From f0489baa4f0ae690e69bd67b5f7a7bb8d2e5e136 Mon Sep 17 00:00:00 2001
From: grt1st <jintianlu@qq.com>
Date: Thu, 15 Sep 2016 19:21:41 +0800
Subject: [PATCH] Add files via upload

---
 app.py     |  61 ++++++++++++++++++++++++
 app1.py    |  50 ++++++++++++++++++++
 search.php | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 245 insertions(+)
 create mode 100644 app.py
 create mode 100644 app1.py
 create mode 100644 search.php

diff --git a/app.py b/app.py
new file mode 100644
index 0000000..bd29ac5
--- /dev/null
+++ b/app.py
@@ -0,0 +1,61 @@
+#coding=utf-8
+import os
+import re
+import sys
+import MySQLdb
+from bs4 import BeautifulSoup
+path='bugs'
+#预编译
+pattern0=re.compile(r'<h3.*?class=\'wybug_title\'>.*?漏洞标题：(.*)<img.*?src="/images/credit.png"')
+pattern1=re.compile(r'<h3.*?class=\'wybug_date\'>提交时间：(.*)</h3>')
+pattern2=re.compile(r'>(.*)</a>')
+pattern3=re.compile(r'>(.*)</a>')
+pattern4=re.compile(r'：(.*)</h3>')
+pattern5=re.compile(r'漏洞标题：(.*)')
+for docs in os.listdir(path):
+	#打开文件，提取内容
+	if os.path.isdir('bugs/'+docs):
+		print "目录跳过"
+		continue
+	doc=open('bugs/'+docs,'r')
+	html=doc.read()
+	doc.close()
+	#提取信息
+	soup=BeautifulSoup(html,"html.parser")
+	corps=soup.find_all('h3',class_='wybug_corp')
+	corps=corps[0].find_all('a')
+	corp=corps[0]
+	corp=str(corp).replace('	','').replace('\n','')
+	authors=soup.find_all('h3',class_='wybug_author')
+	authors=authors[0].find_all('a')
+	author=authors[0]
+	author=str(author).replace('	','')
+	types=soup.find_all('h3',class_='wybug_type')
+	type0=str(types[0]).replace('	','')
+	title=re.findall(pattern0,html)
+	if title:
+		title1=title[0].replace('	','').replace(' ','')
+	else:
+		title=soup.find_all('h3',class_='wybug_title')
+		title0=title[0].text.encode('utf-8')
+		title0=re.findall(pattern5,title0)
+		title1=title0[0].replace('\n','').replace(' ','').replace('	','')
+	date=re.findall(pattern1,html)
+	date1=date[0].replace('	','')
+	corp1=re.findall(pattern2,corp)
+	author1=re.findall(pattern3,author)
+	type1=re.findall(pattern4,type0)
+	print title1,date1,author1[0],type1[0],corp1[0]
+	#连接数据库
+	try:
+		conn=MySQLdb.connect(host='localhost',port=3306,user='root',passwd='',db='wooyun',charset='utf8')
+		cur=conn.cursor()
+		reload(sys)
+		sys.setdefaultencoding('utf-8')
+		tmp=(title1,date1,author1[0],type1[0],corp1[0],docs)
+		cur.execute("INSERT INTO `bugs`(`title`,`dates`,`author`,`type`,`corp`,`doc`) VALUES(%s,%s,%s,%s,%s,%s)",tmp)
+		conn.commit()
+		cur.close()
+		conn.close()
+	except MySQLdb.Error,e:
+	     print "Mysql Error %d: %s" % (e.args[0], e.args[1])
diff --git a/app1.py b/app1.py
new file mode 100644
index 0000000..7249828
--- /dev/null
+++ b/app1.py
@@ -0,0 +1,50 @@
+#coding:utf-8
+import os
+import re
+import sys
+import MySQLdb
+from bs4 import BeautifulSoup
+path='drops'
+
+pattern0=re.compile(r'>(.*)</h1>')
+pattern1=re.compile(r'>\s*(.*)</a>')
+pattern2=re.compile(r'>(.*)</')
+pattern3=re.compile(r'(.*)(?=-)')
+for docs in os.listdir(path):
+	if os.path.isdir('drops/'+docs):
+		print "目录跳过"
+		continue
+	#打开文件，提取内容
+	doc=open('drops/'+docs,'r')
+	html=doc.read()
+	doc.close()
+	#提取信息
+	soup=BeautifulSoup(html,"html.parser")
+	title=soup.find_all('h1',class_='entry-title ng-binding')
+	if title:
+		title=re.findall(pattern0,str(title[0]))
+	#title[0]
+	else:
+		continue
+	author=soup.find_all('a',class_='author name ng-binding')
+	author=re.findall(pattern1,str(author[0]))
+	#author[0]
+	time=soup.find_all('time',class_='published ng-binding ng-isolate-scope')
+	time=re.findall(pattern2,str(time[0]))
+	time1=time[0].replace('/','-')
+	
+	doc=re.findall(pattern3,docs)
+	#doc0
+	print title[0],author[0],time1,doc[0],docs
+	try:
+		conn=MySQLdb.connect(host='localhost',port=3306,user='root',passwd='',db='wooyun',charset='utf8')
+		cur=conn.cursor()
+		reload(sys)
+		sys.setdefaultencoding('utf-8')
+		tmp=(title[0],time1,author[0],doc[0],docs)
+		cur.execute("INSERT INTO `drops`(`title`,`dates`,`author`,`type`,`doc`) VALUES(%s,%s,%s,%s,%s)",tmp)
+		conn.commit()
+		cur.close()
+		conn.close()
+	except MySQLdb.Error,e:
+	     print "Mysql Error %d: %s" % (e.args[0], e.args[1])
diff --git a/search.php b/search.php
new file mode 100644
index 0000000..b01a9c1
--- /dev/null
+++ b/search.php
@@ -0,0 +1,134 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+	<meta charset="utf-8">
+	<title>乌云搜索|搜索结果</title>
+	<link href="../bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css">
+	<script type="text/javascript" src="../bootstrap/js/jquery-3.1.0.min.js"></script>
+	<script type="text/javascript" src="../bootstrap/js/bootstrap.min.js"></script>
+	<link rel="stylesheet" type="text/css" href="search.css">
+</head>
+<body>
+<div id="my-container">
+<div id="my-header">
+	<strong class="my-words">search from wooyun.org</strong>
+	<ul class="my-menu">
+		<li class="my-item"><a class="lia" href="#">about</a></li>
+		<li class="my-item"><a class="lia" href="/pdf">drops</a></li>
+		<li class="my-item"><a class="lia" href="index.html">home</a></li>
+	</ul>
+</div>
+<div id="my-mainbody">
+<?php
+#接受参数
+if(!isset($_GET['keywords'])){
+	header("Location: index.html"); 
+	exit;
+}
+else{
+	$keywords=preg_replace("/[^a-zA-Z0-9\x{4e00}-\x{9fff}]+/u","",$_GET['keywords']);
+	}
+if(!isset($_GET['page'])){
+ 	$page=1;
+}else{
+	if(is_numeric($_GET['page'])&&is_int($_GET['page']+0)){
+		$page=$_GET['page'];
+	}
+	else{
+		$page=1;
+	}
+}
+if(!isset($_GET['kind'])){
+	$kind='bugs';
+}
+else{
+	if($_GET['kind']==='bugs'||$_GET['kind']==='drops'){
+	$kind=$_GET['kind'];
+	}
+	else{
+	$kind='bugs';
+	}
+}
+echo "<h3 style=\"display:inline-block;\">关键词【".$keywords."】的搜索结果：</h3>";
+//mysql建立连接 
+$db=new mysqli('localhost','root','','wooyun'); //localhost:3307
+//sql对象错误检查 
+if(mysqli_connect_errno()){ 
+	echo '<br>Error:Please try again later.'; 
+	exit(); 
+}
+// 建立查询 
+$db->set_charset("utf8");
+//分页处理
+$query0="SELECT count(*) FROM `".$kind."` WHERE `title` LIKE '%".$keywords."%'";
+$num=$db->query($query0);
+$row=$num->fetch_row();
+$rows=$row[0]/10;
+if($page>$rows){
+	$page=1;
+}
+echo "<h4 style=\"display:inline-block;\">共 ".$row[0]." 条记录</h4>";
+$start=($page-1)*15;
+$query="SELECT * FROM `".$kind."` WHERE `title` LIKE '%".$keywords."%' ORDER BY dates DESC LIMIT ".$start.",15";
+//执行查询 
+$result=$db->query($query); 
+//逐行分解result 
+echo "<table class=\"table table-striped table-hover\">";
+echo "<tr><td>提交时间</td><td>标题</td><td>漏洞类型</td><td>提交者</td><tr>";
+ for($i=0;$i<$result->num_rows;$i++){ 
+ 	$row_result=$result->fetch_object(); 
+ 	echo "<tr onclick=\"window.open('/wooyun/".$kind."/".$row_result->doc."');\" style=\"cursor:pointer;\">";
+ 	$time0=str_split($row_result->dates,10);
+ 	echo '<td>'.$time0[0].'</td>';
+ 	echo '<td style="color:#01a8ff;">'.$row_result->title.'</td>'; 
+	echo '<td style="color:#01a8ff;">'.$row_result->type.'</td>';
+ 	echo '<td>'.$row_result->author.'</td>';
+ 	echo '</tr>'; 
+ }
+// 显示result 
+// 释放连接,关闭sql. 
+$result->free(); 
+$db->close();
+//分页
+echo "<div class=\"pagination pagination-large my-page\">";
+echo "<ul>";
+$total=($row[0]-$row[0]%15)/15;
+$i=0;
+if($page==1){
+		echo "<li class=\"disabled\"><a href=\"#\">&laquo;</a></li>";
+	}
+	else{
+		echo "<li><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".($page-1)."\">&laquo;</a></li>";
+	}
+if($total>20&&$page<=9){
+	$total=17;
+}
+if($total>20&&$page>=9&&$page+8<=$total){
+	$i=$page-9;
+	$total=$page+8;
+}
+if($total>20&&$page>=9&&$page+8>$total){
+	$i=$total-17;
+}
+for(;$i<=$total;$i++){ 
+	if($page==$i+1){
+		echo "<li class=\"disabled\"><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".($i+1)."\">".($i+1)."</a></li>";	
+	}
+	else{
+		echo "<li><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".($i+1)."\">".($i+1)."</a></li>";	
+	}
+}
+if($page==$total+1){
+		echo "<li class=\"disabled\"><a href=\"#\">&raquo;</a></li>";
+	}
+	else{
+		echo "<li><a href=\"search.php?kind=".$kind."&keywords=".$keywords."&page=".($page+1)."\">&raquo;</a></li>";
+	}
+echo "</ul></div>";
+?>
+<h5>数据来源于wooyun.org</h5>
+</div>
+</div>
+</body>
+</html>