admin/DeepSeekSelfTool
1
0
Fork 0
mirror of https://github.com/ChinaRan0/DeepSeekSelfTool.git synced 2025-05-05 10:18:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
宗宸·谢尔比 2025-02-04 17:49:47 +08:00 committed by GitHub
parent d4960e767d
commit 207c24a3d3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 356 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
DeepSeekSelfTool.py
View File

@ -364,17 +364,25 @@ class SourceCodeAuditThread(QThread):
# API请求
try:
prompt = f"""请对以下代码文件进行安全审计,要求:
1. 识别SQL注入XSS文件包含命令执行等漏洞
2. 检查不安全的权限设置和敏感信息泄露
3. 输出格式文件名{os.path.basename(file_path)}
- 漏洞类型:
- 危险等级:
- 位置行号:
- 修复建议:
4.如果不存在漏洞则不输出
5.忽略API请求失败,不输出
文件内容
prompt = f"""【强制指令】你是一个专业的安全审计AI请按以下要求分析代码
1. 漏洞分析流程
1.1 识别潜在风险点SQL操作文件操作用户输入点文件上传漏洞CSRFSSRFXSSRCEOWASP top10等漏洞
1.2 验证漏洞可利用性
1.3 按CVSS评分标准评估风险等级
2. 输出规则
- 仅输出确认存在的高危/中危漏洞
- 使用严格格式[风险等级] 类型 - 位置:行号 - 50字内描述
- 禁止解释漏洞原理
- 禁止给出修复建议
- 每文件最多报告3个最严重问题
3. 输出示例除此外不要有任何输出
[高危] SQL注入 - {os.path.basename(file_path)}:32 - 未过滤的$_GET参数直接拼接SQL查询
[中危] XSS - {os.path.basename(file_path)}:15 - 未转义的userInput输出到HTML
4. 当前代码仅限分析
{content[:3000]}""" # 限制每个文件内容长度
result = self.api.chat_completion(prompt)
@ -1127,4 +1135,4 @@ if __name__ == '__main__':
window = CyberSecurityApp()
window.show()
sys.exit(app.exec_())
sys.exit(app.exec_())

4
config.py
View File

@ -1,12 +1,12 @@
# API配置
API_TYPE="deepseek" # 可选值: "deepseek" 或 "ollama"
API_TYPE="ollama" # 可选值: "deepseek" 或 "ollama"
# DeepSeek API配置
DEEPSEEK_API_KEY=""
# Ollama API配置
OLLAMA_API_URL="http://localhost:11434/api/chat" # Ollama API地址
OLLAMA_MODEL="deepseek-r1:7b" # Ollama模型名称
OLLAMA_MODEL="qwen2.5-coder:14b" # Ollama模型名称
# 主题配色方案
THEMES = {

334
ollamaMain.py Normal file
View File

@ -0,0 +1,334 @@
import os
import re
import json
import requests
from PyQt5 import QtCore, QtGui, QtWidgets
from PyQt5.QtCore import QThread, pyqtSignal
from config import OLLAMA_API_URL, OLLAMA_MODEL # 用户自定义配置
class CyberTextEdit(QtWidgets.QTextEdit):
def __init__(self, parent=None):
super().__init__(parent)
self.setStyleSheet("""
QTextEdit {
background-color: #001a1a;
color: #00ff00;
border: 2px solid #00ffff;
border-radius: 5px;
padding: 10px;
font-family: 'Consolas';
font-size: 12pt;
}
""")
class HackerWorker(QThread):
analysis_complete = pyqtSignal(str)
progress_update = pyqtSignal(str)
def __init__(self, files_content):
super().__init__()
self.files_content = files_content
def run(self):
full_report = []
for filepath, content in self.files_content.items():
self.progress_update.emit(f"🔍 Analyzing {os.path.basename(filepath)}...")
prompt = f"""【强制指令】你是一个专业的安全审计AI请按以下要求分析代码
1. 漏洞分析流程
1.1 识别潜在风险点SQL操作文件操作用户输入点文件上传漏洞CSRFSSRFXSSRCEOWASP top10等漏洞
1.2 验证漏洞可利用性
1.3 按CVSS评分标准评估风险等级
2. 输出规则
- 仅输出确认存在的高危/中危漏洞
- 使用严格格式[风险等级] 类型 - 位置:行号 - 50字内描述
- 禁止解释漏洞原理
- 禁止给出修复建议
- 每文件最多报告3个最严重问题
3. 输出示例除此外不要有任何输出
[高危] SQL注入 - user_login.php:32 - 未过滤的$_GET参数直接拼接SQL查询
[中危] XSS - comment.jsp:15 - 未转义的userInput输出到HTML
4. 当前代码仅限分析
{content[:3000]}"""
try:
response = requests.post(
f"{OLLAMA_HOST}/api/generate",
json={
"model": OLLAMA_MODEL,
"prompt": prompt,
"stream": False
}
)
result = json.loads(response.text)["response"]
result = re.sub(r'<think>.*?</think>', '', result, flags=re.DOTALL)
full_report.append(f"📄 文件:{filepath}\n{result}\n{''*50}")
except Exception as e:
full_report.append(f"❌ 错误:处理文件 {filepath} 时发生错误\n{str(e)}")
self.analysis_complete.emit("\n".join(full_report))
class WebshellWorker(QThread):
detection_complete = pyqtSignal(str)
progress_update = pyqtSignal(str)
def __init__(self, files_content):
super().__init__()
self.files_content = files_content
def run(self):
detection_results = []
for filepath, content in self.files_content.items():
self.progress_update.emit(f"🕵️ 扫描 {os.path.basename(filepath)}...")
prompt = f"""【Webshell检测指令】请严格按以下步骤分析代码
1. 检测要求
请分析以下文件内容是否为WebShell或内存马要求
1. 检查PHP/JSP/ASP等WebShell特征如加密函数执行系统命令文件操作
2. 识别内存马特征如无文件落地进程注入异常网络连接
3. 分析代码中的可疑功能如命令执行文件上传信息收集
4. 检查混淆编码加密手段等规避技术
2. 判断规则
- 仅当确认恶意性时报告
- 输出格式🔴 [高危] Webshell - 文件名:行号 - 检测到[特征1+特征2+...]
3. 输出示例严格按照此格式输出不要有任何的补充如果未检测到危险则不输出除此之外不要有任何输出
🔴 [高危] Webshell - malicious.php:8 - 检测到[system执行+base64解码+错误抑制]
4. 待分析代码
{content[:3000]}"""
try:
response = requests.post(
f"{OLLAMA_HOST}/api/generate",
json={
"model": OLLAMA_MODEL,
"prompt": prompt,
"stream": False
}
)
result = json.loads(response.text)["response"]
result = re.sub(r'<think>.*?</think>', '', result, flags=re.DOTALL)
detection_results.append(f"📁 {filepath}\n{result}\n{''*50}")
except Exception as e:
detection_results.append(f"❌ 错误:{filepath}\n{str(e)}")
self.detection_complete.emit("\n".join(detection_results))
class CyberScanner(QtWidgets.QMainWindow):
def __init__(self):
super().__init__()
self.setWindowTitle("AI安全审计系统 BY:公众号_知攻善防实验室 ChinaRan404 ")
self.setGeometry(100, 100, 1280, 720)
self.setup_ui()
self.files_content = {}
self.scan_thread = None
def setup_ui(self):
main_widget = QtWidgets.QWidget()
self.setCentralWidget(main_widget)
layout = QtWidgets.QHBoxLayout(main_widget)
# 左侧面板
left_panel = QtWidgets.QFrame()
left_panel.setStyleSheet("background-color: #000d1a; border-right: 2px solid #00ffff;")
left_layout = QtWidgets.QVBoxLayout(left_panel)
# 目录选择按钮
self.btn_select = QtWidgets.QPushButton("📁 激活数据源")
self.btn_select.setStyleSheet("""
QPushButton {
background-color: #002b2b;
color: #00ffff;
border: 2px solid #008080;
padding: 12px;
font-size: 14pt;
font-weight: bold;
border-radius: 5px;
}
QPushButton:hover {
background-color: #004d4d;
border-color: #00ffff;
}
""")
self.btn_select.clicked.connect(self.select_directory)
left_layout.addWidget(self.btn_select)
# 路径显示
self.lbl_path = QtWidgets.QLabel("未选择数据源")
self.lbl_path.setStyleSheet("color: #00ff00; font-size: 10pt; padding: 5px;")
left_layout.addWidget(self.lbl_path)
# 模式选择
mode_group = QtWidgets.QGroupBox("🔧 检测模式")
mode_group.setStyleSheet("""
QGroupBox {
color: #00ff00;
border: 1px solid #00ffff;
margin-top: 10px;
font-size: 12pt;
}
""")
mode_layout = QtWidgets.QVBoxLayout()
self.radio_audit = QtWidgets.QRadioButton("代码安全审计")
self.radio_webshell = QtWidgets.QRadioButton("Webshell检测")
self.radio_audit.setChecked(True)
for rb in [self.radio_audit, self.radio_webshell]:
rb.setStyleSheet("""
QRadioButton { color: #00ff00; padding: 8px; }
QRadioButton::indicator { width: 20px; height: 20px; }
""")
mode_layout.addWidget(rb)
mode_group.setLayout(mode_layout)
left_layout.addWidget(mode_group)
# 文件树
self.file_tree = QtWidgets.QTreeView()
self.file_model = QtWidgets.QFileSystemModel()
self.file_model.setRootPath("")
self.file_tree.setModel(self.file_model)
self.file_tree.setStyleSheet("""
QTreeView {
background-color: #001a1a;
color: #00ff00;
border: 1px solid #008080;
font-family: 'Consolas';
}
QTreeView::item:hover { background-color: #003333; }
""")
left_layout.addWidget(self.file_tree)
# 扫描按钮
self.btn_scan = QtWidgets.QPushButton("🚨 启动扫描协议")
self.btn_scan.setStyleSheet("""
QPushButton {
background-color: #004d4d;
color: #00ffff;
border: 2px solid #00ffff;
padding: 15px;
font-size: 16pt;
font-weight: bold;
border-radius: 5px;
}
QPushButton:disabled {
background-color: #002b2b;
color: #008080;
border-color: #004d4d;
}
QPushButton:hover { background-color: #006666; }
""")
self.btn_scan.clicked.connect(self.start_scan)
self.btn_scan.setEnabled(False)
left_layout.addWidget(self.btn_scan)
# 右侧显示区
self.result_display = CyberTextEdit()
self.result_display.setAcceptRichText(True)
layout.addWidget(left_panel, 1)
layout.addWidget(self.result_display, 2)
# 状态栏
self.status_bar = QtWidgets.QStatusBar()
self.setStatusBar(self.status_bar)
self.status_bar.setStyleSheet("""
QStatusBar {
background-color: #000d1a;
color: #00ff00;
border-top: 1px solid #00ffff;
font-family: 'Consolas';
}
""")
def select_directory(self):
directory = QtWidgets.QFileDialog.getExistingDirectory(
self,
"选择代码矩阵接入点",
"",
QtWidgets.QFileDialog.ShowDirsOnly
)
if directory:
self.lbl_path.setText(f"📂 数据源:{directory}")
self.file_tree.setRootIndex(self.file_model.index(directory))
self.btn_scan.setEnabled(True)
self.status_bar.showMessage("✅ 数据源接入成功")
def start_scan(self):
root_index = self.file_tree.rootIndex()
if not root_index.isValid():
QtWidgets.QMessageBox.warning(self, "警告", "请先选择代码目录!")
return
root_path = self.file_model.filePath(root_index)
self.files_content = self.scan_code_files(root_path)
if self.radio_audit.isChecked():
worker = HackerWorker(self.files_content)
init_msg = "🚀 启动深度代码分析协议..."
complete_signal = worker.analysis_complete
else:
worker = WebshellWorker(self.files_content)
init_msg = "🕵️ 启动Webshell检测协议..."
complete_signal = worker.detection_complete
self.scan_thread = worker
self.scan_thread.progress_update.connect(self.update_status)
complete_signal.connect(self.show_results)
self.scan_thread.start()
self.btn_scan.setEnabled(False)
self.result_display.setText(f"{init_msg}\n" + ""*50 + "\n")
def scan_code_files(self, directory):
allowed_ext = ['.php', '.jsp', '.asp', '.js', '.html', '.py', '.java']
code_files = {}
for root, _, files in os.walk(directory):
for file in files:
if os.path.splitext(file)[1].lower() in allowed_ext:
path = os.path.join(root, file)
try:
with open(path, 'r', encoding='utf-8') as f:
code_files[path] = f.read()
except:
code_files[path] = "无法读取文件内容"
return code_files
def update_status(self, message):
self.status_bar.showMessage(message)
self.result_display.append(f"{message}")
def show_results(self, report):
self.btn_scan.setEnabled(True)
if self.radio_webshell.isChecked():
self.result_display.append("\n🔍 Webshell检测完成结果如下\n")
report = re.sub(r'🔴 \[高危\]', '🔴 [高危]', report)
report = re.sub(r'\[安全\]', '✅ [安全]', report)
else:
self.result_display.append("\n🔥 代码审计完成!发现以下安全漏洞:\n")
report = re.sub(r'\[高危\]', '[高危]', report)
report = re.sub(r'\[中危\]', '[中危]', report)
self.result_display.append(report)
self.status_bar.showMessage("✅ 扫描完成")
if __name__ == "__main__":
# 保持源文本的核心内容不变
OLLAMA_HOST = OLLAMA_API_URL.split('/api')[0]
app = QtWidgets.QApplication([])
app.setStyle('Fusion')
font = QtGui.QFont("Consolas", 10)
app.setFont(font)
window = CyberScanner()
window.show()
app.exec_()