-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
151 lines (140 loc) · 5.35 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
import asyncio
from sanic import Sanic, response
from sanic.request import Request
from sanic.response import text, stream
import os
import time
import subprocess
import uuid
app = Sanic("WebZmap")
@app.get("/webzmap/web/zmap.sh")
async def runZmap(Re: Request):
fake = """
#!python3
# 第一个对应端口, 第二个对应ips
import os
function do_zmap(maxs, ip, port):
os.exec("zmap -N {} -B 10M -q -p{} -o result.txt {}".format(maxs, ip, port))
tmp = ''
try:
with open("result.txt", 'r') as f:
tmp = f.read()
except:
return "result.txt not found"
return tmp
do_zmap()
"""
# 判断是否存在get参数
try:
ips = Re.args["ips"][0]
port = Re.args["port"][0]
maxs = Re.args["maxs"][0]
print(Re.args)
port = int(port)
maxs = int(maxs)
if port > 65525 or port < 1 or maxs < 0 or maxs > 10000:
print(Re.ip)
with open("hacker.txt", 'a') as f:
f.write("\n {}, {}".format(Re.ip, Re.args))
return "result.txt not found"
test = "qwertyuiopasdfghjklzxcvbnm|!@#$%^&*()_+{}[]':"
for i in test:
if i in ips:
print(Re.ip)
with open("hacker.txt", 'a') as f:
f.write("\n {}, {}".format(Re.ip, Re.args))
return "result.txt not found"
async def getOutpu(respond):
print("zmap -N {} -B 50M -q -p{} {}".format(maxs, port, ips))
cmd = "zmap -N {} -B 50M -q -p{} {}".format(maxs, port, ips)
p = await asyncio.subprocess.create_subprocess_shell(cmd,
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.PIPE)
stdout, stderr = await p.communicate()
for line in stdout.decode("utf-8").split("\n"):
r = line.strip()
with open("/scan/{}.txt".format(port), 'a') as f:
f.write(r + "\n")
await respond.write(r + ":" + str(port) + "\n")
return stream(getOutpu)
except Exception as e:
print(Re.ip)
with open("hacker.txt", 'a') as f:
f.write("\n {}, {}".format(Re.ip, Re.args))
return text(fake)
@app.get("/webzmap/web/setblacklist.sh")
async def setBlackList(Re: Request):
try:
key = Re.args["key"][0]
ip = Re.args["ip"][0]
if key == "{{HERE}}":
with open("/etc/zmap/blacklist.conf", 'a') as f:
f.write(ip + "\n")
return text("success")
except:
pass
@app.get("/webzmap/web/getblacklist.sh")
async def getBlackList(Re: Request):
try:
key = Re.args["key"][0]
if key == "{{HERE}}":
with open("/etc/zmap/blacklist.conf", 'r') as f:
return text(f.read())
except:
pass
@app.get("/webzmap/web/getresult.sh")
async def getResult(Re: Request):
try:
key = Re.args["key"][0]
port = Re.args["port"][0]
if key == "{{HERE}}":
with open("/scan/{}.txt".format(port), 'r') as f:
return text(f.read())
except:
pass
@app.get("/webzmap/web/masscan.sh")
async def runMasscan(Re: Request):
try:
ips = Re.args["ips"][0]
port = Re.args["port"][0]
if Re.args.get("time") is None:
times = 10
else:
times = Re.args["time"][0]
print(Re.args)
port = int(port)
times = int(times)
if port > 65525 or port < 1 or times < 0 or times > 120:
print(Re.ip)
with open("hacker.txt", 'a') as f:
f.write("\n {}, {}".format(Re.ip, Re.args))
return "result.txt not found"
test = "qwertyuiopasdfghjklzxcvbnm|!@#$%^&*()_+{}[]':"
for i in test:
if i in ips:
print(Re.ip)
with open("hacker.txt", 'a') as f:
f.write("\n {}, {}".format(Re.ip, Re.args))
return "result.txt not found"
async def getOutpu(respond):
uid = str(uuid.uuid4())
print("masscan -p{} {} --max-rate 1000000 --banners --exclude 255.255.255.255 --source-port 50000-50003 -oJ {}.json".format(port, ips, uid))
cmd = "masscan -p{} {} --max-rate 1000000 --banners --exclude 255.255.255.255 --source-port 50000-50003 -oJ {}.json".format(port, ips, uid)
p = await asyncio.subprocess.create_subprocess_shell(cmd,
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.PIPE)
stdout, stderr = await p.communicate()
await asyncio.sleep(times)
p.kill()
with open("{}.json".format(uid), 'r') as f:
for i in f.readlines():
await respond.write(i)
subprocess.Popen(["rm", "rf", "{}.json".format(uid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return stream(getOutpu)
except Exception as e:
print(Re.ip)
with open("hacker.txt", 'a') as f:
f.write("\n {}, {}".format(Re.ip, Re.args))
return text("WTF")
if __name__ == '__main__':
app.run(host="0.0.0.0", port=1919)