amyangxyz / assassingo Goto Github PK

View Code? Open in Web Editor NEW

551.0 551.0 98.0 133.41 MB

An extensible and concurrency pentest framework in Go, also with WebGUI. Feel free to CONTRIBUTE!

License: MIT License

Go 97.97% CSS 0.29% HTML 1.14% Shell 0.60%

assassingo's Introduction

Hi there!👋

I'm Amyang (黯灭小羊), CSE PhD at UConn

Random fun projects

zhiyin-zsh-theme: zhiyin dance in zsh
AniMate: chat with your MMD model on desktop
AetherGazer_Vue: Web-based MMD viewer
copilg-vscode-theme: Copilot+Github VSCode theme

Security

AssassinGo: An extensible and concurrency pentest framework
GhostTunnel-Go: WiFi Covert Channel
DNSSniffer: DNSQuery sniffer for blind RCE attacks

Web Development

sgo: fast and lightweight Web framework

Real-Time Networks

VeRNet: Web-based 3D network simulator
RETHi-Comm: Communication emulator for RETHi
6TiSCH-Testbed: Full-stack 6TiSCH testbed @ UConn
RTWN-Virtualization: Resource virtualization with timing guarantee

GitHub Stats

assassingo's People

Contributors

Stargazers

Watchers

Forkers

5up3rc fr34k8 xuacker webvul lengyun123456 moriarty2016 traceur jerusalemsbell alberthchang shellsec qiangbei zard777 jingkonglanxing enzo1999 oksbsb fnzer0 lucyxss zy1620454507 yb123speed puresteelzhang gowabby avldya orf53975 zanjs baofg zgwdg prodject listinvest i0t wenhaoyu zhy0313 noraj winsonink jangocheng xiaolushuo arraisgabriel vpslala k0rz3n 957204459 podvps zycdmax chennqqi zyn-sec nexpro xxbing123 lubyruffy ch4p34un0ir alex-marmot unlimitedg incisive daniel-007 dennyx triplekill forkkit 3mard dolanor-galaxy backwardn lgonline lanxingmo ikv163 bycspys raystyle 5l1v3r1 jqz41401 ta0ing sharpenhw nhokcrazy199 team-iv xuehua312741499 lychhayly rijinrij gh0st0ne securityanalysts 02bx blackstarkk limkokholefork freefv underwood12 pradeepch99 hunter0x8 findcool djsousuo xfjh marciopocebon omemishra medasz ba7jcm r4b3rt an0nym0u5101 zhangli344236745 shangrui-hash arshit0278 rocklee-1998 ajunlonglive devops2100 gg-big-org

assassingo's Issues

Can't connect to mariadb

Deployment went ok

$ docker-compose up --build -d
Pulling chromedp (chromedp/headless-shell:)...
latest: Pulling from chromedp/headless-shell
d50302ca539a: Pull complete
69d2c752f612: Pull complete
527878a8f279: Pull complete
1382262a21c8: Pull complete
Digest: sha256:8fd8cbd828b1b438d971808af93df21e9c89f5ecc74e20199649d7a5dd874927
Status: Downloaded newer image for chromedp/headless-shell:latest
Building assassin
Step 1/4 : FROM alpine
latest: Pulling from library/alpine
df20fa9351a1: Pull complete
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:latest
 ---> a24bb4013296
Step 2/4 : RUN apk --no-cache add ca-certificates
 ---> Running in 0dd0bd2e017a
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/1) Installing ca-certificates (20191127-r4)
Executing busybox-1.31.1-r16.trigger
Executing ca-certificates-20191127-r4.trigger
OK: 6 MiB in 15 packages
Removing intermediate container 0dd0bd2e017a
 ---> e9b7c4088018
Step 3/4 : ADD AssassinGo /
 ---> 5fc9fbed4823
Step 4/4 : CMD [ "./AssassinGo" ]
 ---> Running in 997d69792b5a
Removing intermediate container 997d69792b5a
 ---> ac5b8168c24b
Successfully built ac5b8168c24b
Successfully tagged assassingo_assassin:latest
Creating assassingo_mariadb_1  ... done
Creating assassingo_chromedp_1 ... done
Creating assassingo_assassin_1 ... done

but impossible to connect to the DB

$ cat backup.sql | docker exec -i assassingo_mariadb_1 /usr/bin/mysql -uroot --password=assassingo ag
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
$ cat backup.sql | docker exec -i assassingo_mariadb_1 /usr/bin/mysql -uag --password=password ag    
ERROR 1045 (28000): Access denied for user 'ag'@'localhost' (using password: YES)

It's weird because it's exactly the creds in docker-compose.yml

version: '3'

services:
  assassin:
    build: .
    ports:
      - 8000:8000
    links:
      - mariadb
      - chromedp
    volumes:
      - ./web/:/web/
      - ./dict/:/dict/
    environment:
      - DB_Db=ag
      - DB_User=ag
      - DB_Passwd=password
      - SecretKey=biubiubiu

  mariadb:
    image: mariadb
    expose:
      - "3306"
    environment:
      - MYSQL_ROOT_PASSWORD=assassingo
      - MYSQL_DATABASE=ag
      - MYSQL_USER=ag
      - MYSQL_PASSWORD=password
      
  chromedp:
    image: chromedp/headless-shell
    ports:
      - 9222:9222

Let's attach to the container and see what happens:

$ docker exec -it assassingo_mariadb_1 /bin/bash

We can connect without password with root acount but not with the password so we must ommit the -p option.

root@baf5f6902c5a:/# mysql -u root

MariaDB [(none)]> use mysql;

MariaDB [mysql]> select host,user,password from user;
+--------------+------+----------+
| Host         | User | Password |
+--------------+------+----------+
| localhost    | root |          |
| baf5f6902c5a | root |          |
| 127.0.0.1    | root |          |
| ::1          | root |          |
| localhost    |      |          |
| baf5f6902c5a |      |          |
+--------------+------+----------+

Ok so it seems the stuff in docker-compose.yml was never set.

I removed all containers and rebuilt them without attaching to see what happens. Here I filtered only mariadb logs:

mariadb_1   | 2020-07-05 14:15:23+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server  started.
mariadb_1   | 2020-07-05 14:15:23+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
mariadb_1   | 2020-07-05 14:15:23+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server  started.
mariadb_1   | 2020-07-05 14:15:24+00:00 [Note] [Entrypoint]: Initializing database files
mariadb_1   | 
mariadb_1   | 
mariadb_1   | PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
mariadb_1   | To do so, start the server, then issue the following commands:
mariadb_1   | 
mariadb_1   | '/usr/bin/mysqladmin' -u root password 'new-password'
mariadb_1   | '/usr/bin/mysqladmin' -u root -h  password 'new-password'
mariadb_1   | 
mariadb_1   | Alternatively you can run:
mariadb_1   | '/usr/bin/mysql_secure_installation'
mariadb_1   | 
mariadb_1   | which will also give you the option of removing the test
mariadb_1   | databases and anonymous user created by default.  This is
mariadb_1   | strongly recommended for production servers.
mariadb_1   | 
mariadb_1   | See the MariaDB Knowledgebase at http://mariadb.com/kb or the
mariadb_1   | MySQL manual for more instructions.
mariadb_1   | 
mariadb_1   | Please report any problems at http://mariadb.org/jira
mariadb_1   | 
mariadb_1   | The latest information about MariaDB is available at http://mariadb.org/.
mariadb_1   | You can find additional information about the MySQL part at:
mariadb_1   | http://dev.mysql.com
mariadb_1   | Consider joining MariaDB's strong and vibrant community:
mariadb_1   | https://mariadb.org/get-involved/
mariadb_1   | 
mariadb_1   | 2020-07-05 14:16:01+00:00 [Note] [Entrypoint]: Database files initialized
mariadb_1   | 2020-07-05 14:16:01+00:00 [Note] [Entrypoint]: Starting temporary server
mariadb_1   | 2020-07-05 14:16:01+00:00 [Note] [Entrypoint]: Waiting for server startup
mariadb_1   | 2020-07-05 14:16:01 0 [Note] mysqld (mysqld 10.4.10-MariaDB-1:10.4.10+maria~bionic) starting as process 124 ...
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Using Linux native AIO
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Uses event mutexes
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Number of pools: 1
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Using SSE2 crc32 instructions
mariadb_1   | 2020-07-05 14:16:01 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Completed initialization of buffer pool
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Creating shared tablespace for temporary tables
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Waiting for purge to start
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: 10.4.10 started; log sequence number 140103; transaction id 21
mariadb_1   | 2020-07-05 14:16:01 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
mariadb_1   | 2020-07-05 14:16:01 0 [Note] Plugin 'FEEDBACK' is disabled.
mariadb_1   | 2020-07-05 14:16:02 0 [Warning] 'user' entry 'root@4fbf5bb74dc0' ignored in --skip-name-resolve mode.
mariadb_1   | 2020-07-05 14:16:02 0 [Warning] 'user' entry '@4fbf5bb74dc0' ignored in --skip-name-resolve mode.
mariadb_1   | 2020-07-05 14:16:02 0 [Warning] 'proxies_priv' entry '@% root@4fbf5bb74dc0' ignored in --skip-name-resolve mode.
mariadb_1   | 2020-07-05 14:16:02 0 [Note] InnoDB: Buffer pool(s) load completed at 200705 14:16:02
mariadb_1   | 2020-07-05 14:16:02 0 [Note] Reading of all Master_info entries succeeded
mariadb_1   | 2020-07-05 14:16:02 0 [Note] Added new Master_info '' to hash table
mariadb_1   | 2020-07-05 14:16:02 0 [Note] mysqld: ready for connections.
mariadb_1   | Version: '10.4.10-MariaDB-1:10.4.10+maria~bionic'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  mariadb.org binary distribution
mariadb_1   | 2020-07-05 14:16:02+00:00 [Note] [Entrypoint]: Temporary server started.

So what I did then is to remove the volumes, because if a volume for mariadb already exists it won't override it and so not creating users.

$ docker-compose down -v

I rebuilt again the users are still not created, it's mroe an issue with mariadb behavior than with assassingo.

您好，项目前端部分的项目地址无法访问

您好，项目前端部分的项目地址无法访问 https://github.com/U1in/AssassinGo-Front-End

只能本机访问

前端ajax.js 中
const base = 'http://127.0.0.1:8000';

导致不能远程访问。
可否也把前端项目的源码也开源出来？

go.mod

The project needs a go.mod file to specify the version of the dependencies else building will require the latest version of each dependency, that will break over time.

E.g. now

in this dependency client and runner existed until 0.1.3 https://github.com/chromedp/chromedp/tree/v0.1.3, but were removed in 0.2.0 up until latest 0.9.5.

For this example, We could fix the version 0.1.3 of chromedp in go.mod.

Error running AssassinGo

There was an error pulling chrome-headless, apparently the image doesn't exist anymore, so I pulled this one

Pulling chromedp (knqz/chrome-headless:)...
ERROR: The image for the service you're trying to recreate has been removed. If you continue, volume data could be lost. Consider backing up your data before continuing.

Continue with the new image? [yN]y
Pulling chromedp (knqz/chrome-headless:)...
ERROR: pull access denied for knqz/chrome-headless, repository does not exist or may require 'docker login'

Then there was an error with assassingo_mariadb_1 container

╰$ cat backup.sql | docker exec -i assassingo_mariadb_1 /usr/bin/mysql -uag --password=password ag
Error: No such container: assassingo_mariadb_1

Project Mascot

Hi! I have fallen in love with your project mascot and would love it if I could be allowed to use it as a profile picture on a few sites

login issue

username:admin
password:admin
it comes back saying wrong password or username

[root@localhost AssassinGo]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fee88f312d96 assassingo_assassin "./AssassinGo" 47 seconds ago Up 46 seconds 0.0.0.0:8000->8000/tcp assassingo_assassin_1
f2a208eaa2bb mariadb "docker-entrypoint.s…" 47 seconds ago Up 46 seconds 3306/tcp assassingo_mariadb_1
20a28ddda3fb chromedp/headless-shell "/headless-shell/hea…" 47 seconds ago Up 46 seconds 0.0.0.0:9222->9222/tcp assassingo_chromedp_1

点击登录没有反应

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.