发布时间:2019-09-03 08:55:52编辑:auto阅读(3028)
巡风是一款适用于企业内网的漏洞快速应急、巡航扫描
系统,只做初步探测,无攻击性行为。
其主体分为两部分:网络资产识别引擎
,漏洞检测引擎
。
网络资产识别引擎会通过用户配置的IP范围定期自动
的进行端口探测(支持调用MASSCAN),并进行指纹识别,识别内容包括:服务类型、组件容器、脚本语言、CMS。
漏洞检测引擎会根据用户指定的任务规则
进行定期或者一次性的漏洞检测,其支持2种插件类型、标示符与脚本,均可通过web控制台进行添加。
本人是python门外汉,有什么不对的大家请指出!
下载python 64位:
https://www.python.org/downloads/windows/
安装好了之后升级pip
git clone https://github.com/ysrc/xunfeng.git
pip install -r requirements.txt -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
下载: https://sec.ly.com/mirror/mongodb-win32-x86_64-2008plus-ssl-3.4.0-signed.msi
安装,并添加系统path变量
创建目录:mongodata
start mongod --port 65521 --dbpath G:/tools/xunfeng/mongodata --auth
G:\tools\xunfeng>mongo 127.0.0.1:65521/xunfeng
MongoDB shell version v3.4.0
connecting to: mongodb://127.0.0.1:65521/xunfeng
MongoDB server version: 3.4.0
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
> db.createUser({user:'admin',pwd:'xunfeng321',roles:[{role:'dbOwner',db:'xunfeng'}]})
2019-07-04T15:38:32.400+0800 E QUERY [main] Error: couldn't add user: not authorized on xunfeng t
o execute command { createUser: "admin", pwd: "xxx", roles: [ { role: "dbOwner", db: "xunfeng" } ],
digestPassword: false, writeConcern: { w: "majority", wtimeout: 300000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1290:15
@(shell):1:1
不使用认证模式:
start mongod --port 65521 --dbpath G:/tools/xunfeng/mongodata
G:\tools\xunfeng>mongo 127.0.0.1:65521/xunfeng
MongoDB shell version v3.4.0
connecting to: mongodb://127.0.0.1:65521/xunfeng
MongoDB server version: 3.4.0
> db.createUser({user:'scan',pwd:'scanlol66',roles:[{role:'dbOwner',db:'xunfeng'}]})
Successfully added user: {
"user" : "scan",
"roles" : [
{
"role" : "dbOwner",
"db" : "xunfeng"
}
]
}
> exit
bye
db
文件夹位于xunfeng代码目录中:
$ mongorestore.exe -h 127.0.0.1 --port 65521 -d xunfeng db
关闭mongod.exe进程
根据实际情况修改 conifg.py
和 run.bat
文件后, 执行:
> run.bat
G:\tools\xunfeng>python web.py
Traceback (most recent call last):
File "web.py", line 1, in <module>
from views.view import app
File "G:\tools\xunfeng\views\view.py", line 384
print 'upload result:' + rsp.read()
^
SyntaxError: invalid syntax
Python 3.0以后的print都改为了print();
from urllib import unquote, urlopen, urlretrieve, quote, urlencode
ImportError: cannot import name 'unquote' from 'urllib' (D:\Program Files\Python37\lib\urllib\__init
__.py)
在Python 3.x中,我们需要导入urllib.parse.quote
时:
使用from urllib.parse import quote
修改:
from urllib.parse import unquote, quote,urlencode
from urllib.request import urlopen, urlretrieve
File "G:\tools\xunfeng\views\view.py", line 12, in <module>
from lib.CreateExcel import *
ModuleNotFoundError: No module named 'lib'
不要执行pip install lib
File "G:\tools\xunfeng\views\view.py", line 12, in <module>
from lib.CreateExcel import *
ModuleNotFoundError: No module named 'lib.CreateExcel'
修改:
from .lib.CreateExcel import *
from .lib.Login import logincheck
from .lib.AntiCSRF import anticsrf
from .lib.QueryLogic import querylogic
import StringIO
ModuleNotFoundError: No module named 'StringIO'
Python3中已将StringIO归入io,改成:import io
或者:
“import StringIO”改成“from io import StringIO ”,运行成功。
import StringIO适用于python 2.X
StringIO.改成io.
except Exception, e:
^
SyntaxError: invalid syntax
批量替换成:except Exception as e:
ModuleNotFoundError: No module named 'urllib2'
用urllib.request代替urllib2,批量替换
G:\tools\xunfeng>python web.py
* Serving Flask app "views" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
* Running on http://0.0.0.0:80/ (Press CTRL+C to quit)
执行其他的命令,修复错误
python3中,由于thread有两个很致命的问题,所以python3更推荐用threading代替thread,
所以,thread被改名为_thread
import _thread
G:\tools\xunfeng>pip install mongo
Collecting mongo
Downloading https://files.pythonhosted.org/packages/30/06/3b87f3487c7c9c6a2ae9994c81f4fda82446b3b2
96c7f35b0b7824708fc4/mongo-0.2.0.tar.gz
Requirement already satisfied: pymongo in d:\program files\python37\lib\site-packages (from mongo) (
3.8.0)
Installing collected packages: mongo
Running setup.py install for mongo ... done
Successfully installed mongo-0.2.0
G:\tools\xunfeng>python nascan/nascan.py
Traceback (most recent call last):
File "nascan/nascan.py", line 4, in <module>
from lib.common import *
File "G:\tools\xunfeng\nascan\lib\common.py", line 4, in <module>
import log
File "D:\Program Files\Python37\lib\log.py", line 5, in <module>
reload(sys)
NameError: name 'reload' is not defined
from importlib import reload
修复xunfeng\nascan\lib下的log.py,scan.py,cidr.py,icmp.py,mongo.py...
还是会相对路径错误,最后还是将某些导入修改为类似:from . import log,过了一个from .
不要执行pip install config
sys.setdefaultencoding('utf8')
AttributeError: module 'sys' has no attribute 'setdefaultencoding'
去掉:sys.setdefaultencoding('utf8')
python3 中引入Queue 会报出这个问题,需小写的
python3 中这样引入:import queue
python2 中这样引入:import Queue
为了兼容 可以这样
import sys
if sys.version > '3':
import queue as Queue
else:
import Queue
或者:
from multiprocessing import Queue
访问http://127.0.0.1/ 直接302出错,跳转到500页面
500
访问:
输入账号密码还是跳转到了500页面127.0.0.1 - - [04/Jul/2019 20:54:19] "POST /login HTTP/1.1" 302 -
'SecureCookieSession' object has no attribute 'has_key'
xunfeng\views\lib\Login.py (1 hit)
Line 11: if session.has_key('login'):
Python从2.6版本后中将has_key换成in
if 'login' in session:
终于成功登陆进入
python vulscan/vulscan.py还有其他问题:
每次启动都下载:
b'20190527'
check version
new version 20190527
kunpeng update 20190527
url https://github.com/opensec-cn/kunpeng/releases/download/20190527/kunpeng_windows_v20190527.zip
0.00%
G:\tools\xunfeng\vulscan\kunpeng.py (1 hit)
Line 37: print('new version', release['tag_name'])
self.get_version(): b'20190527'
版本不知道获取是这样self.kunpeng.GetVersion.restype = c_char_p
# 返回值的类型是 'bytes' object
if release['tag_name'] != self.get_version():
替换成:
if release['tag_name'].encode() != self.get_version():
update success 20190527
_
| | ___ _ _ __ _ __ ___ _ __ __ _
| |/ / | | | '_ \| '_ \ / _ \ '_ \ / _' |
| <| |_| | | | | |_) | __/ | | | (_| |
|_|\_\\__,_|_| |_| .__/ \___|_| |_|\__, |
|_| |___/
b'20190527'
vulscan/vulscan.py:266: DeprecationWarning: insert is deprecated. Use insert_one or insert_many inst
ead.
na_plugin.insert(plugin_info)
18701824
update success 20190527
_
| | ___ _ _ __ _ __ ___ _ __ __ _
| |/ / | | | '_ \| '_ \ / _ \ '_ \ / _' |
| <| |_| | | | | |_) | __/ | | | (_| |
|_|\_\\__,_|_| |_| .__/ \___|_| |_|\__, |
|_| |___/
b'20190527'
fatal error: runtime: unexpected waitm - semaphore out of sync
goroutine 35 [syscall]:
runtime.notetsleepg(0x6c071a80, 0x4a817c800, 0x0)
C:/Go/src/runtime/lock_sema.go:280 +0x52 fp=0x1c0002eff58 sp=0x1c0002eff18 pc=0x6b04c162
runtime.timerproc(0x6c071a60)
C:/Go/src/runtime/time.go:288 +0x31c fp=0x1c0002effd8 sp=0x1c0002eff58 pc=0x6b08aaec
runtime.goexit()
C:/Go/src/runtime/asm_amd64.s:1333 +0x1 fp=0x1c0002effe0 sp=0x1c0002effd8 pc=0x6b098f61
created by runtime.(*timersBucket).addtimerLocked
C:/Go/src/runtime/time.go:170 +0x11b
goroutine 13 [runnable]:
time.Sleep(0x4a817c800)
C:/Go/src/runtime/time.go:105 +0x164
github.com/opensec-cn/kunpeng/plugin/json.loadExtraJSONPlugin()
D:/gocode/src/github.com/opensec-cn/kunpeng/plugin/json/init.go:129 +0x39
created by github.com/opensec-cn/kunpeng/plugin/json.init.0
D:/gocode/src/github.com/opensec-cn/kunpeng/plugin/json/init.go:21 +0x5a
批量替换vulscan/vulscan.py
a_plugin.insert(plugin_info)替换为:
a_plugin.insert_one(plugin_info)
b'20190527'
vulscan/vulscan.py:270: DeprecationWarning: count is deprecated. Use Collection.count_documents inst
ead.
if na_plugin.find().count() >= 1:
vulscan/vulscan.py:177: DeprecationWarning: find_and_modify is deprecated, use find_one_and_delete,
find_one_and_replace, or find_one_and_update instead
"$set": {"status": 1}}, sort={'time': 1})
check version
vulscan/vulscan.py:177: DeprecationWarning: Passing mapping types for `sort` is deprecated, use a li
st of (key, direction) pairs instead
"$set": {"status": 1}}, sort={'time': 1})
vulscan/vulscan.py:214: DeprecationWarning: count is deprecated. Use Collection.count_documents inst
ead.
queue_count = na_task.find({"status": 0, "plan": 0}).count()
vulscan/vulscan.py:225: DeprecationWarning: update is deprecated. Use replace_one, update_one or upd
ate_many instead.
"$set": {"value": load, "up_time": datetime.datetime.now()}})
new version 20190527
kunpeng update 20190527
url https://github.com/opensec-cn/kunpeng/releases/download/20190527/kunpeng_windows_v20190527.zip
task_req = na_task.find_and_modify({query={"status": 0, "plan": 0}, update={
"$set": {"status": 1}}, sort={'time': 1}})
替换成:
task_req = na_task.find_one_and_update({"status": 0, "plan": 0}, {
"$set": {"status": 1}}, {'time': 1})
if na_plugin.find().count()>= 1:
替换成:
if na_plugin.count_documents({}) >= 1:
queue_count = na_task.find({"status": 0, "plan": 0}).count()
替换成:
queue_count = na_task.count_documents({"status": 0, "plan": 0})
na_heart.update({"name": "load"}, {
"$set": {"value": load, "up_time": datetime.datetime.now()}})
替换成:
na_heart.update_one({"name": "load"}, {
"$set": {"value": load, "up_time": datetime.datetime.now()}})
插件名:Struts2 052远程代码执行
描述:当启用 Struts REST的XStream handler去反序列化处理XML请求,可能造成远程代码执行漏洞,进而直接导致服务器被入侵控制。
作者:wolf@YSRC
Request URL:http://127.0.0.1/installplugin?unicode=2017-9-6-1
Request Method:GET
fail
Search "installplugin" (5 hits in 3 files)
G:\tools\xunfeng\views\static\buss\js\common.js (1 hit)
Line 120: $.get('/installplugin', {unicode: unicode}, function (e) {
G:\tools\xunfeng\views\view.py (2 hits)
Line 538: @app.route('/installplugin')
Line 540: def installplugin():
print('https://sec.ly.com/xunfeng/getplugin?name=' + item['location'], file_path + file_name)
结果输出:
https://sec.ly.com/xunfeng/getplugin?name=s2_052.py
G:\tools\xunfeng\views/../vulscan/vuldb/s2_052.py
查看了一下,该文件存在,修改输出错误:
except Exception as e:
print(e)
pass
结果提示:invalid syntax (s2_052.py, line 56)
发现是:except Exception, e:
看来太多插件都是python2.*下开发的,还是要安装python2.*才行
修改:xunfeng\views\view.py,用以将漏洞检测脚本兼容python3.7:
if os.path.exists(file_path + file_name):
try:
if file_name.split('.')[-1] == 'py':
json_text = open(file_path + file_name, 'r', encoding='UTF-8').read()
json_text = json_text.replace("except Exception, e:","except Exception as e:")
json_text = json_text.replace("except Exception,e:","except Exception as e:")
json_text = json_text.replace("except urllib2.HTTPError, e:","except urllib2.HTTPError as e:")
json_text = json_text.replace("except urllib2.HTTPError,e:","except urllib2.HTTPError as e:")
json_text = json_text.replace("except urllib2.URLError, e:","except urllib2.URLError as e:")
json_text = json_text.replace("except urllib2.URLError,e:","except urllib2.URLError as e:")
if json_text.find('import urllib.request as urllib2')==-1:
json_text = json_text.replace("urllib2","urllib.request")
json_text = json_text.replace("import Queue","import queue")
json_text = json_text.replace("import StringIO","import io")
json_text = json_text.replace(" StringIO."," io.")
json_text = json_text.replace("\t"," ")
json_text = json_text.replace("import urlparse","from urllib.parse import urlparse")
json_text = json_text.replace("import HTMLParser","from html.parser import HTMLParser")
pat = ' print(.*)\n'
ret_1=re.search(pat, json_text)
if ret_1 != None:
print(ret_1.group())
print(ret_1.group(1))
json_text = json_text.replace(" print"+ret_1.group(1)," print("+ret_1.group(1)+")")
#json_text = re.sub(pat, double, json_text)
#print(json_text)
# 'str' object has no attribute 'decode'
#import codecs
#codecs.decode('ab', 'hex')
pat = " return (.*)\.decode\('hex'\)"
ret_2=re.search(pat, json_text)
if ret_2 != None:
print(ret_2.group(1))
json_text = json_text.replace(json_text,"import codecs\n"+json_text)
json_text = json_text.replace(" return "+ret_2.group(1)+".decode('hex')"," return str(codecs.decode("+ret_2.group(1)+",'hex'))")
with open(file_path + file_name,'w+',encoding='utf-8') as f:
f.write(json_text)
f.seek(0)
module = __import__(file_name.split('.')[0]) #这个位置导致插件安装失败,python2.*兼容问题
print("兼容")
mark_json = module.get_plugin_info()
json_string['filename'] = file_name.split('.')[0]
else:
json_text = open(file_path + file_name, 'r', encoding='UTF-8').read()
mark_json = json.loads(json_text)
json_string['filename'] = file_name
mark_json.pop('plugin')
json_string.update(mark_json)
Mongo.coll['Plugin'].insert(json_string)
Mongo.coll['Update'].update_one({'unicode': unicode}, {'$set': {'isInstall': 1}})
rsp = 'success'
except Exception as e:
print("error:",e)
pass
return rsp
替换xunfeng\vulscan\vuldb下的脚本相应代码
上一篇: SMOTE python实现
下一篇: Python3 类
47744
46234
37109
34626
29228
25885
24744
19862
19415
17907
5715°
6314°
5834°
5887°
6983°
5829°
5845°
6360°
6315°
7672°