Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
193 lines (166 sloc) 6.83 KB
#!/usr/bin/env python
# coding:utf-8
# @Date : 2017/4/17 10:45
# @File : main.py
# @Author : sevck (sevck@jdsec.cn)
# @Link : http://www.javsec.cn
# -------------------------------------------------------------------------
from flask import Flask, render_template, request
import re
import gaodeip
from password import PasswdGenerator
import cms
import whois
import skg
import ConfigParser
import MySQLdb
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
config = ConfigParser.RawConfigParser()
config.read("./config/config.conf")
MYSQL_HOST = config.get("mysql", "host")
MYSQL_USERNAME = config.get("mysql", "username")
MYSQL_PASSWORD = config.get("mysql", "password")
MYSQL_PORT = config.get("mysql", "port")
MYSQL_DB = config.get("mysql", "databases")
MYSQL_TABLES = config.get("mysql", "tables")
app = Flask(__name__)
# 连接数据库操作
def conn():
db = MySQLdb.connect(MYSQL_HOST, MYSQL_USERNAME,
MYSQL_PASSWORD, MYSQL_DB,
int(MYSQL_PORT), charset='utf8')
db.ping(True)
cursor = db.cursor()
return cursor
@app.route('/', methods=["get", "post"])
def index():
return render_template('wooyun.html')
# IP地址定位
@app.route('/ip', methods=["get", "post"])
def BaiduIp():
if request.method == 'POST':
ip = request.form.get("search")
addr = ip.strip().split('.') # 切割IP地址为一个列表
data = {}
if len(addr) != 4:
data['error'] ="IP 错误!"
return render_template('ip.html', data=data, title="高精度IP查询")
else:
data = gaodeip.search(ip)
if data.has_key('error'):
data['error'] = "查询失败,请尝试再次查询"
return render_template('ip.html', data=data, title="高精度IP查询")
else:
return render_template('ip.html', data=data, title="高精度IP查询")
else:
return render_template('ip.html', title="高精度IP查询")
# CMS在线识别
@app.route('/webdna', methods=["get", "post"])
def webdna():
if request.method == 'POST':
url = request.form.get("search")
if re.match(r'^https?:/{2}\w.+$', url):
data = cms.cms(url)
if data.has_key('error'):
data['error'] = "没有找到合适的CMS"
return render_template('cms.html', data=data, title="CMS识别")
else:
return render_template('cms.html', title="CMS识别")
# 在线密码生成
@app.route('/password', methods=["get", "post"])
def password_build():
if request.method == 'POST':
from flask import make_response
birthday = request.form.get("birthday", "")
fullname = request.form.get("fullname", "")
nickname = request.form.get("nickname", "")
englishname = request.form.get("englishname", "")
partnername = request.form.get("partnername", "")
phone = request.form.get("phone", "")
qq = request.form.get("qq", "")
company = request.form.get("company", "")
domain = request.form.get("domain", "")
oldpasswd = request.form.get("oldpasswd", "")
keywords = request.form.get("keywords", "")
keynumbers = request.form.get("keynumbers", "")
pwgen = PasswdGenerator(fullname=fullname, nickname=nickname, englishname=englishname, partnername=partnername,
phone=phone, qq=qq, company=company, domain=domain, oldpasswd=oldpasswd,
keywords=keywords, keynumbers=keynumbers, birthday=birthday)
wordlist = pwgen.generate()
content = '\n'.join(wordlist)
response = make_response(content)
response.headers["Content-Disposition"] = "attachment; filename=pass.txt"
return response
# return render_template('password.html',data=wordlist,title="社工密码生成")
else:
return render_template('password.html', title="社工密码生成")
# Whois 在线查询
@app.route('/whois', methods=["get", "post"])
def whoisa():
if request.method == 'POST':
url = request.form.get("search")
data = whois.whois(url).replace("\n", "</br>")
return render_template('whois.html', data=data, title="Whois查询")
else:
return render_template('whois.html', title="Whois查询")
# 调用外部社工库进行查询
@app.route('/pass', methods=["get", "post"])
def findpass():
if request.method == 'POST':
info = request.form.get("search")
data = skg.findpass(info)
return render_template('skg.html', data=data, title="社工库查询")
else:
return render_template('skg.html', title="社工库查询")
# 集成wooyun漏洞平台
@app.route('/wooyun', methods=["get", "post"])
@app.route('/wooyun/<int:pages>', methods=["get", "post"])
def wooyun(pages=0):
searchword = request.args.get('key', '').strip()
log_id = request.args.get('id', '').strip()
data = {}
table = list()
cursor = conn()
if log_id:
# 使用execute方法执行SQL语句
cursor.execute(MySQLdb.escape_string("SELECT * from {MYSQL_TABLES} where gid={log_id}"
.format(MYSQL_TABLES=MYSQL_TABLES,log_id=log_id)))
# 使用 fetchone() 方法获取一条数据库。
results = cursor.fetchone()
data["id"] = results[0]
data["text"] = results[2]
data["title"] = results[1]
if searchword:
sql = 'SELECT gid,title from {MYSQL_TABLES} where title like "%{searchword}%"'\
.format(MYSQL_TABLES=MYSQL_TABLES, searchword=searchword)
cursor.execute(sql)
results = cursor.fetchall()
for rows in results:
tdata = {"id": rows[0], "title": rows[1]}
table.append(tdata)
cursor.close()
return render_template("wooyun.html", title="乌云漏洞查询", data=data, table=table)
# 集成wooyun漏洞平台 -被忽略的漏洞
@app.route('/wooyun1', methods=["get", "post"])
@app.route('/wooyun1/<int:pages>', methods=["get", "post"])
def wooyun1(pages=0):
if pages is None:
pages = 0
if pages < 0:
pages = 0
sql = 'SELECT gid,title from %s where content like "%%%s%%" limit %d,%d' % MYSQL_TABLES, ("无影响厂商忽略", pages * 20, 20)
cursor = conn()
cursor.execute(sql)
results = cursor.fetchall()
table = list()
for rows in results:
tdata = {}
tdata["id"] = rows[0]
tdata["title"] = rows[1]
table.append(tdata)
cursor.close()
return render_template("wooyun.html", title="乌云忽略漏洞查询", table=table, next=pages + 1, prev=pages - 1)
if __name__ == '__main__':
app.run(host='127.0.0.1', port=5000, debug=True)
You can’t perform that action at this time.