🌱 渗透测试|业务安全|业余开发|三国系列游戏爱好者
Wechat: ZHJ1bmtfa2s=
一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示
IP资产那里可以修改下10条/页为100条或者更多条每页吗?资产太多一次10条有几百页
rt,web端登录没响应
我看安装masscan是安装在docker容器里面的,从前端页面发起扫描到获取扫描结果,这一过程的处理流程能否告知一下,谢谢
http://ip:18000/api/v1/downtasklog/1
//新建端口爆破 - 无认证 //apiv1.POST("/nweport", v1.NewPortBrute) apiv1.GET("/downtasklog/:id", v1.DownTaskLog)
前端地址错误,多了一个/
以下是报错:
root@ruleaker:~/Desktop/linglong-master# docker-compose up -d
/usr/local/lib/python2.7/dist-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
from cryptography.hazmat.backends import default_backend
Building web
Step 1/11 : FROM node:latest as build-stage
---> 34c1219e2da7
Step 2/11 : MAINTAINER drunk_kk
---> Using cache
---> c83cdc2c5bcd
Step 3/11 : RUN npm install -g cnpm --registry=https://registry.npm.taobao.org
---> Running in 3023c47a1f41
npm ERR! code EAI_AGAIN
npm ERR! syscall getaddrinfo
npm ERR! errno EAI_AGAIN
npm ERR! request to https://registry.npm.taobao.org/cnpm failed, reason: getaddrinfo EAI_AGAIN registry.npm.taobao.org
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-02-25T03_48_44_817Z-debug.log
ERROR: Service 'web' failed to build: The command '/bin/sh -c npm install -g cnpm --registry=https://registry.npm.taobao.org' returned a non-zero code: 1
以下是npm以及cnpm版本
root@ruleaker:# cnpm -v# npm -v
[email protected] (/usr/local/lib/node_modules/cnpm/lib/parse_argv.js)
[email protected] (/usr/local/lib/node_modules/cnpm/node_modules/npm/lib/npm.js)
[email protected] (/usr/bin/node)
[email protected] (/usr/local/lib/node_modules/cnpm/node_modules/npminstall/lib/index.js)
prefix=/usr/local
linux x64 5.7.0-kali1-amd64
registry=https://r.npm.taobao.org
root@ruleaker:
7.5.6
环境:
VMware虚拟机 Kali 2020.1
桥接模式
网络是高中校园网屏蔽了一些网站比如p站 但是淘宝是上的去的 应该不是代理问题, 额 语言不够严谨请见谅 高一学生 还需要多多学习 需要前辈指点帮助
点登录无任何反应,也不报错
爆破字典好像不能自己添加或者修改,后期会添加这个功能吗?
如题,具体提示为:
.......
Step 5/5 : CMD ["nginx", "-g", "daemon off;"]
---> Running in c25323fb634b
Removing intermediate container c25323fb634b
---> 7795dfe488ae
Successfully built 7795dfe488ae
Successfully tagged linglong_web:latest
WARNING: Image for service web was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Recreating 690641597a3c_linglong_mysql_1 ... error
ERROR: for 690641597a3c_linglong_mysql_1 no such image: sha256:7ce9d9ba440e8e821900ef9a4b0adc8d0a08ea70ab0014231aa526ec87dd09b8: No such image: sha256:7ce9d9ba440e8e821900ef9a4b0adc8d0a08ea70ab0014231aa526ec87dd09b8
ERROR: for mysql no such image: sha256:7ce9d9ba440e8e821900ef9a4b0adc8d0a08ea70ab0014231aa526ec87dd09b8: No such image: sha256:7ce9d9ba440e8e821900ef9a4b0adc8d0a08ea70ab0014231aa526ec87dd09b8
ERROR: The image for the service you're trying to recreate has been removed. If you continue, volume data could be lost. Consider backing up your data before continuing.
Continue with the new image? [yN]N
ERROR: no such image: sha256:7ce9d9ba440e8e821900ef9a4b0adc8d0a08ea70ab0014231aa526ec87dd09b8: No such image: sha256:7ce9d9ba440e8e821900ef9a4b0adc8d0a08ea70ab0014231aa526ec87dd09b8
poc数量预计有多少??
我找不到添加入口
是否考虑增加资产分组功能,方便更加细致管理。
关于goby的集成,可以参考这份儿文档
Goby-API,期待早日更新
经过测试,新修改密码无法通过特殊符号登陆,建议加强密码策略。
如果扫描列表比较大 进行全端口扫描 会出现一种情况 masscan隔一段时间扫描 但是没有端口信息出来
工具非常不错,好工具应该广众皆知
师傅请问一下,我docker安装的时候出现这个错误是怎么回事呢
npm ERR! gyp verb extracted file from tarball include/node/openssl/archs/VC-WIN64-ARM/no-asm/include/openssl/opensslconfnpm ERR! gyp verb command remove [ '15.5.1' ]
npm ERR! gyp verb remove using node-gyp dir: /root/.node-gyp
npm ERR! gyp verb remove removing target version: 15.5.1
npm ERR! gyp verb remove removing development files for version: 15.5.1
npm ERR! gyp verb content checksum node-v15.5.1-headers.tar.gz e1837220591e22fdc53d367adf0cd6c539af89be51dba4e50d6d2d0ab0b477ab
npm ERR! gyp ERR! configure error
npm ERR! gyp ERR! stack Error: aborted
npm ERR! gyp ERR! stack at connResetException (node:internal/errors:631:14)
npm ERR! gyp ERR! stack at TLSSocket.socketCloseListener (node:_http_client:434:19)
npm ERR! gyp ERR! stack at TLSSocket.emit (node:events:388:22)
npm ERR! gyp ERR! stack at node:net:666:12
npm ERR! gyp ERR! stack at TCP.done (node:_tls_wrap:573:7)
npm ERR! gyp ERR! System Linux 5.4.72-microsoft-standard-WSL2
npm ERR! gyp ERR! command "/usr/local/bin/node" "/app/node_modules/node-gyp/bin/node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library="
npm ERR! gyp ERR! cwd /app/node_modules/node-sass
npm ERR! gyp ERR! node -v v15.5.1
npm ERR! gyp ERR! node-gyp -v v3.8.0
npm ERR! gyp ERR! not ok
npm ERR! Build failed with error code: 1
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-03-10T16_59_43_277Z-debug.log
ERROR: Service 'web' failed to build : The command '/bin/sh -c rm -rf node_modules && npm install node-sass && cnpm run build' returned a non-zero code: 1
设置公网访问IP时,报错【sed: couldn't open temporary file ./dist/js/sedF5BJSs: Permission denied】
但是文件夹下没有这个./dist/js/sedF5BJSs文件
只能扫ip地址吗?域名,子域等能支持不
Service 'web' failed to build : Error parsing reference: "nginx:1.15.3-alpine as production-stage" is not a valid repository/tag: invalid reference format
例如,新增了一个132.97.0.0/16的网段,如附件,也更新了扫描设置,新增了任务列表,但是就是无法进行扫描,已经一两天了,还是扫描到了0个资产,请问下大佬,这种怎么解决呀~
1.docker部署可以考虑默认vps部署的配置写法,在README中把“如果要部署在本地”放在后面,因为感觉这种默认127.0.0.1的docker配置比较少见,很多人可能就直接docker-compose up -d一把梭了,也导致ISSUES里面很多人问为什么登录没反应(当然也是自己没仔细看)。
2.xray模块添加启用的开关,可以考虑默认不启用。很多人可能只想测试一下资产探测,正常TCP连接而已没什么风险,结果联动着xray直接咔咔一批POC打过去,可能就影响服务可用性甚至有喝茶的风险了。
docker安装完毕之后,用火狐浏览器点击登录没反应了。。感觉卡主了一样
大佬你好:
启动doker提示出错。百度没有结果。
linglong_mysql_1 is up-to-date
Starting linglong-server ... error
ERROR: for linglong-server Cannot start service server: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: "./linglong": permission denied": unknown
ERROR: for server Cannot start service server: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: "./linglong": permission denied": unknown
ERROR: Encountered errors while bringing up the project.
能设置一下mysql禁止外网访问吗
建议
1.增加任务只能破解数据库弱口令,可以扫描域名和网站,漏扫功能
2.端口扫描,需要进行快速全端口扫描,和资产探测
3.目录扫描功能,参考dirsearch等
4.资产自动分类进行后测试,比如后台登录直接爆破,比如数据库端口直接数据库爆破,比如web服务有框架漏洞,直接poc验证,比如web门户,爬虫被动扫描等等
假设导入上万个ip,
1.进行全端口探测和资产扫描,
2.指纹识别,搜集信息
3.资产自动分类
4.资产定向自动测试
你好,我在启动docker时发现web容器报错,但我找不到相关的代码进行修改,已经在百度查找了解决方法,但还是时没能解决,只能打扰一下询问一下解决方案。报错如下:
[root@localhost linglong-master]# docker-compose up -d web
Building web
Step 1/11 : FROM node:latest as build-stage
---> 34c1219e2da7
Step 2/11 : MAINTAINER drunk_kk
---> Using cache
---> bbb20c283f31
Step 3/11 : RUN npm install -g cnpm --registry=https://registry.npm.taobao.org
---> Using cache
---> 1102b372972c
Step 4/11 : WORKDIR /app
---> Using cache
---> 2f6b7f847d60
Step 5/11 : COPY . .
---> Using cache
---> 6f8b3db2fcb1
Step 6/11 : RUN rm -rf node_modules && npm install node-sass && cnpm run build
---> Running in 82c3765d6f32
npm notice
npm notice New patch version of npm available! 7.5.3 -> 7.5.6
npm notice Changelog: https://github.com/npm/cli/releases/tag/v7.5.6
npm notice Run npm install -g [email protected]
to update!
npm notice
npm ERR! code EAI_AGAIN
npm ERR! syscall getaddrinfo
npm ERR! errno EAI_AGAIN
npm ERR! request to https://registry.npm.taobao.org/zrender/download/zrender-4.3.1.tgz failed, reason: getaddrinfo EAI_AGAIN registry.npm.taobao.org
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-02-23T06_03_30_520Z-debug.log
ERROR: Service 'web' failed to build: The command '/bin/sh -c rm -rf node_modules && npm install node-sass && cnpm run build' returned a non-zero code: 1
如题。既然使用容器部署,能不能将前后端整合到一个容器里,使用容器一键运行。
个人有2种想法:
1、构建好镜像,放到文件夹中。缺点:文件压缩包会很大,但只需要按照好docker和docker-compose就行了,没有构建容器的错误;
2、构建好镜像,推到docker仓库中,通过docker push 下载,最后通过docker-compose文件调用。
1、建议增加一个资产删除功能
2、增加一个dirsearch 目录爆破功能
ps:后续功能待定
使用场景:
公司服务器在阿里云,每天有程序获取阿里云上全部资产ip,如果可以自动将新增ip添加至待扫描列表,会更完整的收集企业资产下的端口等信息
考虑到网络环境的复杂情况和单机性能问题,是否以后会考虑增加分布式部署。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.