README
¶
scannode
- 本项目自带了一个脚本执行引擎,可以支持你想要的功能的编写,可以单独调试脚本,编写完成后复制到服务器即可
- 分布式脚本编写数据流依赖本系统自带的 mq 框架
- 现有的分布式指纹识别/爬虫是依赖服务器分发与控制的
但是需要注意的是,虽然这个分布式扫描节点依赖的服务器并不开源,但是并不意味着这一小段代码是不可用的,你可以把它当成 common/mq 和 common/yak 的典型实用案例。
稍作修改任何人都可以实现分布式服务器
启动与配置
- 节点配置很简单,不需要配置核心服务器位置,只需要配置 MQ 地址即可,通信会根据代码协议进行接受任务与执行,汇报结果
- 如果需要运行超多节点,请启用 --id 参数作为不同节点的区分
配置其他扫描器依赖(功能依赖)
编写分布式扫描脚本
获取参数
上报结果
上报结果分为几种内容:
上报风险
上报风险函数定义:
reportRisk(riskTitle: string, target: string, details: map[string]interface{}, subCategories: ...string) error
这个函数用于上报:风险/漏洞,本质上是上报漏洞,但是某些漏洞没有目标,只有扫描风险,所以可以用这个简化设置。
上报漏洞
reportVul(vul: *assets.Vul | *tools.PocVul) error
上报漏洞,这个漏洞对象一般是扫描器扫的结果,比如 xray 啥的,或者 pocinvoker 执行的结果,可以直接用于上报。
上报弱口令
reportWeakPassword(result: *bruteutil.BruteItemResult)
本系统自带的爆破框架爆破的结果可以直接上报!很方便。
上报指纹
reportPort
reportFp
reportFingerprint
支持本系统扫描指纹直接上报,非常好用了。
Documentation
¶
Index ¶
- Constants
- Variables
- func GetPalmHomeDir() string
- func NewVulnResult(v *Vuln) (*spec.ScanResult, error)
- type IpEcho
- type ScanNode
- type ScannerAgentReporter
- func (r *ScannerAgentReporter) Report(record *yakit.Report) error
- func (r *ScannerAgentReporter) ReportFingerprint(i interface{}) error
- func (r *ScannerAgentReporter) ReportRisk(title string, target string, details interface{}, tags ...string) error
- func (r *ScannerAgentReporter) ReportTCPOpenPort(host interface{}, port interface{}) error
- func (r *ScannerAgentReporter) ReportVul(i interface{}) error
- func (r *ScannerAgentReporter) ReportWeakPassword(result interface{}) error
- type Task
- type TaskManager
- type Vuln
- type VulnTargetType
- type WebServerConfig
Constants ¶
View Source
const GENREPORT_KEY = "JznQXuFDSepeNWHbiLGEwONiaBxhvj_SERVER_SCAN_MANAGER"
Variables ¶
View Source
var DistYakCommand = cli.Command{ Name: "distyak", Usage: "used by distribution node for running yak file", Action: func(c *cli.Context) error { var err error args := c.Args() if len(args) > 0 { file := args[0] if file != "" { var absFile = file if !filepath.IsAbs(absFile) { absFile, err = filepath.Abs(absFile) if err != nil { return utils.Errorf("fetch abs file path failed: %s", err) } } raw, err := ioutil.ReadFile(file) if err != nil { return err } engine := yak.NewScriptEngine(100) engine.HookOsExit() engine.RegisterEngineHooks(func(engine *antlr4yak.Engine) error { return nil }) err = engine.ExecuteMain(string(raw), absFile) if err != nil { return err } return nil } else { return utils.Errorf("empty yak file") } } code := c.String("code") engine := yak.NewScriptEngine(100) engine.HookOsExit() err = engine.Execute(code) if err != nil { return err } return nil }, Flags: []cli.Flag{ cli.StringFlag{ Name: "code,c", }, }, SkipFlagParsing: true, }
Functions ¶
func GetPalmHomeDir ¶
func GetPalmHomeDir() string
func NewVulnResult ¶
func NewVulnResult(v *Vuln) (*spec.ScanResult, error)
Types ¶
type ScanNode ¶
type ScanNode struct {
// contains filtered or unexported fields
}
func NewScanNode ¶
func NewScanNode(id, serverPort string, amqpConfig *spec.AMQPConfig) (*ScanNode, error)
func NewScanNodeWithAMQPUrl ¶
func (*ScanNode) GetServerHelper ¶
func (s *ScanNode) GetServerHelper() *scanrpc.SCANServerHelper
type ScannerAgentReporter ¶
type ScannerAgentReporter struct {
TaskId string
SubTaskId string
RuntimeId string
// contains filtered or unexported fields
}
func NewScannerAgentReporter ¶
func NewScannerAgentReporter(taskId string, subTaskId string, runtimeId string, agent *ScanNode) *ScannerAgentReporter
func (*ScannerAgentReporter) Report ¶
func (r *ScannerAgentReporter) Report(record *yakit.Report) error
func (*ScannerAgentReporter) ReportFingerprint ¶
func (r *ScannerAgentReporter) ReportFingerprint(i interface{}) error
func (*ScannerAgentReporter) ReportRisk ¶
func (r *ScannerAgentReporter) ReportRisk( title string, target string, details interface{}, tags ...string, ) error
func (*ScannerAgentReporter) ReportTCPOpenPort ¶
func (r *ScannerAgentReporter) ReportTCPOpenPort(host interface{}, port interface{}) error
func (*ScannerAgentReporter) ReportVul ¶
func (r *ScannerAgentReporter) ReportVul(i interface{}) error
func (*ScannerAgentReporter) ReportWeakPassword ¶
func (r *ScannerAgentReporter) ReportWeakPassword(result interface{}) error
type TaskManager ¶
type TaskManager struct {
// contains filtered or unexported fields
}
func (*TaskManager) Add ¶
func (t *TaskManager) Add(taskId string, task *Task)
func (*TaskManager) All ¶
func (t *TaskManager) All() []*Task
func (*TaskManager) GetTaskById ¶
func (t *TaskManager) GetTaskById(taskId string) (*Task, error)
func (*TaskManager) Remove ¶
func (t *TaskManager) Remove(taskId string)
type Vuln ¶
type Vuln struct {
gorm.Model
Title string
IPAddr string
IPv4Int uint32
Host string // domain/ip
Port int
IsPrivateNet bool
// url
Target string
TargetRaw postgres.Jsonb
TargetType VulnTargetType
// xray: plugin
Plugin string
Detail postgres.Jsonb
Hash string `gorm:"index"`
FromThreatAnalysisTaskId string
FromThreatAnalysisRuntimeId string
SubTaskId string
Payload string `json:"payload"`
RiskTypeVerbose string `json:"risk_type_verbose"`
RiskType string `json:"risk_type"`
Severity string `json:"severity"`
FromYakScript string `json:"from_yak_script"`
TitleVerbose string `json:"title_verbose"`
ReverseToken string `json:"reverse_token"`
Url string `json:"url"`
}
type VulnTargetType ¶
type VulnTargetType string
const ( VulnTargetType_Url VulnTargetType = "web" VulnTargetType_Service VulnTargetType = "service" VulnTargetType_Risk VulnTargetType = "risk" )
type WebServerConfig ¶
type WebServerConfig struct {
WebServerPort string `json:"web_server_port"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.