scannode

package
v1.3.0-sp1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 12, 2024 License: AGPL-3.0 Imports: 37 Imported by: 0

README

scannode

  1. 本项目自带了一个脚本执行引擎,可以支持你想要的功能的编写,可以单独调试脚本,编写完成后复制到服务器即可
  2. 分布式脚本编写数据流依赖本系统自带的 mq 框架
  3. 现有的分布式指纹识别/爬虫是依赖服务器分发与控制的

但是需要注意的是,虽然这个分布式扫描节点依赖的服务器并不开源,但是并不意味着这一小段代码是不可用的,你可以把它当成 common/mqcommon/yak 的典型实用案例。

稍作修改任何人都可以实现分布式服务器

启动与配置

  1. 节点配置很简单,不需要配置核心服务器位置,只需要配置 MQ 地址即可,通信会根据代码协议进行接受任务与执行,汇报结果
  2. 如果需要运行超多节点,请启用 --id 参数作为不同节点的区分

配置其他扫描器依赖(功能依赖)

编写分布式扫描脚本

获取参数
上报结果

上报结果分为几种内容:

上报风险

上报风险函数定义:

reportRisk(riskTitle: string, target: string, details: map[string]interface{}, subCategories: ...string) error

这个函数用于上报:风险/漏洞,本质上是上报漏洞,但是某些漏洞没有目标,只有扫描风险,所以可以用这个简化设置。

上报漏洞

reportVul(vul: *assets.Vul | *tools.PocVul) error

上报漏洞,这个漏洞对象一般是扫描器扫的结果,比如 xray 啥的,或者 pocinvoker 执行的结果,可以直接用于上报。

上报弱口令

reportWeakPassword(result: *bruteutil.BruteItemResult)

本系统自带的爆破框架爆破的结果可以直接上报!很方便。

上报指纹

reportPort reportFp reportFingerprint

支持本系统扫描指纹直接上报,非常好用了。

Documentation

Index

Constants

View Source
const GENREPORT_KEY = "JznQXuFDSepeNWHbiLGEwONiaBxhvj_SERVER_SCAN_MANAGER"

Variables

View Source
var DistYakCommand = cli.Command{
	Name: "distyak",
	Action: func(c *cli.Context) error {
		var err error
		args := c.Args()
		if len(args) > 0 {

			file := args[0]
			if file != "" {
				var absFile = file
				if !filepath.IsAbs(absFile) {
					absFile, err = filepath.Abs(absFile)
					if err != nil {
						return utils.Errorf("fetch abs file path failed: %s", err)
					}
				}
				raw, err := ioutil.ReadFile(file)
				if err != nil {
					return err
				}

				engine := yak.NewScriptEngine(100)
				engine.HookOsExit()
				engine.RegisterEngineHooks(func(engine *antlr4yak.Engine) error {
					return nil
				})
				err = engine.ExecuteMain(string(raw), absFile)
				if err != nil {
					return err
				}

				return nil
			} else {
				return utils.Errorf("empty yak file")
			}
		}

		code := c.String("code")
		engine := yak.NewScriptEngine(100)
		engine.HookOsExit()
		err = engine.Execute(code)
		if err != nil {
			return err
		}
		return nil
	},
	Flags: []cli.Flag{
		cli.StringFlag{
			Name: "code,c",
		},
	},
	SkipFlagParsing: true,
}

Functions

func GetPalmHomeDir

func GetPalmHomeDir() string

func NewVulnResult

func NewVulnResult(v *Vuln) (*spec.ScanResult, error)

Types

type IpEcho

type IpEcho struct {
	ExternalIp string `json:"external_ip"`
}

type ScanNode

type ScanNode struct {
	// contains filtered or unexported fields
}

func NewScanNode

func NewScanNode(id, serverPort string, amqpConfig *spec.AMQPConfig) (*ScanNode, error)

func NewScanNodeWithAMQPUrl

func NewScanNodeWithAMQPUrl(id, serverPort string, amqpUrl string, serverIp string) (*ScanNode, error)

func (*ScanNode) GetIpecho

func (n *ScanNode) GetIpecho(serverIp string, serverPort string)

func (*ScanNode) GetServerHelper

func (s *ScanNode) GetServerHelper() *scanrpc.SCANServerHelper

func (*ScanNode) Run

func (s *ScanNode) Run()

type ScannerAgentReporter

type ScannerAgentReporter struct {
	TaskId    string
	SubTaskId string
	RuntimeId string
	// contains filtered or unexported fields
}

func NewScannerAgentReporter

func NewScannerAgentReporter(taskId string, subTaskId string, runtimeId string, agent *ScanNode) *ScannerAgentReporter

func (*ScannerAgentReporter) Report

func (r *ScannerAgentReporter) Report(record *yakit.Report) error

func (*ScannerAgentReporter) ReportFingerprint

func (r *ScannerAgentReporter) ReportFingerprint(i interface{}) error

func (*ScannerAgentReporter) ReportRisk

func (r *ScannerAgentReporter) ReportRisk(
	title string, target string, details interface{},
	tags ...string,
) error

func (*ScannerAgentReporter) ReportTCPOpenPort

func (r *ScannerAgentReporter) ReportTCPOpenPort(host interface{}, port interface{}) error

func (*ScannerAgentReporter) ReportVul

func (r *ScannerAgentReporter) ReportVul(i interface{}) error

func (*ScannerAgentReporter) ReportWeakPassword

func (r *ScannerAgentReporter) ReportWeakPassword(result interface{}) error

type Task

type Task struct {
	TaskType          string
	TaskId            string
	Ctx               context.Context
	Cancel            context.CancelFunc
	StartTimestamp    int64
	DeadlineTimestamp int64
}

type TaskManager

type TaskManager struct {
	// contains filtered or unexported fields
}

func (*TaskManager) Add

func (t *TaskManager) Add(taskId string, task *Task)

func (*TaskManager) All

func (t *TaskManager) All() []*Task

func (*TaskManager) GetTaskById

func (t *TaskManager) GetTaskById(taskId string) (*Task, error)

func (*TaskManager) Remove

func (t *TaskManager) Remove(taskId string)

type Vuln

type Vuln struct {
	gorm.Model

	Title        string
	IPAddr       string
	IPv4Int      uint32
	Host         string // domain/ip
	Port         int
	IsPrivateNet bool

	// url
	Target     string
	TargetRaw  postgres.Jsonb
	TargetType VulnTargetType

	// xray: plugin
	Plugin string

	Detail postgres.Jsonb

	Hash string `gorm:"index"`

	FromThreatAnalysisTaskId    string
	FromThreatAnalysisRuntimeId string
	SubTaskId                   string

	Payload         string `json:"payload"`
	RiskTypeVerbose string `json:"risk_type_verbose"`
	RiskType        string `json:"risk_type"`
	Severity        string `json:"severity"`
	FromYakScript   string `json:"from_yak_script"`
	TitleVerbose    string `json:"title_verbose"`
	ReverseToken    string `json:"reverse_token"`
	Url             string `json:"url"`
}

type VulnTargetType

type VulnTargetType string
const (
	VulnTargetType_Url     VulnTargetType = "web"
	VulnTargetType_Service VulnTargetType = "service"
	VulnTargetType_Risk    VulnTargetType = "risk"
)

type WebServerConfig

type WebServerConfig struct {
	WebServerPort string `json:"web_server_port"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL