1- '''
2- author:九世
3- time:2019/7/16
4- fiel:tijiao.py
5- '''
6-
7- from selenium import webdriver
8- from selenium .webdriver import *
9- import time
10- import os
11- import win32con
12- import win32gui
13- import re
14- from selenium .webdriver .support .wait import WebDriverWait
15- from selenium .webdriver .common .keys import Keys
16-
17- bug = {} #漏洞信息
18- images = [] #存放要上传的图片
19- bug_tijiao = ['bug_title' ]
20- tyon = [0 ,1 ] #漏洞类型设置,0为事件型漏洞,1为通用型漏洞
21- web_bug = {'反射型XSS' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[1]/li[2]/a' ,'存储型XSS' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[1]/li[3]/a' ,'基于DOM型XSS' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[1]/li[4]/a'
22- ,'其他类型XSS' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[1]/li[5]/a' ,'SQL注入' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[2]/li[2]/a' ,'命令注入' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[2]/li[3]/a'
23- ,'CRLF注入' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[2]/li[4]/a' ,'其他注入' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[2]/li[5]/a' ,'逻辑漏洞' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[1]/a'
24- ,'平行越权' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[3]/li[2]/a' ,'垂直越权' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[3]/li[3]/a' ,'其他权限控制缺失' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[3]/li[4]/a'
25- ,'支付漏洞' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[2]/a' ,'密码重置' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[4]/li[2]/a' ,'任意注册' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[4]/li[3]/a'
26- ,'任意登陆' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[4]/li[4]/a' ,'撞库/扫号/暴力破解' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[4]/li[5]/a' ,'其他认证缺陷' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/ul[4]/li[6]/a' ,
27- '弱口令' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[3]/a' ,'条件竞争' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[4]/a' ,'代码执行' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[5]/a'
28- ,'信息泄露' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[6]/a' ,'文件包含' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[7]/a' ,'任意文件操作' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[8]/a'
29- ,'上传漏洞' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[9]/a' ,'URL重定向' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[10]/a' ,'XXE' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[11]/a'
30- ,'SSRF' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[12]/a' ,'CSRF' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[13]/a' ,'疑似入侵/存在后门' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[14]/a'
31- ,'其他' :'//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[15]/a' }
32-
33- bug_level = {'高危' :'//*[@id="submitform"]/div[6]/div/div/div/ul/li[2]/a' ,'中危' :'//*[@id="submitform"]/div[6]/div/div/div/ul/li[3]/a' ,'低危' :'//*[@id="submitform"]/div[6]/div/div/div/ul/li[4]/a' } #漏洞级别
34-
35- username = 'username' #盒子账号
36- password = 'password' #盒子密码
37- id = 1 #1为单个漏洞提交,2为批量漏洞提交
38-
39- chrome = webdriver .Chrome ()
40- def login ():
41- chrome .get ('https://account.tophant.com/login/' ) #进入登录界面
42- chrome .implicitly_wait (5 )
43- input = chrome .find_element_by_name ('username' )
44- input2 = chrome .find_element_by_name ('password' )
45- input3 = chrome .find_element_by_id ('loginBtn' )
46- input .send_keys (username )
47- input2 .send_keys (password )
48- input3 .click () #登录
49- time .sleep (3 )
50- vulbox = chrome .find_element_by_class_name ('img-noopen' )
51- vulbox .click ()
52- time .sleep (3 )
53- chrome .close () #关闭掉第一个标签页
54- window = chrome .window_handles
55- chrome .switch_to_window (window [0 ]) #切换到第二个标签页
56- chrome .get ('https://www.vulbox.com/user/submit-72' ) #进入到提交漏洞的url
57- tijiao (chrome )
58-
59- def tijiao (chrome ):
60- if id == 1 :
61- hq = os .listdir ('bug' )
62- dk = open ('bug/{}' .format (hq [0 ]),'r' ,encoding = 'utf-8' )
63- read = dk .read ()
64- zz = re .findall ('漏洞标题=.*' ,read )
65- bug ['漏洞标题' ]= str (zz [0 ]).replace ('漏洞标题=' ,'' )
66- zz1 = re .findall ('漏洞类别=.*' ,read )
67- bug ['漏洞类别' ] = str (zz1 [0 ]).replace ('漏洞类别=' , '' )
68- zz2 = re .findall ('厂商信息=.*' , read )
69- bug ['厂商信息' ] = str (zz2 [0 ]).replace ('厂商信息=' , '' )
70- zz3 = re .findall ('所属域名=.*' , read )
71- bug ['所属域名' ] = str (zz3 [0 ]).replace ('所属域名=' , '' )
72- zz4 = re .findall ('漏洞类型=.*' , read )
73- bug ['漏洞类型' ] = str (zz4 [0 ]).replace ('漏洞类型=' , '' )
74- zz5 = re .findall ('漏洞等级=.*' , read )
75- bug ['漏洞等级' ] = str (zz5 [0 ]).replace ('漏洞等级=' , '' )
76- zz6 = re .findall ('漏洞描述=.*' , read )
77- bug ['漏洞描述' ] = str (zz6 [0 ]).replace ('漏洞描述=' , '' )
78- zz6 = re .findall ('复现步骤=.*' , read )
79- bug ['复现步骤' ] = str (zz6 [0 ]).replace ('复现步骤=' , '' )
80- zz6 = re .findall ('修复方案=.*' , read )
81- bug ['修复方案' ] = str (zz6 [0 ]).replace ('修复方案=' , '' )
82- zz7 = re .findall ('匿名=.*' , read )
83- bug ['匿名' ] = str (zz7 [0 ]).replace ('匿名=' , '' )
84- zz8 = re .findall ('漏洞url/位置=.*' , read )
85- bug ['漏洞url/位置' ] = str (zz8 [0 ]).replace ('漏洞url/位置=' , '' )
86- zz9 = re .findall ('影响参数=.*' , read )
87- bug ['影响参数' ] = str (zz9 [0 ]).replace ('影响参数=' , '' )
88- zz10 = re .findall ('漏洞POC请求包=.*' , read )
89- bug ['漏洞POC请求包' ] = str (zz10 [0 ]).replace ('漏洞POC请求包=' , '' )
90-
91-
92-
93- img = re .findall ('图片=.*' ,read )
94- for it in img :
95- images .append (str (it ).replace ('图片=' ,'' ))
96- print (bug )
97- chrome .find_element_by_name ('bug_title' ).send_keys (bug ['漏洞标题' ]) #填写漏洞标题
98- if bug ['漏洞类别' ]== '事件型漏洞' : #设置漏洞类别
99- leix = chrome .find_elements_by_name ('bug_internet_type' )[tyon [0 ]]
100- leix .click ()
101- else :
102- leix = chrome .find_elements_by_name ('bug_internet_type' )[tyon [1 ]]
103- leix .click ()
104-
105- chrome .find_element_by_name ('bug_firm_name' ).send_keys (bug ['厂商信息' ]) #填写厂商信息
106- chrome .find_element_by_name ('bug_firm_url' ).send_keys (bug ['所属域名' ]) #所属域名
107- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[5]/div/div[1]/div' ).click () #点击漏洞类型的界面
108- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[1]/a' ).click () #点击Web漏洞
109- chrome .find_element_by_xpath (web_bug [bug ['漏洞类型' ]]).click ()
110- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[6]/div/div/button' ).click () #点击漏洞级别的框框
111- chrome .find_element_by_xpath (bug_level [bug ['漏洞等级' ]]).click ()
112- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[8]/div/textarea' ).send_keys (bug ['漏洞描述' ]) #漏洞描述
113- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[4]' ).send_keys (bug ['复现步骤' ]) # 填写复现步骤
114- for tup in images :
115- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[1]/ul/li[13]/a' ).click () #点击图片上传
116- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[1]/ul/li[13]/div/ul/li[1]/a' ).click ()
117- time .sleep (1 )
118- dialog = win32gui .FindWindow ('#32770' , '打开' ) # 对话框
119- ComboBoxEx32 = win32gui .FindWindowEx (dialog , 0 , 'ComboBoxEx32' , None )
120- ComboBox = win32gui .FindWindowEx (ComboBoxEx32 , 0 , 'ComboBox' , None )
121- Edit = win32gui .FindWindowEx (ComboBox , 0 , 'Edit' , None ) # 上面三句依次寻找对象,直到找到输入框Edit对象的句柄
122- button = win32gui .FindWindowEx (dialog , 0 , 'Button' , None ) # 确定按钮Button
123- win32gui .SendMessage (Edit , win32con .WM_SETTEXT , None , r'{}' .format (tup )) # 往输入框输入绝对地址
124- win32gui .SendMessage (dialog , win32con .WM_COMMAND , 1 , button ) # 按button
125- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[4]' ).send_keys (Keys .ENTER )
126-
127- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[17]/div/div/div[1]/div[4]' ).send_keys (bug ['修复方案' ]) #填写修复方案
128- if bug ['匿名' ]== '否' :
129- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[18]/div/div/div/div/span[3]' ).click ()
130- else :
131- pass
132-
133- data = open (str (bug ['漏洞POC请求包' ]),'r' ,encoding = 'utf-8' ).read ()
134- print (data )
135-
136- try :
137- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[9]/div/input' ).send_keys (bug ['漏洞url/位置' ]) #填写漏洞URL
138- except :
139- pass
140-
141- try :
142- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[10]/div/input' ).send_keys (bug ['影响参数' ]) #填写影响参数
143- except :
144- pass
145-
146- try :
147- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[11]/div' ).click ()
148- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[11]/div/textarea' ).send_keys (data )
149- except :
150- pass
151-
152- #chrome.find_element_by_xpath('//*[@id="submit"]').click() #提交漏洞
153-
154- else :
155- hq = os .listdir ('bug' )
156- for v in hq :
157- dk = open ('bug/{}' .format (v ), 'r' , encoding = 'utf-8' )
158- read = dk .read ()
159- zz = re .findall ('漏洞标题=.*' , read )
160- bug ['漏洞标题' ] = str (zz [0 ]).replace ('漏洞标题=' , '' )
161- zz1 = re .findall ('漏洞类别=.*' , read )
162- bug ['漏洞类别' ] = str (zz1 [0 ]).replace ('漏洞类别=' , '' )
163- zz2 = re .findall ('厂商信息=.*' , read )
164- bug ['厂商信息' ] = str (zz2 [0 ]).replace ('厂商信息=' , '' )
165- zz3 = re .findall ('所属域名=.*' , read )
166- bug ['所属域名' ] = str (zz3 [0 ]).replace ('所属域名=' , '' )
167- zz4 = re .findall ('漏洞类型=.*' , read )
168- bug ['漏洞类型' ] = str (zz4 [0 ]).replace ('漏洞类型=' , '' )
169- zz5 = re .findall ('漏洞等级=.*' , read )
170- bug ['漏洞等级' ] = str (zz5 [0 ]).replace ('漏洞等级=' , '' )
171- zz6 = re .findall ('漏洞描述=.*' , read )
172- bug ['漏洞描述' ] = str (zz6 [0 ]).replace ('漏洞描述=' , '' )
173- zz6 = re .findall ('复现步骤=.*' , read )
174- bug ['复现步骤' ] = str (zz6 [0 ]).replace ('复现步骤=' , '' )
175- zz6 = re .findall ('修复方案=.*' , read )
176- bug ['修复方案' ] = str (zz6 [0 ]).replace ('修复方案=' , '' )
177- zz7 = re .findall ('匿名=.*' , read )
178- bug ['匿名' ] = str (zz7 [0 ]).replace ('匿名=' , '' )
179- zz8 = re .findall ('漏洞url/位置=.*' , read )
180- bug ['漏洞url/位置' ] = str (zz8 [0 ]).replace ('漏洞url/位置=' , '' )
181- zz9 = re .findall ('影响参数=.*' , read )
182- bug ['影响参数' ] = str (zz9 [0 ]).replace ('影响参数=' , '' )
183- zz10 = re .findall ('漏洞POC请求包=.*' , read )
184- bug ['漏洞POC请求包' ] = str (zz10 [0 ]).replace ('漏洞POC请求包=' , '' )
185-
186- img = re .findall ('图片=.*' , read )
187- for it in img :
188- images .append (str (it ).replace ('图片=' , '' ))
189- print (bug )
190- chrome .find_element_by_name ('bug_title' ).send_keys (bug ['漏洞标题' ]) # 填写漏洞标题
191- if bug ['漏洞类别' ] == '事件型漏洞' : # 设置漏洞类别
192- leix = chrome .find_elements_by_name ('bug_internet_type' )[tyon [0 ]]
193- leix .click ()
194- else :
195- leix = chrome .find_elements_by_name ('bug_internet_type' )[tyon [1 ]]
196- leix .click ()
197-
198- chrome .find_element_by_name ('bug_firm_name' ).send_keys (bug ['厂商信息' ]) # 填写厂商信息
199- chrome .find_element_by_name ('bug_firm_url' ).send_keys (bug ['所属域名' ]) # 所属域名
200- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[5]/div/div[1]/div' ).click () # 点击漏洞类型的界面
201- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[5]/div/div[2]/div/ul/li[1]/a' ).click () # 点击Web漏洞
202- chrome .find_element_by_xpath (web_bug [bug ['漏洞类型' ]]).click ()
203- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[6]/div/div/button' ).click () # 点击漏洞级别的框框
204- chrome .find_element_by_xpath (bug_level [bug ['漏洞等级' ]]).click ()
205- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[8]/div/textarea' ).send_keys (bug ['漏洞描述' ]) # 漏洞描述
206- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[4]' ).send_keys (
207- bug ['复现步骤' ]) # 填写复现步骤
208- for tup in images :
209- chrome .find_element_by_xpath (
210- '//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[1]/ul/li[13]/a' ).click () # 点击图片上传
211- chrome .find_element_by_xpath (
212- '//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[1]/ul/li[13]/div/ul/li[1]/a' ).click ()
213- time .sleep (1 )
214- dialog = win32gui .FindWindow ('#32770' , '打开' ) # 对话框
215- ComboBoxEx32 = win32gui .FindWindowEx (dialog , 0 , 'ComboBoxEx32' , None )
216- ComboBox = win32gui .FindWindowEx (ComboBoxEx32 , 0 , 'ComboBox' , None )
217- Edit = win32gui .FindWindowEx (ComboBox , 0 , 'Edit' , None ) # 上面三句依次寻找对象,直到找到输入框Edit对象的句柄
218- button = win32gui .FindWindowEx (dialog , 0 , 'Button' , None ) # 确定按钮Button
219- win32gui .SendMessage (Edit , win32con .WM_SETTEXT , None , r'{}' .format (tup )) # 往输入框输入绝对地址
220- win32gui .SendMessage (dialog , win32con .WM_COMMAND , 1 , button ) # 按button
221- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[15]/div/div[2]/div[1]/div[4]' ).send_keys (
222- Keys .ENTER )
223-
224- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[17]/div/div/div[1]/div[4]' ).send_keys (
225- bug ['修复方案' ]) # 填写修复方案
226- if bug ['匿名' ] == '否' :
227- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[18]/div/div/div/div/span[3]' ).click ()
228- else :
229- pass
230-
231- data = open (str (bug ['漏洞POC请求包' ]), 'r' , encoding = 'utf-8' ).read ()
232- print (data )
233-
234- try :
235- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[9]/div/input' ).send_keys (
236- bug ['漏洞url/位置' ]) # 填写漏洞URL
237- except :
238- pass
239-
240- try :
241- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[10]/div/input' ).send_keys (bug ['影响参数' ]) # 填写影响参数
242- except :
243- pass
244-
245- try :
246- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[11]/div' ).click ()
247- chrome .find_element_by_xpath ('//*[@id="submitform"]/div[11]/div/textarea' ).send_keys (data )
248- except :
249- pass
250-
251- chrome .find_element_by_xpath ('//*[@id="submit"]' ).click () # 提交漏洞
252-
253- images .clear ()
254- bug .clear ()
255- time .sleep (30 )
256- if __name__ == '__main__' :
257- login ()
1+ 403 Not Found
0 commit comments