sql = cursor.fetchall()
if len(num_sql) != 0:
vuln_list = vuln_list + "◆ " + Utils().getMyWord("{vuln_sql_num}") + str(
len(num_sql)) + Utils().getMyWord(
"{ge}") + "\n"
cookies = CommandLines().cmd().cookie
if cookies:
extra_cookies = cookies
else:
extra_cookies = Utils().getMyWord("{no_extra_cookies}")
head = CommandLines().cmd().head
if head != "Cache-Control:no-cache":
extra_head = head
else:
extra_head = Utils().getMyWord("{no_extra_head}")
try:
DICT = {
"{report_number}": "PF-API-" + self.projectTag,
"{report_date}": "%s" % (report_time),
"{target_host}": "%s" % (host),
"{target_url}": "%s" % (main_url),
"{js_num}": "%s" % (js_num),
"{start_time}": "%s" % (start_time),
"{scan_time}" :"%s" % (scan_time),
"{scan_type}": "%s" % (scan_type),
"{api_num}": "%s" % (api_num),
"{vuln_num}": "%s" % (vuln_num),
"{vuln_h_num}": "%s" % (vuln_h_num),
"{vuln_m_num}": "%s" % (vuln_m_num),
"{vuln_l_num}": "%s" % (vuln_l_num),
"{unauth_vuln}": "%s" % ("unauth_vuln"),
"{vuln_list}": "%s" % (vuln_list),
"{scan_ip}": "%s" % (ipAddr),
"{extra_cookies}": "%s" % (extra_cookies),
"{extra_head}": "%s" % (extra_head)
}
self.log.debug("word—report正常替换")
except Exception as e:
self.log.error("[Err] %s" % e)
for table in document.tables:
for row in range(len(table.rows)):
for col in range(len(table.columns)):
for key, value in DICT.items():
if key in table.cell(row, col).text:
table.cell(row, col).text = table.cell(row, col).text.replace(key, value)
for para in document.paragraphs:
for i in range(len(para.runs)):
for key, value in DICT.items():
if key in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace(key, value)
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{js_list}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{js_list}", "%s" % (js_paths))
para.runs[i].font.size = Pt(10)
para.runs[i].font.name = "Arial"
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{end_time}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{end_time}", "%s" % (end_time))
for para in document.paragraphs:
for i in range(len(para.runs)):
if "{sec_lv}" in para.runs[i].text:
para.runs[i].text = para.runs[i].text.replace("{sec_lv}", "%s" % (sec_lv))
para.runs[i].font.size = Pt(14)
if sec_lv == Utils().getMyWord("{risk_n}"):
para.runs[i].font.color.rgb = RGBColor(139,137,137)
elif sec_lv == Utils().getMyWord("{risk_l}"):
para.runs[i].font.color.rgb = RGBColor(46, 139,87)
elif sec_lv == Utils().getMyWord("{risk_m}"):
para.runs[i].font.color.rgb = RGBColor(205, 55, 0)
elif sec_lv == Utils().getMyWord("{risk_h}"):
para.runs[i].font.color.rgb = RGBColor(238, 0, 0)
try:
Creat_vuln_detail(self.projectTag).creat_detail(document)
self.log.debug("正确获取vuln_detail替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
try:
Creat_api(self.projectTag).creat_api(document)
self.log.debug("正确获取api替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
try:
Creat_suggest(self.projectTag).creat_suggest(document)
self.log.debug("正确获取suggest替换内容")
except Exception as e:
self.log.error("[Err] %s" % e)
return document
def __init__(self , logger=None):
self.logger = logging.getLogger(logger)
self.logger.setLevel(logging.NOTSET)
self.log_time = time.strftime("%Y_%m_%d_")
self.log_name = "logs" + os.sep + Utils().creatTag(6) + ".log"
def parseStart(self):
projectTag = Utils().creatTag(6)
if self.options.silent != None:
print("[TAG]" + projectTag)
DatabaseType(projectTag).createDatabase()
ParseJs(projectTag, self.url, self.options).parseJsStart()
checkResult = CheckPacker(projectTag, self.url,
self.options).checkStart()
if checkResult == 1 or checkResult == 777: #打包器检测模块
if checkResult != 777: #确保检测报错也能运行
creatLog().get_logger().info(
"[!] " + Utils().getMyWord("{check_pack_s}"))
RecoverSpilt(projectTag, self.options).recoverStart()
else:
creatLog().get_logger().info("[!] " +
Utils().getMyWord("{check_pack_f}"))
Apicollect(projectTag, self.options).apireCoverStart()
apis = DatabaseType(projectTag).apiPathFromDB() # 从数据库中提取出来的api
self.codes = ApiResponse(apis, self.options).run()
DatabaseType(projectTag).insertResultFrom(self.codes)
getPaths = DatabaseType(projectTag).sucesssPathFromDB() # 获取get请求的path
getTexts = ApiText(getPaths, self.options).run() # 对get请求进行一个获取返回包
postMethod = DatabaseType(
projectTag).wrongMethodFromDB() # 获取post请求的path
if len(postMethod) != 0:
postText = PostApiText(postMethod, self.options).run()
DatabaseType(projectTag).insertTextFromDB(postText)
DatabaseType(projectTag).insertTextFromDB(getTexts)
if self.options.type == "adv":
creatLog().get_logger().info("[!] " +
Utils().getMyWord("{adv_start}"))
creatLog().get_logger().info(Utils().tellTime() +
Utils().getMyWord("{beauty_js}"))
BeautyJs(projectTag).rewrite_js()
creatLog().get_logger().info(Utils().tellTime() +
Utils().getMyWord("{fuzzer_param}"))
FuzzerParam(projectTag).FuzzerCollect()
creatLog().get_logger().info(Utils().tellTime() +
Utils().getMyWord("{response_end}"))
vulnTest(projectTag, self.options).testStart(self.url)
if self.options.type == "adv":
vulnTest(projectTag, self.options).advtestStart(self.options)
if self.options.ext == "on":
creatLog().get_logger().info("[+] " +
Utils().getMyWord("{ext_start}"))
loadExtensions(projectTag, self.options).runExt()
creatLog().get_logger().info("[-] " +
Utils().getMyWord("{ext_end}"))
CreateReport(projectTag).create_repoter()
creatLog().get_logger().info("[-] " + Utils().getMyWord("{all_end}"))
def run(self):
print(Utils().tellTime() + "Hello Bonjour Hola 你好 こんにちは")
def createProjectDatabase(self, url, type, cloneTag):
if type == 1:
typeValue = "simple"
else:
typeValue = "adv"
unixTime = int(time.time())
res = urlparse(url)
domain = res.netloc
if ":" in domain:
domain = str(domain).replace(":", "_")
PATH = "tmp/" + self.projectTag + "_" + domain + '/' + self.projectTag + ".db"
try:
if Utils().creatSometing(2, PATH) == 1:
connect = sqlite3.connect(os.sep.join(PATH.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
cursor.execute('''CREATE TABLE if not exists info(
name TEXT PRIMARY KEY NOT NULL,
vaule TEXT );''')
cursor.execute('''CREATE TABLE if not exists js_file(
id INTEGER PRIMARY KEY autoincrement,
name TEXT NOT NULL,
path TEXT ,
local TEXT ,
success INT ,
spilt INT );''')
cursor.execute('''CREATE TABLE if not exists js_split_tree(
id INTEGER PRIMARY KEY autoincrement,
jsCode TEXT ,
js_name TEXT ,
js_result TEXT ,
success INT );''')
cursor.execute('''CREATE TABLE if not exists api_tree(
id INTEGER PRIMARY KEY autoincrement,
path TEXT ,
name TEXT NOT NULL,
option TEXT ,
result TEXT ,
success INT ,
from_js INT );''')
cursor.execute('''CREATE TABLE if not exists vuln(
id INTEGER PRIMARY KEY autoincrement,
api_id INT NOT NULL,
js_id INT NOT NULL,
type TEXT ,
sure INT ,
request_b TEXT ,
response_b TEXT ,
response_h TEXT ,
des TEXT );''')
cursor.execute("insert into info values('time', '%s')" %
(unixTime))
cursor.execute("insert into info values('url', '%s')" % (url))
cursor.execute("insert into info values('host','%s')" % (domain))
cursor.execute("insert into info values('type', '%s')" %
(typeValue))
cursor.execute("insert into info values('tag', '%s')" %
(self.projectTag))
cursor.execute("insert into info (name) VALUES ('clone')")
connect.commit()
connect.close()
conn2 = sqlite3.connect(os.getcwd() + os.sep + "main.db")
cursor2 = conn2.cursor()
conn2.isolation_level = None
sql = "INSERT into project (tag,host,time) VALUES ('" + self.projectTag + "', '" + domain + "', " + str(
unixTime) + ")"
cursor2.execute(sql)
conn2.commit()
conn2.close()
self.log.debug("数据库创建成功")
except Exception as e:
self.log.error("[Err] %s" % e)
def __init__(self,projectTag):
docLang = Utils().getMyWord("{lang}")
self.projectTag = projectTag
self.tmp_filepath = "doc" + os.sep + "template" + os.sep + docLang + ".docx"
self.new_filepath = "reports" + os.sep + "tmp_" + self.projectTag + ".docx"
self.log = creatLog().get_logger()
