openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

!217 将扫描结果转换成json文件 

Merge pull request !217 from 宋帮诚晋/master
This commit is contained in:
宋帮诚晋 2023-03-09 09:55:33 +00:00 committed by Gitee
parent 12a63c8fb7 efaef9775c
commit 788979e3e0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
12 changed files with 308 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/BaseLine/BaseLine.yaml
View File

@ -1,6 +1,6 @@
ConfigFilePrefix: ../data/BaseLine/
Type: baseline
RootPasswd: #部分检测需要用到高权限不为root用户
RootPasswd: sbcj1999 #部分检测需要用到高权限
ExplorerItems:
- ConfigFile: UserAnalysis/checkUser.yaml #检测root权限用户
- ConfigFile: UserAnalysis/checkGid.yaml #检测特权组用户

2
data/BaseLine/UserAnalysis/checkSshPwdAnalysis.yaml
View File

@ -12,6 +12,6 @@ SiteRequests:
- "-c"
- "grep -i empty /etc/ssh/sshd_config"
Inter:
- "#PermitEmptyPasswords no" #判断输出为'-rw-r--r--'为不存在
- "#PermitEmptyPasswords no"
- "#PermitEmptyPasswords yes"
Condition: None

0
data/Report/test Normal file
View File

2
data/SystemPocs/CVE-2022-0351/CVE-2022-0351.yaml
View File

@ -2,7 +2,7 @@ FormatVer: 20230308
Id: CVE-2022-0351
Belong: system
PocHazardLevel: low
Source: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161/
Source: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161/
SiteInfo:
Name: Vim是一款基于UNIX平台的编辑器。
Severity: high

4
src/genmai/ArgParser/ParameterParser.go
View File

@ -14,7 +14,7 @@ import(
)
var Num int
func ParameterParser(sSystem string,sKernel string,sWeb string,sBaseLine string,sAll string,PoolStatNum int,ParserNum int,Update string ,IP string,help string){
func ParameterParser(sSystem string,sKernel string,sWeb string,sBaseLine string,sAll string,PoolStatNum int,ParserNum int,Update string ,IP string,help string,OutPutJson string){
Request:=make(map[string]string)
var ipCheck string
ipList := make([]string,0)
@ -139,7 +139,7 @@ func ParameterParser(sSystem string,sKernel string,sWeb string,sBaseLine string,
poolNum:=ParserNum
fmt.Println("info:Genmai enable default coprocess",poolNum)
}
Pool.CoprogramPool(Request,ipList)
Pool.CoprogramPool(Request,ipList,OutPutJson)
}
//远程参数解析

87
src/genmai/Doctor.go
View File

@ -146,20 +146,82 @@ func
}
func
(dtr *doctor)GenmaiBaseline() (rp *ReportKernel) {
(dtr *doctor)GenmaiBaseline() (rp *ReportBaseLine) {
rp = GetTemplateReportBaseLine()
var expip4addr []string
expip4addr = append(expip4addr, "0.0.0.0")
var expip6addr []string
expip6addr = append(expip6addr, "0.0.0.0")
/* */
rp.RCServerUUID = uuid.New().String()
rp.RCServerName, _ = os.Hostname()
rp.RCFamily = "RCFamily"
rp.RCRelease = "RCRelease"
rp.RCContainer = "RCContainer"
/* */
rp.RCExploredType = "BaseLine"
rp.RCExploredTimeAt = time.Now()
rp.RCExploredMode = "RCExploredMode"
rp.RCExploredVersion = "RCExploredVersion"
rp.RCExploredRevision = "RCExploredRevision"
rp.RCExploredBy = "RCExploredBy"
rp.RCExploredVia = "RCExploredVia"
rp.RCExploredIPv4Addrs = expip4addr
rp.RCExploredIPv6Addrs = expip6addr
/* */
rp.RCReportedAt = time.Now()
rp.RCReportedVersion = "RCReportedVersion"
rp.RCReportedBy = "RCReportedBy"
/* */
rp.RCErrors = "RCErrors"
rp.RCWarnings = "RCWarnings"
rp.RCReunningKernelInfo = ReportKernelInfo {
"0.0",
"0.0",
false,
}
rp.RCPackages = "RCPackages"
rp.RCSrcPackages = "RCSrcPackages"
rp.RCOptional = "RCOptional"
var wg sync.WaitGroup
wg.Add(len(dtr.ExplorersBaseLine))
/* */
lock_expvuls := sync.Mutex{}
var expvuls []VulnInfoCommon
/* */
for _, v := range dtr.ExplorersBaseLine {
expvul, rc := v.Explore()
go func(v_ ExplorerBaseLine) {
defer wg.Done()
expvul, rc := v_.Explore()
// TODO: is append expvul to expvuls according to rc
if nil != rc {
}
lock_expvuls.Lock()
defer lock_expvuls.Unlock()
if len(expvul.VICId) !=0{
infoExist:="Baseline info: "+expvul.VICId+" exists"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, infoExist, 0x1B)
expvuls = append(expvuls, expvul)
}
} (v)
// expvuls = append(expvuls, expvul)
if len(expvul.VICId)>0{
infoExist:="Baseline info: "+expvul.VICId+" exists"
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 32, infoExist, 0x1B)
}
} // for _, v ...
/* */
wg.Wait()
// TODO: should be type: ConfigCommon..
rp.RCExploredVulns = expvuls
/* */
rp.RCReportedAt = time.Now()
rp.RCElapsedTime = time.Since(rp.RCExploredTimeAt)
return rp
}
func
@ -221,7 +283,9 @@ func
lock_expvuls.Lock()
defer lock_expvuls.Unlock()
expvuls = append(expvuls, expvul)
if len(expvul.VICId) !=0{
expvuls = append(expvuls, expvul)
}
} (v)
} // for _, v ...
@ -288,14 +352,16 @@ func
defer wg.Done()
expvul, rc := v_.Explore()
// TODO: is append expvul to expvuls according to rc
if nil != rc {
}
lock_expvuls.Lock()
defer lock_expvuls.Unlock()
expvuls = append(expvuls, expvul)
if len(expvul.VICId) !=0{
expvuls = append(expvuls, expvul)
}
} (v)
} // for _, v ...
@ -307,7 +373,6 @@ func
/* */
rp.RCReportedAt = time.Now()
rp.RCElapsedTime = time.Since(rp.RCExploredTimeAt)
return rp
}

14
src/genmai/ExplorerKernel.go
View File

@ -197,13 +197,13 @@ func
im.Exec ,
im.Args... )
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
if rc.Error() =="Poc Check Successfully!"{
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
}
} // for _, im ...

18
src/genmai/ExplorerSystem.go
View File

@ -203,20 +203,18 @@ func
///////////////
// starting explore
for _, im := range config.SiteRequests.ImArray {
rc = es.exploreWithPath(im.Inter,im.InterArgs,es.ExplorerCommon.EcConfigFilePrefix +
string(os.PathSeparator)+im.Exec,im.Args... )
/* */
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
expvul.VICSiteRequests = config.SiteRequests
if rc.Error() =="Poc Check Successfully!"{
expvul.VICId = config.Id
expvul.VICBelong = config.Belong
expvul.VICPocHazardLevel = config.PocHazardLevel
expvul.VICSource = config.Source
expvul.VICSiteInfo = config.SiteInfo
}
} // for _, im ...
// ending explore
///////////////

40
src/genmai/Pool/CoprogramPool.go
View File

@ -8,24 +8,26 @@ import (
"main/genmai"
)
func worker(task func(), wg *sync.WaitGroup) {
func worker(OutPutJson string,task func(OutPutJson string), wg *sync.WaitGroup) {
defer wg.Done()
task()
}
func kernel(){
genmai.Kernel()
}
func system(){
genmai.System()
}
func web(){
genmai.Web()
}
func baseline(){
genmai.BaseLine()
task(OutPutJson)
}
func CoprogramPool(Request map[string]string,ipList []string) {
func kernel(OutPutJson string){
genmai.Kernel(OutPutJson)
}
func system(OutPutJson string){
genmai.System(OutPutJson)
}
func web(OutPutJson string){
genmai.Web(OutPutJson)
}
func baseline(OutPutJson string){
genmai.BaseLine(OutPutJson)
}
func CoprogramPool(Request map[string]string,ipList []string,OutPutJson string) {
var wg sync.WaitGroup
wg.Add(len(Request))
@ -38,7 +40,7 @@ func CoprogramPool(Request map[string]string,ipList []string) {
// kernelVul:=*(kernel.(*Cache.MyStruct))
// KernelTaskNums=len(kernelVul.Msg)
// }
go worker(kernel,&wg)
go worker(OutPutJson,kernel,&wg)
}else{
log.Println("未加载kernel模块")
}
@ -49,7 +51,7 @@ func CoprogramPool(Request map[string]string,ipList []string) {
// // SystemTaskNums=len(systemVul.Msg)
// }
go worker(system,&wg)
go worker(OutPutJson,system,&wg)
}else{
log.Println("未加载system模块")
@ -61,7 +63,7 @@ func CoprogramPool(Request map[string]string,ipList []string) {
// webVul:=*(web.(*Cache.MyStruct))
// // WebTaskNums=len(webVul.Msg)
// }
go worker(web,&wg)
go worker(OutPutJson,web,&wg)
}else{
log.Println("未加载web模块")
@ -73,7 +75,7 @@ func CoprogramPool(Request map[string]string,ipList []string) {
// baselineVul:=*(baseline.(*Cache.MyStruct))
// // BaseLineTaskNums=len(baselineVul.Msg)
// }
go worker(baseline,&wg)
go worker(OutPutJson,baseline,&wg)
}else{
log.Println("未加载baseline模块")

81
src/genmai/ReportBaseLine.go Normal file
View File

@ -0,0 +1,81 @@
package genmai
import (
"time"
)
type
ReportBaseLine struct {
ReportCommon
}
type
VulnInfoBaseLine struct {
VulnInfoCommon
}
func
GetTemplateReportBaseLine() (*ReportBaseLine) {
var expvuls []VulnInfoCommon
expvuls = append(expvuls, GetTemplateVulnInfoBaseLine().VulnInfoCommon)
/* */
var expip4addr []string
expip4addr = append(expip4addr, "0.0.0.0")
var expip6addr []string
expip6addr = append(expip6addr, "0.0.0.0")
/* */
return &ReportBaseLine {
ReportCommon {
RCServerUUID: "1234-5678-1234-5678",
RCServerName: "aServer-BaseLine",
RCFamily: "RCFamily",
RCRelease: "RCRelease",
RCContainer: "RCContainer",
/* */
RCExploredTimeAt: time.Now(),
RCExploredMode: "RCExploredMode",
RCExploredVersion: "RCExploredVersion",
RCExploredRevision: "RCExploredRevision",
RCExploredBy: "RCExploredBy",
RCExploredVia: "RCExploredVia",
RCExploredIPv4Addrs:expip4addr,
RCExploredIPv6Addrs:expip6addr,
/* */
RCReportedAt: time.Now(),
RCReportedVersion: "RCReportedVersion",
RCReportedBy: "RCReportedBy",
/* */
RCErrors: "RCErrors",
RCWarnings: "RCWarnings",
RCExploredVulns: expvuls,
RCReunningKernelInfo:ReportKernelInfo {
"0.0",
"0.0",
false,
},
RCPackages: "RCPackages", // TBD: type
RCSrcPackages: "RCSrcPackages", // TBD: type
RCOptional: "RCOptional", // TBD: type
},
}
}
func
GetTemplateVulnInfoBaseLine() VulnInfoBaseLine {
return VulnInfoBaseLine {
VulnInfoCommon {
VICFormatVer: 1,
VICId: "VICId",
VICBelong: "VICBelong",
VICPocHazardLevel: "VICPocHazardLevel",
VICSource: "VICSource",
},
}
}
////////////////////////////////////////////////////////////////
// ReportBase methods
func
(rk *ReportBaseLine)GetReportCommon() ReportCommon {
return rk.ReportCommon
}

100
src/genmai/genmai.go
View File

@ -30,9 +30,87 @@ package genmai
import (
"fmt"
"encoding/json"
"os"
)
func Kernel() {
func SystemCreatFile(rp *ReportSystem,fileName string){
path:="../data/Report/"+"System:"+fileName+".json"
_, err := os.Stat(path)
if err != nil{
}else{
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, "Err: a file with the same name exists", 0x1B)
return
}
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
}
func KernelCreatFile(rp *ReportKernel,fileName string){
path:="../data/Report/"+"Kernel:"+fileName+".json"
_, err := os.Stat(path)
if err != nil{
}else{
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, "Err: a file with the same name exists", 0x1B)
return
}
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
}
func BaseLineCreatFile(rp *ReportBaseLine,fileName string){
path:="../data/Report/"+"BaseLine:"+fileName+".json"
_, err := os.Stat(path)
if err != nil{
}else{
fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 31, "Err: a file with the same name exists", 0x1B)
return
}
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
}
func Kernel(OutPutJson string) {
DoctorIns().Reset()
DoctorIns().LoadExplorersListConfig("../data/KernelPocs/KernelPocs.yaml")
@ -41,22 +119,32 @@ func Kernel() {
DoctorIns().GenmaiKernel()
}
func System() {
func System(OutPutJson string) {
DoctorIns().Reset()
DoctorIns().LoadExplorersListConfig("../data/SystemPocs/SystemPocs.yaml")
A_DEBUG_INFO(">>Genmai System>>")
DoctorIns().GenmaiSystem()
rp := DoctorIns().GenmaiSystem()
if len(rp.RCExploredVulns)==0{
fmt.Println("System info: No vulnerability")
}else if OutPutJson !="null"{
SystemCreatFile(rp,OutPutJson)
}
}
func Web() {
func Web(OutPutJson string) {
fmt.Println("web")
}
func BaseLine(){
func BaseLine(OutPutJson string){
DoctorIns().Reset()
DoctorIns().LoadExplorersListConfig("../data/BaseLine/BaseLine.yaml")
A_DEBUG_INFO(">>Genmai BaseLine>>")
DoctorIns().GenmaiBaseline()
rp:=DoctorIns().GenmaiBaseline()
if len(rp.RCExploredVulns)==0{
fmt.Println("BaseLine info: No vulnerability")
}else if OutPutJson !="null"{
BaseLineCreatFile(rp,OutPutJson)
}
}

19
src/main.go
View File

@ -30,6 +30,7 @@ type Vul struct{
Nmap string //Nmap模块,端口和IP放在RAVUL中
Fofa string //fofa接口调用需要输入查询命令
FastScan string //快速扫描模式/版本匹配
OutPutJson string //输出json格式结果
}
type FofaCommand struct{
@ -118,8 +119,11 @@ func main(){
flag.StringVar(&FC.FofaCom, "fofaCom", "null", "设置特定公司名")
//版本匹配,快速扫描
FastScan := flag.Bool("FastScan", false, "使用远程检测,只能单独使用模块")
FastScan := flag.Bool("FastScan", false, "版本匹配,快速检测漏洞")
//输出json格式文件
flag.StringVar(&vul.OutPutJson, "OutPutJson", "null", "将漏洞扫描模块输出结果转成json文件")
//
All := flag.Bool("all", false, "只扫描system,kernel的所有poc以及检测baselin模块不可联合其他参数使用")
@ -145,6 +149,15 @@ func main(){
vul.Fofa = strconv.FormatBool(*Fofa)
vul.FastScan = strconv.FormatBool(*FastScan)
//输出格式选择
// if vul.OutPutJson =="null"{
// fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 33, "Warn: No output format specified , please enter", 0x1B)
// }else{
// var OutPutJson string ="true"
// fmt.Println(vul.OutPutJson)
// return
// }
//是否开启远程检测
if vul.RemoteAssessment=="true"{
@ -154,7 +167,7 @@ func main(){
fmt.Println("不允许登录root/administrator用户进行验证")
log.Println("不允许登录root/administrator用户进行验证")
}else if checkResult=="false"{
ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help)
ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help,vul.OutPutJson)
}
}else{
@ -163,7 +176,7 @@ func main(){
ArgParser.NmapScan(vul.Nmap, NmapScanList[:])
ArgParser.FofaApi(vul.Fofa,FC.FofaCom)
ArgParser.SystemFastScan(vul.FastScan)
ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help)
ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help,vul.OutPutJson)
}
return
}