{"id":13843935,"url":"https://github.com/EnnioX/IPWarden","last_synced_at":"2025-07-11T20:30:55.879Z","repository":{"id":45206817,"uuid":"513409813","full_name":"EnnioX/IPWarden","owner":"EnnioX","description":"IPWarden（守望者）是一个IP资产风险巡查工具。持续发现系统、Web两个维度的资产和安全风险。所有扫描结果可通过API访问json数据，方便二次开发或数据整理。适合甲方安全人员用于监控管理公网/内网IP资产风险暴露面。","archived":false,"fork":false,"pushed_at":"2022-12-13T08:36:50.000Z","size":2287,"stargazers_count":129,"open_issues_count":1,"forks_count":18,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-11-21T15:39:37.625Z","etag":null,"topics":["ipwarden","pentest-tool","poc","python","scan","security-tools"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EnnioX.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-07-13T06:42:00.000Z","updated_at":"2024-09-13T07:00:47.000Z","dependencies_parsed_at":"2023-01-28T09:46:24.610Z","dependency_job_id":null,"html_url":"https://github.com/EnnioX/IPWarden","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/EnnioX/IPWarden","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnnioX%2FIPWarden","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnnioX%2FIPWarden/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnnioX%2FIPWarden/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnnioX%2FIPWarden/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EnnioX","download_url":"https://codeload.github.com/EnnioX/IPWarden/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EnnioX%2FIPWarden/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264892036,"owners_count":23679208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ipwarden","pentest-tool","poc","python","scan","security-tools"],"created_at":"2024-08-04T17:02:30.953Z","updated_at":"2025-07-11T20:30:55.142Z","avatar_url":"https://github.com/EnnioX.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# IPWarden\n\n在开始使用之前，请务必阅读并同意[免责声明](Disclaimer.md)中的条款，否则请勿下载使用本工具。\n\n下载地址:https://github.com/EnnioX/IPWarden/releases/tag/IPWarden\n\n## 简介\n\nIPWarden（守望者）是一个IP资产风险巡查工具。持续发现系统、Web两个维度的资产和安全风险。所有扫描结果可通过API访问json数据，方便二次开发或数据整理。适合甲方安全人员用于监控管理公网/内网IP资产风险暴露面。\n\n使用方式：输入监控IP范围，扫描模块按顺序自动化完成，通过API读取数据\n\n开发目的：做安全运营工作时，用不同工具获取，整理数据比较繁琐，通过此工具可将安全工作自动化。用API的方式将数据用于自动生成告警、日周月报、与其它部门对接等。（集成了nmap、masscan、TideFinger、nuclei、xray、rad等安全工具）\n\n## 功能\n\n1. 主机、端口、协议发现\n2. 风险端口管理\n3. 未授权访问服务漏洞扫描\n4. Web站点探测\n5. Web管理后台识别\n6. xray融合rad漏洞扫描\n7. nuclei漏洞扫描\n8. Web组件指纹信息收集\n9. Web CMS识别\n10. SSL证书信息扫描\n11. 首页汇总数据生成统计图\n\n## 首页截图\n\n1 .端口与协议发现\n   ![端口发现](./img/port.png)\n   ![协议发现](./img/protocol.png)\n2 .风险端口与协议发现\n   ![风险端口发现](./img/riskport.png)\n   ![风险协议发现](./img/riskprotocol.png)\n3 .开放Web服务端口统计\n   ![Web信息](./img/webport.png)\n4 .Web后台发现比例图、HTTP响应码比例图\n   ![Web信息](./img/bing.png)\n5 .Web组件指纹收集\n   ![Web指纹收集](./img/webfinger.png)\n6 .Web ssl证书扫描\n   ![SSL证书](./img/ssl.png)\n\n## API清单\n\n| 序号 | Api用途                  | 方法 | url                                | 请求参数 | 返回字段                                                                                                                                                           | 返回格式 |\n| ---- | ------------------------ | ---- | ---------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- |\n| 1    | 查询全部IP开放端口数据   | GET  | http://127.0.0.1:8088/portsdata    | 无       | ip : ip地址\u003cbr /\u003eport : 端口\u003cbr /\u003eprotocol : 端口协议\u003cbr /\u003eupdatetime : 扫描更新时间                                                                               | json     |\n| 2    | 查询指定ip开放的端口     | GET  | http://127.0.0.1:8088/ip=10.0.0.1  | ip       | port : 端口\u003cbr /\u003eprotocol : 端口协议\u003cbr /\u003eupdatetime : 扫描更新时间                                                                                                | json     |\n| 3    | 查询开放指定端口的ip     | GET  | http://127.0.0.1:8088/port=22      | port     | ip : ip地址\u003cbr /\u003eupdatetime : 扫描更新时间                                                                                                                         | json     |\n| 4    | 查询全部风险端口数据     | GET  | http://127.0.0.1:8088/riskports    | 无       | 同序号1                                                                                                                                                            | json     |\n| 5    | 查询白名单外风险端口数据 | GET  | http://127.0.0.1:8088/newriskports | 无       | 同序号1                                                                                                                                                            | json     |\n| 6    | 查询SSL证书数据          | GET  | http://127.0.0.1:8088/ssl          | 无       | ip : ip地址\u003cbr /\u003eurl : 访问地址\u003cbr /\u003ecommon_name : ssl证书名称\u003cbr /\u003estart_date : ssl证书开始日期\u003cbr /\u003eexpire_date : ssl证书结束日期\u003cbr /\u003eupdatetime : 扫描更新时间 | json     |\n| 7    | Web站点探测              | GET  | http://127.0.0.1:8088/web          | 无       | ip : ip地址\u003cbr /\u003eport : 端口\u003cbr /\u003eurl : 访问地址\u003cbr /\u003etitle : 网站标题\u003cbr /\u003ebackstage : yes代表识别为web管理后台，否则为no\u003cbr /\u003eupdatetime : 扫描更新时间          | json     |\n| 8    | Web Finger信息           | GET  | http://127.0.0.1:8088/webfinger    | 无       | url : 访问地址\u003cbr /\u003etitle : 网站标题\u003cbr /\u003ewebfinger : web指纹资产\u003cbr /\u003eupdatetime : 扫描更新时间                                                                   | json     |\n| 9    | Web管理后台站点探测      | GET  | http://127.0.0.1:8088/backstage    | 无       | 同序号7                                                                                                                                                            | json     |\n| 10   | xray+rad漏洞扫描         | GET  | http://127.0.0.1:8088/xray         | 无       | 参考xray指南                                                                                                                                                       | json     |\n| 11   | nuclei漏洞扫描           | GET  | http://127.0.0.1:8088/nuclei       | 无       | nuclei : 漏洞详情                                                                                                                                                 | json     |\n| 12   | 未授权访问服务漏洞       | GET  | http://127.0.0.1:8088/portvuln     | 无       | ip : ip地址\u003cbr /\u003eport : 端口\u003cbr /\u003evuln : 漏洞名称\u003cbr /\u003edetail : 漏洞详情\u003cbr /\u003eupdatetime : 扫描更新时间                                                            | json     |\n| 13   | Web cms信息              | GET  | http://127.0.0.1:8088/cms          | 无       | url : 访问地址\u003cbr /\u003ecms : 识别到的web cms\u003cbr /\u003etitle : 网站标题\u003cbr /\u003eupdatetime : 扫描更新时间                                                                     | json     |\n\n## API返回示例\n\n### 端口服务未授权访问漏洞（http://127.0.0.1:8088/portvuln）\n\n```\n[\n   {\n      \"ip\": \"192.168.1.161\"\n      \"port\": \"2049\"\n      \"vuln\": \"nfs unauth vuln\"\n      \"detail\": \"-\"\n      \"updatetime\": \"2022-07-13 13:13:58\"\n   }\n   {\n      \"ip\": \"192.168.1.162\"\n      \"port\": \"8010\"\n      \"vuln\": \"druid unauth vuln\"\n      \"detail\": \"http://114.132.252.198:8010/druid/index.html\"\n      \"updatetime\": \"2022-07-13 13:13:58\"\n   }\n]\n```\n\n### Web站点探测（http://127.0.0.1:8088/web）\n\n```\n[\n   {\n      \"ip\": \"192.168.1.1\"\n      \"port\": \"7070\"\n      \"url\": \"https://192.168.0.1:7070/\"\n      \"title\": \"巧克力真好吃\"\n      \"backstage\": \"no\"\n      \"updatetime\": \"2022-07-13 13:13:58\"\n   }\n   {\n      \"ip\": \"192.168.1.2\"\n      \"port\": \"80\"\n      \"url\": \"http://example.com/\"\n      \"title\": \"XXX管理后台\"\n      \"backstage\": \"yes\"  # 值为yes代表识别为管理后台\n      \"updatetime\": \"2022-07-13 13:13:58\"\n   }\n]\n```\n\n### xray扫描（http://127.0.0.1:8088/xray）\n\n![xay扫描风险](./img/xrayapi.png)\n\n### nuclei扫描（http://127.0.0.1:8088/nuclei）\n\n![xay扫描风险](./img/nuclei.png)\n\n## 部署方式\n\n### 部署前环境准备\n\n1 .Linux环境（示例为CentOS7）\n\n2 .python3\n\n3 .mysql或mariadb数据库(字符集:utf8mb4, 可连接远程数据库)\n\n### 部署过程\n\n1 .在IPWarden文件夹路径下执行如下命令安装cairo、chrome、nfs库和导入依赖,一键复制运行\n\n```\nyum install glib-devel -y\nyum install atk-devel -y\nyum install pango-devel -y\nyum install cairo-devel -y\n\nyum install nfs-utils -y\n\nwget https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm\nyum update glib2 -y\nyum localinstall google-chrome-stable_current_x86_64.rpm -y\n\npip3 install --upgrade pip -i http://pypi.douban.com/simple --trusted-host pypi.douban.com\npip3 install -r requirements.txt  -i https://pypi.douban.com/simple/ --trusted-host pypi.douban.com\npwd\n\n```\n\n2 .如果使用root账号运行本工具，需要允许root使用chrome沙箱，做如下修改（非root权限运行可跳过此步骤）\n\n```\nvim /usr/bin/google-chrome\n找到 exec -a \"$0\" \"$HERE/chrome\" \"$@\" 将其注释掉\n并添加一行 exec -a \"$0\" \"$HERE/chrome\" \"$@\" --user-data-dir --no-sandbox\n```\n\n3 .编辑配置文件config.py : 进入IPWarden目录，绝大多数参数可使用默认，以下为必选配置参数（更改配置文件内容无需重启脚本，下一扫描周期自动应用）\n\n```\n# mysql配置\nMYSQL_HOST = ''  # 要连接的数据库地址\nMYSQL_PORT = 3306  # 数据库端口\nMYSQL_USER = 'root'  # 数据库用户名\nMYSQL_PASSWORD = 'password'  # 数据库连接密码\nMYSQL_DATABASE = ''  # 库名\n\n# masscan参数\nSCAN_IP = '10.0.0.1-10.0.0.100,192.168.1.0/24,192.168.2.1'  # 选择扫描的目标IP，同masscan参数格式\n```\n\n4 .赋予IPWarden文件夹及子文件执行权限，在文件夹路径下执行如下命令后台执行runIPWarden.py开始循环监控（不要重定向日志）\n\n```\nnohup python3 runIPWarden.py \u0026\n```\n\n停止服务: 在IPWarden文件夹路径下执行如下命令停止运行\n\n```\n./kill.sh\n```\n\n服务启动后，默认循环启动所有扫描，就可以坐等通过API收集数据和看首页统计图了，服务端口为8088。一个有较多web服务的C段地址1个扫描周期为半天左右。\n\n## 写在最后\n\n保佑过年前不得新冠\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnnioX%2FIPWarden","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEnnioX%2FIPWarden","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEnnioX%2FIPWarden/lists"}