diff --git a/README.md b/README.md index 1e52ee5..7b84718 100644 --- a/README.md +++ b/README.md @@ -4,16 +4,26 @@ > web框架是flask 前端框架是amazeUI ## 安装 -pip install flask -pip install requests +`pip install flask` + +`pip install requests` + +`pip install MySQLdb ` + + [usage]: python `myweb.py ` +乌云数据库文件安装 链接: http://pan.baidu.com/s/1hrKYy8W 密码: yrrr + ## 更新 +- 12.7 更新 加入乌云漏洞库忽略漏洞查询 +- 11.22 更新 集成了乌云漏洞查询 [搭建教程][3] - 11.7 更新 加入了在线社工库 调用的接口~ - 10.25 更新 加入了社会工程学密码生成和whois查询 - 10.21 更新 加入了CMS在线识别 + ## 学习教程 每一步都记录了 [编写记录][1] @@ -23,3 +33,4 @@ pip install requests [1]: http://bbs.ichunqiu.com/forum.php?mod=collection&action=view&ctid=65 [2]: http://systeminfo.applinzi.com/ + [3]: http://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=15744&page=1&extra=#pid261144 diff --git a/myweb.py b/myweb.py index 389846b..6b4a0df 100644 --- a/myweb.py +++ b/myweb.py @@ -10,12 +10,18 @@ import whois import skg +import MySQLdb +import sys reload(sys) sys.setdefaultencoding('utf-8') -app = Flask(__name__) +app = Flask(__name__) +#连接数据库操作 +db = MySQLdb.connect("127.0.0.1","root","","pyhack",charset='utf8' ) +cursor = db.cursor() + @app.route('/',methods=["get","post"]) def index(): return render_template('ip.html') @@ -94,5 +100,54 @@ def findpass(): else: return render_template('skg.html',title="社工库查询") +#集成wooyun漏洞平台 +@app.route('/wooyun',methods=["get","post"]) +@app.route('/wooyun/',methods=["get","post"]) +def wooyun(pages = 0): + searchword = request.args.get('key', '').strip() + log_id = request.args.get('id', '').strip() + data = {} + table = list() + if log_id: + # 使用execute方法执行SQL语句 + cursor.execute(MySQLdb.escape_string("SELECT * from emlog_blog where gid=%s"%log_id)) + # 使用 fetchone() 方法获取一条数据库。 + results = cursor.fetchone() + data["id"] = results[0] + data["text"] = results[2] + data["title"] = results[1] + if searchword: + sql = 'SELECT gid,title from emlog_blog where title like "%%%s%%"'%(searchword) + cursor.execute(sql) + #cursor.execute('SELECT * from emlog_blog limit 10') + results = cursor.fetchall() + + for rows in results: + tdata = {} + tdata["id"] = rows[0] + tdata["title"] = rows[1] + table.append(tdata) + return render_template("wooyun.html",title="乌云漏洞查询",data=data,table=table) + +#集成wooyun漏洞平台 -被忽略的漏洞 +@app.route('/wooyun1',methods=["get","post"]) +@app.route('/wooyun1/',methods=["get","post"]) +def wooyun1(pages=0): + if pages is None: + pages = 0 + if pages < 0: + pages = 0 + sql = 'SELECT gid,title from emlog_blog where content like "%%%s%%" limit %d,%d'%("无影响厂商忽略",pages*20,20) + print sql + cursor.execute(sql) + results = cursor.fetchall() + table = list() + for rows in results: + tdata = {} + tdata["id"] = rows[0] + tdata["title"] = rows[1] + table.append(tdata) + return render_template("wooyun.html",title="乌云忽略漏洞查询",table=table,next=pages+1,prev=pages-1) + if __name__ == '__main__': app.run(debug=True) diff --git a/templates/base.html b/templates/base.html index c741660..f770704 100644 --- a/templates/base.html +++ b/templates/base.html @@ -168,6 +168,15 @@

  • 密码生成
  • whois查询
  • 社工库
    • +
  • + + 漏洞bugs + + +
  • 开启全屏
    • diff --git a/templates/wooyun.html b/templates/wooyun.html new file mode 100644 index 0000000..76ce071 --- /dev/null +++ b/templates/wooyun.html @@ -0,0 +1,64 @@ +{% extends "base.html" %} +{% block content %} +
    +
    +
    +

    WooYun漏洞查询

    +
    +
    +
    +
    + +
    +
    + +
    + +
    +
    +
    +
    +
    + +
    +
    +
    +
    + {% if table %} + + + + + + + + + + {% for foo in table %} + + + + + + {% endfor %} + +
    id标题查看
    {{foo.id}}{{foo.title}}查看
    + {% if next %} + + {% endif %} + {% endif %} + {% if data %} +

    {{data.title}}

    + {{data.text|safe}} + {% endif %} +
    +
    +
    +
    +
    + +
    +{% endblock %} \ No newline at end of file