{"id":13843639,"url":"https://github.com/taomujian/linbing","last_synced_at":"2025-04-04T05:09:40.794Z","repository":{"id":37404866,"uuid":"243150459","full_name":"taomujian/linbing","owner":"taomujian","description":"本系统是对Web中间件和Web框架进行自动化渗透的一个系统,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫描.前端采用vue技术,后端采用python fastapi.","archived":false,"fork":false,"pushed_at":"2024-06-10T14:38:07.000Z","size":111254,"stargazers_count":698,"open_issues_count":6,"forks_count":155,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-03-28T04:16:35.096Z","etag":null,"topics":["aiohttp","asyncio","element-ui","fastapi","python3","vue"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/taomujian.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-26T02:32:06.000Z","updated_at":"2025-03-23T17:03:39.000Z","dependencies_parsed_at":"2024-09-19T01:18:09.896Z","dependency_job_id":null,"html_url":"https://github.com/taomujian/linbing","commit_stats":{"total_commits":32,"total_committers":1,"mean_commits":32.0,"dds":0.0,"last_synced_commit":"adb0e4204deeabfdf07722955a9c325869ac5cf1"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taomujian%2Flinbing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taomujian%2Flinbing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taomujian%2Flinbing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/taomujian%2Flinbing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/taomujian","download_url":"https://codeload.github.com/taomujian/linbing/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247123107,"owners_count":20887261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aiohttp","asyncio","element-ui","fastapi","python3","vue"],"created_at":"2024-08-04T17:02:21.496Z","updated_at":"2025-04-04T05:09:40.776Z","avatar_url":"https://github.com/taomujian.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"- [临兵漏洞扫描系统](#临兵漏洞扫描系统)\n  - [使用说明](#使用说明)\n  - [修改加密key](#修改加密key)\n    - [修改aes key](#修改aes-key)\n    - [修改rsa key](#修改rsa-key)\n  - [打包vue源代码(进入到vue\\_src目录下)](#打包vue源代码进入到vue_src目录下)\n  - [ubuntu部署](#ubuntu部署)\n  - [centos部署](#centos部署)\n  - [自编译docker文件进行部署](#自编译docker文件进行部署)\n    - [配置](#配置)\n    - [编译镜像(进入项目根目录)](#编译镜像进入项目根目录)\n    - [启动容器(进入项目根目录)](#启动容器进入项目根目录)\n  - [从dockerhub中获取镜像](#从dockerhub中获取镜像)\n  - [访问](#访问)\n  - [使用](#使用)\n  - [界面](#界面)\n  - [CHANGELOG](#changelog)\n    - [\\[v1.0\\] 2020.2.28](#v10-2020228)\n    - [\\[v1.1\\] 2020.7.28](#v11-2020728)\n    - [\\[v1.2\\] 2020.8.12](#v12-2020812)\n    - [\\[v1.3\\] 2020.9.13](#v13-2020913)\n    - [\\[v1.4\\] 2020.10.18](#v14-20201018)\n    - [\\[v1.5\\] 2020.10.30](#v15-20201030)\n    - [\\[v1.6\\] 2020.11.27](#v16-20201127)\n    - [\\[v1.7\\] 2020.12.5](#v17-2020125)\n    - [\\[v1.8\\] 2020.12.11](#v18-20201211)\n    - [\\[v1.9\\] 2020.12.18](#v19-20201218)\n    - [\\[v2.0\\] 2021.3.1](#v20-202131)\n    - [\\[v2.1\\] 2021.3.5](#v21-202135)\n    - [\\[v2.2\\] 2021.3.26](#v22-2021326)\n    - [\\[v2.3\\] 2021.5.20](#v23-2021520)\n    - [\\[v2.4\\] 2021.6.19](#v24-2021619)\n    - [\\[v2.5\\] 2021.7.10](#v25-2021710)\n    - [\\[v2.6\\] 2021.9.21](#v26-2021921)\n    - [\\[v2.7\\] 2021.10.11](#v27-20211011)\n    - [\\[v2.8\\] 2021.10.24](#v28-20211024)\n    - [\\[v2.9\\] 2021.12.26](#v29-20211226)\n    - [\\[v3.0\\] 2022.5.14](#v30-2022514)\n  - [致谢](#致谢)\n  - [免责声明](#免责声明)\n  - [License](#license)\n\n# 临兵漏洞扫描系统\n\n\u003e 本系统是对Web中间件和Web框架进行自动化渗透的一个系统,根据扫描选项去自动化收集资产,然后进行POC扫描,POC扫描时会根据指纹选择POC插件去扫描,POC插件扫描用异步方式扫描.前端采用vue技术,后端采用python fastapi.\n\n## 使用说明\n\n\u003e 扫描分为指纹探测、子域名爆破、端口扫描、目录扫描、POC扫描.如果选择所有扫描选项,子域名扫出的IP会传给端口扫描,端口扫描中识别指纹,扫描出的资产传给目录扫描和POC扫描,POC扫描会根据资产指纹去加载插件扫描,如果识别不到指纹,则加载所有插件,POC插件分为2种类型,http和port,http类型指发送http请求,port指发送socket请求,扫描出的资产如果是url格式,则加载http类型插件,否则则加载port类型插件.\n\n## 修改加密key\n\n\u003e 存储到mysql中的数据是进行aes加密后的数据,登陆请求是用的rsa请求,目前是默认的key,如果需要修改key的参考下面,修改key信息需要重新编译vue源码\n\n### 修改aes key\n\n\u003e python这块直接修改/python/conf.ini中aes部分的配置即可,采用cbc模式,需要key和iv. vue部分则需要修改vue_src/src/libs/AES.js文件中第三行和第四行,要和conf.ini中保持一致\n\n### 修改rsa key\n\n\u003e 需要生成rsa的公私钥(私钥1024位)[参考地址](https://www.jianshu.com/p/d614ba4720ec)\n\u003e 修改python/rsa.py文件中的公钥和私钥信息,vue部分则需要修改vue_src/src/libs/crypto.js文件中第77行的公钥,要和python/rsa.py文件中的公钥保持一致\n\n修改vue部分后要重新打包,然后把打包后的文件夹dist中的内容复制到vue文件夹,vue原有的文件要删除.\n\n## 打包vue源代码(进入到vue_src目录下)\n\n\u003e npm run build(有打包好的,即vue文件夹,可直接使用,自行打包需要安装node和vue,参考\u003chttps://www.runoob.com/nodejs/nodejs-install-setup.html\u003e, \u003chttps://www.runoob.com/vue2/vue-install.html\u003e)\n\n[ubuntu部署](##ubuntu部署(强烈建议))\n\n[centos部署](##centos部署)\n\n[自编译docker文件进行部署](##自编译docker文件进行部署)\n\n[从dockerhub中获取镜像](##从dockerhub中获取镜像)\n\n## ubuntu部署\n\n\u003e 参考\u003chttps://github.com/taomujian/linbing/blob/master/ubuntu部署.md\u003e)\n\n## centos部署\n\n\u003e 参考\u003chttps://github.com/taomujian/linbing/blob/master/centos部署.md\u003e)\n\n## 自编译docker文件进行部署\n\n### 配置\n\n\u003e 首先下载项目到本地(\u003chttps://github.com/taomujian/linbing.git),然后配置python/conf.ini中发送邮件所用的账号和授权码,然后修改python/conf.ini的mysql数据库账号密码,这个账号密码要和dockerfile\u003e中的设置的账号密码保持一致\n\n### 编译镜像(进入项目根目录)\n\n\u003e docker build -f ubuntu.dockerfile -t linbing .\n\n### 启动容器(进入项目根目录)\n\n\u003e docker run -it -d -p 11000:11000 -p 8800:8800 linbing\n\n## 从dockerhub中获取镜像\n\n\u003e docker pull taomujian/linbing:latest\n\n\u003e docker run -it -d -p 11000:11000 -p 8800:8800 taomujian/linbing\n\n## 访问\n\n\u003e 访问\u003chttp://yourip:11000/login\u003e即可,默认账号密码为admin/X!ru0#M\u0026%V\n\n## 使用\n\n\u003e 使用流程是先添加目标,然后对目标进行扫描即可,扫描选项有端口扫描、目录扫描、POC扫描,目前POC扫描默认加载所有POC,暂不支持自定义选择\n\n## 界面\n\n![登录.jpg](https://github.com/taomujian/linbing/raw/master/images/登录.jpg)\n\n![首页.jpg](https://github.com/taomujian/linbing/raw/master/images/首页.jpg)\n\n![目标.jpg](https://github.com/taomujian/linbing/raw/master/images/目标.jpg)\n\n![扫描.jpg](https://github.com/taomujian/linbing/raw/master/images/扫描.jpg)\n\n![POC.jpg](https://github.com/taomujian/linbing/raw/master/images/POC.jpg)\n\n## CHANGELOG\n\n### [v1.0] 2020.2.28\n\n- 初步完成扫描器功能\n\n### [v1.1] 2020.7.28\n\n- 新增F5 BIG IP插件\n\n### [v1.2] 2020.8.12\n\n- 增加docker部署\n\n### [v1.3] 2020.9.13\n\n- 增加phpstudy_back_rce插件数量\n- 添加目标时可添加多行目标\n\n### [v1.4] 2020.10.18\n\n- 增加查看端口详情(端口、协议、产品、版本)\n- 增加子域名详情(子域名,子域名ip),子域名是用的OneForAll工具\n\n### [v1.5] 2020.10.30\n\n- 修改一些插件的错误\n- 扫描设置中可设置POC检测时协程的并发数量\n- 增加asyncio多协程功能,提高POC扫描速度\n\n### [v1.6] 2020.11.27\n\n- 修改默认头像,若想替换的话直接flask/images/default.png图片就可以了\n- 优化前端修复一些小BUG\n\n### [v1.7] 2020.12.5\n\n- 增加设置代理和扫描的超时时间功能\n- 优化前端修复一些小BUG\n- 优化文件结构,同步docker时间\n\n### [v1.8] 2020.12.11\n\n- 优化前端刷新后头像丢失BUG\n\n### [v1.9] 2020.12.18\n\n- 修改发送邮件的方式,使用postfix发送邮件\n\n### [v2.0] 2021.3.1\n\n- 前端ui框架由iview换为element,重构前端代码\n- 取消账号注册,改由内置管理员账号添加\n- 增加对url目标的目录扫描功能\n- 增加查看所有漏洞和所有端口信息的功能\n- 优化数据库表格数据结构和sql语句\n\n### [v2.1] 2021.3.5\n\n- 前端界面优化\n- 多个目标扫描同时扫描时,增加任务队列管理\n\n### [v2.2] 2021.3.26\n\n- 增加CVE-2021-22986插件\n\n### [v2.3] 2021.5.20\n\n- 优化扫描逻辑\n- 增加指纹探测,探测使用的框架\n- 优化Struts2 系列漏洞的检测\n\n### [v2.4] 2021.6.19\n\n- 增加指纹判断功能\n- 对扫出来的端口进行指纹识别,指纹识别后去加载对应的插件,减少发包数量\n- 对插件进行分类,分为http类和非http类\n- 点击扫描时提供自定义扫描选项功能,分为指纹探测, 子域名扫描, 端口扫描, 目录扫描, POC扫描\n- 扫描列表中增加暂停扫描、恢复扫描、取消扫描功能\n\n### [v2.5] 2021.7.10\n\n- 后端框架由flask更换为fastapi\n\n### [v2.6] 2021.9.21\n\n- 扫描时可选择POC插件\n- 增加POC列表\n- 修复已知BUG\n\n### [v2.7] 2021.10.11\n\n- 修复扫描所有目标时的错误\n- 增加XSS LOG功能(接收数据的url参考生成token后的url)\n\n### [v2.8] 2021.10.24\n\n- 目标管理和扫描管理中状态信息更新由Ajax轮询换成websocket\n\n### [v2.9] 2021.12.26\n\n- 集成dnslog.cn的功能,提供dnslog功能\n\n### [v3.0] 2022.5.14\n\n- POC插件扫描换成异步扫描方式,加快扫描速度\n\n## 致谢\n\n\u003e 感谢vulhub项目提供的靶机环境:\n\u003e \u003chttps://github.com/vulhub/vulhub\u003e,\n\u003e \u003chttps://hub.docker.com/r/2d8ru/struts2\u003e\n\u003e\n\u003e POC也参考了很多项目:\n\u003e \u003chttps://github.com/Xyntax/POC-T\u003e、\n\u003e\n\u003e \u003chttps://github.com/ysrc/xunfeng\u003e、\n\u003e\n\u003e \u003chttps://github.com/se55i0n/DBScanner\u003e、\n\u003e\n\u003e \u003chttps://github.com/vulscanteam/vulscan\u003e\n\u003e \n\u003e 感谢师傅pan带我入门安全,也感谢呆橘同学在vue上对我的指导\n\n## 免责声明\n\n工具仅用于安全研究以及内部自查，禁止使用工具发起非法攻击，造成的后果使用者负责\n\n## License\n\n[MIT](https://github.com/taomujian/linbing/blob/master/LICENSE)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftaomujian%2Flinbing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftaomujian%2Flinbing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftaomujian%2Flinbing/lists"}