-
Notifications
You must be signed in to change notification settings - Fork 137
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit a589d47
Showing
1,722 changed files
with
216,206 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| .idea | ||
| __pycache__/ | ||
| __pycache__ | ||
| config.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,113 @@ | ||
| <div align=center> | ||
| <img src="docs/images/favicon.ico"/> | ||
| </div> | ||
|
|
||
| 中文 | [English](./README_EN.md) | ||
|
|
||
| ## 网址 | ||
|
|
||
| - 官网:[https://www.scope-sentry.top](https://www.scope-sentry.top) | ||
| - Github: [https://github.com/Autumn-27/ScopeSentry](https://github.com/Autumn-27/ScopeSentry) | ||
| - 扫描端源码:[https://github.com/Autumn-27/ScopeSentry-Scan](https://github.com/Autumn-27/ScopeSentry-Scan) | ||
|
|
||
| ## 介绍 | ||
| Scope Sentry是一款具有资产测绘、子域名枚举、信息泄露检测、漏洞扫描、目录扫描、子域名接管、爬虫、页面监控功能的工具,通过构建多个节点,自由选择节点运行扫描任务。当出现新漏洞时可以快速排查关注资产是否存在相关组件。 | ||
|
|
||
|
|
||
|
|
||
| ## 目前功能 | ||
| - 子域名枚举 | ||
| - 子域名接管检测 | ||
| - 端口扫描 | ||
| - 资产识别 | ||
| - 目录扫描 | ||
| - 漏洞扫描 | ||
| - 敏感信息泄露检测 | ||
| - URL提取 | ||
| - 爬虫 | ||
| - 页面监控 | ||
| - 自定义WEB指纹 | ||
| - POC导入 | ||
| - 资产分组 | ||
| - 多节点扫描 | ||
| - webhook | ||
|
|
||
| ## To DO | ||
| - 插件系统 | ||
| - 弱口令爆破 | ||
| - 数据清洗 | ||
| - 数据共享? | ||
| - ~ | ||
|
|
||
| ## 安装 | ||
|
|
||
| 安装教程见[官网](https://www.scope-sentry.top) | ||
|
|
||
| ## 交流 | ||
|
|
||
| Discord: | ||
|
|
||
| [https://discord.gg/agsYdAyN](https://discord.gg/agsYdAyN) | ||
|
|
||
| QQ: | ||
|
|
||
| <img src="docs/images/qq.png" alt="QQ" width="200"/> | ||
|
|
||
| WX: | ||
|
|
||
| <img src="docs/images/wx.png" alt="WX" width="200"/> | ||
|
|
||
| ## 截图 | ||
|
|
||
| ### 登录 | ||
|
|
||
|  | ||
|
|
||
| ### 首页面板 | ||
|  | ||
|
|
||
| ## 资产数据 | ||
| ### 资产 | ||
|  | ||
|
|
||
| ### 子域名 | ||
|  | ||
|
|
||
| ### 子域名接管 | ||
|  | ||
|
|
||
| ### URL | ||
|  | ||
|
|
||
| ### 爬虫 | ||
|  | ||
|
|
||
| ### 敏感信息 | ||
|  | ||
|
|
||
| ### 目录扫描 | ||
|  | ||
|
|
||
| ### 漏洞 | ||
|  | ||
|
|
||
| ### 页面监控 | ||
|  | ||
|
|
||
| ## 项目 | ||
|
|
||
|  | ||
|
|
||
| ## 任务 | ||
|
|
||
|  | ||
|
|
||
| ## 任务进度 | ||
|
|
||
|  | ||
|
|
||
| ## 节点 | ||
|
|
||
|  | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,101 @@ | ||
| <div align=center> | ||
| <img src="docs/images/favicon.ico"/> | ||
| </div> | ||
|
|
||
|
|
||
| ## Website | ||
|
|
||
| - Official Website: [https://www.scope-sentry.top](https://www.scope-sentry.top) | ||
| - Github: [https://github.com/Autumn-27/ScopeSentry](https://github.com/Autumn-27/ScopeSentry) | ||
| - Scanner source code: [https://github.com/Autumn-27/ScopeSentry-Scan](https://github.com/Autumn-27/ScopeSentry-Scan) | ||
|
|
||
| ## Introduction | ||
| Scope Sentry is a tool with functions such as asset mapping, subdomain enumeration, information leakage detection, vulnerability scanning, directory scanning, subdomain takeover, crawler, and page monitoring. By building multiple nodes, users can freely choose nodes to run scanning tasks. When new vulnerabilities emerge, it can quickly check whether the concerned assets have related components. | ||
|
|
||
| ## Current Features | ||
| - Subdomain Enumeration | ||
| - Subdomain Takeover Detection | ||
| - Port Scanning | ||
| - Asset Identification | ||
| - Directory Scanning | ||
| - Vulnerability Scanning | ||
| - Sensitive Information Leakage Detection | ||
| - URL Extraction | ||
| - Crawler | ||
| - Page Monitoring | ||
| - Custom WEB Fingerprint | ||
| - POC Import | ||
| - Asset Grouping | ||
| - Multi-Node Scanning | ||
| - Webhook | ||
|
|
||
| ## To Do | ||
| - Plugin System | ||
| - Weak Password Cracking | ||
| - Data Cleaning | ||
| - Data Sharing? | ||
| - ~ | ||
| ## Installation | ||
|
|
||
| For installation instructions, see the [official website](https://www.scope-sentry.top) | ||
|
|
||
| ## Communication | ||
|
|
||
| Discord: | ||
|
|
||
| [https://discord.gg/agsYdAyN](https://discord.gg/agsYdAyN) | ||
|
|
||
|
|
||
| ## Screenshots | ||
|
|
||
| ### Login | ||
|
|
||
|  | ||
|
|
||
| ### Homepage Dashboard | ||
|  | ||
|
|
||
| ## Asset Data | ||
| ### Assets | ||
|  | ||
|
|
||
| ### Subdomains | ||
|  | ||
|
|
||
| ### Subdomain Takeover | ||
|  | ||
|
|
||
| ### URL | ||
|  | ||
|
|
||
| ### Crawler | ||
|  | ||
|
|
||
| ### Sensitive Information | ||
|  | ||
|
|
||
| ### Directory Scanning | ||
|  | ||
|
|
||
| ### Vulnerabilities | ||
|  | ||
|
|
||
| ### Page Monitoring | ||
|  | ||
|
|
||
| ## Projects | ||
|
|
||
|  | ||
|
|
||
| ## Tasks | ||
|
|
||
|  | ||
|
|
||
| ## Task Progress | ||
|
|
||
|  | ||
|
|
||
| ## Nodes | ||
|
|
||
|  | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| # ------------------------------------- | ||
| # @file : SubdoaminTaker.py | ||
| # @author : Autumn | ||
| # @contact : rainy-autumn@outlook.com | ||
| # @time : 2024/4/27 15:41 | ||
| # ------------------------------------------- | ||
| from fastapi import APIRouter, Depends | ||
| from motor.motor_asyncio import AsyncIOMotorCursor | ||
| from pymongo import DESCENDING | ||
| from api.users import verify_token | ||
| from core.config import POC_LIST | ||
| from core.db import get_mongo_db | ||
| from core.util import search_to_mongodb | ||
| from loguru import logger | ||
| router = APIRouter() | ||
|
|
||
| @router.post("/subdomaintaker/data") | ||
| async def get_subdomaintaker_data(request_data: dict, db=Depends(get_mongo_db), _: dict = Depends(verify_token)): | ||
| try: | ||
| search_query = request_data.get("search", "") | ||
| page_index = request_data.get("pageIndex", 1) | ||
| page_size = request_data.get("pageSize", 10) | ||
| # MongoDB collection for SensitiveRule | ||
| # Fuzzy search based on the name field | ||
| keyword = { | ||
| 'domain': 'input', | ||
| 'value': 'value', | ||
| 'type': 'cname', | ||
| 'response': 'response', | ||
| 'project': 'project', | ||
| } | ||
| query = await search_to_mongodb(search_query, keyword) | ||
| if query == "" or query is None: | ||
| return {"message": "Search condition parsing error", "code": 500} | ||
| query = query[0] | ||
| # Get the total count of documents matching the search criteria | ||
| total_count = await db.SubdoaminTakerResult.count_documents(query) | ||
| if total_count == 0: | ||
| return { | ||
| "code": 200, | ||
| "data": { | ||
| 'list': [], | ||
| 'total': 0 | ||
| } | ||
| } | ||
| # Perform pagination query | ||
| cursor: AsyncIOMotorCursor = db.SubdoaminTakerResult.find(query).skip((page_index - 1) * page_size).limit(page_size) | ||
| result = await cursor.to_list(length=None) | ||
| # Process the result as needed | ||
| response_data = [] | ||
| for doc in result: | ||
| data = { | ||
| "host": doc["input"], | ||
| "value": doc["value"], | ||
| "type": doc["cname"], | ||
| "response": doc["response"], | ||
| } | ||
| response_data.append(data) | ||
| return { | ||
| "code": 200, | ||
| "data": { | ||
| 'list': response_data, | ||
| 'total': total_count | ||
| } | ||
| } | ||
|
|
||
| except Exception as e: | ||
| logger.error(str(e)) | ||
| # Handle exceptions as needed | ||
| return {"message": "error","code":500} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # -*- coding:utf-8 -*- | ||
| # @name: __init__.py | ||
| # @version: |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Oops, something went wrong.