-
Notifications
You must be signed in to change notification settings - Fork 6
/
web.py
71 lines (62 loc) · 2.17 KB
/
web.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#coding=utf-8
import bottle
from bottle import get, post, request, route, install, template
import sqlite3
import time
import thread
@route('/listener', method='POST')
def listener():
specific_para = ""
content_length = ""
cookie = ""
detect_type = request.POST.get('detect_type')
specific_para = request.POST.get('specific_para')
requests = request.POST.get('request')
host = request.POST.get('host')
content_length = request.POST.get('content_length')
para_str = request.POST.get('para_str')
cookie = request.POST.get('cookie')
req_url = request.POST.get('req_url')
#print host
from vuln_detect import fuzzer
try:
fuzzer = fuzzer(requests, detect_type, para_str, host ,req_url ,specific_para, content_length, cookie)
thread.start_new_thread(fuzzer.detect,())
#log_value = fuzzer.detect()
except Exception, e:
print e
@route('/index')
def vulns():
pentest_date = time.strftime('%Y-%m-%d',time.localtime(time.time()))
conn = sqlite3.connect('pentest_request_fuzzer.db')
db = conn.cursor()
db.execute('select * from vulns where pentest_date="%s"'%(pentest_date))
rows = db.fetchall()
db.close()
row_name = ["主机名","请求包","漏洞类型","漏洞位置","检测日期"]
#替换换行符,让界面更整洁
rows_list = []
#for row_item in row:
# row_item[1].replace('\r\n','<br />'))
if rows:
for row in rows:
row_list = []
for column in row:
row_list.append(column.replace('\r\n', '<br />'))
rows_list.append(row_list)
if rows_list:
output = bottle.template('make_table', rows = rows_list, title= pentest_date+"扫描检测结果",row_names = row_name )
return output
@route('/waf')
def vulns():
pentest_date = time.strftime('%Y-%m-%d',time.localtime(time.time()))
conn = sqlite3.connect('pentest_request_fuzzer.db')
db = conn.cursor()
db.execute('select * from wafs where pentest_date="%s"'%(pentest_date))
row = db.fetchall()
db.close()
row_name = ["主机名","WAF类型","检测日期"]
if row:
output = bottle.template('make_table', rows = row, title = "WAF检测结果", row_names = row_name)
return output
bottle.run(host='localhost', port=8083)