forked from fengxuangit/Fox-scan
-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathviews.py
110 lines (92 loc) · 3.42 KB
/
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env python
#!-*- coding:utf-8 -*-
import json
import threading
import multiprocessing
from flask import Flask,render_template,request,session,jsonify,redirect
from libs.action import SqlMapAction,Spider_Handle,Save_Success_Target
from libs.func import Tools
from libs.models import MySQLHander
from libs.action import Action
from libs.proxy import run_proxy
app = Flask(__name__)
mysql = MySQLHander()
app.config.update(dict(
DEBUG=True,
SECRET_KEY="546sdafwerxcvSERds549fwe8rdxfsaf98we1r2"
))
app.config.from_envvar('AUTOSQLI_SETTINGS', silent=True)
app.secret_key = "34$#4564dsfaWEERds/*-()^=sadfWE89SA"
SqlMap = SqlMapAction()
@app.route('/')
def index():
return render_template('index.html')
@app.route('/index')
def settings_views():
return render_template('index.html')
@app.route('/settings', methods=['GET', 'POST'])
def settings_settings_info():
return render_template('info.html')
#TODO user=session['user']
@app.route('/action/startask', methods=['GET', 'POST'])
def action_startask():
if request.method == 'GET':
return render_template('startask.html')
else:
#删除之前的任务
SqlMap.DeleteAllTask()
#转换为sqlmap的设置
options = Tools.do_sqlmap_options(request.form)
#更新整体的设置
SqlMap.update_settings(request)
#线程启动任务,后台运行,没有join
t = threading.Thread(target=Spider_Handle,args=(request.form['target'],options,))
t.start()
t = threading.Thread(target=Save_Success_Target,args=())
t.start()
return redirect('/action/showtask')
return "<html><script>alert('success add new target');window.location.href='/action/showtask';</script></html>"
return "<html><script>alert('add new target Faild');history.back();</script></html>"
@app.route('/action/showtask', methods=['GET'])
def action_showtask():
data = {"number":0, "data":[]}
if request.args.has_key('action') and request.args['action'] == "refresh":
mysql = MySQLHander()
condition = ""
sql = "select taskid,target,success,status from task where action=0"
mysql.query(sql)
source = mysql.fetchAllRows()
#获取正在扫描的URL
num = 0
for line in source:
num += 1
data['data'].append({"taskid":line[0], "target":line[1], "success":line[2], "status":line[3]})
data['number'] = num
mysql.close()
return json.dumps(data)
return render_template('showtask.html')
@app.route('/action/showjson', methods=['GET'])
def action_showjson():
data = {"number":0, "data":[]}
condition = ""
sql = "select taskid,target,success,status from task where action=0"
mysql.query(sql)
#获取正在扫描的URL
num = 0
for line in mysql.fetchAllRows():
num += 1
data['data'].append({"taskid":line[0], "target":line[1], "success":line[2], "status":line[3]})
condition = "taskid = \"{0}\" and ".format(line[0])
data['number'] = num
return json.dumps(data)
@app.route('/action/stoptask')
def action_status():
if request.args['taskidlist'] != "":
taskidlist = []
if request.args['taskidlist'].find(",") > 0:
taskidlist = request.args['taskidlist'].split(',')
else:
taskidlist.append(request.args['taskidlist'])
return json.dumps({"status":SqlMap.StopTask(taskidlist)})
if __name__ == '__main__':
app.run()