用于hunter-client向后端发送一个创建任务的请求
请求数据包如下:
POST /task/ Content-Type: application/json; charset=utf-8 { read_agreement: "true", hook_rule: "http://xx:8080/", receiver_email: "[email protected]", task_name: "安全测试项目" }
请求参数说明
参数 | 类型 | 样例 | 备注 |
---|---|---|---|
read_agreement | str | true | 是否阅读并同意协议 |
hook_rule | str | http://xx:8080/ | hooke规则 |
receiver_email | str | [email protected] | 结束任务之后发送的邮箱 |
task_name | str | xx测试项目 | 任务名称 |
测试:
.. http:example:: curl wget httpie python-requests POST /task/ HTTP/1.1 Host: localhost:8080 Accept: application/json { read_agreement: "true", hook_rule: "http://xx:8080/", receiver_email: "[email protected]", task_name: "安全测试项目" }
创建任务成功:
Content-Type: application/json; charset=utf-8 { "create_time": "2018-08-30-12:10:24", "fullname": "小陈", "message": "创建任务成功", "status": 200, "task_access_key": "9d19c488xxx..", "task_id": 23 }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
create_time | str | 2018-08-30-12:10:24 | 任务创建时间 |
fullname | str | 小陈 | 创建人 |
message | str | 创建任务成功 | |
status | int | 200 | 状态码 |
task_access_key | str | 9d19c488xxx... | 用于认证身份,SSO和task_access_key双因子认证 |
task_id | int | 23 | 任务ID |
错误的请求:
Content-Type: application/json; charset=utf-8 { "message": "创建任务失败", "status": 400, "extra_info": "新建任务时没有设置网址正则或任务名称", }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | 创建任务失败 | |
status | int | 400 | 状态码 |
extra_info | str | 新建任务时没有设置网址正则或任务名称 | 错误信息 |
错误的请求:
Content-Type: application/json; charset=utf-8 { "message": "创建任务失败", "status": 403, "extra_info": "认证失败,请重新登录进行授权", "site": "http://127.0.0.1:8888/authorization/" }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | 创建任务失败 | |
status | int | 403 | 状态码 |
extra_info | str | 新建任务时没有设置网址正则或任务名称 | 错误信息 |
site | str | http://127.0.0.1:8888/authorization/ | 跳转网址 |
错误的请求:
Content-Type: application/json; charset=utf-8 { "message": "创建任务失败", "status": 500, "extra_info": "请检查插件权限是否能获取cookie", "site": "http://127.0.0.1:8888/authorization/" }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | 创建任务失败 | |
status | int | 400 | 状态码 |
extra_info | str | 请检查插件权限是否能获取cookie或者sso认证接口超时,请稍后重试 | 错误信息 |
site | str | http://127.0.0.1:8888/authorization/ | 跳转网址 |
用于hunter-client向后端发送一个结束任务的请求
请求数据包如下:
DELETE /task/ Content-Type: application/json; charset=utf-8 { "task_id": 23, "task_access_key": "9d19c488218fe5...", }
请求参数说明
参数 | 类型 | 值 | 备注 |
---|---|---|---|
task_id | int | 23 | 任务ID |
task_access_key | str | 9d19c488218fe5... | 认证key,不能结束别人的任务 |
测试:
.. http:example:: curl wget httpie python-requests DELETE /task/ HTTP/1.1 Host: localhost:8080 Accept: application/json { "task_id": 23, "task_access_key": "9d19c488218fe5...", }
结束任务成功:
Content-Type: application/json; charset=utf-8 { "message": "结束任务成功", "status": 200, "fullname": "小陈", "extra_info": "一旦扫描结束会立即通知你的邮箱,请注意查收" }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | 结束任务成功 任务创建时间 | |
status | str | 200 | 状态码 |
fullname | str | 小陈 | 创建人 |
extra_info | str | 一旦扫描结束会立即通知你的邮箱,请注意查收 |
结束任务失败:
Content-Type: application/json; charset=utf-8 { "message": "结束任务失败", "status": 400, "extra_info": "task_id和access_key缺失,无法结束任务", "site": "http://127.0.0.1:8888/authorization/" }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | 创建任务失败 | |
status | int | 400 | 状态码 |
extra_info | str | 新建任务时没有设置网址正则或任务名称 | 错误信息 |
site | str | 跳转网址 |
结束任务失败:
Content-Type: application/json; charset=utf-8 { "message": "结束任务失败", "status": 403, "extra_info": "task_id和task_access_key映射关系不对", "site": "http://127.0.0.1:8888/authorization/" }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | 创建任务失败 | |
status | int | 403 | 状态码 |
extra_info | str | 新建任务时没有设置网址正则或任务名称或者请注销登录或者清除cookie之后重新登录 | 错误信息 |
site | str | http://127.0.0.1:8888/authorization/ | 跳转网址 |
用于hunter-client向后端发送一个自身HOOK到的数据
请求数据包如下:
POST /task/<int:task_id>/url/task_access_key/<string:task_access_key> Content-Type: application/json; charset=utf-8 { "data": { "requestid": "2319", "type": "xmlhttprequest", "url": "http://xxxxx/ajax_link.php?id=1&t=0.7082074613901739", "method": "post", "headers": "{\"Origin\":\"xxxxx\",\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\",\"Accept\":\"*/*\",\"Referer\":\"http://xx.xx.cn/\",\"Accept-Encoding\":\"gzip, deflate\",\"Accept-Language\":\"zh-CN,zh;q=0.9\",\"Cookie\":\"u=guest\"}" } }
Note
上面data为捕获到的具体数据包,比较复杂这里不展开,具体可以看chrome官方文档 Link experimental webRequest API
请求参数说明
参数 | 类型 | 值 | 备注 |
---|---|---|---|
task_id | int | 24 | 任务ID |
task_access_key | str | 9d19c488218fe5... | 认证key,不能结束别人的任务 |
测试:
.. http:example:: curl wget httpie python-requests POST /task/26/url/task_access_key/790bd30811ada91../ HTTP/1.1 Host: localhost:8080 Accept: application/json { "data": { "requestid": "2319", "type": "xmlhttprequest", "url": "http://xxxxx/ajax_link.php?id=1&t=0.7082074613901739", "method": "post", "headers": "{\"Origin\":\"xxxxx\",\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\",\"Accept\":\"*/*\",\"Referer\":\"http://demo.aisec.cn/demo/aisec/\",\"Accept-Encoding\":\"gzip, deflate\",\"Accept-Language\":\"zh-CN,zh;q=0.9\",\"Cookie\":\"u=guest\"}" } }
发送成功:
Content-Type: application/json; charset=utf-8 { "message": "发送url成功", "status": 200, }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | 发送url成功 | |
status | int | 200 | 状态码 |
发送失败:
Content-Type: application/json; charset=utf-8 { "message": "taskid或者accesskey不正确", "status": 403, }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
message | str | taskid或者accesskey不正确 | |
status | int | 403 | 状态码 |
登录成功之后获得个人所有扫描记录
- 请求数据包如下::
- GET /scanrecord/
测试:
.. http:example:: curl wget httpie python-requests GET /scanrecord/ HTTP/1.1 Host: localhost:8080
查询成功:
Content-Type: application/json; charset=utf-8 { "data": [{ "task": { "create_time": "2018-08-07-13:19:02", "dept_name": "信息安全部", "fullname": "小朱", "id": "8", "task_name": "test", "username": "XXX" }, "url": { "num": 7 }, "vul": { "details": [ "{\"id\": \"35\", \"task_id\": \"8\", \"info\": \"http://XXXXX/ajax_link.php\存\在\一\个sql\注\入\漏\洞\", \"path\": \"\", \"payload\": \"Parameter: id (GET)\\n Type: boolean-based blind\\n Title: AND boolean-based blind - WHERE or HAVING clause\\n Payload: id=1 AND 1414=1414&t=0.2564469418404698\", \"imp_version\": \"\所\有\版\本\", \"error\": \"\", \"repair\": \"\过\滤\掉sql\恶\意\字\符\", \"type\": \"sql_inject\", \"chinese_type\": \"sql\注\入\", \"description\": \"Sql \注\入\攻\击\是\通\过\将\恶\意\的 Sql \查\询\或\添\加\语\句\插\入\到\应\用\的\输\入\参\数\中\,\再\在\后\台 Sql \服\务\器\上\解\析\执\行\进\行\的\攻\击\,\它\目\前\黑\客\对\数\据\库\进\行\攻\击\的\最\常\用\手\段\之\一\。\参\考\连\接http://wiki.dev.ztosys.com/pages/viewpage.action?pageId=21741806\", \"level\": \"high\"}", "{\"id\": \"36\", \"task_id\": \"8\", \"info\": \"http://XXXXX//js_link.php?id=2&msg=abc\存\在\一\个xss\漏\洞\", \"path\": \"\", \"payload\": \"[{'url': u'http://XXXXXX/js_link.php?msg='><xss></xss>//&id='><xss></xss>//', 'data': None}]\", \"imp_version\": \"\所\有\版\本\", \"error\": \"\", \"repair\": \"\过\滤\掉<,>,',\等\特\殊\字\符\", \"type\": \"xss\", \"chinese_type\": \"xss\跨\站\脚\本\攻\击\", \"description\": \"XSS\攻\击\全\称\跨\站\脚\本\攻\击\,XSS\是\一\种\在web\应\用\中\的\计\算\机\安\全\漏\洞\,\它\允\许\恶\意web\用\户\将\代\码\植\入\到\提\供\给\其\它\用\户\使\用\的\页\面\中m\,\详\情\请\参\考http://wiki.dev.ztosys.com/pages/viewpage.action?pageId=21743578\", \"level\": \"high\"}", "{\"id\": \"37\", \"task_id\": \"8\", \"info\": \"http://XXXXX//js_link.php\存\在\一\个sql\注\入\漏\洞\", \"path\": \"\", \"payload\": \"Parameter: id (GET)\\n Type: boolean-based blind\\n Title: AND boolean-based blind - WHERE or HAVING clause\\n Payload: id=2 AND 7328=7328&msg=abc\", \"imp_version\": \"\所\有\版\本\", \"error\": \"\", \"repair\": \"\过\滤\掉sql\恶\意\字\符\", \"type\": \"sql_inject\", \"chinese_type\": \"sql\注\入\", \"description\": \"Sql \注\入\攻\击\是\通\过\将\恶\意\的 Sql \查\询\或\添\加\语\句\插\入\到\应\用\的\输\入\参\数\中\,\再\在\后\台 Sql \服\务\器\上\解\析\执\行\进\行\的\攻\击\,\它\目\前\黑\客\对\数\据\库\进\行\攻\击\的\最\常\用\手\段\之\一\。\参\考\连\接http://wiki.dev.ztosys.com/pages/viewpage.action?pageId=21741806\", \"level\": \"high\"}" ], "level": { "high": 3, "low": 0, "middle": 0 }, "num": 3, "risk_level": "high", "type": { "cmdect": 0, "cors": 0, "crlf": 0, "csrf": 0, "ddos": 0, "file_include": 0, "file_read": 0, "file_upload": 0, "hidden_danger": 0, "info_leak": 0, "jsonp": 0, "other": 0, "sql_inject": 2, "weak_pwd": 0, "xss": 1, "xxe": 0 } } }], "message": "查询成功", "status": 200 }
参数 | 类型 | 值 | 备注 |
---|---|---|---|
data | list | [{"task":TASK, "url": URL, "vul": VULN}] | 比较复杂,可见下表 |
message | str | 查询成功 | |
status | int | 200 | 状态码 |
TASK实体
参数 | 类型 | 值 | 备注 |
---|---|---|---|
create_time | str | 2018-08-07-13:19:02 | 任务创建时间 |
dept_name | str | 信息安全部 | 所属部门 |
fullname | str | 小朱 | 中文名 |
id | str | 8 | 任务ID |
task_name | str | test | 任务名称 |
username | str | XXX | 中天用户名 |
URL实体
参数 | 类型 | 值 | 备注 |
---|---|---|---|
num | int | 7 | 当前任务的URL数量 |
VULN实体
参数 | 类型 | 值 | 备注 |
details | list | VULN_DETAIL | 具体漏洞实体 |
level | map | {"high": 3,"low": 0,"middle": 0} | high,low,middle分别为高中低的数量 |
num | int | 3 | 漏洞总数 |
risk_level | high | 3 | 本次任务风险等级 |
type | map | {"cmdect": 0, "cors": 0, "crlf": 0, "csrf": 0, "ddos": 0, "file_include": 0, "file_read": 0, "file_upload": 0, "hidden_danger": 0,"info_leak": 0, "jsonp": 0, "other": 0, "sql_inject": 2, "weak_pwd": 0, "xss": 1, "xxe": 0} | 各种漏洞类型对于的数量 |
VULN_DETAIL实体
参数 | 类型 | 值 | 备注 |
id | str | 35 | 漏洞ID |
task_id | str | 8 | 漏洞所对应的任务ID |
info | str | http://xxxxxx/ajax_link.php存在一个sql注入漏洞 | 漏洞概述 |
payload | str | Parameter: id (GET)n Type: boolean-based blindn Title: AND boolean-based blind - WHERE or HAVING clausen Payload: id=1 AND 1414=1414&t=0.2564469418404698 | 漏洞攻击载荷 |
error | str | 错误信息 | |
imp_version | str | 所有版本 | 漏洞影响版本 |
repair | str | 修复建议 | 过滤掉sql恶意字符 |
type | str | sql_inject | 漏洞类型 |
chinese_type | str | sql注入 | 漏洞类型中文名 |
description | str | 漏洞参考信息 | Sql 注入攻击是通过将恶意的 Sql 查询或添加语句插入到应用的输入参数中,再在后台 Sql 服务器上解析执行进行的攻击,它目前黑客对数据库进行攻击的最常用手段之一。参考连接http://wiki.dev.ztosys.com/pages/viewpage.action?pageId=21741 |
传入id可以查看具体的结果
- 请求数据包如下::
- GET /vulnerability/details/filter/?taskid={taskid}
请求参数说明
参数 | 类型 | 值 | 备注 |
---|---|---|---|
taskid | int | 8 | 任务ID |
测试:
.. http:example:: curl wget httpie python-requests GET /vulnerability/details/filter/?taskid=8/ HTTP/1.1 Host: localhost:8080
查询成功:
{ "message": "查询成功", "status": 200, "vlun": { "details": [ "{\"id\": \"35\", \"url_id\": \"999999999\", \"task_id\": \"8\", \"info\": \"http://xxxxxx/ajax_link.php\存\在\一\个sql\注\入\漏\洞\", \"path\": \"\", \"payload\": \"Parameter: id (GET)\\n Type: boolean-based blind\\n Title: AND boolean-based blind - WHERE or HAVING clause\\n Payload: id=1 AND 1414=1414&t=0.2564469418404698\", \"imp_version\": \"\所\有\版\本\", \"error\": \"\", \"repair\": \"\过\滤\掉sql\恶\意\字\符\", \"type\": \"sql_inject\", \"chinese_type\": \"sql\注\入\", \"description\": \"Sql \注\入\攻\击\是\通\过\将\恶\意\的 Sql \查\询\或\添\加\语\句\插\入\到\应\用\的\输\入\参\数\中\,\再\在\后\台 Sql \服\务\器\上\解\析\执\行\进\行\的\攻\击\,\它\目\前\黑\客\对\数\据\库\进\行\攻\击\的\最\常\用\手\段\之\一\。\参\考\连\接http://wiki.dev.ztosys.com/pages/viewpage.action?pageId=21741806\", \"level\": \"high\"}", "{\"id\": \"36\", \"url_id\": \"999999999\", \"task_id\": \"8\", \"info\": \"http://xxxxx/js_link.php?id=2&msg=abc\存\在\一\个xss\漏\洞\", \"path\": \"\", \"payload\": \"[{'url': u'http://xxxxxxxx/js_link.php?msg='><xss></xss>//&id='><xss></xss>//', 'data': None}]\", \"imp_version\": \"\所\有\版\本\", \"error\": \"\", \"repair\": \"\过\滤\掉<,>,',\等\特\殊\字\符\", \"type\": \"xss\", \"chinese_type\": \"xss\跨\站\脚\本\攻\击\", \"description\": \"XSS\攻\击\全\称\跨\站\脚\本\攻\击\,XSS\是\一\种\在web\应\用\中\的\计\算\机\安\全\漏\洞\,\它\允\许\恶\意web\用\户\将\代\码\植\入\到\提\供\给\其\它\用\户\使\用\的\页\面\中m\,\详\情\请\参\考http://wiki.dev.ztosys.com/pages/viewpage.action?pageId=21743578\", \"level\": \"high\"}", "{\"id\": \"37\", \"url_id\": \"999999999\", \"task_id\": \"8\", \"info\": \"http://xxxxxxxx/js_link.php\存\在\一\个sql\注\入\漏\洞\", \"path\": \"\", \"payload\": \"Parameter: id (GET)\\n Type: boolean-based blind\\n Title: AND boolean-based blind - WHERE or HAVING clause\\n Payload: id=2 AND 7328=7328&msg=abc\", \"imp_version\": \"\所\有\版\本\", \"error\": \"\", \"repair\": \"\过\滤\掉sql\恶\意\字\符\", \"type\": \"sql_inject\", \"chinese_type\": \"sql\注\入\", \"description\": \"Sql \注\入\攻\击\是\通\过\将\恶\意\的 Sql \查\询\或\添\加\语\句\插\入\到\应\用\的\输\入\参\数\中\,\再\在\后\台 Sql \服\务\器\上\解\析\执\行\进\行\的\攻\击\,\它\目\前\黑\客\对\数\据\库\进\行\攻\击\的\最\常\用\手\段\之\一\。\参\考\连\接http://wiki.dev.ztosys.com/pages/viewpage.action?pageId=21741806\", \"level\": \"high\"}" ], "level": { "high": 3, "low": 0, "middle": 0 }, "num": 3, "risk_level": "high", "type": { "cmdect": 0, "cors": 0, "crlf": 0, "csrf": 0, "ddos": 0, "file_include": 0, "file_read": 0, "file_upload": 0, "hidden_danger": 0, "info_leak": 0, "jsonp": 0, "other": 0, "sql_inject": 2, "weak_pwd": 0, "xss": 1, "xxe": 0 } } }
字段意义和可参考上一小节 查看扫描历史任务