{"id":13845385,"url":"https://github.com/orleven/Hamster","last_synced_at":"2025-07-12T02:31:08.031Z","repository":{"id":40358839,"uuid":"115269021","full_name":"orleven/Hamster","owner":"orleven","description":"Hamster是基于mitmproxy开发的异步被动扫描框架，基于http代理进行被动扫描，主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能（开发中）。","archived":false,"fork":false,"pushed_at":"2024-10-31T08:10:01.000Z","size":2423,"stargazers_count":69,"open_issues_count":0,"forks_count":13,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-10-31T09:18:47.959Z","etag":null,"topics":["passive-scanner","poc","script","webscanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/orleven.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"support.py","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-24T14:44:25.000Z","updated_at":"2024-10-31T08:10:04.000Z","dependencies_parsed_at":"2023-02-10T02:16:14.807Z","dependency_job_id":"b066b288-64a5-4809-8b3e-900979d878cd","html_url":"https://github.com/orleven/Hamster","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FHamster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FHamster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FHamster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orleven%2FHamster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/orleven","download_url":"https://codeload.github.com/orleven/Hamster/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784470,"owners_count":17523652,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["passive-scanner","poc","script","webscanner"],"created_at":"2024-08-04T17:03:22.391Z","updated_at":"2024-11-21T18:31:32.426Z","avatar_url":"https://github.com/orleven.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# 概述\n\nHamster是基于mitmproxy开发的异步被动扫描框架，基于http代理进行被动扫描，主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能（开发中）。\n\n[![Python 3.9](https://img.shields.io/badge/python-3.9-yellow.svg)](https://www.python.org/)\n[![Mysql 8.0](https://img.shields.io/badge/mysql-8.0-yellow.svg)](https://www.mysql.com/)\n[![RabbitMQ 3](https://img.shields.io/badge/rabbitmq-\u003e=3-blue.svg)](https://www.rabbitmq.com/)\n[![Redis 3](https://img.shields.io/badge/redis-\u003e=3-blue.svg)](https://redis.io/)\n\n# 模块\n\n1. 漏洞扫描：`brower/burpsuite → server → rabbitmq -\u003eagent → support → target `\n2. 渗透测试辅助：`brower/burpsuite → server → target`\n\n## server: \n1. 被动扫描代理端口\n2. 管理控制台\n3. 推送流量到agent进行扫描\n4. 手工测试时进行签名、waf绕过。\n\n## agent\n1. 漏扫\n2. 扫描的poc发送到supprt进行签名、waf绕过等\n\n## supprt\n1. 代理端口。\n2. 给agent进行签名、waf绕过等。\n3. 手工测试时进行签名、waf绕过。\n\n## manager\n1. 管理控制台\n\n# 安装\n\n## 代码部署\n\n```\n# PIP安装依赖\npython3.9 -m venv venv\nsource venv/bin/activate\npip install -r requirements.txt\n\n# 如没有conf文件夹，则需要先生成配置文件，先运行一次init.py，生成相关配置文件（默认是dev环境）\npython init.py\n\n# 通过修改 conf/online/*.conf 配置mysql,redis,rabbitmq,dnslog等, 可查看配置说明\nvim conf/online/*.conf \n\n# 再一次运行，初始化数据库。\npython init.py\n\n# 运行server\nnohup python server.py \u0026\n\n# 运行agent\nnohup python agent.py  \u0026\n\n# 运行support\nnohup python support.py \u0026\n\n# 运行manager（可选）\nnohup python manager.py  \u0026\n```\n\n## Docker部署\n\n```\n# 通过dockerfile文件部署 mysql,redis,rabbitmq \ncd docker\n\n# 通过修改 conf/online/*.conf 配置dnslog等, 可查看配置说明\nvim conf/online/*.conf \n\n# 开始部署docker\ndocker-compose up -d\n```\n\n\n# 使用\n\n## 设置代理\n\n设置浏览器HTTP代理或者设置burpsuite二级代理`upstream proxy servers`, 代理认证请配置 `conf/online/hamster_basic.conf`.\n\n![burpsuite_proxy](show/burpsuite_proxy.png)\n\n* host: localhost\n* port: 8000\n* authtype: basic\n* username: Hamster\n* password: Hamster@123 \n\n## 扫描\n\n然后浏览器访问目标网站就可以进行漏洞扫描了。\n\n## 查看扫描结果 \n\n可以随时通过访问控制台查看扫描结果（控制台有如下两种访问方式）\n\n   1. 通过server代理访问，http://admin.hamster.com/hamster/online/login\n   2. 通过manager直接访问，http://127.0.0.1:8002/hamster/online/login\n\n访问凭据：\n\n* username: admin\n* password: Hamster@123\n\n![web](show/web.png)\n\n# 配置说明\n\n因为有不少漏洞需要配合DNSLOG，因此需要配置dnslog，本项目默认使用`oast.pro, oast.live, oast.site, oast.online, oast.fun, oast.me`项目接口，同时内置[DNSLog](https://github.com/orleven/Celestion)api接口，当然也可以使用其他dnslog，不过需要编写接口，相关代码在`/lib/core/api.py`中的`get_dnslog_recode`函数。\n\n1. 通过修改 `conf/online/hamster_basic.conf` (第一次运行后生成) 配置mysql,redis,rabbitmq,dnslog，具体请看注释。 \n\n\n# 插件编写\n\n插件目录为`addon`，具体功能如下(addon本后续不再更新)：\n\n1. `addon/agent` agnet用, 主要存放扫描poc。\n2. `addon/common` server、support共用，可用于给数据包waf、sign等。\n3. `addon/server` server用，一般涉及数据包加解密时和supprt联用。\n4. `addon/support` support用，一般涉及数据包加解密时和server联用。\n\n同目录下addon按照字母顺序加载，如果脚本之间存在运行先后逻辑，请合理安排脚本文件名。\n\nPS: 参考插件模版目录`test_addon`即可。\n\n# 关于缓存日志查询\n\n为了覆盖延迟型的SSRF、Log4j2等漏洞，对于此类数据包进行了缓存，缓存日志保存天数，默认2天，数据库缓存默认1天。\n\n1. 如果dnslog告警了，请等待2分钟后，在漏洞中查看。\n2. 如果短时间内触发多个dnslog，且漏洞仅更新了1个的话，这是因为这几个dnslog的触发原因是一样的，漏洞已做了去重处理，忽略就行。\n3. 如果dnslog告警，且漏洞没有更新，表示这个漏洞是延迟触发的，且超过了数据库缓存天数，可以尝试在logs目录中查找，如果还是没找到，那就是说明延迟太久了，缓存已经没了。\n\n```\nfind log/ -name \"*\" -print0 | xargs -0 grep -i -n \"{dnslog}\" 2\u003e/dev/null\n```\n\n# mysql binlog文件过大问题\n\n编辑 `my.cnf` 并在`[mysqld]`下添加`skip-log-bin`关闭binlog，并重启mysql即可。\n\n```\nset global binlog_expire_logs_seconds=10;\nset persist binlog_expire_logs_seconds=10;\n```\n\n# xray poc 兼容\n\n`poc/xray/pocs` 简单兼容了xray poc，目前这个模块写的比较糙，不建议放入全部poc。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forleven%2FHamster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Forleven%2FHamster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forleven%2FHamster/lists"}