def test04_login(self,keywords, password, expect_code):
r = self.api.login(keywords, password)
logger.info("请求数据:{} 响应数据:{}".format((keywords, password, expect_code), r.json()))
print("登录结果:", r.json())
if "error" in password:
logger.info("锁定60验证...")
r = self.api.login(keywords, password)
logger.info("请求数据:{} 响应数据:{}".format((keywords, password, expect_code), r.json()))
print("登陆结果:", r.json())
r = self.api.login(keywords, password)
logger.info("请求数据:{} 响应数据:{}".format((keywords, password, expect_code), r.json()))
print("登陆结果:", r.json())
time.sleep(60)
r = self.api.login("13600001111", "q123456")
logger.info("请求数据:{} 响应数据:{}".format((keywords, password, expect_code), r.json()))
print("登陆结果:", r.json())
try:
# 4. 断言登录信息
common_assert(self, r, status_code=expect_code)
except Exception as e:
logger.error(e)
raise
def delete_blog(blog_id, user_id):
"""
:param blog_id:
:param user_id:
:return:
code: '-1: error, 0: success, 3: blog is not existed'
"""
conn = None
cursor = None
code = -1
try:
conn = db.get_connection()
if conn.is_connected():
cursor = conn.cursor()
sql = "Select id from blogs where id = %s and user_id = %s " % (
blog_id, user_id)
logger.info(sql)
cursor.execute(sql)
rows = cursor.fetchall()
if len(rows) > 0:
sql = "Delete from blogs where id = %s and user_id = %s" % (
blog_id, user_id)
logger.info(sql)
cursor.execute(sql)
conn.commit()
code = 0
else:
code = 3
except Exception as e:
log_exception(e)
finally:
close_cursor_connection(cursor)
close_db_connection(conn)
return code
def _delete(self, ID: int, force: bool) -> int:
try:
tree = ET.parse(config.webshell_save_path)
root = tree.getroot()
item = None
for c in root:
if int(c.attrib.get('id', 0)) == ID:
item = c
break
if item is None:
logger.error(f"No saved webshell connection for ID `{ID}`!")
return self.STOP
if force or utils.input(
"Are you sure to delete this webshell connection? (y/n) "
).lower() == 'y':
root.remove(item)
tree.write(config.webshell_save_path)
logger.info(f"Remove a saved webshell connections `{ID}`",
False)
return self.SUCCESS
except ET.ParseError:
logger.error(
f"Xml parse error!Check this file `{config.webshell_save_path}`"
)
except FileNotFoundError:
logger.error(f"This file `{config.webshell_save_path}` not found!")
return self.STOP
def create_blog(user_id, title, content):
"""
:param user_id:
:param title:
:param content:
:return:
code: '-1: error, 0: success'
"""
conn = None
cursor = None
code = -1
try:
conn = db.get_connection()
if conn.is_connected():
cursor = conn.cursor()
sql = "Insert into blogs (user_id,title,content) values (%s,'%s','%s')" % (
user_id, title, content)
logger.info(sql)
cursor.execute(sql)
conn.commit()
code = 0
except Exception as e:
log_exception(e)
finally:
close_cursor_connection(cursor)
close_db_connection(conn)
return code
def like_blog(blog_id, user_id):
"""
:param blog_id:
:param user_id:
:return:
code: '-1: error, 0: success, 3: blog is not existed'
"""
conn = None
cursor = None
code = -1
try:
conn = db.get_connection()
if conn.is_connected():
cursor = conn.cursor()
sql = "Select id from blogs where id = %s" % blog_id
logger.info(sql)
cursor.execute(sql)
rows = cursor.fetchall()
if len(rows) > 0:
sql = "Insert into like_blog (blog_id, user_id) values (%s,%s) " \
"on duplicate key update created_time = now()" \
% (blog_id, user_id)
logger.info(sql)
cursor.execute(sql)
conn.commit()
code = 0
else:
code = 3
except Exception as e:
log_exception(e)
finally:
close_cursor_connection(cursor)
close_db_connection(conn)
return code
def check_user_active(user_id):
"""
:param user_id:
:return:
code: '-1: error, 0: success, 1: user is not existed, 2: user not active'
"""
conn = None
cursor = None
code = -1
try:
conn = db.get_connection()
if conn.is_connected():
cursor = conn.cursor(dictionary=True)
sql = "Select id, status from users " \
"where id = '%s' order by id desc limit 0,1" \
% user_id
logger.info(sql)
cursor.execute(sql)
rows = cursor.fetchall()
if len(rows) > 0:
for row in rows:
if row['status'] == 0:
code = 2
if row['status'] == 1:
code = 0
else:
"""User is not existed"""
code = 1
except Exception as e:
log_exception(e)
finally:
close_cursor_connection(cursor)
close_db_connection(conn)
return code
def run(self, args: Cmdline) -> int:
args = self.parse.parse_args(args.options)
text = self.load_config(self._name)
if text is None:
logger.warning("There is currently no memo!Will create a new.")
text = {'note': ''}
text = text['note']
raw_text = base64.b64decode(text.encode())
with tempfile.TemporaryDirectory() as tmpdir:
path = os.path.join(tmpdir, 'note')
with open(path, 'wb') as f:
f.write(raw_text)
if os.system(f"{config.editor} {path}") != 0:
logger.error(
f"Run editor `{config.editor}` failed!The editor must edit file in console like `vim filename` or `notepad filename`"
)
logger.info(
f"You can change editor in config file `{os.path.join(config.root_path, 'config.py')}`"
)
return self.STOP
with open(path, 'rb') as f:
text = f.read()
if text == raw_text:
logger.warning(
'The content has not been changed, so it has not been saved!'
)
else:
self.save_config(self._name,
{'note': base64.b64encode(text).decode()})
logger.info("Content has been updated!", True)
return self.SUCCESS
def _host_survival_scan_handler_by_ping(self, ip_list: list,
timeout: int) -> tuple:
'''使用ping命令探测主机是否存活
'''
result = []
ret = ''
if self.session.server_info.isWindows():
ips = ','.join(ip_list)
self.session.client.options.set_temp_option('timeout', 0)
ret = self.exec_command(
f'cmd /c "for %i in ({ips}) do ping -n 1 -w {timeout} %i && echo %iok"'
)
else:
ips = ' '.join(ip_list)
self.session.client.options.set_temp_option('timeout', 0)
ret = self.exec_command(
f'for ip in {ips};do ping -c 1 -W {timeout//1000} $ip && echo $ip"ok";done'
)
if ret is None:
logger.error("host_survival_scan_handler_by_ping error!")
return result, len(ip_list)
ret = re.findall(r'^\s*(\d+\.\d+\.\d+\.\d+)ok\s*$', ret, re.M)
for ip in ret:
result.append(ip)
ip = colour.colorize(ip.ljust(15), 'bold', 'yellow')
logger.info(f"{ip} is alive!" + ' ' * 20, True)
return result, len(ip_list)
def read_test():
with open("spider_testphp.vulnweb.com.json") as f:
datas = f.readlines()
for data in datas:
item = json.loads(data)
url = item["url"]
method = item["method"]
headers = item["headers"]
data = item["data"]
try:
if method.lower() == 'post':
req = requests.post(url, data=data, headers=headers)
http_model = HTTPMETHOD.POST
else:
req = requests.get(url, headers=headers)
http_model = HTTPMETHOD.GET
except Exception as e:
logger.error("request method:{} url:{} faild,{}".format(method, url, e))
continue
fake_req = FakeReq(req.url, {}, http_model, data)
fake_resp = FakeResp(req.status_code, req.content, req.headers)
task_push_from_name('loader', fake_req, fake_resp)
logger.info("爬虫结束,开始漏洞扫描")
start()
def _connect(self) -> int:
ret = self.evalfile('payload/connect',
host=self._host,
port=self._port,
user=self._user,
password=self._password,
database=self._current_database)
ret = ret.data
ret = json.loads(ret)
if ret['code'] == -1:
msg = base64.b64decode(ret['msg'].encode()).decode(
self.session.client.options.encoding, 'ignore')
logger.error('Connect error!')
print(msg)
self._last_connect_status = False
return self.STOP
elif ret['code'] == 1:
logger.info('Connect successfully!', True)
self._last_connect_status = True
elif ret['code'] == 0:
logger.error(
"Can't find function `oci_connect`, the server may not have the OCI extension installed."
)
self._last_connect_status = False
return self.STOP
return self.SUCCESS
def _port_scan_handler(self, ports_list: list, ip: str,
connect_timeout: int, isudp: bool) -> tuple:
'''端口扫描处理函数
'''
result = []
self.session.client.options.set_temp_option('timeout', 30)
self.session.client.options.set_temp_option('verbose', 1)
ret = self.evalfile("payload/port_scan",
ip=ip,
ports=','.join([str(i.port) for i in ports_list]),
isudp=isudp,
timeout=connect_timeout)
ret = ret.data
if ret is None:
logger.error(
f"Scan {'UDP' if isudp else 'TCP'} port on {ip} error!" +
' ' * 20)
return result, len(ports_list)
ret = json.loads(ret)
if ret:
for p, response in ret.items():
for port in ports_list:
if port.port == int(p):
port.response = base64.b64decode(response.encode())
self._update_port_note_by_response(port)
result.append(port)
p = colour.colorize(str(p).rjust(5), 'bold', 'yellow')
logger.info(
f"{'UDP' if isudp else 'TCP'} port {p} is opened on {ip}!"
+ ' ' * 20, True)
break
return result, len(ports_list)
def delete(self, kanban_id, issue_id):
""" Deletes issue for given kanban """
kanban_finder = KanbanFinder()
logger.info(f"Fetching kanban directory with id {kanban_id}")
kanban_directory, kanban_check = kanban_finder.find_kanban_dir_with_id(
kanban_id=kanban_id, kanbans_directory=config.kanbans_directory)
logger.info(f"Kanban directory {kanban_directory}")
if kanban_check:
try:
issue_deleter = IssueDeleter()
issue_deleter.delete_issue_for_kanban(
kanbans_directory=config.kanbans_directory,
kanban_id=kanban_id,
issue_id=issue_id,
)
except FileNotFoundError as fe:
logger.warning(
f"Unable to update issues! Issue with id {issue_id} not found"
)
logger.exception(fe)
return {"response": "Issue id not found"}, 400
except Exception as e:
logger.error("Couldn't update issue")
logger.exception(e)
return {"response": "Couldn't update issue"}, 500
return 204
else:
logger.warning(
f"Unable to fetch issues! Kanban with id {kanban_id} not found"
)
return {"response": "Kanban id not found"}, 400
def run(self, args: Cmdline)-> int:
args = self.parse.parse_args(args.options)
if self.session.has_cmd(args.alias) and utils.input("Alias already exists!Do you want to overwrite it? (y/n) ").lower() != 'y':
return self.STOP
self._add(args.alias, args.cmd, args.description)
logger.info(f"Add alias command: {args.alias} => {cmd}", True)
return self.SUCCESS
def _upload_lib(self, ret: EvalResult) -> EvalResult:
'''上传可能缺失动态库
'''
if isinstance(self.session.client, CSharpWebshell):
assems = []
path = self.session.server_info.tmpdir + self.session.server_info.sep + utils.randomstr(
8)
for e in ret.errors:
if e.errcode == "CS0246" and 'MySql' in e.errmsg:
assems.append(path)
break
if path in assems:
logger.info("Try to upload MySql.Data.dll !")
if self.session.exec([
'upload',
os.path.join(os.path.dirname(__file__), 'extra_code',
'MySql.Data.dll'), path
]) == self.SUCCESS:
assems.extend(self.session.client.options.extra_assemblys)
self.session.client.options.set_temp_option(
'extra_assemblys', str(assems))
ret = self.evalfile('payload/connect',
host=self._host,
port=self._port,
user=self._user,
password=self._password,
database=self._current_database)
self.session.exec(['rm', '-f', path], False) # 删除临时文件
return ret
def _forward(self, sessionid: str):
'''执行前需要把webshell超时时间设置为无限
'''
self.exp.session.client.options.set_temp_option('timeout', 0)
self.exp.session.client.options.set_temp_option('verbose', 1)
ret = self.exp.evalfile('forward/forward',
rhost=self.rhost,
rport=self.rport,
sessionid=sessionid)
ret = ret.data
if ret is None:
logger.warning(
"Forward request has exit!If forwarding is still working, please ignore this warning."
)
return
ret = json.loads(ret)
if ret['code'] == -1: # connect failed
error = base64.b64decode(ret['msg'].encode()).decode(
self.exp.session.client.options.encoding, 'ignore')
logger.error(error)
elif ret['code'] == 1:
logger.info(
f"Connection has closed successfully for id `{sessionid}`!",
False)
self._close(sessionid)
def post(self):
"""Create new kanban"""
kanban_creator = KanbanCreator()
logger.info("Creating new kanban")
request.get_json(force=True)
print(api.payload)
if api.payload is None or api.payload == {}:
return {"response": "Unable to decode payload"}, 400
try:
desc = api.payload["description"]
name = api.payload["name"]
except KeyError as ke:
logger.error("Name or description not present in body!")
logger.exception(ke)
return {
"response": "Name or description not present in body!"
}, 400
if api.payload["name"].replace(" ", "") == "":
return {"response": "Name cannot be null or whitespaces only"}, 400
try:
new_kanban_dir, new_kanban_id = kanban_creator.create_new_kanban_folder(
kanbans_directory=config.kanbans_directory)
except FileExistsError:
logger.error("Kanban already exists!")
return {"response": "Unable to create! Kanban already exists"}, 500
except Exception as e:
logger.error("Couldn't create kanban!")
logger.exception(e)
return {
"response": "Unable to create",
"exception": str(e),
}, 500
try:
logger.info("Creating config xml for new kanban")
config_tree = kanban_creator.create_xml_tree_for_kanban_config(
kanban_name=api.payload["name"],
kanban_id=new_kanban_id,
description=api.payload["description"],
)
kanban_creator.create_new_kanban_config(
kanbans_directory=config.kanbans_directory,
kanban_id=new_kanban_id,
new_kanban_directory=new_kanban_dir,
config_xml_tree=config_tree,
)
except Exception as e:
logger.error("Couldn't create new kanban config! Deleting kanban")
logger.exception(e)
os.rmdir(new_kanban_dir)
return {
"response":
"Failed while creating config.xml file, deleting kanban.",
"exception": str(e),
}, 500
return {
"response": f"New kanban board with id {new_kanban_id} created"
}, 201
def run(self, args: Cmdline) -> int:
args = self.parse.parse_args(args.options)
ret = self.SUCCESS
if args.host:
self._host = args.host
if not args.connect:
logger.info(f"Set host => {args.host}")
if args.port:
self._port = args.port
if not args.connect:
logger.info(f"Set port => {args.port}")
if args.user:
self._user = args.user
if not args.connect:
logger.info(f"Set user => {args.user}")
if args.password:
self._password = args.password
if not args.connect:
logger.info(f"Set password => {args.password}")
if args.database:
self._current_database = args.database
if not args.connect:
logger.info(f"Set current_database => {args.database}")
if args.connect:
ret = self._connect()
elif args.show:
ret = self._show()
elif args.interactive:
ret = self._interactive()
elif args.sql:
ret = self._query(args.sql)
return ret
def port_scan(self, ip: str, connect_timeout: int, ports: list,
isudp: bool, threads: int):
logger.info(f"Start {'UDP' if isudp else 'TCP'} port scan on {ip}...")
block_ports = []
for i in range(0, len(ports), 10): #每次检测10个端口
block_ports.append(ports[i:i + 10])
job = Worker(self._port_scan_handler, block_ports, threads)
job.set_param(ip, connect_timeout, isudp)
job.start()
try:
while job.is_running():
workdone_count = 0
opened_count = 0
for v in job.current_vlist:
if v.solved:
opened_count += len(v.ret[0])
workdone_count += v.ret[1]
per = int(workdone_count / len(ports) * 100)
print(
f"Progress {per}% ({workdone_count}/{len(ports)}), {opened_count} opened ports on {ip}.",
end='\r',
flush=True)
utils.sleep(0.3)
except:
job.stop()
logger.warning("Work is over!")
for v in job.current_vlist: # 线程结束后统计
if self._scan_result.get(ip) is None:
self._scan_result[ip] = []
self._scan_result[ip].extend(v.ret[0])
logger.info(
f"All {'UDP' if isudp else 'TCP'} ports have been detected, total `{len(self._scan_result[ip])}` opened on {ip}."
+ ' ' * 20)
def initialize_app(flask_app):
logger.info("Configuring api server")
blueprint = Blueprint("api", __name__, url_prefix="/api/v1")
api.init_app(blueprint)
api.add_namespace(kanban_namespace)
api.add_namespace(issues_namespace)
flask_app.register_blueprint(blueprint)
def put(self, kanban_id, issue_id):
request.get_json(force=True)
if api.payload is None or api.payload == {}:
return {"response": "Unable to decode payload"}, 400
if (api.payload["stage"].replace(" ", "") == ""
or api.payload["stage"] == "string"):
return {
"response": "Stage cannot be null or whitespaces only"
}, 400
elif api.payload["stage"] not in [stage.value for stage in Stages]:
return {
"response":
"Stage cannot be anything other than todo, done or doing"
}, 400
issue_stage_hand = IssueStageHandler()
logger.info(f"Changing issue with id {issue_id} current stage")
try:
issue_stage_hand.change_stage(
kanbans_directory=config.kanbans_directory,
kanban_id=kanban_id,
issue_id=issue_id,
stage_to_assign=api.payload["stage"],
)
return {}, 204
except AttributeError:
logger.error(
f"Issue is not set to any stage! Check issue config xml")
return {"response": "Issue is not set to any stage"}, 500
except FileNotFoundError:
logger.warning("Issue couldn't be found")
return {"response": "Issue id not found"}, 400
except Exception as e:
logger.error("Couldn't update issue stage!")
logger.exception(e)
return {"response": "Unable to update issue stage"}, 500
def setUp(self) -> None:
# 获取session对象
self.session = requests.session()
logger.info("正在获取session对象:{}".format(self.session))
# 获取ApiRegLogin对象
self.api = ApiRegLogin(self.session)
logger.info("正在获取ApiRegLogin对象:{}".format(self.api))
def _interactive(self) -> int:
logger.info(
"This is just an interactive window that continuously executes SQL statements. "
)
logger.info("Type `exit` or `quit` or Ctrl-C to exit.")
try:
while True:
prompt = colour.colorize('oracle', 'underline')+'('+colour.colorize(f"{self._user}@{self._host}", fore='green')+')'+\
f" [{colour.colorize(self._current_database, fore='yellow')}] > "
sql = utils.input(prompt)
if sql == '':
continue
elif sql in ('exit', 'quit'):
break
elif sql == 'clear':
self.session.exec("clear")
continue
elif sql.startswith('use '):
match = re.fullmatch(r'use\s+(\w+)', sql)
if match:
old = self._current_database
self._current_database = match.group(1)
if self._query(sql) == self.ERROR:
self._current_database = old
continue
self._query(sql)
except KeyboardInterrupt:
print('')
return self.SUCCESS
def unlock():
try:
data = json.loads(flask.request.data)
uuid = data.get("uuid", None)
params = {"uuid": uuid}
util.check_param(**params)
token = flask.request.headers.get("token", None)
if (token not in util.session) or \
(not conductor.user.is_admin_user(util.session[token])):
message = {
"error": "limited authority",
"code": 401,
"tips": util.get_tips_dict(10006)
}
message = json.dumps(message)
logger.debug("POST /user/v1/unlock - 401")
logger.warn("unlock user %s WARNING: limited authority." % uuid)
return message, 401
conductor.user.unlock(uuid)
except DuplicateException as e:
message = {
"success": e.error_message,
"code": e.httpcode
}
message = json.dumps(message)
logger.info(e.error_message)
logger.debug("POST /user/v1/unlock - %s" % e.httpcode)
return message, e.httpcode
except STPHTTPException as e:
message = {
"error": e.error_message,
"code": e.httpcode,
"tips": e.tip
}
message = json.dumps(message)
logger.debug("POST /user/v1/unlock - %s" % e.httpcode)
logger.error("unlock user ERROR:\n %s" % traceback.format_exc())
return message, e.httpcode
except json.decoder.JSONDecodeError:
logger.error("unlock user ERROR: JSON decode failed.\n %s" %
traceback.format_exc())
logger.debug("POST /user/v1/unlock - 406")
message = {
"error": "invalid POST request: JSON decode failed.",
"code": 406,
"tips": util.get_tips_dict(10004)
}
message = json.dumps(message)
return message, 406
logger.info("unlock user %s success." % uuid)
message = {
"success": "unlock user %s success." % uuid,
"code": 200
}
message = json.dumps(message)
return message, 200
def post(self, accession):
logger.info(f"Alterado integrado_tasy para true -> {accession}")
its = IntegracaoTasySchema()
altr = altera_integrado_tasy(accession)
if altr:
return make_response(its.jsonify(altr), 202)
else:
return make_response(jsonify({"Error": "Exame já integrado."}))
def reg_img_code(self, random):
"""
:param random: 随机数
:return: 响应对象
"""
logger.info("正在调用注册获取图片验证码接口 请求url:{}".format(self.img_URL.format(random)))
img_resp = self.session.get(self.img_URL.format(random))
return img_resp
def get(self, identificador_estabelecimento_saude):
logger.info(
f"Rota LaudoEstudoDicomListNoPaginate acessada, buscando {identificador_estabelecimento_saude}."
)
lsq = laudo_estudo_dicom_schema.LaudoEstudoDicomSchema(many=True)
les = laudo_estudo_dicom_service.listar_laudos(
identificador_estabelecimento_saude)
return make_response(lsq.jsonify(les), 200)
def run(self):
try:
self.check_client()
finally:
logger.info("Connection from %s on port %s has closed", self._ip, self._port)
self._conn.close()
self.queue = None
del clientData[self._port]
def exame_iniciado_to_true(nr_prescicao: str, nr_sequencia: str) -> itm:
logger.info("Alterando para integrado True no banco.")
sttmnt = itm.query.filter(itm.nr_prescricao == nr_prescicao, itm.nr_sequencia == nr_sequencia)
exame = sttmnt.first()
sttmnt.update({itm.exame_iniciado: True}, synchronize_session=False)
db.session.commit()
logger.info("Retornando.")
return exame
def _switch(self, ID: int) -> int:
if ID not in self.manager.session_map: # 切换到主session
self.manager['current_session_id'] = None
logger.info("Switch to session `manager`.")
else: # 切换到指定的session
self.manager['current_session_id'] = ID
logger.info(f'Switch to session `{ID}`.')
return self.SUCCESS
def start_server(self, blocking=False):
msg = f"Starting DICOM SCP {self.ae_title} on port {self.port}"
logger.info(msg)
print(msg)
self._ae.start_server((self.host, self.port),
block=blocking,
evt_handlers=self._handlers)