baidu-security / openrasp-iast Goto Github PK
View Code? Open in Web Editor NEWIAST 灰盒扫描工具
License: Apache License 2.0
openrasp-iast's People
Contributors
Stargazers
Watchers
Forkers
rtsjx123 benhe119 a1kaid yizhimanpadewoniu noshenxian ziqi521 istoliving flywithoutwings aohanhongzhi dennyx grayguest huangyuan666 sherwel attackgithub threatintel-c march0 hanjian007 lengyun112233 exi1sh0w ze4lfrog 1u0hun l3ngd0n b0han711 cx2810 xysh90hou kenuoseclab ldy-smile skysliently chushuai r00tak47 02bx venscor kafkawan littleji 1337g webvul rongqinglee kakakpy tallyouth phoebusliang dskho ruanjian668 kilomaster fuckgitb iast-s harry1080 aerfa21 whoami001 l0kiii heartsleep ddpang jeromeyoung zwunix xiaoruiguo chgitcrazy medasz ruanyr xiaoqin00 485653 chennqqi ckevens neothecapt xzhdream lvxi0605 kaizhiyu wangsz05 13e713e7 byc4i tempbottle g3g4x5x6 crackercat bgrstar exploit-3389 msr00t nishikinor jaygith jk1ng philip502 xizhimen hexmile lfsadamn n1ko61 qqewwblur1 huitail6openrasp-iast's Issues
docker直接启动无法访问
进入rasp-cloud容易看了下,发现conf文件里配置的80端端口,不是8086,应该是copy conf文件build的时候失败了么,会有这种情况么。我在云主机上直接docker-compose up -d 也无法使用。
IAST灰盒扫描扫不出XSS漏洞,是否需要自行添加xss的hook
启动iast灰盒扫描工具后,管理台上面看只有命令执行、任意文件读取、任意文件写入、SQL注入4种漏洞,无法扫出其他漏洞。
从openrasp-iast的Preprocessor.log日志中看出hook_info获取为空。
日志如下:"querystring": "password=&username=&BenchmarkTest02578=SafeText", "url": "https://localhost:8443/benchmark/xss-05/BenchmarkTest02578", "method": "get",
"path": "/benchmark/xss-05/BenchmarkTest02578"}, "hook_info": [], "plugin_version": "2019-1220-1800"}
若想扫出xss漏洞是否需要自行添加XSS hook、新增编写xss_userinput_basic.py插件?
IAST docker-compose Build failed.
Hi Supporter
we are installing IAST node in my test system, installing script return error, would you please help to give me advise ?
Thanks and Best Regards
'''root@openrasp:/opt/openrasp-iast-master/docker/iast-cloud# docker-compose up
Building rasp-cloud
[+] Building 3.8s (7/12)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 658B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/debian:stretch-slim 2.2s
=> [1/8] FROM docker.io/library/debian:stretch-slim@sha256:abaa313c7e1dfe16069a1a42fa254014780f165d4fd084844602edbe2 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 122B 0.0s
=> CACHED [2/8] COPY sources.list /etc/apt/sources.list 0.0s
=> ERROR [3/8] RUN apt-get update && apt-get install -y wget curl procps 1.6s
[3/8] RUN apt-get update && apt-get install -y wget curl procps:
#0 0.265 Ign:1 http://mirrors.ustc.edu.cn/debian stretch InRelease
#0 0.296 Ign:2 http://mirrors.ustc.edu.cn/debian-security stretch/updates InRelease
#0 0.323 Ign:3 http://mirrors.ustc.edu.cn/debian stretch-updates InRelease
#0 0.355 Ign:4 http://mirrors.ustc.edu.cn/debian stretch Release
#0 0.386 Ign:5 http://mirrors.ustc.edu.cn/debian-security stretch/updates Release
#0 0.417 Ign:6 http://mirrors.ustc.edu.cn/debian stretch-updates Release
#0 0.445 Ign:7 http://mirrors.ustc.edu.cn/debian stretch/main all Packages
#0 0.475 Ign:8 http://mirrors.ustc.edu.cn/debian stretch/main amd64 Packages
#0 0.503 Ign:9 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main all Packages
#0 0.531 Ign:10 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main amd64 Packages
#0 0.562 Ign:11 http://mirrors.ustc.edu.cn/debian stretch-updates/main amd64 Packages
#0 0.592 Ign:12 http://mirrors.ustc.edu.cn/debian stretch-updates/main all Packages
#0 0.625 Ign:7 http://mirrors.ustc.edu.cn/debian stretch/main all Packages
#0 0.653 Ign:8 http://mirrors.ustc.edu.cn/debian stretch/main amd64 Packages
#0 0.684 Ign:9 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main all Packages
#0 0.712 Ign:10 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main amd64 Packages
#0 0.740 Ign:11 http://mirrors.ustc.edu.cn/debian stretch-updates/main amd64 Packages
#0 0.770 Ign:12 http://mirrors.ustc.edu.cn/debian stretch-updates/main all Packages
#0 0.803 Ign:7 http://mirrors.ustc.edu.cn/debian stretch/main all Packages
#0 0.830 Ign:8 http://mirrors.ustc.edu.cn/debian stretch/main amd64 Packages
#0 0.858 Ign:9 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main all Packages
#0 0.887 Ign:10 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main amd64 Packages
#0 0.915 Ign:11 http://mirrors.ustc.edu.cn/debian stretch-updates/main amd64 Packages
#0 0.943 Ign:12 http://mirrors.ustc.edu.cn/debian stretch-updates/main all Packages
#0 0.974 Ign:7 http://mirrors.ustc.edu.cn/debian stretch/main all Packages
#0 1.006 Ign:8 http://mirrors.ustc.edu.cn/debian stretch/main amd64 Packages
#0 1.034 Ign:9 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main all Packages
#0 1.065 Ign:10 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main amd64 Packages
#0 1.096 Ign:11 http://mirrors.ustc.edu.cn/debian stretch-updates/main amd64 Packages
#0 1.125 Ign:12 http://mirrors.ustc.edu.cn/debian stretch-updates/main all Packages
#0 1.155 Ign:7 http://mirrors.ustc.edu.cn/debian stretch/main all Packages
#0 1.186 Ign:8 http://mirrors.ustc.edu.cn/debian stretch/main amd64 Packages
#0 1.214 Ign:9 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main all Packages
#0 1.245 Ign:10 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main amd64 Packages
#0 1.274 Ign:11 http://mirrors.ustc.edu.cn/debian stretch-updates/main amd64 Packages
#0 1.305 Ign:12 http://mirrors.ustc.edu.cn/debian stretch-updates/main all Packages
#0 1.333 Ign:7 http://mirrors.ustc.edu.cn/debian stretch/main all Packages
#0 1.365 Err:8 http://mirrors.ustc.edu.cn/debian stretch/main amd64 Packages
#0 1.365 SECURITY: URL redirect target contains control characters, rejecting.
#0 1.392 Ign:9 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main all Packages
#0 1.421 Err:10 http://mirrors.ustc.edu.cn/debian-security stretch/updates/main amd64 Packages
#0 1.421 SECURITY: URL redirect target contains control characters, rejecting.
#0 1.450 Err:11 http://mirrors.ustc.edu.cn/debian stretch-updates/main amd64 Packages
#0 1.450 SECURITY: URL redirect target contains control characters, rejecting.
#0 1.481 Ign:12 http://mirrors.ustc.edu.cn/debian stretch-updates/main all Packages
#0 1.484 Reading package lists...
#0 1.491 W: The repository 'http://mirrors.ustc.edu.cn/debian stretch Release' does not have a Release file.
#0 1.491 W: The repository 'http://mirrors.ustc.edu.cn/debian-security stretch/updates Release' does not have a Release file.
#0 1.491 W: The repository 'http://mirrors.ustc.edu.cn/debian stretch-updates Release' does not have a Release file.
#0 1.491 E: Failed to fetch http://mirrors.ustc.edu.cn/debian/dists/stretch/main/binary-amd64/Packages SECURITY: URL redirect target contains control characters, rejecting.
#0 1.491 E: Failed to fetch http://mirrors.ustc.edu.cn/debian-security/dists/stretch/updates/main/binary-amd64/Packages SECURITY: URL redirect target contains control characters, rejecting.
#0 1.491 E: Failed to fetch http://mirrors.ustc.edu.cn/debian/dists/stretch-updates/main/binary-amd64/Packages SECURITY: URL redirect target contains control characters, rejecting.
#0 1.491 E: Some index files failed to download. They have been ignored, or old ones used instead.
Dockerfile:9
8 |
9 | >>> RUN apt-get update &&
10 | >>> apt-get install -y wget curl procps
11 |
ERROR: failed to solve: process "/bin/sh -c apt-get update && apt-get install -y wget curl procps" did not complete successfully: exit code: 100
ERROR: Service 'rasp-cloud' failed to build : Build failed
'''
elasticsearch 组件无法启动
docker version
Client: Docker Engine - Community
Version: 19.03.1
API version: 1.40
Go version: go1.12.5
Git commit: 74b1e89e8a
Built: Thu Jul 25 21:21:35 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.1
API version: 1.40 (minimum version 1.12)
Go version: go1.12.5
Git commit: 74b1e89e8a
Built: Thu Jul 25 21:20:09 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.6
GitCommit: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc:
Version: 1.0.0-rc8
GitCommit: 425e105d5a03fabd737a126ad93d62a9eeede87f
docker-init:
Version: 0.18.0
GitCommit: fec3683
docker-compose version
docker-compose version 1.24.1, build 4667896
docker-py version: 3.7.3
CPython version: 2.7.12
OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016
java进程没起来
E: Package 'mysql-server' has no installation candidate
Building apache-php7.2
Step 1/13 : FROM php:7.2-apache
---> daddc1037fdf
Step 2/13 : LABEL MAINTAINER "OpenRASP [email protected]"
---> Using cache
---> 3efccf26469e
Step 3/13 : ARG RASP_VERSION
---> Using cache
---> 772c8b71f7da
Step 4/13 : RUN apt-get update && apt-get install -y wget unzip libpng-dev mysql-server
---> Running in 924ecce0eddc
Get:1 http://security-cdn.debian.org/debian-security buster/updates InRelease [39.1 kB]
Get:2 http://cdn-fastly.deb.debian.org/debian buster InRelease [122 kB]
Get:4 http://security-cdn.debian.org/debian-security buster/updates/main amd64 Packages [99.7 kB]
Get:3 http://cdn-fastly.deb.debian.org/debian buster-updates InRelease [49.3 kB]
Get:5 http://cdn-fastly.deb.debian.org/debian buster/main amd64 Packages [7899 kB]
Get:6 http://cdn-fastly.deb.debian.org/debian buster-updates/main amd64 Packages [5792 B]
Fetched 8214 kB in 19s (433 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Package mysql-server is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'mysql-server' has no installation candidate
ERROR: Service 'apache-php7.2' failed to build: The command '/bin/sh -c apt-get update && apt-get install -y wget unzip libpng-dev mysql-server' returned a non-zero code: 100
How do I deploy to kubernetes ?
How do I deploy to kubernetes ?
psutil5.6.3存在CVE漏洞
requirements中psutil使用的是5.6.3,其中存在CVE-2019-18874,在5.6.6版本修复,建议升级,参考链接:https://nvd.nist.gov/vuln/detail/CVE-2019-18874
pipe 会不会有类似粘连包的情况?
表名位置处的注入无法检测
ELECT * FROM '1234 1234 这里存在注入的时候无法检测。
Notice: sqlfetch called on invalid query resource. The most likely cause is an invalid sqlquery call. Last error returned was: Table 'dvwa.'1234' doesn't exist in query — SELECT * FROM '1234 WHERE id = '123' in /var/www/html/core/inc/bigtree/sql.php on line 158
python版本
不支持python3.6.8嘛?目前支持python得最高版本是多少呀?
Joel webgoat
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.