midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

op

Browse Source
pull/5/head
Mr Chen 6 years ago
parent 3d13ab9096
commit 1c0ac62b4f
3 changed files with 160 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 86
      plugins/op_waf/index.py
  2. 94
      plugins/op_waf/js/op_waf.js
  3. 2
      plugins/op_waf/waf/config.json

86
plugins/op_waf/index.py
Unescape View File

@ -96,12 +96,11 @@ def initSiteInfo():
site_contents = "{}"
site_contents = json.loads(site_contents)
site_contents_new = {}
for x in range(len(domain_contents)):
name = domain_contents[x]['name']
if name in site_contents:
pass
site_contents_new[name] = site_contents[name]
else:
tmp = {}
tmp['cdn'] = False
@ -109,15 +108,54 @@ def initSiteInfo():
tmp['get'] = True
tmp['post'] = True
tmp['open'] = False
site_contents[name] = tmp
cjson = public.getJson(site_contents)
data_cc = {}
data_cc['open'] = False
tmp['cc'] = data_cc
site_contents_new[name] = tmp
cjson = public.getJson(site_contents_new)
public.writeFile(path_site, cjson)
def initTotalInfo():
data = []
path_domains = getJsonPath('domains')
path_total = getJsonPath('total')
domain_contents = public.readFile(path_domains)
domain_contents = json.loads(domain_contents)
try:
total_contents = public.readFile(path_total)
except Exception as e:
total_contents = "{}"
total_contents = json.loads(total_contents)
total_contents_new = {}
for x in range(len(domain_contents)):
name = domain_contents[x]['name']
if 'sites' in total_contents and name in total_contents['sites']:
pass
else:
tmp = {}
tmp['cdn'] = 0
tmp['log'] = 0
tmp['get'] = 0
tmp['post'] = 0
tmp['total'] = 0
_name = {}
_name[name] = tmp
total_contents['sites'] = _name
cjson = public.getJson(total_contents)
public.writeFile(path_total, cjson)
def status():
initDomainInfo()
initSiteInfo()
initTotalInfo()
path = getConf()
if not os.path.exists(path):
@ -290,6 +328,42 @@ def saveScanRule():
return public.returnJson(True, '设置成功!', [])
def getSiteConfig():
path = getJsonPath('site')
content = public.readFile(path)
content = json.loads(content)
total = getJsonPath('total')
total_content = public.readFile(total)
total_content = json.loads(total_content)
# print total_content
for x in content:
tmp = []
tmp_v = {}
if 'sites' in total_content and x in total_content['sites']:
tmp_v = total_content['sites'][x];
key_list = ['get','post','user-agent','cookie','cdn','cc']
for kx in range(len(key_list)):
ktmp = {}
if kx in tmp_v :
ktmp['value'] = tmp_v[key_list[kx]]
else:
ktmp['value'] = 0
ktmp['key'] = key_list[kx]
tmp.append(ktmp)
# print tmp
content[x]['total'] = tmp
content = public.getJson(content)
return public.returnJson(True, 'ok!', content)
def setObjOpen():
args = getArgs()
data = checkArgs(args, ['obj'])
@ -351,6 +425,8 @@ if __name__ == "__main__":
print setSiteRetry()
elif func == 'save_scan_rule':
print saveScanRule()
elif func == 'get_site_config':
print getSiteConfig()
elif func == 'waf_srceen':
print getWafSrceen()
elif func == 'waf_conf':

94
plugins/op_waf/js/op_waf.js
Unescape View File

@ -706,6 +706,7 @@ function urlBlack(type) {
}
function wafScreen(){
owPost('waf_srceen', {}, function(data){
@ -854,24 +855,85 @@ function wafGloabl(){
});
}
//返回css
function back_css(v) {
if (v > 0) {
return 'tipsval'
}
else {
return 'tipsval tipsvalnull'
}
}
function wafSite(){
var con = '<div class="divtable">\
<table class="table table-hover waftable" style="color:#fff;">\
<thead>\
<tr><th width="18%">站点</th>\
<th>GET</th>\
<th>POST</th>\
<th>UA</th>\
<th>Cookie</th>\
<th>CDN</th>\
<th>CC</th>\
<th>状态</th>\
<th>操作</th></tr>\
</thead>\
</table>\
</div>';
$(".soft-man-con").html(con);
owPost('get_site_config', {}, function(data){
var tmp = $.parseJSON(data.data);
var rdata = $.parseJSON(tmp.data);
console.log(rdata);
var tbody = '';
var i = 0;
$.each(rdata, function (k, v) {
console.log(k,v);
i += 1;
tbody += '<tr>\
<td><a onclick="site_waf_config(\''+ k + '\')" class="sitename btlink" title="' + k + '">' + k + '</a></td>\
<td>\
<input onclick="set_site_obj_state(\''+ k + '\',\'get\')" type="checkbox" ' + (v.get ? 'checked' : '') + '><span class="' + back_css(v.total[1].value) + '" title="拦截GET渗透次数:' + v.total[1].value + '">' + v.total[1].value + '</span>\
</td>\
<td>\
<input onclick="set_site_obj_state(\''+ k + '\',\'post\')" type="checkbox" ' + (v.post ? 'checked' : '') + '><span class="' + back_css(v.total[0].value) + '" title="拦截POST渗透次数:' + v.total[0].value + '">' + v.total[0].value + '</span>\
</td>\
<td>\
<input onclick="set_site_obj_state(\''+ k + '\',\'user-agent\')" type="checkbox" ' + (v['user-agent'] ? 'checked' : '') + '><span class="' + back_css(v.total[3].value) + '" title="拦截恶意User-Agent次数:' + v.total[3].value + '">' + v.total[3].value + '</span>\
</td>\
<td>\
<input onclick="set_site_obj_state(\''+ k + '\',\'cookie\')" type="checkbox" ' + (v.cookie ? 'checked' : '') + '><span class="' + back_css(v.total[4].value) + '" title="拦截Cookie渗透次数:' + v.total[4].value + '">' + v.total[4].value + '</span>\
</td>\
<td>\
<input onclick="set_site_obj_state(\''+ k + '\',\'cdn\')" type="checkbox" ' + (v.cdn ? 'checked' : '') + '>\
</td>\
<td>\
<input onclick="set_site_obj_state(\''+ k + '\',\'cc\')" type="checkbox" ' + (v.cc.open ? 'checked' : '') + '><span class="' + back_css(v.total[2].value) + '" title="拦截CC攻击次数:' + v.total[2].value + '">' + v.total[2].value + '</span>\
</td>\
<td>\
<div class="ssh-item" style="margin-left:0">\
<input class="btswitch btswitch-ios" id="closeget_'+ i + '" type="checkbox" ' + (v.open ? 'checked' : '') + '>\
<label class="btswitch-btn" for="closeget_'+ i + '" onclick="set_site_obj_state(\'' + v.siteName + '\',\'open\')"></label>\
</div>\
</td>\
<td class="text-right"><a onclick="site_waf_log(\''+ k + '\')" class="btlink ' + (v.log_size > 0 ? 'dot' : '') + '">日志</a> | <a onclick="site_waf_config(\'' + v.siteName + '\')" class="btlink"></a></td>\
</tr>'
});
var con = '<div class="lib-box">\
<div class="lib-con">\
<div class="divtable">\
<div id="siteCon_fix" style="max-height:580px; overflow:auto;border:#ddd 1px solid">\
<table class="table table-hover waftable" style="border:none">\
<thead>\
<tr>\
<th>站点</th>\
<th>GET</th>\
<th>POST</th>\
<th>UA</th>\
<th>Cookie</th>\
<th title="这个网站使用了CDN或其它代理时请勾选">CDN</th>\
<th>CC防御</th>\
<th>状态</th>\
<th style="text-align: right;">操作</th>\
</tr>\
</thead>\
<tbody>'+ tbody + '</tbody>\
</table>\
</div>\
</div>\
</div>\
</div>';
$(".soft-man-con").html(con);
tableFixed("siteCon_fix");
});
}

2
plugins/op_waf/waf/config.json
Unescape View File

@ -1 +1 @@
{"reqfile_path": "/Users/midoks/Desktop/fwww/server/openresty/nginx/conf/waf/html", "retry": {"retry_time": "180", "is_open_global": "0", "retry": "6", "retry_cycle": "60"}, "log": true, "retry_cycle": 60, "scan": {"status": 444, "ps": "\u8fc7\u6ee4\u5e38\u89c1\u626b\u63cf\u6d4b\u8bd5\u5de5\u5177\u7684\u6e17\u900f\u6d4b\u8bd5", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "\u8fc7\u8651CC\u653b\u51fb", "limit": 120, "endtime": 300, "open": true, "reqfile": "", "cycle": 60}, "body_character_string": [], "start_time": 1556095983.425878, "get": {"status": 403, "ps": "\u8fc7\u6ee4uri\u3001uri\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "get.html"}, "body_regular": [], "log_save": 30, "user-agent": {"status": 403, "ps": "\u901a\u5e38\u7528\u4e8e\u8fc7\u6ee4\u6d4f\u89c8\u5668\u3001\u8718\u86db\u53ca\u4e00\u4e9b\u81ea\u52a8\u626b\u63cf\u5668", "open": true, "reqfile": "user_agent.html"}, "logs_path": "/www/wwwlogs/btwaf", "other": {"status": 403, "ps": "\u5176\u5b83\u975e\u901a\u7528\u8fc7\u6ee4", "reqfile": "other.html"}, "cookie": {"status": 403, "ps": "\u8fc7\u6ee4\u5229\u7528Cookie\u53d1\u8d77\u7684\u6e17\u900f\u653b\u51fb", "open": true, "reqfile": "cookie.html"}, "retry_time": 180, "post": {"status": 403, "ps": "\u8fc7\u6ee4POST\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "post.html"}, "open": true}
{"reqfile_path": "/Users/midoks/Desktop/fwww/server/openresty/nginx/conf/waf/html", "retry": {"retry_time": "180", "is_open_global": "0", "retry": "6", "retry_cycle": "60"}, "log": true, "retry_cycle": 60, "scan": {"status": 444, "ps": "\u8fc7\u6ee4\u5e38\u89c1\u626b\u63cf\u6d4b\u8bd5\u5de5\u5177\u7684\u6e17\u900f\u6d4b\u8bd5", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "\u8fc7\u8651CC\u653b\u51fb", "limit": 120, "endtime": 300, "open": true, "reqfile": "", "cycle": 60}, "body_character_string": [], "start_time": 1556095983.425878, "get": {"status": 403, "ps": "\u8fc7\u6ee4uri\u3001uri\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "get.html"}, "body_regular": [], "log_save": 30, "user-agent": {"status": 403, "ps": "\u901a\u5e38\u7528\u4e8e\u8fc7\u6ee4\u6d4f\u89c8\u5668\u3001\u8718\u86db\u53ca\u4e00\u4e9b\u81ea\u52a8\u626b\u63cf\u5668", "open": true, "reqfile": "user_agent.html"}, "retry_time": 180, "other": {"status": 403, "ps": "\u5176\u5b83\u975e\u901a\u7528\u8fc7\u6ee4", "reqfile": "other.html"}, "cookie": {"status": 403, "ps": "\u8fc7\u6ee4\u5229\u7528Cookie\u53d1\u8d77\u7684\u6e17\u900f\u653b\u51fb", "open": true, "reqfile": "cookie.html"}, "logs_path": "/www/wwwlogs/btwaf", "post": {"status": 403, "ps": "\u8fc7\u6ee4POST\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "post.html"}, "open": true}
Write Preview
Loading…
Cancel
Save