最近做goby集成,参考python版(非官网版)引用地址:goby sdk 非官方版本 使用文档(1) - Goby 非官方SDK 开发 - 曲速引擎(IT)byteEngine 博客 (exp-9.com)改版为java实现如下:
package com.httc.gopy;
import org.apache.commons.lang3.StringUtils;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
public class Api {
private HomePage hp;
private AssetPage ap;
private VulnManagementPage vp;
private ReportPage rp;
private ConfigPage cp;
public Api(String url, String username, String password){
hp = new HomePage(url, username, password);
ap = new AssetPage(url, username, password);
vp = new VulnManagementPage(url, username, password);
rp = new ReportPage(url, username, password);
cp = new ConfigPage(url, username, password);
}
private Api(){}
// 检测poc列表
public JSONObject get_poc_list(String query, boolean reload_pocs, String order_by, int page, int size) throws Exception {
query = getString(query, "vultype=2");
order_by = getString(order_by, "{\"vul_nums\": \"desc\", \"level\": \"desc\", \"host_nums\": \"desc\"}");
page = getInt(page, 1);
size = getInt(size, 3000);
return hp.get_poc_list(query, reload_pocs, JSON.parseObject(order_by), page, size);
}
// 启动扫描
public JSONObject start_scan(String task_name, String ips, String ports, String black_ips, String vul_type, String pocs_hosts, String options) throws Exception {
ports = getString(ports, "0-65535");
vul_type = getString(vul_type, "0");
pocs_hosts = getString(pocs_hosts, "{}");
options = getString(options, "{}");
return hp.start_scan(task_name, ips, ports, black_ips.split(","), vul_type, JSON.parseObject(pocs_hosts), JSON.parseObject(options));
}
// 重启扫描
public JSONObject resume_scan(String task_id, String options) throws Exception {
options = getString(options, "{}");
return hp.resume_scan(task_id, JSON.parseObject(options));
}
// 停止扫描
public JSONObject stop_scan(String task_id) throws Exception {
return hp.stop_scan(task_id);
}
// 查询扫描进度
public JSONObject get_scan_progress(String task_id) throws Exception {
return hp.get_scan_progress(task_id);
}
// 获取任务列表
public JSONObject get_tasks(int page, int size, String order_by, String order) throws Exception {
page = getInt(page, 1);
size = getInt(size, 10);
order_by = getString(order_by, "created_time");
order = getString(order, "desc");
return hp.get_tasks(page, size, order_by, order);
}
// 查询任务统计数据
public JSONObject get_statistics_data(String task_id) throws Exception {
return ap.get_statistics_data(task_id);
}
// 资产搜索
public JSONObject asset_search(String task_id, String query, int page, int size, String order_by) throws Exception {
query = getString(query, "");
page = getInt(page, 1);
size = getInt(size, 20);
order_by = getString(order_by, "{\"vulnerabilities\": \"desc\", \"assets\": \"desc\"}");
return ap.asset_search(task_id, query, page, size, JSON.parseObject(order_by));
}
// 获取产品类别
public JSONObject get_value_category(String task_id) throws Exception {
return ap.get_value_category(task_id);
}
// 获取支撑系统
public JSONObject get_children_category(String task_id, String parent_category) throws Exception {
return ap.get_children_category(task_id, parent_category);
}
// 获取IP详情
public JSONObject get_ip_info(String task_id, String ip) throws Exception {
return ap.get_ip_info(task_id, ip);
}
// 获取任务的Web漏洞列表
public JSONObject get_web_list(String task_id, int page, int size) throws Exception {
page = getInt(page, 1);
size = getInt(size, 20);
return ap.get_web_list(task_id, page, size);
}
// 获取漏洞信息
public JSONObject get_pocs(String task_id, String query, boolean reload_pocs, String order_by, String order, int page, int size) throws Exception {
order_by = getString(order_by, "vul_nums");
order = getString(order, "desc");
page = getInt(page, 1);
size = getInt(size, 20);
return vp.get_pocs(task_id, query, reload_pocs, order_by, order, page, size);
}
// 获取失败的POC列表
public JSONObject get_failed_pocs() throws Exception {
return vp.get_failed_pocs();
}
// 获取任务的漏洞统计数据
public JSONObject get_vuln_statistics(String task_id) throws Exception {
return vp.get_vuln_statistics(task_id);
}
// 获取任务的漏洞搜索结果
public JSONObject get_vulnerability_search(String task_id, int page, int size) throws Exception {
page = getInt(page, 1);
size = getInt(size, 20);
return vp.get_vulnerability_search(task_id, page, size);
}
// 获取POC信息
public JSONObject get_poc_info(String vul_name) throws Exception {
return vp.get_poc_info(vul_name);
}
// 获取指定任务下的IP段信息
public JSONObject get_ip_segment(String task_id, String segment_type) throws Exception {
return rp.get_ip_segment(task_id, segment_type);
}
// 获取任务的漏洞分析数据
public JSONObject get_vul_analysis(String task_id) throws Exception {
return rp.get_vul_analysis(task_id);
}
// 获取指定任务的资产标签数据
public JSONObject get_asset_tags(String task_id) throws Exception {
return rp.get_asset_tags(task_id);
}
// 配置类:获取可用的网卡列表
public JSONObject get_list_adapters() throws Exception {
return cp.get_list_adapters();
}
// 配置类:获取系统环境信息
public JSONObject get_env_info() throws Exception {
return cp.get_environment_info();
}
// 设置系统环境信息
public JSONObject set_env_info(String dns_server, String proxy_server) throws Exception {
return cp.set_environment_info(dns_server, proxy_server);
}
public String getString(String val, String def){
if (StringUtils.isBlank(val)) {
return def;
}
return val;
}
public int getInt(int val, int def){
if (val == 0) {
return def;
}
return val;
}
}
package com.httc.gopy;
import com.alibaba.fastjson.JSONObject;
public class AssetPage extends BasePage {
public AssetPage(String url, String username, String password) {
super(url, username, password);
}
/**
* 获取任务的统计数据
* @param taskId 任务ID
* @return 返回统计数据的JSON对象
* @throws Exception
*/
public JSONObject get_statistics_data(String taskId) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
return this.sendRequest("api/v1/getStatisticsData", data);
}
/**
* 根据查询条件搜索资产
* @param taskId 任务ID
* @param query 查询条件,字符串形式,默认为空字符串
* @param page 分页页码,默认为1
* @param pageSize 分页大小,默认为20
* @param orderBy 排序字段和排序方式,默认为 {'vulnerabilities': 'desc', 'assets': 'desc'}
* @return
* @throws Exception
*/
public JSONObject asset_search(String taskId, String query, int page, int pageSize, JSONObject orderBy) throws Exception {
JSONObject data = new JSONObject();
data.put("query", "taskId=\"" + taskId + "\" && (" + query + ")");
JSONObject options = new JSONObject();
options.put("order", orderBy);
JSONObject pageObj = new JSONObject();
pageObj.put("page", page);
pageObj.put("size", pageSize);
options.put("page", pageObj);
data.put("options", options);
return sendRequest("api/v1/assetSearch", data);
}
/**
* 获取任务值的分类
* @param taskId 任务ID
* @return 返回任务列表的 JSON 对象
* @throws Exception
*/
public JSONObject get_value_category(String taskId) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
return sendRequest("api/v1/getValueCategory", data);
}
/**
* 获取子类别列表
* @param taskId 任务ID
* @param parentCategory 父类别
* @return 返回JSON对象
* @throws Exception
*/
public JSONObject get_children_category(String taskId, String parentCategory) throws Exception {
JSONObject data = new JSONObject();
data.put("query", "taskId=\"" + taskId + "\" && parent_category=\"" + parentCategory + "\"");
return sendRequest("api/v1/getChildrenCategory", data);
}
/**
* 获取IP信息
* @param taskId 任务ID
* @param ip IP地址
* @return 返回JSON对象
* @throws Exception
*/
public JSONObject get_ip_info(String taskId, String ip) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
data.put("ip", ip);
return sendRequest("api/v1/getIPInfo", data);
}
/**
* 获取任务的Web漏洞列表
* @param taskId 任务ID
* @param page 页码,默认为1
* @param size 每页显示的记录数,默认为20
* @return 返回Web漏洞列表的JSON对象
* @throws Exception
*/
public JSONObject get_web_list(String taskId, int page, int size) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
JSONObject options = new JSONObject();
JSONObject pageObj = new JSONObject();
pageObj.put("page", page);
pageObj.put("size", size);
options.put("page", pageObj);
data.put("options", options);
return sendRequest("api/v1/getWebList", data);
}
}
package com.httc.gopy;
import java.util.Base64;
import java.util.Map.Entry;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
public class BasePage {
private String url;
private String username;
private String password;
private OkHttpClient client;
public BasePage(String url, String username, String password) {
this.url = url;
this.username = username;
this.password = password;
this.client = new OkHttpClient();
}
public JSONObject sendRequest(String path, JSONObject data) throws Exception {
String authorization = Base64.getEncoder().encodeToString((username + ":" + password).getBytes());
MediaType mediaType = MediaType.parse("application/json;charset=UTF-8");
String url = this.url + "/" + path;
RequestBody stringBody=RequestBody.Companion.create(data.toJSONString(), mediaType);
Request request = new Request.Builder()
.url(url)
.addHeader("Authorization", "Basic " + authorization)
.addHeader("Content-Type", "application/json;charset=UTF-8")
.post(stringBody)
.build();
Response response = client.newCall(request).execute();
String json = response.body().string();
return JSON.parseObject(json);
}
public JSONObject sendGetRequest(String path, JSONObject params) throws Exception {
String authorization = Base64.getEncoder().encodeToString((username + ":" + password).getBytes());
String url = this.url + "/" + path;
Request.Builder requestBuilder = new Request.Builder()
.url(url)
.addHeader("Authorization", "Basic " + authorization)
.addHeader("Content-Type", "application/json;charset=UTF-8");
if (params != null) {
for (Entry<String, Object> entry : params.entrySet()) {
requestBuilder.addHeader(entry.getKey(), entry.getValue().toString());
}
}
Request request = requestBuilder.build();
Response response = client.newCall(request).execute();
String json = response.body().string();
return JSON.parseObject(json);
}
}
package com.httc.gopy;
import com.alibaba.fastjson.JSONObject;
public class ConfigPage extends BasePage {
public ConfigPage(String url, String username, String password) {
super(url, username, password);
}
/**
* 获取可用的网卡列表
* @return 返回网卡列表的JSON对象
* @throws Exception
*/
public JSONObject get_list_adapters() throws Exception {
JSONObject params = null;
return sendGetRequest("api/v1/listAdapters", params);
}
/**
* 获取系统环境信息, 需要获取的字段,多个字段用逗号分隔,默认获取全部
* @return 返回系统环境信息的JSON对象
* @throws Exception
*/
public JSONObject get_environment_info() throws Exception {
String field = "chromePath,dataIntegrity,datadir,dir,midKey,proxyServer,userRuleSize,vulVersion,licenseInfo,gid,key,godserver";
String[] fields = field.split(",");
JSONObject params = new JSONObject();
for (String f : fields) {
params.put(f, true);
}
return sendGetRequest("api/v1/getEnvi", params);
}
/**
* 设置系统环境信息
* @param dnsServer DNS 服务器地址和端口,例如 "8.8.8.8:53"
* @param proxyServer 代理服务器地址和端口,例如 "http://192.168.61.41:1080"
* @return
* @throws Exception
*/
public JSONObject set_environment_info(String dnsServer, String proxyServer) throws Exception {
JSONObject data = new JSONObject();
data.put("dnsServer", dnsServer);
data.put("proxyServer", proxyServer);
return sendRequest("api/v1/setEnvi", data);
}
}
package com.httc.gopy;
import com.alibaba.fastjson.JSONObject;
public class HomePage extends BasePage {
public HomePage(String url, String username, String password) {
super(url, username, password);
}
/**
* 获取poc列表
* @param query
* @param reloadPocs
* @param orderBy
* @param page
* @param size
* @return
* @throws Exception
*/
public JSONObject get_poc_list(String query, boolean reloadPocs, JSONObject orderBy, int page, int size) throws Exception {
JSONObject options = new JSONObject();
JSONObject pageObj = new JSONObject();
pageObj.put("page", page);
pageObj.put("size", size);
options.put("reloadPocs", reloadPocs);
options.put("order", orderBy);
options.put("page", pageObj);
JSONObject data = new JSONObject();
data.put("query", query);
data.put("options", options);
return sendRequest("api/v1/getPOCList", data);
}
/**
* 开始扫描任务
* @param taskName 扫描任务名称
* @param ips 目标IP列表,多个IP以逗号分隔
* @param ports 扫描端口范围,默认为"0-65535"
* @param blackIps 黑名单IP列表,多个IP以逗号分隔,默认为空列表
* @param vulType 漏洞类型,默认为"0",可选值为"0"(全部)、"1"(高危)、"2"(中危)、"3"(低危)
* @param pocsHosts POC插件列表,为空字典则使用系统内置插件,可通过get_poc_list方法获取插件列表
* @param options 扫描选项,为字典类型,可配置的选项请参考API文档
* @return 返回扫描任务信息的JSON对象
* @throws Exception
*/
public JSONObject start_scan(String taskName, String ips, String ports, String[] blackIps, String vulType, JSONObject pocsHosts, JSONObject options) throws Exception {
JSONObject asset = new JSONObject();
asset.put("ports", ports);
asset.put("ips", ips.split(","));
asset.put("blackIps", blackIps);
JSONObject vulnerability = new JSONObject();
vulnerability.put("type", vulType);
vulnerability.put("pocs_hosts", pocsHosts);
JSONObject data = new JSONObject();
data.put("taskName", taskName);
data.put("asset", asset);
data.put("vulnerability", vulnerability);
data.put("options", options);
return sendRequest("api/v1/startScan", data);
}
/**
* 获取扫描任务进度信息
* @param taskId 扫描任务ID
* @return 返回扫描任务进度信息的JSON对象
* @throws Exception
*/
public JSONObject get_scan_progress(String taskId) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
return sendRequest("api/v1/getProgress", data);
}
/**
* 恢复扫描任务
* @param taskId 任务ID
* @param options 扫描选项,默认为{"queue": 0, "random": True, "rate": 100, "portscanmode": 0, "screenshot": False, "extracthost": False, "deepAnalysis": True}
* @return 返回操作结果的JSON对象
* @throws Exception
*/
public JSONObject resume_scan(String taskId, JSONObject options) throws Exception {
JSONObject defaultOptions = new JSONObject();
defaultOptions.put("queue", 0);
defaultOptions.put("random", true);
defaultOptions.put("rate", 100);
defaultOptions.put("portscanmode", 0);
defaultOptions.put("screenshot", false);
defaultOptions.put("extracthost", false);
defaultOptions.put("deepAnalysis", true);
JSONObject mergedOptions = mergeJsonObjects(defaultOptions, options);
JSONObject data = new JSONObject();
data.put("taskId", taskId);
data.put("options", mergedOptions);
return sendRequest("api/v1/resumeScan", data);
}
/**
* 停止任务
* @param taskId 任务ID
* @return 返回JSON对象,如下:
* {
* "success": true,
* "message": "",
* "data": {}
* }
* @throws Exception
*/
public JSONObject stop_scan(String taskId) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
return sendRequest("api/v1/stopScan", data);
}
/**
* 获取任务列表
* @param page 页码,默认为 1
* @param size 每页数量,默认为 10
* @param orderBy 排序字段,默认为 created_time
* @param order 排序方式,默认为 desc
* @return 返回任务列表的 JSON 对象
* @throws Exception
*/
public JSONObject get_tasks(int page, int size, String orderBy, String order) throws Exception {
JSONObject pageObj = new JSONObject();
pageObj.put("page", page);
pageObj.put("size", size);
JSONObject orderObj = new JSONObject();
orderObj.put(orderBy, order);
JSONObject options = new JSONObject();
options.put("page", pageObj);
options.put("order", orderObj);
JSONObject data = new JSONObject();
data.put("options", options);
return sendRequest("api/v1/getTasks", data);
}
private JSONObject mergeJsonObjects(JSONObject obj1, JSONObject obj2) {
JSONObject mergedObj = new JSONObject();
for (String key : obj1.keySet()) {
mergedObj.put(key, obj1.get(key));
}
for (String key : obj2.keySet()) {
mergedObj.put(key, obj2.get(key));
}
return mergedObj;
}
}
package com.httc.gopy;
import com.alibaba.fastjson.JSONObject;
public class ReportPage extends BasePage {
public ReportPage(String url, String username, String password) {
super(url, username, password);
}
/**
* 获取指定任务下的IP段信息
* @param taskId 任务ID
* @param segmentType IP段类型,0表示所有,1表示已扫描,2表示未扫描
* @return 返回IP段信息的JSON对象
* @throws Exception
*/
public JSONObject get_ip_segment(String taskId, String segmentType) throws Exception {
// 组装请求数据
JSONObject data = new JSONObject();
data.put("taskId", taskId);
data.put("type", segmentType);
// 发送请求并返回响应结果
return this.sendRequest("api/v1/ipSegment", data);
}
/**
* 获取任务的漏洞分析数据
* @param taskId 任务ID
* @return 返回漏洞分析数据的JSON对象
* @throws Exception
*/
public JSONObject get_vul_analysis(String taskId) throws Exception {
// 组装请求数据
JSONObject data = new JSONObject();
data.put("taskId", taskId);
// 发送请求并返回响应结果
return this.sendRequest("api/v1/getVulAnalysis", data);
}
/**
* 获取指定任务的资产标签数据
* @param taskId 任务ID
* @return 返回资产标签数据的JSON对象
* @throws Exception
*/
public JSONObject get_asset_tags(String taskId) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
return this.sendRequest("api/v1/assetTags", data);
}
}package com.httc.gopy;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import com.alibaba.fastjson.JSONObject;
public class VulnManagementPage extends BasePage {
public VulnManagementPage(String url, String username, String password) {
super(url, username, password);
}
/**
* 获取POC列表
* @param taskId 任务ID
* @param query 查询条件
* @param reloadPocs 是否重新加载POC,默认为false
* @param orderBy 排序字段,默认为"vul_nums"
* @param order 排序方式,默认为"desc"
* @param page 页码,默认为1
* @param pageSize 每页数量,默认为20
* @return 返回POC列表的JSON对象
* @throws Exception
*/
public JSONObject get_pocs(String taskId, String query, boolean reloadPocs, String orderBy, String order, int page, int pageSize) throws Exception {
JSONObject options = new JSONObject();
options.put("reloadPocs", reloadPocs);
JSONObject orderMap = new JSONObject();
orderMap.put("vul_nums", "desc");
orderMap.put("level", "desc");
orderMap.put("host_nums", "desc");
options.put("order", orderMap);
JSONObject pageMap = new JSONObject();
pageMap.put("page", 1);
pageMap.put("size", 20);
options.put("page", pageMap);
if (!StringUtils.isEmpty(orderBy) && !StringUtils.isEmpty(orderBy)) {
orderMap.put(orderBy, order);
}
if (page > 0 || pageSize > 0) {
pageMap.put("page", page);
pageMap.put("size", pageSize);
}
JSONObject data = new JSONObject();
data.put("taskId", taskId);
data.put("query", query);
data.put("options", options);
return this.sendRequest("api/v1/getPocs", data);
}
/**
* 获取失败的POC列表
* @return 返回失败的POC列表的JSON对象
* @throws Exception
*/
public JSONObject get_failed_pocs() throws Exception {
return this.sendGetRequest("api/v1/getFailedPocs", null);
}
/**
* 获取任务的漏洞统计数据
* @param taskId 任务ID
* @return 返回漏洞统计数据的JSON对象
* @throws Exception
*/
public JSONObject get_vuln_statistics(String taskId) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
return this.sendRequest("api/v1/vulnerabilityStatisticsData", data);
}
/**
* 获取任务的漏洞搜索结果
* @param taskId 任务ID
* @param page 搜索结果的页码,默认为1
* @param size 每页的搜索结果数量,默认为20
* @return 返回漏洞搜索结果的JSON对象
* @throws Exception
*/
public JSONObject get_vulnerability_search(String taskId, int page, int size) throws Exception {
JSONObject data = new JSONObject();
data.put("taskId", taskId);
data.put("type", "vulnerability");
data.put("query", "taskId=\"" + taskId + "\"");
Map<String, Object> options = new HashMap<>();
Map<String, String> orderMap = new HashMap<>();
orderMap.put("level", "desc");
orderMap.put("nums", "desc");
options.put("order", orderMap);
Map<String, Integer> pageMap = new HashMap<>();
pageMap.put("page", page);
pageMap.put("size", size);
options.put("page", pageMap);
data.put("options", options);
return this.sendRequest("api/v1/vulnerabilitySearch", data);
}
/**
* 获取POC信息
* @param vulName 漏洞名称
* @return 返回POC信息的JSON对象
* @throws Exception
*/
public JSONObject get_poc_info(String vulName) throws Exception {
JSONObject data = new JSONObject();
data.put("vulname", vulName);
return this.sendRequest("api/v1/getPOCInfo", data);
}
}
package com.httc.gopy;
public class Test {
public static void main(String[] args) {
// TODO Auto-generated method stub
String url = "http://localhost:8361";
String user = "yourusername";
String pwd = "your password";
Api api = new Api(url, user, pwd);
try {
//test
//System.out.println(api.get_poc_list(null, false, null, 0, 0).toJSONString());
//创建任务
// JSONObject obj = api.start_scan("黄磊的任务A", "192.168.110.0/24", "", "", "", "", "");
// System.out.println(obj.toJSONString());
// JSONObject obj2 = (JSONObject)(obj.get("data"));
// System.out.println(obj2.get("taskId")); // 20231101215930
//获取任务的统计数据
String task_id = "20231101215930";
System.out.println("获取任务的统计数据");
System.out.println(api.get_statistics_data(task_id).toJSONString());
//获取任务进度
System.out.println("获取任务进度");
System.out.println(api.get_scan_progress(task_id).toJSONString());
//点击IP地址获取详情
String ip = "192.168.110.2";
System.out.println("点击IP地址获取详情");
System.out.println(api.get_ip_info(task_id, ip).toJSONString());
//获取任务的漏洞统计数据
System.out.println("获取任务的漏洞统计数据");
System.out.println(api.get_vuln_statistics(task_id).toJSONString());
//搜索任务的漏洞数据
System.out.println("搜索任务的漏洞数据");
System.out.println(api.get_vulnerability_search(task_id, 1, 3000).toJSONString());
//获取任务的Web漏洞列表
System.out.println("获取任务的Web漏洞列表");
System.out.println(api.get_web_list(task_id, 1, 20).toJSONString());
//获取指漏洞详情描述
//api.get_poc_info("Redis unauthorized");
//获取任务的漏洞分析数据
System.out.println("获取指漏洞详情描述");
System.out.println(api.get_vul_analysis(task_id).toJSONString());
//停止扫描任务
//api.stop_scan(task_id);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
运行结果:
需要代码请v lalawangzi1986
扫一扫
207
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
