修改插件和异常

Cl0udG0d · Cl0udG0d · commit f6cc46b91ec3 · 2022-03-17T01:06:17.000+08:00
diff --git a/app/celery/celerytask.py b/app/celery/celerytask.py
@@ -9,7 +9,7 @@
 from celery import Celery
 from init import app
 from app.model.models import (
-    Task,scanTask,PocList
+    Task,scanTask,PocList,pluginList
 )
 from app.model.exts import db
 from app.scan.scanIndex import scanConsole
@@ -47,22 +47,38 @@ def updateTaskEndTime(id):
 
 
 
+def getPocAndPlugin():
+    pocs = PocList.query.all()
+    plugins = pluginList.query.all()
+    poclist,pluginlist = list(),list()
+
+    for poc in pocs:
+        if poc.status:
+            poclist.append([poc.filename, poc.position])
+
+
+    for plugin in plugins:
+        if plugin.status:
+            pluginlist.append([plugin.filename, plugin.position])
+
+    return poclist,pluginlist
+
+
+
 @scantask.task(bind=True)
 def scanTarget(self,url):
     # task = Task.query.filter(Task.key == key).first()
     self.update_state(state="PROGRESS")
     # print(scanTarget.request.id)
-    pocs=PocList.query.all()
-    poclist=list()
-    for poc in pocs:
-        if poc.status:
-            poclist.append([poc.filename,poc.position])
+
+    poclist,pluginlist=getPocAndPlugin()
     try:
-        scanConsole(url,poclist,self.request.id)
+        scanConsole(url,poclist,self.request.id,pluginlist)
     except Exception as e:
         # print(e)
         self.update_state(state="FAILURE")
-        raise
+        logger.warning(e)
+        pass
     else:
         updateTaskEndTime(self.request.id)
 
@@ -82,4 +98,9 @@ def startScan(self,targets):
 
 
 if __name__ == '__main__':
-    print('a')
+    from app.scan.scanIndex import scanPocs
+    with app.app_context():
+        poclist,pluginlist=getPocAndPlugin()
+
+        scanPocs("http://5.251.142.195:999/", poclist, "1")
+        # print(poclist)
diff --git a/app/model/models.py b/app/model/models.py
@@ -92,7 +92,7 @@ class pluginList(db.Model):
     __tablename__ = 'pluginList'
     id = db.Column(db.Integer, primary_key=True, autoincrement=True)
     status = db.Column(db.Boolean, default=False)
-    position = db.Column(db.Integer, default=0)
+    position = db.Column(db.Boolean, default=False)
     filename = db.Column(db.String(128), nullable=False)
 
 
diff --git a/app/plugin/pluginlist.py b/app/plugin/pluginlist.py
@@ -96,7 +96,7 @@ def delPluginFile(filename):
 @plugin.route('/plugin/delPlugin/<int:id>',methods=['GET'])
 @login_required
 def delPlugin(id=None):
-    print(id)
+    # print(id)
     with app.app_context():
         plugin= pluginList.query.filter(pluginList.id == id).first()
         delPluginFile(plugin.filename)
diff --git a/app/scan/scanIndex.py b/app/scan/scanIndex.py
@@ -9,6 +9,9 @@
 
 from app.utils.selfrequests import getRep
 from app.utils.baseMsg import GetBaseMessage
+from app.utils.szheException import (
+    reqBadExceptin
+)
 from app.model.models import (
     BaseInfo,VulList
 )
@@ -21,18 +24,28 @@
 from pocsuite3.api import get_results
 import os
 
+
+
 def saveVul(result,tid,poc):
     with app.app_context():
         vul=VulList(url=result['url'],tid=tid,pocname=poc,references=result['poc_attrs']['references'],created=result['created'])
         db.session.add(vul)
         db.session.commit()
 
+
+
+def saveExts():
+    return
+
+
+
 def scanPoc(url,currdir,poc,tid):
     config = {
         'url': url,
         'poc': os.path.join(currdir,poc+'.py'),
     }
-    # print(config['poc'])
+
+    print(config['poc'])
     # print(os.path.dirname(os.path.dirname(__file__)))
     # config字典的配置和cli命令行参数配置一模一样
     init_pocsuite(config)
@@ -44,31 +57,66 @@ def scanPoc(url,currdir,poc,tid):
 
 
 def scanPocs(url,poclist,tid,position=False):
+    currdir = os.path.join(os.path.dirname(os.path.dirname(__file__)), "../pocs/")
     for poc in poclist:
         if poc[1]==position:
             try:
-                currdir=os.path.join(os.path.dirname(os.path.dirname(__file__)),"../pocs/")
                 scanPoc(url,currdir,poc[0],tid)
             except Exception as e:
                 logging.info(e)
                 pass
 
 
 
-def scanConsole(url,poclist,tid):
+def scanPlugins(url,pluginlist,tid,position=False):
+    currdir = os.path.join(os.path.dirname(os.path.dirname(__file__)), "../pocs/")
+    for plugin in pluginlist:
+        if plugin[1]==position:
+            try:
+                scanPoc(url,currdir,plugin[0],tid)
+            except Exception as e:
+                logging.info(e)
+                pass
+
+
+
+def scanPlugin(url,currdir,plugin,tid):
+    config = {
+        'url': url,
+        'plugin': os.path.join(currdir, plugin + '.py'),
+    }
+    # print(config['poc'])
+    # print(os.path.dirname(os.path.dirname(__file__)))
+    # config字典的配置和cli命令行参数配置一模一样
+    init_pocsuite(config)
+    start_pocsuite()
+    result = get_results().pop()
+    if result['status'] == 'success':
+        saveVul(result, tid, poc)
+
+
+
+
+def scanConsole(url,poclist,tid,pluginlist):
     rep,target=getRep(url)
     if not rep:
-        raise
+        raise reqBadExceptin(url)
     basemsg=GetBaseMessage(url,target,rep)
     with app.app_context():
         basemsgdb=BaseInfo(url=url,tid=tid,status=basemsg.GetStatus(),title=basemsg.GetTitle(),date=basemsg.GetDate(),responseheader=basemsg.GetResponseHeader(),Server=basemsg.GetFinger())
         db.session.add(basemsgdb)
         db.session.commit()
-    scanPocs(target,poclist,tid) # 前置扫描
+
+    # 前置扫描
+    scanPocs(target,poclist,tid)
+    # scanPlugins(target,pluginlist,tid)
 
     results=spider(target)
+
+    # 后置扫描
     for tempurl in results:
-        scanPocs(tempurl, poclist, tid, position=True) # 后置扫描
+        scanPocs(tempurl, poclist, tid, position=True)
+        # scanPlugins(target, pluginlist, tid, position=True)
     logging.info("ScanEnd")
 
 
diff --git a/app/utils/szheException.py b/app/utils/szheException.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python 
+# -*- coding: utf-8 -*-
+# @Time    : 2022/3/17 0:40
+# @Author  : Cl0udG0d
+# @File    : szheException.py
+# @Github: https://github.com/Cl0udG0d
+
+
+class reqBadExceptin(Exception):
+    "this is user's Exception for check the length of name "
+    def __init__(self,url):
+        self.url = url
+    def __str__(self):
+        return "请求失败 {}".format(self.url)
+
+
+def test():
+    print('hi')
+
+
+if __name__ == '__main__':
+    test()
diff --git a/assets/templates/base.html b/assets/templates/base.html
@@ -103,27 +103,16 @@ <h3 class="panel-title">修改密码</h3>
 						        </a>
 						    </li>
 						     <li {% block active4 %}{% endblock %}>
-						        <a href="javascript:void(0);">
+						        <a href="{{url_for('pocs.poclist')}}">
 						            <span class="icon"><i class="fa fa-gavel"></i></span>
 						            <span class="name">POC管理</span>
-						            <span class="arrow"><i class="arrow fa fa-angle-right pull-right"></i></span>
 						        </a>
-						        <ul class="sidebar-dropdown">
-			                            <li><a href="{{url_for('pocs.poclist')}}">poc市场</a></li>
-			                            <li><a href="{{url_for('pocs.poclist')}}">本地poc</a></li>
-			                    </ul>
 						    </li>
 						    <li {% block active5 %}{% endblock %}>
-						        <a href="javascript:void(0);">
+						        <a href="{{url_for('plugin.pluginlist')}}">
 						            <span class="icon"><i class="fa fa fa-puzzle-piece"></i></span>
 						            <span class="name">扩展插件</span>
-						            <span class="arrow"><i class="arrow fa fa-angle-right pull-right"></i></span>
 						        </a>
-						        <ul class="sidebar-dropdown">
-			                            <li><a href="{{url_for('plugin.pluginlist')}}">插件市场</a></li>
-			                            <li><a href="{{url_for('plugin.pluginlist')}}">本地插件</a></li>
-			                    </ul>
-
 						    </li>
 					</ul>
 				  </div>
diff --git a/plugins/plugin1.py b/plugins/plugin1.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python 
+# -*- coding: utf-8 -*-
+# @Time    : 2022/3/16 16:56
+# @Author  : Cl0udG0d
+# @File    : plugin1.py
+# @Github: https://github.com/Cl0udG0d
+import requests
+import re
+
+def run(url):
+    result = {
+        'status': 'fail'
+    }
+    vul_url = '%s/veribaze/angelo.mdb' % url
+    response = requests.get(vul_url).text
+
+    if re.search('Standard Jet DB', response):
+        result['VerifyInfo'] = {}
+        result['VerifyInfo']['URL'] = url
+        result['VerifyInfo']['context'] = response
+        result['status'] = 'success'
+    return result
+
+
+def test():
+    print('hi')
+
+
+if __name__ == '__main__':
+    test()
diff --git a/pocs/PHPMyAdmin_all_weak_password.py b/pocs/PHPMyAdmin_all_weak_password.py
diff --git a/pocs/phpMyAdmin 弱密码漏洞.py b/pocs/phpMyAdmin 弱密码漏洞.py
