|
|
#!/usr/bin/env python
|
|
|
|
|
|
"""
|
|
|
Copyright (c) 2006-2024 sqlmap developers (https://sqlmap.org/)
|
|
|
See the file 'LICENSE' for copying permission
|
|
|
"""
|
|
|
|
|
|
# 导入需要的模块
|
|
|
from __future__ import print_function
|
|
|
|
|
|
import mimetypes # 用于猜测文件的MIME类型
|
|
|
import gzip # 用于gzip压缩
|
|
|
import os # 操作系统相关功能
|
|
|
import re # 正则表达式
|
|
|
import sys # 系统相关功能
|
|
|
import threading # 多线程支持
|
|
|
import time # 时间相关功能
|
|
|
import traceback # 异常追踪
|
|
|
|
|
|
# 将上级目录添加到Python路径中
|
|
|
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")))
|
|
|
|
|
|
# 导入自定义模块和第三方库
|
|
|
from lib.core.enums import HTTP_HEADER # HTTP头部常量
|
|
|
from lib.core.settings import UNICODE_ENCODING # 编码设置
|
|
|
from lib.core.settings import VERSION_STRING # 版本信息
|
|
|
from thirdparty import six # Python 2/3 兼容库
|
|
|
from thirdparty.six.moves import BaseHTTPServer as _BaseHTTPServer # HTTP服务器基类
|
|
|
from thirdparty.six.moves import http_client as _http_client # HTTP客户端
|
|
|
from thirdparty.six.moves import socketserver as _socketserver # Socket服务器
|
|
|
from thirdparty.six.moves import urllib as _urllib # URL处理
|
|
|
|
|
|
# 服务器配置
|
|
|
HTTP_ADDRESS = "0.0.0.0" # 监听所有网络接口
|
|
|
HTTP_PORT = 8951 # 服务器端口
|
|
|
DEBUG = True # 调试模式开关
|
|
|
HTML_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "data", "html")) # HTML文件目录
|
|
|
DISABLED_CONTENT_EXTENSIONS = (".py", ".pyc", ".md", ".txt", ".bak", ".conf", ".zip", "~") # 禁止访问的文件扩展名
|
|
|
|
|
|
class ThreadingServer(_socketserver.ThreadingMixIn, _BaseHTTPServer.HTTPServer):
|
|
|
"""多线程HTTP服务器类"""
|
|
|
def finish_request(self, *args, **kwargs):
|
|
|
"""处理请求完成时的回调"""
|
|
|
try:
|
|
|
_BaseHTTPServer.HTTPServer.finish_request(self, *args, **kwargs)
|
|
|
except Exception:
|
|
|
if DEBUG:
|
|
|
traceback.print_exc()
|
|
|
|
|
|
class ReqHandler(_BaseHTTPServer.BaseHTTPRequestHandler):
|
|
|
"""HTTP请求处理器类"""
|
|
|
def do_GET(self):
|
|
|
"""处理GET请求"""
|
|
|
# 解析URL和查询参数
|
|
|
path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "")
|
|
|
params = {}
|
|
|
content = None
|
|
|
|
|
|
# 解析查询参数
|
|
|
if query:
|
|
|
params.update(_urllib.parse.parse_qs(query))
|
|
|
|
|
|
# 只保留每个参数的最后一个值
|
|
|
for key in params:
|
|
|
if params[key]:
|
|
|
params[key] = params[key][-1]
|
|
|
|
|
|
self.url, self.params = path, params
|
|
|
|
|
|
# 处理根路径请求
|
|
|
if path == '/':
|
|
|
path = "index.html"
|
|
|
|
|
|
# 处理文件路径
|
|
|
path = path.strip('/')
|
|
|
path = path.replace('/', os.path.sep)
|
|
|
path = os.path.abspath(os.path.join(HTML_DIR, path)).strip()
|
|
|
|
|
|
# 如果文件不存在但存在同名的.html文件,则使用.html文件
|
|
|
if not os.path.isfile(path) and os.path.isfile("%s.html" % path):
|
|
|
path = "%s.html" % path
|
|
|
|
|
|
# 检查文件是否可访问并返回相应内容
|
|
|
if ".." not in os.path.relpath(path, HTML_DIR) and os.path.isfile(path) and not path.endswith(DISABLED_CONTENT_EXTENSIONS):
|
|
|
content = open(path, "rb").read()
|
|
|
self.send_response(_http_client.OK)
|
|
|
self.send_header(HTTP_HEADER.CONNECTION, "close")
|
|
|
self.send_header(HTTP_HEADER.CONTENT_TYPE, mimetypes.guess_type(path)[0] or "application/octet-stream")
|
|
|
else:
|
|
|
# 返回404错误页面
|
|
|
content = ("<!DOCTYPE html><html lang=\"en\"><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL %s was not found on this server.</p></body></html>" % self.path.split('?')[0]).encode(UNICODE_ENCODING)
|
|
|
self.send_response(_http_client.NOT_FOUND)
|
|
|
self.send_header(HTTP_HEADER.CONNECTION, "close")
|
|
|
|
|
|
if content is not None:
|
|
|
# 处理模板标记
|
|
|
for match in re.finditer(b"<!(\\w+)!>", content):
|
|
|
name = match.group(1)
|
|
|
_ = getattr(self, "_%s" % name.lower(), None)
|
|
|
if _:
|
|
|
content = self._format(content, **{name: _()})
|
|
|
|
|
|
# 如果客户端支持gzip压缩,则压缩内容
|
|
|
if "gzip" in self.headers.get(HTTP_HEADER.ACCEPT_ENCODING):
|
|
|
self.send_header(HTTP_HEADER.CONTENT_ENCODING, "gzip")
|
|
|
_ = six.BytesIO()
|
|
|
compress = gzip.GzipFile("", "w+b", 9, _)
|
|
|
compress._stream = _
|
|
|
compress.write(content)
|
|
|
compress.flush()
|
|
|
compress.close()
|
|
|
content = compress._stream.getvalue()
|
|
|
|
|
|
self.send_header(HTTP_HEADER.CONTENT_LENGTH, str(len(content)))
|
|
|
|
|
|
self.end_headers()
|
|
|
|
|
|
# 发送响应内容
|
|
|
if content:
|
|
|
self.wfile.write(content)
|
|
|
|
|
|
self.wfile.flush()
|
|
|
|
|
|
def _format(self, content, **params):
|
|
|
"""格式化响应内容,替换模板标记"""
|
|
|
if content:
|
|
|
for key, value in params.items():
|
|
|
content = content.replace("<!%s!>" % key, value)
|
|
|
return content
|
|
|
|
|
|
def version_string(self):
|
|
|
"""返回服务器版本信息"""
|
|
|
return VERSION_STRING
|
|
|
|
|
|
def log_message(self, format, *args):
|
|
|
"""禁用日志记录"""
|
|
|
return
|
|
|
|
|
|
def finish(self):
|
|
|
"""完成请求处理"""
|
|
|
try:
|
|
|
_BaseHTTPServer.BaseHTTPRequestHandler.finish(self)
|
|
|
except Exception:
|
|
|
if DEBUG:
|
|
|
traceback.print_exc()
|
|
|
|
|
|
def start_httpd():
|
|
|
"""启动HTTP服务器"""
|
|
|
server = ThreadingServer((HTTP_ADDRESS, HTTP_PORT), ReqHandler)
|
|
|
thread = threading.Thread(target=server.serve_forever)
|
|
|
thread.daemon = True # 设置为守护线程
|
|
|
thread.start()
|
|
|
|
|
|
print("[i] running HTTP server at '%s:%d'" % (HTTP_ADDRESS, HTTP_PORT))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
"""主程序入口"""
|
|
|
try:
|
|
|
start_httpd()
|
|
|
# 保持程序运行
|
|
|
while True:
|
|
|
time.sleep(1)
|
|
|
except KeyboardInterrupt:
|
|
|
pass
|
