{"id":36726538,"url":"https://github.com/yyhuni/xingrin","last_synced_at":"2026-01-12T12:02:14.076Z","repository":{"id":326777085,"uuid":"1053189566","full_name":"yyhuni/xingrin","owner":"yyhuni","description":"src资产管理漏洞扫描平台，子域名爆破，端口扫描，站点发现，目录扫描，爬虫，漏洞扫描","archived":false,"fork":false,"pushed_at":"2026-01-06T12:39:39.000Z","size":12214,"stargazers_count":178,"open_issues_count":9,"forks_count":33,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-01-06T19:00:52.539Z","etag":null,"topics":["asm","attack-surface-management","bug-bounty","bug-bounty-hunter","bug-bounty-recon","bug-bounty-tools","easm","infosec","penetration-testing","penetration-testing-framework","penetration-testing-tools","recon","security","security-tools","security-tools-testing","subdomain-enumeration","vulnerability-scanner","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://xingrin.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yyhuni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-09T05:41:08.000Z","updated_at":"2026-01-06T16:13:42.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/yyhuni/xingrin","commit_stats":null,"previous_names":["yyhuni/my-vulun-scan","yyhuni/xingrin"],"tags_count":98,"template":false,"template_full_name":null,"purl":"pkg:github/yyhuni/xingrin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yyhuni%2Fxingrin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yyhuni%2Fxingrin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yyhuni%2Fxingrin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yyhuni%2Fxingrin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yyhuni","download_url":"https://codeload.github.com/yyhuni/xingrin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yyhuni%2Fxingrin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338973,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T10:58:46.209Z","status":"ssl_error","status_checked_at":"2026-01-12T10:58:42.742Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asm","attack-surface-management","bug-bounty","bug-bounty-hunter","bug-bounty-recon","bug-bounty-tools","easm","infosec","penetration-testing","penetration-testing-framework","penetration-testing-tools","recon","security","security-tools","security-tools-testing","subdomain-enumeration","vulnerability-scanner","vulnerability-scanners"],"created_at":"2026-01-12T12:02:13.941Z","updated_at":"2026-01-12T12:02:14.051Z","avatar_url":"https://github.com/yyhuni.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eXingRin - 星环\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003e攻击面管理平台 (ASM) | 自动化资产发现与漏洞扫描系统\u003c/b\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/yyhuni/xingrin/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/yyhuni/xingrin?style=flat-square\u0026logo=github\" alt=\"GitHub stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/yyhuni/xingrin/network/members\"\u003e\u003cimg src=\"https://img.shields.io/github/forks/yyhuni/xingrin?style=flat-square\u0026logo=github\" alt=\"GitHub forks\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/yyhuni/xingrin/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/yyhuni/xingrin?style=flat-square\u0026logo=github\" alt=\"GitHub issues\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/yyhuni/xingrin/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-PolyForm%20NC-blue?style=flat-square\" alt=\"License\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#功能特性\"\u003e功能特性\u003c/a\u003e •\n  \u003ca href=\"#全局资产搜索\"\u003e资产搜索\u003c/a\u003e •\n  \u003ca href=\"#快速开始\"\u003e快速开始\u003c/a\u003e •\n  \u003ca href=\"#文档\"\u003e文档\u003c/a\u003e •\n  \u003ca href=\"#反馈与贡献\"\u003e反馈与贡献\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003csub\u003e关键词: ASM | 攻击面管理 | 漏洞扫描 | 资产发现 | 资产搜索 | Bug Bounty | 渗透测试 | Nuclei | 子域名枚举 | EASM\u003c/sub\u003e\n\u003c/p\u003e\n\n---\n\n## 在线 Demo\n\n **[https://xingrin.vercel.app/](https://xingrin.vercel.app/)**\n\n\u003e 仅用于 UI 展示，未接入后端数据库\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003e现代化 UI\u003c/b\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/screenshots/light.png\" alt=\"Light Mode\" width=\"24%\"\u003e\n  \u003cimg src=\"docs/screenshots/bubblegum.png\" alt=\"Bubblegum\" width=\"24%\"\u003e\n  \u003cimg src=\"docs/screenshots/cosmic-night.png\" alt=\"Cosmic Night\" width=\"24%\"\u003e\n  \u003cimg src=\"docs/screenshots/quantum-rose.png\" alt=\"Quantum Rose\" width=\"24%\"\u003e\n\u003c/p\u003e\n\n## 文档\n\n- [技术文档](./docs/README.md) - 技术文档导航（持续完善中）\n- [快速开始](./docs/quick-start.md) - 一键安装和部署指南\n- [版本管理](./docs/version-management.md) - Git Tag 驱动的自动化版本管理系统\n- [Nuclei 模板架构](./docs/nuclei-template-architecture.md) - 模板仓库的存储与同步\n- [字典文件架构](./docs/wordlist-architecture.md) - 字典文件的存储与同步\n- [扫描流程架构](./docs/scan-flow-architecture.md) - 完整扫描流程与工具编排\n\n\n---\n\n## 功能特性\n\n### 扫描能力\n\n| 功能 | 状态 | 工具 | 说明 |\n|------|------|------|------|\n| 子域名扫描 | 已完成 | Subfinder, Amass, PureDNS | 被动收集 + 主动爆破，聚合 50+ 数据源 |\n| 端口扫描 | 已完成 | Naabu | 自定义端口范围 |\n| 站点发现 | 已完成 | HTTPX | HTTP 探测，自动获取标题、状态码、技术栈 |\n| 指纹识别 | 已完成 | XingFinger | 2.7W+ 指纹规则，多源指纹库 |\n| URL 收集 | 已完成 | Waymore, Katana | 历史数据 + 主动爬取 |\n| 目录扫描 | 已完成 | FFUF | 高速爆破，智能字典 |\n| 漏洞扫描 | 已完成 | Nuclei, Dalfox | 9000+ POC 模板，XSS 检测 |\n| 站点截图 | 已完成 | Playwright | WebP 高压缩存储 |\n\n### 平台能力\n\n| 功能 | 状态 | 说明 |\n|------|------|------|\n| 目标管理 | 已完成 | 多层级组织，支持域名/IP 目标 |\n| 资产快照 | 已完成 | 扫描结果对比，追踪资产变化 |\n| 黑名单过滤 | 已完成 | 全局 + Target 级，支持通配符/CIDR |\n| 定时任务 | 已完成 | Cron 表达式，自动化周期扫描 |\n| 分布式扫描 | 已完成 | 多 Worker 节点，负载感知调度 |\n| 全局搜索 | 已完成 | 表达式语法，多字段组合查询 |\n| 通知推送 | 已完成 | 企业微信、Telegram、Discord |\n| API 密钥管理 | 已完成 | 可视化配置各数据源 API Key |\n\n### 扫描流程架构\n\n完整的扫描流程包括：子域名发现、端口扫描、站点发现、指纹识别、URL 收集、目录扫描、漏洞扫描等阶段\n\n```mermaid\nflowchart LR\n    START[\"开始扫描\"]\n    \n    subgraph STAGE1[\"阶段 1: 资产发现\"]\n        direction TB\n        SUB[\"子域名发现\u003cbr/\u003esubfinder, amass, puredns\"]\n        PORT[\"端口扫描\u003cbr/\u003enaabu\"]\n        SITE[\"站点识别\u003cbr/\u003ehttpx\"]\n        FINGER[\"指纹识别\u003cbr/\u003exingfinger\"]\n        SUB --\u003e PORT --\u003e SITE --\u003e FINGER\n    end\n    \n    subgraph STAGE2[\"阶段 2: 深度分析\"]\n        direction TB\n        URL[\"URL 收集\u003cbr/\u003ewaymore, katana\"]\n        DIR[\"目录扫描\u003cbr/\u003effuf\"]\n        SCREENSHOT[\"站点截图\u003cbr/\u003eplaywright\"]\n    end\n    \n    subgraph STAGE3[\"阶段 3: 漏洞检测\"]\n        VULN[\"漏洞扫描\u003cbr/\u003enuclei, dalfox\"]\n    end\n    \n    FINISH[\"扫描完成\"]\n    \n    START --\u003e STAGE1\n    FINGER --\u003e STAGE2\n    STAGE2 --\u003e STAGE3\n    STAGE3 --\u003e FINISH\n    \n    style START fill:#34495e,stroke:#2c3e50,stroke-width:2px,color:#fff\n    style FINISH fill:#27ae60,stroke:#229954,stroke-width:2px,color:#fff\n    style STAGE1 fill:#3498db,stroke:#2980b9,stroke-width:2px,color:#fff\n    style STAGE2 fill:#9b59b6,stroke:#8e44ad,stroke-width:2px,color:#fff\n    style STAGE3 fill:#e67e22,stroke:#d35400,stroke-width:2px,color:#fff\n    style SUB fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff\n    style PORT fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff\n    style SITE fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff\n    style FINGER fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff\n    style URL fill:#bb8fce,stroke:#9b59b6,stroke-width:1px,color:#fff\n    style DIR fill:#bb8fce,stroke:#9b59b6,stroke-width:1px,color:#fff\n    style SCREENSHOT fill:#bb8fce,stroke:#9b59b6,stroke-width:1px,color:#fff\n    style VULN fill:#f0b27a,stroke:#e67e22,stroke-width:1px,color:#fff\n```\n\n详细说明请查看 [扫描流程架构文档](./docs/scan-flow-architecture.md)\n\n### 分布式架构\n- **多节点扫描** - 支持部署多个 Worker 节点，横向扩展扫描能力\n- **本地节点** - 零配置，安装即自动注册本地 Docker Worker\n- **远程节点** - SSH 一键部署远程 VPS 作为扫描节点\n- **负载感知调度** - 实时感知节点负载，自动分发任务到最优节点\n- **节点监控** - 实时心跳检测，CPU/内存/磁盘状态监控\n- **断线重连** - 节点离线自动检测，恢复后自动重新接入\n\n```mermaid\nflowchart TB\n    subgraph MASTER[\"主服务器 (Master Server)\"]\n        direction TB\n        \n        REDIS[\"Redis 负载缓存\"]\n        \n        subgraph SCHEDULER[\"任务调度器 (Task Distributor)\"]\n            direction TB\n            SUBMIT[\"接收扫描任务\"]\n            SELECT[\"负载感知选择\"]\n            DISPATCH[\"智能分发\"]\n            \n            SUBMIT --\u003e SELECT\n            SELECT --\u003e DISPATCH\n        end\n        \n        REDIS -.负载数据.-\u003e SELECT\n    end\n    \n    subgraph WORKERS[\"Worker 节点集群\"]\n        direction TB\n        \n        W1[\"Worker 1 (本地)\u003cbr/\u003eCPU: 45% | MEM: 60%\"]\n        W2[\"Worker 2 (远程)\u003cbr/\u003eCPU: 30% | MEM: 40%\"]\n        W3[\"Worker N (远程)\u003cbr/\u003eCPU: 90% | MEM: 85%\"]\n    end\n    \n    DISPATCH --\u003e|任务分发| W1\n    DISPATCH --\u003e|任务分发| W2\n    DISPATCH --\u003e|高负载跳过| W3\n    \n    W1 -.心跳上报.-\u003e REDIS\n    W2 -.心跳上报.-\u003e REDIS\n    W3 -.心跳上报.-\u003e REDIS\n```\n\n### 全局资产搜索\n- **多类型搜索** - 支持 Website 和 Endpoint 两种资产类型\n- **表达式语法** - 支持 `=`（模糊）、`==`（精确）、`!=`（不等于）操作符\n- **逻辑组合** - 支持 `\u0026\u0026` (AND) 和 `||` (OR) 逻辑组合\n- **多字段查询** - 支持 host、url、title、tech、status、body、header 字段\n- **CSV 导出** - 流式导出全部搜索结果，无数量限制\n\n#### 搜索语法示例\n\n```bash\n# 基础搜索\nhost=\"api\"                    # host 包含 \"api\"\nstatus==\"200\"                 # 状态码精确等于 200\ntech=\"nginx\"                  # 技术栈包含 nginx\n\n# 组合搜索\nhost=\"api\" \u0026\u0026 status==\"200\"   # host 包含 api 且状态码为 200\ntech=\"vue\" || tech=\"react\"    # 技术栈包含 vue 或 react\n\n# 复杂查询\nhost=\"admin\" \u0026\u0026 tech=\"php\" \u0026\u0026 status==\"200\"\nurl=\"/api/v1\" \u0026\u0026 status!=\"404\"\n```\n\n### 可视化界面\n- **数据统计** - 资产/漏洞统计仪表盘\n- **实时通知** - WebSocket 消息推送\n- **通知推送** - 实时企业微信，tg，discard消息推送服务\n\n---\n\n## 快速开始\n\n### 环境要求\n\n- **操作系统**: Ubuntu 20.04+ / Debian 11+ \n- **系统架构**: AMD64 (x86_64) / ARM64 (aarch64)\n- **硬件**: 2核 4G 内存起步，20GB+ 磁盘空间\n\n### 一键安装\n\n```bash\n# 克隆项目\ngit clone https://github.com/yyhuni/xingrin.git\ncd xingrin\n\n# 安装并启动（生产模式）\nsudo ./install.sh\n\n# 中国大陆用户推荐使用镜像加速（第三方加速服务可能会失效，不保证长期可用）\nsudo ./install.sh --mirror\n```\n\n\u003e **--mirror 参数说明**\n\u003e - 自动配置 Docker 镜像加速（国内镜像源）\n\u003e - 加速 Git 仓库克隆（Nuclei 模板等）\n\n### 访问服务\n\n- **Web 界面**: `https://ip:8083` \n- **默认账号**: admin / admin（首次登录后请修改密码）\n\n### 常用命令\n\n```bash\n# 启动服务\nsudo ./start.sh\n\n# 停止服务\nsudo ./stop.sh\n\n# 重启服务\nsudo ./restart.sh\n\n# 卸载\nsudo ./uninstall.sh\n```\n\n## 反馈与贡献\n\n- **发现 Bug，有新想法，比如UI设计，功能设计等** 欢迎点击右边链接进行提交建议 [Issue](https://github.com/yyhuni/xingrin/issues) 或者公众号私信\n\n## 联系\n- 微信公众号: **塔罗安全学苑**\n- 微信群去公众号底下的菜单，有个交流群，点击就可以看到了，链接过期可以私信我拉你\n\n\u003cimg src=\"docs/wechat-qrcode.png\" alt=\"微信公众号\" width=\"200\"\u003e\n\n### 关注公众号免费领取指纹库\n\n| 指纹库 | 数量 |\n|--------|------|\n| ehole.json | 21,977 |\n| ARL.yaml | 9,264 |\n| goby.json | 7,086 |\n| FingerprintHub.json | 3,147 |\n\n\u003e 关注公众号回复「指纹」即可获取\n\n## 赞助支持\n\n如果这个项目对你有帮助，谢谢请我能喝杯蜜雪冰城，你的star和赞助是我免费更新的动力\n\n\u003cp\u003e\n  \u003cimg src=\"docs/wx_pay.jpg\" alt=\"微信支付\" width=\"200\"\u003e\n  \u003cimg src=\"docs/zfb_pay.jpg\" alt=\"支付宝\" width=\"200\"\u003e\n\u003c/p\u003e\n\n\n\n## 免责声明\n\n**重要：请在使用前仔细阅读**\n\n1. 本工具仅供**授权的安全测试**和**安全研究**使用\n2. 使用者必须确保已获得目标系统的**合法授权**\n3. **严禁**将本工具用于未经授权的渗透测试或攻击行为\n4. 未经授权扫描他人系统属于**违法行为**，可能面临法律责任\n5. 开发者**不对任何滥用行为负责**\n\n使用本工具即表示您同意：\n- 仅在合法授权范围内使用\n- 遵守所在地区的法律法规\n- 承担因滥用产生的一切后果\n\n## Star History\n\n如果这个项目对你有帮助，请给一个 Star 支持一下！\n\n[![Star History Chart](https://api.star-history.com/svg?repos=yyhuni/xingrin\u0026type=Date)](https://star-history.com/#yyhuni/xingrin\u0026Date)\n\n## 许可证\n\n本项目采用 [GNU General Public License v3.0](LICENSE) 许可证。\n\n### 允许的用途\n\n- 个人学习和研究\n- 商业和非商业使用\n- 修改和分发\n- 专利使用\n- 私人使用\n\n### 义务和限制\n\n- **开源义务**：分发时必须提供源代码\n- **相同许可**：衍生作品必须使用相同许可证\n- **版权声明**：必须保留原始版权和许可证声明\n- **责任免除**：不提供任何担保\n- 未经授权的渗透测试\n- 任何违法行为\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyyhuni%2Fxingrin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyyhuni%2Fxingrin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyyhuni%2Fxingrin/lists"}