安全测试平台部署手册
目录
1.1目的
简述安全测试平台v1.0环境搭建。
1.2文档范围
公司内部。
1.3预期的读者和阅读建议
开发测试
2.1python3.6安装
1).下载
网站: https://www.python.org/downloads/中找python3.6版本任选其一的下载linux版本
2).上传
传输到服务器然后解压,命令tar –xzvf Python-3.6.5.ta.xz例如:
3).安装python
使用如下命令:
./configure --prefix=/usr/local【其中--prefix=/usr/local修改指定目录,可以不用】
make && make install【可以参考文档https://www.cnblogs.com/johnny1024/p/8441396.html】
4).安装pip
命令:yum -y install python-pip或者easy_install-3.6 pip
5).安装环境所需包
pip3 install -r requirements_online.txt
amqp==2.3.2
androguard==3.2.1
APScheduler==3.5.1
asn1crypto==0.24.0
backcall==0.1.0
beautifulsoup4==4.6.3
billiard==3.5.0.4
biplist==1.0.3
blinker==1.4
brotlipy==0.7.0
cap==0.0.114
celery==4.2.1
certifi==2018.1.18
cffi==1.11.5
chardet==3.0.4
click==6.7
codegen==1.0
colorama==0.3.9
configparser==3.5.0
cryptography==2.1.4
cycler==0.10.0
decorator==4.3.0
Django==2.0.5
django-apscheduler==0.2.3
django-cors-headers==2.1.0
django-crontab==0.7.1
django-hgwebproxy==0.2.0
django-jsonfield==1.0.1
django-patterns==0.0.3
django-redis==4.9.0
djangorestframework==3.7.7
djangorestframework-jwt==1.11.0
enum34==1.1.6
future==0.16.0
fuzz==0.1.1
h11==0.7.0
h2==3.0.1
hpack==3.0.0
hyperframe==5.1.0
idna==2.6
ipython==6.5.0
ipython-genutils==0.2.0
jedi==0.12.1
jsonfield==2.0.2
kaitaistruct==0.8
kiwisolver==1.0.1
kombu==4.2.1
ldap3==2.4.1
lib==3.0.0
lxml==4.2.1
matplotlib==2.2.2
mitmproxy==3.0.2
mysqlclient==1.3.12
networkx==2.1
nicer==0.0.36
numpy==1.15.0
parso==0.3.1
passlib==1.7.1
patterns==0.3
pdfkit==0.6.1
pexpect==4.6.0
pickleshare==0.7.4
pika==0.11.2
Pillow==5.0.0
pkt==0.0.21
prompt-toolkit==1.0.15
ptyprocess==0.6.0
pyasn1==0.4.4
pycparser==2.18
pydivert==2.1.0
Pygments==2.2.0
PyJWT==1.5.3
PyMySQL==0.8.0
pyOpenSSL==17.5.0
pyparsing==2.2.0
pyperclip==1.6.4
python-dateutil==2.7.3
python-Levenshtein==0.12.0
pytz==2017.3
PyYAML==3.12
redis==2.10.6
requests==2.18.4
rsa==3.4.2
ruamel.yaml==0.15.52
scapy-python3==0.25
schedule==0.5.0
simplegeneric==0.8.1
six==1.11.0
sortedcontainers==1.5.10
tornado==4.5.3
traitlets==4.3.2
typing==3.6.6
tzlocal==1.5.1
urllib3==1.22
urwid==2.0.1
uWSGI==2.0.17.1
vine==1.1.4
virtualenv==16.0.0
wcwidth==0.1.7
win-unicode-console==0.5
wsproto==0.11.0
xlrd==1.1.0
【其中uWSGI 如果安装报错,需先安装yum install python36-devel然后pip3 install uWSGI==2.0.17.1,安装完成用pip3 list检查安装情况,如若安装不上,可以用pip3 install xxxx来单独安装】
2.2mysql 安装数据库
1).下载
地址: https://dev.mysql.com/downloads/mysql/
【或者yum localinstall https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm】
2).安装
yum install mysql-community-server
3).启动
systemctl enable mysqld
systemctl start mysqld
4).修改root密码:
命令:vi /etc/my.cnf
在[mysqld]下添加:skip-grant-tables
命令:mysql -u root –p进入mysql,如果密码不对,可以使用grep 'temporary password' /var/log/mysqld.log命令查看临时密码登陆
情况一:【如果出现mysql> alter user 'root'@'localhost' identified by '123456';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
使用:set global validate_password_policy=0;set global validate_password_length=1;然后继续】
可参考【https://www.jianshu.com/p/af5b0761f80a,https://blog.****.net/memory6364/article/details/82426052】
情况二:如果mysql没有password列,修改authentication_string列
update mysql.user set authentication_string=password('123456') where user='root'; #修改密码成功
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT OPTION; #授权root远程链接登录
flush privileges; #立即生效
exit;#退出
systemctl restart mysqld.service #重启mysql即可登录
导入数据表:
/*
Navicat MySQL Data Transfer
Source Server : sectest
Source Server Version : 50717
Source Host : 10.40.20.62:3306
Source Database : sectest
Target Server Type : MYSQL
Target Server Version : 50717
File Encoding : 65001
Date: 2019-07-11 18:16:29
*/
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for agent
-- ----------------------------
DROP TABLE IF EXISTS `agent`;
CREATE TABLE `agent` (
`agent_id` int(4) NOT NULL AUTO_INCREMENT,
`agent_ip` varchar(15) NOT NULL,
`status` tinyint(2) NOT NULL,
`add_time` datetime NOT NULL,
`description` varchar(255) DEFAULT NULL,
`is_delete` tinyint(2) DEFAULT NULL,
PRIMARY KEY (`agent_id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for auth_group
-- ----------------------------
DROP TABLE IF EXISTS `auth_group`;
CREATE TABLE `auth_group` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(80) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for auth_group_permissions
-- ----------------------------
DROP TABLE IF EXISTS `auth_group_permissions`;
CREATE TABLE `auth_group_permissions` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`group_id` int(11) NOT NULL,
`permission_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `auth_group_permissions_group_id_permission_id_0cd325b0_uniq` (`group_id`,`permission_id`),
KEY `auth_group_permissio_permission_id_84c5c92e_fk_auth_perm` (`permission_id`),
CONSTRAINT `auth_group_permissio_permission_id_84c5c92e_fk_auth_perm` FOREIGN KEY (`permission_id`) REFERENCES `auth_permission` (`id`),
CONSTRAINT `auth_group_permissions_group_id_b120cbf9_fk_auth_group_id` FOREIGN KEY (`group_id`) REFERENCES `auth_group` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for auth_permission
-- ----------------------------
DROP TABLE IF EXISTS `auth_permission`;
CREATE TABLE `auth_permission` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(255) NOT NULL,
`content_type_id` int(11) NOT NULL,
`codename` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `auth_permission_content_type_id_codename_01ab375a_uniq` (`content_type_id`,`codename`),
CONSTRAINT `auth_permission_content_type_id_2f476e4b_fk_django_co` FOREIGN KEY (`content_type_id`) REFERENCES `django_content_type` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=73 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for auth_user
-- ----------------------------
DROP TABLE IF EXISTS `auth_user`;
CREATE TABLE `auth_user` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户id',
`password` varchar(128) NOT NULL COMMENT '密码',
`last_login` datetime DEFAULT NULL,
`is_superuser` tinyint(1) NOT NULL,
`username` varchar(150) NOT NULL COMMENT '用户名',
`first_name` varchar(30) NOT NULL,
`last_name` varchar(150) NOT NULL,
`email` varchar(254) NOT NULL,
`is_staff` tinyint(1) NOT NULL,
`is_active` tinyint(1) NOT NULL,
`date_joined` datetime NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB AUTO_INCREMENT=57 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for auth_user_groups
-- ----------------------------
DROP TABLE IF EXISTS `auth_user_groups`;
CREATE TABLE `auth_user_groups` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`group_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `auth_user_groups_user_id_group_id_94350c0c_uniq` (`user_id`,`group_id`),
KEY `auth_user_groups_group_id_97559544_fk_auth_group_id` (`group_id`),
CONSTRAINT `auth_user_groups_group_id_97559544_fk_auth_group_id` FOREIGN KEY (`group_id`) REFERENCES `auth_group` (`id`),
CONSTRAINT `auth_user_groups_user_id_6a12ed8b_fk_auth_user_id` FOREIGN KEY (`user_id`) REFERENCES `auth_user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for auth_user_user_permissions
-- ----------------------------
DROP TABLE IF EXISTS `auth_user_user_permissions`;
CREATE TABLE `auth_user_user_permissions` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`permission_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `auth_user_user_permissions_user_id_permission_id_14a6b632_uniq` (`user_id`,`permission_id`),
KEY `auth_user_user_permi_permission_id_1fbb5f2c_fk_auth_perm` (`permission_id`),
CONSTRAINT `auth_user_user_permi_permission_id_1fbb5f2c_fk_auth_perm` FOREIGN KEY (`permission_id`) REFERENCES `auth_permission` (`id`),
CONSTRAINT `auth_user_user_permissions_user_id_a95ead1b_fk_auth_user_id` FOREIGN KEY (`user_id`) REFERENCES `auth_user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for authority
-- ----------------------------
DROP TABLE IF EXISTS `authority`;
CREATE TABLE `authority` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`privilege` bigint(20) NOT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=40 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
-- ----------------------------
-- Table structure for authtoken_token
-- ----------------------------
DROP TABLE IF EXISTS `authtoken_token`;
CREATE TABLE `authtoken_token` (
`key` varchar(40) NOT NULL COMMENT 'token',
`created` datetime NOT NULL,
`user_id` int(11) NOT NULL COMMENT '用户id',
PRIMARY KEY (`key`),
UNIQUE KEY `user_id` (`user_id`),
CONSTRAINT `authtoken_token_user_id_35299eff_fk_auth_user_id` FOREIGN KEY (`user_id`) REFERENCES `auth_user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for cryption
-- ----------------------------
DROP TABLE IF EXISTS `cryption`;
CREATE TABLE `cryption` (
`crypt_id` int(11) NOT NULL AUTO_INCREMENT,
`target_id` int(11) NOT NULL,
`path` varchar(255) DEFAULT NULL,
`parameter` varchar(100) NOT NULL,
`cryption_alg` varchar(100) NOT NULL,
`key1` text,
`key2` text,
`plaintext` varchar(1000) DEFAULT NULL,
`effect_time` datetime DEFAULT NULL,
`add_time` datetime NOT NULL,
`modify_time` datetime NOT NULL,
`author` varchar(30) NOT NULL,
`is_delete` tinyint(2) NOT NULL,
PRIMARY KEY (`crypt_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for django_admin_log
-- ----------------------------
DROP TABLE IF EXISTS `django_admin_log`;
CREATE TABLE `django_admin_log` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`action_time` datetime NOT NULL,
`object_id` longtext,
`object_repr` varchar(200) NOT NULL,
`action_flag` smallint(5) unsigned NOT NULL,
`change_message` longtext NOT NULL,
`content_type_id` int(11) DEFAULT NULL,
`user_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `django_admin_log_content_type_id_c4bce8eb_fk_django_co` (`content_type_id`),
KEY `django_admin_log_user_id_c564eba6_fk` (`user_id`),
CONSTRAINT `django_admin_log_content_type_id_c4bce8eb_fk_django_co` FOREIGN KEY (`content_type_id`) REFERENCES `django_content_type` (`id`),
CONSTRAINT `django_admin_log_user_id_c564eba6_fk` FOREIGN KEY (`user_id`) REFERENCES `auth_user` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for django_content_type
-- ----------------------------
DROP TABLE IF EXISTS `django_content_type`;
CREATE TABLE `django_content_type` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`app_label` varchar(100) NOT NULL,
`model` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `django_content_type_app_label_model_76bd3d3b_uniq` (`app_label`,`model`)
) ENGINE=InnoDB AUTO_INCREMENT=25 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for django_migrations
-- ----------------------------
DROP TABLE IF EXISTS `django_migrations`;
CREATE TABLE `django_migrations` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`app` varchar(255) NOT NULL,
`name` varchar(255) NOT NULL,
`applied` datetime NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=29 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for django_session
-- ----------------------------
DROP TABLE IF EXISTS `django_session`;
CREATE TABLE `django_session` (
`session_key` varchar(40) NOT NULL,
`session_data` longtext NOT NULL,
`expire_date` datetime NOT NULL,
PRIMARY KEY (`session_key`),
KEY `django_session_expire_date_a5c62663` (`expire_date`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for domain_blacklist
-- ----------------------------
DROP TABLE IF EXISTS `domain_blacklist`;
CREATE TABLE `domain_blacklist` (
`blacklist_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`domain_name` varchar(255) NOT NULL COMMENT '域名',
`is_delete` int(2) NOT NULL DEFAULT '0' COMMENT '0-未删除 1-已删除',
`author` varchar(255) NOT NULL COMMENT ' 操作者',
PRIMARY KEY (`blacklist_id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=40 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
-- ----------------------------
-- Table structure for flow_get_period
-- ----------------------------
DROP TABLE IF EXISTS `flow_get_period`;
CREATE TABLE `flow_get_period` (
`period_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`trigger_type` varchar(255) NOT NULL COMMENT '周期单位hour、minute、day、month、week',
`trigger_rate` int(11) NOT NULL COMMENT '周期',
`author` varchar(255) NOT NULL COMMENT '操作者',
PRIMARY KEY (`period_id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
-- ----------------------------
-- Table structure for flow_source_address
-- ----------------------------
DROP TABLE IF EXISTS `flow_source_address`;
CREATE TABLE `flow_source_address` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`flow_address` varchar(2555) NOT NULL COMMENT '自动化执行机地址',
`add_time` datetime NOT NULL,
`author` varchar(255) DEFAULT NULL COMMENT '操作者',
PRIMARY KEY (`id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=14 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
-- ----------------------------
-- Table structure for product_code
-- ----------------------------
DROP TABLE IF EXISTS `product_code`;
CREATE TABLE `product_code` (
`product_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`label` varchar(20) NOT NULL COMMENT '产线名称',
`value` varchar(20) NOT NULL COMMENT '产线code',
`is_delete` int(11) NOT NULL COMMENT '0-未删除 1-已删除',
PRIMARY KEY (`product_id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=20 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
-- ----------------------------
-- Table structure for scan_rule
-- ----------------------------
DROP TABLE IF EXISTS `scan_rule`;
CREATE TABLE `scan_rule` (
`rule_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`operation_type` varchar(25) NOT NULL COMMENT '操作类型',
`param_keywords` varchar(255) DEFAULT NULL COMMENT '参数',
`vul_type` varchar(255) NOT NULL COMMENT '漏洞类型',
`is_delete` int(2) NOT NULL DEFAULT '0' COMMENT '0-未删除 1-已删除 ',
`author` varchar(255) NOT NULL COMMENT '操作者',
`path_keywords` varchar(255) DEFAULT NULL COMMENT '路劲关键词',
PRIMARY KEY (`rule_id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=78 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
-- ----------------------------
-- Table structure for scanresult
-- ----------------------------
DROP TABLE IF EXISTS `scanresult`;
CREATE TABLE `scanresult` (
`result_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`target_id` int(11) NOT NULL COMMENT '目标id',
`task_id` int(11) NOT NULL COMMENT '任务id',
`job_id` bigint(20) NOT NULL COMMENT '工作单元id',
`request_id` bigint(20) DEFAULT NULL COMMENT '扫描结果id',
`vul_type` int(11) NOT NULL COMMENT '漏洞类型',
`vul_param` varchar(100) DEFAULT NULL COMMENT '漏洞参数',
`payload` varchar(255) DEFAULT NULL COMMENT '负载',
`status` tinyint(2) NOT NULL COMMENT '0-待确认 1-修复中 2-已修复 3-误报 4-不修复 ',
`add_time` datetime NOT NULL,
`modify_time` datetime NOT NULL,
`description` text,
`remark` varchar(255) DEFAULT NULL COMMENT '备注',
`risk_level` varchar(50) DEFAULT NULL,
PRIMARY KEY (`result_id`)
) ENGINE=InnoDB AUTO_INCREMENT=371 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for script
-- ----------------------------
DROP TABLE IF EXISTS `script`;
CREATE TABLE `script` (
`script_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`script_type` tinyint(2) NOT NULL COMMENT '脚本类型:0-漏洞检测 1-组件检测 2-登陆脚本 其他-位置脚本类型',
`vul_type` int(11) DEFAULT NULL COMMENT '漏洞类型(具体见vulnerability表)',
`component_type` varchar(50) DEFAULT NULL COMMENT '组件类型',
`script_name` varchar(50) NOT NULL COMMENT '脚本名称',
`script_lang` varchar(50) NOT NULL COMMENT '脚本语言',
`description` varchar(255) DEFAULT NULL COMMENT '脚本描述',
`status` tinyint(2) NOT NULL COMMENT '0-未** 1-已**',
`add_time` datetime NOT NULL,
`modify_time` datetime NOT NULL,
`is_delete` int(2) NOT NULL COMMENT '0-未删除 1-已删除',
`author` varchar(30) NOT NULL COMMENT '操作者',
PRIMARY KEY (`script_id`)
) ENGINE=InnoDB AUTO_INCREMENT=35 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for target
-- ----------------------------
DROP TABLE IF EXISTS `target`;
CREATE TABLE `target` (
`target_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键',
`product_name` varchar(100) NOT NULL COMMENT '产线名称',
`product_code` varchar(100) NOT NULL COMMENT '产线编码',
`project_name` varchar(100) NOT NULL COMMENT '产品名称',
`project_version` varchar(100) NOT NULL COMMENT '产品版本',
`target_url` varchar(255) DEFAULT NULL COMMENT '目标url',
`add_time` datetime NOT NULL,
`modify_time` datetime NOT NULL,
`author` varchar(30) NOT NULL COMMENT '操作者',
`is_delete` int(2) NOT NULL COMMENT '0-未删除 1-已删除',
PRIMARY KEY (`target_id`)
) ENGINE=InnoDB AUTO_INCREMENT=59 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for task
-- ----------------------------
DROP TABLE IF EXISTS `task`;
CREATE TABLE `task` (
`task_id` int(11) NOT NULL AUTO_INCREMENT COMMENT '任务id',
`target_id` int(11) NOT NULL COMMENT '目标id',
`cookie` varchar(255) DEFAULT NULL COMMENT '认证cookie',
`account` varchar(255) DEFAULT NULL COMMENT '账户名称',
`password` varchar(255) DEFAULT NULL COMMENT '账户密码',
`cryption_alg` varchar(100) DEFAULT NULL COMMENT '加密算法',
`key1` varchar(255) DEFAULT NULL COMMENT '秘钥',
`start_time` datetime NOT NULL,
`end_time` datetime DEFAULT NULL,
`trigger_type` varchar(10) DEFAULT NULL COMMENT '执行周期类型-hour、day、week、month',
`trigger_rate` tinyint(4) DEFAULT NULL COMMENT '执行频率',
`traffic_source` tinyint(2) NOT NULL COMMENT '流量来源',
`traffic_start_time` datetime NOT NULL,
`traffic_end_time` datetime NOT NULL,
`status` tinyint(2) NOT NULL COMMENT '任务执行状态:0-未开始 1-进行中 2-已停止 3-已完成',
`description` varchar(255) DEFAULT NULL COMMENT '任务描述',
`add_time` datetime NOT NULL,
`modify_time` datetime NOT NULL,
`author` varchar(30) NOT NULL COMMENT '操作者',
`auth_type` tinyint(2) DEFAULT NULL COMMENT '认证方式:0-cookie 1-账户登录',
`is_delete` tinyint(2) NOT NULL COMMENT '0-未删除 1-已删除',
PRIMARY KEY (`task_id`)
) ENGINE=InnoDB AUTO_INCREMENT=90 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for taskjob
-- ----------------------------
DROP TABLE IF EXISTS `taskjob`;
CREATE TABLE `taskjob` (
`job_id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '工作单元id',
`task_id` int(11) NOT NULL COMMENT '任务id',
`target_id` int(11) NOT NULL COMMENT '目标id',
`scan_host` varchar(255) NOT NULL COMMENT '扫描host',
`path` varchar(255) DEFAULT NULL COMMENT '扫描地址',
`request_id` int(11) NOT NULL COMMENT '扫描结果id',
`script_id` int(11) NOT NULL COMMENT '脚本id',
`status` tinyint(2) NOT NULL COMMENT 'job状态 0: ''未开始'',\r\n 1: ''进行中'',\r\n 2: ''已取消'',\r\n 3: ''已停止'',\r\n 4: ''已完成'',',
`agent_id` int(4) NOT NULL COMMENT '代理id',
`add_time` datetime NOT NULL,
`remark` varchar(255) DEFAULT NULL,
`update_time` datetime DEFAULT NULL,
PRIMARY KEY (`job_id`)
) ENGINE=InnoDB AUTO_INCREMENT=61123 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for traffic
-- ----------------------------
DROP TABLE IF EXISTS `traffic`;
CREATE TABLE `traffic` (
`request_id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '扫描结果id',
`host` varchar(255) NOT NULL COMMENT '扫描host',
`path` varchar(255) NOT NULL COMMENT '扫描地址',
`url_params` text COMMENT '参数',
`method` varchar(10) NOT NULL COMMENT '请求方法',
`request` text NOT NULL COMMENT '请求',
`response` text COMMENT '响应',
`source` tinyint(2) NOT NULL COMMENT '来源 0:all 1:app 2:browser 3:autotest 4:browserplug 5:unknown',
`operation_type` varchar(255) NOT NULL COMMENT '操作内容',
`digest` varchar(32) NOT NULL COMMENT '请求摘要',
`auto_status` tinyint(2) NOT NULL COMMENT '自动化任务状态0: ''未开始'',\r\n 1: ''已扫描'',',
`task_status` tinyint(2) NOT NULL COMMENT '手动任务状态0: ''未开始'',\r\n 1: ''已停止'',\r\n 2: ''已扫描'',',
`add_time` datetime NOT NULL,
`source_ip` varchar(15) DEFAULT NULL COMMENT '源地址',
PRIMARY KEY (`request_id`)
) ENGINE=InnoDB AUTO_INCREMENT=11419 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Table structure for url_associated_login_script
-- ----------------------------
DROP TABLE IF EXISTS `url_associated_login_script`;
CREATE TABLE `url_associated_login_script` (
`url_id` int(10) NOT NULL AUTO_INCREMENT COMMENT '主键id',
`target_id` int(10) NOT NULL COMMENT '目标id',
`script_id` int(10) DEFAULT NULL COMMENT '脚本id',
`target_url` varchar(255) NOT NULL COMMENT '目标url',
`is_delete` int(2) NOT NULL DEFAULT '0' COMMENT '0-未删除 1-已删除',
PRIMARY KEY (`url_id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=184 DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
-- ----------------------------
-- Table structure for vulnerability
-- ----------------------------
DROP TABLE IF EXISTS `vulnerability`;
CREATE TABLE `vulnerability` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT '主键id',
`vul_id` int(11) NOT NULL COMMENT '漏洞id',
`vul_type` varchar(100) NOT NULL COMMENT '漏洞类型',
`risk` varchar(100) DEFAULT NULL COMMENT '漏洞风险',
`suggestion` varchar(100) DEFAULT NULL COMMENT '修复建议',
`risk_level` varchar(50) DEFAULT NULL COMMENT '漏洞等级',
`add_time` datetime DEFAULT NULL,
`modify_time` datetime DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=39 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of vulnerability
-- ----------------------------
INSERT INTO `vulnerability` VALUES ('1', '1', '反射型xss', '执行攻击者插入的JavaScript等脚本代码,获取用户cookie等敏感信息;常用于钓鱼', '', '中', null, null);
INSERT INTO `vulnerability` VALUES ('2', '2', '存储型xss', '执行攻击者插入的JavaScript等脚本代码,可以用于无感知获取用户cookie、token等敏感信息;', '', '高', null, null);
INSERT INTO `vulnerability` VALUES ('3', '3', 'SQL注入', '执行SQL命令,获取数据库内容;可能通过SQL注入获取webshell', '1、优先采用预编译的方式执行SQL;\r\n2、若无法预编译,则对用户提交的参数进行过滤。', '高', null, null);
INSERT INTO `vulnerability` VALUES ('4', '4', 'XXE', '命令执行;任意文件读取;拒绝服务', '', '高', null, null);
INSERT INTO `vulnerability` VALUES ('5', '5', '命令执行', '执行系统命令,获取shell', '', '高', null, null);
INSERT INTO `vulnerability` VALUES ('6', '6', 'URL跳转', '跳转到第三方网站,常用于钓鱼', '', '中', null, null);
INSERT INTO `vulnerability` VALUES ('7', '7', 'SSRF', '可以访问内网地址,进行端口扫描,严重的可以执行命令', '', '高', null, null);
INSERT INTO `vulnerability` VALUES ('8', '8', '任意文件读取', '读取到数据库任意文件,包括敏感的配置文件', '', '高', null, null);
INSERT INTO `vulnerability` VALUES ('9', '9', '敏感信息泄露', null, '', '中', null, null);
INSERT INTO `vulnerability` VALUES ('10', '10', 'CSRF', '', '', '中', null, null);
INSERT INTO `vulnerability` VALUES ('11', '11', '请求重放', null, '', '中', null, null);
INSERT INTO `vulnerability` VALUES ('12', '12', '越权', null, '', '中', null, null);
INSERT INTO `vulnerability` VALUES ('13', '13', '暴力**', null, null, '中', null, null);
INSERT INTO `vulnerability` VALUES ('14', '14', '手机验证码问题', null, null, '中', null, null);
INSERT INTO `vulnerability` VALUES ('15', '15', '验证码问题', null, null, '中', null, null);
INSERT INTO `vulnerability` VALUES ('16', '16', '登出失效', null, null, '中', null, null);
INSERT INTO `vulnerability` VALUES ('17', '17', '注册问题', null, null, '低', null, null);
INSERT INTO `vulnerability` VALUES ('18', '18', '上传问题', null, null, '高', null, null);
INSERT INTO `vulnerability` VALUES ('19', '19', '认证缺失', '认证缺失,无认证token或session直接请求', null, '高', null, null);
INSERT INTO `vulnerability` VALUES ('20', '20', '参数修改', null, null, '高', null, null);
INSERT INTO `vulnerability` VALUES ('21', '21', '密码重置问题', null, null, '高', null, null);
INSERT INTO `vulnerability` VALUES ('22', '22', '其它', null, null, '未知', null, null);
-- ----------------------------
-- Records of scan_rule
-- ----------------------------
INSERT INTO `scan_rule` VALUES ('47', 'getinfo', '', '1,3,4,5,6,7,12,19', '0', 'admin', 'last get [list detail - json config captcha banner');
INSERT INTO `scan_rule` VALUES ('48', 'updateinfo', 'update save', '1,2,3,4,5,6,7,10,11,12,19', '0', 'admin', '[add update save submit [set [insert');
INSERT INTO `scan_rule` VALUES ('49', 'login', 'password + username phone', '1,3,6,13', '0', 'admin', 'login sign - sms assign');
INSERT INTO `scan_rule` VALUES ('50', 'getinfobyid', '', '1,3,4,5,6,7,12,19', '0', 'admin', 'find get + by + id');
INSERT INTO `scan_rule` VALUES ('51', 'getinfolist', '', '1,3,4,5,6,7', '0', 'admin', 'get + list lists json] config');
INSERT INTO `scan_rule` VALUES ('52', 'pwdreset', '', '6,10,19,21', '0', 'admin', 'password pass pwd + reset');
INSERT INTO `scan_rule` VALUES ('53', 'pwdchange', '', '10,13,19', '0', 'admin', 'password pass pwd + change update');
INSERT INTO `scan_rule` VALUES ('54', 'pwdlogin', '', '3,6,13', '0', 'admin', 'password pass pwd + login');
INSERT INTO `scan_rule` VALUES ('55', 'smsget', '', '14', '0', 'admin', 'sms + get');
INSERT INTO `scan_rule` VALUES ('56', 'smsverify', null, '14', '0', 'admin', 'sms + verify check');
INSERT INTO `scan_rule` VALUES ('57', 'smslogin', null, '14', '0', 'admin', 'sms + login');
INSERT INTO `scan_rule` VALUES ('58', 'captchaget', null, '15', '0', 'admin', 'captcha + get');
INSERT INTO `scan_rule` VALUES ('59', 'captchaverify', null, '15', '0', 'admin', 'captcha + send verify check');
INSERT INTO `scan_rule` VALUES ('60', 'logout', null, '16', '0', 'admin', 'logout');
INSERT INTO `scan_rule` VALUES ('61', 'upload', null, '18', '0', 'admin', 'upload');
INSERT INTO `scan_rule` VALUES ('62', 'register', null, '17', '0', 'admin', 'register');
INSERT INTO `scan_rule` VALUES ('63', 'judge', null, '1,3,5,7', '0', 'admin', '[can status [check');
INSERT INTO `scan_rule` VALUES ('64', 'download', null, '8', '0', 'admin', 'download');
INSERT INTO `scan_rule` VALUES ('65', 'search', 'search find', '1,3,4,5,7,19', '0', 'admin', 'search find');
INSERT INTO `scan_rule` VALUES ('66', 'calculate', null, '1,4,5,6,7', '0', 'admin', 'calc - can');
INSERT INTO `scan_rule` VALUES ('67', 'submitorder', 'price amount', '11,19,20', '0', 'admin', 'multipleorder singleorder');
INSERT INTO `scan_rule` VALUES ('68', 'createorder', 'price amount', '11,19,20', '0', 'admin', 'create + order]');
INSERT INTO `scan_rule` VALUES ('69', 'select', null, '10,19', '0', 'admin', 'select - banner');
INSERT INTO `scan_rule` VALUES ('70', 'delete', null, '5,10', '0', 'admin', 'delete');
INSERT INTO `scan_rule` VALUES ('71', 'get_login_token', null, '12,20', '0', 'admin', 'get + token - status');
INSERT INTO `scan_rule` VALUES ('72', 'count', null, '5,7', '0', 'admin', 'count - account');
INSERT INTO `scan_rule` VALUES ('73', 'price', 'price', '20', '0', 'admin', null);
INSERT INTO `scan_rule` VALUES ('74', 'withdraw', null, '10,11,20', '0', 'admin', 'withdraw');
INSERT INTO `scan_rule` VALUES ('75', 'get_page', null, '1,3,4,5,6,7,8,9,10,12,13', '0', 'admin', 'getnotice getbanner getcustomerserviceurl');
INSERT INTO `scan_rule` VALUES ('76', 'method_connect', null, '0', '0', 'admin', null);
INSERT INTO `scan_rule` VALUES ('77', 'method_options', null, '0', '0', 'admin', null);
2.3rabbitmq安装
1).地址
https://www.rabbitmq.com/releases/
https://www.rabbitmq.com/releases/rabbitmq-server下载rabbitmq-server-.noarch.rpm
https://www.rabbitmq.com/releases/erlang/下载 erlang rabbitmq-server的rpm包【如下图:
】
2).安装:
rpm -ivh erlang-****.rpm(或者yum install erlang)
rpm -ivh rabbitmq-server-3.6.15-1.el6.noarch.rpm(需先安装yum install socat)
3).启动服务
service rabbitmq-server start
4).配置rabbitmq:
①创建用户: rabbitmqctl add_user sectest password
②授权:rabbitmqctl set_permissions -p "/" sectest '.*' '.*' '.*'
③角色:rabbitmqctl set_user_tags sectest administrator
④启动管理控制台:rabbitmq-plugins enable rabbitmq_management
- 管理后台访问http://{服务器ip}:15672/ 【如:http://192.168.25.40:15672/】
2.4redis安装:
1).下载安装包
http://download.redis.io/releases/redis-*.tar.gz
2).解压配置
①tar -zxvf redis-*.tar.gz
②mv redis-5.0.0 /usr/local/ 【//把redis-5.0.0移动到/usr/local/ 目录下】
③yum install gcc-c++【由于redis是由C语言编写的,它的运行需要C环境,因此我们需要先安装gcc。】
④cd /usr/local/redis-5.0.0/
⑤make 【//对解压后的文件进行编译】
⑥cd ./src 【//进入到 redis-5.0.0/src 文件目录下】
⑦make install 【//进行redis安装】
⑧如下几个图修改redis.conf文件:
⑨cd /usr/local/redis-5.0.5/src
启动服务./redis-server /usr/local/redis-5.0.5/redis.conf
⑩测试redis链接:
cd /usr/local/redis-5.0.5/src
【可以用redis desktop manage工具测试链接,如果链接不上:
参考https://blog.****.net/boyheroes/article/details/85004031
ps aux|grep redis|grep -v grep
kill -9 xxxx
重启src/redis-server redis.conf】
2.5nginx安装:
1).安装依赖
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel【或者下载地址: http://nginx.org/en/download.html,安装过程中需要的包可以参考https://www.cnblogs.com/wyd168/p/6636529.html
】
2).下载nginx安装包:
tar -zxvf nginx-*.tar.gz
cd nginx-*
./configure --prefix=/usr/local/nginx
3).安装配置
make && make install
修改配置:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name 0.0.0.0;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /www/web/;# 注:-----------放代码的文件夹目录
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
server { # 这个server标识我要配置了
listen 8080; # 我要监听那个端口
server_name 0.0.0.0; # 你访问的路径前面的url名称
access_log /var/log/nginx/sectest_access.log; # Nginx日志配置
error_log /var/log/nginx/sectest_error.log;
charset utf-8; # Nginx编码
client_max_body_size 75M;
# 指定项目路径uwsgi
location / { #
include uwsgi_params; # 导入一个Nginx模块他是用来和uWSGI进行通讯的
uwsgi_connect_timeout 2; # 设置连接uWSGI超时时间
uwsgi_pass 127.0.0.1:8082; #本机ip端口号与sectest_uwsgi.ini中的必须一致
}
}
}
创建两个文件【用于存放日志】:
touch /var/log/nginx/sectest_error.log
touch /var/log/nginx/sectest_access.log
4).启动服务:
cd /usr/local/nginx/sbin
./nginx -c /usr/local/nginx/conf/nginx.conf
【如果端口被占用,使用netstat -antp|grep 8080查看被谁占用,修改server中listen端口号。如果CentOS防火墙未关闭可以使用:查看firewall服务状态 systemctl status firewalld 。执行systemctl stop firewalld.service,停止系统中的firewall服务,systemctl disable firewalld.service ,禁止firewall开机启动.】
5.启动后访问以下ip查看是否启动成功!
以上环境搭建完毕!
2.6项目代码部署:
1).前端h5部署【/usr/local/nginx/html/static】
npm run build #进行打包到dist目录下将文件拷贝上传到nginx 目录下
【需要修改配置hook.js中src='http://192.168.25.40:8081/ip端口
,env.js中prod{apiPrefix: 'http://192.168.25.40:8081'}ip端口】
2).后端部署
【开发完后续事宜及部署方法:
开发完后,若数据库有改动,需要修改trafficmanager及jobmanager项目下secmodel/sectest/models.py对应的表models】
- 修改sectest_uwsgi.ini中的目录地址要与nginx中uwsgi_pass配置端口一致【sectest_uwsgi.ini文件中chdir =
/project/sectest/绝对路径,例如/sec/dxw/py-autotest-sectest-console/ sectest/,注意module参数配置,restart.sh中路径配置要一致,以及restart.sh中日志路径配置。需要注意:nginx.conf中配置信息修改
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:9090; //必须和uwsgi中的设置一致
uwsgi_param UWSGI_SCRIPT demosite.wsgi; //入口文件,即wsgi.py相对于项目根目录的位置,“.”相当于一层目录
uwsgi_param UWSGI_CHDIR /demosite; //项目根目录
index index.html index.htm;
client_max_body_size 35m;
}
】
- 需要修改 mysql,rabbitmq,redis参数配置
在sectest项目下sectest/settings.py 文件中对应的配置信息:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'sectest',
'USER': 'root',
'PASSWORD': '123456',
'HOST': '10.40.20.62',
'PORT': '3306',
}
}
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://127.0.0.1:6379",
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD":"123456",
}
}
}
MQCONF = {"mqhost": "192.168.25.165",
"mqaccount": "sectest",
"mqpassword": "password"}
③修改 secproxy、trafficmanager、jobmanager、jobexcute中 conf录下conf.json或BaseConf.json中的mq配置信息
④修改trafficmanager,jobmanager项目下 secmodel/secmodel/settings.py 下的mysql配置信息
⑤cd 到各个项目的目录 ./restart.sh