From ab1fb88c7df389839716622518f7905655dafc9c Mon Sep 17 00:00:00 2001 From: boyhack <34109680@qq.com> Date: Tue, 22 Nov 2016 16:47:09 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E9=9B=86=E6=88=90=E4=BA=86=E4=B9=8C?= =?UTF-8?q?=E4=BA=91=E6=BC=8F=E6=B4=9E=E6=9F=A5=E8=AF=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 10 ++++++-- myweb.py | 36 ++++++++++++++++++++++++++- templates/base.html | 1 + templates/wooyun.html | 58 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 102 insertions(+), 3 deletions(-) create mode 100644 templates/wooyun.html diff --git a/README.md b/README.md index 1e52ee5..0597e84 100644 --- a/README.md +++ b/README.md @@ -4,15 +4,20 @@ > web框架是flask 前端框架是amazeUI ## 安装 -pip install flask -pip install requests +`pip install flask` +`pip install requests` +`pip install MySQLdb ` + [usage]: python `myweb.py ` +乌云数据库文件安装 链接: http://pan.baidu.com/s/1hrKYy8W 密码: yrrr + ## 更新 - 11.7 更新 加入了在线社工库 调用的接口~ - 10.25 更新 加入了社会工程学密码生成和whois查询 - 10.21 更新 加入了CMS在线识别 +- 11.22 更新 集成了乌云漏洞查询 [搭建教程][3] ## 学习教程 每一步都记录了 [编写记录][1] @@ -23,3 +28,4 @@ pip install requests [1]: http://bbs.ichunqiu.com/forum.php?mod=collection&action=view&ctid=65 [2]: http://systeminfo.applinzi.com/ + [3]: http://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=15744&page=1&extra=#pid261144 diff --git a/myweb.py b/myweb.py index 389846b..0f9e168 100644 --- a/myweb.py +++ b/myweb.py @@ -10,12 +10,18 @@ import whois import skg +import MySQLdb +import sys reload(sys) sys.setdefaultencoding('utf-8') -app = Flask(__name__) +app = Flask(__name__) +#连接数据库操作 +db = MySQLdb.connect("127.0.0.1","root","","pyhack",charset='utf8' ) +cursor = db.cursor() + @app.route('/',methods=["get","post"]) def index(): return render_template('ip.html') @@ -94,5 +100,33 @@ def findpass(): else: return render_template('skg.html',title="社工库查询") +#集成wooyun漏洞平台 +@app.route('/wooyun',methods=["get","post"]) +def wooyun(): + searchword = request.args.get('key', '').strip() + log_id = request.args.get('id', '').strip() + data = {} + table = list() + if log_id: + # 使用execute方法执行SQL语句 + cursor.execute(MySQLdb.escape_string("SELECT * from emlog_blog where gid=%s"%log_id)) + # 使用 fetchone() 方法获取一条数据库。 + results = cursor.fetchone() + data["id"] = results[0] + data["text"] = results[2] + data["title"] = results[1] + if searchword: + sql = 'SELECT gid,title from emlog_blog where title like "%%%s%%"'%searchword + cursor.execute(sql) + #cursor.execute('SELECT * from emlog_blog limit 10') + results = cursor.fetchall() + + for rows in results: + tdata = {} + tdata["id"] = rows[0] + tdata["title"] = rows[1] + table.append(tdata) + return render_template("wooyun.html",title="乌云漏洞查询",data=data,table=table) + if __name__ == '__main__': app.run(debug=True) diff --git a/templates/base.html b/templates/base.html index c741660..46c037d 100644 --- a/templates/base.html +++ b/templates/base.html @@ -168,6 +168,7 @@

  • 密码生成
  • whois查询
  • 社工库
    • +
  • 漏洞查询
  • 开启全屏
    • diff --git a/templates/wooyun.html b/templates/wooyun.html new file mode 100644 index 0000000..6df5a15 --- /dev/null +++ b/templates/wooyun.html @@ -0,0 +1,58 @@ +{% extends "base.html" %} +{% block content %} +
    +
    +
    +

    WooYun漏洞查询

    +
    +
    +
    +
    + +
    +
    + +
    + +
    +
    +
    +
    +
    + +
    +
    +
    +
    + {% if table %} + + + + + + + + + + {% for foo in table %} + + + + + + {% endfor %} + +
    id标题查看
    {{foo.id}}{{foo.title}}查看
    + {% endif %} + {% if data %} +

    {{data.title}}

    + {{data.text|safe}} + {% endif %} +
    +
    +
    +
    +
    + +
    +{% endblock %} \ No newline at end of file From 82cb5eca3458d3fdbac142d464a6ef37a27253ee Mon Sep 17 00:00:00 2001 From: boyhack <34109680@qq.com> Date: Tue, 22 Nov 2016 16:48:34 +0800 Subject: [PATCH 2/3] readme.me --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0597e84..81bece2 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,12 @@ > web框架是flask 前端框架是amazeUI ## 安装 -`pip install flask` -`pip install requests` -`pip install MySQLdb ` +`pip install flask` + +`pip install requests` + +`pip install MySQLdb ` + [usage]: python `myweb.py ` From b3caca973425c44e59dd439a34a3a52cf95b704d Mon Sep 17 00:00:00 2001 From: boyhack <34109680@qq.com> Date: Wed, 7 Dec 2016 22:33:42 +0800 Subject: [PATCH 3/3] =?UTF-8?q?update=20wooyun=E5=BF=BD=E7=95=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 +++- myweb.py | 25 +++++++++++++++++++++++-- templates/base.html | 10 +++++++++- templates/wooyun.html | 8 +++++++- 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 81bece2..7b84718 100644 --- a/README.md +++ b/README.md @@ -17,10 +17,12 @@ ## 更新 +- 12.7 更新 加入乌云漏洞库忽略漏洞查询 +- 11.22 更新 集成了乌云漏洞查询 [搭建教程][3] - 11.7 更新 加入了在线社工库 调用的接口~ - 10.25 更新 加入了社会工程学密码生成和whois查询 - 10.21 更新 加入了CMS在线识别 -- 11.22 更新 集成了乌云漏洞查询 [搭建教程][3] + ## 学习教程 每一步都记录了 [编写记录][1] diff --git a/myweb.py b/myweb.py index 0f9e168..6b4a0df 100644 --- a/myweb.py +++ b/myweb.py @@ -102,7 +102,8 @@ def findpass(): #集成wooyun漏洞平台 @app.route('/wooyun',methods=["get","post"]) -def wooyun(): +@app.route('/wooyun/',methods=["get","post"]) +def wooyun(pages = 0): searchword = request.args.get('key', '').strip() log_id = request.args.get('id', '').strip() data = {} @@ -116,7 +117,7 @@ def wooyun(): data["text"] = results[2] data["title"] = results[1] if searchword: - sql = 'SELECT gid,title from emlog_blog where title like "%%%s%%"'%searchword + sql = 'SELECT gid,title from emlog_blog where title like "%%%s%%"'%(searchword) cursor.execute(sql) #cursor.execute('SELECT * from emlog_blog limit 10') results = cursor.fetchall() @@ -128,5 +129,25 @@ def wooyun(): table.append(tdata) return render_template("wooyun.html",title="乌云漏洞查询",data=data,table=table) +#集成wooyun漏洞平台 -被忽略的漏洞 +@app.route('/wooyun1',methods=["get","post"]) +@app.route('/wooyun1/',methods=["get","post"]) +def wooyun1(pages=0): + if pages is None: + pages = 0 + if pages < 0: + pages = 0 + sql = 'SELECT gid,title from emlog_blog where content like "%%%s%%" limit %d,%d'%("无影响厂商忽略",pages*20,20) + print sql + cursor.execute(sql) + results = cursor.fetchall() + table = list() + for rows in results: + tdata = {} + tdata["id"] = rows[0] + tdata["title"] = rows[1] + table.append(tdata) + return render_template("wooyun.html",title="乌云忽略漏洞查询",table=table,next=pages+1,prev=pages-1) + if __name__ == '__main__': app.run(debug=True) diff --git a/templates/base.html b/templates/base.html index 46c037d..f770704 100644 --- a/templates/base.html +++ b/templates/base.html @@ -168,7 +168,15 @@

  • 密码生成
  • whois查询
  • 社工库
    • -
  • 漏洞查询
    • +
  • + + 漏洞bugs + + +
  • 开启全屏
    • diff --git a/templates/wooyun.html b/templates/wooyun.html index 6df5a15..76ce071 100644 --- a/templates/wooyun.html +++ b/templates/wooyun.html @@ -38,11 +38,17 @@

    WooYun漏洞查询

    {{foo.id}} {{foo.title}} - 查看 + 查看 {% endfor %} + {% if next %} + + {% endif %} {% endif %} {% if data %}

    {{data.title}}