{"id":13842885,"url":"https://github.com/knownsec/LBot","last_synced_at":"2025-07-11T17:32:06.948Z","repository":{"id":145294917,"uuid":"297221557","full_name":"knownsec/LBot","owner":"knownsec","description":"A simple xss bot template","archived":false,"fork":false,"pushed_at":"2020-09-21T03:47:44.000Z","size":12,"stargazers_count":23,"open_issues_count":0,"forks_count":4,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-06-19T00:08:39.618Z","etag":null,"topics":["bot","ctf","xss"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/knownsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-09-21T03:45:37.000Z","updated_at":"2024-08-12T20:06:00.000Z","dependencies_parsed_at":"2024-02-03T03:54:47.762Z","dependency_job_id":"88c40273-f1f2-41a4-9dc8-754c67ae2507","html_url":"https://github.com/knownsec/LBot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/knownsec/LBot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knownsec%2FLBot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knownsec%2FLBot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knownsec%2FLBot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knownsec%2FLBot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/knownsec","download_url":"https://codeload.github.com/knownsec/LBot/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knownsec%2FLBot/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264862475,"owners_count":23674981,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot","ctf","xss"],"created_at":"2024-08-04T17:01:49.332Z","updated_at":"2025-07-11T17:32:06.678Z","avatar_url":"https://github.com/knownsec.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"# LBot\n\nLBot的基础模型是脱胎于LSpider诞生的多线程任务调度模型。\n\n主要是用于方便的写一个xss的bot程序。\n\n使用者可以简单的修改其逻辑以及配置环境，即可获得一个简单的xss的bot程序。由于原型来自于爬虫程序，所以只要前端有一定的频率限制，后端很难出现问题，比较稳定。\n\n# install\n\n## 下载Lbot\n\n```\ngit clone https://github.com/knownsec/LBot.git\n```\n\n## 修改配置文件\n\n```\ncp LBot/settings.py.bak LBot/settings.py\n```\n\n并配置其中相关的mysql配置\n\n```\nDATABASES = {\n    'default': {\n        'ENGINE': 'django.db.backends.mysql',\n        'NAME': 'disable',\n        'USER': 'root',\n        'PASSWORD': '',\n        'HOST': '127.0.0.1',\n        'PORT': '3306',\n        'OPTIONS': {\n            'init_command': 'SET default_storage_engine=INNODB;SET NAMES utf8mb4',\n            'charset': 'utf8mb4',\n        },\n        'TEST': {\n            'CHARSET': 'utf8',\n            'COLLATION': 'utf8_general_ci',\n        },\n    }\n}\n```\n## 配置环境\n\n```\npython3 -m pip install django\n```\n\n如果mysqlclient无法安装，还需要提前安装\n\n```\nsudo apt-get install libmysqlclient-dev\n```\n\n## 同步数据库配置\n\n```\npython3 manage.py makemigrations\npython3 manage.py migrate\n```\n\n## 配置chrome headless\n\n```\nsudo wget http://www.linuxidc.com/files/repo/google-chrome.list -P /etc/apt/sources.list.d/\n\nwget -q -O - https://dl.google.com/linux/linux_signing_key.pub  | sudo apt-key add -\n\nsudo apt-get update\n\nsudo apt-get install google-chrome-stable\n```\n\n看一下chrome的版本\n\n```bash\nlorexxar@instance-1:~/lorexxar/lspider/LSpider$ google-chrome --version\nGoogle Chrome 81.0.4044.138 \n```\n\n去官网下载对应版本的webdriver放在bin目录下\n\n```\nhttps://chromedriver.chromium.org/downloads\n```\n\n修改名字\n```bash\nmv bin/chromedriver bin/chromedriver_linux64\n\n```\n\n## 针对守护的xss题目魔改bot程序\n\n主流的xss bot守护方式一共有两种，一种是依靠cookie或者ip限制bot访问，另一种是通过登录账号模拟管理员的bot。\n\n```\n# Bot admin pass\nCTF_BACK_USER = 'admin'\nCTF_BACK_PASS = 'adminsecretpass'\nCTF_BACK_COOKIE = \"s3cr3t_k3y_f0r_4dmin\"\n```\n\n如果是依赖cookie的需要设置HOME_PAGE\n```\n# homepage\n\nHOME_PAGE = \"http://127.0.0.1/index.php\"\n```\n\n核心bot部分主要在`Botend\\views.py` function `LBotCore`\n\n```\n    reportt = ReportTask.objects.filter(aread=0).first()\n    \n    if not reportt:\n        continue\n    \n    # 任务锁\n    reportt.aread = 1\n    reportt.save()\n    \n    # cookie 方式\n    report_url = reportt.url\n    cookies = \"admin=\"+CTF_BACK_COOKIE\n    \n    self.req = LReq(is_chrome=True)\n    \n    # 访问目标\n    self.req.get(report_url, 'RespByChrome', 0, cookies)\n\n```\n\n\n# usage\n\n```\npython3 manage.py LBotCoreBackend\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknownsec%2FLBot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fknownsec%2FLBot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknownsec%2FLBot/lists"}