巡风 win7 python3.7安装使用记录

最新推荐文章于 2024-05-10 11:42:13 发布

马克88

最新推荐文章于 2024-05-10 11:42:13 发布

阅读量1.1k

点赞数 1

分类专栏：渗透

本文链接：https://blog.csdn.net/yyws2039725/article/details/94623296

版权

渗透专栏收录该内容

14 篇文章 0 订阅

订阅专栏

巡风是一款适用于企业内网的漏洞快速应急、巡航扫描系统，只做初步探测，无攻击性行为。

其主体分为两部分：网络资产识别引擎，漏洞检测引擎。

网络资产识别引擎会通过用户配置的IP范围定期自动的进行端口探测（支持调用MASSCAN），并进行指纹识别，识别内容包括：服务类型、组件容器、脚本语言、CMS。

漏洞检测引擎会根据用户指定的任务规则进行定期或者一次性的漏洞检测，其支持2种插件类型、标示符与脚本，均可通过web控制台进行添加。

本人是python门外汉，有什么不对的大家请指出！

下载python 64位：

https://www.python.org/downloads/windows/

安装好了之后升级pip

git clone https://github.com/ysrc/xunfeng.git

pip install -r requirements.txt -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com

安装数据库

下载: https://sec.ly.com/mirror/mongodb-win32-x86_64-2008plus-ssl-3.4.0-signed.msi

安装，并添加系统path变量

创建目录：mongodata

start mongod --port 65521 --dbpath G:/tools/xunfeng/mongodata --auth

G:\tools\xunfeng>mongo 127.0.0.1:65521/xunfeng
MongoDB shell version v3.4.0
connecting to: mongodb://127.0.0.1:65521/xunfeng
MongoDB server version: 3.4.0
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
> db.createUser({user:'admin',pwd:'xunfeng321',roles:[{role:'dbOwner',db:'xunfeng'}]})
2019-07-04T15:38:32.400+0800 E QUERY [main] Error: couldn't add user: not authorized on xunfeng t
o execute command { createUser: "admin", pwd: "xxx", roles: [ { role: "dbOwner", db: "xunfeng" } ],
digestPassword: false, writeConcern: { w: "majority", wtimeout: 300000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1290:15
@(shell):1:1

不使用认证模式：

start mongod --port 65521 --dbpath G:/tools/xunfeng/mongodata

G:\tools\xunfeng>mongo 127.0.0.1:65521/xunfeng
MongoDB shell version v3.4.0
connecting to: mongodb://127.0.0.1:65521/xunfeng
MongoDB server version: 3.4.0
> db.createUser({user:'scan',pwd:'scanlol66',roles:[{role:'dbOwner',db:'xunfeng'}]})
Successfully added user: {
"user" : "scan",
"roles" : [
{
"role" : "dbOwner",
"db" : "xunfeng"
}
]
}
> exit
bye

导入数据库

db 文件夹位于xunfeng代码目录中:

$ mongorestore.exe -h 127.0.0.1 --port 65521 -d xunfeng db

关闭mongod.exe进程

运行系统

根据实际情况修改 conifg.py 和 run.bat 文件后, 执行:

> run.bat

G:\tools\xunfeng>python web.py
Traceback (most recent call last):
File "web.py", line 1, in <module>
from views.view import app
File "G:\tools\xunfeng\views\view.py", line 384
print 'upload result:' + rsp.read()
^
SyntaxError: invalid syntax

Python 3.0以后的print都改为了print();

from urllib import unquote, urlopen, urlretrieve, quote, urlencode
ImportError: cannot import name 'unquote' from 'urllib' (D:\Program Files\Python37\lib\urllib\__init
__.py)

在Python 3.x中，我们需要导入urllib.parse.quote时：
使用from urllib.parse import quote

修改：

from urllib.parse import unquote, quote,urlencode
from urllib.request import urlopen, urlretrieve

File "G:\tools\xunfeng\views\view.py", line 12, in <module>
from lib.CreateExcel import *
ModuleNotFoundError: No module named 'lib'

不要执行pip install lib

File "G:\tools\xunfeng\views\view.py", line 12, in <module>
from lib.CreateExcel import *
ModuleNotFoundError: No module named 'lib.CreateExcel'

修改：

from .lib.CreateExcel import *
from .lib.Login import logincheck
from .lib.AntiCSRF import anticsrf
from .lib.QueryLogic import querylogic

import StringIO
ModuleNotFoundError: No module named 'StringIO'

Python3中已将StringIO归入io，改成：import io

或者：

“import StringIO”改成“from io import StringIO ”，运行成功。

import StringIO适用于python 2.X

StringIO.改成io.

except Exception, e:
^
SyntaxError: invalid syntax

批量替换成：except Exception as e:

ModuleNotFoundError: No module named 'urllib2'

用urllib.request代替urllib2，批量替换

G:\tools\xunfeng>python web.py
* Serving Flask app "views" (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
* Running on http://0.0.0.0:80/ (Press CTRL+C to quit)

执行其他的命令，修复错误

python3中，由于thread有两个很致命的问题，所以python3更推荐用threading代替thread，

所以，thread被改名为_thread

import _thread

G:\tools\xunfeng>pip install mongo
Collecting mongo
Downloading https://files.pythonhosted.org/packages/30/06/3b87f3487c7c9c6a2ae9994c81f4fda82446b3b2
96c7f35b0b7824708fc4/mongo-0.2.0.tar.gz
Requirement already satisfied: pymongo in d:\program files\python37\lib\site-packages (from mongo) (
3.8.0)
Installing collected packages: mongo
Running setup.py install for mongo ... done
Successfully installed mongo-0.2.0

G:\tools\xunfeng>python nascan/nascan.py
Traceback (most recent call last):
File "nascan/nascan.py", line 4, in <module>
from lib.common import *
File "G:\tools\xunfeng\nascan\lib\common.py", line 4, in <module>
import log
File "D:\Program Files\Python37\lib\log.py", line 5, in <module>
reload(sys)
NameError: name 'reload' is not defined

from importlib import reload

修复xunfeng\nascan\lib下的log.py，scan.py，cidr.py，icmp.py，mongo.py...

还是会相对路径错误，最后还是将某些导入修改为类似：from . import log，过了一个from .

不要执行pip install config

sys.setdefaultencoding('utf8')
AttributeError: module 'sys' has no attribute 'setdefaultencoding'

去掉:sys.setdefaultencoding('utf8')

python3 中引入Queue 会报出这个问题，需小写的
python3 中这样引入：import queue
python2 中这样引入：import Queue
为了兼容可以这样

import sys
if sys.version > '3':
import queue as Queue
else:
import Queue
或者：

from multiprocessing import Queue

访问http://127.0.0.1/ 直接302出错，跳转到500页面

500

INTERNAL SERVER ERROR

访问：

http://127.0.0.1/login

输入账号密码还是跳转到了500页面127.0.0.1 - - [04/Jul/2019 20:54:19] "POST /login HTTP/1.1" 302 -
'SecureCookieSession' object has no attribute 'has_key'

xunfeng\views\lib\Login.py (1 hit)
Line 11: if session.has_key('login'):

Python从2.6版本后中将has_key换成in

if 'login' in session:

终于成功登陆进入

python vulscan/vulscan.py还有其他问题：

每次启动都下载：

b'20190527'
check version
new version 20190527
kunpeng update 20190527
url https://github.com/opensec-cn/kunpeng/releases/download/20190527/kunpeng_windows_v20190527.zip
0.00%

G:\tools\xunfeng\vulscan\kunpeng.py (1 hit)
Line 37: print('new version', release['tag_name'])

self.get_version(): b'20190527'

版本不知道获取是这样self.kunpeng.GetVersion.restype = c_char_p

# 返回值的类型是 'bytes' object

if release['tag_name'] != self.get_version():

替换成：

if release['tag_name'].encode() != self.get_version():

update success 20190527

 _
| | ___   _ _ __  _ __   ___ _ __   __ _
| |/ / | | | '_ \| '_ \ / _ \ '_ \ / _' |
|   <| |_| | | | | |_) |  __/ | | | (_| |
|_|\_\\__,_|_| |_| .__/ \___|_| |_|\__, |
                 |_|               |___/

b'20190527'
vulscan/vulscan.py:266: DeprecationWarning: insert is deprecated. Use insert_one or insert_many inst
ead.
  na_plugin.insert(plugin_info)
18701824
update success 20190527

 _
| | ___   _ _ __  _ __   ___ _ __   __ _
| |/ / | | | '_ \| '_ \ / _ \ '_ \ / _' |
|   <| |_| | | | | |_) |  __/ | | | (_| |
|_|\_\\__,_|_| |_| .__/ \___|_| |_|\__, |
                 |_|               |___/

b'20190527'
fatal error: runtime: unexpected waitm - semaphore out of sync

goroutine 35 [syscall]:
runtime.notetsleepg(0x6c071a80, 0x4a817c800, 0x0)
        C:/Go/src/runtime/lock_sema.go:280 +0x52 fp=0x1c0002eff58 sp=0x1c0002eff18 pc=0x6b04c162
runtime.timerproc(0x6c071a60)
        C:/Go/src/runtime/time.go:288 +0x31c fp=0x1c0002effd8 sp=0x1c0002eff58 pc=0x6b08aaec
runtime.goexit()
        C:/Go/src/runtime/asm_amd64.s:1333 +0x1 fp=0x1c0002effe0 sp=0x1c0002effd8 pc=0x6b098f61
created by runtime.(*timersBucket).addtimerLocked
        C:/Go/src/runtime/time.go:170 +0x11b

goroutine 13 [runnable]:
time.Sleep(0x4a817c800)
        C:/Go/src/runtime/time.go:105 +0x164
github.com/opensec-cn/kunpeng/plugin/json.loadExtraJSONPlugin()
        D:/gocode/src/github.com/opensec-cn/kunpeng/plugin/json/init.go:129 +0x39
created by github.com/opensec-cn/kunpeng/plugin/json.init.0
        D:/gocode/src/github.com/opensec-cn/kunpeng/plugin/json/init.go:21 +0x5a

批量替换vulscan/vulscan.py

a_plugin.insert(plugin_info)替换为：

a_plugin.insert_one(plugin_info)

b'20190527'
vulscan/vulscan.py:270: DeprecationWarning: count is deprecated. Use Collection.count_documents inst
ead.
  if na_plugin.find().count() >= 1:
vulscan/vulscan.py:177: DeprecationWarning: find_and_modify is deprecated, use find_one_and_delete,
find_one_and_replace, or find_one_and_update instead
  "$set": {"status": 1}}, sort={'time': 1})
check version
vulscan/vulscan.py:177: DeprecationWarning: Passing mapping types for `sort` is deprecated, use a li
st of (key, direction) pairs instead
  "$set": {"status": 1}}, sort={'time': 1})
vulscan/vulscan.py:214: DeprecationWarning: count is deprecated. Use Collection.count_documents inst
ead.
  queue_count = na_task.find({"status": 0, "plan": 0}).count()
vulscan/vulscan.py:225: DeprecationWarning: update is deprecated. Use replace_one, update_one or upd
ate_many instead.
  "$set": {"value": load, "up_time": datetime.datetime.now()}})
new version 20190527
kunpeng update  20190527
url https://github.com/opensec-cn/kunpeng/releases/download/20190527/kunpeng_windows_v20190527.zip

task_req = na_task.find_and_modify({query={"status": 0, "plan": 0}, update={
"$set": {"status": 1}}, sort={'time': 1}})

替换成：

task_req = na_task.find_one_and_update({"status": 0, "plan": 0}, {
"$set": {"status": 1}}, {'time': 1})

if na_plugin.find().count()>= 1:

替换成：

if na_plugin.count_documents({}) >= 1:

queue_count = na_task.find({"status": 0, "plan": 0}).count()

替换成：

queue_count = na_task.count_documents({"status": 0, "plan": 0})

na_heart.update({"name": "load"}, {
"$set": {"value": load, "up_time": datetime.datetime.now()}})

替换成：

na_heart.update_one({"name": "load"}, {
"$set": {"value": load, "up_time": datetime.datetime.now()}})

插件安装确认

插件名：Struts2 052远程代码执行
描述：当启用 Struts REST的XStream handler去反序列化处理XML请求，可能造成远程代码执行漏洞，进而直接导致服务器被入侵控制。
作者：wolf@YSRC

安装失败，一定是姿势不对

Request URL:http://127.0.0.1/installplugin?unicode=2017-9-6-1

Request Method:GET

fail

Search "installplugin" (5 hits in 3 files)
G:\tools\xunfeng\views\static\buss\js\common.js (1 hit)
   Line 120: $.get('/installplugin', {unicode: unicode}, function (e) {
G:\tools\xunfeng\views\view.py (2 hits)
   Line 538: @app.route('/installplugin')
   Line 540: def installplugin():

print('https://sec.ly.com/xunfeng/getplugin?name=' + item['location'], file_path + file_name)

结果输出：

https://sec.ly.com/xunfeng/getplugin?name=s2_052.py

G:\tools\xunfeng\views/../vulscan/vuldb/s2_052.py

查看了一下，该文件存在，修改输出错误：

except Exception as e:
print(e)
pass

结果提示：invalid syntax (s2_052.py, line 56)

发现是：except Exception, e:

看来太多插件都是python2.*下开发的，还是要安装python2.*才行

修改：xunfeng\views\view.py，用以将漏洞检测脚本兼容python3.7:

if os.path.exists(file_path + file_name):
        try:
            if file_name.split('.')[-1] == 'py':
                json_text = open(file_path + file_name, 'r', encoding='UTF-8').read()
                json_text = json_text.replace("except Exception, e:","except Exception as e:")
                json_text = json_text.replace("except Exception,e:","except Exception as e:")
                json_text = json_text.replace("except urllib2.HTTPError, e:","except urllib2.HTTPError as e:")
                json_text = json_text.replace("except urllib2.HTTPError,e:","except urllib2.HTTPError as e:")
                json_text = json_text.replace("except urllib2.URLError, e:","except urllib2.URLError as e:")
                json_text = json_text.replace("except urllib2.URLError,e:","except urllib2.URLError as e:")
                if json_text.find('import urllib.request as urllib2')==-1:
                    json_text = json_text.replace("urllib2","urllib.request")
                json_text = json_text.replace("import Queue","import queue")
                json_text = json_text.replace("import StringIO","import io")
                json_text = json_text.replace(" StringIO."," io.")
                json_text = json_text.replace("\t","    ")
                json_text = json_text.replace("import urlparse","from urllib.parse import urlparse")
                json_text = json_text.replace("import HTMLParser","from html.parser import HTMLParser")
                pat = ' print(.*)\n'
                ret_1=re.search(pat, json_text)
                if ret_1 != None:
                    print(ret_1.group())
                    print(ret_1.group(1))
                    json_text = json_text.replace(" print"+ret_1.group(1)," print("+ret_1.group(1)+")")
                    #json_text = re.sub(pat, double, json_text)
                #print(json_text)
                # 'str' object has no attribute 'decode'
                #import codecs
                #codecs.decode('ab', 'hex')
                pat = "    return (.*)\.decode\('hex'\)"
                ret_2=re.search(pat, json_text)
                if ret_2 != None:
                    print(ret_2.group(1))
                    json_text = json_text.replace(json_text,"import codecs\n"+json_text)
                    json_text = json_text.replace("    return "+ret_2.group(1)+".decode('hex')","    return str(codecs.decode("+ret_2.group(1)+",'hex'))")
                with open(file_path + file_name,'w+',encoding='utf-8') as f:
                    f.write(json_text)
                    f.seek(0)
                module = __import__(file_name.split('.')[0])   #这个位置导致插件安装失败,python2.*兼容问题
                print("兼容")
                mark_json = module.get_plugin_info()
                json_string['filename'] = file_name.split('.')[0]
            else:
                json_text = open(file_path + file_name, 'r', encoding='UTF-8').read()
                mark_json = json.loads(json_text)
                json_string['filename'] = file_name
                mark_json.pop('plugin')
            
            json_string.update(mark_json)
            Mongo.coll['Plugin'].insert(json_string)
            Mongo.coll['Update'].update_one({'unicode': unicode}, {'$set': {'isInstall': 1}})
            rsp = 'success'
        except Exception as e:
            print("error:",e)
            pass
    return rsp

替换xunfeng\vulscan\vuldb下的脚本相应代码

马克88

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
巡风 win7 python3.7安装使用记录

巡风是一款适用于企业内网的漏洞快速应急、巡航扫描系统，只做初步探测，无攻击性行为。其主体分为两部分：网络资产识别引擎，漏洞检测引擎。网络资产识别引擎会通过用户配置的IP范围定期自动的进行端口探测（支持调用MASSCAN），并进行指纹识别，识别内容包括：服务类型、组件容器、脚本语言、CMS。漏洞检测引擎会根据用户指定的任务规则进行定期或者一次性的漏洞检测，其支持2种插件类型、标示符与脚本...
复制链接

扫一扫