def mutiBuild(self): # build base info versionPlace = VERSION reportTime = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())) selectPlugin = ' '.join(urlconfig.diyPlugin) Ajatar_html = "PCFET0NUWVBFIGh0bWw+CjxodG1sIGxhbmc9ImVuIj4KICA8aGVhZD4KICAgIDxtZXRhIGNoYXJzZXQ9InV0Zi04Ij4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9ZWRnZSI+CiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEiPgoKICAgIDx0aXRsZT5BamF0YXIg5om56YeP5ryP5rSe5omr5o+P5oql5ZGKPC90aXRsZT4KCiAgICA8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iU291cmNlIGNvZGUgZ2VuZXJhdGVkIHVzaW5nIGxheW91dGl0LmNvbSI+CiAgICA8bWV0YSBuYW1lPSJhdXRob3IiIGNvbnRlbnQ9IkxheW91dEl0ISI+CgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwOi8vY2RuLmJvb3Rjc3MuY29tL2Jvb3RzdHJhcC8zLjMuMC9jc3MvYm9vdHN0cmFwLm1pbi5jc3MiPiAKICAgIDxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iaHR0cDovL2Nkbi5ib290Y3NzLmNvbS9mb250LWF3ZXNvbWUvNC4yLjAvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIj4gCgogIDwvaGVhZD4KICA8Ym9keT4KCiAgICA8ZGl2IGNsYXNzPSJjb250YWluZXItZmx1aWQiPgoJPGRpdiBjbGFzcz0icm93Ij4KCQk8ZGl2IGNsYXNzPSJjb2wtbWQtMTIiPgoJCQk8ZGl2IGNsYXNzPSJwYWdlLWhlYWRlciI+CgkJCQk8aDE+CgkJCQkJQWphdGFy5om56YeP5omr5o+P5oql5ZGKICA8c21hbGw+dnt7dmVyc2lvbn19PC9zbWFsbD4KCQkJCTwvaDE+CgkJCTwvZGl2PiA8c3BhbiBjbGFzcz0ibGFiZWwgbGFiZWwtcHJpbWFyeSI+55Sf5oiQ5pe26Ze077yae3tyZXBvcnRUaW1lfX08L3NwYW4+CiAgICAgICAgICAgIDxzcGFuIGNsYXNzPSJsYWJlbCBsYWJlbC1zdWNjZXNzIj7pgInmi6nmj5Lku7bvvJp7e3NlbGVjdFBsdWdpbn19PC9zcGFuPgogICAgICAgICAgICA8c3BhbiBjbGFzcz0ibGFiZWwgbGFiZWwtZGFuZ2VyIj5TY2FuIHRpbWUJe3tzY2FudGltZX19PC9zcGFuPgogICAgICAgICAgICA8L2JyPjwvYnI+CgkJCTx0YWJsZSBjbGFzcz0idGFibGUiPgoJCQkJPHRoZWFkPgoJCQkJCTx0cj4KICAgIDx0aD4jPC90aD4KICAgIDx0aD5Vcmw8L3RoPgogICAgPHRoPlRpdGxlPC90aD4KICAgIDx0aD5CdWlsZHdpdGg8L3RoPgogICAgPHRoPkluZm88L3RoPgogICAgPHRoPk5vdGU8L3RoPgogICAgPHRoPldhcm5pbmc8L3RoPgogICAgPHRoPkhvbGU8L3RoPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4KCQkJCTwvdGhlYWQ+CiAgICAgICAgICAgICAgICAKCQkJCTx0Ym9keT4KICAgICAgICAgICAgICAgICAgICB7e2NvbnRlbnR9fQoJCQkJPC90Ym9keT4KCQkJPC90YWJsZT4KCQk8L2Rpdj4KCTwvZGl2Pgo8L2Rpdj4KICA8L2JvZHk+CjwvaHRtbD4K" Ajatar_html = base64.b64decode(Ajatar_html) Ajatar_html = Ajatar_html.replace("{{version}}", str(versionPlace)) Ajatar_html = Ajatar_html.replace("{{reportTime}}", str(reportTime)) Ajatar_html = Ajatar_html.replace("{{scantime}}", runningTime(urlconfig.runningTime)) Ajatar_html = Ajatar_html.replace("{{selectPlugin}}", str(selectPlugin)) htmlDict = dict() index = 0 full = [] try: for url, content in self.dict.items(): htmlDict[url] = dict() index = index + 1 Total = dict() title = "" server = "" for key, value in content.items(): htmlDict[url][key] = value.getData() if len(htmlDict[url][key]): infoList = list() if key == "info": if "title" in htmlDict[url][key]: title = htmlDict[url][key]["title"] if isinstance(title, list): title = ''.join(title) htmlDict[url][key].pop("title") if "WebStruct" in htmlDict[url][key]: server = htmlDict[url][key]["WebStruct"] htmlDict[url][key].pop("WebStruct") for k, v in htmlDict[url][key].items(): f = v if isinstance(v, list): f = '[/br]'.join(v) elif isinstance(v, set): f = '[/br]'.join([i for i in f]) f = self.escape(f).replace('[/br]', '</br>') infoList.append(self.addmutibug(str(k), str(f))) info_page = ''.join(infoList) else: info_page = "" Total[key] = info_page.replace('[/br]', '</br>') tr = "<tr><td>%d</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td> %s</td><td>%s</td><td>%s</td></tr>" % ( index, url, title, server, Total["info"], Total["note"], Total["warning"], Total["hole"]) full.append(tr) except Exception as err: raise ToolkitMissingPrivileges("Building result faild!") Ajatar_html = Ajatar_html.replace("{{content}}", ' '.join(full)) filename = os.path.join( paths.Ajatar_Output_PATH, "BatchScanning" + "_" + str(int(time.time())) + ".html") result = open(filename, "w") result.write(Ajatar_html) result.close() logger.info("success saved :" + filename)
def build(self): # build base info reportTime = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())) # build scan info htmlDict = dict() Total = {"hole": '0', "note": '0', "warning": '0', "info": '0'} # build DomainRoot = get_domain_root(''.join(urlconfig.url)) Ajatar_html = "<!DOCTYPE html>
<!--[if IE 8]><html class="ie ie8"> <![endif]-->
<!--[if IE 9]><html class="ie ie9"> <![endif]-->
<!--[if gt IE 9]><!-->
<html> <!--<![endif]-->
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content="Cobra is a code static scan system">
    <meta name="author" content="Feei <feei@feei.cn>">
    <title>Ajatar security report</title>

    <!-- Favicon-->
    <link rel="shortcut icon" href="./asset/ico/favicon.ico" type="image/x-icon">
    
    <link href="https://cdn.bootcss.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet">
    <!-- CSS -->
    <link href="https://bugs.hacking8.com/cdn/asset/css/base.css" rel="stylesheet">
    <link href="https://bugs.hacking8.com/cdn/asset/css/report.css" rel="stylesheet">

    <!--[if lt IE 9]>
      <script src="js/html5shiv.min.js"></script>
      <script src="js/respond.min.js"></script>
    <![endif]-->

</head>
<body>
<div class="container-fluid">
    <div class="row">
        <div class="col-xs-12">
            <div class="invoice-title">
                <h2>Ajatar</h2>
                <h3 class="pull-right"></h3>
            </div>
            <hr>
            <ul class="nav nav-tabs" id="myTabs">
                <li class="active"><a data-id="inf" data-toggle="tab">Information</a></li>
            </ul>
            <div class="tab-content">
                <div class="tab-pane active" id="inf">
                    <div class="row">
                        <div class="col-md-4 column">
                            <h4>Welcome to Ajatar!</h4>
                            <div class="row">
                                <div class="col-xs-12">
                                    <address>
                                        <h5>Project information</h5>
                                        <table class="table table-striped table-bordered table-condensed">
                                            <thead>
                                            <tr>
                                                <th>Item</th>
                                                <th>Value</th>
                                            </tr>
                                            </thead>
                                            <tbody>
                                            <tr>
                                                <td>Domain</td>
                                                <td>{{url}}</td>
                                            </tr>
                                            <tr>
                                                <td>Select plugin</td>
                                                <td>{{select_plugin}}</td>
                                            </tr>
                                            <tr>
                                                <td>scan all port</td>
                                                <td>{{scan_all_port}}</td>
                                            </tr>
                                            <tr>
                                                <td>ThreadNum</td>
                                                <td>{{ThreadNum}}</td>
                                            </tr>
                                            </tbody>
                                        </table>
                                    </address>
                                </div>
                                <div class="col-xs-12">
                                    <address>
                                        <h5>Scan information</h5>
                                        <table class="table table-striped table-bordered table-condensed">
                                            <thead>
                                            <tr>
                                                <th>Item</th>
                                                <th>Value</th>
                                            </tr>
                                            </thead>
                                            <tbody>
                                            <tr>
                                                <td>Report time</td>
                                                <td>{{reportTime}}</td>
                                            </tr>
                                            <tr>
                                                <td>Scan time</td>
                                                <td>{{scantime}}</td>
                                            </tr>
                                            </tbody>
                                        </table>
                                    </address>
                                </div>
                                <div class="col-xs-12">
                                    <address>
                                        <h5>Number of vulnerabilities</h5>
                                        <table class="table table-striped table-bordered table-condensed">
                                            <thead>
                                            <tr>
                                                <th>Level</th>
                                                <th>Total</th>
                                            </tr>
                                            </thead>
                                            <tbody class="n-o-v">
                                            <tr>
                                                <td>Hole</td>
                                                <td>{{total_Hole}}</td>
                                            </tr>
                                            <tr>
                                                <td>Note</td>
                                                <td>{{total_Note}}</td>
                                            </tr>
                                            <tr>
                                                <td>Warning</td>
                                                <td>{{total_Warning}}</td>
                                            </tr>
                                            <tr>
                                                <td>Info</td>
                                                <td>{{total_Info}}</td>
                                            </tr>
                                            </tbody>
                                        </table>
                                    </address>
                                </div>
                            </div>
                        </div>
                        <div class="col-md-8 column">
                            <h4>Vulnerability statistics</h4>
                                <div class="bs-example" data-example-id="media-list">
    <ul class="media-list">
      <li class="media">
        <div class="media-left">
          <a href="#">
            <i class="fa fa-circle m-l-5 text-purple"></i>
          </a>
        </div>
        <div class="media-body">
          <h4 class="media-heading">Report Level</h4>
          <p>w9scan扫描报告等级按照严重性分为四级 info note warning hole.</p>
          <!-- Nested media object -->
          <div class="media">
            <div class="media-left">
              <a href="#">
              <i class="fa fa-circle m-l-5 text-info"></i>
              </a>
            </div>
            <div class="media-body">
              <h4 class="media-heading">Info level</h4>
              Info level 搜集网站的一些基本.
              <!-- Nested media object -->
              {{info_content}}
            </div>
          </div>
          <!-- Nested media object -->
          <div class="media">
            <div class="media-left">
              <a href="#">
                <i class="fa fa-circle m-l-5 text-success"></i>
              </a>
            </div>
            <div class="media-body">
              <h4 class="media-heading">Note level</h4>
              Note level 提醒网站的一些信息可能被泄露.
              {{note_content}}
            </div>
          </div>
          <!-- Nested media object -->
          <div class="media">
            <div class="media-left">
              <a href="#">
                <i class="fa fa-circle m-l-5 text-warning"></i>
              </a>
            </div>
            <div class="media-body">
              <h4 class="media-heading">Warning level</h4>
              Warning level 警告网站某些地方可能被利用.
              {{warning_content}}
            </div>
          </div>
          <!-- Nested media object -->
          <div class="media">
            <div class="media-left">
              <a href="#">
                <i class="fa fa-circle m-l-5 text-hole"></i>
              </a>
            </div>
            <div class="media-body">
              <h4 class="media-heading">Hole level</h4>
              Hole level 高危等级 警告网站某些地方可能存在严重的安全问题.
              {{hole_content}}
            </div>
          </div>
        </div>
      </li>
    </ul>
    
  </div>
                        </div>
                    </div><!-- End row -->
                </div><!-- End rab -->
            </div>
        </div>
    </div>
    <hr>
    <!-- Containers -->
    <div class="row">
        <div class="col-md-6">
            <div>
                <p style="float:left;">
                    Copyright &copy; 2018 <a href="https://github.com/Ajatars/Ajatar" target="_blank">Ajatar</a>. All rights reserved
                </p>
            </div>
        </div>
        <div class="col-md-6">
            <div>
                <p style="float:right;">
                    <a href="https://github.com/Ajatars/Ajatar" target="_blank">Github</a> -
                    <a href="https://github.com/Ajatars/Ajatar" target="_blank">Ajatar</a>
                </p>
            </div>
        </div>
    </div>
</div>
</body>
</html>" try: Ajatar_html = base64.b64decode(Ajatar_html) Ajatar_html = Ajatar_html.replace("{{url}}", str(urlconfig.url)) Ajatar_html = Ajatar_html.replace("{{scan_all_port}}", str(urlconfig.scanport)) Ajatar_html = Ajatar_html.replace("{{ThreadNum}}", str(urlconfig.threadNum)) Ajatar_html = Ajatar_html.replace( "{{select_plugin}}", str(' '.join(urlconfig.diyPlugin))) Ajatar_html = Ajatar_html.replace("{{reportTime}}", str(reportTime)) Ajatar_html = Ajatar_html.replace( "{{scantime}}", runningTime(urlconfig.runningTime)) except Exception: raise ToolkitMissingPrivileges("BuildHtml Error Exception") try: for url, content in self.dict.items(): htmlDict[url] = dict() for key, value in content.items(): try: htmlDict[url][key] = value.getData() if len(htmlDict[url][key]): infoList = list() for k, v in htmlDict[url][key].items(): f = v if isinstance(v, list): f = '[/br]'.join(v) elif isinstance(v, set): f = '[/br]'.join([i for i in f]) f = self.escape(f).replace('[/br]', '</br>') infoList.append( self.addbug(key, str(k), str(f))) info_page = ''.join(infoList) substr = "{{%s_content}}" % key Ajatar_html = Ajatar_html.replace( substr, info_page) else: substr = "{{%s_content}}" % key Ajatar_html = Ajatar_html.replace(substr, '') Total[key] = str(len(value.getData())) except Exception: raise ToolkitMissingPrivileges("Save Report Exception") Ajatar_html = Ajatar_html.replace("{{total_Hole}}", Total["hole"]) Ajatar_html = Ajatar_html.replace("{{total_Note}}", Total["note"]) Ajatar_html = Ajatar_html.replace("{{total_Warning}}", Total["warning"]) Ajatar_html = Ajatar_html.replace("{{total_Info}}", Total["info"]) filename = DomainRoot + "_" + str(int(time.time())) + ".html" filename = filename.replace(":", "_") filename = os.path.join(paths.Ajatar_Output_PATH, filename) result = open(filename, "w") result.write(Ajatar_html) result.close() logger.info("success saved :" + filename) except Exception as err: raise ToolkitMissingPrivileges("Sava Faild! error:" + err)