├── .gitignore ├── .project ├── .pydevproject ├── ArticleManage ├── Functions │ ├── __init__.py │ └── uploadimgs.py ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── migrations │ └── __init__.py ├── models.py ├── tests.py ├── urls.py └── views.py ├── AssetManage ├── Functions │ └── select.py ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── migrations │ └── __init__.py ├── models.py ├── tasks.py ├── tests.py ├── urls.py └── views │ ├── assetconnect.py │ ├── assetdetails.py │ ├── assetinfo.py │ ├── csv.py │ ├── file.py │ ├── handover.py │ ├── plugin.py │ ├── port.py │ ├── scan.py │ ├── taskview.py │ └── views.py ├── ChartManage ├── Functions │ └── publicfunction.py ├── __init__.py ├── admin.py ├── apps.py ├── migrations │ └── __init__.py ├── models.py ├── tests.py ├── urls.py └── views.py ├── LICENSE ├── MappedManage ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── migrations │ └── __init__.py ├── models.py ├── tests.py ├── urls.py └── views.py ├── NoticeManage ├── __init__.py ├── admin.py ├── apps.py ├── migrations │ └── __init__.py ├── models.py ├── tests.py ├── urls.py └── views.py ├── RBAC ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── middleware │ ├── __init__.py │ └── rbac.py ├── migrations │ └── __init__.py ├── models.py ├── service │ └── init_permission.py ├── templatetags │ └── custom_tag.py ├── tests.py ├── urls.py └── views.py ├── README.md ├── README_CN.md ├── SeMF ├── __init__.py ├── celery.py ├── settings.py ├── urls.py ├── views.py └── wsgi.py ├── SeMFSetting ├── Functions │ ├── AWVS11.py │ ├── Nessus.py │ ├── checkip.py │ ├── checkpsd.py │ ├── mails.py │ ├── nmap.py │ └── parse_awvs_xml.py ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── migrations │ └── __init__.py ├── models.py ├── tests.py └── views.py ├── TaskManage ├── Functions │ ├── awvs.py │ └── nessus.py ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── migrations │ └── __init__.py ├── models.py ├── tasks.py ├── tests.py ├── urls.py └── views │ ├── Scantasks.py │ └── views.py ├── VulnManage ├── __init__.py ├── admin.py ├── apps.py ├── forms.py ├── migrations │ └── __init__.py ├── models.py ├── tasks.py ├── tests.py ├── urls.py └── views │ ├── Advanceviews.py │ ├── cnvdviews.py │ └── views.py ├── cnnvd_xml.py ├── cnvd_xml.py ├── cnvd_xml ├── 2014-12-29_2015-01-04.xml ├── 2015-01-05_2015-01-11.xml ├── 2015-01-12_2015-01-18.xml ├── 2015-01-19_2015-01-25.xml ├── 2015-01-26_2015-02-01.xml ├── 2015-02-02_2015-02-08.xml ├── 2015-02-09_2015-02-15.xml ├── 2015-02-16_2015-02-22.xml ├── 2015-02-23_2015-03-01.xml ├── 2015-03-02_2015-03-08.xml ├── 2015-03-09_2015-03-15.xml ├── 2015-03-16_2015-03-22.xml ├── 2015-03-23_2015-03-29.xml ├── 2015-03-30_2015-04-05.xml ├── 2015-04-06_2015-04-12.xml ├── 2015-04-13_2015-04-19.xml ├── 2015-04-20_2015-04-26.xml ├── 2015-04-27_2015-05-03.xml ├── 2015-05-04_2015-05-10.xml ├── 2015-05-11_2015-05-17.xml ├── 2015-05-18_2015-05-24.xml ├── 2015-05-25_2015-05-31.xml ├── 2015-06-01_2015-06-07.xml ├── 2015-06-08_2015-06-14.xml ├── 2015-06-15_2015-06-21.xml ├── 2015-06-22_2015-06-28.xml ├── 2015-06-29_2015-07-05.xml ├── 2015-07-06_2015-07-12.xml ├── 2015-07-13_2015-07-19.xml ├── 2015-07-20_2015-07-26.xml ├── 2015-07-27_2015-08-02.xml ├── 2015-08-03_2015-08-09.xml ├── 2015-08-10_2015-08-16.xml ├── 2015-08-17_2015-08-23.xml ├── 2015-08-24_2015-08-30.xml ├── 2015-08-31_2015-09-06.xml ├── 2015-09-07_2015-09-13.xml ├── 2015-09-14_2015-09-20.xml ├── 2015-09-21_2015-09-27.xml ├── 2015-09-28_2015-10-04.xml ├── 2015-10-05_2015-10-11.xml ├── 2015-10-12_2015-10-18.xml ├── 2015-10-19_2015-10-25.xml ├── 2015-10-26_2015-11-01.xml ├── 2015-11-02_2015-11-08.xml ├── 2015-11-09_2015-11-15.xml ├── 2015-11-16_2015-11-22.xml ├── 2015-11-23_2015-11-29.xml ├── 2015-11-30_2015-12-06.xml ├── 2015-12-07_2015-12-13.xml ├── 2015-12-14_2015-12-20.xml ├── 2015-12-21_2015-12-27.xml ├── 2015-12-28_2016-01-03.xml ├── 2016-01-04_2016-01-10.xml ├── 2016-01-11_2016-01-17.xml ├── 2016-01-18_2016-01-24.xml ├── 2016-01-25_2016-01-31.xml ├── 2016-02-01_2016-02-07.xml ├── 2016-02-08_2016-02-14.xml ├── 2016-02-15_2016-02-21.xml ├── 2016-02-22_2016-02-28.xml ├── 2016-02-29_2016-03-06.xml ├── 2016-03-07_2016-03-13.xml ├── 2016-03-14_2016-03-20.xml ├── 2016-03-21_2016-03-27.xml ├── 2016-03-28_2016-04-03.xml ├── 2016-04-04_2016-04-10.xml ├── 2016-04-11_2016-04-17.xml ├── 2016-04-18_2016-04-24.xml ├── 2016-04-25_2016-05-01.xml ├── 2016-05-02_2016-05-08.xml ├── 2016-05-09_2016-05-15.xml ├── 2016-05-16_2016-05-22.xml ├── 2016-05-23_2016-05-29.xml ├── 2016-05-30_2016-06-05.xml ├── 2016-06-06_2016-06-12.xml ├── 2016-06-13_2016-06-19.xml ├── 2016-06-20_2016-06-26.xml ├── 2016-06-27_2016-07-03.xml ├── 2016-07-04_2016-07-10.xml ├── 2016-07-11_2016-07-17.xml ├── 2016-07-18_2016-07-24.xml ├── 2016-07-25_2016-07-31.xml ├── 2016-08-01_2016-08-07.xml ├── 2016-08-08_2016-08-14.xml ├── 2016-08-15_2016-08-21.xml ├── 2016-08-22_2016-08-28.xml ├── 2016-08-29_2016-09-04.xml ├── 2016-09-05_2016-09-11.xml ├── 2016-09-12_2016-09-18.xml ├── 2016-09-19_2016-09-25.xml ├── 2016-09-26_2016-10-02.xml ├── 2016-10-03_2016-10-09.xml ├── 2016-10-10_2016-10-16.xml ├── 2016-10-17_2016-10-23.xml ├── 2016-10-24_2016-10-30.xml ├── 2016-10-31_2016-11-06.xml ├── 2016-11-07_2016-11-13.xml ├── 2016-11-14_2016-11-20.xml ├── 2016-11-21_2016-11-27.xml ├── 2016-11-28_2016-12-04.xml ├── 2016-12-05_2016-12-11.xml ├── 2016-12-12_2016-12-18.xml ├── 2016-12-19_2016-12-25.xml ├── 2016-12-26_2017-01-01.xml ├── 2017-01-02_2017-01-08.xml ├── 2017-01-09_2017-01-15.xml ├── 2017-01-16_2017-01-22.xml ├── 2017-01-23_2017-01-29.xml ├── 2017-01-30_2017-02-05.xml ├── 2017-02-06_2017-02-12.xml ├── 2017-02-13_2017-02-19.xml ├── 2017-02-20_2017-02-26.xml ├── 2017-02-27_2017-03-05.xml ├── 2017-03-06_2017-03-12.xml ├── 2017-03-13_2017-03-19.xml ├── 2017-03-20_2017-03-26.xml ├── 2017-03-27_2017-04-02.xml ├── 2017-04-03_2017-04-09.xml ├── 2017-04-10_2017-04-16.xml ├── 2017-04-17_2017-04-23.xml ├── 2017-04-24_2017-04-30.xml ├── 2017-05-01_2017-05-07.xml ├── 2017-05-08_2017-05-14.xml ├── 2017-05-15_2017-05-21.xml ├── 2017-05-22_2017-05-28.xml ├── 2017-05-29_2017-06-04.xml ├── 2017-06-05_2017-06-11.xml ├── 2017-06-12_2017-06-18.xml ├── 2017-06-19_2017-06-25.xml ├── 2017-06-26_2017-07-02.xml ├── 2017-07-03_2017-07-09.xml ├── 2017-07-10_2017-07-16.xml ├── 2017-07-17_2017-07-23.xml ├── 2017-07-24_2017-07-30.xml ├── 2017-07-31_2017-08-06.xml ├── 2017-08-07_2017-08-13.xml ├── 2017-08-14_2017-08-20.xml ├── 2017-08-21_2017-08-27.xml ├── 2017-08-28_2017-09-03.xml ├── 2017-09-04_2017-09-10.xml ├── 2017-09-11_2017-09-17.xml ├── 2017-09-18_2017-09-24.xml ├── 2017-09-25_2017-10-01.xml ├── 2017-10-02_2017-10-08.xml ├── 2017-10-09_2017-10-15.xml ├── 2017-10-16_2017-10-22.xml ├── 2017-10-23_2017-10-29.xml ├── 2017-10-30_2017-11-05.xml ├── 2017-11-06_2017-11-12.xml ├── 2017-11-13_2017-11-19.xml ├── 2017-11-20_2017-11-26.xml ├── 2017-11-27_2017-12-03.xml ├── 2017-12-04_2017-12-10.xml ├── 2017-12-11_2017-12-17.xml ├── 2017-12-18_2017-12-24.xml ├── 2017-12-25_2017-12-31.xml ├── 2018-01-01_2018-01-07.xml ├── 2018-01-08_2018-01-14.xml ├── 2018-01-15_2018-01-21.xml ├── 2018-01-22_2018-01-28.xml ├── 2018-01-29_2018-02-04.xml ├── 2018-02-05_2018-02-11.xml ├── 2018-02-12_2018-02-18.xml ├── 2018-02-19_2018-02-25.xml ├── 2018-02-26_2018-03-04.xml ├── 2018-03-05_2018-03-11.xml ├── 2018-03-12_2018-03-18.xml ├── 2018-03-19_2018-03-25.xml ├── 2018-03-26_2018-04-01.xml ├── 2018-04-02_2018-04-08.xml ├── 2018-04-09_2018-04-15.xml ├── 2018-04-16_2018-04-22.xml ├── 2018-04-23_2018-04-29.xml ├── 2018-04-30_2018-05-06.xml ├── 2018-05-07_2018-05-13.xml ├── 2018-05-14_2018-05-20.xml ├── 2018-05-21_2018-05-27.xml ├── 2018-05-28_2018-06-03.xml ├── 2018-06-04_2018-06-10.xml ├── 2018-06-11_2018-06-17.xml ├── 2018-06-18_2018-06-24.xml ├── 2018-06-25_2018-07-01.xml ├── 2018-07-02_2018-07-08.xml ├── 2018-07-09_2018-07-15.xml ├── 2018-07-16_2018-07-22.xml ├── 2018-07-23_2018-07-29.xml ├── 2018-07-30_2018-08-05.xml ├── 2018-08-06_2018-08-12.xml ├── 2018-08-13_2018-08-19.xml ├── 2018-08-20_2018-08-26.xml ├── 2018-08-27_2018-09-02.xml ├── 2018-09-03_2018-09-09.xml ├── 2018-09-10_2018-09-16.xml ├── 2018-09-17_2018-09-23.xml ├── 2018-09-24_2018-09-30.xml ├── 2018-10-01_2018-10-07.xml ├── 2018-10-08_2018-10-14.xml └── xml_file │ └── .keep ├── doc ├── SeMF使用指南-2018-06-20.pdf ├── SeMF安装指南-2018-06-12.pdf ├── image │ ├── 113258_154ca8d5_1390378.png │ ├── 113454_07c46a58_1390378.png │ ├── 113543_6a6973ec_1390378.png │ ├── 113714_90826f30_1390378.png │ ├── 114021_ef591ca3_1390378.png │ ├── 114106_3cf15048_1390378 (1).png │ ├── 114106_3cf15048_1390378.png │ ├── 114130_0e8d0451_1390378.png │ └── 68747470733a2f2f67697465652e636f6d2f75706c6f6164732f696d616765732f323031382f303532372f3131333435345f30376334366135385f313339303337382e706e67.png └── install_zh.md ├── initdata.py ├── logs └── .keep ├── manage.py ├── requirements.txt ├── static ├── css │ ├── bootstrap.min.css │ ├── bootstrap.min.css.map │ ├── font.css │ └── xadmin.css ├── fonts │ ├── iconfont.eot │ ├── iconfont.svg │ ├── iconfont.ttf │ └── iconfont.woff ├── images │ ├── aiwrap.png │ └── bg.png ├── jquery │ └── jquery-3.3.1.min.js ├── js │ ├── bootstrap.min.js │ ├── echarts.common.min.js │ └── xadmin.js └── lib │ └── layui │ ├── css │ ├── layui.css │ ├── layui.mobile.css │ └── modules │ │ ├── code.css │ │ ├── laydate │ │ └── default │ │ │ └── laydate.css │ │ └── layer │ │ └── default │ │ ├── icon-ext.png │ │ ├── icon.png │ │ ├── layer.css │ │ ├── loading-0.gif │ │ ├── loading-1.gif │ │ └── loading-2.gif │ ├── font │ ├── iconfont.eot │ ├── iconfont.svg │ ├── iconfont.ttf │ └── iconfont.woff │ ├── images │ └── face │ │ ├── 0.gif │ │ ├── 1.gif │ │ ├── 10.gif │ │ ├── 11.gif │ │ ├── 12.gif │ │ ├── 13.gif │ │ ├── 14.gif │ │ ├── 15.gif │ │ ├── 16.gif │ │ ├── 17.gif │ │ ├── 18.gif │ │ ├── 19.gif │ │ ├── 2.gif │ │ ├── 20.gif │ │ ├── 21.gif │ │ ├── 22.gif │ │ ├── 23.gif │ │ ├── 24.gif │ │ ├── 25.gif │ │ ├── 26.gif │ │ ├── 27.gif │ │ ├── 28.gif │ │ ├── 29.gif │ │ ├── 3.gif │ │ ├── 30.gif │ │ ├── 31.gif │ │ ├── 32.gif │ │ ├── 33.gif │ │ ├── 34.gif │ │ ├── 35.gif │ │ ├── 36.gif │ │ ├── 37.gif │ │ ├── 38.gif │ │ ├── 39.gif │ │ ├── 4.gif │ │ ├── 40.gif │ │ ├── 41.gif │ │ ├── 42.gif │ │ ├── 43.gif │ │ ├── 44.gif │ │ ├── 45.gif │ │ ├── 46.gif │ │ ├── 47.gif │ │ ├── 48.gif │ │ ├── 49.gif │ │ ├── 5.gif │ │ ├── 50.gif │ │ ├── 51.gif │ │ ├── 52.gif │ │ ├── 53.gif │ │ ├── 54.gif │ │ ├── 55.gif │ │ ├── 56.gif │ │ ├── 57.gif │ │ ├── 58.gif │ │ ├── 59.gif │ │ ├── 6.gif │ │ ├── 60.gif │ │ ├── 61.gif │ │ ├── 62.gif │ │ ├── 63.gif │ │ ├── 64.gif │ │ ├── 65.gif │ │ ├── 66.gif │ │ ├── 67.gif │ │ ├── 68.gif │ │ ├── 69.gif │ │ ├── 7.gif │ │ ├── 70.gif │ │ ├── 71.gif │ │ ├── 8.gif │ │ └── 9.gif │ ├── lay │ └── modules │ │ ├── carousel.js │ │ ├── code.js │ │ ├── element.js │ │ ├── flow.js │ │ ├── form.js │ │ ├── jquery.js │ │ ├── laydate.js │ │ ├── layedit.js │ │ ├── layer.js │ │ ├── laypage.js │ │ ├── laytpl.js │ │ ├── mobile.js │ │ ├── table.js │ │ ├── tree.js │ │ ├── upload.js │ │ └── util.js │ ├── layui.all.js │ └── layui.js ├── templates ├── 403.html ├── 404.html ├── 500.html ├── ArticleManage │ ├── articledetails.html │ └── articlelist.html ├── AssetManage │ ├── assetdetails.html │ ├── assethandoverlist.html │ ├── assetlist.html │ └── assetrequestlist.html ├── ChartManage │ └── chartview.html ├── Dashboard.html ├── MappedManage │ ├── mappeddetails.html │ └── mappedview.html ├── NoticeManage │ └── noticelist.html ├── RBAC │ ├── login.html │ ├── main.html │ ├── regist.html │ ├── registrequest.html │ ├── resetpsd.html │ ├── resetpsdquest.html │ ├── userinfo.html │ ├── userlist.html │ └── userregistlist.html ├── TaskManage │ ├── taskdetails.html │ ├── taskedit.html │ ├── tasklist.html │ ├── taskrequest.html │ └── taskupdate.html ├── VulnManage │ ├── advancevulnlist.html │ ├── cnvdvulndetails.html │ ├── cnvdvulnlist.html │ ├── vulndetails.html │ └── vulnlist.html ├── error.html ├── formedit.html ├── formupdate.html └── index.html └── tmp ├── 4160ece1-7ba5-47e7-9c76-4516894196ec.xml ├── d9b02c6b-6fb8-4e01-84ee-ce1ad771f2a9.xml └── fa834a67-cffa-4194-8e0f-3924d32b1e63.xml /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | db.sqlite3 6 | *_initial.py 7 | # C extensions 8 | *.so 9 | 10 | # Distribution / packaging 11 | .Python 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | MANIFEST 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | .static_storage/ 56 | .media/ 57 | local_settings.py 58 | 59 | # Flask stuff: 60 | instance/ 61 | .webassets-cache 62 | 63 | # Scrapy stuff: 64 | .scrapy 65 | 66 | # Sphinx documentation 67 | docs/_build/ 68 | 69 | # PyBuilder 70 | target/ 71 | 72 | # Jupyter Notebook 73 | .ipynb_checkpoints 74 | 75 | # pyenv 76 | .python-version 77 | 78 | # celery beat schedule file 79 | celerybeat-schedule 80 | 81 | # SageMath parsed files 82 | *.sage.py 83 | 84 | # Environments 85 | .env 86 | .venv 87 | env/ 88 | venv/ 89 | ENV/ 90 | env.bak/ 91 | venv.bak/ 92 | 93 | # Spyder project settings 94 | .spyderproject 95 | .spyproject 96 | 97 | # Rope project settings 98 | .ropeproject 99 | 100 | # mkdocs documentation 101 | /site 102 | 103 | # mypy 104 | .mypy_cache/ 105 | -------------------------------------------------------------------------------- /.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | SeMF 4 | 5 | 6 | 7 | 8 | 9 | org.python.pydev.PyDevBuilder 10 | 11 | 12 | 13 | 14 | 15 | org.python.pydev.pythonNature 16 | org.python.pydev.django.djangoNature 17 | 18 | 19 | -------------------------------------------------------------------------------- /.pydevproject: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | DJANGO_MANAGE_LOCATION 5 | manage.py 6 | 7 | 8 | /${PROJECT_DIR_NAME} 9 | 10 | python interpreter 11 | semf_python 12 | 13 | -------------------------------------------------------------------------------- /ArticleManage/Functions/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/ArticleManage/Functions/__init__.py -------------------------------------------------------------------------------- /ArticleManage/Functions/uploadimgs.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月22日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.conf import settings 8 | import os 9 | import uuid 10 | import datetime as dt 11 | 12 | #目录创建 13 | def upload_generation_dir(dir_name): 14 | today = dt.datetime.today() 15 | dir_name = dir_name + '/%d/%d/' %(today.year,today.month) 16 | if not os.path.exists(settings.MEDIA_ROOT + '/' +dir_name): 17 | os.makedirs(settings.MEDIA_ROOT + dir_name) 18 | return dir_name 19 | 20 | 21 | # 图片上传 22 | def image_upload(files, dir_name): 23 | #允许上传文件类型 24 | allow_suffix =['jpg', 'png', 'jpeg', 'gif', 'bmp'] 25 | file_suffix = files.name.split(".")[-1] 26 | if file_suffix not in allow_suffix: 27 | return {"error": 1, "message": "图片格式不正确"} 28 | relative_path_file = upload_generation_dir(dir_name) 29 | path=os.path.join(settings.MEDIA_ROOT, relative_path_file) 30 | if not os.path.exists(path): #如果目录不存在创建目录 31 | os.makedirs(path) 32 | file_name=str(uuid.uuid1())+"."+file_suffix 33 | path_file=os.path.join(path, file_name) 34 | file_url = settings.MEDIA_URL + relative_path_file + file_name 35 | open(path_file, 'wb').write(files.file.read()) # 保存图片 36 | return file_url -------------------------------------------------------------------------------- /ArticleManage/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/ArticleManage/__init__.py -------------------------------------------------------------------------------- /ArticleManage/admin.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.contrib import admin 3 | from . import models 4 | 5 | # Register your models here. 6 | # Register your models here. 7 | class ArticleTypeAdmin(admin.ModelAdmin): 8 | list_display = ('article_type_name','article_type_body') 9 | 10 | class ArticleAdmin(admin.ModelAdmin): 11 | list_display = ('article_name','article_updatetime') 12 | 13 | admin.site.register(models.ArticleType,ArticleTypeAdmin) 14 | admin.site.register(models.Article,ArticleAdmin) -------------------------------------------------------------------------------- /ArticleManage/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class ArticlemanageConfig(AppConfig): 5 | name = 'ArticleManage' 6 | -------------------------------------------------------------------------------- /ArticleManage/forms.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月22日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | 9 | 10 | from django.forms import ModelForm 11 | from . import models 12 | from django.forms import widgets 13 | 14 | class Article_edit_form(ModelForm): 15 | class Meta: 16 | model = models.Article 17 | fields = ['article_name','article_type','article_body','file'] 18 | widgets = { 19 | 'article_name':widgets.TextInput(attrs={'class':'form-control','placeholder':'文章名称'}), 20 | 'article_type':widgets.Select(attrs={'class':'form-control'}), 21 | 'article_body':widgets.Textarea(attrs={'class':'form-control','placeholder':'知识库内容'}), 22 | 'file':widgets.FileInput(), 23 | } 24 | 25 | class Article_comment_edit_form(ModelForm): 26 | class Meta: 27 | model = models.ArticleComments 28 | fields = ['article_comment_body'] 29 | widgets = { 30 | 'article_comment_body':widgets.TextInput(attrs={'class':'form-control'}), 31 | } -------------------------------------------------------------------------------- /ArticleManage/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/ArticleManage/migrations/__init__.py -------------------------------------------------------------------------------- /ArticleManage/models.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.db import models 3 | from django.contrib.auth.models import User 4 | 5 | # Create your models here. 6 | 7 | ARTICLE_STATUS=( 8 | ('0','新建'), 9 | ('1','发布'), 10 | ('2','撤回'), 11 | ('3','审核'), 12 | ) 13 | 14 | 15 | 16 | class ArticleType(models.Model): 17 | article_type_name = models.CharField('文章分类',max_length = 30) 18 | article_type_body = models.TextField('分类简介') 19 | parent = models.ForeignKey('self',verbose_name=u'父菜单',related_name='articletype_type',null=True,blank=True,on_delete=models.CASCADE) 20 | 21 | def __str__(self): 22 | #显示层级菜单 23 | title_list = [self.article_type_name] 24 | p = self.parent 25 | while p: 26 | title_list.insert(0,p.article_type_name) 27 | p = p.parent 28 | return '-'.join(title_list) 29 | 30 | 31 | class Article(models.Model): 32 | article_id = models.CharField('文章ID',max_length = 30) 33 | article_name = models.CharField('文章标题',max_length = 50,unique=True) 34 | article_order = models.IntegerField('文章推广',default=0) 35 | file = models.FileField('附件',upload_to ='article/',null=True,blank=True) 36 | article_body = models.TextField('文章内容') 37 | article_status = models.TextField('文章状态',choices=ARTICLE_STATUS,default='0') 38 | article_starttime = models.DateTimeField('添加时间',auto_now_add=True) 39 | article_updatetime = models.DateTimeField('更新时间',auto_now=True) 40 | 41 | article_type = models.ForeignKey(ArticleType,related_name='articletype_for_article',on_delete=models.CASCADE,null=True,verbose_name='文章分类',limit_choices_to={'parent__isnull':False}) 42 | article_user = models.ForeignKey(User,related_name='article_for_user',on_delete=models.CASCADE,null=True) 43 | 44 | def __str__(self): 45 | return self.article_id 46 | 47 | class ArticleComments(models.Model): 48 | article_comment_id = models.CharField('评论ID',max_length = 30) 49 | article_comment_body = models.TextField('评论内容') 50 | article_comment_status = models.TextField('评论状态',choices=ARTICLE_STATUS) 51 | article_comment_starttime = models.DateTimeField('添加时间',auto_now_add=True) 52 | 53 | article_comment_article = models.ForeignKey(User,related_name='articlecomment_for_article',on_delete=models.CASCADE,verbose_name='文章关联') 54 | article_comment_user = models.ForeignKey(User,related_name='articlecomment_for_user',on_delete=models.CASCADE) 55 | 56 | def __str__(self): 57 | return self.article_comment_id 58 | -------------------------------------------------------------------------------- /ArticleManage/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /ArticleManage/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月22日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.urls import path 8 | 9 | from . import views 10 | 11 | 12 | urlpatterns = [ 13 | path('user/', views.vulnview, name='articleview'), 14 | path('user/list/', views.articleablelist, name='articlelist'), 15 | path('user/details//', views.articledetails, name='articledetails'), 16 | 17 | path('manage/create/', views.articlecreate, name='articlecreate'), 18 | path('manage/update//', views.articleupdate, name='articleupdate'), 19 | path('manage/delete//', views.articledelete, name='articledelete'), 20 | path('manage/revoke//', views.articlerevoke, name='articlerevoke'), 21 | path('manage/public//', views.articlepublic, name='articlepublic'), 22 | 23 | path('manage/imgupload/', views.upload_image, name='imgupload'), 24 | ] 25 | -------------------------------------------------------------------------------- /AssetManage/Functions/select.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月15日 4 | 5 | @author: yuguanc 6 | ''' 7 | from .. import models 8 | 9 | 10 | -------------------------------------------------------------------------------- /AssetManage/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/AssetManage/__init__.py -------------------------------------------------------------------------------- /AssetManage/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | from . import models 3 | # Register your models here. 4 | 5 | admin.site.register(models.AssetType) 6 | admin.site.register(models.AssetTypeInfo) 7 | admin.site.register(models.Asset) -------------------------------------------------------------------------------- /AssetManage/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class AssetmanageConfig(AppConfig): 5 | name = 'AssetManage' 6 | -------------------------------------------------------------------------------- /AssetManage/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/AssetManage/migrations/__init__.py -------------------------------------------------------------------------------- /AssetManage/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /AssetManage/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月15日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from django.urls import path 9 | from .views import views,assetdetails,port,plugin,file,assetconnect,assetinfo,taskview,handover,csv 10 | 11 | urlpatterns = [ 12 | path('user/',views.assetview,name='assetview'), 13 | path('user/list/',views.assettablelist,name='assetlist'), 14 | path('user/create/',views.asset_create,name='assetcreate'), 15 | path('user/request/',views.asset_request,name='assetrequest'), 16 | path('user/delete/',views.assetdelete,name='assetdelete'), 17 | path('user/update//',views.assetupdate,name='assetupdate'), 18 | path('user/details//',assetdetails.assetdetailsview,name='assetdetails'), 19 | 20 | 21 | path('user/csv/os/',csv.create_csv_os,name='createoscsv'), 22 | path('user/csv/web/',csv.create_csv_web,name='createwebcsv'), 23 | path('user/csv/vuln/',csv.create_csv_vuln,name='createvulncsv'), 24 | path('user/csv/upload/',csv.file_update,name='createuploadcsv'), 25 | 26 | 27 | path('user/handover/',handover.asset_handover,name='assethandover'), 28 | 29 | path('handover/',handover.handoverview,name='assethandoverview'), 30 | path('handover/list/',handover.asset_handover_list,name='assethandoverlist'), 31 | path('handover/action/',handover.asset_handover_action,name='assethandoveraction'), 32 | 33 | 34 | 35 | path('user/task/',taskview.task_action,name='assettaskaction'), 36 | 37 | path('user/update/osinfo//',assetinfo.osinfpupdate,name='assetosinfoupdate'), 38 | path('user/update/internetinfo//',assetinfo.internetinfpupdate,name='assetinternetinfoupdate'), 39 | 40 | 41 | path('user/port//',assetdetails.asset_ports,name='porttable'), 42 | path('user/create/port//',port.portcreate,name='portcreate'), 43 | path('user/update/port//',port.portupdate,name='portupdate'), 44 | path('user/delete/port//',port.portdelete,name='portdelete'), 45 | 46 | path('user/vuln//',assetdetails.asset_vuln,name='vulntable'), 47 | 48 | 49 | path('user/plugin//',assetdetails.asset_plugin,name='plugintable'), 50 | path('user/create/plugin//',plugin.plugincreate,name='plugincreate'), 51 | path('user/update/plugin//',plugin.pluginupdate,name='pluginupdate'), 52 | path('user/delete/plugin//',plugin.plugindelete,name='plugindelete'), 53 | 54 | path('user/file//',assetdetails.asset_file,name='filetable'), 55 | path('user/create/file//',file.filecreate,name='filecreate'), 56 | path('user/update/file//',file.fileupdate,name='fileupdate'), 57 | path('user/delete/file//',file.filedelete,name='filedelete'), 58 | 59 | 60 | path('user/assetconnect//',assetdetails.asset_asset,name='assetconnecttable'), 61 | path('user/create/assetconnect//',assetconnect.assetconnectcreate,name='assetconnectcreate'), 62 | path('user/delete/assetconnect///',assetconnect.assetconnectdelete,name='assetconnectdelete'), 63 | 64 | path('request/',views.assetrequestview,name='assetmanagerequest'), 65 | path('request/list/',views.assetreqeustlist,name='assetrequestlist'), 66 | path('request/action/',views.assetrequestaction,name='assetrequestaction'), 67 | path('request/listaction/',views.asset_request_list_action,name='assetrequestlistaction'), 68 | 69 | 70 | path('manage/',taskview.assetuser_action,name='assetuseraction'), 71 | path('manage//',taskview.assetuser,name='assetuserdo'), 72 | 73 | ] -------------------------------------------------------------------------------- /AssetManage/views/assetconnect.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月18日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.shortcuts import render,get_object_or_404 8 | from django.contrib.auth.decorators import login_required 9 | from django.views.decorators.csrf import csrf_protect 10 | from .. import models,forms 11 | from django.http import JsonResponse 12 | 13 | @login_required 14 | @csrf_protect 15 | def assetconnectcreate(request,asset_id): 16 | user = request.user 17 | error ='' 18 | if request.method == 'POST': 19 | form = forms.Asset_connect_form(request.POST) 20 | if form.is_valid(): 21 | asset_key = form.cleaned_data['asset_key'] 22 | if user.is_superuser: 23 | asset = get_object_or_404(models.Asset,asset_id=asset_id) 24 | asset_get = get_object_or_404(models.Asset,asset_key=asset_key) 25 | else: 26 | asset = get_object_or_404(models.Asset,asset_user = user,asset_id=asset_id) 27 | asset_get = get_object_or_404(models.Asset,asset_user = user,asset_key=asset_key) 28 | asset.asset_connect.add(asset_get) 29 | asset.save() 30 | error='关联成功' 31 | else: 32 | error = '请检查输入' 33 | else: 34 | form = forms.Asset_connect_form() 35 | return render(request,'formupdate.html',{'form':form,'post_url':'assetconnectcreate','argu':asset_id,'error':error}) 36 | 37 | 38 | @login_required 39 | def assetconnectdelete(request,asset_id,assetconnect_id): 40 | user = request.user 41 | error ='' 42 | if user.is_superuser: 43 | asset = get_object_or_404(models.Asset,asset_id=asset_id) 44 | asset_get = get_object_or_404(models.Asset,asset_id=assetconnect_id) 45 | else: 46 | asset = get_object_or_404(models.Asset,asset_user = user,asset_id=asset_id) 47 | asset_get = get_object_or_404(models.Asset,asset_user = user,asset_id=assetconnect_id) 48 | if asset_get: 49 | asset.asset_connect.remove(asset_get) 50 | asset.save() 51 | error = '删除成功' 52 | else: 53 | error = '非法参数' 54 | return JsonResponse({'error':error}) 55 | 56 | -------------------------------------------------------------------------------- /AssetManage/views/assetinfo.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | 3 | ''' 4 | Created on 2018年5月18日 5 | 6 | @author: yuguanc 7 | ''' 8 | from django.shortcuts import render,get_object_or_404 9 | from django.contrib.auth.decorators import login_required 10 | from django.views.decorators.csrf import csrf_protect 11 | from .. import models,forms 12 | 13 | @login_required 14 | @csrf_protect 15 | def osinfpupdate(request,os_id): 16 | user = request.user 17 | error ='' 18 | if user.is_superuser: 19 | osinfo = get_object_or_404(models.OS_Info,id=os_id) 20 | else: 21 | osinfo = get_object_or_404(models.OS_Info,asset__asset_user = user,id=os_id) 22 | if request.method == 'POST': 23 | form = forms.OS_Info_form(request.POST,instance =osinfo) 24 | if form.is_valid(): 25 | form.save() 26 | error='信息已更新' 27 | else: 28 | error = '请检查输入' 29 | else: 30 | form = forms.OS_Info_form(instance =osinfo) 31 | return render(request,'formupdate.html',{'form':form,'post_url':'assetosinfoupdate','argu':os_id,'error':error}) 32 | 33 | 34 | @login_required 35 | @csrf_protect 36 | def internetinfpupdate(request,internet_id): 37 | user = request.user 38 | error ='' 39 | if user.is_superuser: 40 | internetinfo = get_object_or_404(models.Internet_Info,id=internet_id) 41 | else: 42 | internetinfo = get_object_or_404(models.Internet_Info,asset__asset_user = user,id=internet_id) 43 | if request.method == 'POST': 44 | form = forms.Internet_Info_form(request.POST,instance =internetinfo) 45 | if form.is_valid(): 46 | form.save() 47 | error='信息已更新' 48 | else: 49 | error = '请检查输入' 50 | else: 51 | form = forms.Internet_Info_form(instance =internetinfo) 52 | return render(request,'formupdate.html',{'form':form,'post_url':'assetinternetinfoupdate','argu':internet_id,'error':error}) -------------------------------------------------------------------------------- /AssetManage/views/file.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月18日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.shortcuts import render,get_object_or_404 8 | from django.contrib.auth.decorators import login_required 9 | from django.views.decorators.csrf import csrf_protect 10 | from .. import models,forms 11 | from django.http import JsonResponse 12 | import uuid 13 | 14 | @login_required 15 | @csrf_protect 16 | def filecreate(request,asset_id): 17 | user = request.user 18 | error ='' 19 | if user.is_superuser: 20 | asset = get_object_or_404(models.Asset,asset_id=asset_id) 21 | else: 22 | asset = get_object_or_404(models.Asset,asset_user = user,asset_id=asset_id) 23 | if request.method == 'POST': 24 | form = forms.File_info(request.POST,request.FILES) 25 | if form.is_valid(): 26 | name = form.cleaned_data['name'] 27 | file = form.cleaned_data['file'] 28 | file_info = form.cleaned_data['file_info'] 29 | file_suffix=file.name.split(".")[-1] 30 | file_name=str(uuid.uuid1())+"."+file_suffix 31 | file.name = file_name 32 | models.File.objects.get_or_create( 33 | name=name, 34 | file=file, 35 | file_info=file_info, 36 | asset=asset, 37 | ) 38 | error='添加成功' 39 | else: 40 | error = '请检查输入' 41 | else: 42 | form = forms.File_info() 43 | return render(request,'formupdate.html',{'form':form,'post_url':'filecreate','argu':asset_id,'error':error}) 44 | 45 | 46 | @login_required 47 | @csrf_protect 48 | def fileupdate(request,file_id): 49 | user = request.user 50 | error ='' 51 | if user.is_superuser: 52 | file = get_object_or_404(models.File,id=file_id) 53 | else: 54 | file = get_object_or_404(models.File,asset__asset_user = user,id=file_id) 55 | if request.method == 'POST': 56 | form = forms.File_info(request.POST,request.FILES,instance =file) 57 | if form.is_valid(): 58 | form.save() 59 | error='此案次已更新' 60 | else: 61 | error = '请检查输入' 62 | else: 63 | form = forms.File_info(instance =file) 64 | return render(request,'formupdate.html',{'form':form,'post_url':'fileupdate','argu':file_id,'error':error}) 65 | 66 | 67 | 68 | @login_required 69 | def filedelete(request,file_id): 70 | user = request.user 71 | error ='' 72 | if user.is_superuser: 73 | file = get_object_or_404(models.File,id=file_id) 74 | else: 75 | file = get_object_or_404(models.File,asset__asset_user = user,id=file_id) 76 | if file: 77 | file.delete() 78 | error = '删除成功' 79 | else: 80 | error = '非法参数' 81 | return JsonResponse({'error':error}) 82 | 83 | -------------------------------------------------------------------------------- /AssetManage/views/plugin.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月18日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.shortcuts import render,get_object_or_404 8 | from django.contrib.auth.decorators import login_required 9 | from django.views.decorators.csrf import csrf_protect 10 | from .. import models,forms 11 | from django.http import JsonResponse 12 | 13 | @login_required 14 | @csrf_protect 15 | def plugincreate(request,asset_id): 16 | user = request.user 17 | error ='' 18 | if user.is_superuser: 19 | asset = get_object_or_404(models.Asset,asset_id=asset_id) 20 | else: 21 | asset = get_object_or_404(models.Asset,asset_user = user,asset_id=asset_id) 22 | if request.method == 'POST': 23 | form = forms.Asset_plugin_info(request.POST) 24 | if form.is_valid(): 25 | name = form.cleaned_data['name'] 26 | version = form.cleaned_data['version'] 27 | plugin_info = form.cleaned_data['plugin_info'] 28 | models.Plugin_Info.objects.get_or_create( 29 | name=name, 30 | version=version, 31 | plugin_info=plugin_info, 32 | asset=asset 33 | ) 34 | error='添加成功' 35 | else: 36 | error = '请检查输入' 37 | else: 38 | form = forms.Asset_plugin_info() 39 | return render(request,'formupdate.html',{'form':form,'post_url':'plugincreate','argu':asset_id,'error':error}) 40 | 41 | 42 | @login_required 43 | @csrf_protect 44 | def pluginupdate(request,plugin_id): 45 | user = request.user 46 | error ='' 47 | if user.is_superuser: 48 | plugin = get_object_or_404(models.Plugin_Info,id=plugin_id) 49 | else: 50 | plugin = get_object_or_404(models.Plugin_Info,asset__asset_user = user,id=plugin_id) 51 | if request.method == 'POST': 52 | form = forms.Asset_plugin_info(request.POST,instance =plugin) 53 | if form.is_valid(): 54 | form.save() 55 | error='添加成功' 56 | else: 57 | error = '请检查输入' 58 | else: 59 | form = forms.Asset_plugin_info(instance =plugin) 60 | return render(request,'formupdate.html',{'form':form,'post_url':'pluginupdate','argu':plugin_id,'error':error}) 61 | 62 | 63 | @login_required 64 | def plugindelete(request,plugin_id): 65 | user = request.user 66 | error ='' 67 | if user.is_superuser: 68 | plugin = get_object_or_404(models.Plugin_Info,id=plugin_id) 69 | else: 70 | plugin = get_object_or_404(models.Plugin_Info,asset__asset_user = user,id=plugin_id) 71 | if plugin: 72 | plugin.delete() 73 | error = '删除成功' 74 | else: 75 | error = '非法参数' 76 | return JsonResponse({'error':error}) 77 | 78 | -------------------------------------------------------------------------------- /AssetManage/views/port.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月18日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.shortcuts import render,get_object_or_404 8 | from django.contrib.auth.decorators import login_required 9 | from django.views.decorators.csrf import csrf_protect 10 | from .. import models,forms 11 | from django.http import JsonResponse 12 | 13 | @login_required 14 | @csrf_protect 15 | def portcreate(request,asset_id): 16 | user = request.user 17 | error ='' 18 | if user.is_superuser: 19 | asset = get_object_or_404(models.Asset,asset_id=asset_id) 20 | else: 21 | asset = get_object_or_404(models.Asset,asset_user = user,asset_id=asset_id) 22 | if request.method == 'POST': 23 | form = forms.Asset_port_info(request.POST) 24 | if form.is_valid(): 25 | port = form.cleaned_data['port'] 26 | name = form.cleaned_data['name'] 27 | product = form.cleaned_data['product'] 28 | version = form.cleaned_data['version'] 29 | port_info = form.cleaned_data['port_info'] 30 | models.Port_Info.objects.get_or_create( 31 | port=port, 32 | name=name, 33 | product=product, 34 | version=version, 35 | port_info=port_info, 36 | asset=asset 37 | ) 38 | error='添加成功' 39 | else: 40 | error = '请检查输入' 41 | else: 42 | form = forms.Asset_port_info() 43 | return render(request,'formupdate.html',{'form':form,'post_url':'portcreate','argu':asset_id,'error':error}) 44 | 45 | 46 | @login_required 47 | @csrf_protect 48 | def portupdate(request,port_id): 49 | user = request.user 50 | error ='' 51 | if user.is_superuser: 52 | port = get_object_or_404(models.Port_Info,id=port_id) 53 | else: 54 | port = get_object_or_404(models.Port_Info,asset__asset_user = user,id=port_id) 55 | if request.method == 'POST': 56 | form = forms.Asset_port_info(request.POST,instance =port) 57 | if form.is_valid(): 58 | form.save() 59 | error='端口信息已更新' 60 | else: 61 | error = '请检查输入' 62 | else: 63 | form = forms.Asset_port_info(instance =port) 64 | return render(request,'formupdate.html',{'form':form,'post_url':'portupdate','argu':port_id,'error':error}) 65 | 66 | 67 | @login_required 68 | def portdelete(request,port_id): 69 | user = request.user 70 | error ='' 71 | if user.is_superuser: 72 | port = get_object_or_404(models.Port_Info,id=port_id) 73 | else: 74 | port = get_object_or_404(models.Port_Info,asset__asset_user = user,id=port_id) 75 | if port: 76 | port.delete() 77 | error = '删除成功' 78 | else: 79 | error = '非法参数' 80 | return JsonResponse({'error':error}) 81 | 82 | -------------------------------------------------------------------------------- /AssetManage/views/scan.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年6月20日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | -------------------------------------------------------------------------------- /AssetManage/views/taskview.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月24日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.shortcuts import render,get_object_or_404,HttpResponseRedirect 8 | from django.contrib.auth.decorators import login_required 9 | from django.views.decorators.csrf import csrf_protect 10 | from .. import tasks,models,forms 11 | import json 12 | from django.contrib.auth.models import User 13 | from django.http import JsonResponse 14 | 15 | 16 | 17 | 18 | @login_required 19 | @csrf_protect 20 | def task_action(request): 21 | user = request.user 22 | error = '' 23 | asset_id_list = request.POST.get('asset_id_list') 24 | asset_id_list = json.loads(asset_id_list) 25 | if len(asset_id_list) == 0: 26 | error = '未选择符合要求资产' 27 | else: 28 | action = request.POST.get('action') 29 | if action == 'port': 30 | tasks.asset_port.delay(user.id,asset_id_list) 31 | error = '任务已提交' 32 | elif action == 'segment': 33 | tasks.asset_descover.delay(user.id,asset_id_list) 34 | error = '任务已提交' 35 | else: 36 | error = '参数错误' 37 | return JsonResponse({'error':error}) 38 | 39 | 40 | @login_required 41 | @csrf_protect 42 | def assetuser_action(request): 43 | user = request.user 44 | asset_id_list = request.POST.get('asset_id_list') 45 | asset_user = models.AssetUser.objects.get_or_create( 46 | asset_list=asset_id_list, 47 | action_user=user, 48 | ) 49 | assetuser_id = asset_user[0].id 50 | return JsonResponse({'assetuser_id':assetuser_id}) 51 | 52 | @login_required 53 | @csrf_protect 54 | def assetuser(request,assetuser_id): 55 | user = request.user 56 | error = '' 57 | assetuser = get_object_or_404(models.AssetUser,id =assetuser_id,action_user=user ) 58 | if request.method=='POST': 59 | form = forms.AssetUserForm(request.POST,instance=assetuser) 60 | if form.is_valid(): 61 | dst_user_email = form.cleaned_data['dst_user_email'] 62 | user = User.objects.filter(email = dst_user_email).first() 63 | if user: 64 | asset_id_list = form.cleaned_data['asset_list'] 65 | asset_id_list = json.loads(asset_id_list) 66 | form.save() 67 | tasks.asset_user_save.delay(dst_user_email, asset_id_list) 68 | error='操作成功' 69 | else: 70 | error ='对方账号不存在' 71 | else: 72 | errro = '请检查输入' 73 | else: 74 | form = forms.AssetUserForm(instance=assetuser) 75 | return render(request,'formupdate.html',{'form':form,'post_url':'assetuserdo','argu':assetuser_id,'error':error}) 76 | 77 | -------------------------------------------------------------------------------- /ChartManage/Functions/publicfunction.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018/2/7 4 | 5 | @author: gy071089 6 | ''' 7 | 8 | from django.utils import timezone 9 | from datetime import timedelta 10 | 11 | def datelist(argv=30): 12 | result = [] 13 | curr_date = timezone.now() 14 | start_date = curr_date - timedelta(days=argv) 15 | while curr_date != start_date: 16 | result.append("%04d-%02d-%02d" % (start_date.year, start_date.month, start_date.day)) 17 | start_date = start_date + timedelta(days=1) 18 | result.append("%04d-%02d-%02d" % (start_date.year, start_date.month, start_date.day)) 19 | return result 20 | -------------------------------------------------------------------------------- /ChartManage/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/ChartManage/__init__.py -------------------------------------------------------------------------------- /ChartManage/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /ChartManage/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class ChartmanageConfig(AppConfig): 5 | name = 'ChartManage' 6 | -------------------------------------------------------------------------------- /ChartManage/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/ChartManage/migrations/__init__.py -------------------------------------------------------------------------------- /ChartManage/models.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.db import models 3 | 4 | # Create your models here. 5 | -------------------------------------------------------------------------------- /ChartManage/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /ChartManage/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月14日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.urls import path 8 | from . import views 9 | 10 | urlpatterns = [ 11 | path('',views.chartview,name='chartview'), 12 | 13 | path('assettype/',views.getassettype,name='chartassettype'), 14 | path('vulnleave/',views.getvulnleave,name='chartvulnleave'), 15 | path('vulnstatus/',views.getvulnstatus,name='chartvulnstatus'), 16 | path('vulnname/',views.getvulnname,name='chartvulnname'), 17 | 18 | path('getdatemonth/',views.getdatemonth,name='chartgetdatemonth'), 19 | 20 | ] -------------------------------------------------------------------------------- /MappedManage/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/MappedManage/__init__.py -------------------------------------------------------------------------------- /MappedManage/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /MappedManage/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class MappedmanageConfig(AppConfig): 5 | name = 'MappedManage' 6 | -------------------------------------------------------------------------------- /MappedManage/forms.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月23日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from django.forms import ModelForm 9 | from . import models 10 | from django.forms import widgets 11 | from django import forms 12 | 13 | class Mapped_update_form(ModelForm): 14 | class Meta: 15 | model = models.Mapped 16 | fields = ['mapped_status','Domain','start_time','end_time','request_email','action_email', 17 | 'request_order','request_user','request_user_num','request_user_department','telephone','Mapped_description'] 18 | widgets = { 19 | 'Domain':widgets.TextInput(attrs={'class':'form-control','placeholder':'域名'}), 20 | 'start_time':widgets.DateInput(attrs={'class':'layui-input date','placeholder':'yyyy-MM-dd','autocomplete':'off','lay-verify':'date'}), 21 | 'end_time':widgets.DateInput(attrs={'class':'layui-input date','placeholder':'yyyy-MM-dd','autocomplete':'off','lay-verify':'date'}), 22 | 'mapped_status':widgets.NullBooleanSelect(attrs={'class':'form-control','placeholder':'是否使用'}), 23 | 'request_email':widgets.TextInput(attrs={'class':'form-control','placeholder':'申请人邮箱'}), 24 | 'action_email':widgets.TextInput(attrs={'class':'form-control','placeholder':'操作人邮箱'}), 25 | 'request_order':widgets.TextInput(attrs={'class':'form-control','placeholder':'申请单号,可为空'}), 26 | 'request_user':widgets.TextInput(attrs={'class':'form-control','placeholder':'申请人员,可为空'}), 27 | 'request_user_num':widgets.TextInput(attrs={'class':'form-control','placeholder':'员工编号,可为空'}), 28 | 'request_user_department':widgets.TextInput(attrs={'class':'form-control','placeholder':'申请人部门,可为空'}), 29 | 'telephone':widgets.TextInput(attrs={'class':'form-control','placeholder':'申请人电话,可为空'}), 30 | 'Mapped_description':widgets.Textarea(attrs={'class':'form-control','placeholder':'备注信息,可为空'}), 31 | } 32 | 33 | 34 | 35 | class Mapped_edit_form(forms.Form): 36 | LANip = forms.CharField(label='内网IP',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'内网IP'})) 37 | LANPort = forms.CharField(label='内网端口',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'内网端口'})) 38 | WANip = forms.CharField(label='外网IP',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'外网IP'})) 39 | WANPort = forms.CharField(label='外网端口',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'外网端口'})) 40 | Domain = forms.CharField(required=False,label='域名',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'域名'})) 41 | start_time = forms.CharField(label='开启时间',max_length=75,widget=forms.DateInput(attrs={'class':'layui-input date','placeholder':'yyyy-MM-dd','autocomplete':'off','lay-verify':'date'})) 42 | end_time = forms.CharField(label='关闭时间',max_length=75,widget=forms.DateInput(attrs={'class':'layui-input date','placeholder':'yyyy-MM-dd','autocomplete':'off','lay-verify':'date'})) 43 | request_email = forms.CharField(label='申请人邮箱',max_length=75,widget=forms.EmailInput(attrs={'class':'layui-input','placeholder':'申请人邮箱'})) 44 | action_email = forms.CharField(label='操作人邮箱',max_length=75,widget=forms.EmailInput(attrs={'class':'layui-input','placeholder':'操作人邮箱'})) 45 | request_order = forms.CharField(required=False,label='申请单号',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'申请单号,可为空'})) 46 | request_user = forms.CharField(required=False,label='申请人',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'申请人员,可为空'})) 47 | request_user_num = forms.CharField(required=False,label='员工编号',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'员工编号,可为空'})) 48 | request_user_department = forms.CharField(required=False,label='申请部门',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'申请人部门,可为空'})) 49 | telephone = forms.CharField(required=False,label='联系电话',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'申请人电话,可为空'})) 50 | Mapped_description = forms.CharField(required=False,label='映射简介',max_length=500,widget=forms.Textarea(attrs={'class':'layui-input','placeholder':'备注信息,可为空'})) 51 | -------------------------------------------------------------------------------- /MappedManage/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/MappedManage/migrations/__init__.py -------------------------------------------------------------------------------- /MappedManage/models.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.db import models 3 | from AssetManage.models import Asset,Port_Info 4 | from django.contrib.auth.models import User 5 | # Create your models here. 6 | 7 | 8 | 9 | 10 | 11 | class Mapped(models.Model): 12 | LANip = models.ForeignKey(Asset,related_name='LANip_for_mapped',on_delete=models.CASCADE,verbose_name='内网IP') 13 | LANPort = models.ForeignKey(Port_Info,related_name='LANport_for_mapped',on_delete=models.CASCADE,verbose_name='内网端口') 14 | 15 | WANip = models.ForeignKey(Asset,related_name='WANip_for_mapped',on_delete=models.CASCADE,verbose_name='外网IP') 16 | WANPort = models.ForeignKey(Port_Info,related_name='WANport_for_mapped',on_delete=models.CASCADE,verbose_name='外网端口') 17 | 18 | Domain = models.CharField('域名',max_length=50,blank=True,null=True) 19 | 20 | mapped_status = models.BooleanField('是否启用',default=True) 21 | start_time = models.DateField("开启时间",null=True) 22 | end_time = models.DateField("关闭时间",null=True) 23 | 24 | request_email = models.EmailField('申请人邮箱',null=True,blank=True) 25 | action_email = models.EmailField('操作人邮箱',null=True,blank=True) 26 | Mapped_description = models.TextField('映射备注',null=True,blank=True) 27 | 28 | request_order = models.CharField('申请单号',max_length=50,null=True,blank=True) 29 | request_user = models.CharField('申请人',max_length=50,null=True,blank=True) 30 | request_user_num = models.CharField('员工编号',max_length=50,null=True,blank=True) 31 | request_user_department = models.CharField('申请部门',max_length=50,null=True,blank=True) 32 | telephone = models.CharField('联系电话',max_length=50,null=True,blank=True) 33 | 34 | mapped_updatetime = models.DateTimeField('更新时间',auto_now=True) 35 | 36 | Mapped_user = models.ManyToManyField(User,related_name='mapped_to_user',blank=True) 37 | 38 | def __str__(self): 39 | return self.asset_key -------------------------------------------------------------------------------- /MappedManage/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /MappedManage/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月23日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | 9 | from django.urls import path 10 | from . import views 11 | 12 | urlpatterns = [ 13 | path('',views.Mappedview,name='mappedview'), 14 | path('list/',views.MappedTableList,name='mappedlist'), 15 | path('create/',views.MappedCreate,name='mappedcreate'), 16 | path('update//',views.Mappedupdate,name='mappedupdate'), 17 | path('details//',views.Mappeddetails,name='mappeddetails'), 18 | ] -------------------------------------------------------------------------------- /NoticeManage/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/NoticeManage/__init__.py -------------------------------------------------------------------------------- /NoticeManage/admin.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.contrib import admin 3 | from . import models 4 | # Register your models here. 5 | admin.site.register(models.Notice) -------------------------------------------------------------------------------- /NoticeManage/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class NoticemanageConfig(AppConfig): 5 | name = 'NoticeManage' 6 | -------------------------------------------------------------------------------- /NoticeManage/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/NoticeManage/migrations/__init__.py -------------------------------------------------------------------------------- /NoticeManage/models.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | 3 | # Create your models here. 4 | from django.db import models 5 | from django.contrib.auth.models import User 6 | import django.utils.timezone as timezone 7 | 8 | # Create your models here. 9 | 10 | NOTICE_TYPE = ( 11 | ('notice','安全通告'), 12 | ('inform','任务通知'), 13 | ) 14 | 15 | class Notice(models.Model): 16 | notice_title = models.CharField('通知标题',max_length = 30) 17 | notice_body = models.TextField('通知内容') 18 | notice_status = models.BooleanField('阅读状态',default = False) 19 | notice_url = models.CharField('父链接',max_length = 50,null=True) 20 | notice_type = models.CharField('通知类型',max_length = 30,choices=NOTICE_TYPE) 21 | notice_time = models.DateTimeField('通知时间',default = timezone.now) 22 | 23 | notice_user = models.ForeignKey(User,related_name='notice_for_user',verbose_name=u'所属用户',on_delete=models.CASCADE) 24 | 25 | def __str__(self): 26 | return self.notice_title -------------------------------------------------------------------------------- /NoticeManage/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /NoticeManage/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月14日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.urls import path 8 | from . import views 9 | 10 | urlpatterns = [ 11 | path('',views.notice_view,name='noticeview'), 12 | path('list/',views.notice_table_list,name='noticelist'), 13 | path('action/',views.notice_action,name='noticeaction'), 14 | path('readall/',views.notice_readall,name='noticereadall'), 15 | path('count/',views.notice_count,name='noticecount'), 16 | path('read//',views.notice_read,name='noticeread'), 17 | ] -------------------------------------------------------------------------------- /RBAC/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/RBAC/__init__.py -------------------------------------------------------------------------------- /RBAC/admin.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | 3 | from django.contrib import admin 4 | from . import models 5 | # Register your models here. 6 | 7 | admin.site.register(models.Menu) 8 | admin.site.register(models.Permission) 9 | admin.site.register(models.Role) 10 | admin.site.register(models.Area) 11 | admin.site.register(models.Profile) 12 | admin.site.register(models.UserRequest) -------------------------------------------------------------------------------- /RBAC/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class RbacConfig(AppConfig): 5 | name = 'RBAC' 6 | -------------------------------------------------------------------------------- /RBAC/forms.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月10日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from django import forms 9 | from . import models 10 | from django.forms import ModelForm 11 | from django.forms import widgets 12 | 13 | 14 | 15 | class UserRequestForm(ModelForm): 16 | class Meta: 17 | model = models.UserRequest 18 | fields = ['email','area','request_type'] 19 | widgets = { 20 | 'email':widgets.TextInput(attrs={'class':'layui-input','placeholder':'邮箱地址'}), 21 | 'area':widgets.Select(attrs={'class':'layui-input','placeholder':'所属区域'}), 22 | 'request_type':widgets.Select(attrs={'class':'layui-input','placeholder':'账号类型'}), 23 | } 24 | 25 | class ResetpsdRequestForm(forms.Form): 26 | email = forms.CharField(label='邮箱',max_length=25,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'邮箱地址'})) 27 | 28 | 29 | class ResetpsdForm(forms.Form): 30 | email = forms.CharField(label='邮箱',max_length=25,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'邮箱地址'})) 31 | password = forms.CharField(label='新密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'新密码'})) 32 | repassword = forms.CharField(label='新密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'新密码'})) 33 | 34 | class SigninForm(forms.Form): 35 | username = forms.CharField(label='账号',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'用户名/邮箱前缀'})) 36 | password = forms.CharField(label='密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'密码'})) 37 | 38 | 39 | class Account_Reset_Form(forms.Form): 40 | firstname = forms.CharField(label='姓',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'姓'})) 41 | lastname = forms.CharField(label='名',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'名'})) 42 | email = forms.CharField(label='邮箱',max_length=75,widget=forms.TextInput(attrs={'class':'layui-input','placeholder':'邮箱'})) 43 | password = forms.CharField(label='密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'密码'})) 44 | repassword = forms.CharField(label='重复密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'重复密码'})) 45 | 46 | 47 | class ChangPasswdForm(forms.Form): 48 | old_password = forms.CharField(label='原密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'原密码'})) 49 | new_password = forms.CharField(label='新密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'新密码'})) 50 | re_new_password = forms.CharField(label='新密码',max_length=25,widget=forms.PasswordInput(attrs={'class':'layui-input','placeholder':'新密码'})) 51 | 52 | class UserInfoForm(ModelForm): 53 | class Meta: 54 | model = models.Profile 55 | fields = ['user_num','area','title','parent_email','telephone','mobilephone','description'] 56 | widgets = { 57 | 'user_num':widgets.TextInput(attrs={'class':'layui-input','placeholder':'编号'}), 58 | 'area':widgets.Select(attrs={'class':'layui-input','placeholder':'所属区域'}), 59 | 'title':widgets.TextInput(attrs={'class':'layui-input','placeholder':'职位信息'}), 60 | 'parent_email':widgets.TextInput(attrs={'class':'layui-input','placeholder':'直属领导邮箱'}), 61 | 'telephone':widgets.TextInput(attrs={'class':'layui-input','placeholder':'联系方式'}), 62 | 'mobilephone':widgets.TextInput(attrs={'class':'layui-input','placeholder':'个人手机','lay-verify':'phone','autocomplete':'off','type':'tel'}), 63 | 'description':widgets.Textarea(attrs={'class':'layui-textarea','placeholder':'员工介绍'}), 64 | } -------------------------------------------------------------------------------- /RBAC/middleware/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/RBAC/middleware/__init__.py -------------------------------------------------------------------------------- /RBAC/middleware/rbac.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年4月16日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from django.conf import settings 9 | from django.shortcuts import HttpResponse, redirect,render,HttpResponseRedirect 10 | import re 11 | from AssetManage.models import File 12 | 13 | class MiddlewareMixin(object): 14 | def __init__(self, get_response=None): 15 | self.get_response = get_response 16 | super(MiddlewareMixin, self).__init__() 17 | 18 | def __call__(self, request): 19 | response = None 20 | if hasattr(self, 'process_request'): 21 | response = self.process_request(request) 22 | if not response: 23 | response = self.get_response(request) 24 | if hasattr(self, 'process_response'): 25 | response = self.process_response(request, response) 26 | return response 27 | 28 | class RbacMiddleware(MiddlewareMixin): 29 | """ 30 | 检查用户的url请求是否是其权限范围内 31 | """ 32 | def process_request(self, request): 33 | request_url = request.path_info 34 | permission_url = request.session.get(settings.SESSION_PERMISSION_URL_KEY) 35 | # 如果请求url在白名单,放行 36 | if request_url =='/': 37 | if request.user.is_authenticated: 38 | return HttpResponseRedirect('/user/') 39 | else: 40 | return HttpResponseRedirect('/view/') 41 | elif re.match('/semf/', request_url): 42 | if request.user.is_authenticated: 43 | if request.user.is_superuser: 44 | return None 45 | else: 46 | error ='权限错误' 47 | return render(request,'error.html',{'error':error}) 48 | else: 49 | return HttpResponseRedirect('/view/') 50 | elif re.match('/uploads/imgs/', request_url): 51 | return None 52 | elif re.match('/uploads/files/', request_url): 53 | if request.user.is_superuser: 54 | return None 55 | else: 56 | error ='权限错误' 57 | return render(request,'error.html',{'error':error}) 58 | elif re.match('/uploads/assetfiles/', request_url): 59 | url_get = File.objects.filter(asset__asset_user=request.user,file=request_url) 60 | if url_get: 61 | return None 62 | else: 63 | if request.user.is_superuser: 64 | return None 65 | else: 66 | error ='权限错误' 67 | return render(request,'error.html',{'error':error}) 68 | else: 69 | for url in settings.SAFE_URL: 70 | if re.match(url, request_url): 71 | return None 72 | 73 | # 如果未取到permission_url, 重定向至登录;为了可移植性,将登录url写入配置 74 | if not permission_url: 75 | return redirect(settings.LOGIN_URL) 76 | 77 | # 循环permission_url,作为正则,匹配用户request_url 78 | # 正则应该进行一些限定,以处理:/user/ -- /user/add/匹配成功的情况 79 | flag = False 80 | for url in permission_url: 81 | url_pattern = settings.REGEX_URL.format(url=url) 82 | if re.match(url_pattern, request_url): 83 | flag = True 84 | break 85 | if flag: 86 | return None 87 | else: 88 | # 如果是调试模式,显示可访问url 89 | if settings.DEBUG: 90 | info ='
' + ( '
'.join(permission_url)) 91 | return HttpResponse('无权限,请尝试访问以下地址:%s' %info) 92 | else: 93 | return HttpResponse('无法访问') -------------------------------------------------------------------------------- /RBAC/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/RBAC/migrations/__init__.py -------------------------------------------------------------------------------- /RBAC/service/init_permission.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018/2/12 4 | 5 | @author: gy071089 6 | ''' 7 | from django.conf import settings 8 | 9 | 10 | from ..models import Menu 11 | 12 | def init_permission(request, user_obj): 13 | """ 14 | 初始化用户权限, 写入session 15 | :param request: 16 | :param user_obj: 17 | :return: 18 | """ 19 | permission_item_list = user_obj.profile.roles.values('permissions__url', 20 | 'permissions__title', 21 | 'permissions__menu_id').distinct() 22 | permission_url_list = [] 23 | # 用户权限url列表,--> 用于中间件验证用户权限 24 | permission_menu_list = [] 25 | # 用户权限url所属菜单列表 [{"title":xxx, "url":xxx, "menu_id": xxx},{},] 26 | 27 | for item in permission_item_list: 28 | permission_url_list.append(item['permissions__url']) 29 | if item['permissions__menu_id']: 30 | temp = {"title": item['permissions__title'], 31 | "url": item["permissions__url"], 32 | "menu_id": item["permissions__menu_id"]} 33 | permission_menu_list.append(temp) 34 | 35 | menu_list = list(Menu.objects.values('id', 'title','icon','parent_id')) 36 | # 注:session在存储时,会先对数据进行序列化,因此对于Queryset对象写入session,加list()转为可序列化对象 37 | 38 | # 保存用户权限url列表 39 | request.session[settings.SESSION_PERMISSION_URL_KEY] = permission_url_list 40 | 41 | # 保存 权限菜单 和所有 菜单;用户登录后作菜单展示用 42 | request.session[settings.SESSION_MENU_KEY] = { 43 | settings.ALL_MENU_KEY: menu_list, 44 | settings.PERMISSION_MENU_KEY: permission_menu_list, 45 | } -------------------------------------------------------------------------------- /RBAC/templatetags/custom_tag.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月23日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | 9 | from django import template 10 | from django.utils.safestring import mark_safe 11 | from SeMF import settings 12 | 13 | register = template.Library() 14 | 15 | 16 | def get_structure_data(request): 17 | """处理菜单结构""" 18 | menu = request.session[settings.SESSION_MENU_KEY] 19 | all_menu = menu[settings.ALL_MENU_KEY] 20 | permission_url = menu[settings.PERMISSION_MENU_KEY] 21 | 22 | all_menu_dict = {} 23 | for item in all_menu: 24 | item['children'] = [] 25 | all_menu_dict[item['id']] = item 26 | 27 | for url in permission_url: 28 | # 添加显示状态 29 | # 将url添加到菜单下 30 | all_menu_dict[url['menu_id']]['url'] = url['url'] 31 | all_menu_dict[url['menu_id']]['status'] = True 32 | 33 | # 显示菜单:url 的菜单及上层菜单 status: true 34 | pid = url['menu_id'] 35 | while pid: 36 | all_menu_dict[pid]['status'] = True 37 | pid = all_menu_dict[pid]['parent_id'] 38 | 39 | # 整理菜单层级结构:没有parent_id 的为根菜单, 并将有parent_id 的菜单项加入其父项的chidren内 40 | menu_data = [] 41 | for i in all_menu_dict: 42 | if 'status' in all_menu_dict[i].keys(): 43 | if all_menu_dict[i]['parent_id']: 44 | pid = all_menu_dict[i]['parent_id'] 45 | parent_menu = all_menu_dict[pid] 46 | parent_menu['children'].append(all_menu_dict[i]) 47 | else: 48 | menu_data.append(all_menu_dict[i]) 49 | return menu_data 50 | 51 | 52 | def get_menu_html(menu_data): 53 | option_str_start = """ 54 |
  • 55 | 56 | {icon} 57 | {title} 58 | 59 | 60 | """ 61 | option_str_end = """ 62 |
    • 63 | """ 64 | 65 | url_str_start = """ 66 |
      67 | """ 68 | url_str_end = """ 69 |
    70 | """ 71 | 72 | url_str = """ 73 |
  • 74 | 75 | {icon} 76 | {title} 77 | 78 |
    • 79 | """ 80 | 81 | 82 | menu_html = '' 83 | for item in menu_data: 84 | if not item['status']: 85 | continue 86 | else: 87 | menu_html += option_str_start.format(icon=item['icon'], 88 | title = item['title'], 89 | ) 90 | if item['children']: 91 | menu_html += url_str_start 92 | for item_c in item['children']: 93 | if item_c['status']: 94 | menu_html += url_str.format(url = item_c['url'], 95 | icon = item_c['icon'], 96 | title = item_c['title'], 97 | ) 98 | else: 99 | continue 100 | menu_html += url_str_end 101 | else: 102 | pass 103 | menu_html += option_str_end 104 | 105 | return menu_html 106 | 107 | 108 | @register.simple_tag 109 | def rbac_menu(request): 110 | """ 111 | 显示多级菜单: 112 | 请求过来 -- 拿到session中的菜单,权限数据 -- 处理数据 -- 作显示 113 | 数据处理部分抽象出来由单独的函数处理;渲染部分也抽象出来由单独函数处理 114 | """ 115 | menu_data = get_structure_data(request) 116 | menu_html = get_menu_html(menu_data) 117 | 118 | return mark_safe(menu_html) 119 | # 因为标签无法使用safe过滤器,这里用mark_safe函数来实现 -------------------------------------------------------------------------------- /RBAC/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /RBAC/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月10日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from django.urls import path 9 | 10 | from . import views 11 | from django.conf import settings 12 | from django.conf.urls.static import static 13 | 14 | 15 | 16 | urlpatterns = [ 17 | path('view/', views.login, name='login'), 18 | path('view/regist//', views.regist, name='regist'), 19 | path('view/resetpsd//', views.resetpasswd, name='resetpsds'), 20 | path('user/', views.dashboard, name='dashboard'), 21 | path('user/main/', views.main, name='main'), 22 | path('user/logout/', views.logout, name='logout'), 23 | path('user/changepsd/', views.changepsd, name='changepsd'), 24 | path('user/info/', views.userinfo, name='userinfo'), 25 | path('user/changeinfo/', views.changeuserinfo, name='changeuserinfo'), 26 | 27 | path('manage/user/', views.userlist, name='userview'), 28 | path('manage/user/list/', views.userlisttable, name='userlist'), 29 | path('manage/user/add/', views.user_add, name='useradd'), 30 | path('manage/user/disactivate/', views.user_disactivate, name='userdisactivate'), 31 | 32 | path('manage/userrequest/', views.userregistlist, name='userregistview'), 33 | path('manage/userrequest/list/', views.userregisttable, name='userregistlist'), 34 | path('manage/userrequest/action/', views.userregistaction, name='userregistaction'), 35 | path('manage/userrequest/stop/', views.user_request_cancle, name='userregiststop'), 36 | 37 | 38 | ]+static(settings.MEDIA_URL, document_root = settings.MEDIA_ROOT) -------------------------------------------------------------------------------- /README_CN.md: -------------------------------------------------------------------------------- 1 | # SecurityManageFramwork-SeMF 2 | [![Travis](https://img.shields.io/badge/Python-3.x-blue.svg)](https://www.python.org/) 3 | [![Github License](https://img.shields.io/aur/license/yaourt.svg)](https://github.com/zhaoweiho/SecurityManageFramwork/blob/master/LICENSE) 4 | [![GitHub stars](https://img.shields.io/github/stars/zhaoweiho/SecurityManageFramwork.svg)](https://github.com/zhaoweiho/SecurityManageFramwork/stargazers) 5 | 6 | ### README [English](README.md) | 中文 7 | 8 | #### 项目介绍 9 | **SEMF**是一款适用于企业内网`安全管理平台,包含资产管理,漏洞管理,账号管理,知识库管、安全扫描自动化功能模块,可用于企业内部的安全管理`。 10 | 11 | **本平台旨在帮助安全人员少,业务线繁杂,周期巡检困难,自动化程度低的甲方,更好的实现企业内部的安全管理。本软件只用作企业内部IT资产管理,无攻击性行为。请使用者遵守《[中华人民共和国网络安全法](http://www.npc.gov.cn/npc/xinwen/2016-11/07/content_2001605.htm)》,勿将SEMF用于非授权测试,作者不负任何连带法律责任。** 12 | > 喜欢请点 Star,如果不打算贡献,千万别 Fork,Fork后的版本不会自动同步更新最新的版本,你不会享受到最新版本给你带来的快乐和惊喜 13 | 14 | 15 | 本项目原地址:https://gitee.com/gy071089/SecurityManageFramwork 16 | 17 | 作者:[残源](https://my.oschina.net/u/3867729)
    18 | 19 | 20 | #### 软件架构 21 | 22 | 后端系统 python3 + django2 + rabbitmq 实现。
    23 | 前端显示 layui + bootstarp,使用开源模板 X-admin:http://x.xuebingsi.com/ 24 | 25 | #### 项目特点 26 | 27 | - 可自定义用户类型及权限信息,初始化中生成安全人员,运维人员,网络人员和业务人员四种类型 28 | - 企业IT资产类型和资产属性可在后台自定义,根据需要进行扩展 29 | - 内网资产发现和端口扫描可自动化进行 30 | - 完整的漏洞跟进和扫描器漏洞过滤 31 | - 网络映射,针对大型企业内外网之间映射管理复杂,预留功能 32 | - 知识库管理,针对安全信息共享,分为通告类和科普类 33 | - 漏洞库管理,此模块对接cnvd漏洞库 34 | - 基于插件的漏洞扫描功能,可自行添加 35 | - 多种协议的弱口令检测 36 | - AWVS(Acunetix Web Vulnerability Scanner) 接口调用 37 | - Nessus(6/7) 接口调用 38 | 39 | #### 安装教程 40 | 41 | [安装指南](https://github.com/zhaoweiho/SecurityManageFramwork/blob/master/doc/SeMF%E5%AE%89%E8%A3%85%E6%8C%87%E5%8D%97-2018-06-12.pdf) 42 | 43 | [使用指南](https://github.com/zhaoweiho/SecurityManageFramwork/blob/master/doc/SeMF%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97-2018-06-20.pdf) 44 | 45 | #### 截图 46 | 47 | - 登录注册页 48 | ![登录注册页](https://raw.githubusercontent.com/zhaoweiho/SecurityManageFramwork/master/doc/image/113258_154ca8d5_1390378.png "屏幕截图.png") 49 | - 系统首页 50 | ![系统首页](https://raw.githubusercontent.com/zhaoweiho/SecurityManageFramwork/master/doc/image/113454_07c46a58_1390378.png "屏幕截图.png") 51 | - 资产管理 52 | ![资产管理](https://raw.githubusercontent.com/zhaoweiho/SecurityManageFramwork/master/doc/image/113543_6a6973ec_1390378.png "屏幕截图.png") 53 | - 资产详情 54 | ![资产详情](https://raw.githubusercontent.com/zhaoweiho/SecurityManageFramwork/master/doc/image/114021_ef591ca3_1390378.png "屏幕截图.png") 55 | - 漏洞管理 56 | ![漏洞管理](https://raw.githubusercontent.com/zhaoweiho/SecurityManageFramwork/master/doc/image/113714_90826f30_1390378.png "屏幕截图.png") 57 | - 报表中心 58 | ![报表中心](https://raw.githubusercontent.com/zhaoweiho/SecurityManageFramwork/master/doc/image/114106_3cf15048_1390378.png "屏幕截图.png") 59 | 60 | #### 参与贡献 61 | 62 | 1. 本项目当前仅自己维护,希望有志之士可协助完善系统,详情可加入qq群,联系群主即可 63 | ![qq交流群](https://raw.githubusercontent.com/zhaoweiho/SecurityManageFramwork/master/doc/image/114130_0e8d0451_1390378.png "屏幕截图.png") 64 | 2. 如有其他定制化需求,可发邮件至gy071089@outlook.com联系我 65 | 66 | -------------------------------------------------------------------------------- /SeMF/__init__.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | 3 | from __future__ import absolute_import 4 | import pymysql 5 | # This will make sure the app is always imported when 6 | # Django starts so that shared_task will use this app. 7 | from .celery import app as celery_app 8 | __all__ = ['celery_app'] 9 | pymysql.install_as_MySQLdb() -------------------------------------------------------------------------------- /SeMF/celery.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月24日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | 9 | from __future__ import absolute_import, unicode_literals 10 | import os 11 | from celery import Celery,platforms 12 | from django.conf import settings # noqa 13 | 14 | # set the default Django settings module for the 'celery' program. 15 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'SeMF.settings') 16 | 17 | app = Celery('SeMF') 18 | 19 | # Using a string here means the worker will not have to 20 | # pickle the object when using Windows. 21 | app.config_from_object('django.conf:settings') 22 | app.autodiscover_tasks(lambda: settings.INSTALLED_APPS) 23 | platforms.C_FORCE_ROOT =True 24 | 25 | @app.task(bind=True) 26 | def debug_task(self): 27 | print('Request: {0!r}'.format(self.request)) -------------------------------------------------------------------------------- /SeMF/urls.py: -------------------------------------------------------------------------------- 1 | """SeMF URL Configuration 2 | 3 | The `urlpatterns` list routes URLs to views. For more information please see: 4 | https://docs.djangoproject.com/en/2.0/topics/http/urls/ 5 | Examples: 6 | Function views 7 | 1. Add an import: from my_app import views 8 | 2. Add a URL to urlpatterns: path('', views.home, name='home') 9 | Class-based views 10 | 1. Add an import: from other_app.views import Home 11 | 2. Add a URL to urlpatterns: path('', Home.as_view(), name='home') 12 | Including another URLconf 13 | 1. Import the include() function: from django.urls import include, path 14 | 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) 15 | """ 16 | from django.contrib import admin 17 | from django.urls import path 18 | from django.conf.urls import include 19 | from django.conf import settings 20 | from django.conf.urls.static import static 21 | from . import views 22 | 23 | urlpatterns = [ 24 | path('semf/', admin.site.urls), 25 | path('',include('RBAC.urls')), 26 | path('notice/',include('NoticeManage.urls')), 27 | path('asset/',include('AssetManage.urls')), 28 | path('vuln/',include('VulnManage.urls')), 29 | path('chart/',include('ChartManage.urls')), 30 | path('article/',include('ArticleManage.urls')), 31 | path('mapped/',include('MappedManage.urls')), 32 | path('task/',include('TaskManage.urls')), 33 | ]+ static(settings.STATIC_URL,document_root=settings.STATIC_ROOT) 34 | 35 | handler404 = views.page_not_found 36 | handler500 = views.page_error 37 | handler403 = views.permission_denied -------------------------------------------------------------------------------- /SeMF/views.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月24日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | 9 | 10 | from django.shortcuts import render 11 | 12 | def page_not_found(request): 13 | return render(request, '404.html') 14 | 15 | 16 | def page_error(request): 17 | return render(request, '500.html') 18 | 19 | 20 | def permission_denied(request): 21 | return render(request, '403.html') -------------------------------------------------------------------------------- /SeMF/wsgi.py: -------------------------------------------------------------------------------- 1 | """ 2 | WSGI config for SeMF project. 3 | 4 | It exposes the WSGI callable as a module-level variable named ``application``. 5 | 6 | For more information on this file, see 7 | https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/ 8 | """ 9 | 10 | import os 11 | 12 | from django.core.wsgi import get_wsgi_application 13 | 14 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "SeMF.settings") 15 | 16 | application = get_wsgi_application() 17 | -------------------------------------------------------------------------------- /SeMFSetting/Functions/Nessus.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | 3 | import requests 4 | import json 5 | import time 6 | from requests.packages import urllib3 7 | from SeMFSetting.models import Scanner 8 | # Create your views here. 9 | 10 | verify = False 11 | 12 | def get_scannerinfo(scanner_id): 13 | 14 | scanner = Scanner.objects.filter(id=scanner_id).first() 15 | 16 | url = scanner.scanner_url 17 | Access_Key = scanner.scanner_apikey 18 | Secret_Key = scanner.scanner_apisec 19 | return url,Access_Key,Secret_Key 20 | 21 | 22 | def build_url(url,resource): 23 | return '{0}{1}'.format(url, resource) 24 | 25 | 26 | def connect(scanner_id,method, resource, data=None): 27 | ''' 28 | 该模块用来定制连接 29 | ''' 30 | url,Access_Key,Secret_Key=get_scannerinfo(scanner_id) 31 | 32 | headers = { 33 | 'content-type': 'application/json', 34 | 'X-ApiKeys':'accessKey = '+ Access_Key +';secretKey ='+Secret_Key, 35 | } 36 | if data != None: 37 | data = json.dumps(data) 38 | urllib3.disable_warnings() 39 | if method == 'POST': 40 | r = requests.post(build_url(url,resource), data=data, headers=headers, verify=verify) 41 | elif method == 'PUT': 42 | r = requests.put(build_url(url,resource), data=data, headers=headers, verify=verify) 43 | elif method == 'DELETE': 44 | r = requests.delete(build_url(url,resource), data=data, headers=headers, verify=verify) 45 | else: 46 | r = requests.get(build_url(url,resource), params=data, headers=headers, verify=verify) 47 | 48 | # Exit if there is an error. 49 | if r.status_code != 200: 50 | e = r.json() 51 | print(e) 52 | #sys.exit() 53 | 54 | if 'download' in resource: 55 | return r.content 56 | else: 57 | try: 58 | return r.json() 59 | except: 60 | return True 61 | 62 | 63 | def get_policies(scanner_id): 64 | """ 65 | Get scan policies 66 | Get all of the scan policies but return only the title and the uuid of 67 | each policy. 68 | """ 69 | data = connect(scanner_id,'GET', '/policies') 70 | return dict((p['name'], p['template_uuid']) for p in data['policies']) 71 | 72 | def add(name, desc, targets, uuid,scanner_id): 73 | """ 74 | Add a new scan 75 | 76 | Create a new scan using the policy_id, name, description and targets. The 77 | scan will be created in the default folder for the user. Return the id of 78 | the newly created scan. 79 | """ 80 | scan = { 81 | 'uuid': uuid, 82 | 'settings': { 83 | 'name': name, 84 | 'description': desc, 85 | 'text_targets': targets 86 | } 87 | } 88 | data = connect(scanner_id,'POST', '/scans', scan) 89 | return data['scan'] 90 | 91 | def launch(sid,scanner_id): 92 | """ 93 | Launch a scan 94 | Launch the scan specified by the sid. 95 | """ 96 | data = connect(scanner_id,'POST', '/scans/{0}/launch'.format(sid)) 97 | return data['scan_uuid'] 98 | 99 | 100 | def stop(sid,scanner_id): 101 | """ 102 | Stop a scan 103 | Stop the scan specified by the sid. 104 | """ 105 | data = connect(scanner_id,'POST', '/scans/{0}/stop'.format(sid)) 106 | return data 107 | 108 | def pause(sid,scanner_id): 109 | """ 110 | Pause a scan 111 | Pause the scan specified by the sid. 112 | """ 113 | data = connect(scanner_id,'POST', '/scans/{0}/pause'.format(sid)) 114 | return data 115 | 116 | def resume(sid,scanner_id): 117 | """ 118 | Resume a scan 119 | Resume the scan specified by the sid. 120 | """ 121 | data = connect(scanner_id,'POST', '/scans/{0}/resume'.format(sid)) 122 | return data 123 | 124 | def details(sid,scanner_id): 125 | """ 126 | Details a scan 127 | Details the scan specified by the sid. 128 | """ 129 | data = connect(scanner_id,'GET', '/scans/{0}'.format(sid)) 130 | return data 131 | 132 | def get_plugin_output(sid,host_id,plugin_id,scanner_id): 133 | data = connect(scanner_id,'GET','/scans/{0}/hosts/{1}/plugins/{2}'.format(sid,host_id,plugin_id)) 134 | return data 135 | 136 | if __name__ == '__main__': 137 | pass 138 | ''' 139 | policies = get_policies() 140 | pid = policies['Advanced Scan'] 141 | scan = add('test','this is a test','10.10.19.5',pid) 142 | scan_id=scan['id'] 143 | print(scan_id) 144 | scan_uuid=launch(scan_id) 145 | #res=pause(sid) 146 | #res=resume(sid) 147 | while True: 148 | res = details(scan_id) 149 | if res['info']['status'] == 'completed': 150 | res = details(scan_id)['vulnerabilities'] 151 | break 152 | time.sleep(300) 153 | 154 | print(res) 155 | ''' 156 | -------------------------------------------------------------------------------- /SeMFSetting/Functions/checkip.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2017/11/17 4 | @author: gy 5 | ''' 6 | 7 | import re 8 | 9 | def checkip(ip): 10 | p = re.compile('^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$') 11 | if p.match(ip): 12 | return True 13 | else: 14 | return False 15 | 16 | 17 | -------------------------------------------------------------------------------- /SeMFSetting/Functions/checkpsd.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月31日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | import re 9 | 10 | def checkpsd(passwd): 11 | p = re.match(r'^(?=.*?\d)(?=.*?[a-zA-Z]).{6,}$',passwd) 12 | if p: 13 | return True 14 | else: 15 | return False -------------------------------------------------------------------------------- /SeMFSetting/Functions/mails.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月12日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | 9 | from django.core.mail import EmailMultiAlternatives 10 | 11 | from SeMF.settings import DEFAULT_FROM_EMAIL,WEB_URL 12 | 13 | 14 | url = WEB_URL 15 | 16 | 17 | def sendmails(email,data): 18 | ''' 19 | data={'subject':'', 20 | 'text_content', 21 | 'html_content'} 22 | ''' 23 | try: 24 | msg = EmailMultiAlternatives(data['subject'],data['text_content'],DEFAULT_FROM_EMAIL,[email]) 25 | msg.attach_alternative(data['html_content'], "text/html") 26 | msg.send() 27 | return True 28 | except: 29 | return False 30 | 31 | 32 | def sendregistmail(email,argu): 33 | data={'subject':'SeMF账号初始化', 34 | 'text_content':'', 35 | 'html_content':''} 36 | data['text_content'] = "您的SeMF安全管理平台账号初始化地址如下"+ url +"/view/regist/"+argu +" 如无申请过该平台账号,请忽略该邮件" 37 | data['html_content'] = """ 38 |

    Dear user:

    39 |

    您的SeMF安全管控平台账号初始化地址已创建,点我以完成账号初始化

    40 |

    如点击失效,请前往访问以下地址""" + url +"/view/regist/"+argu + """

    41 |

    如非本人操作,忽略该邮件

    42 |

    本邮件为安全管控平台SeMf系统邮件,请勿回复

    43 | """ 44 | res = sendmails(email,data) 45 | if res: 46 | return True 47 | else: 48 | return False 49 | 50 | 51 | def send_notice_mail(email,data): 52 | try: 53 | subject = data['notice_title'] 54 | text_content = data['notice_body']+'访问地址为:'+url+data['notice_url'] 55 | html_content = "

    "+data['notice_body']+",点我访问

    " 56 | msg = EmailMultiAlternatives(subject,text_content,DEFAULT_FROM_EMAIL,[email]) 57 | msg.attach_alternative(html_content, "text/html") 58 | msg.send() 59 | return True 60 | except: 61 | return False 62 | 63 | def sendresetpsdmail(email,argu): 64 | data={'subject':'SeMF账号密码重置', 65 | 'text_content':'', 66 | 'html_content':''} 67 | data['text_content'] = "您正在申请重置SeMF平台账号,请前往以下地址处理:"+ url +"/view/resetpsd/"+argu +" 如无执行重置操作,请忽略该邮件" 68 | data['html_content'] = """ 69 |

    Dear user:

    70 |

    您正在申请重置SeMF的密码,请前往以下地址进行密码重置,点我以完成密码重置

    71 |

    如点击失效,请前往访问以下地址""" + url +"/view/resetpsd/"+argu + """

    72 |

    如非本人操作,忽略该邮件

    73 |

    本邮件为安全管控平台SeMf系统邮件,请勿回复

    74 | """ 75 | res = sendmails(email,data) 76 | if res: 77 | return True 78 | else: 79 | return False -------------------------------------------------------------------------------- /SeMFSetting/Functions/nmap.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2017/11/17 4 | @author: gy 5 | ''' 6 | 7 | import nmap 8 | 9 | #检查目标主机指定端口是否开放 10 | def nmap_port(host,port): 11 | nm = nmap.PortScanner() 12 | nm.scan(host,port) 13 | if nm[host].state()== 'up': 14 | return nm[host]['tcp'][port] 15 | 16 | 17 | #获取目标主机内所有开放端口 18 | def nmap_host_all(host): 19 | nm = nmap.PortScanner() 20 | nm.scan(host,'0-65535') 21 | try: 22 | if nm[host].state()== 'up': 23 | return nm[host]['tcp'] 24 | else: 25 | return 0 26 | except: 27 | return 0 28 | 29 | #获取指定网段内全部存活主机 30 | def nmap_alive_lists(segment): 31 | nm = nmap.PortScanner() 32 | try: 33 | nm.scan(hosts=segment,arguments='-n -sn') 34 | except: 35 | return None 36 | return nm.all_hosts() 37 | 38 | 39 | -------------------------------------------------------------------------------- /SeMFSetting/Functions/parse_awvs_xml.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2017/12/4 4 | 5 | @author: gy071089 6 | ''' 7 | 8 | import os,requests 9 | from xml.dom import minidom 10 | from requests.packages import urllib3 11 | 12 | #level_white_list= ["high", "medium","low","informational"], 13 | ''' 14 | except_vuln = { 15 | "level_white_list": ["high", "medium","low","informational"], 16 | "bug_black_list": [ 17 | "User credentials are sent in clear text", 18 | "HTML form without CSRF protection", 19 | "Broken links", 20 | "Password type input with auto-complete enabled", 21 | "Slow HTTP Denial of Service Attack", 22 | "Application error message", 23 | ] 24 | }''' 25 | 26 | def details_parse_xml(scan_id,path): 27 | file_name = os.path.join(path,scan_id+'.xml') 28 | bug_list = {} 29 | try: 30 | root = minidom.parse(file_name).documentElement 31 | ReportItem_list = root.getElementsByTagName('ReportItem') 32 | Crawler_list = root.getElementsByTagName('SiteFile') 33 | bug_list['starturl'] = root.getElementsByTagName('StartURL')[0].firstChild.data 34 | bug_list['time'] = root.getElementsByTagName('ScanTime')[0].firstChild.data 35 | bug_list['url'] = [] 36 | bug_list['bug'] = [] 37 | 38 | if Crawler_list: 39 | for crawl in Crawler_list: 40 | spider = {} 41 | URL = crawl.getElementsByTagName("URL")[0].firstChild.data 42 | fURL = crawl.getElementsByTagName("FullURL")[0].firstChild 43 | spider['path'] = URL 44 | spider['furl'] = fURL 45 | bug_list['url'].append(spider) 46 | if ReportItem_list: 47 | for node in ReportItem_list: 48 | level = node.getElementsByTagName("Severity")[0].firstChild.data 49 | name = node.getElementsByTagName("Name")[0].firstChild.data 50 | #if level in level_white_list: 51 | try: 52 | Request = node.getElementsByTagName("Request")[0].firstChild.data 53 | except: 54 | Request = "" 55 | try: 56 | details = node.getElementsByTagName("Details")[0].firstChild.data 57 | except: 58 | details = "" 59 | try: 60 | recommendation = node.getElementsByTagName("Recommendation")[0].firstChild.data 61 | except: 62 | details = "" 63 | 64 | temp = {} 65 | temp['name'] = name 66 | temp['level'] = level 67 | temp['request'] = Request 68 | temp['details'] = details 69 | temp['recommendation'] = recommendation 70 | temp['path'] = node.getElementsByTagName("Affects")[0].firstChild.data 71 | 72 | bug_list['bug'].append(temp) 73 | os.remove(file_name) 74 | 75 | except Exception as e: 76 | print ("Error in parse_xml: %s" % str(e)) 77 | 78 | return bug_list 79 | 80 | 81 | def get_scan_xml(reporturl,scan_id,path): 82 | filename = os.path.join(path,scan_id+'.xml') 83 | urllib3.disable_warnings() 84 | try: 85 | resp = requests.get(reporturl,timeout=120,verify=False) 86 | content = resp.content 87 | fp = open(filename,'wb') 88 | fp.write(content) 89 | fp.close() 90 | except Exception as e: 91 | return e -------------------------------------------------------------------------------- /SeMFSetting/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/SeMFSetting/__init__.py -------------------------------------------------------------------------------- /SeMFSetting/admin.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.contrib import admin 3 | from . import models 4 | # Register your models here. 5 | admin.site.register(models.Scanner) 6 | admin.site.register(models.ScannerPolicies) 7 | admin.site.register(models.files) -------------------------------------------------------------------------------- /SeMFSetting/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class SemfsettingConfig(AppConfig): 5 | name = 'SeMFSetting' 6 | -------------------------------------------------------------------------------- /SeMFSetting/forms.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年6月8日 4 | 5 | @author: yuguanc 6 | ''' 7 | from . import models 8 | from django.forms import ModelForm,widgets 9 | 10 | class File(ModelForm): 11 | class Meta: 12 | model = models.files 13 | fields=['name','file_type','file'] 14 | widgets ={ 15 | 'name':widgets.TextInput(attrs={'class':'form-control','placeholder':'文件名称'}), 16 | 'file_type':widgets.Select(attrs={'class':'form-control','placeholder':'文件类型'}), 17 | 'file':widgets.FileInput(), 18 | } -------------------------------------------------------------------------------- /SeMFSetting/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/SeMFSetting/migrations/__init__.py -------------------------------------------------------------------------------- /SeMFSetting/models.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | #coding:utf-8 3 | from django.db import models 4 | from django.contrib.auth.models import User 5 | from AssetManage.models import AssetType 6 | 7 | # Create your models here. 8 | SCANNER_TYPE = ( 9 | ('WEB',( 10 | ('AWVS','AWVS'), 11 | ) 12 | ), 13 | ('System',( 14 | ('Nessus','Nessus'), 15 | ) 16 | ), 17 | ) 18 | SCANNER_STATUS = ( 19 | ('启用','启用'), 20 | ('禁用','禁用'), 21 | ) 22 | 23 | FILE_TYPE = ( 24 | ('网络设备','网络设备'), 25 | ('业务系统','业务系统'), 26 | ('漏洞列表','漏洞列表'), 27 | ) 28 | 29 | class files(models.Model): 30 | name = models.CharField('名称',max_length=50,null=True) 31 | file_type = models.CharField('类型',max_length=50,choices=FILE_TYPE) 32 | file = models.FileField('批量文件',upload_to ='files/') 33 | update_data = models.DateField("更新日期",auto_now=True) 34 | 35 | action_user = models.ForeignKey(User,related_name='asset_files_user',on_delete=models.CASCADE,null=True,blank=True) 36 | def __str__(self): 37 | return self.name 38 | 39 | 40 | 41 | 42 | class Scanner(models.Model): 43 | scanner_name = models.CharField('节点名称',max_length=50) 44 | scanner_type = models.CharField('节点类型',max_length=50,choices=SCANNER_TYPE) 45 | scanner_url = models.URLField('节点地址',max_length=50) 46 | scanner_status = models.CharField('节点状态',max_length=50,default='禁用',choices=SCANNER_STATUS) 47 | scanner_apikey = models.CharField('API_KEY',max_length=100) 48 | scanner_apisec = models.CharField('API_SEC',max_length=100,blank=True) 49 | scanner_des = models.TextField('节点描述') 50 | scanner_addtime = models.DateField('开始时间',auto_now_add=True) #任务开始时间 51 | scanner_updatetime = models.DateField('结束时间',auto_now=True) #任务结束时间 52 | 53 | assetType = models.ManyToManyField(AssetType,verbose_name='扫描范围',related_name='scanner_assettype',limit_choices_to={'parent__isnull':False}) 54 | 55 | def __str__(self): 56 | return self.scanner_name 57 | 58 | 59 | class ScannerPolicies(models.Model): 60 | policies_name = models.CharField('策略名称',max_length=50,help_text='扫描策略为扫描器策略名称') 61 | policies_key = models.CharField('策略编号',max_length=50,null=True,blank=True,help_text='AWVS扫描器需填写,全扫描编号为11111111-1111-1111-1111-111111111111') 62 | scanner = models.ForeignKey(Scanner,verbose_name='节点关联',related_name='police_for_scanner',on_delete=models.CASCADE) 63 | 64 | def __str__(self): 65 | return self.policies_name 66 | 67 | 68 | -------------------------------------------------------------------------------- /SeMFSetting/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /SeMFSetting/views.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger 3 | import hashlib 4 | from django.contrib.auth.hashers import make_password 5 | # Create your views here. 6 | 7 | #该段代码用来分页 8 | def paging(deploy_list,limit,offset): 9 | 10 | paginator = Paginator(deploy_list, limit) 11 | 12 | try: 13 | deploy_list = paginator.page(offset) 14 | except PageNotAnInteger: 15 | # If page is not an integer, deliver first page. 16 | deploy_list = paginator.page(1) 17 | except EmptyPage: 18 | # If page is out of range (e.g. 9999), deliver last page of results. 19 | deploy_list = paginator.page(paginator.num_pages) 20 | return deploy_list 21 | 22 | 23 | 24 | def strtopsd(string): 25 | hash_res = hashlib.md5() 26 | hash_res.update(make_password(string).encode('utf-8')) 27 | urlarg = hash_res.hexdigest() 28 | return urlarg -------------------------------------------------------------------------------- /TaskManage/Functions/awvs.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2017/12/4 4 | 5 | @author: gy 6 | ''' 7 | 8 | import time 9 | 10 | from SeMFSetting.Functions import AWVS11 11 | from SeMFSetting.Functions import parse_awvs_xml 12 | from VulnManage.models import Vulnerability_scan 13 | from TaskManage.models import Task 14 | from AssetManage.models import Asset 15 | from SeMF.settings import TMP_PATH 16 | from .nessus import Get_except_vuln 17 | 18 | vuln_level = {'informational':0,'low':1,'medium':2,'high':3} 19 | 20 | 21 | def add_scan(scanner_id,url,desc): 22 | target_id = AWVS11.add(url,scanner_id, desc) 23 | return target_id 24 | 25 | def start_scan(scanner_id,target_id): 26 | data = AWVS11.start(target_id,scanner_id) 27 | if data: 28 | scan_id = AWVS11.getscanid(target_id,scanner_id) 29 | return scan_id 30 | 31 | def stop_scan(scan_id,scanner_id): 32 | data = AWVS11.stop(scan_id,scanner_id) 33 | if data: 34 | return True 35 | 36 | def dele_scan(scan_id,scanner_id): 37 | data = AWVS11.delete(scan_id,scanner_id) 38 | if data: 39 | return True 40 | 41 | def get_scan_result(scan_id,task_id,scanner_id): 42 | reporturl = AWVS11.getreport(scan_id,scanner_id) 43 | task = Task.objects.filter(task_id=task_id).first() 44 | parse_awvs_xml.get_scan_xml(reporturl,scan_id,TMP_PATH) 45 | details = parse_awvs_xml.details_parse_xml(scan_id,TMP_PATH) 46 | if details: 47 | asset_key = details['starturl'] 48 | vuln_list = details['bug'] 49 | asset =Asset.objects.filter(asset_key = asset_key).first() 50 | if vuln_list: 51 | except_vuln,except_vuln_list = Get_except_vuln('AWVS') 52 | for vuln in vuln_list: 53 | try: 54 | num = Vulnerability_scan.objects.latest('id').id 55 | except Exception as e: 56 | num = 0 57 | vuln_id = '02' + str(time.strftime('%Y%m%d%H',time.localtime(time.time()))) +str( num) 58 | vuln_type = 'Awvs' 59 | vuln_name = vuln['name'] 60 | leave = vuln_level[vuln['level']] 61 | vuln_info = vuln['request'] 62 | introduce = vuln['details'] 63 | scopen = vuln['path'] 64 | fix = vuln['recommendation'] 65 | if vuln_name in except_vuln: 66 | vuln_gets = except_vuln_list.filter(vuln_name=vuln_name).first() 67 | leave = vuln_gets.leave 68 | fix = vuln_gets.fix 69 | vuln_list = Vulnerability_scan.objects.get_or_create(vuln_name=vuln_name, 70 | vuln_type=vuln_type, 71 | leave=leave, 72 | introduce=introduce, 73 | vuln_info=vuln_info, 74 | scopen=scopen, 75 | fix=fix, 76 | vuln_asset = asset 77 | ) 78 | vuln_get = vuln_list[0] 79 | if vuln_get.vuln_id: 80 | if vuln_get.fix_status == '1': 81 | vuln_get.fix_status= '3' 82 | else: 83 | vuln_get.vuln_id = vuln_id 84 | if leave == 0: 85 | vuln_get.fix_status= '0' 86 | elif leave == 1: 87 | vuln_get.fix_status= '0' 88 | else: 89 | vuln_get.fix_status= '2' 90 | vuln_get.task_id= task 91 | vuln_get.save() -------------------------------------------------------------------------------- /TaskManage/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/TaskManage/__init__.py -------------------------------------------------------------------------------- /TaskManage/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | from . import models 5 | # Register your models here. 6 | 7 | admin.site.register(models.Task) -------------------------------------------------------------------------------- /TaskManage/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class TaskmanageConfig(AppConfig): 5 | name = 'TaskManage' 6 | -------------------------------------------------------------------------------- /TaskManage/forms.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月25日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from . import models 9 | from django.forms import ModelForm 10 | from django.forms import widgets 11 | 12 | 13 | 14 | class TaskSyncForm(ModelForm): 15 | class Meta: 16 | model = models.Task 17 | fields = ['task_name','task_scanner','scan_id','task_targetinfo'] 18 | widgets = { 19 | 'task_name':widgets.TextInput(attrs={'class':'form-control','placeholder':'任务名称,一般以系统名称+版本+日期'}), 20 | 'scan_id':widgets.TextInput(attrs={'class':'form-control','placeholder':'扫描器对应的任务标识,当前只支持nessus'}), 21 | 'task_scanner':widgets.Select(attrs={'class':'form-control','placeholder':'扫描节点'}), 22 | 'task_targetinfo':widgets.Textarea(attrs={'class':'form-control','placeholder':'本次任务说明,如漏洞复查,周期检查、版本更新、上线准备等'}), 23 | } 24 | 25 | 26 | class TaskCreateForm(ModelForm): 27 | class Meta: 28 | model = models.Task 29 | fields = ['task_name','scanner_police','task_target','task_targetinfo'] 30 | widgets = { 31 | 'task_name':widgets.TextInput(attrs={'class':'form-control','placeholder':'任务名称,一般以系统名称+版本+日期'}), 32 | #'task_scanner':widgets.Select(attrs={'class':'form-control','placeholder':'扫描节点'}), 33 | 'scanner_police':widgets.Select(attrs={'class':'form-control','placeholder':'扫描策略'}), 34 | 'task_target':widgets.TextInput(attrs={'class':'form-control','placeholder':'扫描目标,ip/url'}), 35 | 'task_targetinfo':widgets.Textarea(attrs={'class':'form-control','placeholder':'本次任务说明,如漏洞复查,周期检查、版本更新、上线准备等'}), 36 | } 37 | 38 | class TaskScanForm(ModelForm): 39 | class Meta: 40 | model = models.Task 41 | fields = ['task_name','scanner_police','task_target','task_targetinfo'] 42 | widgets = { 43 | 'task_name':widgets.TextInput(attrs={'class':'form-control','placeholder':'任务名称,一般以系统名称+版本+日期'}), 44 | #'task_scanner':widgets.Select(attrs={'class':'form-control','placeholder':'扫描节点'}), 45 | 'scanner_police':widgets.Select(attrs={'class':'form-control','placeholder':'扫描策略'}), 46 | 'task_target':widgets.Textarea(attrs={'class':'form-control','placeholder':'扫描目标,ip/url'}), 47 | 'task_targetinfo':widgets.Textarea(attrs={'class':'form-control','placeholder':'本次任务说明,如漏洞复查,周期检查、版本更新、上线准备等'}), 48 | } -------------------------------------------------------------------------------- /TaskManage/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/TaskManage/migrations/__init__.py -------------------------------------------------------------------------------- /TaskManage/models.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | 3 | # Create your models here. 4 | from django.db import models 5 | from django.contrib.auth.models import User 6 | from AssetManage.models import Asset 7 | from SeMFSetting.models import Scanner,ScannerPolicies 8 | # Create your models here. 9 | TASK_TYPE = ( 10 | ('安全扫描','安全扫描'), 11 | ('扫描同步','扫描同步'), 12 | ) 13 | 14 | TASK_STATUS=( 15 | ('0','审批中'), 16 | ('1','待执行'), 17 | ('2','执行中'), 18 | ('3','已暂停'), 19 | ('4','已完成'), 20 | ('5','已结束'), 21 | ) 22 | 23 | REQUEST_STATUS=( 24 | ('0','审批中'), 25 | ('1','审批通过'), 26 | ('2','审批拒绝'), 27 | ) 28 | 29 | 30 | class Task(models.Model): 31 | task_id = models.CharField('任务编号',max_length=50) #任务id 32 | scan_id = models.CharField('扫描编号',max_length=100,null=True) 33 | task_name = models.CharField('任务名称',max_length=30) #任务名称 34 | task_type = models.CharField('任务类型',max_length=25, choices=TASK_TYPE) #任务类型 35 | task_target = models.TextField('任务目标',null = True) #任务目标 36 | task_targetinfo = models.TextField('任务描述') #目标描述 37 | task_status = models.CharField('任务状态',max_length=20,choices=TASK_STATUS) #任务状态 四个状态,创建,审批中,执行中,结束 ״ 38 | task_plan_time = models.DateTimeField('计划执行时间',null=True,blank=True) #计划执行时间 39 | task_plan_end_time = models.DateTimeField('计划结束时间',null=True) #计划执行时间 40 | request_status = models.CharField('请求状态',max_length =50,choices=REQUEST_STATUS) 41 | request_note = models.TextField('审批备注',null=True) #安全人员审批扫描时的备注 42 | task_starttime = models.DateTimeField('开始时间',auto_now_add=True) #任务开始时间 43 | task_endtime = models.DateTimeField('更新时间',auto_now=True) #任务结束时间 44 | 45 | task_asset = models.ManyToManyField(Asset,related_name='asset_to_task',verbose_name='资产关联') 46 | 47 | task_scanner = models.ForeignKey(Scanner,related_name='scanner_to_task',on_delete=models.CASCADE,verbose_name='扫描器') 48 | scanner_police = models.ForeignKey(ScannerPolicies,related_name='police_to_scanner',null=True,on_delete=models.CASCADE,verbose_name='扫描策略') 49 | 50 | task_user = models.ForeignKey(User,related_name='task_for_user',on_delete=models.CASCADE,verbose_name='任务用户') 51 | action_user = models.ForeignKey(User,related_name='taskrequestaction_for_user',on_delete=models.CASCADE,null=True,blank=True) 52 | 53 | def __str__(self): 54 | return self.task_id -------------------------------------------------------------------------------- /TaskManage/tasks.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月25日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from __future__ import absolute_import 9 | from celery import shared_task 10 | from SeMFSetting.Functions import Nessus,AWVS11 11 | from TaskManage.Functions import nessus,awvs 12 | import time 13 | from TaskManage.models import Task 14 | from NoticeManage.views import notice_add 15 | 16 | from celery.utils.log import get_task_logger 17 | logger = get_task_logger(__name__) 18 | 19 | from SeMFSetting.Functions.mails import send_notice_mail 20 | 21 | 22 | @shared_task 23 | def save_scan_vulns(scan_id,task_id): 24 | task = Task.objects.filter(task_id =task_id ).first() 25 | while True: 26 | res = Nessus.details(scan_id,task.task_scanner.id) 27 | try: 28 | res['info']['status'] 29 | except: 30 | continue 31 | if res['info']['status'] == 'canceled' or res['info']['status'] == 'completed': 32 | time.sleep(600) 33 | nessus.get_scan_vuln(scan_id,task,task.task_scanner.id) 34 | task.task_status=4 35 | task.save() 36 | data={ 37 | 'notice_title':'任务进度通知', 38 | 'notice_body':'您对'+task.task_name+'的扫描任务已完成,请及时查看结果', 39 | 'notice_url':'/task/user/', 40 | 'notice_type':'notice', 41 | } 42 | user = task.task_user 43 | notice_add(user,data) 44 | send_notice_mail(user.email,data) 45 | break 46 | else: 47 | time.sleep(30) 48 | 49 | 50 | @shared_task 51 | def save_awvs_vulns(scan_id,task_id): 52 | task = Task.objects.filter(task_id =task_id ).first() 53 | while True: 54 | status = AWVS11.getstatus(scan_id,task.task_scanner.id) 55 | if status == 'completed': 56 | awvs.get_scan_result(scan_id,task_id,task.task_scanner.id) 57 | task.task_status=4 58 | task.save() 59 | #type_task_list = {'移动应用':'type1','web应用':'type2','操作系统':'type3'} 60 | data={ 61 | 'notice_title':'任务进度通知', 62 | 'notice_body':'您对'+task.task_name+'的扫描任务已完成,请及时查看结果', 63 | 'notice_url':'/task/user/', 64 | 'notice_type':'notice', 65 | } 66 | user = task.task_user 67 | notice_add(user,data) 68 | send_notice_mail(user.email,data) 69 | break 70 | elif status == 'aborted': 71 | awvs.get_scan_result(scan_id,task_id,task.task_scanner.id) 72 | task.task_status=5 73 | task.save() 74 | #type_task_list = {'移动应用':'type1','web应用':'type2','操作系统':'type3'} 75 | data={ 76 | 'notice_title':'任务进度通知', 77 | 'notice_body':'您对'+task.task_name+'的扫描任务已完成,请及时查看结果', 78 | 'notice_url':'/task/user/', 79 | 'notice_type':'notice', 80 | } 81 | user = task.task_user 82 | notice_add(user,data) 83 | send_notice_mail(user.email,data) 84 | break 85 | else: 86 | time.sleep(60) 87 | -------------------------------------------------------------------------------- /TaskManage/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /TaskManage/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月25日 4 | 5 | @author: yuguanc 6 | ''' 7 | 8 | from django.urls import path 9 | from TaskManage.views import views,Scantasks 10 | 11 | urlpatterns = [ 12 | path('user/',views.TaskView,name='taskview'), 13 | path('user/list/',views.tasktablelist,name='tasklist'), 14 | path('user/nessus/scan/',Scantasks.ScanAll,name='scantask'), 15 | path('user/details//',views.taskdetails,name='taskdetails'), 16 | 17 | path('user/scantaskchoice//',Scantasks.scan_task,name='taskscanchoice'), 18 | 19 | path('user/scan/action///',views.task_action,name='taskaction'), 20 | path('user/task/action///',views.taskrequestaction,name='taskrequestaction'), 21 | 22 | path('manage/sync/',views.TaskSync,name='tasksync'), 23 | 24 | path('request/',views.TaskRequestView,name='taskrequestview'), 25 | path('request/list/',views.taskrequesttablelist,name='taskrequestlist'), 26 | ] -------------------------------------------------------------------------------- /VulnManage/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/VulnManage/__init__.py -------------------------------------------------------------------------------- /VulnManage/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | from . import models 4 | # Register your models here. 5 | admin.site.register(models.Advance_vulns) 6 | admin.site.register(models.Cnvdfiles) 7 | admin.site.register(models.Vulnerability) 8 | -------------------------------------------------------------------------------- /VulnManage/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class VulnmanageConfig(AppConfig): 5 | name = 'VulnManage' 6 | -------------------------------------------------------------------------------- /VulnManage/forms.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月21日 4 | 5 | @author: yuguanc 6 | ''' 7 | from . import models 8 | from django.forms import ModelForm,widgets 9 | 10 | 11 | class Cnvd_file_form(ModelForm): 12 | class Meta: 13 | model = models.Cnvdfiles 14 | fields = ['file'] 15 | widgets = { 16 | 'file':widgets.FileInput(), 17 | } 18 | 19 | 20 | class Advance_vulns_form(ModelForm): 21 | class Meta: 22 | model = models.Advance_vulns 23 | fields=['type','vuln_name','leave','fix'] 24 | widgets = { 25 | 'type':widgets.Select(attrs={'class':'form-control','placeholder':'扫描器关联'}), 26 | 'vuln_name':widgets.TextInput(attrs={'class':'form-control','placeholder':'漏洞名称'}), 27 | 'leave':widgets.Select(attrs={'class':'form-control','placeholder':'危险等级'}), 28 | 'fix':widgets.Textarea(attrs={'class':'form-control','placeholder':'修复方案','style':'height:100px'}), 29 | } 30 | 31 | 32 | 33 | 34 | class Vuln_edit_form(ModelForm): 35 | class Meta: 36 | model = models.Vulnerability_scan 37 | fields = ['vuln_name','cve_name','leave', 38 | 'scopen','introduce','vuln_info','fix'] 39 | widgets = { 40 | 'vuln_name':widgets.TextInput(attrs={'class':'form-control','placeholder':'漏洞名称'}), 41 | 'cve_name':widgets.TextInput(attrs={'class':'form-control','placeholder':'cve编号'}), 42 | 'leave':widgets.Select(attrs={'class':'form-control','placeholder':'危险等级'}), 43 | 'scopen':widgets.TextInput(attrs={'class':'form-control','placeholder':'影响范围'}), 44 | 'introduce':widgets.Textarea(attrs={'class':'form-control','placeholder':'漏洞介绍','style':'height:100px'}), 45 | 'vuln_info':widgets.Textarea(attrs={'class':'form-control','placeholder':'漏洞验证','style':'height:100px'}), 46 | 'fix':widgets.Textarea(attrs={'class':'form-control','placeholder':'修复方案','style':'height:100px'}), 47 | } 48 | 49 | 50 | class Vuln_action_form(ModelForm): 51 | class Meta: 52 | model = models.Vulnerability_scan 53 | fields = ['fix_status','fix_action'] 54 | widgets = { 55 | 'fix_status':widgets.Select(attrs={'class':'form-control'}), 56 | 'fix_action':widgets.Textarea(attrs={'class':'form-control','placeholder':'处理记录,如忽略,请说明原因'}), 57 | } 58 | 59 | 60 | class Cnvd_vuln_form(ModelForm): 61 | class Meta: 62 | model = models.Vulnerability 63 | fields = ['introduce','fix','fix_step'] 64 | widgets = { 65 | 'introduce':widgets.Textarea(attrs={'class':'form-control','placeholder':'漏洞介绍','style':'height:250px'}), 66 | 'fix':widgets.Textarea(attrs={'class':'form-control','placeholder':'修复方案','style':'height:250px'}), 67 | 'fix_step':widgets.TextInput(attrs={'class':'form-control','placeholder':'修复指南'}), 68 | } -------------------------------------------------------------------------------- /VulnManage/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/VulnManage/migrations/__init__.py -------------------------------------------------------------------------------- /VulnManage/models.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | from django.db import models 3 | from AssetManage.models import Asset 4 | from SeMFSetting.models import SCANNER_TYPE 5 | 6 | # Create your models here. 7 | VULN_LEAVE=( 8 | ('0','信息'), 9 | ('1','低危'), 10 | ('2','中危'), 11 | ('3','高危'), 12 | ('4','紧急'), 13 | ) 14 | VULN_STATUS=( 15 | ('0','已忽略'), 16 | ('1','已修复'), 17 | ('2','待修复'), 18 | ('3','漏洞重现'), 19 | ('4','复查中'), 20 | ) 21 | 22 | 23 | class Advance_vulns(models.Model): 24 | type = models.CharField('漏洞类型',max_length=50,choices=SCANNER_TYPE) 25 | vuln_name=models.CharField('漏洞名称',max_length=255) 26 | leave = models.CharField('危险等级',max_length=10,choices=VULN_LEAVE) 27 | fix = models.TextField('修复方案',null=True) 28 | create_data = models.DateTimeField('发现时间',auto_now_add=True) 29 | update_data = models.DateTimeField('修复时间',auto_now=True) 30 | def __str__(self): 31 | return self.vuln_name 32 | 33 | 34 | class Cnvdfiles(models.Model): 35 | title = models.CharField('文件标题',max_length=50) 36 | file = models.FileField('CNVD文件',upload_to ='cnvd/') 37 | update_data = models.DateField("更新日期",auto_now=True) 38 | 39 | def __str__(self): 40 | return self.title 41 | 42 | # Create your models here. 43 | class Vulnerability(models.Model): 44 | cve_id = models.CharField('漏洞编号',max_length=30) 45 | cnvd_id = models.CharField('cnvd编号',max_length=30,null=True) 46 | cve_name=models.CharField('漏洞名称',max_length=255) 47 | leave = models.CharField('危险等级',max_length=10) 48 | introduce = models.TextField('漏洞简介') 49 | scopen = models.TextField('影响范围') 50 | fix = models.TextField('修复方案') 51 | fix_step = models.URLField('修复指南',null=True,blank=True) 52 | update_data = models.DateTimeField("更新日期",auto_now=True) 53 | def __str__(self): 54 | return self.cve_id 55 | 56 | class Vulnerability_scan(models.Model): 57 | vuln_id = models.CharField('漏洞编号',max_length=30) 58 | vuln_name=models.CharField('漏洞名称',max_length=255) 59 | cve_name=models.CharField('cve编号',max_length=50,null=True,blank=True) 60 | vuln_type = models.CharField('漏洞属性',max_length=60) 61 | leave = models.CharField('危险等级',max_length=10,choices=VULN_LEAVE) 62 | introduce = models.TextField('漏洞简介',null=True) 63 | vuln_info = models.TextField('漏洞信息',null=True) 64 | scopen = models.TextField('影响范围') 65 | fix = models.TextField('修复方案',null=True) 66 | fix_action = models.TextField('处理记录',null=True) 67 | fix_status = models.CharField('修复状态',max_length=30,choices=VULN_STATUS) 68 | create_data = models.DateTimeField('发现时间',auto_now_add=True) 69 | update_data = models.DateTimeField('修复时间',auto_now=True) 70 | 71 | vuln_asset = models.ForeignKey(Asset,related_name='vuln_for_asset',on_delete=models.CASCADE) 72 | 73 | def __str__(self): 74 | return self.vuln_id -------------------------------------------------------------------------------- /VulnManage/tasks.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2017/11/3 4 | 5 | @author: gy 6 | ''' 7 | from xml.dom.minidom import parse 8 | from VulnManage.models import Vulnerability 9 | from celery import shared_task 10 | from NoticeManage.views import notice_add 11 | from django.contrib.auth.models import User 12 | 13 | 14 | @shared_task 15 | def parse_cnvdxml(filepath): 16 | DOMTree = parse(filepath) 17 | collection = DOMTree.documentElement 18 | if collection.hasAttribute('shelf'): 19 | print('ok: %s' % collection.getAttribute('shelf')) 20 | Vulnerabities_in = collection.getElementsByTagName('vulnerability') 21 | for vulnerabit in Vulnerabities_in: 22 | try: 23 | number = vulnerabit.getElementsByTagName('number')[0] 24 | #print('number: %s' % number.childNodes[0].data) 25 | cveNumber = vulnerabit.getElementsByTagName('cveNumber')[0] 26 | #print('cveNumber: %s' % cveNumber.childNodes[0].data) 27 | title = vulnerabit.getElementsByTagName('title')[0] 28 | #print('title: %s' % title.childNodes[0].data) 29 | serverity = vulnerabit.getElementsByTagName('serverity')[0] 30 | #print('serverity: %s' % serverity.childNodes[0].data) 31 | product = vulnerabit.getElementsByTagName('product')[0] 32 | #print('product: %s' % product.childNodes[0].data) 33 | submitTime = vulnerabit.getElementsByTagName('submitTime')[0] 34 | #print('submitTime: %s' % submitTime.childNodes[0].data) 35 | referenceLink = vulnerabit.getElementsByTagName('referenceLink')[0] 36 | #print('referenceLink: %s' % referenceLink.childNodes[0].data) 37 | description = vulnerabit.getElementsByTagName('description')[0] 38 | #print('description: %s' % description.childNodes[0].data) 39 | formalWay = vulnerabit.getElementsByTagName('formalWay')[0] 40 | #print('formalWay: %s' % formalWay.childNodes[0].data) 41 | patchName = vulnerabit.getElementsByTagName('patchName')[0] 42 | #print('patchName: %s' % patchName.childNodes[0].data) 43 | #patchDescription = vulnerabit.getElementsByTagName('patchDescription')[0] 44 | #print('patchDescription: %s' % patchDescription.childNodes[0].data) 45 | cve_id = cveNumber.childNodes[0].data 46 | cnvd_id = number.childNodes[0].data 47 | cve_name = title.childNodes[0].data 48 | leave = serverity.childNodes[0].data 49 | scopen = product.childNodes[0].data 50 | introduce = description.childNodes[0].data + '\n' + referenceLink.childNodes[0].data 51 | fix = formalWay.childNodes[0].data + '\n' + patchName.childNodes[0].data 52 | update_data = submitTime.childNodes[0].data 53 | 54 | vuln_get = Vulnerability.objects.get_or_create( 55 | cve_id=cve_id, 56 | cnvd_id=cnvd_id, 57 | cve_name=cve_name, 58 | ) 59 | vuln=vuln_get[0] 60 | vuln.leave=leave 61 | vuln.scopen = scopen 62 | vuln.introduce =introduce 63 | vuln.fix =fix 64 | vuln.update_data=update_data 65 | vuln.save() 66 | except Exception as e: 67 | pass 68 | data_manage={ 69 | 'notice_title':'漏洞库更新通知', 70 | 'notice_body':'漏洞文件已更新' , 71 | 'notice_url':'/vuln/cnvd/', 72 | 'notice_type':'notice', 73 | } 74 | user_manage_list = User.objects.filter(is_superuser=True) 75 | for user_manage in user_manage_list: 76 | notice_add(user_manage,data_manage) 77 | 78 | -------------------------------------------------------------------------------- /VulnManage/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /VulnManage/urls.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月14日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.urls import path 8 | from .views import views,cnvdviews 9 | 10 | urlpatterns = [ 11 | path('user/',views.vulnview,name='vulnview'), 12 | path('user/list/',views.vulntablelist,name='vulnlist'), 13 | path('user/listfix/',views.vulnfixlist,name='vulnlistfix'), 14 | path('user/fix//',views.vuln_change_status,name='vulnfix'), 15 | path('user/details//',views.vulndetails,name='vulndetails'), 16 | 17 | 18 | path('cnvd/',cnvdviews.cnvdvuln_view,name='cnvdvulnview'), 19 | path('cnvd/list/',cnvdviews.cnvdvulntablelist,name='cnvdvulnlist'), 20 | path('cnvd/update/',cnvdviews.cnvdvuln_update,name='cnvdvulnupdate'), 21 | path('cnvd/details/',cnvdviews.cnvdvulndetails,name='cnvdvulndetails'), 22 | path('cnvd/vulnrenew/', cnvdviews.renew, name='cnvdvulnrenew'), 23 | 24 | path('manage/create//',views.vulncreate,name='vulncreate'), 25 | path('manage/update//',views.vuln_update,name='vulnupdate'), 26 | ] -------------------------------------------------------------------------------- /VulnManage/views/Advanceviews.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/VulnManage/views/Advanceviews.py -------------------------------------------------------------------------------- /VulnManage/views/cnvdviews.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | ''' 3 | Created on 2018年5月21日 4 | 5 | @author: yuguanc 6 | ''' 7 | from django.shortcuts import render,get_object_or_404,HttpResponseRedirect 8 | from django.views.decorators.csrf import csrf_protect 9 | from django.contrib.auth.decorators import login_required 10 | from .. import models,forms 11 | from SeMFSetting.views import paging 12 | from django.http import JsonResponse 13 | from django.db.models import Q 14 | from ..tasks import parse_cnvdxml 15 | from SeMF.settings import MEDIA_ROOT 16 | import os 17 | from django.utils.html import escape 18 | 19 | 20 | @login_required 21 | @csrf_protect 22 | def renew(request): 23 | user = request.user 24 | error = '' 25 | if user.is_superuser: 26 | if request.method =='POST': 27 | form = forms.Cnvd_file_form(request.POST,request.FILES) 28 | if form.is_valid(): 29 | file = form.cleaned_data['file'] 30 | if file.name.lower().endswith('.xml'): 31 | if file.content_type == 'text/xml': 32 | file_list = models.Cnvdfiles.objects.get_or_create( 33 | file=file, 34 | title = file.name, 35 | ) 36 | for file in file_list: 37 | filepath = os.path.join(MEDIA_ROOT,'cnvd',file.title) 38 | parse_cnvdxml.delay(filepath) 39 | break 40 | error = '更新成功' 41 | else: 42 | error = '文件错误' 43 | else: 44 | error = '文件错误' 45 | else: 46 | error = '文件错误' 47 | else: 48 | form = forms.Cnvd_file_form() 49 | return render(request,'formedit.html',{'form':form,'post_url':'cnvdvulnrenew','title':'同步漏洞库'}) 50 | else: 51 | error = '权限不足' 52 | return render(request,'error.html',{'error':error}) 53 | 54 | 55 | @login_required 56 | def cnvdvulndetails(request,cnvdvuln_id): 57 | vuln = get_object_or_404(models.Vulnerability,id=cnvdvuln_id) 58 | return render(request,'VulnManage/cnvdvulndetails.html',{'vuln':vuln}) 59 | 60 | 61 | @login_required 62 | @csrf_protect 63 | def cnvdvuln_update(request,cnvdvuln_id): 64 | user = request.user 65 | error = '' 66 | if user.is_superuser: 67 | cnvd_vuln= get_object_or_404(models.Vulnerability,id = cnvdvuln_id) 68 | if request.method == 'POST': 69 | form = forms.Cnvd_vuln_form(request.POST,instance =cnvd_vuln) 70 | if form.is_valid(): 71 | form.save() 72 | error = '修改成功' 73 | else: 74 | form = forms.Cnvd_vuln_form(instance =cnvd_vuln) 75 | return render(request,'formupdate.html',{'form':form,'post_url':'cnvdvulnupdate','argu':cnvdvuln_id,'error':error}) 76 | else: 77 | error = '权限错误' 78 | return render(request,'error.html',{'error':error}) 79 | 80 | 81 | 82 | @login_required 83 | def cnvdvuln_view(request): 84 | return render(request,'VulnManage/cnvdvulnlist.html') 85 | 86 | 87 | @login_required 88 | @csrf_protect 89 | def cnvdvulntablelist(request): 90 | resultdict={} 91 | page = request.POST.get('page') 92 | rows = request.POST.get('limit') 93 | 94 | name = request.POST.get('name') 95 | if not name: 96 | name='' 97 | 98 | leave = request.POST.get('leave') 99 | if not leave: 100 | leave='' 101 | 102 | 103 | vuln_list = models.Vulnerability.objects.filter( 104 | Q(cve_id__icontains = name)| 105 | Q(cnvd_id__icontains = name) | Q(cve_name__icontains = name) 106 | ).filter(leave__icontains = leave).order_by('-update_data') 107 | 108 | total = vuln_list.count() 109 | vuln_list = paging(vuln_list,rows,page) 110 | data = [] 111 | for vuln_item in vuln_list: 112 | dic={} 113 | dic['id'] =escape( vuln_item.id) 114 | dic['cve_id'] =escape( vuln_item.cve_id) 115 | dic['cnvd_id'] =escape( vuln_item.cnvd_id) 116 | dic['cve_name'] =escape( vuln_item.cve_name) 117 | dic['leave'] =escape( vuln_item.leave) 118 | dic['update_data'] =escape( vuln_item.update_data) 119 | data.append(dic) 120 | resultdict['code']=0 121 | resultdict['msg']="漏洞列表" 122 | resultdict['count']=total 123 | resultdict['data']=data 124 | return JsonResponse(resultdict) -------------------------------------------------------------------------------- /cnnvd_xml.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/python3 2 | # -*- coding:UTF-8 -*- 3 | 4 | from django.urls import path 5 | from xml.dom.minidom import parse 6 | import xml.dom.minidom,os 7 | import django 8 | 9 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'SeMF.settings') 10 | django.setup() 11 | from VulnManage.models import Vulnerability 12 | 13 | fill_path_list = [] 14 | dome_path = os.getcwd() 15 | files_path = os.path.join(dome_path,'cnnvd_xml') 16 | 17 | files_list = os.listdir(files_path) 18 | for file_name in files_list: 19 | if os.path.splitext(file_name)[1] == '.xml': 20 | #file_path = os.path.join(files_path,file_name) 21 | #fill_path_list.append(file_path) 22 | fill_path_list.append(file_name) 23 | 24 | for file_name in fill_path_list: 25 | print ('import'+file_name) 26 | 27 | os.chdir(files_path) 28 | DOMTree = xml.dom.minidom.parse(file_name) 29 | collection = DOMTree.documentElement 30 | if collection.hasAttribute('shelf'): 31 | print('ok: %s' % collection.getAttribute('shelf')) 32 | 33 | 34 | Vulnerabities_in = collection.getElementsByTagName('entry') 35 | 36 | for vulnerabit in Vulnerabities_in: 37 | try: 38 | number = vulnerabit.getElementsByTagName('vuln-id')[0] 39 | print('number: %s' % number.childNodes[0].data) 40 | cveNumber = vulnerabit.getElementsByTagName('cve-id')[0] 41 | print('cveNumber: %s' % cveNumber.childNodes[0].data) 42 | title = vulnerabit.getElementsByTagName('name')[0] 43 | print('title: %s' % title.childNodes[0].data) 44 | serverity = vulnerabit.getElementsByTagName('severity')[0] 45 | print('serverity: %s' % serverity.childNodes[0].data) 46 | product = vulnerabit.getElementsByTagName('product')[0] 47 | print('product: %s' % product.childNodes[0].data) 48 | submitTime = vulnerabit.getElementsByTagName('published')[0] 49 | print('submitTime: %s' % submitTime.childNodes[0].data) 50 | referenceLink = vulnerabit.getElementsByTagName('ref-url')[0] 51 | print('referenceLink: %s' % referenceLink.childNodes[0].data) 52 | description = vulnerabit.getElementsByTagName('vuln-descript')[0] 53 | print('description: %s' % description.childNodes[0].data) 54 | patchDescription = vulnerabit.getElementsByTagName('vuln-solution')[0] 55 | print('patchDescription: %s' % patchDescription.childNodes[0].data) 56 | cve_id = cveNumber.childNodes[0].data 57 | cnvd_id = number.childNodes[0].data 58 | cve_name = title.childNodes[0].data 59 | leave = serverity.childNodes[0].data 60 | scopen = product.childNodes[0].data 61 | introduce = description.childNodes[0].data + '\n' + referenceLink.childNodes[0].data 62 | fix = patchDescription.childNodes[0].data 63 | update_data = submitTime.childNodes[0].data 64 | Vulnerability.objects.get_or_create(update_data=update_data,fix=fix,cve_id=cve_id,cnvd_id=cnvd_id,cve_name=cve_name,leave=leave,scopen=scopen,introduce=introduce,) 65 | print(cveNumber+' is OK') 66 | except: 67 | print('Pass') 68 | 69 | 70 | -------------------------------------------------------------------------------- /cnvd_xml.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/python3 2 | # -*- coding:UTF-8 -*- 3 | from django.urls import path 4 | import xml.dom.minidom,os,shutil 5 | import django 6 | 7 | def renew_vuln_xml(): 8 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'SeMF.settings') 9 | django.setup() 10 | from VulnManage.models import Vulnerability 11 | 12 | fill_path_list = [] 13 | dome_path = os.getcwd() 14 | files_path = os.path.join(dome_path, 'cnvd_xml') 15 | files_path_old = os.path.join(dome_path, 'cnvd_xml','xml_file') 16 | 17 | files_list = os.listdir(files_path) 18 | for file_name in files_list: 19 | if os.path.splitext(file_name)[1] == '.xml': 20 | # file_path = os.path.join(files_path,file_name) 21 | # fill_path_list.append(file_path) 22 | fill_path_list.append(file_name) 23 | 24 | for file_name in fill_path_list: 25 | print('import' + file_name) 26 | os.chdir(files_path) 27 | DOMTree = xml.dom.minidom.parse(file_name) 28 | collection = DOMTree.documentElement 29 | if collection.hasAttribute('shelf'): 30 | print('ok: %s' % collection.getAttribute('shelf')) 31 | 32 | Vulnerabities_in = collection.getElementsByTagName('vulnerability') 33 | 34 | for vulnerabit in Vulnerabities_in: 35 | try: 36 | number = vulnerabit.getElementsByTagName('number')[0] 37 | #print('number: %s' % number.childNodes[0].data) 38 | cveNumber = vulnerabit.getElementsByTagName('cveNumber')[0] 39 | #print('cveNumber: %s' % cveNumber.childNodes[0].data) 40 | title = vulnerabit.getElementsByTagName('title')[0] 41 | #print('title: %s' % title.childNodes[0].data) 42 | serverity = vulnerabit.getElementsByTagName('serverity')[0] 43 | #print('serverity: %s' % serverity.childNodes[0].data) 44 | product = vulnerabit.getElementsByTagName('product')[0] 45 | #print('product: %s' % product.childNodes[0].data) 46 | submitTime = vulnerabit.getElementsByTagName('submitTime')[0] 47 | #print('submitTime: %s' % submitTime.childNodes[0].data) 48 | referenceLink = vulnerabit.getElementsByTagName('referenceLink')[0] 49 | #print('referenceLink: %s' % referenceLink.childNodes[0].data) 50 | description = vulnerabit.getElementsByTagName('description')[0] 51 | #print('description: %s' % description.childNodes[0].data) 52 | formalWay = vulnerabit.getElementsByTagName('formalWay')[0] 53 | #print('formalWay: %s' % formalWay.childNodes[0].data) 54 | patchName = vulnerabit.getElementsByTagName('patchName')[0] 55 | #print('patchName: %s' % patchName.childNodes[0].data) 56 | patchDescription = vulnerabit.getElementsByTagName('patchDescription')[0] 57 | #print('patchDescription: %s' % patchDescription.childNodes[0].data) 58 | cve_id = cveNumber.childNodes[0].data 59 | cnvd_id = number.childNodes[0].data 60 | cve_name = title.childNodes[0].data 61 | leave = serverity.childNodes[0].data 62 | scopen = product.childNodes[0].data 63 | introduce = description.childNodes[0].data + '\n' + referenceLink.childNodes[0].data 64 | fix = formalWay.childNodes[0].data + '\n' + patchName.childNodes[0].data + '\n' + \ 65 | patchDescription.childNodes[0].data 66 | update_data = submitTime.childNodes[0].data 67 | Vulnerability.objects.get_or_create(update_data=update_data, fix=fix, cve_id=cve_id, cnvd_id=cnvd_id, 68 | cve_name=cve_name, leave=leave, scopen=scopen, 69 | introduce=introduce ) 70 | print(cve_id + ' is OK') 71 | except: 72 | print('Pass') 73 | shutil.move(os.path.join(files_path,file_name),os.path.join(files_path_old,file_name)) 74 | 75 | 76 | if __name__ == "__main__": 77 | renew_vuln_xml() 78 | -------------------------------------------------------------------------------- /cnvd_xml/2015-02-16_2015-02-22.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /cnvd_xml/xml_file/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/cnvd_xml/xml_file/.keep -------------------------------------------------------------------------------- /doc/SeMF使用指南-2018-06-20.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/SeMF使用指南-2018-06-20.pdf -------------------------------------------------------------------------------- /doc/SeMF安装指南-2018-06-12.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/SeMF安装指南-2018-06-12.pdf -------------------------------------------------------------------------------- /doc/image/113258_154ca8d5_1390378.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/113258_154ca8d5_1390378.png -------------------------------------------------------------------------------- /doc/image/113454_07c46a58_1390378.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/113454_07c46a58_1390378.png -------------------------------------------------------------------------------- /doc/image/113543_6a6973ec_1390378.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/113543_6a6973ec_1390378.png -------------------------------------------------------------------------------- /doc/image/113714_90826f30_1390378.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/113714_90826f30_1390378.png -------------------------------------------------------------------------------- /doc/image/114021_ef591ca3_1390378.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/114021_ef591ca3_1390378.png -------------------------------------------------------------------------------- /doc/image/114106_3cf15048_1390378 (1).png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/114106_3cf15048_1390378 (1).png -------------------------------------------------------------------------------- /doc/image/114106_3cf15048_1390378.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/114106_3cf15048_1390378.png -------------------------------------------------------------------------------- /doc/image/114130_0e8d0451_1390378.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/114130_0e8d0451_1390378.png -------------------------------------------------------------------------------- /doc/image/68747470733a2f2f67697465652e636f6d2f75706c6f6164732f696d616765732f323031382f303532372f3131333435345f30376334366135385f313339303337382e706e67.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/doc/image/68747470733a2f2f67697465652e636f6d2f75706c6f6164732f696d616765732f323031382f303532372f3131333435345f30376334366135385f313339303337382e706e67.png -------------------------------------------------------------------------------- /doc/install_zh.md: -------------------------------------------------------------------------------- 1 | 1. 准备centos7系统,安装python3,mysql(选用),rabbitmq,nmap,安装方法可参照项目根目录中的文档《SeMF安装指南》 2 | 3 | 2. 下载解压本项目,并切换到项目路径,修改项目setting.py文件,根据需要设置 发件邮箱、rabbitmq参数以及数据库信息 4 | ``` 5 | WEB_URL = 'http://localhost:8000' //这里用来修改网站域名,可根据部署需要修改 6 | EMAIL_HOST/EMAIL_PORT...等邮件相关设置 7 | BROKER_URL //用来设置队列信息和地址 8 | DATABASES //可根据需要选择sqlite和mysql或其他数据库,设置文件中给出mysql设置方法,注意数据库的字符编码 9 | ``` 10 | 3. 切换到项目根目录执行,分别执行以下命令 11 | ``` 12 | pip install -r requirements.txt //安装python库 13 | python manage.py makemigrations //数据表生成 14 | python manage.py migrate 15 | python manage.py createsuperuser //创建超级管理员 16 | python initdata.py //初始化数据库,主要生成角色,权限等信息 17 | python cnvd_xml.py //用于同步cnvd漏洞数据文件,文件位于cnvd_xml目录下,可自行调整,该文件夹每周更新一次, 18 | celery -A SeMF worker -l info //用于开启消费者,执行异步任务 19 | python manage.py runserver 0.0.0.0:8000 //运行成功,访问即可 20 | 21 | 如需使用周期巡检和漏洞同步功能,需前往 22 | http://localhost:8000/semf/ 页面设置扫描器API参数,当前支持nessus,后续会根据反馈添加其他扫描器 23 | ``` -------------------------------------------------------------------------------- /logs/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/logs/.keep -------------------------------------------------------------------------------- /manage.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import os 3 | import sys 4 | 5 | if __name__ == "__main__": 6 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "SeMF.settings") 7 | try: 8 | from django.core.management import execute_from_command_line 9 | except ImportError as exc: 10 | raise ImportError( 11 | "Couldn't import Django. Are you sure it's installed and " 12 | "available on your PYTHONPATH environment variable? Did you " 13 | "forget to activate a virtual environment?" 14 | ) from exc 15 | execute_from_command_line(sys.argv) 16 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | anyjson==0.3.3 2 | celery==4.1.1 3 | chardet==3.0.4 4 | Django>=2.2.11 5 | PyMySQL==0.8.0 6 | python-nmap==0.6.1 7 | pytz==2018.4 8 | requests>=2.20.0 9 | -------------------------------------------------------------------------------- /static/css/font.css: -------------------------------------------------------------------------------- 1 | @font-face { 2 | font-family: 'iconfont'; 3 | src: url('../fonts/iconfont.eot'); 4 | src: url('../fonts/iconfont.eot?#iefix') format('embedded-opentype'), 5 | url('../fonts/iconfont.woff') format('woff'), 6 | url('../fonts/iconfont.ttf') format('truetype'), 7 | url('../fonts/iconfont.svg#iconfont') format('svg'); 8 | } 9 | .iconfont{ 10 | font-family:"iconfont" !important; 11 | font-size:16px;font-style:normal; 12 | -webkit-font-smoothing: antialiased; 13 | -webkit-text-stroke-width: 0.2px; 14 | -moz-osx-font-smoothing: grayscale; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /static/fonts/iconfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/fonts/iconfont.eot -------------------------------------------------------------------------------- /static/fonts/iconfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/fonts/iconfont.ttf -------------------------------------------------------------------------------- /static/fonts/iconfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/fonts/iconfont.woff -------------------------------------------------------------------------------- /static/images/aiwrap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/images/aiwrap.png -------------------------------------------------------------------------------- /static/images/bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/images/bg.png -------------------------------------------------------------------------------- /static/lib/layui/css/modules/code.css: -------------------------------------------------------------------------------- 1 | /** layui-v2.2.6 MIT License By https://www.layui.com */ 2 | html #layuicss-skincodecss{display:none;position:absolute;width:1989px}.layui-code-h3,.layui-code-view{position:relative;font-size:12px}.layui-code-view{display:block;margin:10px 0;padding:0;border:1px solid #e2e2e2;border-left-width:6px;background-color:#F2F2F2;color:#333;font-family:Courier New}.layui-code-h3{padding:0 10px;height:32px;line-height:32px;border-bottom:1px solid #e2e2e2}.layui-code-h3 a{position:absolute;right:10px;top:0;color:#999}.layui-code-view .layui-code-ol{position:relative;overflow:auto}.layui-code-view .layui-code-ol li{position:relative;margin-left:45px;line-height:20px;padding:0 5px;border-left:1px solid #e2e2e2;list-style-type:decimal-leading-zero;*list-style-type:decimal;background-color:#fff}.layui-code-view pre{margin:0}.layui-code-notepad{border:1px solid #0C0C0C;border-left-color:#3F3F3F;background-color:#0C0C0C;color:#C2BE9E}.layui-code-notepad .layui-code-h3{border-bottom:none}.layui-code-notepad .layui-code-ol li{background-color:#3F3F3F;border-left:none} -------------------------------------------------------------------------------- /static/lib/layui/css/modules/layer/default/icon-ext.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/css/modules/layer/default/icon-ext.png -------------------------------------------------------------------------------- /static/lib/layui/css/modules/layer/default/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/css/modules/layer/default/icon.png -------------------------------------------------------------------------------- /static/lib/layui/css/modules/layer/default/loading-0.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/css/modules/layer/default/loading-0.gif -------------------------------------------------------------------------------- /static/lib/layui/css/modules/layer/default/loading-1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/css/modules/layer/default/loading-1.gif -------------------------------------------------------------------------------- /static/lib/layui/css/modules/layer/default/loading-2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/css/modules/layer/default/loading-2.gif -------------------------------------------------------------------------------- /static/lib/layui/font/iconfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/font/iconfont.eot -------------------------------------------------------------------------------- /static/lib/layui/font/iconfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/font/iconfont.ttf -------------------------------------------------------------------------------- /static/lib/layui/font/iconfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/font/iconfont.woff -------------------------------------------------------------------------------- /static/lib/layui/images/face/0.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/0.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/1.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/10.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/11.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/12.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/13.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/14.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/15.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/15.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/16.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/16.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/17.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/17.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/18.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/18.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/19.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/19.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/2.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/20.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/20.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/21.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/21.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/22.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/22.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/23.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/23.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/24.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/24.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/25.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/25.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/26.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/26.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/27.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/27.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/28.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/28.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/29.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/29.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/3.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/30.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/30.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/31.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/31.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/32.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/32.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/33.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/33.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/34.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/34.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/35.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/35.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/36.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/36.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/37.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/37.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/38.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/38.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/39.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/39.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/4.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/40.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/40.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/41.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/41.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/42.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/42.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/43.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/43.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/44.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/44.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/45.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/45.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/46.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/46.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/47.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/47.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/48.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/48.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/49.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/49.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/5.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/50.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/50.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/51.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/51.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/52.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/52.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/53.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/53.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/54.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/54.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/55.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/55.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/56.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/56.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/57.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/57.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/58.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/58.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/59.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/59.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/6.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/60.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/60.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/61.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/61.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/62.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/62.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/63.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/63.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/64.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/64.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/65.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/65.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/66.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/66.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/67.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/67.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/68.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/68.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/69.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/69.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/7.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/70.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/70.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/71.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/71.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/8.gif -------------------------------------------------------------------------------- /static/lib/layui/images/face/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/we1h0/SecurityManageFramwork/e706461bdf5e2bc78e9fc59c66904b95e81e331e/static/lib/layui/images/face/9.gif -------------------------------------------------------------------------------- /static/lib/layui/lay/modules/carousel.js: -------------------------------------------------------------------------------- 1 | /** layui-v2.2.6 MIT License By https://www.layui.com */ 2 | ;layui.define("jquery",function(e){"use strict";var i=layui.$,n=(layui.hint(),layui.device(),{config:{},set:function(e){var n=this;return n.config=i.extend({},n.config,e),n},on:function(e,i){return layui.onevent.call(this,t,e,i)}}),t="carousel",a="layui-this",l=">*[carousel-item]>*",o="layui-carousel-left",r="layui-carousel-right",d="layui-carousel-prev",s="layui-carousel-next",u="layui-carousel-arrow",c="layui-carousel-ind",m=function(e){var t=this;t.config=i.extend({},t.config,n.config,e),t.render()};m.prototype.config={width:"600px",height:"280px",full:!1,arrow:"hover",indicator:"inside",autoplay:!0,interval:3e3,anim:"",trigger:"click",index:0},m.prototype.render=function(){var e=this,n=e.config;n.elem=i(n.elem),n.elem[0]&&(e.elemItem=n.elem.find(l),n.index<0&&(n.index=0),n.index>=e.elemItem.length&&(n.index=e.elemItem.length-1),n.interval<800&&(n.interval=800),n.full?n.elem.css({position:"fixed",width:"100%",height:"100%",zIndex:9999}):n.elem.css({width:n.width,height:n.height}),n.elem.attr("lay-anim",n.anim),e.elemItem.eq(n.index).addClass(a),e.elemItem.length<=1||(e.indicator(),e.arrow(),e.autoplay(),e.events()))},m.prototype.reload=function(e){var n=this;clearInterval(n.timer),n.config=i.extend({},n.config,e),n.render()},m.prototype.prevIndex=function(){var e=this,i=e.config,n=i.index-1;return n<0&&(n=e.elemItem.length-1),n},m.prototype.nextIndex=function(){var e=this,i=e.config,n=i.index+1;return n>=e.elemItem.length&&(n=0),n},m.prototype.addIndex=function(e){var i=this,n=i.config;e=e||1,n.index=n.index+e,n.index>=i.elemItem.length&&(n.index=0)},m.prototype.subIndex=function(e){var i=this,n=i.config;e=e||1,n.index=n.index-e,n.index<0&&(n.index=i.elemItem.length-1)},m.prototype.autoplay=function(){var e=this,i=e.config;i.autoplay&&(e.timer=setInterval(function(){e.slide()},i.interval))},m.prototype.arrow=function(){var e=this,n=e.config,t=i(['",'"].join(""));n.elem.attr("lay-arrow",n.arrow),n.elem.find("."+u)[0]&&n.elem.find("."+u).remove(),n.elem.append(t),t.on("click",function(){var n=i(this),t=n.attr("lay-type");e.slide(t)})},m.prototype.indicator=function(){var e=this,n=e.config,t=e.elemInd=i(['
      ',function(){var i=[];return layui.each(e.elemItem,function(e){i.push("")}),i.join("")}(),"
    "].join(""));n.elem.attr("lay-indicator",n.indicator),n.elem.find("."+c)[0]&&n.elem.find("."+c).remove(),n.elem.append(t),"updown"===n.anim&&t.css("margin-top",-(t.height()/2)),t.find("li").on("hover"===n.trigger?"mouseover":n.trigger,function(){var t=i(this),a=t.index();a>n.index?e.slide("add",a-n.index):a/g,">").replace(/'/g,"'").replace(/"/g,""")),c.html('
    1. '+o.replace(/[\r\t\n]+/g,"
    2. ")+"
    "),c.find(">.layui-code-h3")[0]||c.prepend('

    '+(c.attr("lay-title")||e.title||"code")+(e.about?'layui.code':"")+"

    ");var d=c.find(">.layui-code-ol");c.addClass("layui-box layui-code-view"),(c.attr("lay-skin")||e.skin)&&c.addClass("layui-code-"+(c.attr("lay-skin")||e.skin)),(d.find("li").length/100|0)>0&&d.css("margin-left",(d.find("li").length/100|0)+"px"),(c.attr("lay-height")||e.height)&&d.css("max-height",c.attr("lay-height")||e.height)})})}).addcss("modules/code.css","skincodecss"); -------------------------------------------------------------------------------- /static/lib/layui/lay/modules/flow.js: -------------------------------------------------------------------------------- 1 | /** layui-v2.2.6 MIT License By https://www.layui.com */ 2 | ;layui.define("jquery",function(e){"use strict";var l=layui.$,o=function(e){},t='';o.prototype.load=function(e){var o,i,n,r,a=this,c=0;e=e||{};var f=l(e.elem);if(f[0]){var m=l(e.scrollElem||document),u=e.mb||50,s=!("isAuto"in e)||e.isAuto,v=e.end||"没有更多了",y=e.scrollElem&&e.scrollElem!==document,d="加载更多",h=l('
    '+d+"
    ");f.find(".layui-flow-more")[0]||f.append(h);var p=function(e,t){e=l(e),h.before(e),t=0==t||null,t?h.html(v):h.find("a").html(d),i=t,o=null,n&&n()},g=function(){o=!0,h.find("a").html(t),"function"==typeof e.done&&e.done(++c,p)};if(g(),h.find("a").on("click",function(){l(this);i||o||g()}),e.isLazyimg)var n=a.lazyimg({elem:e.elem+" img",scrollElem:e.scrollElem});return s?(m.on("scroll",function(){var e=l(this),t=e.scrollTop();r&&clearTimeout(r),i||(r=setTimeout(function(){var i=y?e.height():l(window).height(),n=y?e.prop("scrollHeight"):document.documentElement.scrollHeight;n-t-i<=u&&(o||g())},100))}),a):a}},o.prototype.lazyimg=function(e){var o,t=this,i=0;e=e||{};var n=l(e.scrollElem||document),r=e.elem||"img",a=e.scrollElem&&e.scrollElem!==document,c=function(e,l){var o=n.scrollTop(),r=o+l,c=a?function(){return e.offset().top-n.offset().top+o}():e.offset().top;if(c>=o&&c<=r&&!e.attr("src")){var m=e.attr("lay-src");layui.img(m,function(){var l=t.lazyimg.elem.eq(i);e.attr("src",m).removeAttr("lay-src"),l[0]&&f(l),i++})}},f=function(e,o){var f=a?(o||n).height():l(window).height(),m=n.scrollTop(),u=m+f;if(t.lazyimg.elem=l(r),e)c(e,f);else for(var s=0;su)break}};if(f(),!o){var m;n.on("scroll",function(){var e=l(this);m&&clearTimeout(m),m=setTimeout(function(){f(null,e)},50)}),o=!0}return f},e("flow",new o)}); -------------------------------------------------------------------------------- /static/lib/layui/lay/modules/laypage.js: -------------------------------------------------------------------------------- 1 | /** layui-v2.2.6 MIT License By https://www.layui.com */ 2 | ;layui.define(function(e){"use strict";var a=document,t="getElementById",n="getElementsByTagName",i="laypage",r="layui-disabled",u=function(e){var a=this;a.config=e||{},a.config.index=++s.index,a.render(!0)};u.prototype.type=function(){var e=this.config;if("object"==typeof e.elem)return void 0===e.elem.length?2:3},u.prototype.view=function(){var e=this,a=e.config,t=a.groups="groups"in a?0|a.groups:5;a.layout="object"==typeof a.layout?a.layout:["prev","page","next"],a.count=0|a.count,a.curr=0|a.curr||1,a.limits="object"==typeof a.limits?a.limits:[10,20,30,40,50],a.limit=0|a.limit||10,a.pages=Math.ceil(a.count/a.limit)||1,a.curr>a.pages&&(a.curr=a.pages),t<0?t=1:t>a.pages&&(t=a.pages),a.prev="prev"in a?a.prev:"上一页",a.next="next"in a?a.next:"下一页";var n=a.pages>t?Math.ceil((a.curr+(t>1?1:0))/(t>0?t:1)):1,i={prev:function(){return a.prev?''+a.prev+"":""}(),page:function(){var e=[];if(a.count<1)return"";n>1&&a.first!==!1&&0!==t&&e.push(''+(a.first||1)+"");var i=Math.floor((t-1)/2),r=n>1?a.curr-i:1,u=n>1?function(){var e=a.curr+(t-i-1);return e>a.pages?a.pages:e}():t;for(u-r2&&e.push('');r<=u;r++)r===a.curr?e.push('"+r+""):e.push(''+r+"");return a.pages>t&&a.pages>u&&a.last!==!1&&(u+1…'),0!==t&&e.push(''+(a.last||a.pages)+"")),e.join("")}(),next:function(){return a.next?''+a.next+"":""}(),count:'共 '+a.count+" 条",limit:function(){var e=['"}(),skip:function(){return['到第','','页',""].join("")}()};return['
    ',function(){var e=[];return layui.each(a.layout,function(a,t){i[t]&&e.push(i[t])}),e.join("")}(),"
    "].join("")},u.prototype.jump=function(e,a){if(e){var t=this,i=t.config,r=e.children,u=e[n]("button")[0],l=e[n]("input")[0],p=e[n]("select")[0],c=function(){var e=0|l.value.replace(/\s|\D/g,"");e&&(i.curr=e,t.render())};if(a)return c();for(var o=0,y=r.length;oi.pages||(i.curr=e,t.render())});p&&s.on(p,"change",function(){var e=this.value;i.curr*e>i.count&&(i.curr=Math.ceil(i.count/e)),i.limit=e,t.render()}),u&&s.on(u,"click",function(){c()})}},u.prototype.skip=function(e){if(e){var a=this,t=e[n]("input")[0];t&&s.on(t,"keyup",function(t){var n=this.value,i=t.keyCode;/^(37|38|39|40)$/.test(i)||(/\D/.test(n)&&(this.value=n.replace(/\D/,"")),13===i&&a.jump(e,!0))})}},u.prototype.render=function(e){var n=this,i=n.config,r=n.type(),u=n.view();2===r?i.elem&&(i.elem.innerHTML=u):3===r?i.elem.html(u):a[t](i.elem)&&(a[t](i.elem).innerHTML=u),i.jump&&i.jump(i,e);var s=a[t]("layui-laypage-"+i.index);n.jump(s),i.hash&&!e&&(location.hash="!"+i.hash+"="+i.curr),n.skip(s)};var s={render:function(e){var a=new u(e);return a.index},index:layui.laypage?layui.laypage.index+1e4:0,on:function(e,a,t){return e.attachEvent?e.attachEvent("on"+a,function(a){a.target=a.srcElement,t.call(e,a)}):e.addEventListener(a,t,!1),this}};e(i,s)}); -------------------------------------------------------------------------------- /static/lib/layui/lay/modules/laytpl.js: -------------------------------------------------------------------------------- 1 | /** layui-v2.2.6 MIT License By https://www.layui.com */ 2 | ;layui.define(function(e){"use strict";var r={open:"{{",close:"}}"},c={exp:function(e){return new RegExp(e,"g")},query:function(e,c,t){var o=["#([\\s\\S])+?","([^{#}])*?"][e||0];return n((c||"")+r.open+o+r.close+(t||""))},escape:function(e){return String(e||"").replace(/&(?!#?[a-zA-Z0-9]+;)/g,"&").replace(//g,">").replace(/'/g,"'").replace(/"/g,""")},error:function(e,r){var c="Laytpl Error:";return"object"==typeof console&&console.error(c+e+"\n"+(r||"")),c+e}},n=c.exp,t=function(e){this.tpl=e};t.pt=t.prototype,window.errors=0,t.pt.parse=function(e,t){var o=this,p=e,a=n("^"+r.open+"#",""),l=n(r.close+"$","");e=e.replace(/\s+|\r|\t|\n/g," ").replace(n(r.open+"#"),r.open+"# ").replace(n(r.close+"}"),"} "+r.close).replace(/\\/g,"\\\\").replace(n(r.open+"!(.+?)!"+r.close),function(e){return e=e.replace(n("^"+r.open+"!"),"").replace(n("!"+r.close),"").replace(n(r.open+"|"+r.close),function(e){return e.replace(/(.)/g,"\\$1")})}).replace(/(?="|')/g,"\\").replace(c.query(),function(e){return e=e.replace(a,"").replace(l,""),'";'+e.replace(/\\/g,"")+';view+="'}).replace(c.query(1),function(e){var c='"+(';return e.replace(/\s/g,"")===r.open+r.close?"":(e=e.replace(n(r.open+"|"+r.close),""),/^=/.test(e)&&(e=e.replace(/^=/,""),c='"+_escape_('),c+e.replace(/\\/g,"")+')+"')}),e='"use strict";var view = "'+e+'";return view;';try{return o.cache=e=new Function("d, _escape_",e),e(t,c.escape)}catch(u){return delete o.cache,c.error(u,p)}},t.pt.render=function(e,r){var n,t=this;return e?(n=t.cache?t.cache(e,c.escape):t.parse(t.tpl,e),r?void r(n):n):c.error("no data")};var o=function(e){return"string"!=typeof e?c.error("Template not found"):new t(e)};o.config=function(e){e=e||{};for(var c in e)r[c]=e[c]},o.v="1.2.0",e("laytpl",o)}); -------------------------------------------------------------------------------- /static/lib/layui/lay/modules/tree.js: -------------------------------------------------------------------------------- 1 | /** layui-v2.2.6 MIT License By https://www.layui.com */ 2 | ;layui.define("jquery",function(e){"use strict";var o=layui.$,a=layui.hint(),i="layui-tree-enter",r=function(e){this.options=e},t={arrow:["",""],checkbox:["",""],radio:["",""],branch:["",""],leaf:""};r.prototype.init=function(e){var o=this;e.addClass("layui-box layui-tree"),o.options.skin&&e.addClass("layui-tree-skin-"+o.options.skin),o.tree(e),o.on(e)},r.prototype.tree=function(e,a){var i=this,r=i.options,n=a||r.nodes;layui.each(n,function(a,n){var l=n.children&&n.children.length>0,c=o('
      '),s=o(["
    • ",function(){return l?''+(n.spread?t.arrow[1]:t.arrow[0])+"":""}(),function(){return r.check?''+("checkbox"===r.check?t.checkbox[0]:"radio"===r.check?t.radio[0]:"")+"":""}(),function(){return'"+(''+(l?n.spread?t.branch[1]:t.branch[0]:t.leaf)+"")+(""+(n.name||"未命名")+"")}(),"
      • "].join(""));l&&(s.append(c),i.tree(c,n.children)),e.append(s),"function"==typeof r.click&&i.click(s,n),i.spread(s,n),r.drag&&i.drag(s,n)})},r.prototype.click=function(e,o){var a=this,i=a.options;e.children("a").on("click",function(e){layui.stope(e),i.click(o)})},r.prototype.spread=function(e,o){var a=this,i=(a.options,e.children(".layui-tree-spread")),r=e.children("ul"),n=e.children("a"),l=function(){e.data("spread")?(e.data("spread",null),r.removeClass("layui-show"),i.html(t.arrow[0]),n.find(".layui-icon").html(t.branch[0])):(e.data("spread",!0),r.addClass("layui-show"),i.html(t.arrow[1]),n.find(".layui-icon").html(t.branch[1]))};r[0]&&(i.on("click",l),n.on("dblclick",l))},r.prototype.on=function(e){var a=this,r=a.options,t="layui-tree-drag";e.find("i").on("selectstart",function(e){return!1}),r.drag&&o(document).on("mousemove",function(e){var i=a.move;if(i.from){var r=(i.to,o('
      '));e.preventDefault(),o("."+t)[0]||o("body").append(r);var n=o("."+t)[0]?o("."+t):r;n.addClass("layui-show").html(i.from.elem.children("a").html()),n.css({left:e.pageX+10,top:e.pageY+10})}}).on("mouseup",function(){var e=a.move;e.from&&(e.from.elem.children("a").removeClass(i),e.to&&e.to.elem.children("a").removeClass(i),a.move={},o("."+t).remove())})},r.prototype.move={},r.prototype.drag=function(e,a){var r=this,t=(r.options,e.children("a")),n=function(){var t=o(this),n=r.move;n.from&&(n.to={item:a,elem:e},t.addClass(i))};t.on("mousedown",function(){var o=r.move;o.from={item:a,elem:e}}),t.on("mouseenter",n).on("mousemove",n).on("mouseleave",function(){var e=o(this),a=r.move;a.from&&(delete a.to,e.removeClass(i))})},e("tree",function(e){var i=new r(e=e||{}),t=o(e.elem);return t[0]?void i.init(t):a.error("layui.tree 没有找到"+e.elem+"元素")})}); -------------------------------------------------------------------------------- /static/lib/layui/lay/modules/util.js: -------------------------------------------------------------------------------- 1 | /** layui-v2.2.6 MIT License By https://www.layui.com */ 2 | ;layui.define("jquery",function(e){"use strict";var t=layui.$,i={fixbar:function(e){var i,o,a="layui-fixbar",r="layui-fixbar-top",n=t(document),l=t("body");e=t.extend({showHeight:200},e),e.bar1=e.bar1===!0?"":e.bar1,e.bar2=e.bar2===!0?"":e.bar2,e.bgcolor=e.bgcolor?"background-color:"+e.bgcolor:"";var c=[e.bar1,e.bar2,""],g=t(['
        ',e.bar1?'
      • '+c[0]+"
        • ":"",e.bar2?'
      • '+c[1]+"
        • ":"",'
      • '+c[2]+"
        • ","
      "].join("")),s=g.find("."+r),u=function(){var t=n.scrollTop();t>=e.showHeight?i||(s.show(),i=1):i&&(s.hide(),i=0)};t("."+a)[0]||("object"==typeof e.css&&g.css(e.css),l.append(g),u(),g.find("li").on("click",function(){var i=t(this),o=i.attr("lay-type");"top"===o&&t("html,body").animate({scrollTop:0},200),e.click&&e.click.call(this,o)}),n.on("scroll",function(){clearTimeout(o),o=setTimeout(function(){u()},100)}))},countdown:function(e,t,i){var o=this,a="function"==typeof t,r=new Date(e).getTime(),n=new Date(!t||a?(new Date).getTime():t).getTime(),l=r-n,c=[Math.floor(l/864e5),Math.floor(l/36e5)%24,Math.floor(l/6e4)%60,Math.floor(l/1e3)%60];a&&(i=t);var g=setTimeout(function(){o.countdown(e,n+1e3,i)},1e3);return i&&i(l>0?c:[0,0,0,0],t,g),l<=0&&clearTimeout(g),g},timeAgo:function(e,t){var i=this,o=[[],[]],a=(new Date).getTime()-new Date(e).getTime();return a>6912e5?(a=new Date(e),o[0][0]=i.digit(a.getFullYear(),4),o[0][1]=i.digit(a.getMonth()+1),o[0][2]=i.digit(a.getDate()),t||(o[1][0]=i.digit(a.getHours()),o[1][1]=i.digit(a.getMinutes()),o[1][2]=i.digit(a.getSeconds())),o[0].join("-")+" "+o[1].join(":")):a>=864e5?(a/1e3/60/60/24|0)+"天前":a>=36e5?(a/1e3/60/60|0)+"小时前":a>=12e4?(a/1e3/60|0)+"分钟前":a<0?"未来":"刚刚"},digit:function(e,t){var i="";e=String(e),t=t||2;for(var o=e.length;o 3 | 4 | {% block index %} 5 |
      6 | 7 |
      8 |
      9 | 严格意义上,权限不是万能的,但是没权限是万万不能的啊点我返回 10 |
      11 | {% endblock %} -------------------------------------------------------------------------------- /templates/404.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 | 7 |
      8 |
      9 | 您找的页面可能已经不存在了,去火星看看点我返回 10 |
      11 | {% endblock %} -------------------------------------------------------------------------------- /templates/500.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 | 7 |
      8 |
      9 | 当前页面发生了一点小错误,请稍后试试点我返回 10 |
      11 | {% endblock %} -------------------------------------------------------------------------------- /templates/ArticleManage/articledetails.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 | {% csrf_token %} 6 |
      7 | 8 | 文章详情 9 | 10 |
      11 |
      12 | 20 |
      21 | {% endblock %} -------------------------------------------------------------------------------- /templates/AssetManage/assethandoverlist.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 | {% csrf_token %} 6 |
      7 | 8 | 资产审批 9 | 10 | 11 | 12 | 13 |
      14 |
      15 |
      16 |
      17 |
      18 | 19 |
      20 | 26 |
      27 |
      28 |
      29 |
      30 | 31 |
      32 |
      33 |
      34 |
      35 | 102 | 103 | 113 | {% endblock %} -------------------------------------------------------------------------------- /templates/Dashboard.html: -------------------------------------------------------------------------------- 1 | {% load staticfiles %} 2 | {% load custom_tag %} 3 | 4 | 5 | 6 | 7 | SeMF安全管控平台 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 41 | 42 | 43 | 44 | 45 | 46 |
      47 | 48 |
      49 | 50 |
      51 |
        52 |
      • 53 | 54 |
        • 55 |
      56 | 57 | 74 |
      75 | 76 | 77 | 78 |
      79 |
      80 | 83 |
      84 |
      85 | 86 | 87 |
      88 |
      89 |
        90 |
      • 我的桌面
        • 91 |
      92 |
      93 |
      94 | 95 |
      96 |
      97 |
      98 |
      99 |
      100 | 101 | 102 | 103 |
      104 |
      Copyright ©2018 SeMF All Rights Reserved
      105 |
      106 | 107 | 108 | -------------------------------------------------------------------------------- /templates/MappedManage/mappeddetails.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 | {% csrf_token %} 6 |
      7 | 8 | 9 | 10 | 11 | 12 | 13 | {% if mapped.mapped_status %} 14 | 15 | {% else %} 16 | 17 | {% endif %} 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 |
      内网IP:{{mapped.LANip.asset_key}}
      内网端口:{{mapped.LANPort.port}}
      外网IP:{{mapped.WANip.asset_key}}
      外网端口:{{mapped.WANPort.port}}
      域名:{{mapped.Domain}}
      映射状态:使用中
      映射状态:已禁用
      开启时间:{{mapped.start_time}}
      关闭时间:{{mapped.end_time}}
      申请人邮箱:{{mapped.request_email}}
      操作人邮箱:{{mapped.action_email}}
      申请单号:{{mapped.request_order}}
      申请人:{{mapped.request_user}}
      员工编号:{{mapped.request_user_num}}
      申请部门:{{mapped.request_user_department}}
      联系电话:{{mapped.telephone}}
      更新时间:{{mapped.mapped_updatetime}}
      映射备注:{{mapped.Mapped_description}}
      31 |
      32 | {% endblock %} -------------------------------------------------------------------------------- /templates/RBAC/login.html: -------------------------------------------------------------------------------- 1 | {% load staticfiles %} 2 | 3 | 4 | 5 | 6 | SeMF安全管控平台 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 55 | 56 | -------------------------------------------------------------------------------- /templates/RBAC/main.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 | {% csrf_token %} 6 |
      7 |
      欢迎使用SeMF安全管控平台 8 | 9 |
      10 |
      11 |
      12 |
      数据统计
      13 |
      14 |
      15 | 55 |
      56 |
      57 |
      58 |
      59 | {% if article %} 60 |
      61 |
      62 | 70 |
      71 |
      72 | {% if article_list %} 73 |

      最新知识共享

      74 | 79 | {% endif %} 80 |
      81 |
      82 | {% endif %} 83 |
      84 | {% endblock %} -------------------------------------------------------------------------------- /templates/RBAC/regist.html: -------------------------------------------------------------------------------- 1 | {% extends "RBAC/login.html" %} 2 | 3 | 4 | {% block user %} 5 |
      6 | {% csrf_token %} 7 | {{ form.firstname}} 8 |
      9 | {{ form.lastname}} 10 |
      11 | {{ form.email}} 12 |
      13 | {{ form.password}} 14 |
      15 | {{ form.repassword}} 16 |
      17 | 18 |
      19 |
      20 |
      21 | 已有账号?返回登录 22 |
      23 |
      24 | 忘记密码?密码重置 25 |
      26 |
      27 |
      28 | {% endblock %} -------------------------------------------------------------------------------- /templates/RBAC/registrequest.html: -------------------------------------------------------------------------------- 1 | {% extends "RBAC/login.html" %} 2 | 3 | 4 | {% block user %} 5 |
      6 |
      7 |
      8 |
      9 | {% csrf_token %} 10 | {{ form.as_table }} 11 |
      12 | 13 |
      14 |
      15 |
      16 | 已有账号?返回登录 17 |
      18 |
      19 | 忘记密码?密码重置 20 |
      21 |
      22 |
      23 |
      24 |
      25 | {% endblock %} -------------------------------------------------------------------------------- /templates/RBAC/resetpsd.html: -------------------------------------------------------------------------------- 1 | {% extends "RBAC/login.html" %} 2 | 3 | 4 | {% block user %} 5 |
      6 | {% csrf_token %} 7 | {{ form.email}} 8 |
      9 | {{ form.password}} 10 |
      11 | {{ form.repassword}} 12 |
      13 | 14 |
      15 |
      16 |
      17 | 已有账号?返回登录 18 |
      19 |
      20 | 新用户?账号申请 21 |
      22 |
      23 |
      24 | {% endblock %} -------------------------------------------------------------------------------- /templates/RBAC/resetpsdquest.html: -------------------------------------------------------------------------------- 1 | {% extends "RBAC/login.html" %} 2 | 3 | 4 | {% block user %} 5 |
      6 |
      7 | {% csrf_token %} 8 | {{ form.email }} 9 |
      10 | 11 |
      12 |
      13 |
      14 | 已有账号?返回登录 15 |
      16 |
      17 | 新用户?账号申请 18 |
      19 |
      20 |
      21 |
      22 | {% endblock %} -------------------------------------------------------------------------------- /templates/RBAC/userinfo.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
      用户姓名:
      		{{ user.first_name }}{{ user.last_name }}
      用户ID:
      		{{ user.username }}
      邮箱地址:
      		{{ user.email }}
      员工编号:
      		{{ user.profile.user_num }}
      入驻日期 :
      		{{ user.date_joined }}
      职位名称:
      		{{ user.profile.title }}
      直属领导:
      		{{ user.profile.parent_email }}
      系统角色:
      		{{ user.profile.roles.title }}
      座机号码:
      		{{ user.profile.telephone }}
      手机号码
      		{{ user.profile.mobilephone }}
      个人简介
      		{{ user.profile.description }}
      19 |
      20 | {% endblock %} -------------------------------------------------------------------------------- /templates/TaskManage/taskdetails.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | {% if task.request_status == '0' %} 17 | 审批中 18 | {% elif task.request_status == '1' %} 19 | 审批通过 20 | {% else %} 21 | 审批拒绝 22 | {% endif %} 23 | 24 | 25 | 27 | 28 |
      任务编号:
      		{{task.task_id}}
      扫描标识:
      		{{task.scan_id}}
      任务名称:
      		{{task.task_name}}
      任务类型:
      		{{task.task_type}}
      扫描器:
      		{{task.task_scanner.scanner_name}}
      任务目标:
      		{{task.task_target}}
      任务描述:
      		{{task.task_targetinfo}}
      创建时间:
      		{{task.task_starttime}}
      申请人:
      		{{task.task_user.username}}
      审批人:
      		{{task.action_user.username}}
      请求状态:
      		 26 |
      审批备注:
      		{{task.request_note}}
      审批时间:
      		{{task.task_endtime}}
      29 |
      30 | {% endblock %} -------------------------------------------------------------------------------- /templates/TaskManage/taskedit.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 |
      7 |
      8 | {% csrf_token %} 9 | {{ form.as_table }} 10 |
      11 |
      12 |
      13 | 14 |
      15 |
      16 | 17 |
      18 |
      19 |
      20 |
      21 | 24 | {% endblock %} -------------------------------------------------------------------------------- /templates/TaskManage/taskrequest.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 | {% csrf_token %} 6 |
      7 | 8 | 任务管理 9 | 10 | 11 | 12 | 13 |
      14 |
      15 | 16 | 17 |
      18 | 19 |
      20 |       21 | 22 |
      23 |
      24 | 109 | 115 | {% endblock %} -------------------------------------------------------------------------------- /templates/TaskManage/taskupdate.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 |
      7 |
      8 | {% csrf_token %} 9 | {{ form.as_table }} 10 |
      11 |
      12 |
      13 | 14 |
      15 |
      16 | 17 |
      18 |
      19 |
      20 |
      21 | 24 | {% endblock %} -------------------------------------------------------------------------------- /templates/VulnManage/cnvdvulndetails.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
      漏洞编号:   
      		{{vuln.cve_id}}
      cnvd编号:   
      		{{vuln.cnvd_id}}
      漏洞名称:   
      		{{vuln.cve_name}}
      更新日期:   
      		{{vuln.update_data}}
      危险等级:   
      		{{vuln.leave}}
      影响范围:   
      		{{vuln.scopen}}
      漏洞简介:   
      		{{vuln.introduce}}
      修复方案:   
      		{{vuln.fix}}
      修复指南:   
      		{{vuln.fix_step}}
      17 |
      18 | {% endblock %} -------------------------------------------------------------------------------- /templates/VulnManage/cnvdvulnlist.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 | {% csrf_token %} 6 |
      7 | 8 | 漏洞库 9 | 10 | 11 | 12 | 13 |
      14 |
      15 |
      16 |
      17 |
      18 | 19 |
      20 | 26 |
      27 |
      28 |
      29 |
      30 | 31 |
      32 |
      33 | {% if user.is_superuser %} 34 | 35 |
      36 | 37 |
      38 |       39 | {% endif %} 40 |
      41 |
      42 | 110 | 118 | {% endblock %} -------------------------------------------------------------------------------- /templates/VulnManage/vulndetails.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 | 7 | 8 | 9 | 10 | 21 | 22 | 23 | 24 | 25 | 26 | {% if vuln.fix_status == '1' %} 27 | 28 | 29 | {% endif %} 30 |
      漏洞编号:   
      		{{vuln.vuln_id}}
      漏洞名称:   
      		{{vuln.vuln_name}}
      cve编号:   
      		{{vuln.cve_name}}
      危险等级:   
      		 11 | {% if vuln.leave == '4' or vuln.leave == '3' %} 12 | 高危 13 | {% elif vuln.leave == '2' %} 14 | 中危 15 | {% elif vuln.leave == '1' %} 16 | 低危 17 | {% else %} 18 | 信息 19 | {% endif %} 20 |
      影响范围:   
      		{{vuln.scopen}}
      漏洞简介:   
      		{{vuln.introduce}}
      漏洞验证:   
      		{{vuln.vuln_info}}
      修复方案:   
      		{{vuln.fix}}
      发现时间:   
      		{{vuln.create_data}}
      处理记录:   
      		{{vuln.fix_action}}
      修复时间:   
      		{{vuln.update_data}}
      31 |
      32 | {% endblock %} -------------------------------------------------------------------------------- /templates/error.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 |
      7 |

      警告!{{ error }} 点我返回

      8 |
      9 | {% endblock %} -------------------------------------------------------------------------------- /templates/formedit.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 |
      7 |
      8 | {% csrf_token %} 9 | {{ form.as_table }} 10 |
      11 |
      12 |
      13 | 14 |
      15 |
      16 | 17 |
      18 |
      19 |
      20 |
      21 | 22 | 54 | {% endblock %} -------------------------------------------------------------------------------- /templates/formupdate.html: -------------------------------------------------------------------------------- 1 | {% extends "index.html" %} 2 | 3 | 4 | {% block index %} 5 |
      6 |
      7 |
      8 | {% csrf_token %} 9 | {{ form.as_table }} 10 |
      11 |
      12 |
      13 | 14 |
      15 |
      16 | 17 |
      18 |
      19 |
      20 |
      21 | 54 | {% endblock %} -------------------------------------------------------------------------------- /templates/index.html: -------------------------------------------------------------------------------- 1 | {% load staticfiles %} 2 | 3 | 4 | 5 | 6 | SeMF安全管控平台 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | {% if error %} 26 | 30 | {% endif %} 31 | {% block index %} 32 | 33 | {% endblock %} 34 | 35 | 36 | 37 | --------------------------------------------------------------------------------