"+time+log[time]+"
" 290 | return return_html 291 | def get_TaskData(taskid): 292 | data=query_db('select data from Autosqli where taskid = ?',[taskid],one=True)['data'] 293 | return data 294 | 295 | def task_Dup(Options={}): 296 | options=Options.copy() 297 | tasklist=query_db('select url_parameters,options from Autosqli where user = ?',[session['username']]) 298 | if len(tasklist)==0: 299 | return 1 300 | urlparamters=get_UrlParamters(options['url']) 301 | del options['url'] 302 | for task in tasklist: 303 | templist_UrlParam=eval(task['url_parameters']) 304 | tempdic_Options=json.loads(task['options']) 305 | if 'url' in tempdic_Options.keys(): 306 | del tempdic_Options['url'] 307 | if sorted(urlparamters)==sorted(templist_UrlParam) and options==tempdic_Options: 308 | return -1 309 | return 1 310 | 311 | #------------------new Feature------------------------------- 312 | def gethref(url): 313 | def sp(urls): 314 | print urls 315 | alist = set() 316 | headers = {"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:47.0) Gecko/20100101 Firefox/47.0"} 317 | req = requests.get(url, headers=headers) 318 | domain = "{0}://{1}".format(urlparse(url).scheme, urlparse(url).netloc) 319 | soup = BeautifulSoup(req.text, "lxml") 320 | # import ipdb;ipdb.set_trace() 321 | if len(soup.find_all('a')) == 0: 322 | alist.add(urls) 323 | return 324 | for a in soup.find_all('a'): 325 | if a.has_attr('href') == False: 326 | continue 327 | if a['href'].startswith(domain): 328 | alist.add(a['href']) 329 | elif a['href'].startswith('http') == False: 330 | us = "{0}/{1}/{2}".format(domain, urlparse(url).path, a['href']) 331 | alist.add(us) 332 | return alist 333 | tmp1 = tmp2 = sp(url) 334 | if(tmp2!=None): 335 | for u in tmp2: 336 | tmp1 = tmp1 | sp(u) 337 | return tmp1 338 | else: 339 | return set([url]) 340 | 341 | def GetSuccessTarget(): 342 | slist = {} 343 | flag = re.compile(r'payload":\s+"(.*?)"') 344 | tasklist = get_TaskList() 345 | for task in tasklist: 346 | try: 347 | data = flag.search(task['data']).groups()[0] 348 | slist['url'] = task['url'] 349 | slist['data'] = data 350 | save_successresult(slist) 351 | except: 352 | pass 353 | return slist 354 | 355 | 356 | #-------------------A test page---------------------------------- 357 | #@app.route('/sqlshow.html') 358 | #def show_entries(): 359 | #db=get_Db() 360 | #cur = db.execute("select * from Autosqli") 361 | #entry=cur.fetchall() 362 | #tasklist=query_db('select user from Autosqli where taskid = ?',['7abc8e899783367a'],one=True) 363 | #return render_template('sqlshow.html', entries=entry,data=str(request.remote_addr)) 364 | #-------------------A test page end------------------------------ 365 | @app.route('/',methods=['GET']) 366 | def handle_root(): 367 | set_Session() 368 | return render_template("index.html") 369 | 370 | @app.route('/index.html',methods=['GET']) 371 | def handle_index(): 372 | set_Session() 373 | return render_template("index.html") 374 | 375 | @app.route('/quickbuild.html',methods=['GET']) 376 | def handle_quickbuild(): 377 | set_Session() 378 | return render_template("quickbuild.html") 379 | @app.route('/quickbuild.html',methods=['POST']) 380 | def handle_post_quickbuild(): 381 | options={} 382 | if 'url' in request.json and request.json['url']!="": 383 | options['url']=request.json['url'] 384 | m=re.match('(http://)|(https://)',options['url']) #add http:// for targetURL 385 | if m is None: 386 | options['url']="http://"+options['url'] 387 | if task_Dup(options)!= 1: 388 | return "False" 389 | else: 390 | taskid=new_Taskid() 391 | if taskid: 392 | result=set_Options(taskid,options) 393 | return str(result) 394 | else: 395 | return "False" 396 | else: 397 | return "False" 398 | 399 | @app.route('/customtask.html',methods=['GET']) 400 | def handle_customtask(): 401 | set_Session() 402 | return render_template("customtask.html") 403 | 404 | @app.route('/customtask.html',methods=['POST']) 405 | def handle_post_customtask(): 406 | options={} 407 | for k in request.form: 408 | if request.form[k] and request.form[k] != "False" and request.form[k]!= "": 409 | options[k]=request.form[k] 410 | if 'url' not in options.keys(): 411 | return render_template("customtask.html",result="Error:Please input URL.") 412 | m=re.match('(http://)|(https://)',options['url']) #add http:// for targetURL 413 | if m is None: 414 | options['url']="http://"+options['url'] 415 | 416 | urls = gethref(options['url']) 417 | for u in urls: 418 | options['url']=u 419 | if task_Dup(options)==1:#这里去重从逻辑上来更合理,但是没多大意义 420 | taskid=new_Taskid() 421 | if taskid: 422 | result = set_Options(taskid,options) 423 | else: 424 | return render_template("customtask.html",result="Error:Can not establish task.") 425 | return render_template("tasklist.html") 426 | @app.route('/spider',methods=['POST']) 427 | def hander_spider(): 428 | if 'url' in request.json and request.json['url']!="": 429 | url=request.json['url'] 430 | m=re.match('(http://)|(https://)',url) #add http:// for targetURL 431 | if m is None: 432 | url="http://"+url 433 | try: 434 | result=gethref(url) 435 | except Exception, e: 436 | return "False" 437 | if(len(result)!=0): 438 | li_list="" 439 | for u in result: 440 | li_list=li_list+"Now has {0} tasks to running
No task for you
TaskID: '+\ 459 | task['taskid']+\ 460 | '
Status: '+\ 461 | task['status']+'
'+\ 462 | 'TargetURL: '+\ 463 | task['url']+'
'+\ 464 | 'URL Paramters: '+\ 465 | task['url_parameters']+'
'+\ 466 | 'Options: '+\ 467 | task['options']+'
'+\ 468 | 'Server: '+\ 469 | task['server']+'
'+\ 470 | ''+\ 472 | ''+\ 473 | 'Data'+\ 474 | ''+\ 476 | ''+\ 478 | 'Now has {0} tasks to running
No task for you
TaskID: '+\ 507 | task['taskid']+\ 508 | '
Status: '+\ 509 | task['status']+'
'+\ 510 | 'TargetURL: '+\ 511 | task['url']+'
'+\ 512 | 'URL Paramters: '+\ 513 | task['url_parameters']+'
'+\ 514 | 'Options: '+\ 515 | task['options']+'
'+\ 516 | 'Server: '+\ 517 | task['server']+'
'+\ 518 | ''+\ 520 | ''+\ 521 | 'Data'+\ 522 | ''+\ 524 | ''+\ 526 | 'Now has {0} url success crack
URL: '+\ 538 | url['url']+\ 539 | '
payload: '+\ 540 | url['data']+'
"+html+""; 42 | 43 | }catch(e){ 44 | $id("Canvas").innerHTML = ""; 45 | 46 | } 47 | 48 | } 49 | 50 | window._dateObj = new Date(); 51 | 52 | window._regexpObj = new RegExp(); 53 | 54 | function ProcessObject(obj, indent, addComma, isArray, isPropertyContent){ 55 | 56 | var html = ""; 57 | 58 | var comma = (addComma) ? ", " : ""; 59 | 60 | var type = typeof obj; 61 | 62 | var clpsHtml =""; 63 | 64 | if(IsArray(obj)){ 65 | 66 | if(obj.length == 0){ 67 | 68 | html += GetRow(indent, "[ ]"+comma, isPropertyContent); 69 | 70 | }else{ 71 | 72 | clpsHtml = window.IsCollapsible ? "
| t |
{{result|safe}}
82 | 140 |爬虫入口URL:
142 | 143 | 144 |Add url here
55 | 56 | 57 |Attention
60 |If you use Quickly Build to start your scan task
61 |there is no options or all options is None.
62 |It means the options like cookies,smart,dbs will not set to your task
63 |If you want to use these options,please choose Custom Task.
64 |{{data|safe}}
15 | {% for entry in entries %} 16 |456545464
24 |