Skip to content

Commit

Permalink
修改插件和异常
Browse files Browse the repository at this point in the history
  • Loading branch information
@Cl0udG0d
Cl0udG0d committed Mar 16, 2022
1 parent f7df703 commit f6cc46b
Show file tree
Hide file tree
Showing 9 changed files with 231 additions and 102 deletions.
39 changes: 30 additions & 9 deletions app/celery/celerytask.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
from celery import Celery
from init import app
from app.model.models import (
Task,scanTask,PocList
Task,scanTask,PocList,pluginList
)
from app.model.exts import db
from app.scan.scanIndex import scanConsole
Expand Down Expand Up @@ -47,22 +47,38 @@ def updateTaskEndTime(id):



def getPocAndPlugin():
pocs = PocList.query.all()
plugins = pluginList.query.all()
poclist,pluginlist = list(),list()

for poc in pocs:
if poc.status:
poclist.append([poc.filename, poc.position])


for plugin in plugins:
if plugin.status:
pluginlist.append([plugin.filename, plugin.position])

return poclist,pluginlist



@scantask.task(bind=True)
def scanTarget(self,url):
# task = Task.query.filter(Task.key == key).first()
self.update_state(state="PROGRESS")
# print(scanTarget.request.id)
pocs=PocList.query.all()
poclist=list()
for poc in pocs:
if poc.status:
poclist.append([poc.filename,poc.position])

poclist,pluginlist=getPocAndPlugin()
try:
scanConsole(url,poclist,self.request.id)
scanConsole(url,poclist,self.request.id,pluginlist)
except Exception as e:
# print(e)
self.update_state(state="FAILURE")
raise
logger.warning(e)
pass
else:
updateTaskEndTime(self.request.id)

Expand All @@ -82,4 +98,9 @@ def startScan(self,targets):


if __name__ == '__main__':
print('a')
from app.scan.scanIndex import scanPocs
with app.app_context():
poclist,pluginlist=getPocAndPlugin()

scanPocs("http://5.251.142.195:999/", poclist, "1")
# print(poclist)
2 changes: 1 addition & 1 deletion app/model/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ class pluginList(db.Model):
__tablename__ = 'pluginList'
id = db.Column(db.Integer, primary_key=True, autoincrement=True)
status = db.Column(db.Boolean, default=False)
position = db.Column(db.Integer, default=0)
position = db.Column(db.Boolean, default=False)
filename = db.Column(db.String(128), nullable=False)


Expand Down
2 changes: 1 addition & 1 deletion app/plugin/pluginlist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ def delPluginFile(filename):
@plugin.route('/plugin/delPlugin/<int:id>',methods=['GET'])
@login_required
def delPlugin(id=None):
print(id)
# print(id)
with app.app_context():
plugin= pluginList.query.filter(pluginList.id == id).first()
delPluginFile(plugin.filename)
Expand Down
60 changes: 54 additions & 6 deletions app/scan/scanIndex.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@

from app.utils.selfrequests import getRep
from app.utils.baseMsg import GetBaseMessage
from app.utils.szheException import (
reqBadExceptin
)
from app.model.models import (
BaseInfo,VulList
)
Expand All @@ -21,18 +24,28 @@
from pocsuite3.api import get_results
import os



def saveVul(result,tid,poc):
with app.app_context():
vul=VulList(url=result['url'],tid=tid,pocname=poc,references=result['poc_attrs']['references'],created=result['created'])
db.session.add(vul)
db.session.commit()



def saveExts():
return



def scanPoc(url,currdir,poc,tid):
config = {
'url': url,
'poc': os.path.join(currdir,poc+'.py'),
}
# print(config['poc'])

print(config['poc'])
# print(os.path.dirname(os.path.dirname(__file__)))
# config字典的配置和cli命令行参数配置一模一样
init_pocsuite(config)
Expand All @@ -44,31 +57,66 @@ def scanPoc(url,currdir,poc,tid):


def scanPocs(url,poclist,tid,position=False):
currdir = os.path.join(os.path.dirname(os.path.dirname(__file__)), "../pocs/")
for poc in poclist:
if poc[1]==position:
try:
currdir=os.path.join(os.path.dirname(os.path.dirname(__file__)),"../pocs/")
scanPoc(url,currdir,poc[0],tid)
except Exception as e:
logging.info(e)
pass



def scanConsole(url,poclist,tid):
def scanPlugins(url,pluginlist,tid,position=False):
currdir = os.path.join(os.path.dirname(os.path.dirname(__file__)), "../pocs/")
for plugin in pluginlist:
if plugin[1]==position:
try:
scanPoc(url,currdir,plugin[0],tid)
except Exception as e:
logging.info(e)
pass



def scanPlugin(url,currdir,plugin,tid):
config = {
'url': url,
'plugin': os.path.join(currdir, plugin + '.py'),
}
# print(config['poc'])
# print(os.path.dirname(os.path.dirname(__file__)))
# config字典的配置和cli命令行参数配置一模一样
init_pocsuite(config)
start_pocsuite()
result = get_results().pop()
if result['status'] == 'success':
saveVul(result, tid, poc)




def scanConsole(url,poclist,tid,pluginlist):
rep,target=getRep(url)
if not rep:
raise
raise reqBadExceptin(url)
basemsg=GetBaseMessage(url,target,rep)
with app.app_context():
basemsgdb=BaseInfo(url=url,tid=tid,status=basemsg.GetStatus(),title=basemsg.GetTitle(),date=basemsg.GetDate(),responseheader=basemsg.GetResponseHeader(),Server=basemsg.GetFinger())
db.session.add(basemsgdb)
db.session.commit()
scanPocs(target,poclist,tid) # 前置扫描

# 前置扫描
scanPocs(target,poclist,tid)
# scanPlugins(target,pluginlist,tid)

results=spider(target)

# 后置扫描
for tempurl in results:
scanPocs(tempurl, poclist, tid, position=True) # 后置扫描
scanPocs(tempurl, poclist, tid, position=True)
# scanPlugins(target, pluginlist, tid, position=True)
logging.info("ScanEnd")


Expand Down
22 changes: 22 additions & 0 deletions app/utils/szheException.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time : 2022/3/17 0:40
# @Author : Cl0udG0d
# @File : szheException.py
# @Github: https://github.com/Cl0udG0d


class reqBadExceptin(Exception):
"this is user's Exception for check the length of name "
def __init__(self,url):
self.url = url
def __str__(self):
return "请求失败 {}".format(self.url)


def test():
print('hi')


if __name__ == '__main__':
test()
15 changes: 2 additions & 13 deletions assets/templates/base.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,27 +103,16 @@ <h3 class="panel-title">修改密码</h3>
</a>
</li>
<li {% block active4 %}{% endblock %}>
<a href="javascript:void(0);">
<a href="{{url_for('pocs.poclist')}}">
<span class="icon"><i class="fa fa-gavel"></i></span>
<span class="name">POC管理</span>
<span class="arrow"><i class="arrow fa fa-angle-right pull-right"></i></span>
</a>
<ul class="sidebar-dropdown">
<li><a href="{{url_for('pocs.poclist')}}">poc市场</a></li>
<li><a href="{{url_for('pocs.poclist')}}">本地poc</a></li>
</ul>
</li>
<li {% block active5 %}{% endblock %}>
<a href="javascript:void(0);">
<a href="{{url_for('plugin.pluginlist')}}">
<span class="icon"><i class="fa fa fa-puzzle-piece"></i></span>
<span class="name">扩展插件</span>
<span class="arrow"><i class="arrow fa fa-angle-right pull-right"></i></span>
</a>
<ul class="sidebar-dropdown">
<li><a href="{{url_for('plugin.pluginlist')}}">插件市场</a></li>
<li><a href="{{url_for('plugin.pluginlist')}}">本地插件</a></li>
</ul>

</li>
</ul>
</div>
Expand Down
30 changes: 30 additions & 0 deletions plugins/plugin1.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time : 2022/3/16 16:56
# @Author : Cl0udG0d
# @File : plugin1.py
# @Github: https://github.com/Cl0udG0d
import requests
import re

def run(url):
result = {
'status': 'fail'
}
vul_url = '%s/veribaze/angelo.mdb' % url
response = requests.get(vul_url).text

if re.search('Standard Jet DB', response):
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = url
result['VerifyInfo']['context'] = response
result['status'] = 'success'
return result


def test():
print('hi')


if __name__ == '__main__':
test()
72 changes: 0 additions & 72 deletions pocs/PHPMyAdmin_all_weak_password.py
View file

This file was deleted.

Loading

0 comments on commit f6cc46b

Please sign in to comment.