update

A099 · Sep 27, 2021 · 85fe271 · 85fe271
1 parent 3e33e05
commit 85fe271
Show file tree

Hide file tree

Showing 124 changed files with 36,601 additions and 220 deletions.
diff --git a/README.md b/README.md
@@ -3,14 +3,13 @@ H是一款强大的资产收集管理平台(目前还在开发中)
 
 预计实现以下功能
 
-- [ ] 域名扫描
-- [ ] 端口扫描
-- [ ] web站点扫描
-- [ ] 目录扫描
+- [x] 域名扫描
+- [x] 端口扫描
+- [x] web站点扫描
+- [x] 目录扫描
 - [ ] 漏洞扫描(nuclei, 自定义poc, xray+rad) 
 - [ ] host碰撞插件
 - [ ] apk域名提取插件
-- [ ] 单独子域名爆破模块
 - [ ] 备案信息查询
 - [ ] fofa查询
 - [ ] 多账号管理
@@ -21,4 +20,6 @@ H是一款强大的资产收集管理平台(目前还在开发中)
 
 2021.9.13 -- 数据库交互确认，数据渲染逻辑确认，完成资产管理页面，资产添加页面(50%)，扫描模式添加页面(25%)
 
-2021.9.23 -- 完成资产添加，资产管理，扫描模式，扫描周期，系统配置，资产详细(25%)
+2021.9.23 -- 完成资产添加，资产管理，扫描模式，扫描周期，系统配置，资产详细(25%)
+
+2021.9.27 -- 完成资产的增删改，完成域名爆破，端口扫描，web扫描，目录扫描的扫描逻辑
diff --git a/app/base/templates/includes/sidebar.html b/app/base/templates/includes/sidebar.html
@@ -88,10 +88,6 @@
  class="nav-item {% if 'fofa' in segment %} active {% endif %}">
  <a href="/charts-morris.html" class="nav-link "><span class="pcoded-micon"><i class="feather icon-pie-chart"></i></span><span class="pcoded-mtext">fofa查询</span></a></li>
 
- <li data-username="subbrute" 
- class="nav-item {% if 'gitcollection' in segment %} active {% endif %}">
- <a href="/charts-morris.html" class="nav-link "><span class="pcoded-micon"><i class="feather icon-pie-chart"></i></span><span class="pcoded-mtext">子域名爆破</span></a></li>
-
  <li class="nav-item pcoded-menu-caption">
  <label>系统设置</label>
  </li>

diff --git a/app/home/dirb/models.py b/app/home/dirb/models.py
@@ -0,0 +1,21 @@
+from sqlalchemy import Column, Integer, String
+from sqlalchemy.sql.sqltypes import Boolean
+from sqlalchemy.dialects.mysql import LONGTEXT
+
+from app import db
+
+# 目录信息管理
+class Dirb(db.Model):
+ __tablename__ = 'Dirb'
+ id = Column(Integer, autoincrement=True, primary_key=True)
+ dir_base = Column(String(128), unique=True) # url路径
+ dir_path = Column(String(128)) # 路径
+ dir_status = Column(String(128)) # dirb 响应码
+ dir_length = Column(String(128)) # dirb 响应长度
+ dir_title = Column(String(128)) # dirb 目录名
+ dir_time = Column(String(128)) # 修改时间
+ dir_http = Column(Integer) # 隶属于的http
+ dir_tool = Column(String(128)) # 通过何种工具收集
+ dir_user = Column(String(128)) # 添加用户
+ dir_new = Column(String(128)) # 是否为新增
+ dir_target = Column(Integer) # 隶属于的目标
diff --git a/app/home/domain/models.py b/app/home/domain/models.py
@@ -8,7 +8,6 @@ class Domain(db.Model):
  __tablename__ = 'Domain'
  id = Column(Integer, autoincrement=True, primary_key=True)
  domain_name = Column(String(128), unique=True) #扫描域名名
- domain_subdomain_status = Column(Boolean, default=False) #子域扫描状态
  domain_user = Column(String(128)) #添加用户
  domain_time = Column(String(128)) #修改时间
  domain_target = Column(Integer) #隶属于的目标
diff --git a/app/home/http/models.py b/app/home/http/models.py
@@ -14,9 +14,9 @@ class Http(db.Model):
  http_status = Column(String(128)) # http 响应码
  http_length = Column(String(128)) # http 响应长度
  http_screen = Column(LONGTEXT) # http 页面截图
- http_dirb_status = Column(Boolean, default=False) #是否扫描目录
- http_vuln_status = Column(Boolean, default=False) #是否扫描漏洞
+ http_finger = Column(String(128)) # http 指纹
  http_see = Column(Boolean, default=False) #是否已读
  http_new = Column(Integer) #是否是新增
  http_time = Column(String(128)) #修改时间
+ http_user = Column(String(128)) # 扫描用户
  http_target = Column(Integer) #隶属于的目标
diff --git a/app/home/routes.py b/app/home/routes.py
@@ -27,11 +27,16 @@ def targetroute():
 def targetaddroute():
  return targetadd();
 
-@blueprint.route('/tagetinfo', methods=['GET', 'POST'])
+@blueprint.route('/targetinfo', methods=['GET', 'POST'])
 @login_required
 def targetinforoute():
  return targetinfo();
 
+@blueprint.route('/targetedit', methods=['GET', 'POST'])
+@login_required
+def targeteditroute():
+ return targetedit();
+
 @blueprint.route('/scanmethod', methods=['GET', 'POST'])
 @login_required
 def scanmethodroute():

diff --git a/app/home/scanconfig/forms.py b/app/home/scanconfig/forms.py
@@ -32,14 +32,14 @@ class ScanmethodForm(FlaskForm):
  scanmethod_subfinder = BooleanField('subfinder扫描',default=False)
  scanmethod_amass = BooleanField('amass扫描',default=False)
  scanmethod_shuffledns = BooleanField('shuffledns扫描',default=False)
- scanmethod_github = BooleanField('github扫描',default=False)
+ scanmethod_second = BooleanField('二级子域名爆破扫描',default=False)
  scanmethod_port = BooleanField('端口扫描',default=False)
  scanmethod_port_portlist = SelectField('端口模式', choices=[('top100', 'top100端口'), ('top1000', 'top1000端口'),('all', '全端口'),('deafult', '自定义')])
  scanmethod_port_dfportlist = StringField('自定义端口',)
  scanmethod_httpx = BooleanField('站点扫描',default=False)
  scanmethod_ehole = BooleanField('站点指纹识别',default=False)
  scanmethod_screenshot = BooleanField('站点截图',default=False)
- scanmethod_jsfinder = BooleanField('站点扫描',default=False)
+ scanmethod_jsfinder = BooleanField('jsfinder扫描',default=False)
  scanmethod_dirb = BooleanField('目录扫描',default=False)
  scanmethod_dirb_wordlist = SelectField('目录字典', choices=[('top100', 'top100字典'),('top1000', 'top1000字典'), ('top7000', 'top7000字典')])
  scanmethod_xray = BooleanField('rad+xray扫描',default=False)

diff --git a/app/home/scanconfig/models.py b/app/home/scanconfig/models.py
@@ -9,7 +9,7 @@ class Scanmethod(db.Model):
  scanmethod_subfinder = db.Column(db.Boolean, default=False) #是否扫描subfinder
  scanmethod_amass = db.Column(db.Boolean, default=False) #是否扫描amass
  scanmethod_shuffledns = db.Column(db.Boolean, default=False) #是否扫描amass
- scanmethod_github = db.Column(db.Boolean, default=False) #是否扫描amass
+ scanmethod_second = db.Column(db.Boolean, default=False) # 基于已有的子域名，对二级域名爆破
  scanmethod_port = db.Column(db.Boolean, default=False) #是否扫描端口
  scanmethod_port_portlist = db.Column(db.String(128)) #扫描端口类型选择
  scanmethod_port_dfportlist = db.Column(db.String(255)) #自定义端口

diff --git a/app/home/scanconfig/view.py b/app/home/scanconfig/view.py
@@ -45,7 +45,10 @@ def scanmethod(DynamicModel = Scanmethod, DynamicFrom = ScanmethodForm):
  nowscanmethod = utils.queryToDict(nowscanmethod)
  utils.dict_to_form(nowscanmethod, DynamicFrom)
  flag = True
- dict = {'content': utils.queryToDict(result)}
+ if(result):
+ dict = {'content': utils.queryToDict(result)}
+ else:
+ dict = {'content':{}}
  return render_template('scanmethod.html',form=DynamicFrom, dict = dict, id = id, flag=flag)
 
 
@@ -84,5 +87,8 @@ def scancron(DynamicModel = Scancron, DynamicFrom = ScancronFrom):
  nowscanmethod = utils.queryToDict(nowscanmethod)
  utils.dict_to_form(nowscanmethod, DynamicFrom)
  flag = True
- dict = {'content': utils.queryToDict(result)}
+ if(result):
+ dict = {'content': utils.queryToDict(result)}
+ else:
+ dict = {'content':{}}
  return render_template('scancron.html',form=DynamicFrom, dict = dict, id = id, flag=flag)
diff --git a/app/home/subdomain/models.py b/app/home/subdomain/models.py
@@ -10,8 +10,6 @@ class Subdomain(db.Model):
  subdomain_name = Column(String(128), unique=True) #子域名
  subdomain_ip = Column(String(128)) #子域ip
  subdomain_info = Column(String(128)) #子域解析信息
- subdomain_port_status = Column(Boolean, default=False) #端口扫描状态
- subdomain_http_status = Column(Boolean, default=False) #http扫描状态
  subdomain_tool = Column(String(128)) #通过何种工具收集到的
  subdomain_user = Column(String(128)) #添加用户
  subdomain_new = Column(Integer) #是否是新增

diff --git a/app/home/target/function.py b/app/home/target/function.py
@@ -3,6 +3,7 @@
 from app.home.subdomain.models import Subdomain
 from app.home.port.models import Port
 from app.home.http.models import Http
+from app.home.dirb.models import Dirb
 from app.home.utils import *
 import time
 from app import db
@@ -122,6 +123,10 @@ def blacklist_remove(black, target_id):
  [db.session.delete(r) for r in result]
  result = Port.query.filter(Port.port_domain.like("%{}%".format(b)), Port.port_target == target_id).all()
  [db.session.delete(r) for r in result]
+ result = Http.query.filter(Http.http_name.like("%{}%".format(b)), Http.http_target == target_id).all()
+ [db.session.delete(r) for r in result]
+ result = Dirb.query.filter(Dirb.dir_base.like("%{}%".format(b)), Dirb.dir_target == target_id).all()
+ [db.session.delete(r) for r in result]
  db.session.commit()
  except Exception as e:
  print(e)
@@ -133,6 +138,10 @@ def blacklist_remove(black, target_id):
  [db.session.delete(r) for r in result]
  result = Port.query.filter(Port.port_ip.like("%{}%".format(b)), Port.port_target == target_id).all()
  [db.session.delete(r) for r in result]
+ result = Http.query.filter(Http.http_name.like("%{}%".format(b)), Http.http_target == target_id).all()
+ [db.session.delete(r) for r in result]
+ result = Dirb.query.filter(Dirb.dir_base.like("%{}%".format(b)), Dirb.dir_target == target_id).all()
+ [db.session.delete(r) for r in result]
  db.session.commit()
  except Exception as e:
  print(e)

diff --git a/app/home/target/view.py b/app/home/target/view.py
@@ -9,6 +9,7 @@
 import math
 import time
 
+#target目录总览
 def target(DynamicModel = Target):
  # 接收参数
  action = request.args.get('action')
@@ -116,6 +117,7 @@ def target(DynamicModel = Target):
  'total_page': math.ceil(total_count / length), 'page': page, 'length': length, 'search': search}
  return render_template('target.html',form = dict)
 
+#target添加
 def targetadd(DynamicModel = Target, form = TargetForm):
  form = TargetForm()
  #定义扫描模式下拉框
@@ -141,6 +143,7 @@ def targetadd(DynamicModel = Target, form = TargetForm):
  target.target_time = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))
  target.target_status = 0
  target.target_user = str(current_user)
+ target.target_pid = 0
  db.session.add(target)
  db.session.commit()
  #设置blacklist的其他属性
@@ -153,7 +156,9 @@ def targetadd(DynamicModel = Target, form = TargetForm):
 
  return render_template('targetadd.html', form=form)
 
-def targetinfo(DynamicModel = Target, form = TargetForm):
+#target详细
+def targetinfo(DynamicModel = Target, DynamicFrom = TargetForm):
+ DynamicFrom = TargetForm()
  # 接收参数
  action = request.args.get('action')
  id = request.args.get('id')
@@ -166,7 +171,59 @@ def targetinfo(DynamicModel = Target, form = TargetForm):
  query = DynamicModel.query.filter(DynamicModel.id == id).first()
  else:
  query = DynamicModel.query.filter(DynamicModel.id == id).filter(DynamicModel.target_user == str(current_user)).order_by(DynamicModel.id).first()
- print(query)
  dict = {'content': query, 
  }
- return render_template('targetinfo.html', form=dict, id=id)
+ return render_template('targetinfo.html', form=dict, id=id)
+
+#target修改
+def targetedit(DynamicModel = Target, DynamicFrom = TargetForm):
+ DynamicFrom = TargetForm()
+ # 接收参数
+ id = request.args.get('id')
+
+ #定义扫描模式下拉框
+ model = Scanmethod.query.all()
+ model = queryToDict(model)
+ list = [(c['id'],c['scanmethod_name']) for c in model]
+ DynamicFrom.target_method.choices = list
+
+ #定义扫描周期下拉框
+ model = Scancron.query.all()
+ model = queryToDict(model)
+ list_cron = [(c['id'],c['scancron_name']) for c in model]
+ DynamicFrom.target_cron_id.choices = list_cron
+
+ count = DynamicModel.query.filter(DynamicModel.target_user == str(current_user), DynamicModel.id == id).count()
+ if(not is_admin() and count == 0 ):
+ flash("该资产不是你添加的")
+ return render_template('page-500.html')
+
+ nowstarget = db.session.query(DynamicModel).filter(DynamicModel.id == id).first()
+ nowstarget = queryToDict(nowstarget)
+ dict_to_form(nowstarget, DynamicFrom)
+
+ #处理发送添加请求
+ if request.method == 'POST':
+ print()
+ tmpform = request.form.to_dict()
+ target = form_to_model(tmpform, DynamicModel())
+
+ #设置target的其他属性
+ target.target_cron = True if target.target_cron == "True" else False
+ target.target_time = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))
+ target.target_status = 0
+ target.target_user = str(current_user)
+ target.target_pid = 0
+ target.id = id
+ dic = model_to_dict_2(target)
+ db.session.query(DynamicModel).filter(DynamicModel.id == id).update(dic)
+ db.session.commit()
+ #设置blacklist的其他属性
+ saveblacklist(target.black_name, target.id)
+ #设置domain的其他属性
+ savedomain(target.domain_name, target.id, current_user)
+ #设置subdomain的其他属性
+ savesubdomain(target.subdomain_name, target.id, current_user)
+ flash("修改成功")
+
+ return render_template('targetedit.html', form=DynamicFrom, id=id)
diff --git a/app/home/templates/scancron.html b/app/home/templates/scancron.html
@@ -1,6 +1,6 @@
 {% extends "layouts/base.html" %}
 
-{% block title %} 扫描模式设置 {% endblock %} 
+{% block title %} 扫描周期设置 {% endblock %} 
 
 <!-- Specific CSS goes HERE -->
 {% block stylesheets %}{% endblock stylesheets %}

diff --git a/app/home/templates/scanmethod.html b/app/home/templates/scanmethod.html
@@ -63,9 +63,9 @@ <h5>扫描模式设置</h5><hr/>
  {{form.scanmethod_shuffledns(class="custom-control-input",id="scanmethod_shuffledns")}}
  <label class="custom-control-label" for="scanmethod_shuffledns">shuffledns</label>
  </div>
- <div class="custom-control custom-checkbox custom-control-inline">
- {{form.scanmethod_github(class="custom-control-input",id="scanmethod_github")}}
- <label class="custom-control-label" for="scanmethod_github">github</label>
+ <div class="custom-control custom-checkbox custom-control-inline"> 
+ {{form.scanmethod_second(class="custom-control-input",id="scanmethod_second")}}
+ <label class="custom-control-label" for="scanmethod_second">shuffledns(子域名的域名爆破，top100小字典)</label>
  </div>
  </div>
  </div>
@@ -118,7 +118,7 @@ <h5>扫描模式设置</h5><hr/>
  <div class="form-group">
  <div class="custom-control custom-checkbox custom-control-inline"> 
  {{form.scanmethod_xray(class="custom-control-input",id="scanmethod_xray")}}
- <label class="custom-control-label" for="scanmethod_xray" >rad+xray</label>
+ <label class="custom-control-label" for="scanmethod_xray" >rad/gau+xray</label>
  </div>
  <div class="custom-control custom-checkbox custom-control-inline"> 
  {{form.scanmethod_nuclei(class="custom-control-input",id="scanmethod_nuclei")}}

diff --git a/app/home/templates/target.html b/app/home/templates/target.html
@@ -1,6 +1,6 @@
 {% extends "layouts/base.html" %}
 
-{% block title %} 资产管理 {% endblock %} 
+{% block title %} 资产列表 {% endblock %} 
 
 <!-- Specific CSS goes HERE -->
 {% block stylesheets %}{% endblock stylesheets %}
@@ -103,7 +103,7 @@ <h5>资产列表</h5>
  {% endif %}</td>
  <td style="vertical-align: middle !important;text-align: center;">{{row.target_user}}</td>
  <td style="vertical-align: middle !important;text-align: center;">{{row.target_time}}</td>
- <td style="vertical-align: middle !important;text-align: center;"><a href="/tagetinfo?id={{row.id}}" class="label theme-bg text-white f-12">详情</a> <a href="/target?action=delete&id={{row.id}}" class="label theme-bg2 text-white f-12">删除</a></td>
+ <td style="vertical-align: middle !important;text-align: center;"><a href="/targetinfo?id={{row.id}}" class="label theme-bg text-white f-12">详情</a> <a href="/target?action=delete&id={{row.id}}" class="label theme-bg2 text-white f-12">删除</a></td>
  </tr>
  {% endfor %}
 

diff --git a/app/home/templates/targetadd.html b/app/home/templates/targetadd.html
@@ -119,16 +119,4 @@ <h5>添加</h5>
 
 <!-- Specific Page JS goes HERE -->
 {% block javascripts %}
-<script>
- function initPage() {
-
- switch_value = $('#target_cron')[0].checked
- $('#target_corn').bootstrapSwitch("size","small",{
- state: switch_value,
- onText: '监控',
- offText: '未监控',
- });
-
- }
-</script>
 {% endblock javascripts %}