Django Web漏洞扫描器开发指南<\/h1>

技术栈选择<\/h2>

Python 3.8.0<\/strong>: 支持高级特性，编写Web漏扫灵活<\/li>
Django 3<\/strong>: 文档全面，适合新手<\/li>
MySQL<\/strong>: 经典关系型数据库，Django支持良好<\/li>
H+ 4.1框架<\/strong>: 基于Bootstrap 3.3.6的开源前端框架<\/li>

ECharts<\/strong>: 百度开源的数据可视化JS图表插件<\/li> <\/ul>
核心功能模块实现<\/h2>
漏洞检测模块<\/h3>
实现思路<\/h4>

使用AWVS 13 API进行目标资产爬取<\/li>
将获取的信息转发给xray进行漏洞检测<\/li>
利用xray的webhook功能获取漏洞信息<\/li> <\/ul>
Django Webhook接口代码<\/h4>
import<\/span> json <\/span><\/span>from<\/span> django.shortcuts import<\/span> render <\/span><\/span>from<\/span> django.views.generic.base import<\/span> View <\/span><\/span>from<\/span> django.views.decorators.csrf import<\/span> csrf_exempt <\/span><\/span> <\/span><\/span>class<\/span> WebHook<\/span>(View): <\/span><\/span> @csrf_exempt<\/span> <\/span><\/span> def<\/span> dispatch<\/span>(self, request, *<\/span>args, **<\/span>kwargs): <\/span><\/span> return<\/span> super().<\/span>dispatch(request, *<\/span>args, **<\/span>kwargs) <\/span><\/span> <\/span><\/span> def<\/span> post<\/span>(self, request): <\/span><\/span> vul_data =<\/span> json.<\/span>loads(request.<\/span>body) <\/span><\/span> if<\/span> 'detail'<\/span> in<\/span> str(request.<\/span>body): <\/span><\/span> print('漏洞插件:'<\/span>, vul_data['plugin'<\/span>]) <\/span><\/span> print('漏洞位置:'<\/span>, vul_data['target'<\/span>]['url'<\/span>]) <\/span><\/span> print('漏洞分类:'<\/span>, vul_data['vuln_class'<\/span>]) <\/span><\/span> return<\/span> render(request, 'test.html'<\/span>, {}) <\/span><\/span><\/code><\/pre>注意事项<\/h4> 使用@csrf_exempt<\/code>装饰器关闭CSRF检测<\/li> 解析xray的POST请求中的漏洞数据<\/li> <\/ul> 端口扫描模块<\/h3> 扫描策略<\/h4> 使用masscan进行网段粗略扫描<\/li> 使用nmap进行详细扫描<\/li> <\/ol> IP归属地查询<\/h4> ip_api_url =<\/span> f<\/span>'http:\/\/freeapi.ipip.net\/<\/span>{<\/span>ip_addr}<\/span>'<\/span> <\/span><\/span>r =<\/span> requests.<\/span>get(url=<\/span>ip_api_url) <\/span><\/span>addr_list =<\/span> literal_eval(r.<\/span>text) <\/span><\/span>addr =<\/span> ' '<\/span>.<\/span>join(addr_list[:3<\/span>]) <\/span><\/span><\/code><\/pre>指纹识别模块<\/h3> 技术组合<\/h4> Wappalyzer<\/strong>: 基本指纹探测<\/li> TideFinger<\/strong>: 传统指纹识别(基于TideSec\/TideFinger<\/a>)<\/li> <\/ul> 数据库模型设计<\/h4> from<\/span> django.db import<\/span> models <\/span><\/span>from<\/span> django.utils.html import<\/span> format_html <\/span><\/span> <\/span><\/span>class<\/span> Component<\/span>(models.<\/span>Model): <\/span><\/span> name =<\/span> models.<\/span>CharField(max_length=<\/span>200<\/span>, verbose_name=<\/span>'组件名称'<\/span>) <\/span><\/span> desc =<\/span> models.<\/span>CharField(max_length=<\/span>200<\/span>, verbose_name=<\/span>'组件描述'<\/span>) <\/span><\/span> icon =<\/span> models.<\/span>FileField(upload_to=<\/span>'icons\/'<\/span>, verbose_name=<\/span>'组件logo'<\/span>, max_length=<\/span>100<\/span>) <\/span><\/span> category =<\/span> models.<\/span>CharField(max_length=<\/span>100<\/span>, verbose_name=<\/span>'组件类别'<\/span>, blank=<\/span>True<\/span>) <\/span><\/span> <\/span><\/span> def<\/span> icon_data<\/span>(self): <\/span><\/span> return<\/span> format_html( <\/span><\/span> ''<\/span>, <\/span><\/span> self.<\/span>icon, <\/span><\/span> ) <\/span><\/span> icon_data.<\/span>short_description =<\/span> 'Logo'<\/span> <\/span><\/span><\/code><\/pre>Admin配置<\/h4> from<\/span> django.contrib import<\/span> admin <\/span><\/span>from<\/span> django.forms import<\/span> TextInput <\/span><\/span> <\/span><\/span>@admin<\/span>.<\/span>register(Component) <\/span><\/span>class<\/span> ComponentAdmin<\/span>(admin.<\/span>ModelAdmin): <\/span><\/span> list_display =<\/span> ('name'<\/span>, 'desc'<\/span>, 'category'<\/span>, 'icon_data'<\/span>) <\/span><\/span> search_fields =<\/span> ('name'<\/span>, 'desc'<\/span>) <\/span><\/span> readonly_fields =<\/span> ('icon_data'<\/span>,) <\/span><\/span> list_per_page =<\/span> 20<\/span> <\/span><\/span> fieldsets =<\/span> ( <\/span><\/span> ('编辑组件'<\/span>, { <\/span><\/span> 'fields'<\/span>: ('name'<\/span>, 'desc'<\/span>, 'category'<\/span>, 'icon'<\/span>, 'icon_data'<\/span>) <\/span><\/span> }), <\/span><\/span> ) <\/span><\/span> formfield_overrides =<\/span> { <\/span><\/span> models.<\/span>CharField: {'widget'<\/span>: TextInput(attrs=<\/span>{'size'<\/span>: '59'<\/span>})}, <\/span><\/span> } <\/span><\/span><\/code><\/pre>域名探测模块<\/h3> 使用API接口<\/h4> 爱站: https:\/\/baidurank.aizhan.com\/baidu\/{domain}\/<\/code><\/li> 百度云观测: http:\/\/ce.baidu.com\/index\/getRelatedSites?site_address={domain}<\/code><\/li> hackertarget: https:\/\/api.hackertarget.com\/hostsearch\/?q={domain}<\/code><\/li> IP138: https:\/\/site.ip138.com\/{domain}\/domain.htm<\/code><\/li> crt.sh SSL证书反查: https:\/\/crt.sh\/?q=%.{domain}<\/code><\/li> 千寻: POST请求到https:\/\/www.dnsscan.cn\/dns.html<\/code>，数据为{"ecmsfrom": "8.8.8.8", "show": "none", "keywords": domain}<\/code><\/li> <\/ol> 功能特点<\/h4> 自动过滤访问超时的域名<\/li> 获取网页标题<\/li> 支持域名监控，统计新增域名数量<\/li> <\/ul> 目录扫描模块<\/h3> 集成Dirsearch工具<\/li> 计划实现top 1000字典计数功能，记录高命中字典<\/li> <\/ul> 小工具模块<\/h3> 包含功能<\/h4> IP提取<\/li> 文本对比<\/li> 批量获取网页标题<\/li> SSH批量爆破验证<\/li> <\/ol> SSH批量爆破验证实现<\/h4> import<\/span> os <\/span><\/span>import<\/span> pexpect <\/span><\/span>import<\/span> progressbar <\/span><\/span> <\/span><\/span>with<\/span> open('22.txt'<\/span>) as<\/span> f: <\/span><\/span> lines =<\/span> f.<\/span>readlines() <\/span><\/span> <\/span><\/span>attack_ips =<\/span> [] <\/span><\/span>p =<\/span> progressbar.<\/span>ProgressBar() <\/span><\/span>for<\/span> line in<\/span> p(lines): <\/span><\/span> ssh =<\/span> pexpect.<\/span>spawn('ssh root@<\/span>{ip}<\/span>'<\/span>.<\/span>format(ip=<\/span>line)) <\/span><\/span> try<\/span>: <\/span><\/span> flag =<\/span> ssh.<\/span>expect(['continue'<\/span>, 'password:'<\/span>], timeout=<\/span>3<\/span>) <\/span><\/span> if<\/span> str(flag).<\/span>isnumeric(): <\/span><\/span> attack_ips.<\/span>append(line) <\/span><\/span> except<\/span> pexpect.<\/span>EOF: <\/span><\/span> ssh.<\/span>close() <\/span><\/span> except<\/span> pexpect.<\/span>TIMEOUT: <\/span><\/span> ssh.<\/span>close() <\/span><\/span> <\/span><\/span>for<\/span> ip in<\/span> attack_ips: <\/span><\/span> with<\/span> open('ssh.txt'<\/span>,'a'<\/span>) as<\/span> f: <\/span><\/span> f.<\/span>write(ip) <\/span><\/span><\/code><\/pre>优化方向<\/h2> Redis缓存加速<\/strong>: 提高系统响应速度<\/li> WebSocket通信<\/strong>: 实现实时任务状态更新<\/li> 前后端分离<\/strong>: 使用React\/Vue等框架重构前端<\/li> 代码优化<\/strong>: 重构变量命名和数据库结构<\/li> 功能完善<\/strong>: 增加更多实用功能<\/li> <\/ol> 资源链接<\/h2> H+ 4.1框架<\/a><\/li> TideFinger指纹库<\/a><\/li> CMS组件描述及图标<\/a><\/li> 指纹JSON数据<\/a><\/li> <\/ol> 开发建议<\/h2> 充分利用Django Admin简化后台管理<\/li> 使用Simple UI美化Admin界面<\/li> 合理设计数据库模型，便于扩展<\/li> 优先集成成熟工具，再考虑自主开发<\/li> 注重前端用户体验，合理使用ECharts等可视化工具<\/li> <\/ol>