{"id":13843785,"url":"https://github.com/TophantTechnology/osprey","last_synced_at":"2025-07-11T20:30:36.490Z","repository":{"id":37706508,"uuid":"103908175","full_name":"TophantTechnology/osprey","owner":"TophantTechnology","description":null,"archived":false,"fork":false,"pushed_at":"2022-12-08T00:00:47.000Z","size":115,"stargazers_count":548,"open_issues_count":11,"forks_count":161,"subscribers_count":37,"default_branch":"master","last_synced_at":"2024-08-05T17:39:31.346Z","etag":null,"topics":["osprey","poc","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TophantTechnology.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-09-18T07:41:27.000Z","updated_at":"2024-07-20T17:03:04.000Z","dependencies_parsed_at":"2022-08-08T21:16:17.621Z","dependency_job_id":null,"html_url":"https://github.com/TophantTechnology/osprey","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TophantTechnology%2Fosprey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TophantTechnology%2Fosprey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TophantTechnology%2Fosprey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TophantTechnology%2Fosprey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TophantTechnology","download_url":"https://codeload.github.com/TophantTechnology/osprey/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225755137,"owners_count":17519209,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["osprey","poc","python"],"created_at":"2024-08-04T17:02:27.123Z","updated_at":"2024-11-21T15:31:32.049Z","avatar_url":"https://github.com/TophantTechnology.png","language":"Python","readme":"# Osprey  [![Python 3.5](https://img.shields.io/badge/python-3.5-yellow.svg)](https://www.python.org/)\n\nOsprey是由TCC(斗象能力中心)出品并长期维护的开源漏洞检测框架\n\n### 简介\n\nOsprey——鱼鹰，一种善于捕鱼的猛禽，取此命名漏洞盒子PoC框架，寓意快、精、准。\n\nOsprey是一个可扩展的开源漏洞检测与利用框架(Python3开发)，是TCC长期的安全能力与经验的积累形成的一个可用工具，目前被集成应用于企业级安全产品 [```网藤风险感知-CRS```](https://www.riskivy.com/product/crs) 中。 Osprey框架可供使用者在渗透测试、漏洞检测、漏洞扫描等场景中应用。框架提供了命令行接口和Web接口，可供灵活调用，也可用于构建自己的扫描器。\n\n### 安装\n\n从Git上获取最新版本的osprey代码\n\n``` bash\n$ git clone https://github.com/TophantTechnology/osprey.git\n```\n\n推荐在Linux环境下使用，并用virtualenv搭建独立的python3环境\n``` bash\n$ python3 -m venv venv\n$ source venv/bin/activate\n```\n\n#### 最小化安装\n\n最小化安装仅提供命令行和一个交互式的Console接口，可满足大多数场景下的使用。\n\n``` bash\n$ python setup.py install \n```\n\n#### 完全安装\n\n安装osprey的完整功能，包括命令行工具、 交互式Console接口、 Web API接口。\n\n\n- 安装配置RabbitMQ\n- 安装配置MongoDB\n- 配置 [```settings.py```](./settings.py)\n  1. 使用MongoDB作为数据库：use_mongo = True, use_sqlite = False\n  2. 填充RabbitMQ和MongoDB的URI：mongo_url, CELERY_BROKER\n  3. 填写你的Python3解释器路径：PROGRAM\n- 安装Python包:\n\n``` bash\n$ pip install -r web/requirements.txt\n```\n\n### 使用\n\n- 获取帮助列表：\n\n``` bash\n$ python osprey.py --help\n```\n\n- 最简单的用法，针对一个目标URL，发起一个PoC做检测：\n\n``` bash\n$ python osprey.py -t URL -v POC_ID\n```\n\n- 使用交互式Console接口：\n\n``` bash\n$ python console/osprey-console.py\n```\n\n- 使用Web API接口：\n\n``` bash\n$ gunicorn -b 127.0.0.1:5000 osprey-web:app -w 5\n$ celery -A osprey-web.celery worker --concurrency=5 -Q poc-queue -n osprey.%h -Ofair\n```\n\n### Docker使用\n\n可以使用docker-compose快速搭建完整的Osprey环境（需安装docker和docker-compose）\n\n编译docker环境\n\n``` bash\n$ cd docker\n$ docker-compose build\n```\n\n运行完整的osprey环境\n\n``` bash\n$ docker-compose up -d\n```\n\n访问`http://YOUR-IP:5000/`，可以看到osprey Web部署已完成\n\n![](docker/osprey-web.png)\n\n利用docker搭建osprey的Web接口下发任务和获取执行结果\n\n``` bash\n$ curl http://127.0.0.1:5000/api/start -d '{\"task_id\": \"TASK_ID\", \"vid\": \"vb_ID\", \"target\": \"http://x.com/\"}'\n$ curl http://127.0.0.1:5000/api/result -d '{\"task_id\": \"TASK_ID\"}'\n```\n\nosprey镜像拉取到本地之后，也可以直接通过docker run进入容器中（不启用osprey-web），然后使用命令行工具或交互式Console接口\n\n``` bash\n$ docker run -it -v pocs:/opt/osprey/pocs tophant/osprey bash\n```\n\n### 相关文档\n\n基于Osprey编写PoC，请参考 [osprey编写规范和要求说明](doc/PoC_specification.md)\n\n要使用Osprey Web接口，请参考 [osprey-web接口使用说明文档](doc/web_api_tutorial.md)\n\nOsprey-鱼鹰交流群：483373752\n\n### 参考链接\n\n- [CyberIVY](https://www.riskivy.com/)\n- [TCC-Group of CyberIVY](https://blog.riskivy.com/)\n- [Vulbox](https://www.vulbox.com/)\n- [TCC-Group of Vulbox](https://www.vulbox.com/knowledge)\n\n### 欢迎提交POC\n\n欢迎提交有用的新POC，提交的POC我们会进行维护和公布。:)\n\n\n\n \n","funding_links":[],"categories":["Python (1887)","Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTophantTechnology%2Fosprey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTophantTechnology%2Fosprey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTophantTechnology%2Fosprey/lists"}