Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/superhuahua/xunfengES
https://github.com/superhuahua/xunfengES
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/superhuahua/xunfengES
- Owner: superhuahua
- License: gpl-3.0
- Created: 2017-06-16T06:31:47.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-09-05T06:25:21.000Z (about 7 years ago)
- Last Synced: 2024-05-31T08:37:12.642Z (4 months ago)
- Language: Python
- Size: 1.86 MB
- Stars: 65
- Watchers: 11
- Forks: 32
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - superhuahua/xunfengES - (Python)
README
# Base xunfeng
## 安装环境依赖
* Python 2.7.5+
* Nmap
* ELK(elasticsearch、logstash、kibana)
* Redis
## 部署流程
### 下载xfes
`git clone https://github.com/superhuahua/xunfengES.git`
### 安装python的nmap插件(服务端、节点)
`sudo pip install python-nmap`
### Server (服务端)
```
pip install elasticsearch==5.4.0 //安装python的es插件
cd xunfengES/server
python esinit.py //初始化es配置
python run.py //启动服务端
sudo python monitor/index.py //启动周期验证,无资产数据时报错,可忽略报错
```
### Celery node(节点)
> Tips:服务端也需要启动celery
```
sudo pip install redis celery celery[redis] //安装redis,celery模块
cd xunfengES
celery worker -A celerynode.tasks -E -n node1 -Q master -c 5 //启动celery
python subscribe.py //启动订阅redis,接收更新插件
```
### Flower
```
sudo pip instal flower
flower --broker=redis://:Password@localhost:6379/1 --basic_auth=test:123456 --address=127.0.0.1 --port=5555 //启动flower
flower --broker=redis://localhost:6379/1 --address=127.0.0.1 --port=5555 //不带认证启动
```
### redis
```
wget http://download.redis.io/releases/redis-3.2.8.tar.gz
tar xzf redis-3.2.8.tar.gz
cd redis-3.2.8
make
```
修改`/etc/redis.conf`为
```
bind 0.0.0.0
```
启动redis:`src/redis-server /etc/redis.conf`
### Elasticsearch
下载ES:
解压之后以普通用户运行: `bin/elasticsearch`
### Logstash
input{
redis {
host => "localhost"
data_type => "list"
key => "hostScan"
db => 1
}
redis {
host => "localhost"
data_type => "list"
key => "vulTask"
db => 1
}
}
filter{}
output{
if [tags] == "hostScan" {
elasticsearch {
hosts => ["localhost"]
index => "assets"
document_id => "%{id}"
}
}
if [tags] == "vulTask" {
elasticsearch {
hosts => ["localhost"]
index => "vultask"
}
}
}
以上文件保存为`/etc/logstash.conf`
下载logstash:
启动logstash: `bin/logstash -f /etc/logstash.conf`
### Kibana
下载:
运行: `bin/kibana`
### 前端
* flower查看task状态
* kibana配置视图,面板
* 懒得重新打包前端, 可自行修改index.js中localhost:5555、localhost:5601
### 文件结构说明
celerynode
|
|-- vuldb 漏洞扫描脚本库
|
|-- api.py 提供server调用tasks
|
|-- tasks.py 芹菜任务列表
|
|-- common.py 公用函数库
|
|-- subscribe.py 接收更新插件
|
|-- Config.py 芹菜配置
server
|
|-- lib
|
|-- static 静态文件
|
|-- templates html页面
|
|-- vul 漏洞扫描引擎
|
|-- vuldb 漏洞扫描脚本库
|
|-- vulScan.py 漏洞扫描脚本引擎
|
|-- monitor 周期验证引擎
|
|-- index.py 周期nmap扫描
|
|-- verify.py 周期探测port
|
|-- Config.py 服务端配置
|
|-- Routes.py 处理web请求
|
|-- run.py 启动flask
|
|-- esinit.py 初始化es配置
## 后续功能
* 主机扫描cidr
* 插件password字典
* 服务识别