public function getaccountinfo($account) { $query = 'select * from ' . LOGINS_TABLE . ' where account = :account'; $results = DB::query(Database::SELECT, $query)->bind(':account', $account)->execute('vulndb_users'); foreach ($results as $result) { $return = array('username' => $result['username'], 'password' => $result['password'], 'password_decrypted' => CryptAES::decrypt($result['password']), 'api_url' => $result['api_url'], 'url1' => 'https://' . $result['api_url'] . "/msp/", 'url2' => 'https://' . $result['api_url'] . "/api/2.0/fo/"); } return $return; }
* Script to encrypt or decrypt text using our defined key in config/crypt.php * * * Usage: ( from the main vulnDB directory ) * php bin/util/kb_to_csv_converter.php /path/to/output/file/to.csv * * * **/ if (!is_file($init_file = realpath(dirname(__FILE__)) . "/../../init.php")) { echo "Could not find init.php, this file is requied for vulnDB to operate\n"; exit(1); } require $init_file; if (!isset($argv[1]) || !$argv[2]) { Usage(); } $output_file = $argv[1]; if ($argv[2] == "encrypt") { $encrypted_text = CryptAES::encrypt($argv[1]) . "\n"; echo "\nEncrypted Text: {$encrypted_text}\n "; } else { if ($argv[2] == "decrypt") { $decrypted_text = CryptAES::decrypt($argv[1]) . "\n"; echo "\nDecrypted Text: {$decrypted_text}\n"; } } function Usage() { echo " \nPlease Supply text to be encrypted.\n\n\nUsage: php {$_SERVER['SCRIPT_NAME']} <text_to_encrypt> <method>('encrypt' or 'decrypt')\n\n"; }
**/ if (!is_file($init_file = realpath(dirname(__FILE__)) . "/../init.php")) { echo "Could not find init.php, this file is requied for vulnDB to operate\n"; exit(1); } require $init_file; $insert_model = Model::factory('vulndb_insert'); $vulndb = Model::factory('vulndb_main'); $vdb_config = Config::load('vulndb'); Logger::msg('info', array('message' => 'Starting the asset data report updater')); $accounts = $vulndb->getaccounts(); foreach ($accounts as $account) { $now = date('c'); $account_name = $account['account']; $username = $account['username']; $password = CryptAES::decrypt($account['password']); $url1 = 'https://' . $account['api_url'] . '/msp/'; $url2 = 'https://' . $account['api_url'] . '/api/2.0/fo/'; $api1 = new QualysAPI_v1(); Logger::msg("info", array("message" => "fetching report list", 'account' => $account_name, 'api_call' => 'report_template_list', 'api_version' => 1)); $report_template_xml = $api1->report_template_list($url1, $username, $password); // Check that we got valid XML if (!$vulndb->is_xml($report_template_xml)) { Logger::msg("error", array('message' => 'what I got back from the API call was not XML')); Logger::msg("info", array('report_template_xml' => $report_template_xml)); exit; } // Delete the current report templates in the table for this account $delete_templates = DB::query(Database::DELETE, "DELETE FROM " . REPORT_TEMPLATE_TABLE . " WHERE ACCOUNT = :account")->bind(":account", $account_name)->execute(); Logger::msg("info", array("message" => "deleted report templates", "table" => REPORT_TEMPLATE_TABLE, "account" => $account_name, "rows_deleted" => $delete_templates)); // Put the report template list in the DB
for ($i=0; $i < $length; $i += 2) { $bindata .= chr(hexdec(substr($hexdata, $i, 2))); } return $bindata; } public static function pkcs5_pad($text, $blocksize) { $pad = $blocksize - (strlen($text) % $blocksize); return $text . str_repeat(chr($pad), $pad); } public static function pkcs5_unpad($text) { $pad = ord($text{strlen($text) - 1}); if ($pad > strlen($text)) return false; if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false; return substr($text, 0, -1 * $pad); } } $aes = new CryptAES(); $aes->set_key('9691bf55bc51f57a711f0068b9c417cd'); $aes->require_pkcs5(); $rt = $aes->encrypt('ssss'); echo "原始的字符串:".$aes->decrypt($rt).'<br />'; echo "加密后的字符串:".$rt; exit; ?>
echo "Are you sure you want to update the password for {$account['account']}?\n"; echo "1.) Yes\n"; echo "2.) Cancel\n"; echo "Choice:\n"; $choice = trim(fgets(STDIN)); if ($choice == 1) { $update_pw = $vulndb->update_account_password($account['account'], $new_enc_password); if ($update_pw) { echo "Password successfully updated for {$account['account']}\n"; } } else { break; } break; case 5: echo CryptAES::decrypt($account['password']) . "\n"; break; case 6: echo "Please enter new URL for API without https:// - ex qualysapi.qualys.com\n"; $new_url = trim(fgets(STDIN)); echo "\n\n"; echo "Are you sure you want to update the API URL for {$account['account']}?\n"; echo "1.) Yes\n"; echo "2.) Cancel\n"; echo "Choice:\n"; $choice = trim(fgets(STDIN)); if ($choice == 1) { $update = $vulndb->update_account_url($account['account'], $new_url); if ($update) { echo "URL successfully updated for {$account['account']}\n"; }
/** * @brief 加密数据 * * @param $originStr 原始数据 * * @return */ protected function _encryptData($originStr) { return CryptAES::encode($originStr, $this->_encryptArr['from'], $this->_encryptArr['api_secret'], $this->_encryptArr['aes_iv']); }
public static function decrypt($text) { $key = CryptAES::getkey(); return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, ENC_KEY, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))); }