def get(self):
list_type = self.get_argument("type")
try:
start = int(self.get_argument("start"))
except:
start = 0
page_num = int(config.load()['page_num'])
length = conn.llen(list_type)
last = start + page_num - 1
page_now = start / page_num + 1
end_page = -1 * ((-1 * length) / page_num)
end_num = end_page * page_num - page_num
if page_now - 2 >= 1:
pages_first = page_now - 2
else:
pages_first = 1
if page_now + 2 <= end_page:
pages_last = page_now + 2
else:
pages_last = end_page
pages = range(int(pages_first), int(pages_last) + 1)
content = conn.lrange(list_type, start, last)
req_content = {}
for reqhash in content:
decode_content = json.loads(
base64.b64decode(conn.hget("request", reqhash)))
try:
decode_results = json.loads(
base64.b64decode(conn.hget("results", reqhash)))
except:
decode_results = {'stat': 0}
req_content[reqhash] = decode_content[
'method'] + "|" + decode_content['url']
#split the url in 80 chars
req_content[reqhash] += "|"
for i in range(
int(len(req_content[reqhash].split("|")[1]) / 80) + 1):
req_content[reqhash] += req_content[reqhash].split(
"|")[1][i * 80:i * 80 + 80] + "\n"
stats = ['success', 'info', 'warning', "danger"]
stat = decode_results['stat']
stat = stats[stat]
req_content[reqhash] += "|" + stat
return self.render("list.html",
page_now=page_now,
page_num=page_num,
pages=pages,
content=content,
list_type=list_type,
length=length,
req_content=req_content,
end_num=end_num)
def get(self):
waiting = conn.lrange("waiting", 0, 15)
running = conn.lrange("running", 0, 15)
finished = conn.lrange("finished", 0, 15)
vulnerable = conn.lrange("vulnerable", 0, 15)
stats_all = {}
for i in [waiting, running, finished, vulnerable]:
for reqhash in i:
try:
decode_results = json.loads(
base64.b64decode(conn.hget("results", reqhash)))
except:
decode_results = {'stat': 0}
stats = ['success', 'info', 'warning', "danger"]
stat = decode_results['stat']
stat = stats[stat]
stats_all[reqhash] = stat
self.render("index.html",
waiting_num=conn.llen("waiting"),
running_num=conn.llen("running"),
finished_num=conn.llen("finished"),
vulnerable_num=conn.llen("vulnerable"),
waiting=waiting,
running=running,
finished=finished,
vulnerable=vulnerable,
time=config.load()["flush_time"],
stats_all=stats_all)
return
def get(self):
try:
request_hash = self.get_argument("hash")
request = json.loads(
base64.b64decode(conn.hget("request", request_hash)))
if not conn.hget("results", request_hash):
results = {}
stat = "success"
else:
results = json.loads(
base64.b64decode(conn.hget("results", request_hash)))
stat = results['stat']
stats = ['success', 'info', 'warning', "danger"]
stat = stats[stat]
if results['stat'] == 0:
results = {}
else:
del results['stat']
for rule in list(results):
if results[rule]['stat'] == 0:
del results[rule]
else:
results[rule]['stat'] = stats[results[rule]
['stat']]
messages = []
for message in results[rule]['message']:
if message != "":
messages.append(message)
results[rule]['message'] = messages
#split the url in 80 chars
url = request['url']
request['url_encode'] = ""
for i in range(int(len(url) / 80) + 1):
request['url_encode'] += url[i * 80:i * 80 + 80] + "\n"
return self.render("req.html",
request=request,
results=results,
stat=stat)
except Exception as e:
out.error(str(e))
return self.write(str(e))
def scan_start():
while config.load()['scan_stat'].lower() == "true":
try:
while thread_filled():
time.sleep(5)
reqhash = conn.rpoplpush("waiting", "running")
if not reqhash:
time.sleep(10)
continue
reqed = conn.hget("request", reqhash)
request = json.loads(ds(reqed))
rules = config.load_rule()['scan_type']
url = urlparse.urlparse(request['url']).query
if (request['method'] == "GET" and url != "") or (request['method'] == "POST" and (request["postdata"] != "" or url != "")):
t = threading.Thread(target=new_scan, args=(reqhash, requests_convert(request), rules))
t.start()
else:
conn.lrem("running", 1, reqhash)
conn.lpush("finished", reqhash)
except Exception,e:
out.error(str(e))