fofapro / vulfocus Goto Github PK
View Code? Open in Web Editor NEW🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
License: Apache License 2.0
🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
License: Apache License 2.0
报错信息
操作系统:
内核版本:
Python 环境版本:
Vulfocus 版本:
详细报错信息或堆栈报错信息:
请简单描述一下需要改进/新增功能:
管理员删除镜像,需要停止
描述你想要的解决方案:
管理员删除镜像,需要停止,可以直接弹出提示该镜像正在运行,可以直接停止删除
补充内容:
请简单描述一下需要改进/新增功能:
Hi there Please provide CVE-2020-2555 Oracle Weblogic PoC. All pocs are related to Windows machines. In docker, you have used linux distribution.
描述你想要的解决方案:
补充内容:
请简单描述一下需要改进/新增功能:
web管理界面在拉取漏洞镜像时,总是刷新到第一页内容。需要不停的重复点击各个页面才能拉取镜像
描述你想要的解决方案:
补充内容:
请问注册怎么才能关闭?
CVE-2017-7504镜像漏洞编号错误,实测应为(CVE-2015-7501)JBoss JMXInvokerServlet 反序列化漏洞。
报错信息启动不了vulhub的docker环境
操作系统: centos7
内核版本:Linux iZuf6an 4.18.0-240.1.1.el8_3.x86_64 #1 SMP Thu Nov 19 17:20:08 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Python 环境版本:Python 2.7.17 (default, Aug 31 2020, 21:02:14)
Vulfocus 版本:0.3.2.1
详细报错信息或堆栈报错信息:
这是进入vulfocus里面的的celery.log 文件信息
root@5d10d7b11ce9:/vulfocus-api# cat celery.log
[2021-01-06 19:51:21,524: INFO/MainProcess] Connected to redis://127.0.0.1:6379/0
[2021-01-06 19:51:21,542: INFO/MainProcess] mingle: searching for neighbors
[2021-01-06 19:51:22,577: INFO/MainProcess] mingle: all alone
[2021-01-06 19:51:22,585: WARNING/MainProcess] /usr/local/lib/python3.9/site-packages/celery/fixups/django.py:202: UserWarning: Using settings.DEBUG leads to a memory
leak, never use this setting in production environments!
warnings.warn('''Using settings.DEBUG leads to a memory
[2021-01-06 19:51:22,585: INFO/MainProcess] celery@5d10d7b11ce9 ready.
[2021-01-06 19:51:38,735: INFO/MainProcess] Received task: tasks.create_image[901093e9-bd93-4b6b-8204-550c9e71d558]
[2021-01-06 19:51:38,781: INFO/MainProcess] Received task: tasks.create_image[972cfdb6-dbe8-429d-8678-da5c6e475b5b]
[2021-01-06 19:51:38,798: INFO/ForkPoolWorker-1] Task tasks.create_image[901093e9-bd93-4b6b-8204-550c9e71d558] succeeded in 0.060795475999839255s: None
[2021-01-06 19:51:38,814: INFO/MainProcess] Received task: tasks.create_image[9ef4fc14-78f5-433f-9bc5-3c858a327aa5]
[2021-01-06 19:51:38,887: INFO/ForkPoolWorker-1] Task tasks.create_image[972cfdb6-dbe8-429d-8678-da5c6e475b5b] succeeded in 0.08666778400015573s: None
[2021-01-06 19:51:38,967: INFO/ForkPoolWorker-1] Task tasks.create_image[9ef4fc14-78f5-433f-9bc5-3c858a327aa5] succeeded in 0.07816681099984635s: None
[2021-01-06 19:51:42,865: INFO/MainProcess] Received task: tasks.run_container[23a14cb2-d962-4ad7-80b8-16c5583e0099]
[2021-01-06 19:51:44,755: WARNING/ForkPoolWorker-1] 启动漏洞容器成功,任务ID:50ea7274-5850-4fc2-8847-20de15e9f953
[2021-01-06 19:51:44,783: INFO/MainProcess] Received task: tasks.stop_container[5443bcfa-27e1-4560-83c0-1e7281e818fa] ETA:[2021-01-06 12:21:44.760077+00:00]
[2021-01-06 19:51:44,785: INFO/ForkPoolWorker-1] Task tasks.run_container[23a14cb2-d962-4ad7-80b8-16c5583e0099] succeeded in 1.9188701049999963s: 'dc4c0d65-808a-4de5-8033-7e0c0c0b769a'
[2021-01-06 19:51:49,554: INFO/MainProcess] Received task: tasks.run_container[9ae7dc2f-c713-4263-be1f-f4090359f271]
[2021-01-06 19:51:49,896: ERROR/ForkPoolWorker-1] Task tasks.run_container[9ae7dc2f-c713-4263-be1f-f4090359f271] raised unexpected: APIError(HTTPError('500 Server Error: Internal Server Error for url: http+docker://localhost/v1.35/containers/f7555632a276f37ce9856745a2b22423646ef0cfd962360421449d567c632abc/start'))
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/docker/api/client.py", line 261, in _raise_for_status
response.raise_for_status()
File "/usr/local/lib/python3.9/site-packages/requests/models.py", line 943, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: http+docker://localhost/v1.35/containers/f7555632a276f37ce9856745a2b22423646ef0cfd962360421449d567c632abc/start
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/celery/app/trace.py", line 385, in trace_task
R = retval = fun(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/celery/app/trace.py", line 650, in protected_call
return self.run(*args, **kwargs)
File "/vulfocus-api/tasks/tasks.py", line 308, in run_container
docker_container = client.containers.run(image_name, ports=port_dict, detach=True)
File "/usr/local/lib/python3.9/site-packages/docker/models/containers.py", line 791, in run
container.start()
File "/usr/local/lib/python3.9/site-packages/docker/models/containers.py", line 392, in start
return self.client.api.start(self.id, **kwargs)
File "/usr/local/lib/python3.9/site-packages/docker/utils/decorators.py", line 19, in wrapped
return f(self, resource_id, *args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/docker/api/container.py", line 1091, in start
self._raise_for_status(res)
File "/usr/local/lib/python3.9/site-packages/docker/api/client.py", line 263, in _raise_for_status
raise create_api_error_from_http_exception(e)
File "/usr/local/lib/python3.9/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
raise cls(e, response=response, explanation=explanation)
docker.errors.APIError: 500 Server Error: Internal Server Error ("driver failed programming external connectivity on endpoint crazy_northcutt (87a8f419dcf1e633dae79fefa595107e6a870e0214ac65223dbe4ee75f25ad35): invalid transport protocol: 0")
建议增加靶场时长控制功能,可自定义设置靶场存活时间,存活时间可以设置为30分钟,60分,90分钟,120分钟。
有一个问题:docker环境部署的vulfocus,如何修改靶场默认的存活时间(30分钟)?
自动读取 Docker hub 厂库镜像列表并且自动提示。
前端可以加一个shell的功能,方便快速管理容器。
请简单描述一下需要改进/新增功能:
描述你想要的解决方案:
补充内容:
请简单描述一下需要改进/新增功能:
描述你想要的解决方案:
补充内容:
你好,希望增加修改描述和修改漏洞详情功能,
因为批量导入后漏洞描述不是我想要的,希望能自己修改
平台的镜像数据怎么保存到主机上。
python manage.py migrate
一直报错Traceback (most recent call last):
File "manage.py", line 21, in
main()
File "manage.py", line 17, in main
execute_from_command_line(sys.argv)
File "/usr/local/lib/python3.7/dist-packages/django/core/management/init.py", line 381, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python3.7/dist-packages/django/core/management/init.py", line 325, in execute
settings.INSTALLED_APPS
File "/usr/local/lib/python3.7/dist-packages/django/conf/init.py", line 79, in getattr
self._setup(name)
File "/usr/local/lib/python3.7/dist-packages/django/conf/init.py", line 66, in _setup
self._wrapped = Settings(settings_module)
File "/usr/local/lib/python3.7/dist-packages/django/conf/init.py", line 157, in init
mod = importlib.import_module(self.SETTINGS_MODULE)
File "/usr/lib/python3.7/importlib/init.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1006, in _gcd_import
File "", line 983, in _find_and_load
File "", line 967, in _find_and_load_unlocked
File "", line 677, in _load_unlocked
File "", line 728, in exec_module
File "", line 219, in _call_with_frames_removed
File "/home/vulhub/vulfocus-master/vulfocus-api/vulfocus/settings.py", line 157, in
if os.environ['VUL_IP']:
File "/usr/lib/python3.7/os.py", line 679, in getitem
raise KeyError(key) from None
KeyError: 'VUL_IP'
请问您这个vulfocus镜像更新了之后,我的docker拉取的镜像该怎么去更新它
请简单描述一下需要改进/新增功能:
可一键同步docker hub 仓库信息,将不存在本地的漏洞环境信息同步到本地中。
描述你想要的解决方案:
通过调用 docker hub API 接口进行获取目前docker hub 中漏洞镜像,然后与本地进行比较,扩充漏洞信息。
补充内容:
操作系统版本:CentOS Linux release 7.7.1908 (Core)
内核版本:Linux localhost.localdomain 3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
应用添加本地镜像时提示报错“服务器内部错误,请联系管理员”
跟踪docker日志,报错信息如下:
[24/Apr/2020 12:24:26] "POST /images/ HTTP/1.0" 500 22704
Starting nginx: nginx.
Watching for file changes with StatReloader
[24/Apr/2020 12:30:05] "GET /user/info HTTP/1.0" 200 179
[24/Apr/2020 12:30:05] "GET /images/?query= HTTP/1.0" 200 2
Internal Server Error: /images/
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/local/lib/python3.8/http/client.py", line 1230, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1276, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1225, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1004, in _send_output
self.send(msg)
File "/usr/local/lib/python3.8/http/client.py", line 944, in send
self.connect()
File "/usr/local/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect
sock.connect(self.unix_socket)
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 403, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python3.8/site-packages/urllib3/packages/six.py", line 734, in reraise
raise value.with_traceback(tb)
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/local/lib/python3.8/http/client.py", line 1230, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1276, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1225, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1004, in _send_output
self.send(msg)
File "/usr/local/lib/python3.8/http/client.py", line 944, in send
self.connect()
File "/usr/local/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect
sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/vulfocus-api/dockerapi/views.py", line 132, in create
image = client.images.get(image_name)
File "/usr/local/lib/python3.8/site-packages/docker/models/images.py", line 316, in get
return self.prepare_model(self.client.api.inspect_image(name))
File "/usr/local/lib/python3.8/site-packages/docker/utils/decorators.py", line 19, in wrapped
return f(self, resource_id, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/docker/api/image.py", line 245, in inspect_image
self._get(self._url("/images/{0}/json", image)), True
File "/usr/local/lib/python3.8/site-packages/docker/utils/decorators.py", line 46, in inner
return f(self, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/docker/api/client.py", line 230, in _get
return self.get(url, **self._set_request_timeout(kwargs))
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 543, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/local/lib/python3.8/http/client.py", line 1230, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1276, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1225, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1004, in _send_output
self.send(msg)
File "/usr/local/lib/python3.8/http/client.py", line 944, in send
self.connect()
File "/usr/local/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect
sock.connect(self.unix_socket)
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 724, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.8/site-packages/urllib3/util/retry.py", line 403, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python3.8/site-packages/urllib3/packages/six.py", line 734, in reraise
raise value.with_traceback(tb)
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/local/lib/python3.8/http/client.py", line 1230, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1276, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1225, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1004, in _send_output
self.send(msg)
File "/usr/local/lib/python3.8/http/client.py", line 944, in send
self.connect()
File "/usr/local/lib/python3.8/site-packages/docker/transport/unixconn.py", line 43, in connect
sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/rest_framework/viewsets.py", line 114, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 505, in dispatch
response = self.handle_exception(exc)
File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 465, in handle_exception
self.raise_uncaught_exception(exc)
File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 476, in raise_uncaught_exception
raise exc
File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 502, in dispatch
response = handler(request, *args, **kwargs)
File "/vulfocus-api/dockerapi/views.py", line 134, in create
images = client.images.pull(image_name)
File "/usr/local/lib/python3.8/site-packages/docker/models/images.py", line 440, in pull
pull_log = self.client.api.pull(
File "/usr/local/lib/python3.8/site-packages/docker/api/image.py", line 395, in pull
response = self._post(
File "/usr/local/lib/python3.8/site-packages/docker/utils/decorators.py", line 46, in inner
return f(self, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/docker/api/client.py", line 226, in _post
return self.post(url, **self._set_request_timeout(kwargs))
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 578, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
shiro-cve_2020_11989访问都是404
报错信息
当容器过期时间设置为0,永不过期时,无法启动容器,后端报错
详细报错信息或堆栈报错信息:
TypeError at /images/bacbfa68-4408-4920-85a3-cbf88963318b/start/
run_container() missing 1 required positional argument: 'countdown'
Request Method: GET
Request URL: http://127.0.0.1:8000/images/bacbfa68-4408-4920-85a3-cbf88963318b/start/
Django Version: 2.2.13
Python Executable: /usr/local/bin/python3
Python Version: 3.9.0
Python Path: ['/vulfocus-api', '/vulfocus-api', '/usr/local/lib/python39.zip', '/usr/local/lib/python3.9', '/usr/local/lib/python3.9/lib-dynload', '/usr/local/lib/python3.9/site-packages']
Server time: 星期二, 30 三月 2021 19:54:39 +0800
Installed Applications:
['django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'user',
'corsheaders',
'dockerapi',
'network',
'tasks',
'layout_image']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback:
File "/usr/local/lib/python3.9/site-packages/django/core/handlers/exception.py" in inner
34. response = get_response(request)
File "/usr/local/lib/python3.9/site-packages/django/core/handlers/base.py" in _get_response
115. response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.9/site-packages/django/core/handlers/base.py" in _get_response
113. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.9/site-packages/django/views/decorators/csrf.py" in wrapped_view
54. return view_func(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/rest_framework/viewsets.py" in view
114. return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py" in dispatch
505. response = self.handle_exception(exc)
File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py" in handle_exception
465. self.raise_uncaught_exception(exc)
File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py" in raise_uncaught_exception
476. raise exc
File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py" in dispatch
502. response = handler(request, *args, **kwargs)
File "/vulfocus-api/dockerapi/views.py" in start_container
289. task_id = tasks.create_container_task(container_vul, user, get_request_ip(request))
File "/vulfocus-api/tasks/tasks.py" in create_container_task
156. run_container.delay(container_vul.container_id, user_id, task_id)
File "/usr/local/lib/python3.9/site-packages/celery/app/task.py" in delay
425. return self.apply_async(args, kwargs)
File "/usr/local/lib/python3.9/site-packages/celery/app/task.py" in apply_async
530. check_arguments(*(args or ()), **(kwargs or {}))
Exception Type: TypeError at /images/bacbfa68-4408-4920-85a3-cbf88963318b/start/
Exception Value: run_container() missing 1 required positional argument: 'countdown'
Request information:
USER: admin
GET: No GET data
POST: No POST data
FILES: No FILES data
COOKIES:
PHPSESSID = '5ii409ghvj0tp3fkjgf7ttgcb6'
security = 'low'
vue_admin_template_token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjE3MTcyMjU0LCJlbWFpbCI6ImFkbWluQGZvZmEuc28ifQ.gLROoi7QMmCPREtGZ8_aMGxtm_Ps4AqF774K9D8edzc'
JSESSIONID = 'AB55093B5D2BAA4716E6EAE33D8ED6C4'
META:
CONTENT_LENGTH = ''
CONTENT_TYPE = 'text/plain'
DJANGO_SETTINGS_MODULE = 'vulfocus.settings'
DOCKER_HOST = 'unix://var/run/docker.sock'
DOCKER_URL = 'unix://var/run/docker.sock'
GATEWAY_INTERFACE = 'CGI/1.1'
GPG_KEY = 'E3FF2839C048B25C084DEBE9B26995E310250568'
HOME = '/root'
HOSTNAME = '2699f54f7f58'
HTTP_ACCEPT = 'application/json, text/plain, /'
HTTP_ACCEPT_ENCODING = 'gzip, deflate'
HTTP_ACCEPT_LANGUAGE = 'zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7'
HTTP_AUTHORIZATION = 'BMH eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjE3MTcyMjU0LCJlbWFpbCI6ImFkbWluQGZvZmEuc28ifQ.gLROoi7QMmCPREtGZ8_aMGxtm_Ps4AqF774K9D8edzc'
HTTP_CONNECTION = 'close'
HTTP_COOKIE = 'PHPSESSID=5ii409ghvj0tp3fkjgf7ttgcb6; security=low; vue_admin_template_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNjE3MTcyMjU0LCJlbWFpbCI6ImFkbWluQGZvZmEuc28ifQ.gLROoi7QMmCPREtGZ8_aMGxtm_Ps4AqF774K9D8edzc; JSESSIONID=AB55093B5D2BAA4716E6EAE33D8ED6C4'
HTTP_HOST = '127.0.0.1:8000'
HTTP_REFERER = 'http://10.91.3.21/'
HTTP_USER_AGENT = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36'
LANG = 'C.UTF-8'
PATH = '/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
PATH_INFO = '/images/bacbfa68-4408-4920-85a3-cbf88963318b/start/'
PWD = '/vulfocus-api'
PYTHON_GET_PIP_SHA256 = '6e0bb0a2c2533361d7f297ed547237caf1b7507f197835974c0dd7eba998c53c'
PYTHON_GET_PIP_URL = 'https://github.com/pypa/get-pip/raw/fa7dc83944936bf09a0e4cb5d5ec852c0d256599/get-pip.py'
PYTHON_PIP_VERSION = '20.2.4'
PYTHON_VERSION = '3.9.0'
QUERY_STRING = ''
REMOTE_ADDR = '127.0.0.1'
REMOTE_HOST = ''
REQUEST_METHOD = 'GET'
RUN_MAIN = 'true'
SCRIPT_NAME = ''
SECRET_KEY = 'b0^+yw+!frh4(sta2+6+iisn(7m3r(-80%0#1muohxkjtj@yk!'
SERVER_NAME = '2699f54f7f58'
SERVER_PORT = '8000'
SERVER_PROTOCOL = 'HTTP/1.0'
SERVER_SOFTWARE = 'WSGIServer/0.2'
TZ = 'Asia/Shanghai'
VUL_IP = '10.91.3.21'
wsgi.errors = <_io.TextIOWrapper name='' mode='w' encoding='utf-8'>
wsgi.file_wrapper = ''
wsgi.input = <django.core.handlers.wsgi.LimitedStream object at 0x7f8ea0ded100>
wsgi.multiprocess = False
wsgi.multithread = True
wsgi.run_once = False
wsgi.url_scheme = 'http'
wsgi.version = '(1, 0)'
Settings:
Using settings module vulfocus.settings
ABSOLUTE_URL_OVERRIDES = {}
ADMINS = []
ALLOWED_HOSTS = ['*']
ALLOWED_IMG_SUFFIX = ['jpg', 'jpeg', 'png']
APPEND_SLASH = True
AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']
AUTH_PASSWORD_VALIDATORS = ''
AUTH_USER_MODEL = 'user.UserProfile'
BASE_DIR = '/vulfocus-api'
CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
CACHE_MIDDLEWARE_ALIAS = 'default'
CACHE_MIDDLEWARE_KEY_PREFIX = ''
CACHE_MIDDLEWARE_SECONDS = 600
CELERY_ACCEPT_CONTENT = ['json']
CELERY_BROKER_URL = 'redis://127.0.0.1:6379/0'
CELERY_RESULT_BACKEND = 'redis://127.0.0.1:6379/0'
CELERY_TASK_SERIALIZER = 'json'
CORS_ORIGIN_ALLOW_ALL = True
CORS_ORIGIN_WHITELIST = ['http://localhost:9527']
CSRF_COOKIE_AGE = 31449600
CSRF_COOKIE_DOMAIN = None
CSRF_COOKIE_HTTPONLY = False
CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_PATH = '/'
CSRF_COOKIE_SAMESITE = 'Lax'
CSRF_COOKIE_SECURE = False
CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'
CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'
CSRF_TRUSTED_ORIGINS = []
CSRF_USE_SESSIONS = False
DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'NAME': '/vulfocus-api/db.sqlite3', 'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'OPTIONS': {}, 'TIME_ZONE': None, 'USER': '', 'PASSWORD': '', 'HOST': '', 'PORT': '', 'TEST': {'CHARSET': None, 'COLLATION': None, 'NAME': None, 'MIRROR': None}}}
DATABASE_ROUTERS = []
DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440
DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000
DATETIME_FORMAT = 'N j, Y, P'
DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y']
DATE_FORMAT = 'N j, Y'
DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y']
DEBUG = True
DEBUG_PROPAGATE_EXCEPTIONS = False
DECIMAL_SEPARATOR = '.'
DEFAULT_CHARSET = 'utf-8'
DEFAULT_CONTENT_TYPE = 'text/html'
DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter'
DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
DEFAULT_FROM_EMAIL = 'webmaster@localhost'
DEFAULT_INDEX_TABLESPACE = ''
DEFAULT_TABLESPACE = ''
DISALLOWED_USER_AGENTS = []
DOCKER_COMPOSE = '/vulfocus-api/docker-compose'
DOCKER_CONTAINER_TIME = 60
DOCKER_URL = 'unix://var/run/docker.sock'
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'localhost'
EMAIL_HOST_PASSWORD = ''
EMAIL_HOST_USER = ''
EMAIL_PORT = 25
EMAIL_SSL_CERTFILE = None
EMAIL_SSL_KEYFILE = ''
EMAIL_SUBJECT_PREFIX = '[Django] '
EMAIL_TIMEOUT = None
EMAIL_USE_LOCALTIME = False
EMAIL_USE_SSL = False
EMAIL_USE_TLS = False
FILE_CHARSET = 'utf-8'
FILE_UPLOAD_DIRECTORY_PERMISSIONS = None
FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler']
FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440
FILE_UPLOAD_PERMISSIONS = None
FILE_UPLOAD_TEMP_DIR = None
FIRST_DAY_OF_WEEK = 0
FIXTURE_DIRS = []
FORCE_SCRIPT_NAME = None
FORMAT_MODULE_PATH = None
FORM_RENDERER = 'django.forms.renderers.DjangoTemplates'
IGNORABLE_404_URLS = []
INSTALLED_APPS = ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'user', 'corsheaders', 'dockerapi', 'network', 'tasks', 'layout_image']
INTERNAL_IPS = []
JWT_AUTH = {'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1), 'JWT_AUTH_HEADER_PREFIX': 'BMH'}
LANGUAGES = [('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')]
LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur']
LANGUAGE_CODE = 'zh-hans'
LANGUAGE_COOKIE_AGE = None
LANGUAGE_COOKIE_DOMAIN = None
LANGUAGE_COOKIE_NAME = 'django_language'
LANGUAGE_COOKIE_PATH = '/'
LOCALE_PATHS = []
LOGGING = {}
LOGGING_CONFIG = 'logging.config.dictConfig'
LOGIN_REDIRECT_URL = '/accounts/profile/'
LOGIN_URL = '/accounts/login/'
LOGOUT_REDIRECT_URL = None
MANAGERS = []
MEDIA_ROOT = ''
MEDIA_URL = ''
MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage'
MIDDLEWARE = ['django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'corsheaders.middleware.CorsMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware']
MIGRATION_MODULES = {}
MONTH_DAY_FORMAT = 'F j'
NUMBER_GROUPING = 0
PASSWORD_HASHERS = ''
PASSWORD_RESET_TIMEOUT_DAYS = ''
PREPEND_WWW = False
REDIS_HOST = '127.0.0.1'
REDIS_PASS = ''
REDIS_POOL = ConnectionPool<Connection<host=127.0.0.1,port=6379,db=1>>
REDIS_PORT = 6379
REST_FRAMEWORK = {'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticated'], 'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework_jwt.authentication.JSONWebTokenAuthentication', 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication'], 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', 'PAGE_SIZE': 20}
ROOT_URLCONF = 'vulfocus.urls'
SECRET_KEY = '********************'
SECURE_BROWSER_XSS_FILTER = False
SECURE_CONTENT_TYPE_NOSNIFF = False
SECURE_HSTS_INCLUDE_SUBDOMAINS = False
SECURE_HSTS_PRELOAD = False
SECURE_HSTS_SECONDS = 0
SECURE_PROXY_SSL_HEADER = None
SECURE_REDIRECT_EXEMPT = []
SECURE_SSL_HOST = None
SECURE_SSL_REDIRECT = False
SERVER_EMAIL = 'root@localhost'
SESSION_CACHE_ALIAS = 'default'
SESSION_COOKIE_AGE = 1209600
SESSION_COOKIE_DOMAIN = None
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_PATH = '/'
SESSION_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_SECURE = False
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_FILE_PATH = None
SESSION_SAVE_EVERY_REQUEST = False
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'
SETTINGS_MODULE = 'vulfocus.settings'
SHORT_DATETIME_FORMAT = 'm/d/Y P'
SHORT_DATE_FORMAT = 'm/d/Y'
SIGNING_BACKEND = 'django.core.signing.TimestampSigner'
SILENCED_SYSTEM_CHECKS = []
STATICFILES_DIRS = ['/vulfocus-api/static']
STATICFILES_FINDERS = ['django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder']
STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
STATIC_ROOT = None
STATIC_URL = '/static/'
TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': ['/vulfocus-api/templates'], 'APP_DIRS': True, 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages']}}]
TEST_NON_SERIALIZED_APPS = []
TEST_RUNNER = 'django.test.runner.DiscoverRunner'
THOUSAND_SEPARATOR = ','
TIME_FORMAT = 'P'
TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']
TIME_ZONE = 'Asia/Shanghai'
USE_I18N = True
USE_L10N = True
USE_THOUSAND_SEPARATOR = False
USE_TZ = False
USE_X_FORWARDED_HOST = False
USE_X_FORWARDED_PORT = False
VUL_IP = '10.91.3.21'
WSGI_APPLICATION = 'vulfocus.wsgi.application'
X_FRAME_OPTIONS = 'SAMEORIGIN'
YEAR_MONTH_FORMAT = 'F Y'
You're seeing this error because you have DEBUG = True in your
Django settings file. Change that to False, and Django will
display a standard page generated by the handler for this status code.
产品:
源 Docker 镜像:
漏洞编号:
rank 提交时设置默认值以及说明信息。
国内网络拉取dockerhub的镜像太慢。
建议提供自定义registry的功能,从国内docker镜像拉取
1、漏洞信息模块:侧边栏可以添加漏洞信息模块,由使用者自己编辑。编辑的漏洞信息可以关联到镜像信息中。
2、添加web terminal功能:1、方便进行命令端操作;2、使用者学习漏洞修复时可以直接通过web terminal操作。
3、添加分组功能:镜像组管理-->添加镜像组名称-->打开镜像组-->添加docker镜像
那天,我就和往常一样准备写poc,然后就登录了 http://vulfocus.fofa.so/#/dashboard,
一打开,一种牛皮的气息扑面而来,在线的,就是赞,技术员的福利,我怀着激动的心情点击的开启环境,
Apache Solr RCE(CVE-2019-12409) 环境,
环境似乎也顺利的开启了
激动,开心,于是我非常愉快的选择访问它给出的访问地址。
一秒。。。。两秒。。。。时间在流逝。。。。。
no。。。。访问失败,天哪,我的心都碎了
但我还怀有期待,于是过了几分钟后再去访问了那个地址。
然而结果并没有什么不同。
真是令人失落的一天。
报错信息
redis未运行
操作系统:
ubuntu19.10
内核版本:
Linux vul 5.3.0-46-generic
Python 环境版本:
python3.7
Vulfocus 版本:
2.1
详细报错信息或堆栈报错信息:
运行pip3 install -r requirements.txt后可以 依旧会提示redis-server未安装切redis服务未启动。重新执行apt-get install redis-server才可以
目前只支持 -v 形式进行映射本机的Docker服务,但是无法支持其他服务器的Docker。
需要兼容Windows Docker,目前无法实现 Windows Docker启动。
docker pull vulfocus/vulfocus/spring-cve_2017_8046 没有
docker pull vulfocus/jenkins-cve2017_1000353 没有
docker pull vulfocus/jenkins-cve2018_1000861没有
你好,我自己做了个镜像,镜像的启动命令是:
docker run -itd --privileged -p 8080:8080 --name tomcat-pass-shell betsy0/tomcat /usr/sbin/init
然后我导入到vulfocus进行管理,发现无法启动,是我容器内的服务做的启动方式不对吗
1、30分钟后容器只是暂停并未彻底关闭,启动多个镜像后,会造成容器无法启动的情况
2、启动未到30分钟,镜像就停止了
3、镜像启动完后,再次点击详情(显示端口界面、提交flag的页面)界面会卡死
4、在n页点击搜索按钮显示为n页但内容自动跳转到第一页
目前拉取镜像 没有状态交互,增加异步操作,使用队列的形式处理。
请简单描述一下需要改进/新增功能:
接口都没做分页,导致数据多了api不稳定,比如查看用户操作日志
描述你想要的解决方案:
给api添加上分页功能
补充内容:
希望增加修改“首页”->“附加信息”的IP地址,描述等信息的功能。
因实际使用时发现IP地址不对,把靶机系统开放给其他人使用时很麻烦。
建议添加可以加载本地已有的 Docker 环境功能。
请简单描述一下需要改进/新增功能:
镜像启动后立即访问地址失败,要重新刷新几次才能访问靶机,用户体验不太好
描述你想要的解决方案:
建议在前端加个进度条显示,后端加个检测容器启动状态接口
补充内容:
请简单描述一下需要改进/新增功能:vulfocus已部署成功,漏洞镜像也拉到docker服务器上,但是就是该漏洞环境环境启动不起来,怎么解决呢,谢谢
描述你想要的解决方案:启动漏洞环境
补充内容:界面在附件里。
漏洞环境进不去,一直启动-疑难上传.docx
谢谢!!沮丧
可以自定义定时关闭 Docker 容器,进行解决资源被占满的问题。
报错信息
[root@localhost /]# docker run -d -p 80:80 -v /var/run/docker.sock:/var/run/docker.sock -e VUL_IP= 192.168.100.125 vulfocus/vulfocus
Unable to find image '192.168.100.125:latest' locally
docker: Error response from daemon: pull access denied for 192.168.100.125, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
操作系统:
linux
内核版本:
Linux localhost.localdomain 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Python 环境版本:
python
Python 2.7.5 (default, Apr 2 2020, 13:16:51)
Vulfocus 版本:
详细报错信息或堆栈报错信息:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.