后台API
漏洞扫描
使用 kscan 进行漏洞扫描。
创建任务
URI: /vulscan
请求方法: POST
参数列表:
| 参数 |
必选 |
描述 |
| url |
Yes |
|
| scan_type |
NO |
[URL|LOG], 扫描类型(目前只支持URL类型扫描)。默认URL |
| withoutspider |
NO |
[true|false], 是否启用爬虫,默认true |
| scan_mode |
NO |
[normal|fast], 扫描模式,普通扫描(全部插件)或快速扫描(后期整理一份精简的扫描插件列表以提高扫描速度),默认normal。 |
| cookie |
NO |
string ,Cookie,默认为空 |
| csrftoken |
NO |
string, CSRF Token, 默认为空 |
| headers |
NO |
string, 自定义请求头,默认为空 |
| agent |
NO |
string, 自定义User-Agent |
| delay |
NO |
int ,扫描任务中每两个扫描请求之间的延时,默认0 |
| spider_max_page |
NO |
int, 爬虫最大爬取页面,默认1000 |
| spider_depth |
NO |
int, 爬虫最大爬取层数,默认3 |
响应: 成功创建则返回任务ID。
示例:
| curl -XPOST 'http://10.8.250.222:5000/vulscan' -d 'url=http://localhost/yunaq/&cookie=aaa%3dbbbbb'
{
"code": 0,
"msg": "Crate vulscan task success.",
"task_id": "b9e83459-c01c-4413-9bf6-a2025d920bf7"
}
|
查询任务
URI: /vulscan/$task_id
请求方法: GET
参数: task_id
响应: 任务完成后,返回相关数据。
示例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| curl 'http://10.8.250.222:5000/vulscan/31b35f81-aa78-4243-af6b-de0fb83a863d'
{
"code": 0,
"task_id": "31b35f81-aa78-4243-af6b-de0fb83a863d",
"status": "done",
"data": {
"info": {},
"statistics": {
"files": 1,
"exact_file_type": {},
"waf": [],
"filetype": {},
"siteattrs": {
"dbms": [],
"os_path": [],
"hardware": [],
"webserver": [],
"vcs": [],
"tech": [
{
"version": [
"1.11.2.3"
],
"name": [
"OpenResty"
]
}
],
"os": []
},
"forms": {
"forms": [],
"hidden_param": []
},
...
|
取消任务
URI: /vulscan/$task_id
请求方法: DELETE
响应: 返回是否取消成功。
资产探测
端口扫描
雷达使用的zmap不适于对一台主机的所有端口进行探测,于是将zmap扫描的部分替换成了masscan (TCP扫描所有端口)和nmap (扫描指定的UDP端口),再使用雷达项目中的x-fingerprint和nbanner获取端口开放的服务。
创建任务
URI: /assetsdiscover/portscan
请求方法: POST
参数: ip
响应: 创建任务是否成功。
示例:
| curl -XPOST 'http://10.8.250.222:5000/assetsdiscover/portscan' -d 'ip=222.211.162.121'
{
"code": 0,
"msg": "Crate Port Scan task success."
}
|
查询任务
URI: /assetsdiscover/portscan/$ip
请求方法: GET
参数: ip
响应: IP的开放的端口信息。
示例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| curl 'http://10.8.250.222:5000/assetsdiscover/portscan/222.211.162.121'
{
"code": 0,
"ip": "222.211.162.121",
"data": [
{
"reason": "syn-ack",
"port": 5938,
"proto": "tcp"
},
{
"service": "http",
"proto": "tcp",
"server": "",
"raw": "HTTP/1.0=20400=20Bad=20Request=0D=0A=0D=0AClient=20sent=20an=20HTTP=20request=20to=20an=20HTTPS=20server.=0A",
"reason": "syn-ack",
"version": "",
"port": 2333
},
{
"service": "http",
"proto": "tcp",
"server": "OpenResty web app server",
"raw": "HTTP/1.1=20400=20Bad=20Request=0D=0AServer:=20openresty/1.13.6.2=0D=0ADate:=20Wed,=2008=20Jan=202020=2007:17:27=20GMT=0D=0AContent-Type:=20text/html;=20charset=3Dutf-8=0D=0AContent-Length:=20277=0D=0AConnection:=20close=0D=0A=0D=0A<html>=0D=0A<head><title>400=20The=20plain=20HTTP=20request=20was=20sent=20to=20HTTPS=20port</title></head>=0D=0A<body=20bgcolor=3D\"white\">=0D=0A<center><h1>400=20Bad=20Request</h1></center>=0D=0A<center>The=20plain=20HTTP=20request=20was=20sent=20to=20HTTPS=20port</center>=0D=0A<hr><center>openresty/1.13.6.2</center>=0D=0A</body>=0D=0A</html>=0D=0A",
"reason": "syn-ack",
"version": "1.13.6.2",
"port": 4442
}
]
}
|
IP反查域名
数据来自于 dns.aizhan.com 。
创建任务
URI: /assetsdiscover/ip2domain
请求方法: POST
参数: ip
响应: 创建任务是否成功。
示例:
| curl -XPOST 'http://10.8.250.222:5000/assetsdiscover/ip2domain' -d 'ip=122.228.238.109'
{
"code": 0,
"msg": "Crate IP2Domain task success."
}
|
查询任务
URI: /assetsdiscover/ip2domain/$ip
请求方法: GET
参数: ip
响应: 返回解析到此IP的域名信息。
示例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| curl 'http://10.8.250.222:5000/assetsdiscover/ip2domain/122.228.238.109'
{
"code": 0,
"ip": "122.228.238.109",
"data": [
{
"domain": "www.knownsec.com",
"title": "\u77e5\u9053\u521b\u5b87"
},
{
"domain": "www.jiasule.com",
"title": "\u77e5\u9053\u521b\u5b87\u4e91\u5b89\u5168|\u9632DDoS\u653b\u51fb_\u9632CC\u653b\u51fb_\u514d\u8d39CDN\u52a0\u901f_\u7f51\u7ad9\u52a0\u901f_\u9ad8\u9632DNS_\u52a0\u901f\u4e50"
},
{
"domain": "piyao.anquan.org",
"title": "\u9996\u9875-\u5b89\u5168\u8054\u76df\u8f9f\u8c23\u5e73\u53f0"
}
]
}
|
子域名探测
使用Github 开源项目OneForAll进行探测。
创建任务
URI: /assetsdiscover/subdomaindiscover
请求方法: POST
参数: domain (根域名)
响应: 创建任务是否成功。
示例:
| curl -XPOST 'http://10.8.250.222:5000/assetsdiscover/subdomaindiscover' -d 'domain=yunaq.com'
{
"code": 0,
"msg": "Crate SubDomainDiscover task success."
}
|
查询任务
URI: /assetsdiscover/subdomaindiscover/$domain
请求方法: GET
参数: domain
响应: 返回获取到的子域名信息。
示例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
| curl 'http://10.8.250.222:5000/assetsdiscover/subdomaindiscover/yunaq.com'
{
"code": 0,
"domain": "yunaq.com",
"data": [
{
"host": "yunaq.com",
"point": "117.23.61.248"
},
{
"host": "m.yunaq.com",
"point": "117.23.61.248"
},
{
"host": "jk.yunaq.com",
"point": "117.23.61.248"
},
{
"host": "bbs.yunaq.com",
"point": "122.228.238.112"
},
{
"host": "xinyong.yunaq.com",
"point": "122.228.238.112"
},
{
"host": "www.yunaq.com",
"point": "117.23.61.248"
},
{
"host": "scanv.yunaq.com",
"point": "113.107.238.195"
},
{
"host": "qixincha.yunaq.com",
"point": "111.230.190.14"
},
{
"host": "console.yunaq.com",
"point": "113.107.238.195"
},
{
"host": "sec.yunaq.com",
"point": "122.228.238.112"
},
{
"host": "v.yunaq.com",
"point": "117.23.61.248"
},
{
"host": "aqyzht.yunaq.com",
"point": "111.230.190.14"
},
{
"host": "hunter.yunaq.com",
"point": "117.23.61.248"
},
{
"host": "sso.yunaq.com",
"point": "122.228.238.109"
},
{
"host": "aqyzmedia.yunaq.com",
"point": "113.107.238.195"
},
{
"host": "aqyzapi.yunaq.com",
"point": "-"
},
{
"host": "aqyz.yunaq.com",
"point": "123.207.104.199"
},
{
"host": "a.yunaq.com",
"point": "123.125.242.137"
},
{
"host": "help.yunaq.com",
"point": "117.23.61.248"
},
{
"host": "pinpaibao.yunaq.com",
"point": "106.42.25.217"
},
{
"host": "a4a23a76876c533cedf8a76ea12c9dca.gac.yunaq.com",
"point": "122.228.238.109"
},
{
"host": "safe-par.yunaq.com",
"point": "123.125.242.137"
},
{
"host": "static.yunaq.com",
"point": "106.42.25.217"
},
{
"host": "www.m.yunaq.com",
"point": "-"
},
{
"host": "agent.yunaq.com",
"point": "117.23.61.248"
},
{
"host": "mxinyong.yunaq.com",
"point": "122.228.238.109"
},
{
"host": "c6.yunaq.com",
"point": "d6ce78030cd57325.c6.aqyun.com."
},
{
"host": "wx.yunaq.com",
"point": "113.107.238.195"
},
{
"host": "defense.yunaq.com",
"point": "122.228.238.112"
},
{
"host": "webshentou.yunaq.com",
"point": "122.228.238.109"
}
]
}
|
配置检查
是否接入创宇盾
URI: /siteconfigcheck/iscyd/$domian
请求方法: GET
参数: domian(子域名)
响应: ture=已接入,falase=未接入。
示例:
| curl 'http://10.8.250.222:5000/siteconfigcheck/iscyd/www.365cyd.com'
{
"code": 0,
"iscyd": true
}
|
源站是否进行访问限制(只允许创宇盾节点访问)
源站限制一般有两种方式:
- 使用iptables或其他防火墙直接阻断SRCIP为非创宇盾节点的访问。
- 使用Nginx、Apache等WEB容器配置IP白名单,只允许白名单内的IP进行访问,非白名单内的IP返回403。
此API实现的方式为访问源站不存在的页面,若返回非403页面则表明源站可以直接访问。
对于源站返回的403,需要与通过创宇盾节点访问的响应状态码进行对比,若创宇盾返回非403,则表明源站配置了访问限制。
URI: /siteconfigcheck/originsitecheck
请求方法: POST
参数列表
| 参数 |
必选 |
描述 |
| domain |
Yes |
string,域名 |
| ip |
NO |
string, 源站IP地址。如果不传此参数,将使用API查询源站IP |
| schema |
NO |
[http|https], 协议, schema与port必须同时传递。如果不传将同时尝试访问源站https(443),http(80) |
| port |
NO |
int, 端口。 |
响应: limited=ture: 已限制,falase: 未限制。
示例:
| curl 'http://10.8.250.222:5000/siteconfigcheck/originsitecheck' -d 'domain=www.scg.com.cn'
{
"code": 0,
"limited": true,
"msg": "Great!"
}
|
SSL信息
查询网站HTTPS证书信息。
URI: /siteconfigcheck/originsitecheck
请求方法: POST
参数列表
| 参数 |
必选 |
描述 |
| domain |
Yes |
string, 主机名 |
| port |
NO |
int, 端口。 |
响应: 支持的协议类型、存在的漏洞、SSL证书过期时间等。
示例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| curl 'http://10.8.250.222:5000/siteconfigcheck/sslcheck' -d 'host=www.365cyd.com'
{
"code": 0,
"msg": "Success",
"host": "www.365cyd.com",
"port": 443,
"data": {
"protocol": {
"SSLv2.0": false,
"SSLv3.0": false,
"TLSv1.0": true,
"TLSv1.1": true,
"TLSv1.2": true
},
"vulnerabilities": {
"Heartbleed": false,
"Crime": false,
"Downgrade": false,
"Poodle": false,
"RC4": false,
"Beast": true,
"CCS Injection": false,
"Drown": false,
"Freak": false,
"Logjam": false
},
"cert_info": {
"issuer": "Sectigo RSA Domain Validation Secure Server CA",
"subject": "*.365cyd.com",
"not_valid_after": 1594166399,
"not_valid_before": 1562544000
}
}
}
|