def xwaf(request): targetValue = request.GET.get('targetValue') action = request.GET.get('action') if targetValue != None: print(targetValue) if action == "xwaf": command = "python3 " + ModulePath + "tools/xwaf.py " + targetValue print(command) os.system(command) #下面找出目标域名,以便找到运行结果内容 url = "" tmp = string2argv(targetValue) index = 0 for each in tmp: if each == "-u": url = tmp[index + 1] break index += 1 if url == "": if "-r" in tmp: tmpIndex = 0 tmpList = tmp for each in tmpList: if each == "-r": readFile = tmpList[tmpIndex + 1] break tmpIndex += 1 with open(readFile, "r+") as f: allLines = f.readlines() findHost = 0 for eachLine in allLines: if re.search("host:", eachLine, re.I): hostValue = re.search("host:\s?([\S]+)", eachLine, re.I).group(1) url = "http" + "://" + hostValue findHost = 1 break if findHost == 0: print( "Although you provide a header file,but I can not find host value" ) sys.exit(1) else: print("Sorry,I can not find a url:(") sys.exit(1) #上面找出目标域名,以便找到运行结果内容 log_file = "/root/.sqlmap/output/" + urlparse(url).hostname + "/log" log_config_file = log_file[:-3] + "config_file.ini" succeedCmd = get_key_value_from_config_file(log_config_file, 'default', 'bypassed_command') result = succeedCmd if result == "[]": result = "Sorry,waf not bypassed." return HttpResponse(result.replace("\n", "<br>")) else: return render_to_response("xwaf.html", {})
'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'pannel.wsgi.application' # Database # https://docs.djangoproject.com/en/1.10/ref/settings/#databases from exp10it import get_key_value_from_config_file from exp10it import configIniPath db_name=eval(get_key_value_from_config_file(configIniPath,"default",'db_name')) db_user=eval(get_key_value_from_config_file(configIniPath,"default",'db_user')) db_pass=eval(get_key_value_from_config_file(configIniPath,"default",'db_pass')) db_server=eval(get_key_value_from_config_file(configIniPath,"default",'db_server')) DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': '%s' % db_name, 'USER': '******' % db_user, 'PASSWORD': '******' % db_pass, 'HOST': '%s' % db_server, 'PORT': '3306' } }
# # http://doc.scrapy.org/en/latest/topics/settings.html # http://scrapy.readthedocs.org/en/latest/topics/downloader-middleware.html # http://scrapy.readthedocs.org/en/latest/topics/spider-middleware.html import os, sys exp10it_module_path = os.path.expanduser("~") + "/mypypi" sys.path.insert(0, exp10it_module_path) from scrapy.spiders import Spider from exp10it import CONFIG_INI_PATH from exp10it import get_key_value_from_config_file from exp10it import update_config_file_key_value try: SPLASH_URL = eval( get_key_value_from_config_file(CONFIG_INI_PATH, 'default', 'splash_url')) except: print( "make sure you have start your scrapy_splash service,if not,do it now") SPLASH_SERVER = input( "Please input your scrapy_splash server ip address\n:>") SPLASH_URL = "http://" + SPLASH_SERVER + ":8050" update_config_file_key_value(CONFIG_INI_PATH, 'default', 'SPLASH_URL', "'" + SPLASH_URL + "'") try: IPProxyPoolUrl = eval( get_key_value_from_config_file(CONFIG_INI_PATH, 'default', 'ipproxypoolurl')) except: print("make sure you have start your IPProxyPool service,if not,do it now")
from exp10it import string2argv sys.path.append(ModulePath + "tools/") from xPang import get_pang_domains from xSub import get_sub_domains from xcdn import Xcdn from sqli import sqli_scan from xdir import single_dirb_scan from xcms import single_cms_scan from xwebshell import crack_webshell from xadmin import crack_admin_login_url #from xwaf import Program as Xwaf from urllib.parse import urlparse db_name = eval( get_key_value_from_config_file(CONFIG_INI_PATH, "default", 'db_name')) targets_table_name = eval( get_key_value_from_config_file(CONFIG_INI_PATH, "default", 'targets_table_name')) first_targets_table_name = eval( get_key_value_from_config_file(CONFIG_INI_PATH, "default", 'first_targets_table_name')) @login_required def result(request): return render_to_response("result.html", {}) def targets(request): targetValue = request.GET.get('targetValue')
#This debug.py is for developers.Do not run it if you just want to run 3xp10it but not develop it. import os import re from exp10it import execute_sql_in_db from exp10it import get_string_from_command from exp10it import get_key_value_from_config_file from exp10it import configIniPath if os.path.exists(configIniPath): db_name = eval( get_key_value_from_config_file(configIniPath, 'default', 'db_name')), a = input("1.删除config.ini和exp10itdb\n2....\n>") if a == '1': result = get_string_from_command("mysql") if re.search(r"Can't connect", result, re.I): os.system("service mysql start") execute_sql_in_db("drop database %s" % db_name) os.system("rm config.ini") else: print("%s not exist" % configIniPath)
from xSub import get_sub_domains from xcdn import Xcdn from highrisk import single_risk_scan from sqli import sqli_scan from xdir import single_dirb_scan from xcms import single_cms_scan from xwebshell import crack_webshell from xadmin import crack_admin_login_url #from xwaf import Program as Xwaf from exp10it import get_target_table_name_list from exp10it import exist_table_in_db from exp10it import string2argv from urllib.parse import urlparse configIniPath=os.getcwd()+"/../../"+"config.ini" db_name = eval(get_key_value_from_config_file(configIniPath, "default", 'db_name')) targets_table_name = eval(get_key_value_from_config_file(configIniPath, "default", 'targets_table_name')) first_targets_table_name = eval(get_key_value_from_config_file( configIniPath, "default", 'first_targets_table_name')) @login_required def result(request): return render_to_response("result.html", {}) def targets(request): targetValue = request.GET.get('targetValue') action = request.GET.get('action') if targetValue != None: print(targetValue)
'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'pannel.wsgi.application' # Database # https://docs.djangoproject.com/en/1.10/ref/settings/#databases from exp10it import get_key_value_from_config_file from exp10it import CONFIG_INI_PATH db_name = eval( get_key_value_from_config_file(CONFIG_INI_PATH, "default", 'db_name')) db_user = eval( get_key_value_from_config_file(CONFIG_INI_PATH, "default", 'db_user')) db_pass = eval( get_key_value_from_config_file(CONFIG_INI_PATH, "default", 'db_pass')) db_server = eval( get_key_value_from_config_file(CONFIG_INI_PATH, "default", 'db_server')) DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': '%s' % db_name, 'USER': '******' % db_user, 'PASSWORD': '******' % db_pass, 'HOST': '%s' % db_server, 'PORT': '3306'