def subdomain_scan(uid): """ 添加域名扫描任务 :param domain: example.com :param uid: c2385a01-bb0a-40a3-8694-05a31a440ba6 :return: """ # 有任务在执行的时候先暂停 while True: task = mongo.db.tasks.find_one({'id': uid}) if task is None: return True if mongo.db.tasks.find({'status': "Running", "hack_type": "域名扫描"}).count() > 0: mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'status': 'Waiting', } } ) time.sleep(5) else: mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'status': 'Running', } } ) break contain = DOCKER_CLIENT.containers.run("ap0llo/oneforall:0.0.9", [uid], remove=True, detach=True, auto_remove=True, network="host") mongo.db.tasks.update_one({"id": uid}, {"$set": {"contain_id": contain.id}}) # 心跳线程用来更新任务状态 while True: task_dir = mongo.db.tasks.find_one({"id": uid}) if task_dir is None: return True process_json = ast.literal_eval(task_dir["hidden_host"]) if len(process_json) == 0: time.sleep(10) tasks_num = task_dir["live_host"] now_progress = 0 # 统计总任务进度 for k, v in process_json.items(): progress_ = formatnum(v) now_progress = now_progress + progress_ progress = '{0:.2f}%'.format(now_progress / tasks_num) if progress == "100.00%": mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'total_host': mongo.db.subdomains.find({'pid': uid}).count(), } } ) return True else: mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'progress': progress } } ) time.sleep(3)
def create_attack_task(self, target_list): """ 该函数用来进行POC扫描 :param target_list: :return: """ attack_list_xunfeng = [] attack_list_s1riu5 = [] attack_list_kunpeng = [] attack_list_bugscan = [] pocs = mongo.db.pocs.find({}) pocs_list = list() for i in pocs: pocs_list.append(i) for m in pocs_list: for n in target_list: if m["flag"] == "xunfeng": if n["service"] == m["vul_service"]: new_dict = dict() new_dict["ip"] = n["address"] new_dict["port"] = n["port"] new_dict["poc"] = m["poc_name"] new_dict["keyword"] = m["vul_service"] new_dict["type_file"] = m["file_type"] new_dict["project_name"] = self.project attack_list_xunfeng.append(new_dict) if "tag" in n: if n["tag"] == m["vul_service"]: new_dict = dict() new_dict["ip"] = n["address"] new_dict["port"] = n["port"] new_dict["poc"] = m["poc_name"] new_dict["keyword"] = m["vul_service"] new_dict["type_file"] = m["file_type"] new_dict["project_name"] = self.project attack_list_xunfeng.append(new_dict) elif m["flag"] == "kunpeng": if "subdomain_name" in n: attack_dict = { 'type': 'web', 'target': "web", 'netloc': n["http_address"], "parent_name": self.project } if attack_dict not in attack_list_kunpeng: attack_list_kunpeng.append(attack_dict) else: if n["service"] in ["http", "ssl", "https"]: if 'http' in n["service"]: scheme = 'http' if n["service"] in ['https', 'ssl' ] or n["port"] == 443: scheme = 'https' ip_url = '{}://{}:{}'.format( scheme, n["address"], n["port"]) attack_dict = { 'type': 'web', 'target': "web", 'netloc': ip_url, "parent_name": self.project } if attack_dict not in attack_list_kunpeng: attack_list_kunpeng.append(attack_dict) else: attack_dict = { 'type': 'service', 'target': n["service"], 'netloc': n["address"] + ':' + str(n["port"]), "parent_name": self.project } if attack_dict not in attack_list_kunpeng: attack_list_kunpeng.append(attack_dict) elif m["flag"] == "bugscan": """ m: {'_id': ObjectId('5e2858f3a5c1fe4f0152e6c3'), 'cretae_date': datetime.datetime(2020, 1, 22, 22, 15, 15, 693000), 'vul_type': 'Null', 'file_type': 'py', 'vul_service': 'php168', 'flag': 'bugscan', 'id': '2acda09e-0964-4c52-b06f-c4188f5eeaf5', 'vul_name': 'Null', 'vul_info': 'Null', 'poc_name': 'exp_1170.py', 'vul_level': 'Null'} n: {'_id': ObjectId('5e28ef328cd7cf0e4b791990'), 'id': '12adf194-e1ef-46ee-b552-645733f31e16', 'address': '127.0.0.1', 'mac': 'Null', 'vendor': 'Null', 'port': 8080, 'hostname': 'Null', 'create_date': datetime.datetime(2020, 1, 23, 8, 56, 18, 322000), 'end_time': datetime.datetime(2020, 1, 23, 8, 56, 18, 322000), 'parent_name': ' 测试项目', 'pid': '15ddb1f9-7792-4471-a084-2e6bfd3cc821', 'http_address': 'http://127.0.0.1', 'fofa': 'phpmyadmin,jquery,jquery-ui', 'category': 'phpmyadmin', 'service': 'http'} """ if m.get("vul_service", "") is not None and n.get( "service", "") is not None: if m.get("vul_service", "") in n.get("service", ""): if n.get("service", "") in ["http", "ssl", "https"]: if 'http' in n.get("service"): scheme = 'http' if n.get("service") in [ 'https', 'ssl' ] or n.get("port") == 443: scheme = 'https' target_url = '{}://{}:{}'.format( scheme, n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: target_url = '{}:{}'.format( n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: print(m, n, "service") if m.get("vul_service") is not None and n.get( "category") is not None: if m.get("vul_service") in n.get("category"): if n.get("category") in ["http", "ssl", "https"]: if 'http' in n.get("category"): scheme = 'http' if n.get("category") in [ 'https', 'ssl' ] or n.get("port") == 443: scheme = 'https' target_url = '{}://{}:{}'.format( scheme, n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: target_url = '{}:{}'.format( n["address"], n["port"]) attack_dict = { 'netloc': target_url, "poc": m["poc_name"], "keyword": n["service"], "parent_name": self.project } if attack_dict not in attack_list_bugscan: attack_list_bugscan.append(attack_dict) else: print(m, n, "category") # if m["vul_service"] in n["service"]: # # attack_dict = {'netloc': n["http_address"], "poc": m["poc_name"], "keyword": n["service"], # "parent_name": self.project} # if attack_dict not in attack_list_bugscan: # attack_list_bugscan.append(attack_dict) # # if m["vul_service"] in n["category"]: # # attack_dict = {'netloc': n["http_address"], "poc": m["poc_name"], "keyword": n["category"], # "parent_name": self.project} # if attack_dict not in attack_list_bugscan: # attack_list_bugscan.append(attack_dict) poc_num = attack_list_xunfeng + attack_list_kunpeng + attack_list_bugscan print(poc_num) sess = mongo.db.tasks.find_one({"id": self.pid}) # 项目被删除的时候 if sess is None: return True if len(poc_num) == 0: mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'total_host': 0, } }) return True target_dict = dict() target_dict["xunfeng"] = attack_list_xunfeng target_dict["kunpeng"] = attack_list_kunpeng target_dict["bugscan"] = attack_list_bugscan for i in target_dict.items(): if len(i[1]) != 0: vul_id = get_uuid() vul = { "id": vul_id, "parent_name": self.project, "progress": "0.00%", "total_num": len(i[1]), "create_date": datetime.datetime.now(), "end_time": "Null", "status": "Running", "target": json.dumps(i[1], ensure_ascii=False), "flag": i[0], "pid": self.pid } mongo.db.vuldocker.insert_one(vul) contain = DOCKER_CLIENT.containers.run(f"ap0llo/poc:{i[0]}", ["attack", vul_id], detach=True, network="host", auto_remove=True) mongo.db.vuldocker.update_one( {"id": self.pid}, {'$set': { "contain_id": contain.id }}) while True: count = mongo.db.vuldocker.find({"pid": self.pid}).count() now_progress = 0 for i in mongo.db.vuldocker.find({"pid": self.pid}): progress_ = formatnum(i["progress"]) now_progress = now_progress + progress_ progress = now_progress / count progress = '%.2f' % progress percent = f"{progress}%" if percent == "100.00%": mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'total_host': mongo.db.vuls.find({ 'pid': self.pid }).count(), } }) return True else: mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': percent, "total_host": mongo.db.vuls.find({ 'pid': self.pid }).count(), } }) time.sleep(3)
def dir_scan(self, info): sess = mongo.db.tasks.find_one({"id": self.pid}) # 项目被删除的时候 if sess is None: return True if len(info) == 0: mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'live_host': 0, } }) return True mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'target': json.dumps(info, ensure_ascii=False), 'hidden_host': len(info), } }) contain = DOCKER_CLIENT.containers.run("ap0llo/dirsearch:0.3.9", [self.pid], detach=True, network="host", auto_remove=True) mongo.db.tasks.update_one({"id": self.pid}, {'$set': { 'contain_id': contain.id }}) # 心跳线程用来更新任务状态 while True: task_dir = mongo.db.tasks.find_one({"id": self.pid}) if task_dir is None: return "flag" process_json = ast.literal_eval(task_dir["total_host"]) if len(process_json) == 0: time.sleep(10) tasks_num = task_dir["hidden_host"] now_progress = 0 # 统计总任务进度 for k, v in process_json.items(): progress_ = formatnum(v) now_progress = now_progress + progress_ progress = '{0:.2f}%'.format(now_progress / tasks_num) if progress == "100.00%": mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'live_host': mongo.db.dir_vuls.find({ 'pid': self.pid }).count(), } }) return True else: mongo.db.tasks.update_one({"id": self.pid}, {'$set': { 'progress': progress }}) time.sleep(3)
def dir_scan(self, info): sess = mongo.db.tasks.find_one({"id": self.pid}) # 项目被删除的时候 if sess is None: return True if len(info) == 0: mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': 'Finished', 'end_time': datetime.datetime.now(), 'live_host': 0, } }) return True mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'target': json.dumps(info, ensure_ascii=False), 'hidden_host': len(info), } }) for i in info: target = str(json.dumps(i, ensure_ascii=False)) contain = DOCKER_CLIENT.containers.run("ap0llo/dirsearch:test", [target], detach=True, remove=True, auto_remove=True, network="host") mongo.db.tasks.update_one({"id": self.pid}, {'$set': { 'contain_id': contain.id }}) # 心跳线程用来更新任务状态 while True: time.sleep(3) task_dir = mongo.db.tasks.find_one({"id": self.pid}) if task_dir is None: return process_json = json.loads(task_dir["total_host"]) if len(process_json) == 0: time.sleep(10) tasks_num = task_dir["hidden_host"] now_progress = 0 # 统计总任务进度 for k, v in process_json.items(): progress_ = formatnum(v) now_progress = now_progress + progress_ progress = '{0:.2f}%'.format(now_progress / tasks_num) if progress == "100.00%": mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': "Finished", "end_time": datetime.datetime.now(), "live_host": mongo.db.dir_vuls.find({ "pid": self.pid }).count(), "contain_id": "Null", } }) return else: mongo.db.tasks.update_one( {"id": self.pid}, {'$set': { 'progress': progress, }}) task_collection = mongo.db.tasks.find_one({"id": self.pid}) # 如果任务不存在了,直接结束任务。 if task_collection is None: return True json_target = json.loads(task_collection.get("total_host")) if json_target[i.get("http_address")] == "100.00%": break # # if DOCKER_CLIENT.containers.get(contain.id).status == "running": # mongo.db.tasks.update_one( # {"id": self.pid}, # {'$set': { # 'progress': progress, # # } # } # ) # # else: # # task_collection = mongo.db.tasks.find_one({"id": self.pid}) # # # 如果任务不存在了,直接结束任务。 # if task_collection is None: # return True # # json_target = json.loads(task_collection.get("total_host", "{}")) # # json_target[i.get("http_address")] = "100.00%" # # mongo.db.tasks.update_one( # {"id": self.pid}, # {'$set': { # 'total_host': json.dumps(json_target, ensure_ascii=False), # # } # } # ) # # # 用来判断任务没有开始就结束的逻辑 # new_task_dir = mongo.db.tasks.find_one({"id": self.pid}) # if task_dir is None: # return # # tasks_num = new_task_dir["hidden_host"] # # json_process = json.loads(new_task_dir["total_host"]) # # now_progress = 0 # # 统计总任务进度 # for k, v in json_process.items(): # progress_ = formatnum(v) # now_progress = now_progress + progress_ # # progress = '{0:.2f}%'.format(now_progress / tasks_num) # # if progress == "100.00%": # mongo.db.tasks.update_one( # {"id": self.pid}, # {'$set': { # 'progress': "100.00%", # 'status': "Finished", # "end_time": datetime.datetime.now() # } # } # ) # return # # break mongo.db.tasks.update_one({"id": self.pid}, { '$set': { 'progress': "100.00%", 'status': "Finished", "end_time": datetime.datetime.now(), "contain_id": "Null", "live_host": mongo.db.dir_vuls.find({ "pid": self.pid }).count(), } })
def subdomain_scan(uid): """ 添加域名扫描任务 :param domain: example.com :param uid: c2385a01-bb0a-40a3-8694-05a31a440ba6 :return: """ # 有任务在执行的时候先暂停 while True: time.sleep(3) task = mongo.db.tasks.find_one({'id': uid}) if task is None: return True if mongo.db.tasks.find({'status': "Running", "hack_type": "域名扫描"}).count() > 0: mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'status': 'Waiting', } } ) time.sleep(5) else: mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'status': 'Running', } } ) break taskCollection = mongo.db.tasks.find_one({"id": uid}) if taskCollection is None: return True targetList = taskCollection["target"].split(",") parentName = taskCollection["parent_name"] tasks_num = taskCollection["live_host"] for t in targetList: newTarget = dict() newTarget["Purpose"] = t newTarget["parentName"] = parentName newTarget["pid"] = uid infoString = str(json.dumps(newTarget, ensure_ascii=False)) contain = DOCKER_CLIENT.containers.run("ap0llo/oneforall:0.1.0", [infoString], detach=True, remove=True, auto_remove=True, network="host") newTaskCollection = mongo.db.tasks.find_one({"id": uid}) json_target = json.loads(newTaskCollection.get("hidden_host")) json_target[t] = "0.00%" mongo.db.tasks.update_one({"id": uid}, { "$set": {"contain_id": contain.id, 'hidden_host': json.dumps(json_target, ensure_ascii=False)}}) # 心跳线程用来更新任务状态 while True: time.sleep(3) task_dir = mongo.db.tasks.find_one({"id": uid}) if task_dir is None: return True process_json = json.loads(task_dir.get("hidden_host")) if len(process_json) == 0: time.sleep(10) now_progress = 0 # 统计总任务进度 for k, v in process_json.items(): progress_ = formatnum(v) now_progress = now_progress + progress_ progress = '{0:.2f}%'.format(now_progress / tasks_num) if progress == "100.00%": mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'progress': "100.00%", 'status': "Finished", "end_time": datetime.datetime.now() } } ) return else: mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'progress': progress, } } ) task_collection = mongo.db.tasks.find_one({"id": uid}) # 如果任务不存在了,直接结束任务。 if task_collection is None: return True json_target = json.loads(task_collection.get("hidden_host")) if json_target[t] == "100.00%": break mongo.db.tasks.update_one( {"id": uid}, {'$set': { 'progress': "100.00%", 'status': "Finished", "end_time": datetime.datetime.now(), "contain_id": "Null", } } )