├── Core ├── __init__.py ├── vulnsum.py ├── report.py ├── MsgLkg.py └── scanandverif.py ├── bin ├── __init__.py └── snf.py ├── conf ├── __init__.py ├── webmapargs.py └── banner.py ├── README.md ├── wordlists ├── user.txt └── passwd.txt ├── setup ├── report ├── css │ ├── master.css │ └── kube.min.css └── js │ ├── kube.min.js │ └── jquery-2.1.4.min.js ├── webmap.py └── README.txt /Core/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /bin/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /conf/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # webmap 2 | 基于Python的自动化渗透测试工具 3 | 本科毕设 4 | -------------------------------------------------------------------------------- /wordlists/user.txt: -------------------------------------------------------------------------------- 1 | admin 2 | administrator 3 | Admin 4 | Administrator 5 | test 6 | Guest 7 | guest 8 | qwer 9 | tomcat 10 | apache 11 | Tomcat 12 | TOMCAT 13 | tomcat123 14 | Tomcat123 15 | admin123 16 | Admin123 17 | test1 18 | test2 19 | test3 20 | test123 21 | admin1 22 | admin2 23 | admin3 24 | Admin1 25 | Admin2 26 | msfadmin 27 | conadmin 28 | root 29 | toor 30 | panda 31 | tigger 32 | -------------------------------------------------------------------------------- /setup: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo pip3 install requests 3 | sudo pip3 install BeautifulSoup 4 | sudo pip3 install selenium 5 | sudo pip3 install scapy 6 | sudo wget https://github.com/mozilla/geckodriver/releases/download/v0.23.0/geckodriver-v0.23.0-linux64.tar.gz 7 | tar -xvzf geckodriver-v0.23.0-linux64.tar.gz 8 | sudo chmod +x geckodriver 9 | sudo mv geckodriver /usr/local/bin/ 10 | sudo rm geckodriver-v0.23.0-linux64.tar.gz 11 | -------------------------------------------------------------------------------- /wordlists/passwd.txt: -------------------------------------------------------------------------------- 1 | admin 2 | passwd 3 | password 4 | admin123 5 | admin1234 6 | admin12345 7 | admin123456 8 | w519 9 | qwer1234 10 | qwer@1234 11 | asdf1234 12 | asdf@1234 13 | 5201314 14 | iloveyou 15 | honey 16 | tigger 17 | panda 18 | flower 19 | msfadmin 20 | root 21 | root123 22 | root12345 23 | root123456 24 | 123456789 25 | 987654321 26 | 321654 27 | 654987 28 | 987654 29 | 456123 30 | 789456 31 | 789123 32 | 123789 33 | qwer1234 34 | pi==3.14 35 | qweqaz 36 | qwe123 37 | qwe!@# 38 | akewei2008 39 | akewei2008! 40 | -------------------------------------------------------------------------------- /Core/vulnsum.py: -------------------------------------------------------------------------------- 1 | HIGH=0 2 | MEDIUM=0 3 | LOW=0 4 | def addHigh(): 5 | global HIGH 6 | HIGH+=1 7 | 8 | def addMedium(): 9 | global MEDIUM 10 | MEDIUM+=1 11 | 12 | def addLow(): 13 | global LOW 14 | LOW+=1 15 | 16 | def vulnprint(): 17 | global HIGH 18 | global MEDIUM 19 | global LOW 20 | print("\033[1;32;1mThe Vulnerabilities Sum is:"+str(HIGH+MEDIUM+LOW)+"\033[0m") 21 | print("\033[1;31;1mHigh Vulnerabilities "+str(HIGH)+"\033[0m") 22 | print("\033[1;33;1mMedium Vulnerabilities "+str(MEDIUM)+"\033[0m") 23 | print("\033[1;36;1mLow Vulnerabilities "+str(LOW)+"\033[0m") 24 | -------------------------------------------------------------------------------- /conf/webmapargs.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import os 3 | parser=argparse.ArgumentParser(epilog="Example: webmap -u http://www.example.com") 4 | parser.add_argument("-u","--url",type=str,help="目标url,如:http://example.com") 5 | parser.add_argument("-l","--user",type=str,default=None,help="指定枚举的用户名") 6 | parser.add_argument("-p","--passwd",type=str,default=None,help="指定枚举的密码") 7 | parser.add_argument("-L","--userfile",type=str,default='./wordlists/user.txt',help="用户名字典文件") 8 | parser.add_argument("-P","--passwdfile",type=str,default='./wordlists/passwd.txt',help="密码字典文件") 9 | parser.add_argument("-F",action='store_true',default=False,help="启用全端口扫描") 10 | args=parser.parse_args() 11 | 12 | if not args.url: 13 | parser.print_help() 14 | os._exit(0) 15 | if args.url: 16 | url=args.url 17 | -------------------------------------------------------------------------------- /conf/banner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | import platform 3 | from colorama import Fore, Style,init 4 | if 'Windows' in platform.system(): 5 | init(wrap=True) 6 | else: 7 | init(autoreset=False) 8 | banner=[] 9 | banner.append('__ _____| |__ ') 10 | banner.append(' _ __ ___ __ _ _ __ ') 11 | banner.append("\ \ /\ / / _ \ '_ \\") 12 | banner.append("| '_ ` _ \ / _` | '_ \ ") 13 | banner.append(" \ V V / __/ |_) ") 14 | banner.append("| | | | | | (_| | |_) |") 15 | banner.append(" \_/\_/ \___|_.__/") 16 | banner.append('''|_| |_| |_|\__,_| .__/ 17 | | | 18 | |_| ''') 19 | 20 | for i in range(0,7,2): 21 | print(Fore.RED + banner[i]+Fore.GREEN + banner[i+1]) 22 | print(Style.RESET_ALL) 23 | print('Webmap.py 基于Python3的自动化渗透测试工具') 24 | -------------------------------------------------------------------------------- /report/css/master.css: -------------------------------------------------------------------------------- 1 | /* =Typography 2 | -----------------------------------------------------------------------------*/ 3 | body { 4 | 5 | } 6 | 7 | /* =Links 8 | -----------------------------------------------------------------------------*/ 9 | 10 | 11 | /* =Layout 12 | -----------------------------------------------------------------------------*/ 13 | #page { 14 | max-width: 940px; 15 | padding: 0 10px; 16 | margin: 24px auto; 17 | } 18 | 19 | 20 | /* =Header 21 | -----------------------------------------------------------------------------*/ 22 | 23 | 24 | /* =Nav 25 | -----------------------------------------------------------------------------*/ 26 | 27 | 28 | /* =Misc 29 | -----------------------------------------------------------------------------*/ 30 | 31 | 32 | /* =Footer 33 | -----------------------------------------------------------------------------*/ 34 | -------------------------------------------------------------------------------- /webmap.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | from conf import banner 3 | from conf import webmapargs 4 | from Core import MsgLkg 5 | from Core.scanandverif import * 6 | from Core import report 7 | import datetime 8 | #url="http://www.btoa.cn/m/login.php" 9 | 10 | st=datetime.datetime.now() 11 | print("Starting webmap at "+str(st)+' CST') 12 | report.init() 13 | MsgLkg.info() 14 | MsgLkg.httpHead(webmapargs.url) 15 | MsgLkg.ipLkg(webmapargs.url) 16 | MsgLkg.options(webmapargs.url) 17 | MsgLkg.robots(webmapargs.url) 18 | MsgLkg.mwcs(webmapargs.url) 19 | MsgLkg.httpauth(webmapargs.url) 20 | nikto(webmapargs.url) 21 | py_nmap(webmapargs.url,webmapargs.args.F,webmapargs.args.user,webmapargs.args.passwd,webmapargs.args.userfile,webmapargs.args.passwdfile) 22 | 23 | wapiti(webmapargs.url) 24 | #t="http://math.tust.edu.cn/phpmyadmin/export.php" 25 | 26 | et=datetime.datetime.now() 27 | print("测试用时:",et-st) 28 | vulnsum.vulnprint() 29 | report.ptrst() 30 | report.htmlend() 31 | report.browser() -------------------------------------------------------------------------------- /bin/snf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | from scapy.all import * 3 | import os 4 | def get_postdata(packet): 5 | ''' 6 | 处理HTTP数据包,返回HTTPRequest 7 | :param packet: sniff嗅探到的POST请求包 8 | :return: HTTP Request 9 | ''' 10 | for p in packet: 11 | #print(p.payload.payload.dport) 12 | hex_raw = p.payload.payload.payload 13 | #print(type(hex_raw)) 14 | try: 15 | hex_raw =eval(str(hex_raw)).decode() 16 | f = open('/tmp/snf.txt', 'w') 17 | f.write(hex_raw) 18 | f.close() 19 | #print(hex_raw) 20 | os._exit(0) 21 | except: 22 | pass 23 | 24 | #print(hex_raw.decode()) 25 | ''' 26 | f = open('snf.txt', 'w') 27 | f.write(hex_raw.decode()) 28 | f.close() 29 | #return hex_raw 30 | ''' 31 | 32 | # and dst host 61.135.169.121 33 | 34 | pkt = sniff(lfilter=lambda x:'POST' in str(x),filter="proto TCP and(dst port 80 or dst port 443)",prn=get_postdata) 35 | 36 | 37 | #print(pkt,type(pkt)) 38 | 39 | 40 | import scapy_http.http 41 | #p=sniff(count=1,lfilter= lambda x:x.haslayer(scapy_http.http.HTTPRequest),filter="dst host www.baidu.com") 42 | -------------------------------------------------------------------------------- /README.txt: -------------------------------------------------------------------------------- 1 | ##################################################################### 2 | 3 | 工具名称: 4 | webmap 5 | 6 | ##################################################################### 7 | 8 | 工具简介: 9 | 本工具是基于Python3.7而开发的自动化渗透测试工具,可以对单个网站和服务器主机进行一次简单的渗透测试,并输出测试报告。 10 | 11 | ##################################################################### 12 | 13 | 环境依赖: 14 | 本工具适用于Kali Linux 2019.1操作系统,其他Linux操作系统需要安装有Nmap、Nikto、Dirb、Wapiti、Metasploit工具,同时需要Python3.7运行环境、selenium模块、requests模块、BeautifulSoup模块和scapy模块,以及Firefox驱动程序的支持。 15 | 16 | ##################################################################### 17 | 18 | 部署步骤: 19 | 1、安装Python3.7 第三方模块selenium:pip3 install selenium 20 | 2、下载Firefox浏览器对应的驱动程序,如:https://github.com/mozilla/geckodriver/releases/download/v0.23.0/geckodriver-v0.23.0-linux64.tar.gz,然后解压:tar -zxvf geckodriver-v0.23.0-linux64.tar.gz,接着将解压后的程序移动到“/usr/local/bin/”目录下:mv geckodriver /usr/local/bin/ 21 | 22 | ##################################################################### 23 | 24 | Tool name: 25 | webmap 26 | 27 | ##################################################################### 28 | 29 | Tool Description: 30 | This tool is an automated penetration testing tool based on Python 3.7. It can conduct a simple penetration test for a single website and server host, and output test reports. 31 | 32 | ##################################################################### 33 | 34 | Environmental dependence: 35 | 36 | This tool is suitable for Kali Linux 2019.1 operating system. Other Linux operating systems need Nmap, Nikto, Dirb, Wapiti, Metasploit tools, Python 3.7 operating environment, selenium module and Firefox driver support. 37 | 38 | ##################################################################### 39 | 40 | Deployment steps: 41 | 42 | 1. Install Python 3.7 third-party module selenium:pip3 install selenium 43 | 2. Download the driver for Firefox browser, such as: https://github.com/mozilla/geckodriver/releases/download/v0.23.0/geckodriver-v0.23.0-linux64.tar.gz, then decompress: tar-zxvf geckodriver-v0.23.0-linux64.tar.gz, and move the decompressed program to “/usr/local/bin/”directory:mv geckodriver /usr/local/bin/ 44 | 45 | -------------------------------------------------------------------------------- /Core/report.py: -------------------------------------------------------------------------------- 1 | import webbrowser 2 | from Core import vulnsum 3 | from conf.webmapargs import url 4 | import datetime 5 | f=open('./report/index.html','w') 6 | f.write('\n') 7 | #f.write('
\n') 8 | #标题及样式 9 | f.write('\n\n\nWebmap Penetration Testing Report\n') 10 | f.write('\n\n\n\n\n') 11 | f.write('
\n

Webmap Penetration Testing Report

\n') 12 | f.write('

Target: '+url+'

\n') 13 | f.write('

Report at '+str(datetime.datetime.now())+'CST

\n') 14 | f.write('
') 15 | #第一部分渗透测试使用的工具 16 | def init(): 17 | f.write('

Tools used in this penetration testing

\n') 18 | f.write('\n') 19 | f.write('\n\n\n\n\n\n') 20 | f.write('\n\n\n\n') 21 | f.write('\n\n\n\n') 22 | f.write('\n\n\n\n') 23 | f.write('\n\n\n\n') 24 | f.write('\n\n\n\n') 25 | f.write('\n\n\n\n') 26 | f.write('
ToolsVersion
Nmap7.7
dirb2.22
hydra8.9
Nikto2.1.6
wapiti3.0.1
Metasploit5.0.16
\n
\n') 27 | 28 | #第二部分渗透测试操作系统信息 29 | def ip(exIP,inIP,osystem): 30 | f.write('

Personnel information for penetration testing

\n') 31 | f.write('\n') 32 | f.write('\n\n') 33 | f.write('\n\n') 34 | f.write('\n\n') 35 | f.write('
Extranet IP:'+str(exIP)+'
Intranet IP:'+str(inIP)+'
Operating System:'+str(osystem)+'
\n
\n') 36 | #第三部分Wapiti测试的漏洞信息 37 | def tbody(html): 38 | f.write('

Wapiti Found vulnerablities

\n') 39 | f.write('\n') 40 | f.write('\n\n\n\n\n\n') 41 | f.write(str(html)+'\n') 42 | f.write('
CategoryNumber of vulnerabilities found
\n
\n') 43 | 44 | def wdiv(html): 45 | f.write(str(html)+'\n') 46 | 47 | #第四部分写入Nmap扫描结果 48 | def wnmap(part,c1,c2,c3,data): 49 | f.write('

' + str(part) + '

\n') 50 | f.write('\n') 51 | f.write('\n\n\n\n\n\n\n') 52 | 53 | for i in data: 54 | i = i.split(' ') 55 | while '' in i: 56 | i.remove('') 57 | f.write('\n\n\n\n') 58 | f.write('
'+str(c1)+''+str(c2)+''+str(c3)+'
'+i[0]+''+i[1]+''+i[2]+'
\n
\n') 59 | 60 | #第五部分漏洞分类及数量写入 61 | def wvuln(): 62 | f.write('

Vulnerablities Sum

\n') 63 | f.write('\n') 64 | f.write('\n\n') 65 | f.write('\n\n') 66 | f.write('\n\n') 67 | f.write('
High Vulnerabilites Sum:' + str(vulnsum.HIGH) + '
Medium Vulnerabilites Sum:' + str(vulnsum.MEDIUM) + '
Low Vulnerabilites Sum:' + str(vulnsum.LOW) + '
\n
\n') 68 | 69 | #第六部分通用漏洞写入 70 | def whtml(part,html): 71 | f.write('

'+str(part)+'

\n') 72 | if type(html)==str: 73 | f.write('

'+str(html)+'

\n') 74 | if type(html)==list: 75 | for i in html: 76 | f.write('

'+str(i)+'

\n') 77 | 78 | #第七部分测试评级写入 79 | def ptrst(): 80 | f.write('

Penetration Testing Result

\n') 81 | if vulnsum.HIGH>0: 82 | f.write('
Comprehensive evaluation of the system as a remote unsafe system
\n') 83 | elif vulnsum.MEDIUM>2: 84 | f.write('
Comprehensive evaluation of the system as a remote general security system
\n') 85 | else: 86 | f.write('
Comprehensive evaluation of the system as a remote security system
\n') 87 | 88 | def htmlend(): 89 | f.write('\n') 90 | f.close() 91 | def browser(): 92 | webbrowser.open("./report/index.html") 93 | -------------------------------------------------------------------------------- /Core/MsgLkg.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import platform 4 | from bs4 import BeautifulSoup 5 | from selenium import webdriver 6 | import os 7 | from Core import vulnsum 8 | #用来进行HTTP auth认证 9 | from requests.auth import HTTPBasicAuth 10 | from selenium.webdriver.common.keys import Keys 11 | from Core import report 12 | head = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0"} 13 | def info(): 14 | """ 15 | 前期交互 16 | :return: 17 | """ 18 | try: 19 | r = requests.get('https://ip.cn') 20 | r.encoding = r.apparent_encoding 21 | rst = re.findall(r'Your IP:\s*\d+\.\d+\.\d+\.\d+', r.text) 22 | # print(r.text) 23 | if rst != []: 24 | rst = re.findall(r'\d+\.\d+\.\d+\.\d+', rst[0]) 25 | print("\033[1;32;1m外网IP:" + rst[0] + "\033[0m") 26 | except: 27 | print("\033[1,31;1m[!]获取外网IP失败,请检查网络连接") 28 | print("\033[1;32;1m操作系统:" + platform.platform() + "\033[0m") 29 | inip=os.popen( 30 | 'ip addr | grep -v inet6 | grep -v vmnet1$ | grep -v vmnet8$ | grep -v lo$ | grep inet | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*/" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*"').read() 31 | print("\033[1;32;1m内网IP:" + inip.strip() + "\033[0m") 32 | try: 33 | report.ip(rst[0],inip,platform.platform()) 34 | except: 35 | pass 36 | 37 | def httpHead(target): 38 | ''' 39 | HTTP 头信息泄漏 40 | :param target:目标url 41 | :return: 服务器banner信息 42 | ''' 43 | try: 44 | r = requests.get(target, headers=head) 45 | print("\033[1;32;1m[+]发现HTTP头泄露了服务器信息:", r.headers['Server']+'\033[0m') 46 | vulnsum.addLow() 47 | report.whtml('HTTP Header Information Leakage',r.headers['Server']) 48 | except: 49 | pass 50 | 51 | def ipLkg(target): 52 | ''' 53 | IP地址泄漏 54 | :param target:target url 55 | :return: IP information 56 | ''' 57 | ip=[] 58 | try: 59 | r = requests.get(target, headers=head) 60 | #url = re.findall(r'http://[a-zA-Z0-9./]*|https://[a-zA-Z0-9./]*', r.text) 61 | fip = re.findall( 62 | r'(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)', 63 | r.text) 64 | if fip !=[]: 65 | vulnsum.addLow() 66 | for i in range(len(fip)): 67 | print("\033[1;32;1m[+]发现源码中泄露了IP地址:", ".".join(fip[i])+'\033[0m') 68 | ip.append(".".join(fip[i])) 69 | report.whtml('Source Leakage IP Address',ip) 70 | except: 71 | pass 72 | 73 | def robots(target): 74 | ''' 75 | robots文件泄漏敏感信息 76 | :param target: target url 77 | :return: 0 78 | ''' 79 | try: 80 | r = requests.get(target + "/robots.txt", headers=head) 81 | if 'admin'in r.text: 82 | print("\033[1;32;1m[+]发现目标robots.txt泄露了admin目录!\033[0m") 83 | vulnsum.addLow() 84 | report.whtml('Robots.txt File Information Leakage',re.findall(r'admin',r.text)) 85 | if 'management' in r.text: 86 | print("\033[1;32;1m[+]发现目标robots.txt泄露了manage目录!\033[0m") 87 | vulnsum.addLow() 88 | report.whtml('Robots.txt File Information Leakage', re.findall(r'management', r.text)) 89 | if 'manage' in r.text: 90 | print("\033[1;32;1m[+]发现目标robots.txt泄露了manage目录!\033[0m") 91 | vulnsum.addLow() 92 | report.whtml('Robots.txt File Information Leakage', re.findall(r'manage', r.text)) 93 | except: 94 | pass 95 | # url=re.findall(r'http://[a-zA-Z0-9./]*|https://[a-zA-Z0-9./]*',r.text) 96 | # print(url) 97 | def options(target): 98 | ''' 99 | HTTP OPTIONS Method Detect 100 | :param target: target url 101 | :return:0 102 | ''' 103 | try: 104 | r = requests.options(target, headers=head) 105 | print("\033[1;32;1m[+]发现服务器启用了OPTIONS方法:", r.headers['Allow']+'\033[0m') 106 | vulnsum.addLow() 107 | report.whtml('HTTP OPTIONS method is active',r.headers['Allow']) 108 | except: 109 | pass 110 | def mwcs(target): 111 | ''' 112 | 明文传输检测 113 | :param target: 114 | :return: 115 | ''' 116 | profile = webdriver.FirefoxProfile() 117 | profile.accept_untrusted_certs = True 118 | opt = webdriver.FirefoxOptions() 119 | opt.add_argument('--headless') 120 | browser = webdriver.Firefox(firefox_profile=profile, options=opt) 121 | 122 | try: 123 | 124 | 125 | browser.get(target) 126 | sour = browser.page_source 127 | # print(sour) 128 | soup = BeautifulSoup(sour, "html.parser") 129 | pwd = soup('input', type="password") 130 | if pwd==[]: 131 | return 0 132 | da = os.popen("./bin/snf.py") 133 | ipt = soup('input') 134 | for i in range(len(ipt)): 135 | if "用户名" in str(ipt[i]) or "User" in str(ipt[i]) or "user" in str(ipt[i]) or "loginID" in str(ipt[i]): 136 | if pwd[0] != ipt[i]: 137 | pwd.append(ipt[i]) 138 | for i in range(len(pwd)): 139 | #print(pwd[i]) 140 | pwd[i] = re.findall(r'name="[a-zA-Z0-9_=+\-/]+"', str(pwd[i]))[0][6:-1] 141 | except: 142 | print("\033[1;31;1m[!]无法获取登录变量!!!\033[0m") 143 | return 0 144 | 145 | 146 | browser.refresh() 147 | 148 | for i in pwd: 149 | browser.find_element_by_name(i).send_keys("Admin123") 150 | try: 151 | browser.find_element_by_name(pwd[0]).send_keys(Keys.ENTER) 152 | except IndexError: 153 | pass 154 | browser.close() 155 | da.read() 156 | da = open('/tmp/snf.txt','r').read() 157 | try: 158 | if pwd[0]+"="+"Admin123" in da: 159 | print("\033[1;32;1m[+]存在密码明文传输漏洞!\033[0m") 160 | vulnsum.addMedium() 161 | report.whtml('User name and password plaintext transmission',da) 162 | os.system('rm /tmp/snf.txt') 163 | except: 164 | pass 165 | #print(da) 166 | 167 | def httpauth(target,userfile='./wordlists/user.txt',passwdfile='./wordlists/passwd.txt'): 168 | ''' 169 | HTTP 认证缺陷检测 170 | :param target: 171 | :param user: 用户名 172 | :param passwd: 密码 173 | :return: 0 174 | ''' 175 | up=[] 176 | userfile=open(userfile,'r').read().split('\n') 177 | passwdfile=open(passwdfile,'r').read().split('\n') 178 | for i in userfile: 179 | for j in passwdfile: 180 | try: 181 | r = requests.get(target) 182 | if r.status_code == 200: 183 | return 0 184 | r = requests.get(target, auth=HTTPBasicAuth(i, j)) 185 | if r.status_code == 200: 186 | print("\033[1;32;1m[+]目标存在HTTP认证弱密钥漏洞!user:{},password:{}\033[0m".format(i, j)) 187 | vulnsum.addMedium() 188 | up.append('user:'+i+'password:'+j) 189 | except: 190 | pass 191 | if up !=[]: 192 | report.whtml('HTTP Authentication Defects',up) 193 | -------------------------------------------------------------------------------- /Core/scanandverif.py: -------------------------------------------------------------------------------- 1 | import os 2 | from bs4 import BeautifulSoup 3 | import re 4 | import queue 5 | from Core import vulnsum 6 | from Core import report 7 | h_q=queue.Queue() 8 | #一键多值字典d_rt:{'service':[port1,port2]} 9 | d_rt={} 10 | 11 | def urltoip(target): 12 | """ 13 | 域名解析ip 14 | :param target: url 15 | :return: ip 16 | """ 17 | ip = target.split('/')[2] 18 | ip=os.popen('ping -c 1 '+ip).read() 19 | ip = re.findall( 20 | r'(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)\.(25[0-5]|2[0-4]\d|[0-1]\d{2}|[1-9]?\d)', 21 | ip) 22 | #print('\033[1;32;1m[+]目标url:'+str(target)+'对应的IP地址为:'+'.'.join(ip[0])+'\033[0m') 23 | return '.'.join(ip[0]) 24 | 25 | def ms17_010(target): 26 | """ 27 | MS17-010漏洞检测及验证 28 | :param target: IP或IP段 29 | :return: 30 | """ 31 | f=open('/tmp/smb.rc','w') 32 | f.write('use auxiliary/scanner/smb/smb_ms17_010\n') 33 | f.write('set RHOSTS '+target+'\n') 34 | f.write('exploit\n') 35 | f.write('exit\n') 36 | f.close() 37 | rst=os.popen('msfconsole -r /tmp/smb.rc').read() 38 | #print(rst) 39 | if 'Host is likely VULNERABLE' in rst: 40 | print("\033[1;32;1m[+]存在MS-17-010漏洞\033[0m") 41 | vulnsum.addHigh() 42 | report.whtml('MS17-010 Vulnerability','Metasploit EXP:\nexploit/windows/smb/ms17_010_eternalblue\n') 43 | os.system('rm /tmp/smb.rc') 44 | 45 | def brute(d_rt,hserv,ip,user,passwd,usfile,pdfile,t=16): 46 | """ 47 | 48 | :param d_rt: {service:[port1,port2...]} 49 | :param hserv: Hydra services 50 | :param ip: target ip 51 | :param user: user 52 | :param passwd: password 53 | :param t: threading 54 | :param ufile: user file 55 | :param pfile: password file 56 | :return: 57 | """ 58 | global h_q 59 | #global d_rt 60 | 61 | if hserv in list(d_rt.keys()): 62 | #一个服务对应的多个端口都进行弱口令测试 63 | for i in range(len(d_rt.get(hserv))): 64 | if user!=None: 65 | user=' -l '+str(user)+' ' 66 | else: 67 | user=' -L '+str(usfile)+' ' 68 | if passwd!=None: 69 | passwd=' -p '+str(passwd)+' ' 70 | else: 71 | passwd=' -P '+str(pdfile)+' ' 72 | if hserv == 'vnc' or hserv == 'redis' or hserv == 'cisco' or hserv == 'adam6500' or hserv == 's7-300' or hserv == 'snmp': 73 | h_q.put(os.popen('hydra -t '+str(t)+passwd+hserv+'://'+ip+':'+d_rt.get(hserv)[i])) 74 | else: 75 | h_q.put( 76 | os.popen('hydra -t ' + str(t) + user + passwd + hserv + '://' + ip + ':' + 77 | d_rt.get(hserv)[i],buffering=1)) 78 | #print('hydra -t ' + str(t) + user + passwd + hserv + '://' + ip + ':' +d_rt.get(hserv)[i]) 79 | else: 80 | h_q.put('\x00') 81 | 82 | def py_nmap(target, flag,user,passwd,ufile,pfile): 83 | global h_q 84 | global d_rt 85 | """ 86 | 87 | :param target: target url 88 | :param flag: Full ports scan 89 | :return: 90 | """ 91 | #target url -> target ip 92 | target=urltoip(target) 93 | 94 | if flag: 95 | get_nmap=os.popen("nmap -T4 -A -sV -p0-65535 " + target).read() 96 | if 'Host seems down' in get_nmap: 97 | get_nmap = os.popen('nmap -T4 -A -sV -Pn -p0-65535 ' + target).read() 98 | else: 99 | get_nmap=os.popen("nmap " + target).read() 100 | if 'Host seems down' in get_nmap: 101 | get_nmap = os.popen('nmap -T4 -A -sV -Pn ' + target).read() 102 | #原始数据rt 103 | rt = re.findall(r'\d+/tcp[ ]*open[ ]*[a-zA-Z0-9_/?\-]*', get_nmap) 104 | if rt==[]: 105 | print("\033[1;31;1m[!]目标未开放任何端口或网络不可达\033[0m") 106 | return 0 107 | #result list type 108 | #print(rt) 109 | if rt != []: 110 | report.wnmap('Nmap Scan Result','Port/Protocal','State','Service',rt) 111 | for i in range(len(rt)): 112 | print('\033[1;32;1m[+]'+ rt[i] + '\033[0m') 113 | rt[i] = rt[i].replace(' ', '') 114 | rt[i] = rt[i].replace('/tcp', '') 115 | rt[i] = rt[i].replace('open', ' ') 116 | rt[i] = rt[i].replace('netbios-ssn', 'samba') 117 | rt[i] = rt[i].replace('microsoft-ds', 'smb') 118 | rt[i] = rt[i].replace('exec', 'rexec') 119 | rt[i] = rt[i].replace('login', 'rlogin') 120 | rt[i] = rt[i].replace('shell', 'rlogin') 121 | rt[i] = rt[i].replace('nfs', 'pcnfs') 122 | rt[i] = rt[i].replace('ccproxy-ftp', 'ftp') 123 | rt[i] = rt[i].replace('postgresql', 'postgres') 124 | rt[i] = rt[i].replace('vnc-1', 'vnc') 125 | rt[i] = rt[i].replace('vnc-2', 'vnc') 126 | rt[i] = rt[i].replace('vnc-3', 'vnc') 127 | rt[i] = rt[i].replace('ms-wbt-server','rdp') 128 | rt[i] = rt[i].split(' ') 129 | rt[i] = {rt[i][1]: rt[i][0]} 130 | #字典类型:{'services':'port'}: 131 | #print(rt) 132 | #将services和port加入d_rt 133 | for i in range(len(rt)): 134 | for j in rt[i]: 135 | d_rt.setdefault(j, []).append(rt[i][j]) 136 | 137 | for i in list(d_rt.keys()): 138 | if i=='irc' or i=='unknown' or i=='X11' or i=='samba' or i=='ajp13' or i=='msrpc' or i=='IIS' or i=='iad1' or i=='ms-lsa' or i=='NFS-or-IIS' or i=='LSA-or-nterm' or i=='http': 139 | continue 140 | brute(d_rt,i, target,user,passwd, usfile=ufile, pdfile=pfile) 141 | 142 | while h_q.qsize(): 143 | # print(h_q.empty()) 144 | #if h_q.empty(): 145 | # break 146 | # 注意.get() 147 | h = h_q.get() 148 | # print(h) 149 | if h != '\x00': 150 | # print(h_q.get()) 151 | h = h.read() 152 | #print(h) 153 | rst = re.findall( 154 | r'\[\d+\]\[[a-zA-Z0-9]+\]\s*host:\s*\d+\.\d+\.\d+\.\d+\s*login:\s*[a-zA-Z0-9\-_]+\s*password:\s*[a-zA-Z0-9\-_!@#$%]+', 155 | h) 156 | # 输出存在的弱口令 157 | for i in rst: 158 | print('\033[1;32;1m'+'[+]' + i+'\033[0m') 159 | vulnsum.addHigh() 160 | if rst !=[]: 161 | report.whtml('Port weak password',rst) 162 | if '445' in list(d_rt.values()): 163 | ms17_010(target) 164 | 165 | def nikto(target): 166 | """ 167 | 发现Web服务器的配置错误,插件和网页漏洞,配置检查,版本扫描,目录遍历 168 | :param target: 目标url 169 | :return: 170 | """ 171 | rst=os.popen("nikto -h "+target).read() 172 | if 'The X-XSS-Protection header is not defined' in rst: 173 | print("\033[1;32;1m[+]HTTP Header中未使用XSS保护\033[0m") 174 | vulnsum.addLow() 175 | report.whtml('X-XSS-Protection','The X-XSS-Protection header is not defined') 176 | 177 | if 'The X-Content-Type-Options header is not set' in rst: 178 | print("\033[1;32;1m[+]未设置x-content-type-options头\033[0m") 179 | vulnsum.addLow() 180 | report.whtml('X-Content-Type-Options','The X-Content-Type-Options header is not set') 181 | 182 | if 'Apache mod_negotiation is enabled' in rst: 183 | print("\033[1;32;1m[+]Apache mod_negotiation启用\033[0m") 184 | vulnsum.addLow() 185 | report.whtml('Apache mod_negotiation','Apache mod_negotiation is enabled') 186 | 187 | apa=re.findall(r'Apache/[\d.]* appears to be outdated',rst) 188 | if apa!=[]: 189 | print("\033[1;32;1m[+]Apache版本较低",apa[0]+'\033[0m') 190 | vulnsum.addLow() 191 | report.whtml('Apache version is lower',apa[0]) 192 | 193 | php=re.findall(r'PHP/[\d.a-zA-Z\-_]* appears to be outdated',rst) 194 | if php!=[]: 195 | print("\033[1;32;1m[+]PHP版本较低",php[0]+'\033[0m') 196 | vulnsum.addLow() 197 | report.whtml('PHP version is lower',php[0]) 198 | 199 | if 'X-Frame-Options header' in rst: 200 | print("\033[1;32;1m[+]存在点击劫持漏洞\033[0m") 201 | vulnsum.addLow() 202 | report.whtml('Click hijack','X-Frame-Options header is not defined') 203 | 204 | py=re.findall(r'Python/2[\d.]* appears to be outdated',rst) 205 | if py!=[]: 206 | print("\033[1;32;1m[+]Python版本较低",py[0]+'\033[0m') 207 | vulnsum.addLow() 208 | report.whtml('Python version is lower',py[0]) 209 | 210 | ssl=re.findall(r'mod_ssl/[\d.]* appears to be outdated',rst) 211 | if ssl!=[]: 212 | print("\033[1;32;1m[+]ssl版本较低",ssl[0]+'\033[0m') 213 | vulnsum.addLow() 214 | report.whtml('ssl version is lower',ssl[0]) 215 | 216 | ops=re.findall(r'OpenSSL/[\d.a-zA-Z]* appears to be outdated',rst) 217 | if ops!=[]: 218 | print("\033[1;32;1m[+]OpenSSL版本较低",ops[0]+'\033[0m') 219 | vulnsum.addLow() 220 | report.whtml('OpenSSL version is lower',ops[0]) 221 | 222 | phu=re.findall(r'Phusion_Passenger/[\d.]* appears to be outdated',rst) 223 | if phu!=[]: 224 | print("\033[1;32;1m[+]Phusion_Passenger版本较低",phu[0]+'\033[0m') 225 | vulnsum.addLow() 226 | report.whtml('Phusion Passenger version is lower',phu[0]) 227 | 228 | mono=re.findall(r'mod_mono/[\d.]* appears to be outdated',rst) 229 | if mono!=[]: 230 | print("\033[1;32;1m[+]mono版本较低",mono[0]+'\033[0m') 231 | vulnsum.addLow() 232 | report.whtml('mono version is lower',mono[0]) 233 | 234 | hpro=re.findall(r'proxy_html/[\d.]* appears to be outdated',rst) 235 | if hpro!=[]: 236 | print("\033[1;32;1m[+]HTTP Proxy版本较低",hpro[0]+'\033[0m') 237 | vulnsum.addLow() 238 | report.whtml('HTTP Proxy version is lower',hpro[0]) 239 | 240 | per=re.findall(r'mod_perl/[\d.]* appears to be outdated',rst) 241 | if per!=[]: 242 | print("\033[1;32;1m[+]Perl版本较低",per[0]+'\033[0m') 243 | vulnsum.addLow() 244 | report.whtml('Perl version is lower',per[0]) 245 | 246 | if 'HTTP TRACE method is active' in rst: 247 | print("\033[1;32;1m[+]启用了TRACE方法\033[0m") 248 | vulnsum.addMedium() 249 | report.whtml('HTTP TRACE method is active',re.findall(r'TRACE',rst)) 250 | 251 | if 'phpMyAdmin directory found' in rst: 252 | print("\033[1;32;1m[+]发现phpmyadmin目录\033[0m") 253 | vulnsum.addLow() 254 | report.whtml('phpMyAdmin directory found','curl '+target+'/phpmyadmin') 255 | 256 | if 'phpmyadmin/Documentation.html' in rst: 257 | print("\033[1;32;1m[+]存在可访问的/phpmyadmin/Documentation.html页面\033[0m") 258 | vulnsum.addMedium() 259 | report.whtml('There are accessible /phpMyAdmin/Documentation.html pages','curl '+target+'/phpmyadmin/Documentation.html') 260 | 261 | if 'Apache default file found' in rst: 262 | print("\033[1;32;1m[+]发现Apache默认文件/icons/README\033[0m") 263 | vulnsum.addLow() 264 | report.whtml('Apache default file found','/icons/README') 265 | 266 | if '/Admin/: Directory indexing found' in rst: 267 | print("\033[1;32;1m[+]发现Admin路径/Admin/\033[0m") 268 | vulnsum.addLow() 269 | report.whtml('Admin Directory indexing found','/Admin/') 270 | 271 | if '/admin/: Directory indexing found' in rst: 272 | print("\033[1;32;1m[+]发现admin路径/admin/\033[0m") 273 | vulnsum.addMedium() 274 | report.whtml('admin Directory indexing found','/admin/') 275 | 276 | def dirb(target): 277 | """ 278 | 递归枚举网站路径 279 | :param target: 网站目标url 280 | :return: 可访问的所有目录列表 281 | """ 282 | rst=os.popen('dirb '+target).read() 283 | rst=re.findall(r'DIRECTORY:\s*http://[a-zA-Z0-9_\-\.\?#/]+',rst) 284 | for i in range(len(rst)): 285 | rst[i]=rst[i].replace('DIRECTORY: ','') 286 | return rst 287 | 288 | def wapiti(target): 289 | """ 290 | 检测并验证XSS,SQL注入,SSRF,EXEC等高危漏洞 291 | :param target:目标 url 292 | :return: 293 | """ 294 | uri = target.split('/')[2] 295 | rst=os.popen("wapiti -u "+target+'/').read() 296 | rst=re.findall(r'/[a-zA-Z0-9_\-]*/.wapiti/generated_report/'+uri+r'[a-zA-Z\d._]*.html',rst) 297 | #print("wapiti report:",rst) 298 | try: 299 | f = open(rst[0], 'r').read() 300 | soup = BeautifulSoup(f, 'html.parser') 301 | tr = soup('td', 'small .text-centered') 302 | if int(tr[0].string)>0: 303 | print('\033[1;32;1m[+]SQL Injection', tr[0].string+'\033[0m') 304 | vulnsum.addHigh() 305 | if int(tr[1].string)>0: 306 | print('\033[1;32;1m[+]Blind SQL Injection', tr[1].string+'\033[0m') 307 | vulnsum.addHigh() 308 | if int(tr[2].string)>0: 309 | print('\033[1;32;1m[+]File Handling', tr[2].string+'\033[0m') 310 | vulnsum.addHigh() 311 | if int(tr[3].string)>0: 312 | print('\033[1;32;1m[+]Cross Site Scripting', tr[3].string+'\033[0m') 313 | vulnsum.addHigh() 314 | if int(tr[4].string)>0: 315 | print('\033[1;32;1m[+]CRLF Injection', tr[4].string+'\033[0m') 316 | vulnsum.addHigh() 317 | if int(tr[5].string)>0: 318 | print('\033[1;32;1m[+]Commands execution', tr[5].string+'\033[0m') 319 | vulnsum.addHigh() 320 | if int(tr[6].string)>0: 321 | print('\033[1;32;1m[+]Htaccess Bypass', tr[6].string+'\033[0m') 322 | vulnsum.addHigh() 323 | if int(tr[7].string)>0: 324 | print('\033[1;32;1m[+]Backup file', tr[7].string+'\033[0m') 325 | vulnsum.addHigh() 326 | if int(tr[8].string)>0: 327 | print('\033[1;32;1m[+]Potentially dangerous file', tr[8].string+'\033[0m') 328 | vulnsum.addHigh() 329 | if int(tr[9].string)>0: 330 | print('\033[1;32;1m[+]Server Side Request Forgery', tr[9].string+'\033[0m') 331 | vulnsum.addHigh() 332 | if int(tr[10].string)>0: 333 | print('\033[1;32;1m[+]Internal Server Error', tr[10].string+'\033[0m') 334 | vulnsum.addHigh() 335 | if int(tr[11].string)>0: 336 | print('\033[1;32;1m[+]Resource consumption', tr[11].string+'\033[0m') 337 | vulnsum.addHigh() 338 | #print(type(tr[11].string)) 339 | page = soup('tbody') 340 | if page != []: 341 | report.tbody(page[0]) 342 | detail = soup('div', id='details') 343 | if soup != []: 344 | report.wdiv(detail[0]) 345 | except FileNotFoundError: 346 | pass 347 | if rst!=[]: 348 | os.system('rm '+rst[0]) 349 | report.wvuln() 350 | 351 | 352 | #nikto('http://172.16.77.137/') 353 | #wapiti('http://172.16.77.137/') 354 | 355 | #print(dirb('http://172.16.77.137')) 356 | ''' 357 | 358 | def brute(service,host,port,user='/usr/share/wordlists/metasploit/default_users_for_services_unhash.txt',passwd='/usr/share/wordlists/metasploit/default_pass_for_services_unhash.txt'): 359 | try: 360 | result=os.popen('hydra -t 4 -L '+user+' -P '+passwd+' '+service+'://'+host+':'+port) 361 | except: 362 | result='' 363 | return result 364 | 365 | def check(result): 366 | """ 367 | 检测是否暴力破解成功 368 | :param result: 369 | :return: 370 | """ 371 | return re.findall(r'login: [a-zA-Z0-9\-_]+[ ]*password: [a-zA-Z0-9_\-+.=!@#$%^&]+',result) 372 | 373 | if sys.platform=='Linux' and rt!=[]: 374 | keys = [] 375 | #values=[] 376 | for i in rt: 377 | for k in i: 378 | keys.append(k) 379 | #values.append(i[k]) 380 | if 'ftp' in keys: 381 | # print(i['ftp']) 382 | ftp = brute('ftp', ip, i['ftp']).read() 383 | else: 384 | ftp = '' 385 | 386 | if 'ssh' in keys: 387 | ssh = brute('ssh', ip, i['ssh'], user='/usr/share/wordlists/metasploit/unix_users.txt', 388 | passwd='/usr/share/wordlists/metasploit/unix_passwords.txt') 389 | else: 390 | ssh = '' 391 | 392 | if 'telnet' in keys: 393 | telnet = brute('telnet', ip, i['telnet']) 394 | else: 395 | telnet = '' 396 | 397 | if 'smtp' in keys: 398 | smtp = brute('smtp', ip, i['smtp']) 399 | else: 400 | smtp = '' 401 | 402 | if 'smtps' in keys: 403 | smtps = brute('smtps', ip, i['smtps']) 404 | else: 405 | smtps = '' 406 | 407 | if 'pop3' in keys: 408 | pop3 = brute('pop3', ip, i['pop3']) 409 | else: 410 | pop3 = '' 411 | 412 | if 'pop3s' in keys: 413 | pop3s = brute('pop3s', ip, i['pop3s']) 414 | else: 415 | pop3s = '' 416 | 417 | if 'netbios-ssn' in keys: 418 | samba = brute('samba', ip, i['netbios-ssn']) 419 | else: 420 | samba = '' 421 | 422 | if 'imap' in keys: 423 | imap = brute('imap', ip, i['imap']) 424 | else: 425 | imap = '' 426 | 427 | if 'snmp' in keys: 428 | snmp = brute('snmp', ip, i['snmp']) 429 | else: 430 | snmp = '' 431 | 432 | if 'ldap' in keys: 433 | ldap = brute('ldap', ip, i['ldap']) 434 | else: 435 | ldap = '' 436 | 437 | if 'microsoft-ds' in keys: 438 | smb = brute('smb', ip, i['microsoft-ds']) 439 | ms17_010(ip) 440 | else: 441 | smb = '' 442 | 443 | if 'exec' in keys: 444 | exec = brute('rlogin', ip, i['exec']) 445 | else: 446 | exec = '' 447 | 448 | if 'login' in keys: 449 | login = brute('rlogin', ip, i['login']) 450 | else: 451 | login = '' 452 | 453 | if 'shell' in keys: 454 | shell = brute('rlogin', ip, i['shell']) 455 | else: 456 | shell = '' 457 | 458 | if 'rsync' in keys: 459 | rsync = brute('rsync', ip, i['rsync']) 460 | else: 461 | rsync = '' 462 | 463 | if 'mssql' in keys: 464 | mssql = brute('mssql', ip, i['mssql']) 465 | else: 466 | mssql = '' 467 | 468 | if 'oracle' in keys: 469 | oracle = brute('oracle', ip, i['oracle']) 470 | else: 471 | oracle = '' 472 | 473 | if 'mysql' in keys: 474 | mysql = brute('mysql', ip, i['mysql']) 475 | else: 476 | mysql = '' 477 | 478 | if 'ms-wbt-server' in keys: 479 | rdp = brute('rdp', ip, i['ms-wbt-server']) 480 | else: 481 | rdp = '' 482 | 483 | if 'postgresql' in keys: 484 | postgresql = brute('postgres', ip, i['postgresql'], 485 | user='/usr/share/wordlists/metasploit/postgres_default_user.txt', 486 | passwd='/usr/share/wordlists/metasploit/postgres_default_pass.txt') 487 | else: 488 | postgresql = '' 489 | 490 | if 'vnc' in keys: 491 | vnc = brute('vnc', ip, i['vnc'], passwd='/usr/share/wordlists/metasploit/vnc_passwords.txt') 492 | else: 493 | vnc = '' 494 | 495 | if 'vnc-1' in keys: 496 | vnc_1 = brute('vnc', ip, i['vnc-1'], passwd='/usr/share/wordlists/metasploit/vnc_passwords.txt') 497 | else: 498 | vnc_1 = '' 499 | 500 | if 'vnc-2' in keys: 501 | vnc_2 = brute('vnc', ip, i['vnc-2'], passwd='/usr/share/wordlists/metasploit/vnc_passwords.txt') 502 | else: 503 | vnc_2 = '' 504 | 505 | if 'vnc-3' in keys: 506 | vnc_3 = brute('vnc', ip, i['vnc-3'], passwd='/usr/share/wordlists/metasploit/vnc_passwords.txt') 507 | else: 508 | vnc_3 = '' 509 | 510 | if 'redis' in keys: 511 | redis = brute('redis', ip, i['redis']) 512 | else: 513 | redis = '' 514 | 515 | if 'mongod' in keys: 516 | mongod = brute('mongod', ip, i['mongod']) 517 | else: 518 | mongod = '' 519 | 520 | if ftp!='' and check(ftp)!=[]: 521 | print("ftp服务存在弱口令:",check(ftp.read())) 522 | if ssh!='' and check(ssh.read()): 523 | print("ssh服务存在弱口令:",check(ssh.read())) 524 | if telnet!='' and check(telnet.read()): 525 | print("telnet服务存在弱口令:",check(telnet.read())) 526 | if smtp!='' and check(smtp.read()): 527 | print("smpt服务存在弱口令:",check(smtp.read())) 528 | if smtps!='' and check(smtps.read()): 529 | print("smpts服务存在弱口令:",check(smtps.read())) 530 | if pop3!='' and check(pop3.read()): 531 | print("pop3服务存在弱口令:",check(pop3.read())) 532 | if pop3s!='' and check(pop3s.read()): 533 | print("pop3s服务存在弱口令:",check(pop3s.read())) 534 | if samba!='' and check(samba.read()): 535 | print("samba服务存在弱口令:",check(samba.read())) 536 | if imap!='' and check(imap.read()): 537 | print("imap服务存在弱口令:",check(imap.read())) 538 | if snmp!='' and check(snmp.read()): 539 | print("snmp服务存在弱口令:",check(snmp.read())) 540 | if ldap!='' and check(ldap.read()): 541 | print("ldap服务存在弱口令:",check(ldap.read())) 542 | if smb!='' and check(smb.read()): 543 | print("smb服务存在弱口令:",check(smb.read())) 544 | if exec!='' and check(exec.read()): 545 | print("exec服务存在弱口令:",check(exec.read())) 546 | if login!='' and check(login.read()): 547 | print("login服务存在弱口令:", check(login.read())) 548 | if shell!='' and check(shell.read()): 549 | print("shell服务存在弱口令:",check(shell.read())) 550 | if rsync!='' and check(rsync.read()): 551 | print("rsync服务存在弱口令:",check(rsync.read())) 552 | if mssql!='' and check(mssql.read()): 553 | print("mssql服务存在弱口令:",check(mssql.read())) 554 | if oracle!='' and check(oracle.read()): 555 | print("oracle服务存在弱口令:",check(oracle.read())) 556 | if mysql!='' and check(mysql.read()): 557 | print("mysql服务存在弱口令:", check(mysql.read())) 558 | if rdp!='' and check(rdp.read()): 559 | print("rdp服务存在弱口令:",check(rdp.read())) 560 | if postgresql!='' and check(postgresql.read()): 561 | print("postgresql服务存在弱口令:",check(postgresql.read())) 562 | if vnc!='' and check(vnc.read()): 563 | print("vnc服务存在弱口令:", check(vnc.read())) 564 | if vnc_1!='' and check(vnc_1.read()): 565 | print("vnc服务存在弱口令:", check(vnc_1.read())) 566 | if vnc_2!='' and check(vnc_2.read()): 567 | print("vnc服务存在弱口令:", check(vnc_2.read())) 568 | if vnc_3!='' and check(vnc_3.read()): 569 | print("vnc服务存在弱口令:", check(vnc_3.read())) 570 | if redis!='' and check(redis.read()): 571 | print("redis服务存在弱口令:", check(redis.read())) 572 | if mongod!='' and check(mongod.read()): 573 | print("mongod服务存在弱口令:", check(mongod.read())) 574 | 575 | ''' -------------------------------------------------------------------------------- /report/css/kube.min.css: -------------------------------------------------------------------------------- 1 | .button,body,button,h1,h1.title,h2,h3,h4,h5,h6{font-family:Arial,"Helvetica Neue",Helvetica,sans-serif}hr,iframe{border:none}cite,figcaption,var{opacity:.6}figure pre,kbd{border:1px solid rgba(0,0,0,.1)}.dropdown ul,nav ol,nav ul,ul.unstyled,ul.unstyled ul{list-style:none}audio,img,table,video{max-width:100%}input,select,td.align-middle,textarea,tr.align-middle td{vertical-align:middle}html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}*{margin:0;padding:0;outline:0;-webkit-overflow-scrolling:touch}img,video{height:auto}svg{max-height:100%}::-moz-focus-inner{border:0;padding:0}input[type=radio],input[type=checkbox]{vertical-align:middle;position:relative;bottom:.15rem;font-size:115%;margin-right:3px}input[type=search]{-webkit-appearance:textfield}.button,button,select{-webkit-appearance:none}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}.inverted{color:#fff}.error{color:#f03c69}.success{color:#35beb1}.warning{color:#f7ba45}.focus{color:#1c86f2}.aluminum{color:#f8f8f8}.silver{color:#e0e1e1}.lightgray{color:#d4d4d4}.gray{color:#bdbdbd}.midgray{color:#676b72}.darkgray,body{color:#313439}.bg-black{background-color:#0d0d0e}.bg-inverted{background-color:#fff}.bg-error{background-color:#f03c69}.bg-success{background-color:#35beb1}.bg-warning{background-color:#f7ba45}.bg-focus{background-color:#1c86f2}.bg-aluminum{background-color:#f8f8f8}.bg-silver{background-color:#e0e1e1}.bg-lightgray{background-color:#d4d4d4}.bg-gray{background-color:#bdbdbd}.bg-midgray{background-color:#676b72}.bg-darkgray{background-color:#313439}.bg-highlight{background-color:#edf2ff}body,html{font-size:16px;line-height:24px}body{background-color:transparent}a{color:#3794de}a:hover{color:#f03c69}h1,h1.title,h2,h3,h4,h5,h6{font-weight:700;color:#0d0d0e;text-rendering:optimizeLegibility;margin-bottom:16px}.message,.monospace,code,kbd,pre,samp,var{font-family:Consolas,Monaco,"Courier New",monospace}h1.title{font-size:60px;line-height:64px;margin-bottom:8px}.h1,h1{font-size:48px;line-height:52px}.h2,h2{font-size:36px;line-height:40px}.h3,.h4,h3,h4{line-height:32px}.h3,h3{font-size:24px}.h4,h4{font-size:21px}.h5,h5{font-size:18px;line-height:28px}.h6,h6{font-size:16px;line-height:24px}.h1 a,.h2 a,.h3 a,.h4 a,.h5 a,.h6 a,h1 a,h2 a,h3 a,h4 a,h5 a,h6 a{color:inherit}blockquote+h2,blockquote+h3,blockquote+h4,blockquote+h5,blockquote+h6,dl+h2,dl+h3,dl+h4,dl+h5,dl+h6,figure+h2,figure+h3,figure+h4,figure+h5,figure+h6,form+h2,form+h3,form+h4,form+h5,form+h6,hr+h2,hr+h3,hr+h4,hr+h5,hr+h6,ol+h2,ol+h3,ol+h4,ol+h5,ol+h6,p+h2,p+h3,p+h4,p+h5,p+h6,pre+h2,pre+h3,pre+h4,pre+h5,pre+h6,table+h2,table+h3,table+h4,table+h5,table+h6,ul+h2,ul+h3,ul+h4,ul+h5,ul+h6{margin-top:24px}ol,ol ol,ol ul,ul,ul ol,ul ul{margin:0 0 0 24px}ol ol li{list-style-type:lower-alpha}ol ol ol li{list-style-type:lower-roman}nav ol,nav ul{margin:0}dd,nav ol ol,nav ol ul,nav ul ol,nav ul ul{margin-left:24px}dl dt{font-weight:700}address,blockquote,dl,fieldset,figure,form,hr,ol,p,pre,table,ul{margin-bottom:16px}hr{border-bottom:1px solid rgba(0,0,0,.1);margin-top:-1px}blockquote{padding-left:1rem;border-left:4px solid rgba(0,0,0,.1);font-style:italic;color:rgba(49,52,57,.65)}blockquote p{margin-bottom:.5rem}cite,code,figcaption,kbd,mark,pre,samp,small,time,var{font-size:87.5%}abbr[title],dfn[title]{border-bottom:1px dotted rgba(0,0,0,.5);cursor:help}var{font-style:normal}code,kbd,mark,samp{position:relative;top:-1px;padding:4px 4px 2px;display:inline-block;line-height:1;color:rgba(49,52,57,.85)}code{background:#e0e1e1}mark{background:#f7ba45}samp{color:#fff;background:#1c86f2}sub,sup{font-size:x-small;line-height:0;margin-left:1rem/4;position:relative}.small,.smaller,pre,pre code{line-height:20px}sup{top:0}sub{bottom:1px}pre,pre code{background:#f8f8f8;padding:0;top:0;display:block;color:rgba(49,52,57,.85);overflow:none;white-space:pre-wrap}pre,td,th{padding:1rem}.black,a.muted{color:#0d0d0e}figure figcaption{position:relative;top:-1rem/2}figure pre{background:0 0;border-radius:4px}figure .video-container,figure pre{margin-bottom:8px}.text-left{text-align:left}.label.badge,.text-center{text-align:center}.text-right{text-align:right}ul.unstyled{margin-left:0}.upper{text-transform:uppercase}.lower{text-transform:lowercase}.italic{font-style:italic!important}.strong{font-weight:700!important}.normal{font-weight:400!important}.muted{opacity:.55}a.muted:hover{opacity:1}.smaller{font-size:12px}.small{font-size:14px}.big{font-size:18px;line-height:28px}.large{font-size:20px;line-height:32px}.end{margin-bottom:0!important}.highlight{background-color:#edf2ff}.nowrap,.nowrap td{white-space:nowrap}@media (min-width:768px) and (max-width:1024px){.columns-2,.columns-3,.columns-4{column-gap:24px}.columns-2{column-count:2}.columns-3{column-count:3}.columns-4{column-count:4}}.row{display:flex;flex-direction:row;flex-wrap:wrap}.row.gutters,.row.gutters>.row{margin-left:-2%}@media (max-width:768px){.row{flex-direction:column;flex-wrap:nowrap}.row.gutters,.row.gutters>.row{margin-left:0}}.row.gutters>.col,.row.gutters>.row>.col{margin-left:2%}@media (max-width:768px){.row.gutters>.col,.row.gutters>.row>.col{margin-left:0}}.row.around{justify-content:space-around}.row.between{justify-content:space-between}.row.auto .col{flex-grow:1}.col-1{width:8.33333%}.offset-1{margin-left:8.33333%}.col-2{width:16.66667%}.offset-2{margin-left:16.66667%}.col-3{width:25%}.offset-3{margin-left:25%}.col-4{width:33.33333%}.offset-4{margin-left:33.33333%}.col-5{width:41.66667%}.offset-5{margin-left:41.66667%}.col-6{width:50%}.offset-6{margin-left:50%}.col-7{width:58.33333%}.offset-7{margin-left:58.33333%}.col-8{width:66.66667%}.offset-8{margin-left:66.66667%}.col-9{width:75%}.offset-9{margin-left:75%}.col-10{width:83.33333%}.offset-10{margin-left:83.33333%}.col-11{width:91.66667%}.offset-11{margin-left:91.66667%}.col-12{width:100%}.offset-12{margin-left:100%}.gutters>.col-1{width:calc(8.33333% - 2%)}.gutters>.offset-1{margin-left:calc(8.33333% + 2%)!important}.gutters>.col-2{width:calc(16.66667% - 2%)}.gutters>.offset-2{margin-left:calc(16.66667% + 2%)!important}.gutters>.col-3{width:calc(25% - 2%)}.gutters>.offset-3{margin-left:calc(25% + 2%)!important}.gutters>.col-4{width:calc(33.33333% - 2%)}.gutters>.offset-4{margin-left:calc(33.33333% + 2%)!important}.gutters>.col-5{width:calc(41.66667% - 2%)}.gutters>.offset-5{margin-left:calc(41.66667% + 2%)!important}.gutters>.col-6{width:calc(50% - 2%)}.gutters>.offset-6{margin-left:calc(50% + 2%)!important}.gutters>.col-7{width:calc(58.33333% - 2%)}.gutters>.offset-7{margin-left:calc(58.33333% + 2%)!important}.gutters>.col-8{width:calc(66.66667% - 2%)}.gutters>.offset-8{margin-left:calc(66.66667% + 2%)!important}.gutters>.col-9{width:calc(75% - 2%)}.gutters>.offset-9{margin-left:calc(75% + 2%)!important}.gutters>.col-10{width:calc(83.33333% - 2%)}.gutters>.offset-10{margin-left:calc(83.33333% + 2%)!important}.gutters>.col-11{width:calc(91.66667% - 2%)}.gutters>.offset-11{margin-left:calc(91.66667% + 2%)!important}.gutters>.col-12{width:calc(100% - 2%)}.gutters>.offset-12{margin-left:calc(100% + 2%)!important}.first{order:-1}.last{order:1}@media (max-width:768px){[class*=' offset-'],[class^=offset-]{margin-left:0}.row .col{margin-left:0;width:100%}.row.gutters .col{margin-bottom:16px}.first-sm{order:-1}.last-sm{order:1}}table{border-collapse:collapse;border-spacing:0;width:100%;empty-cells:show;font-size:15px;line-height:24px}table caption{text-align:left;font-size:14px;font-weight:500;color:#676b72}legend,th{font-weight:700}th{text-align:left;vertical-align:bottom}td{vertical-align:top}td,th{border-bottom:1px solid rgba(0,0,0,.05)}td:first-child,th:first-child{padding-left:0}td:last-child,th:last-child{padding-right:0}tfoot td,tfoot th{color:rgba(49,52,57,.5)}table.bordered td,table.bordered th{border:1px solid rgba(0,0,0,.05)}table.striped tr:nth-child(odd) td{background:#f8f8f8}table.bordered td:first-child,table.bordered th:first-child,table.striped td:first-child,table.striped th:first-child{padding-left:1rem}table.bordered td:last-child,table.bordered th:last-child,table.striped td:last-child,table.striped th:last-child{padding-right:1rem}table.unstyled td,table.unstyled th{border:none;padding:0}fieldset{font-family:inherit;border:1px solid rgba(0,0,0,.1);padding:2rem;margin-bottom:2rem;margin-top:2rem}legend{font-size:12px;text-transform:uppercase;padding:0 1rem;margin-left:-1rem;top:2px;position:relative;line-height:0}.button i,.req,button i{position:relative;top:1px}input,select,textarea{display:block;width:100%;font-family:inherit;font-size:15px;height:40px;outline:0;background-color:#fff;border:1px solid #d4d4d4;border-radius:3px;box-shadow:none;padding:0 12px}input.small,select.small,textarea.small{height:36px;font-size:13px;padding:0 12px;border-radius:3px}input.big,select.big,textarea.big{height:48px;font-size:17px;padding:0 12px;border-radius:3px}input:focus,select:focus,textarea:focus{outline:0;background-color:#fff;border-color:#1c86f2;box-shadow:0 0 1px #1c86f2 inset}input.error,select.error,textarea.error{background-color:rgba(240,60,105,.1);border:1px solid #f583a0}input.error:focus,select.error:focus,textarea.error:focus{border-color:#f03c69;box-shadow:0 0 1px #f03c69 inset}input.success,select.success,textarea.success{background-color:rgba(53,190,177,.1);border:1px solid #6ad5cb}input.success:focus,select.success:focus,textarea.success:focus{border-color:#35beb1;box-shadow:0 0 1px #35beb1 inset}input.disabled,input:disabled,select.disabled,select:disabled,textarea.disabled,textarea:disabled{resize:none;opacity:.6;cursor:default;font-style:italic;color:rgba(0,0,0,.5)}select{background-image:url('data:image/svg+xml;utf8,');background-repeat:no-repeat;background-position:right 1rem center}select[multiple]{background-image:none;height:auto;padding:.5rem .75rem}textarea{height:auto;padding:8px 12px;line-height:24px;vertical-align:top}input[type=file]{width:auto;border:none;padding:0;height:auto;background:0 0;box-shadow:none;display:inline-block}input.search,input[type=search]{background-repeat:no-repeat;background-position:8px 53%;background-image:url('data:image/svg+xml;utf8,');padding-left:32px}input[type=radio],input[type=checkbox]{display:inline-block;width:auto;height:auto;padding:0}label{display:block;color:#313439;margin-bottom:4px;font-size:15px}label .desc,label .error,label .success,label.checkbox{text-transform:none;font-weight:400}label.checkbox{font-size:16px;line-height:24px;cursor:pointer;color:inherit}.button,.desc,.message,button{line-height:20px}label.checkbox input{margin-top:0}.form-checkboxes label.checkbox{display:inline-block;margin-right:16px}.req{font-weight:700;color:#f03c69;font-size:110%}.desc{color:rgba(49,52,57,.5);font-size:12px}span.desc{margin-left:4px}div.desc{margin-top:4px;margin-bottom:-8px}.form-buttons .button,.form-buttons button{margin-right:8px}.form-item,form{margin-bottom:2rem}.form .row:last-child .form-item,.form>.form-item:last-child{margin-bottom:0}.form span.error,.form span.success{font-size:12px;line-height:20px;margin-left:4px}.form-inline input,.form-inline select,.form-inline textarea{display:inline-block;width:auto}.append,.prepend{display:flex}.append input,.prepend input{flex:1}.append .button,.append span,.prepend .button,.prepend span{flex-shrink:0}.append span,.prepend span{display:flex;flex-direction:column;justify-content:center;font-weight:400;border:1px solid #d4d4d4;background-color:#f8f8f8;padding:0 .875rem;color:rgba(0,0,0,.5);font-size:12px;white-space:nowrap}.button,.label,button{display:inline-block;font-weight:500;text-decoration:none;vertical-align:middle}.prepend input{border-radius:0 3px 3px 0}.prepend .button{margin-right:-1px;border-radius:3px 0 0 3px!important}.append input,.prepend span{border-radius:3px 0 0 3px}.prepend span{border-right:none}.append .button{margin-left:-1px;border-radius:0 3px 3px 0!important}.append span{border-left:none;border-radius:0 3px 3px 0}.button,button{font-size:15px;color:#fff;background-color:#1c86f2;border-radius:3px;min-height:40px;padding:8px 20px;cursor:pointer;border:1px solid transparent}.button i,button i{margin:0 2px}.fixed,.no-scroll{position:fixed;top:0;left:0}input[type=submit]{width:auto}.button:hover,button:hover{outline:0;text-decoration:none;color:#fff;background-color:#4ca0f5}.button.disabled,.button:disabled{cursor:default;font-style:normal;color:rgba(255,255,255,.7);background-color:rgba(28,134,242,.7)}.breadcrumbs li.active a,.pagination li.active a,.pagination span{cursor:text}.button.small{font-size:13px;min-height:36px;padding:6px 20px;border-radius:3px}.button.big{font-size:17px;min-height:48px;padding:13px 24px;border-radius:3px}.button.large{font-size:19px;min-height:56px;padding:20px 36px;border-radius:3px}.button.outline{background:0 0;border-width:2px;border-color:#1c86f2;color:#1c86f2}.button.outline:hover{background:0 0;color:rgba(28,134,242,.6);border-color:rgba(28,134,242,.5)}.button.outline.disabled,.button.outline:disabled{background:0 0;color:rgba(28,134,242,.7);border-color:rgba(28,134,242,.5)}.button.inverted,.button.inverted:hover{color:#000;background-color:#fff}.button.inverted.disabled,.button.inverted:disabled{color:rgba(0,0,0,.7);background-color:rgba(255,255,255,.7)}.button.inverted.outline{background:0 0;color:#fff;border-color:#fff}.button.inverted.outline:hover{color:rgba(255,255,255,.6);border-color:rgba(255,255,255,.5)}.button.inverted.outline.disabled,.button.inverted.outline:disabled{background:0 0;color:rgba(255,255,255,.7);border-color:rgba(255,255,255,.5)}.button.inverted:hover{opacity:.7}.button.round{border-radius:56px}.button.raised{box-shadow:0 1px 3px rgba(0,0,0,.3)}.button.upper{text-transform:uppercase;letter-spacing:.04em;font-size:13px}.button.upper.small{font-size:11px}.button.upper.big{font-size:13px}.button.upper.large{font-size:15px}.button.secondary{color:#fff;background-color:#313439}.button.secondary:hover{color:#fff;background-color:#606670}.button.secondary.disabled,.button.secondary:disabled{color:rgba(255,255,255,.7);background-color:rgba(49,52,57,.7)}.button.secondary.outline{background:0 0;color:#313439;border-color:#313439}.button.secondary.outline:hover{color:rgba(49,52,57,.6);border-color:rgba(49,52,57,.5)}.button.secondary.outline.disabled,.button.secondary.outline:disabled{background:0 0;color:rgba(49,52,57,.7);border-color:rgba(49,52,57,.5)}.label{font-size:13px;background:#e0e1e1;line-height:18px;padding:0 10px;color:#313439;border:1px solid transparent;border-radius:4px}.label a,.label a:hover{color:inherit;text-decoration:none}.label.big{font-size:14px;line-height:24px;padding:0 12px}.label.tag,.label.upper{text-transform:uppercase;font-size:11px}.label.outline{background:0 0;border-color:#bdbdbd}.label.badge{border-radius:64px;padding:0 6px}.label.badge.big{padding:0 8px}.label.tag{padding:0;background:0 0;border:none}.label.tag.big{font-size:13px}.label.success{background:#35beb1;color:#fff}.label.success.outline,.label.success.tag{background:0 0;border-color:#35beb1;color:#35beb1}.label.error{background:#f03c69;color:#fff}.label.error.outline,.label.error.tag{background:0 0;border-color:#f03c69;color:#f03c69}.label.warning{background:#f7ba45;color:#0d0d0e}.label.warning.outline,.label.warning.tag{background:0 0;border-color:#f7ba45;color:#f7ba45}.label.focus{background:#1c86f2;color:#fff}.label.focus.outline,.label.focus.tag{background:0 0;border-color:#1c86f2;color:#1c86f2}.label.black{background:#0d0d0e;color:#fff}.label.black.outline,.label.black.tag{background:0 0;border-color:#0d0d0e;color:#0d0d0e}.label.inverted{background:#fff;color:#0d0d0e}.label.inverted.outline,.label.inverted.tag{background:0 0;border-color:#fff;color:#fff}.breadcrumbs{font-size:14px;margin-bottom:24px}.breadcrumbs ul{display:flex;align-items:center}.breadcrumbs.push-center ul{justify-content:center}.breadcrumbs a,.breadcrumbs span{font-style:normal;padding:0 10px;display:inline-block;white-space:nowrap}.breadcrumbs li:after{display:inline-block;content:'/';color:rgba(0,0,0,.3)}.breadcrumbs li.active a,.pagination a{text-decoration:none;color:#313439}.breadcrumbs li:last-child:after{display:none}.breadcrumbs li:first-child a,.breadcrumbs li:first-child span{padding-left:0}.pagination{margin:24px 0;font-size:14px}.close,.pagination.upper{font-size:12px}.pagination ul{display:flex;margin:0}.pagination.align-center ul{justify-content:center}.pagination a,.pagination span{border-radius:3px;display:inline-block;padding:8px 12px;line-height:1;white-space:nowrap;border:1px solid transparent}.pagination a:hover,.pagination li.active a,.pagination span{color:rgba(0,0,0,.5);border-color:#e0e1e1}.pager span{line-height:24px}.pager a,.pager span{padding-left:16px;padding-right:16px;border-radius:64px;border-color:rgba(0,0,0,.1)}.pager li{flex-basis:50%}.pager li.next{text-align:right}.pager.align-center li{flex-basis:auto;margin-left:4px;margin-right:4px}.pager.flat a,.pager.flat span{border:none;display:block;padding:0}.pager.flat a{font-weight:700}.pager.flat a:hover{background:0 0;text-decoration:underline}@media (max-width:768px){.pager.flat ul{flex-direction:column}.pager.flat li{flex-basis:100%;margin-bottom:8px;text-align:left}}@font-face{font-family:Kube;src:url(data:application/x-font-ttf;charset=utf-8;base64,AAEAAAALAIAAAwAwT1MvMg8SBfgAAAC8AAAAYGNtYXAXVtKOAAABHAAAAFRnYXNwAAAAEAAAAXAAAAAIZ2x5ZsMn2SAAAAF4AAADeGhlYWQMP9EUAAAE8AAAADZoaGVhB8IDzQAABSgAAAAkaG10eCYABd4AAAVMAAAAMGxvY2EFWASuAAAFfAAAABptYXhwABcAmwAABZgAAAAgbmFtZfMJxocAAAW4AAABYnBvc3QAAwAAAAAHHAAAACAAAwPHAZAABQAAApkCzAAAAI8CmQLMAAAB6wAzAQkAAAAAAAAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAABAAADpBwPA/8AAQAPAAEAAAAABAAAAAAAAAAAAAAAgAAAAAAADAAAAAwAAABwAAQADAAAAHAADAAEAAAAcAAQAOAAAAAoACAACAAIAAQAg6Qf//f//AAAAAAAg6QD//f//AAH/4xcEAAMAAQAAAAAAAAAAAAAAAQAB//8ADwABAAAAAAAAAAAAAgAANzkBAAAAAAEAAAAAAAAAAAACAAA3OQEAAAAAAQAAAAAAAAAAAAIAADc5AQAAAAAKAAAAAAQAA8AADwAUACQANABEAFYAaAB4AIgAmAAAEyIGFREUFjMhMjY1ETQmIwUhESEREzgBMSIGFRQWMzI2NTQmIzM4ATEiBhUUFjMyNjU0JiMzOAExIgYVFBYzMjY1NCYjATIWHQEUBiMiJj0BNDYzOAExITIWHQEUBiMiJj0BNDYzOAExATgBMSIGFRQWMzI2NTQmIzM4ATEiBhUUFjMyNjU0JiMzOAExIgYVFBYzMjY1NCYjwFBwcFACgFBwcFD9IQM+/MKrHioqHh4qKh70HioqHh4qKh70HisrHh0rKh7+MBQdHRQUHBwUAbgUHBwUFB0dFP4wHioqHh4qKh70HioqHh4qKh70HisrHh0rKh4DYHBQ/iBQcHBQAeBQcF/9XwKh/n8qHh4qKh4eKioeHioqHh4qKh4eKioeHioCQBwVjhUcHBWOFRwcFY4VHBwVjhUc/rAqHh4qKh4eKioeHioqHh4qKh4eKioeHioAAAABAQAAwAMAAcAACwAAAQcXBycHJzcnNxc3AwDMAjMDAzMCzDTMzAGVqAIrAgIrAqgrqKgAAQGAAEACgAJAAAsAACUnByc3JzcXNxcHFwJVqAIrAgIrAqgrqKhAzAIzAwMzAsw0zMwAAAEBgABAAoACQAALAAABFzcXBxcHJwcnNycBq6gCKwICKwKoK6ioAkDMAjMDAzMCzDTMzAABAQAAwAMAAcAACwAAJTcnNxc3FwcXBycHAQDMAjMDAzMCzDTMzOuoAisCAisCqCuoqAAAAgAP/+UD1AOqAAQACAAAEwEHATcFAScBSwOJPPx3PAOJ/Hc8A4kDqvx3PAOJPDz8dzwDiQAAAAADAIAAgAOAAwAAAwAHAAsAADc1IRUBIRUhESEVIYADAP0AAwD9AAMA/QCAgIABgIABgIAAAgBPAA8DsgNxABgALQAAJQcBDgEjIi4CNTQ+AjMyHgIVFAYHAQEiDgIVFB4CMzI+AjU0LgIjA7JY/t4lWTBBc1YxMVZzQUFzVTIcGQEi/dgxVkAlJUBWMTFWQCUlQFYxZ1gBIRkcMlVzQUFzVjExVnNBMFkm/uACuyVAVjExVkAlJUBWMTFWQCUAAAABAAAAAQAABhlWm18PPPUACwQAAAAAANSQRjkAAAAA1JBGOQAA/+UEAAPAAAAACAACAAAAAAAAAAEAAAPA/8AAAAQAAAAAAAQAAAEAAAAAAAAAAAAAAAAAAAAMBAAAAAAAAAAAAAAAAgAAAAQAAAAEAAEABAABgAQAAYAEAAEABAAADwQAAIAEAABPAAAAAAAKABQAHgDYAPIBDAEmAUABXAF2AbwAAAABAAAADACZAAoAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAADgCuAAEAAAAAAAEABAAAAAEAAAAAAAIABwBFAAEAAAAAAAMABAAtAAEAAAAAAAQABABaAAEAAAAAAAUACwAMAAEAAAAAAAYABAA5AAEAAAAAAAoAGgBmAAMAAQQJAAEACAAEAAMAAQQJAAIADgBMAAMAAQQJAAMACAAxAAMAAQQJAAQACABeAAMAAQQJAAUAFgAXAAMAAQQJAAYACAA9AAMAAQQJAAoANACAS3ViZQBLAHUAYgBlVmVyc2lvbiAxLjAAVgBlAHIAcwBpAG8AbgAgADEALgAwS3ViZQBLAHUAYgBlS3ViZQBLAHUAYgBlUmVndWxhcgBSAGUAZwB1AGwAYQByS3ViZQBLAHUAYgBlRm9udCBnZW5lcmF0ZWQgYnkgSWNvTW9vbi4ARgBvAG4AdAAgAGcAZQBuAGUAcgBhAHQAZQBkACAAYgB5ACAASQBjAG8ATQBvAG8AbgAuAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==) format("truetype");font-weight:400;font-style:normal}.caret,.close,[class*=" kube-"],[class^=kube-]{font-family:Kube!important;speak:none;font-style:normal;font-weight:400;font-variant:normal;text-transform:none;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.kube-calendar:before{content:"\e900"}.caret.down:before,.kube-caret-down:before{content:"\e901"}.caret.left:before,.kube-caret-left:before{content:"\e902"}.caret.right:before,.kube-caret-right:before{content:"\e903"}.caret.up:before,.kube-caret-up:before{content:"\e904"}.close:before,.kube-close:before{content:"\e905"}.kube-menu:before{content:"\e906"}.kube-search:before{content:"\e907"}.gutters .column.push-left,.push-left{margin-right:auto}.gutters .column.push-right,.push-right{margin-left:auto}.gutters .column.push-center,.push-center{margin-left:auto;margin-right:auto}.gutters .column.push-middle,.push-middle{margin-top:auto;margin-bottom:auto}.push-bottom{margin-top:auto}.align-middle{align-items:center}.align-right{justify-content:flex-end}.align-center{justify-content:center}.float-right{float:right}.float-left{float:left}.fixed{z-index:100;width:100%}.w5{width:5%}.w10{width:10%}.w15{width:15%}.w20{width:20%}.w25{width:25%}.w30{width:30%}.w35{width:35%}.w40{width:40%}.w45{width:45%}.w50{width:50%}.w55{width:55%}.w60{width:60%}.w65{width:65%}.w70{width:70%}.w75{width:75%}.w80{width:80%}.w85{width:85%}.w90{width:90%}.w95{width:95%}.w100{width:100%}.w-auto{width:auto}.w-small{width:480px}.w-medium{width:600px}.w-big{width:740px}.w-large{width:840px}.max-w5{max-width:5%}.max-w10{max-width:10%}.max-w15{max-width:15%}.max-w20{max-width:20%}.max-w25{max-width:25%}.max-w30{max-width:30%}.max-w35{max-width:35%}.max-w40{max-width:40%}.max-w45{max-width:45%}.max-w50{max-width:50%}.max-w55{max-width:55%}.max-w60{max-width:60%}.max-w65{max-width:65%}.max-w70{max-width:70%}.max-w75{max-width:75%}.max-w80{max-width:80%}.max-w85{max-width:85%}.max-w90{max-width:90%}.max-w95{max-width:95%}.max-w100{max-width:100%}.max-w-small{max-width:480px}.max-w-medium{max-width:600px}.max-w-big{max-width:740px}.max-w-large{max-width:840px}.min-w5{min-width:5%}.min-w10{min-width:10%}.min-w15{min-width:15%}.min-w20{min-width:20%}.min-w25{min-width:25%}.min-w30{min-width:30%}.min-w35{min-width:35%}.min-w40{min-width:40%}.min-w45{min-width:45%}.min-w50{min-width:50%}.min-w55{min-width:55%}.min-w60{min-width:60%}.min-w65{min-width:65%}.min-w70{min-width:70%}.min-w75{min-width:75%}.min-w80{min-width:80%}.min-w85{min-width:85%}.min-w90{min-width:90%}.min-w95{min-width:95%}.min-w100{min-width:100%}.h25{height:25%}.h50{height:50%}.h100{height:100%}.group:after{content:'';display:table;clear:both}.flex{display:flex}@media (max-width:768px){.gutters .column.push-left-sm,.push-left-sm{margin-left:0}.gutters .column.push-center-sm,.push-center-sm{margin-left:auto;margin-right:auto}.push-top-sm{margin-top:0}.align-left-sm{justify-content:flex-start}.float-left,.float-right{float:none}.w-auto-sm{width:auto}.w-big,.w-large,.w-medium,.w-small,.w100-sm{width:100%}.max-w-auto-sm,.max-w-big,.max-w-large,.max-w-medium,.max-w-small{max-width:auto}.flex-column-sm{flex-direction:column}.flex-w100-sm{flex:0 0 100%}}@media (max-width:768px) and (max-width:768px){.flex-w100-sm{flex:0 0 100%!important}}.invisible{visibility:hidden}.visible{visibility:visible}.display-block{display:block}.hide{display:none!important}@media (max-width:768px){.hide-sm{display:none!important}}@media (min-width:768px){.show-sm{display:none!important}}@media print{.hide-print{display:none!important}.show-print{display:block!important}}.caret,.close{display:inline-block}.no-scroll{overflow:hidden;width:100%;height:100%!important}.scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}.dropdown,.slideDown,.slideUp{overflow:hidden}.video-container{height:0;padding-bottom:56.25%;position:relative;margin-bottom:16px}.video-container embed,.video-container iframe,.video-container object{position:absolute;top:0;left:0;width:100%!important;height:100%!important}.close{min-height:16px;min-width:16px;line-height:16px;vertical-align:middle;text-align:center;opacity:.6}.close:hover{opacity:1}.close.small{font-size:8px}.close.big{font-size:18px}.close.white{color:#fff}.button .caret{margin-right:-8px}.overlay{position:fixed;z-index:200;top:0;left:0;right:0;bottom:0;background-color:rgba(255,255,255,.95)}.overlay>.close{position:fixed;top:1rem;right:1rem}@media print{blockquote,img,pre,tr{page-break-inside:avoid}*{background:0 0!important;color:#000!important;box-shadow:none!important;text-shadow:none!important}a,a:visited{text-decoration:underline}blockquote,pre{border:1px solid #999}h2,h3,p{orphans:3;widows:3}thead{display:table-header-group}img{max-width:100%!important}h2,h3,h4{page-break-after:avoid}@page{margin:.5cm}}.dropdown,.modal{box-shadow:0 10px 25px rgba(0,0,0,.15)}@keyframes slideUp{to{height:0;padding-top:0;padding-bottom:0}}@keyframes slideDown{from{height:0;padding-top:0;padding-bottom:0}}@keyframes fadeIn{from{opacity:0}to{opacity:1}}@keyframes fadeOut{from{opacity:1}to{opacity:0}}@keyframes flipIn{from{opacity:0;transform:scaleY(0)}to{opacity:1;transform:scaleY(1)}}@keyframes flipOut{from{opacity:1;transform:scaleY(1)}to{opacity:0;transform:scaleY(0)}}@keyframes zoomIn{from{opacity:0;transform:scale3d(.3,.3,.3)}50%{opacity:1}}@keyframes zoomOut{from{opacity:1}50%{opacity:0;transform:scale3d(.3,.3,.3)}to{opacity:0}}@keyframes slideInRight{from{transform:translate3d(100%,0,0);visibility:visible}to{transform:translate3d(0,0,0)}}@keyframes slideInLeft{from{transform:translate3d(-100%,0,0);visibility:visible}to{transform:translate3d(0,0,0)}}@keyframes slideInDown{from{transform:translate3d(0,-100%,0);visibility:visible}to{transform:translate3d(0,0,0)}}@keyframes slideOutLeft{from{transform:translate3d(0,0,0)}to{visibility:hidden;transform:translate3d(-100%,0,0)}}@keyframes slideOutRight{from{transform:translate3d(0,0,0)}to{visibility:hidden;transform:translate3d(100%,0,0)}}@keyframes slideOutUp{from{transform:translate3d(0,0,0)}to{visibility:hidden;transform:translate3d(0,-100%,0)}}@keyframes rotate{from{transform:rotate(0)}to{transform:rotate(360deg)}}@keyframes pulse{from,to{transform:scale3d(1,1,1)}50%{transform:scale3d(1.03,1.03,1.03)}}@keyframes shake{15%{transform:translateX(.5rem)}30%{transform:translateX(-.4rem)}45%{transform:translateX(.3rem)}60%{transform:translateX(-.2rem)}75%{transform:translateX(.1rem)}90%{transform:translateX(0)}}.fadeIn{animation:fadeIn 250ms}.fadeOut{animation:fadeOut 250ms}.zoomIn{animation:zoomIn .2s}.zoomOut{animation:zoomOut .5s}.slideInRight{animation:slideInRight .5s}.slideInLeft{animation:slideInLeft .5s}.slideInDown{animation:slideInDown .5s}.slideOutLeft{animation:slideOutLeft .5s}.slideOutRight{animation:slideOutRight .5s}.slideOutUp{animation:slideOutUp .5s}.slideUp{animation:slideUp .2s ease-in-out}.slideDown{animation:slideDown 80ms ease-in-out}.flipIn{animation:flipIn 250ms cubic-bezier(.5,-.5,.5,1.5)}.flipOut{animation:flipOut .5s cubic-bezier(.5,-.5,.5,1.5)}.rotate{animation:rotate .5s}.pulse{animation:pulse 250ms 2}.shake{animation:shake .5s}.dropdown{position:absolute;z-index:100;top:0;right:0;width:280px;color:#000;font-size:15px;background:#fff;border-radius:3px;max-height:300px;margin:0;padding:0}.dropdown.dropdown-mobile{position:fixed;top:0;left:0;right:0;bottom:0;width:100%;max-height:none;border:none}.dropdown .close{margin:20px auto}.dropdown.open{overflow:auto}.dropdown ul{margin:0}.dropdown ul li{border-bottom:1px solid rgba(0,0,0,.07)}.dropdown ul li:last-child{border-bottom:none}.dropdown ul a{display:block;padding:12px;text-decoration:none;color:#000}.dropdown ul a:hover{background:rgba(0,0,0,.05)}.message{font-size:14px;background:#e0e1e1;color:#313439;padding:1rem 2.5em .75rem 1rem;margin-bottom:24px;position:relative}.message a{color:inherit}.message h2,.message h3,.message h4,.message h5,.message h6{margin-bottom:0}.message .close{position:absolute;right:1rem;top:1.1rem}.message.error{background:#f03c69;color:#fff}.message.success{background:#35beb1;color:#fff}.message.warning{background:#f7ba45}.message.focus{background:#1c86f2;color:#fff}.message.black{background:#0d0d0e;color:#fff}.message.inverted,.modal,.offcanvas{background:#fff}.modal-box{position:fixed;top:0;left:0;bottom:0;right:0;overflow-x:hidden;overflow-y:auto;z-index:200}.modal{position:relative;margin:16px auto auto;padding:0;border-radius:8px;color:#000}@media (max-width:768px){.modal input,.modal textarea{font-size:16px}}.modal .close{position:absolute;top:18px;right:16px;opacity:.3}.modal .close:hover{opacity:1}.modal-header{padding:24px 32px;font-size:18px;font-weight:700;border-bottom:1px solid rgba(0,0,0,.05)}.modal-header:empty{display:none}.modal-body{padding:36px 56px}@media (max-width:768px){.modal-body,.modal-header{padding:24px}}.offcanvas{position:fixed;padding:24px;height:100%;top:0;left:0;z-index:300;overflow-y:scroll}.offcanvas .close{position:absolute;top:8px;right:8px}.offcanvas-push-body,.tabs a,.tabs em{position:relative}.offcanvas-left{border-right:1px solid rgba(0,0,0,.1)}.offcanvas-right{left:auto;right:0;border-left:1px solid rgba(0,0,0,.1)}.tabs{margin-bottom:24px;font-size:14px}.tabs li em,.tabs li.active a{color:#313439;border:1px solid rgba(0,0,0,.1);cursor:default;text-decoration:none;background:0 0}.tabs a,.tabs em{top:1px;font-style:normal;display:block;padding:.5rem 1rem;border:1px solid transparent;color:rgba(0,0,0,.5);text-decoration:none}.tabs a:hover{-moz-transition:all linear .2s;transition:all linear .2s;color:#313439;text-decoration:underline;background-color:#e0e1e1}@media (min-width:768px){.tabs ul{display:flex;margin-top:-1px;border-bottom:1px solid rgba(0,0,0,.1)}.tabs li em,.tabs li.active a{border-bottom:1px solid #fff}} -------------------------------------------------------------------------------- /report/js/kube.min.js: -------------------------------------------------------------------------------- 1 | if("undefined"==typeof jQuery)throw new Error("Kube's requires jQuery");!function(t){var e=t.fn.jquery.split(".");if(1==e[0]&&e[1]<8)throw new Error("Kube's requires at least jQuery v1.8")}(jQuery),function(){Function.prototype.inherits=function(t){var e=function(){};e.prototype=t.prototype;var s=new e;for(var i in this.prototype)s[i]=this.prototype[i];this.prototype=s,this.prototype["super"]=t.prototype};var t=function(t,e){e="object"==typeof e?e:{},this.$element=$(t),this.opts=$.extend(!0,this.defaults,$.fn[this.namespace].options,this.$element.data(),e),this.$target="string"==typeof this.opts.target?$(this.opts.target):null};t.prototype={getInstance:function(){return this.$element.data("fn."+this.namespace)},hasTarget:function(){return!(null===this.$target)},callback:function(t){var e=[].slice.call(arguments).splice(1);return this.$element&&(e=this._fireCallback($._data(this.$element[0],"events"),t,this.namespace,e)),this.$target&&(e=this._fireCallback($._data(this.$target[0],"events"),t,this.namespace,e)),this.opts&&this.opts.callbacks&&$.isFunction(this.opts.callbacks[t])?this.opts.callbacks[t].apply(this,e):e},_fireCallback:function(t,e,s,i){if(t&&"undefined"!=typeof t[e])for(var n=t[e].length,o=0;n>o;o++){var a=t[e][o].namespace;if(a===s)var h=t[e][o].handler.apply(this,i)}return"undefined"==typeof h?i:h}},window.Kube=t}(),function(t){t.Plugin={create:function(e,s){return s="undefined"==typeof s?e.toLowerCase():s,$.fn[s]=function(i,n){var o=Array.prototype.slice.call(arguments,1),a="fn."+s,h=[];return this.each(function(){var s=$(this),l=s.data(a);if(n="object"==typeof i?i:n,l||(s.data(a,{}),s.data(a,l=new t[e](this,n))),"string"==typeof i)if($.isFunction(l[i])){var c=l[i].apply(l,o);void 0!==c&&h.push(c)}else $.error('No such method "'+i+'" for '+e)}),0===h.length||1===h.length?0===h.length?this:h[0]:h},$.fn[s].options={},this},autoload:function(t){for(var e=t.split(","),s=e.length,i=0;s>i;i++){var n=e[i].toLowerCase().split(",").map(function(t){return t.trim()}).join(",");this.autoloadQueue.push(n)}return this},autoloadQueue:[],startAutoload:function(){if(window.MutationObserver&&0!==this.autoloadQueue.length){var t=this,e=new MutationObserver(function(e){e.forEach(function(e){var s=e.addedNodes;0===s.length||1===s.length&&3===s.nodeType||t.startAutoloadOnce()})});e.observe(document,{subtree:!0,childList:!0})}},startAutoloadOnce:function(){var t=this,e=$("[data-component]").not("[data-loaded]");e.each(function(){var e=$(this),s=e.data("component");-1!==t.autoloadQueue.indexOf(s)&&(e.attr("data-loaded",!0),e[s]())})},watch:function(){t.Plugin.startAutoloadOnce(),t.Plugin.startAutoload()}},$(window).on("load",function(){t.Plugin.watch()})}(Kube),function(t){t.Animation=function(e,s,i){this.namespace="animation",this.defaults={},t.apply(this,arguments),this.effect=s,this.completeCallback="undefined"==typeof i?!1:i,this.prefixes=["","-moz-","-o-animation-","-webkit-"],this.queue=[],this.start()},t.Animation.prototype={start:function(){this.isSlideEffect()&&this.setElementHeight(),this.addToQueue(),this.clean(),this.animate()},addToQueue:function(){this.queue.push(this.effect)},setElementHeight:function(){this.$element.height(this.$element.height())},removeElementHeight:function(){this.$element.css("height","")},isSlideEffect:function(){return"slideDown"===this.effect||"slideUp"===this.effect},isHideableEffect:function(){var t=["fadeOut","slideUp","flipOut","zoomOut","slideOutUp","slideOutRight","slideOutLeft"];return-1!==$.inArray(this.effect,t)},isToggleEffect:function(){return"show"===this.effect||"hide"===this.effect},storeHideClasses:function(){this.$element.hasClass("hide-sm")?this.$element.data("hide-sm-class",!0):this.$element.hasClass("hide-md")&&this.$element.data("hide-md-class",!0)},revertHideClasses:function(){this.$element.data("hide-sm-class")?this.$element.addClass("hide-sm").removeData("hide-sm-class"):this.$element.data("hide-md-class")?this.$element.addClass("hide-md").removeData("hide-md-class"):this.$element.addClass("hide")},removeHideClass:function(){this.$element.data("hide-sm-class")?this.$element.removeClass("hide-sm"):this.$element.data("hide-md-class")?this.$element.removeClass("hide-md"):this.$element.removeClass("hide")},animate:function(){if(this.storeHideClasses(),this.isToggleEffect())return this.makeSimpleEffects();this.$element.addClass("kubeanimated"),this.$element.addClass(this.queue[0]),this.removeHideClass();var t=this.queue.length>1?null:this.completeCallback;this.complete("AnimationEnd",$.proxy(this.makeComplete,this),t)},makeSimpleEffects:function(){"show"===this.effect?this.removeHideClass():"hide"===this.effect&&this.revertHideClasses(),"function"==typeof this.completeCallback&&this.completeCallback(this)},makeComplete:function(){this.$element.hasClass(this.queue[0])&&(this.clean(),this.queue.shift(),this.queue.length&&this.animate())},complete:function(t,e,s){var i=t.toLowerCase()+" webkit"+t+" o"+t+" MS"+t;this.$element.one(i,$.proxy(function(){"function"==typeof e&&e(),this.isHideableEffect()&&this.revertHideClasses(),this.isSlideEffect()&&this.removeElementHeight(),"function"==typeof s&&s(this),this.$element.off(i)},this))},clean:function(){this.$element.removeClass("kubeanimated").removeClass(this.queue[0])}},t.Animation.inherits(t)}(Kube),function(t){t.fn.animation=function(e,s){var i="fn.animation";return this.each(function(){var n=t(this),o=n.data(i);n.data(i,{}),n.data(i,o=new Kube.Animation(this,e,s))})},t.fn.animation.options={}}(jQuery),function(t){t.Detect=function(){},t.Detect.prototype={isMobile:function(){return/(iPhone|iPod|BlackBerry|Android)/.test(navigator.userAgent)},isDesktop:function(){return!/(iPhone|iPod|iPad|BlackBerry|Android)/.test(navigator.userAgent)},isMobileScreen:function(){return $(window).width()<=768},isTabletScreen:function(){return $(window).width()>=768&&$(window).width()<=1024},isDesktopScreen:function(){return $(window).width()>1024}}}(Kube),function(t){t.FormData=function(t){this.opts=t.opts},t.FormData.prototype={set:function(t){this.data=t},get:function(t){return this.formdata=t,this.opts.appendForms&&this.appendForms(),this.opts.appendFields&&this.appendFields(),this.data},appendFields:function(){var t=$(this.opts.appendFields);if(0!==t.length){var e=this,s="";this.formdata?t.each(function(){e.data.append($(this).attr("name"),$(this).val())}):(t.each(function(){s+="&"+$(this).attr("name")+"="+$(this).val()}),this.data=""===this.data?s.replace(/^&/,""):this.data+s)}},appendForms:function(){var t=$(this.opts.appendForms);if(0!==t.length)if(this.formdata){var e=this,s=$(this.opts.appendForms).serializeArray();$.each(s,function(t,s){e.data.append(s.name,s.value)})}else{var i=t.serialize();this.data=""===this.data?i:this.data+"&"+i}}}}(Kube),function(t){t.Response=function(t){},t.Response.prototype={parse:function(t){if(""===t)return!1;var e={};try{e=JSON.parse(t)}catch(s){return!1}if(void 0!==e[0])for(var i in e)this.parseItem(e[i]);else this.parseItem(e);return e},parseItem:function(t){return"value"===t.type?$.each(t.data,$.proxy(function(t,e){e=null===e||e===!1?0:e,e=e===!0?1:e,$(t).val(e)},this)):"html"===t.type?$.each(t.data,$.proxy(function(t,e){e=null===e||e===!1?"":e,$(t).html(this.stripslashes(e))},this)):"addClass"===t.type?$.each(t.data,function(t,e){$(t).addClass(e)}):"removeClass"===t.type?$.each(t.data,function(t,e){$(t).removeClass(e)}):"command"===t.type?$.each(t.data,function(t,e){$(e)[t]()}):"animation"===t.type?$.each(t.data,function(t,e){e.opts="undefined"==typeof e.opts?{}:e.opts,$(t).animation(e.name,e.opts)}):"location"===t.type?top.location.href=t.data:"notify"===t.type&&$.notify(t.data),t},stripslashes:function(t){return(t+"").replace(/\0/g,"0").replace(/\\([\\'"])/g,"$1")}}}(Kube),function(t){t.Utils=function(){},t.Utils.prototype={disableBodyScroll:function(){var t=$("html"),e=window.innerWidth;if(!e){var s=document.documentElement.getBoundingClientRect();e=s.right-Math.abs(s.left)}var i=document.body.clientWidththis.offsetTop+this.opts.offset},fixed:function(){this.$element.addClass(this.opts.classname).css("top",this.opts.offset+"px"),this.callback("fixed")},unfixed:function(){this.$element.removeClass(this.opts.classname).css("top",""),this.callback("unfixed")}},t.Sticky.inherits(t),t.Plugin.create("Sticky"),t.Plugin.autoload("Sticky")}(Kube),function(t){t.Toggleme=function(e,s){this.namespace="toggleme",this.defaults={toggleEvent:"click",target:null,text:"",animationOpen:"slideDown",animationClose:"slideUp",callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.start()},t.Toggleme.prototype={start:function(){this.hasTarget()&&this.$element.on(this.opts.toggleEvent+"."+this.namespace,$.proxy(this.toggle,this))},stop:function(){this.$element.off("."+this.namespace),this.revertText()},toggle:function(t){this.isOpened()?this.close(t):this.open(t)},open:function(t){t&&t.preventDefault(),this.isOpened()||(this.storeText(),this.callback("open"),this.$target.animation("slideDown",$.proxy(this.onOpened,this)),setTimeout($.proxy(this.replaceText,this),100))},close:function(t){t&&t.preventDefault(),this.isOpened()&&(this.callback("close"),this.$target.animation("slideUp",$.proxy(this.onClosed,this)))},isOpened:function(){return this.$target.hasClass("open")},onOpened:function(){this.$target.addClass("open"),this.callback("opened")},onClosed:function(){this.$target.removeClass("open"),this.revertText(),this.callback("closed")},storeText:function(){this.$element.data("replacement-text",this.$element.html())},revertText:function(){var t=this.$element.data("replacement-text");t&&this.$element.html(t),this.$element.removeData("replacement-text")},replaceText:function(){""!==this.opts.text&&this.$element.html(this.opts.text)}},t.Toggleme.inherits(t),t.Plugin.create("Toggleme"),t.Plugin.autoload("Toggleme")}(Kube),function(t){t.Offcanvas=function(e,s){this.namespace="offcanvas",this.defaults={target:null,push:!0,width:"250px",direction:"left",toggleEvent:"click",clickOutside:!0,animationOpen:"slideInLeft",animationClose:"slideOutLeft",callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.utils=new t.Utils,this.detect=new t.Detect,this.start()},t.Offcanvas.prototype={start:function(){this.hasTarget()&&(this.buildTargetWidth(),this.buildAnimationDirection(),this.$close=this.getCloseLink(),this.$element.on(this.opts.toggleEvent+"."+this.namespace,$.proxy(this.toggle,this)),this.$target.addClass("offcanvas"))},stop:function(){this.closeAll(),this.$element.off("."+this.namespace),this.$close.off("."+this.namespace),$(document).off("."+this.namespace)},toggle:function(t){this.isOpened()?this.close(t):this.open(t)},buildTargetWidth:function(){this.opts.width=$(window).width()t||(this.opts.caretUp=!0,this.$caret.addClass("up"))},getCaret:function(){return this.$element.find(".caret")},toggleCaretOpen:function(){this.opts.caretUp?this.$caret.removeClass("up").addClass("down"):this.$caret.removeClass("down").addClass("up")},toggleCaretClose:function(){this.opts.caretUp?this.$caret.removeClass("down").addClass("up"):this.$caret.removeClass("up").addClass("down")},toggle:function(t){this.isOpened()?this.close(t):this.open(t)},open:function(t){t&&t.preventDefault(),this.callback("open"),$(".dropdown").removeClass("open").addClass("hide"),this.opts.height&&this.$target.css("min-height",this.opts.height+"px"),this.opts.width&&this.$target.width(this.opts.width),this.setPosition(),this.toggleCaretOpen(),this.$target.animation(this.opts.animationOpen,$.proxy(this.onOpened,this))},close:function(t){if(this.isOpened()){if(t){if(this.shouldNotBeClosed(t.target))return;t.preventDefault()}this.utils.enableBodyScroll(),this.callback("close"),this.toggleCaretClose(),this.$target.animation(this.opts.animationClose,$.proxy(this.onClosed,this))}},onClosed:function(){this.$target.removeClass("open"),this.disableEvents(),this.callback("closed")},onOpened:function(){this.$target.addClass("open"),this.enableEvents(),this.callback("opened")},isOpened:function(){return this.$target.hasClass("open")},enableEvents:function(){this.detect.isDesktop()&&this.$target.on("mouseover."+this.namespace,$.proxy(this.utils.disableBodyScroll,this.utils)).on("mouseout."+this.namespace,$.proxy(this.utils.enableBodyScroll,this.utils)),$(document).on("scroll."+this.namespace,$.proxy(this.setPosition,this)),$(window).on("resize."+this.namespace,$.proxy(this.setPosition,this)),$(document).on("click."+this.namespace+" touchstart."+this.namespace,$.proxy(this.close,this)),$(document).on("keydown."+this.namespace,$.proxy(this.handleKeyboard,this)),this.$target.find('[data-action="dropdown-close"]').on("click."+this.namespace,$.proxy(this.close,this))},disableEvents:function(){this.$target.off("."+this.namespace),$(document).off("."+this.namespace),$(window).off("."+this.namespace)},handleKeyboard:function(t){27===t.which&&this.close(t)},shouldNotBeClosed:function(t){return"dropdown-close"===$(t).attr("data-action")||t===this.$close[0]?!1:0!==$(t).closest(".dropdown").length},isNavigationFixed:function(){return 0!==this.$element.closest(".fixed").length},getPlacement:function(t){return $(document).height()"),t.each($.proxy(this.buildLiveItem,this)),this.$element.html("").append(this.$liveTabsList))},buildLiveItem:function(t,e){var s=$(e),i=$("
  • "),n=$(""),o=t+1;s.attr("id",this.getLiveItemId(s,o));var a="#"+s.attr("id"),h=this.getLiveItemTitle(s);n.attr("href",a).attr("rel",a).text(h),i.append(n),this.$liveTabsList.append(i)},getLiveItemId:function(t,e){return"undefined"==typeof t.attr("id")?this.opts.live.replace(".","")+e:t.attr("id")},getLiveItemTitle:function(t){return"undefined"==typeof t.attr("data-title")?t.attr("id"):t.attr("data-title")},setActiveItem:function(){this.currentHash?(this.currentItem=this.getItemBy(this.currentHash),this.opts.active=this.currentHash):this.opts.active===!1&&(this.currentItem=this.getItem(this.$items.first()),this.opts.active=this.currentItem.hash),this.addActive(this.currentItem)},addActive:function(t){t.$parent.addClass("active"),t.$tab.removeClass("hide").addClass("open"),this.currentItem=t},removeActive:function(t){t.$parent.removeClass("active"),t.$tab.addClass("hide").removeClass("open"),this.currentItem=!1},next:function(t){t&&t.preventDefault();var e=this.getItem(this.fetchElement("next"));this.open(e.hash),this.callback("next",e)},prev:function(t){t&&t.preventDefault();var e=this.getItem(this.fetchElement("prev"));this.open(e.hash),this.callback("prev",e)},fetchElement:function(t){var e;if(this.currentItem!==!1){if(e=this.currentItem.$parent[t]().find("a"),0===e.length)return}else e=this.$items[0];return e},open:function(t,e){if("undefined"!=typeof t){"object"==typeof t&&t.preventDefault();var s="object"==typeof t?this.getItem(t.target):this.getItemBy(t);this.closeAll(),this.callback("open",s),this.addActive(s),this.pushStateOpen(e,s),this.callback("opened",s)}},pushStateOpen:function(t,e){t!==!1&&this.opts.hash!==!1&&history.pushState(!1,!1,e.hash)},close:function(t){var e=this.getItemBy(t);e.$parent.hasClass("active")&&(this.callback("close",e),this.removeActive(e),this.pushStateClose(),this.callback("closed",e))},pushStateClose:function(){this.opts.hash!==!1&&history.pushState(!1,!1," ")},closeAll:function(){this.$tabs.removeClass("open").addClass("hide"),this.$items.parent().removeClass("active")},getItem:function(t){var e={};return e.$el=$(t),e.hash=e.$el.attr("href"),e.$parent=e.$el.parent(),e.$tab=$(e.hash),e},getItemBy:function(t){var e="number"==typeof t?this.$items.eq(t-1):this.$element.find('[rel="'+t+'"]');return this.getItem(e)},getLocationHash:function(){return this.opts.hash===!1?!1:this.isHash()?top.location.hash:!1},isHash:function(){return!(""===top.location.hash||-1===$.inArray(top.location.hash,this.hashesCollection))},setItemHeight:function(){if(this.opts.equals){var t=this.getItemMaxHeight()+"px";this.$tabs.css("min-height",t)}},getItemMaxHeight:function(){var t=0;return this.$tabs.each(function(){var e=$(this).height();t=e>t?e:t}),t}},t.Tabs.inherits(t),t.Plugin.create("Tabs"),t.Plugin.autoload("Tabs")}(Kube),function(t){t.modalcurrent=null,t.modalwindow=function(e){var s=t.extend({},e,{show:!0}),i=t("");i.modal(s)}}(jQuery),function(t){t.Modal=function(e,s){this.namespace="modal",this.defaults={target:null,show:!1,url:!1,header:!1,width:"600px",height:!1,maxHeight:!1,position:"center",overlay:!0,appendForms:!1,appendFields:!1,animationOpen:"show",animationClose:"hide",callbacks:["open","opened","close","closed"]},t.apply(this,arguments),this.utils=new t.Utils,this.detect=new t.Detect,this.start()},t.Modal.prototype={start:function(){this.hasTarget()&&(this.opts.show?this.load():this.$element.on("click."+this.namespace,$.proxy(this.load,this)))},buildModal:function(){this.$modal=this.$target.find(".modal"),this.$header=this.$target.find(".modal-header"),this.$close=this.$target.find(".close"),this.$body=this.$target.find(".modal-body")},buildOverlay:function(){this.opts.overlay!==!1&&(0!==$("#modal-overlay").length?this.$overlay=$("#modal-overlay"):(this.$overlay=$('