网-址
私聊加入交流群
• Github: https://github.com/Autumn-27/ScopeSentry
• 插件市场:https://plugin.scope-sentry.top
• 更新说明:https://www.scope-sentry.top/guide/update-history/
更-新
1. 插件系统上线,支持自定义扫描工具并对扫描结果进行修改或打标签2. 资产测绘支持截图,以及资产变更历史3. 任务支持暂停开始4. 任务中断会重新扫描不会导致丢失目标5. 资产显示可自定义显示列6. 敏感信息、漏洞增加处理状态7. 所有资产可以打标签8. 漏洞扫描支持自定义等级9. 漏洞、敏感信息增加结果状态10. 内置插件跳过cdn的端口扫描11. 页面监控增加相似度计算,diff工具12. 字典自定义13. 性能优化14. 修复若干bug15. 扫描任务更改为通过扫描模板进行扫描。
插件市场:https://plugin.scope-sentry.top/
欢迎各位师傅贡献插件~
自定义显示列
插件编写
插件模板
git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git插件模板中提供了AssetHandle模块和SubdomainScan模块的demo
https://github.com/Autumn-27/ScopeSentry-Plugin-Template/tree/main/plugin/AssetHandle
https://github.com/Autumn-27/ScopeSentry-Plugin-Template/tree/main/plugin/SubdomainScan
系统模块
插件系统将整个流程分为了13个模块
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",
插件文件
导入插件需要两个文件
info.json
{"help":"无需参数/No parameters","parameter":"","name":"SubdomainScanDemo","module": "SubdomainScan","version":"v1.0","introduction":"子域名扫描模块demo/Demo of SubdomainScan module"}
help:参数提示信息 parameter:参数 name:插件名称 module:模块(模块需要准确) version:版本 introduction:插件的简介
plugin.go
package pluginfunc GetName() string {return ""}func Install() error {return nil}func Check() error {return nil}func Uninstall() error {return nil}func Execute(input interface{}, op options.PluginOption) (interface{}, error) {return nil, nil}
插件编码要求
包名需要为plugin 需要提供5个方法,其中GetName的返回值需要和info.json一致
GetName Install Check Uninstall Execute
Execute方法
Execute方法的参数为input interface{}和 op options.PluginOption
PluginOption的定义在
https://github.com/Autumn-27/ScopeSentry-Plugin-Template/blob/main/internal/options/plugin.goinput参数为输入
op参数如下:
type PluginOption struct {Name stringModule stringParameter stringPluginId stringResultFunc func(interface{})Custom interface{}TaskId stringTaskName stringLog func(msg string, tp ...string)Ctx context.Context}
在创建插件时,填写参数信息可以使用{}来引用字典和端口
{dict.subdomain.default} 这个参数会替换为字典中subdomain类别的default名称的文件id
和
{port.top1000} 这个参数会替换为端口的top1000
参数解析参考(调用工具类的ParseArgs方法):
args, err := utils.Tools.ParseArgs(parameter, "cdncheck", "screenshot")if err != nil {} else {for key, value := range args {if value != "" {switch key {case "cdncheck":cdncheck = valuecase "screenshot":if value == "true" {screenshot = true}default:continue}}}}
比较特殊的是AssetHandle、PortScanPreparation、PortFingerprint模块,input输入为引用,直接修改input就是对结果的修改。
其余模块在获取到结果之后调用op.ResultFunc回调函数来返回结果
op.Log("test") // info类型日志
op.Log("test", "e") // error类型日志
op.Log("test", "d") // debug类型日志
op.Log("test", "w") // warning类型日志
插件可以调用的内置方法
目前由于插件系统的限制,无法调用第三方的库,所以在系统中内置了一些方法,可供调用,具体如下:
github.com/Autumn-27/ScopeSentry-Scan/pkg/loggergithub.com/Autumn-27/ScopeSentry-Scan/pkg/utilsgithub.com/Autumn-27/ScopeSentry-Scan/internal/optionsgithub.com/Autumn-27/ScopeSentry-Scan/internal/bigcachegithub.com/Autumn-27/ScopeSentry-Scan/internal/configgithub.com/Autumn-27/ScopeSentry-Scan/internal/contextmanagergithub.com/Autumn-27/ScopeSentry-Scan/internal/globalgithub.com/Autumn-27/ScopeSentry-Scan/internal/interfacesgithub.com/Autumn-27/ScopeSentry-Scan/internal/mongodbgithub.com/Autumn-27/ScopeSentry-Scan/internal/notificationgithub.com/Autumn-27/ScopeSentry-Scan/internal/poolgithub.com/Autumn-27/ScopeSentry-Scan/internal/redisgithub.com/Autumn-27/ScopeSentry-Scan/internal/resultsgithub.com/Autumn-27/ScopeSentry-Scan/internal/types
上边提到的包下边所有方法都可以调用、
utils:工具包中提供了多种方法,获取当前时间、多种执行命令方式、发送http请求、发送dns请求
bigcache:基于内存的缓存管理,可以利用缓存进行去重
contextmanager:上下文管理器,每个任务都会创建一个上下文,任务的暂停删除依赖于这个上下文管理,在编写插件时如果需要停止功能,需要利用这个上下文。
global:存储一些全局变量,包括节点名称等信息
mongodb:mongodb连接器
redis:redis连接器
notification:用于发送通知
pool:协程池管理
results:结果处理
types:结构体
各模块的输入输出
TargetHandler
该模块主要是对输入的原始目标进行处理,如: targetparser
该插件会对原始目标进行处理,详情可以看代码的注释。
该模块可以拓展的功能,比如 输入的原始数据为"百度",编写一个新的插件可以对公司名称的原始目标进行处理调用一些api或其他方式来获取该目标的一些域名和其他信息。
stringstringSubdomainScan
该模块为子域名扫描模块,可以集成任何子域名工具
stringgit clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git2SubdomainSecurity
该模块是子域名安全检测,对扫描出来的域名进行检测,结果会存入到SubdoaminTakerResult中
git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git2git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git4PortScanPreparation
该模块主要是在端口扫描前进行一些处理,处理是否需要跳过端口扫描,内置了一个简单的cdn判断,如果是cdn就跳过端口扫描。
该模块的输入是引用,会对DomainSkip直接进行修改
git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git5git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git6PortScan
该模块主要进行端口存活扫描
git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git7git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git8PortFingerprint
该模块对存活的端口进行端口的指纹识别,同样是对输入直接进行修改,其中Type属性分为"http"和"other",其余属性可以参考数据库中的信息。
git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git9git clone https://github.com/Autumn-27/ScopeSentry-Plugin-Template.git6AssetMapping
该模块是对http的资产进行处理
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",1
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",2
AssetHandle
该模块是对扫描出的资产进行处理,内置的插件是调用web的指纹识别对http资产进行指纹识别,可以拓展对非http端口进行弱口令扫描(目前无内置插件)。在该模块还可以对资产进行打标签。
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",3
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",3
URLScan
该模块是对http资产进行url发现,同时,如果Execute方法return的第一个参数为[]string url列表,则会一起发往爬虫模块
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",2
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",6
WebCrawler
该模块是爬虫模块,内置插件是rad爬虫,该模块输入是前边url扫描发现的url
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",7
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",8
URLSecurity
该模块会对url扫描和爬虫扫描的结果进行处理,如内置插件扫描敏感信息泄露以及将url作为页面监控的目标。
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",9
{"help":"无需参数/No parameters","parameter":"","name":"SubdomainScanDemo","module": "SubdomainScan","version":"v1.0","introduction":"子域名扫描模块demo/Demo of SubdomainScan module"}0
DirScan
目录扫描模块
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",2
{"help":"无需参数/No parameters","parameter":"","name":"SubdomainScanDemo","module": "SubdomainScan","version":"v1.0","introduction":"子域名扫描模块demo/Demo of SubdomainScan module"}2
VulnerabilityScan
漏洞扫描模块
"TargetHandler","SubdomainScan","SubdomainSecurity","AssetMapping","PortScanPreparation","PortScan","PortFingerprint","AssetHandle","URLScan","URLSecurity","WebCrawler","DirScan","VulnerabilityScan",3
{"help":"无需参数/No parameters","parameter":"","name":"SubdomainScanDemo","module": "SubdomainScan","version":"v1.0","introduction":"子域名扫描模块demo/Demo of SubdomainScan module"}4
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...