Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/knownsec/LBot
A simple xss bot template
https://github.com/knownsec/LBot
bot ctf xss
Last synced: 21 days ago
JSON representation
A simple xss bot template
- Host: GitHub
- URL: https://github.com/knownsec/LBot
- Owner: knownsec
- Created: 2020-09-21T03:45:37.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2020-09-21T03:47:44.000Z (about 4 years ago)
- Last Synced: 2024-08-05T17:33:50.635Z (4 months ago)
- Topics: bot, ctf, xss
- Language: Python
- Homepage:
- Size: 11.7 KB
- Stars: 23
- Watchers: 9
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - knownsec/LBot - A simple xss bot template (Python)
README
# LBot
LBot的基础模型是脱胎于LSpider诞生的多线程任务调度模型。
主要是用于方便的写一个xss的bot程序。
使用者可以简单的修改其逻辑以及配置环境,即可获得一个简单的xss的bot程序。由于原型来自于爬虫程序,所以只要前端有一定的频率限制,后端很难出现问题,比较稳定。
# install
## 下载Lbot
```
git clone https://github.com/knownsec/LBot.git
```## 修改配置文件
```
cp LBot/settings.py.bak LBot/settings.py
```并配置其中相关的mysql配置
```
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'disable',
'USER': 'root',
'PASSWORD': '',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET default_storage_engine=INNODB;SET NAMES utf8mb4',
'charset': 'utf8mb4',
},
'TEST': {
'CHARSET': 'utf8',
'COLLATION': 'utf8_general_ci',
},
}
}
```
## 配置环境```
python3 -m pip install django
```如果mysqlclient无法安装,还需要提前安装
```
sudo apt-get install libmysqlclient-dev
```## 同步数据库配置
```
python3 manage.py makemigrations
python3 manage.py migrate
```## 配置chrome headless
```
sudo wget http://www.linuxidc.com/files/repo/google-chrome.list -P /etc/apt/sources.list.d/wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sudo apt-get update
sudo apt-get install google-chrome-stable
```看一下chrome的版本
```bash
lorexxar@instance-1:~/lorexxar/lspider/LSpider$ google-chrome --version
Google Chrome 81.0.4044.138
```去官网下载对应版本的webdriver放在bin目录下
```
https://chromedriver.chromium.org/downloads
```修改名字
```bash
mv bin/chromedriver bin/chromedriver_linux64```
## 针对守护的xss题目魔改bot程序
主流的xss bot守护方式一共有两种,一种是依靠cookie或者ip限制bot访问,另一种是通过登录账号模拟管理员的bot。
```
# Bot admin pass
CTF_BACK_USER = 'admin'
CTF_BACK_PASS = 'adminsecretpass'
CTF_BACK_COOKIE = "s3cr3t_k3y_f0r_4dmin"
```如果是依赖cookie的需要设置HOME_PAGE
```
# homepageHOME_PAGE = "http://127.0.0.1/index.php"
```核心bot部分主要在`Botend\views.py` function `LBotCore`
```
reportt = ReportTask.objects.filter(aread=0).first()
if not reportt:
continue
# 任务锁
reportt.aread = 1
reportt.save()
# cookie 方式
report_url = reportt.url
cookies = "admin="+CTF_BACK_COOKIE
self.req = LReq(is_chrome=True)
# 访问目标
self.req.get(report_url, 'RespByChrome', 0, cookies)```
# usage
```
python3 manage.py LBotCoreBackend
```