def POST(self):
originParams = web.input()
options = (("dbname", "string", "1-50"), )
if not os.path.exists("log"):
os.mkdir("log")
if not os.path.exists(os.path.join("static", "attachment")):
os.mkdir(os.path.join("static", "attachment"))
if not os.path.exists(os.path.join("static", "tmp")):
os.mkdir(os.path.join("static", "tmp"))
if not os.path.exists("data"):
os.mkdir("data")
if not os.path.exists(os.path.join("data", "database")):
os.mkdir(os.path.join("data", "database"))
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
try:
CONF.db.name = str(params.dbname)
except WIPError as error:
raise web.internalerror("Configure file parse error.")
try:
Database.create()
except DBError as error:
raise web.internalerror("Databae creating error," + str(error))
CONF.isinstall = True
CONF.save()
return jsonSuccess()
def GET(self):
params = web.input()
try:
comment = Comment.get(params.id.strip())
except AttributeError:
raise web.internalerror("Missing parameter.")
except FieldError as error:
raise web.internalerror(error)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
if not comment:
return jsonFail()
#delete attachment
if comment.attachment:
if os.path.exists(
os.path.join("static", "attachment", comment.attachment)):
os.remove(
os.path.join("static", "attachment", comment.attachment))
comment.remove()
return jsonSuccess()
def POST(self):
params = web.input()
kw = {
k: params[k].strip()
for k in ("id", "name", "url", "info", "level", "description")
}
Comment.where(id=params.id.strip()).update(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {
k: params[k].strip()
for k in ("name", "url", "info", "level", "description", "host_id")
}
Comment.insert(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {
k: params[k].strip()
for k in ("name", "url", "ip", "whois", "description", "level")
}
Project.where(id=params.id.strip()).update(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {
k: params[k].strip()
for k in ("title", "url", "ip", "port", "protocol", "level", "os",
"server_info", "middleware", "description")
}
Host.where(id=params.id.strip()).update(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {
k: params[k].strip()
for k in ("title", "url", "ip", "port", "protocol", "level", "os",
"server_info", "middleware", "description", "project_id")
}
Host.insert(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {
k: params[k].strip()
for k in ("name", "url", "ip", "level", "whois", "description")
}
project = Project(**kw)
project.save()
return jsonSuccess()
def POST(self):
originParams = web.input()
options = (("nmappath", "string", "1-200"), )
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
CONF.nmap = None if str(params.nmappath) == "nmap" else str(
params.nmappath)
CONF.save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (
("domain","string","1-200"),
("type","integer","0-3"),
("project_id","integer","")
)
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
domain = params.domain.lower()
protocol = ""
port = None
#resolve protocol
if domain.startswith("http://"):
protocol = "http"
domain = domain[7:]
port = 80
elif domain.startswith("https://"):
protocol = "https"
domain = domain[8:]
port = 443
elif "://" in domain:
raise web.internalerror("unrecognized protocol, should be 'http' or 'https'.")
#resolve port
try:
pos = domain.rindex(":")
except ValueError:
pass
else:
try:
port = int(domain[pos+1:])
except ValueError:
pass
domain = domain[:pos]
if not protocol: protocol = "http"
if not port: port = 80
task = ServiceIdentifyPlugin(ptype=int(params.type)) | DataSavePlugin(projectid=params.project_id)
host = Host(url=domain,protocol=protocol,port=port)
task.dostart([host])
return jsonSuccess()
def POST(self):
originParams = web.input()
options = (
("nmappath","string","1-200"),
)
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
CONF.nmap = None if str(params.nmappath)=="nmap" else str(params.nmappath)
CONF.save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (("domain", "string", "1-200"), ("type", "integer", "0-3"),
("project_id", "integer", ""))
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
domain = params.domain.lower()
protocol = ""
port = None
#resolve protocol
if domain.startswith("http://"):
protocol = "http"
domain = domain[7:]
port = 80
elif domain.startswith("https://"):
protocol = "https"
domain = domain[8:]
port = 443
elif "://" in domain:
raise web.internalerror(
"unrecognized protocol, should be 'http' or 'https'.")
#resolve port
try:
pos = domain.rindex(":")
except ValueError:
pass
else:
try:
port = int(domain[pos + 1:])
except ValueError:
pass
domain = domain[:pos]
if not protocol: protocol = "http"
if not port: port = 80
task = ServiceIdentifyPlugin(ptype=int(params.type)) | DataSavePlugin(
projectid=params.project_id)
host = Host(url=domain, protocol=protocol, port=port)
task.dostart([host])
return jsonSuccess()
def GET(self):
web.header('Content-Type', 'application/json')
params = web.input()
try:
hid = str(int(params.id))
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
try:
Host.delete(hid)
except (KeyError, AttributeError, FieldError, ModelError, DBError) as error:
RTD.log.error(error)
raise web.internalerror(error)
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(projectfile={})
try:
fileName = params.projectfile.filename
fileStr = params.projectfile.value
except AttributeError:
raise web.internalerror("Missing parameter.")
projectDict = json.loads(fileStr)
hosts = projectDict.get("hosts", [])
try:
del projectDict['hosts']
except KeyError:
pass
try:
Project(**projectDict).save()
except DBError as error:
raise web.internalerror("failed to insert project " + str(error))
projectid = Project.where(
name=projectDict.get('name')).getsraw('id')[0]['id']
for host in hosts:
vuls = host.get("vuls", [])
comments = host.get("comments", [])
try:
del host['vuls']
del host['comments']
except KeyError:
pass
host['project_id'] = projectid
Host(**host).save()
kwargs = {
key: host[key]
for key in ['url', 'ip', 'port'] if key in host
}
hostid = Host.where(**kwargs).getsraw('id')[0]['id']
for vul in vuls:
vul['host_id'] = hostid
Vul(**vul).save()
for comment in comments:
comment['host_id'] = hostid
Comment(**comment).save()
return jsonSuccess()
def GET(self):
params = web.input()
if not params.id.strip().isdigit():
raise web.internalerror("Parameter type error.")
host = Host.get(params.id.strip())
vuls = Vul.where(host_id=host.id).gets("id")
for vul in vuls:
vul.remove()
comments = Comment.where(host_id=host.id).gets("id")
for comment in comments:
comment.remove()
host.remove()
return jsonSuccess()
def GET(self):
params = web.input()
if not params.id.strip().isdigit():
raise web.internalerror("Parameter type error.")
host = Host.get(params.id.strip())
vuls = Vul.where(host_id=host.id).gets("id")
for vul in vuls:
vul.remove()
comments = Comment.where(host_id=host.id).gets("id")
for comment in comments:
comment.remove()
host.remove()
return jsonSuccess()
def GET(self):
web.header('Content-Type', 'application/json')
params = web.input()
try:
hid = str(int(params.id))
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
try:
Host.delete(hid)
except (KeyError, AttributeError, FieldError, ModelError,
DBError) as error:
RTD.log.error(error)
raise web.internalerror(error)
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(projectfile={})
try:
fileName = params.projectfile.filename
fileStr = params.projectfile.value
except AttributeError:
raise web.internalerror("Missing parameter.")
projectDict = json.loads(fileStr)
hosts = projectDict.get("hosts",[])
try:
del projectDict['hosts']
except KeyError:
pass
try:
Project(**projectDict).save()
except DBError as error:
raise web.internalerror("failed to insert project "+str(error))
projectid = Project.where(name=projectDict.get('name')).getsraw('id')[0]['id']
for host in hosts:
vuls = host.get("vuls",[])
comments = host.get("comments",[])
try:
del host['vuls']
del host['comments']
except KeyError:
pass
host['project_id'] = projectid
Host(**host).save()
kwargs = {key:host[key] for key in ['url','ip','port'] if key in host}
hostid = Host.where(**kwargs).getsraw('id')[0]['id']
for vul in vuls:
vul['host_id'] = hostid
Vul(**vul).save()
for comment in comments:
comment['host_id'] = hostid
Comment(**comment).save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
ipList = [x[1] for x in rawParamList if x[0]=="iplist"]
hosts = [Host(ip=x) for x in ipList]
defaultValue = {"tmp":1}
task = SubnetScanPlugin() | ServiceIdentifyPlugin(ptype=1) | DataSavePlugin(defaultValue=defaultValue,projectid=projectid)
task.dostart(hosts)
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(dictfile={})
try:
fileName = params.dictfile.filename
dtype = int(params.type)
except AttributeError:
raise web.internalerror("Missing parameter.")
if dtype == 0:
fileNameFull = os.path.join("data","wordlist","dnsbrute",fileName)
else:
raise web.internalerror("dict type error.")
try:
fd = open(fileNameFull, "w")
fd.write(params.dictfile.value)
except IOError as error:
raise web.internalerror('Write dictfile failed!')
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input(dictfile={})
try:
fileName = params.dictfile.filename
dtype = int(params.type)
except AttributeError:
raise web.internalerror("Missing parameter.")
if dtype == 0:
fileNameFull = os.path.join("data", "wordlist", "dnsbrute",
fileName)
else:
raise web.internalerror("dict type error.")
try:
fd = open(fileNameFull, "w")
fd.write(params.dictfile.value)
except IOError as error:
raise web.internalerror('Write dictfile failed!')
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (("database", "string", "1-50"), )
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
oldDB = CONF.db.name
CONF.db.name = str(params.database)
dblist = os.listdir(os.path.join("data", "database"))
if params.database not in dblist:
try:
Database.create()
except DBError as error:
CONF.db.name = oldDB
raise web.internalerror("Databae creating error," + str(error))
CONF.save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
ipList = [x[1] for x in rawParamList if x[0] == "iplist"]
hosts = [Host(ip=x) for x in ipList]
defaultValue = {"tmp": 1}
task = SubnetScanPlugin() | ServiceIdentifyPlugin(
ptype=1) | DataSavePlugin(defaultValue=defaultValue,
projectid=projectid)
task.dostart(hosts)
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
dictList = [x[1] for x in rawParamList if x[0]=="dictlist"]
options = (
("domain","url",""),
)
try:
domainParams = formatParam(params, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
task = None
if "dnsbrute" in params.keys():
task = DnsBrutePlugin(dictList)
if "googlehacking" in params.keys():
task = (task + GoogleHackingPlugin()) if task else GoogleHackingPlugin()
if "zonetrans" in params.keys():
task = (task + ZoneTransPlugin()) if task else ZoneTransPlugin()
if task is None:
task = GoogleHackingPlugin()
task = task | ServiceIdentifyPlugin() | DataSavePlugin(projectid=projectid)
host = Host(url=domainParams.domain)
task.dostart([host])
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
params = web.input()
rawParam = web.data()
try:
projectid = int(params.project_id)
except AttributeError as error:
RTD.log.error(error)
raise web.internalerror(error)
rawParamList = [x.split("=") for x in rawParam.split("&")]
dictList = [x[1] for x in rawParamList if x[0] == "dictlist"]
options = (("domain", "url", ""), )
try:
domainParams = formatParam(params, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
task = None
if "dnsbrute" in params.keys():
task = DnsBrutePlugin(dictList)
if "googlehacking" in params.keys():
task = (task +
GoogleHackingPlugin()) if task else GoogleHackingPlugin()
if "zonetrans" in params.keys():
task = (task + ZoneTransPlugin()) if task else ZoneTransPlugin()
if task is None:
task = GoogleHackingPlugin()
task = task | ServiceIdentifyPlugin() | DataSavePlugin(
projectid=projectid)
host = Host(url=domainParams.domain)
task.dostart([host])
return jsonSuccess()
def GET(self):
params = web.input()
try:
comment = Comment.get(params.id.strip())
except AttributeError:
raise web.internalerror("Missing parameter.")
except FieldError as error:
raise web.internalerror(error)
except WIPError as error:
RTD.log.error(error)
raise web.internalerror("Internal ERROR!")
if not comment:
return jsonFail()
#delete attachment
if comment.attachment:
if os.path.exists(os.path.join("static","attachment",comment.attachment)):
os.remove(os.path.join("static","attachment",comment.attachment))
comment.remove()
return jsonSuccess()
def POST(self):
originParams = web.input()
options = (
("dbname","string","1-50"),
)
if not os.path.exists("log"):
os.mkdir("log")
if not os.path.exists(os.path.join("static","attachment")):
os.mkdir(os.path.join("static","attachment"))
if not os.path.exists(os.path.join("static","tmp")):
os.mkdir(os.path.join("static","tmp"))
if not os.path.exists("data"):
os.mkdir("data")
if not os.path.exists(os.path.join("data","database")):
os.mkdir(os.path.join("data","database"))
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
try:
CONF.db.name = str(params.dbname)
except WIPError as error:
raise web.internalerror("Configure file parse error.")
try:
Database.create()
except DBError as error:
raise web.internalerror("Databae creating error,"+str(error))
CONF.isinstall = True
CONF.save()
return jsonSuccess()
def POST(self):
web.header('Content-Type', 'application/json')
originParams = web.input()
options = (
("database","string","1-50"),
)
try:
params = formatParam(originParams, options)
except ParamError as error:
raise web.internalerror("Parameter error, {0}.".format(error))
oldDB = CONF.db.name
CONF.db.name = str(params.database)
dblist = os.listdir(os.path.join("data","database"))
if params.database not in dblist:
try:
Database.create()
except DBError as error:
CONF.db.name = oldDB
raise web.internalerror("Databae creating error,"+str(error))
CONF.save()
return jsonSuccess()
def POST(self):
params = web.input()
kw = {k:params[k].strip() for k in ("name","url","ip","level","whois","description")}
project = Project(**kw)
project.save()
return jsonSuccess()
def GET(self):
params = web.input()
Vul.delete(params.id.strip())
return jsonSuccess()
def POST(self):
params = web.input()
kw = {k:params[k].strip() for k in ("name","url","ip","whois","description","level")}
Project.where(id=params.id.strip()).update(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {k:params[k].strip() for k in ("title","url","ip","port","protocol","level","os","server_info","middleware","description","project_id")}
Host.insert(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {k:params[k].strip() for k in ("title","url","ip","port","protocol","level","os","server_info","middleware","description")}
Host.where(id=params.id.strip()).update(**kw)
return jsonSuccess()
def GET(self):
params = web.input()
Vul.delete(params.id.strip())
return jsonSuccess()
def POST(self):
params = web.input()
kw = {k:params[k].strip() for k in ("name","url","info","level","description","host_id")}
Comment.insert(**kw)
return jsonSuccess()
def POST(self):
params = web.input()
kw = {k:params[k].strip() for k in ("id","name","url","info","level","description")}
Comment.where(id=params.id.strip()).update(**kw)
return jsonSuccess()