lubyruffy / fofa Goto Github PK

View Code? Open in Web Editor NEW

358.0 21.0 222.0 8.95 MB

fofa website

Ruby 67.76% CoffeeScript 0.28% JavaScript 1.19% CSS 11.05% HTML 19.65% Shell 0.07%

fofa's Introduction

fofa 2.0

简介

fofa的理想是建立一个针对全球范围的最全的网站数据信息库，提供给网民（更多的是安全技术研究人员）进行查询。比如可以做CMS识别等等。

运行环境：redis、mysql、sphinx

主页：http://fofa.so

运行

$ git clone https://github.com/LubyRuffy/fofa.git
$ cd fofa
$ bundle install
配置和启动es
配置和启动redis
配置和启动mysql
配置database.yml，编辑es,redis和mysql服务器地址端口
如果MySQL结构都建立了，es和redis都启动了，那么：
$ rake fofa:restart_all

elasticsearch配置

搭建好es服务器，然后配置database.yml。

mysql配置

搭建好服务器，然后配置database.yml。通过rake db:schema:load来生成数据库结构，这时数据是空的。

redis配置

搭建好服务器，然后配置database.yml。

管理web服务器:

rake fofa:start_unicorn
rake fofa:stop_unicorn
rake fofa:restart_unicorn

管理worker

worker就是用来执行任务的（也就是爬虫）

rake fofa:start_workers
rake fofa:stop_workers
rake fofa:restart_workers

查看任务：

本机调试时可以通过127.0.0.1/sidekiq来查看任务队列执行情况。

附带工具：

db_link_crawler.rb 从数据库中取body分析所有url提交到任务队列的工具
analysis_fingerprint_from_urls.rb 提供满足某cms指纹的几个URL，自动分析出查询的关键字
anaylysis_daemon.rb 放到crontab -e里面执行的脚本，用于更新统计报表
link_crawler.rb 输入一个其实url，递归爬行host的工具，只爬首页
addhost.rb 测试模拟处理url的工具，可以制定是否强制刷新（默认90天内更新的不会处理）

可选cron任务：

每天3点更新一下统计数据： 03 00 * * * $SS_DIR/fofa/tools/anaylysis_daemon.rb >> $SS_DIR/analysis_cms_crontab.log

查看redis任务队列：

watch -n 5 redis-cli -hlocahost llen fofa:queue:process_url 如果数据库不同，记得修改-n参数 watch -n 5 redis-cli -n 15 -hlocahost llen fofa:queue:process_url

漏洞测试：

./fofacli/fofacli.rb elasticsearch_rce_CVE-2014-3120.rb 'fofaquery=(header="application/json" && body="build_hash") || body="You Know, for Search"' e
./fofacli/fofacli.rb oa80000_default_account.rb fofaquery='body="/OAapp/WebObjects/OAapp.woa"' e
通过FOFA_PROXY=1.1.1.1:8080这种形式来设置代理

数据导入（主要是exploits）：

初次结构建立：RAILS_ENV=production rake db:migrate 每次更新exploits后： RAILS_ENV=production ./tools/import_exploits_to_db.rb

处理URL需要注意的坑：

一个主机带所有端口的形式，这种一般是用来做关键字的垃圾数据，丢弃
一个ip用不同的进制形式表现，也是做关键字的垃圾数据，丢弃。参考：http://www.pc-help.org/obscure.htm
很多GFW原因导致不可以访问的网站需要丢弃（在尝试请求多次失败后，自动加入黑名单，不用去配置）
泛解析域名，通常是随机生成固定的字符串，大多也是做游戏广告等关键字的垃圾站，丢弃

fofa's People

Contributors

Stargazers

Watchers

Forkers

zhangqin n0nzer0 jinglingshu fooying qqshow iph0n3 verdureorange yinyue xbzbing zhangran lato bupt007 jacob08 imcom yd0str arschlochnop h4de5ing sigma-random xiongjy2104 loveshell npc7 nidongde rolinston mar1n3 syjzwjj hongxs cacker znanl march0 anhilo tdr130 key20 voilet stop1992 5up3rc rootsecurity xxoxx linux520 shengxinking sechacking tuian withdrawn zhentan911 tycheo sunpeak uncia askl56 a3587556 pekita1 johnchu101 wangbibo wooutl uppentest gamehacker changheluor007 sampr0 790854836 lxghost m1a0yu3 xyzhelloworld tutorial0 chinalover r00tak iamspid3r 0xa-cc awuhuan lcultx binlaniua coffeehb z0x010 ttxx9999 cann0n nx4dm1n byteways beelives 0x24bin qardeneden ziv0chou fork42541 chickenlove buglike chrook le0r0bot suwall dongfengyz h1d3r ghubgenius h0bby volt72 expdb2015 lee-0x00 anysun xiaofengtongxue eniac888 4ga1n smallmeet line2222 cqf539 c0ntr01 wsppt

fofa's Issues

添加错误请求http的队列，达到阈值后加如黑民单

主要是gfw导致的问题，比如facebook怎么请求都不行，但是很多网站又链接过去了。

将识别规则分类

云服务：如cloudflare之类的
主机系统：如xampp之类的
建站系统：如wordpress之类的。应该下分子类比如综合，企业，电商之类的
前端组件：比如jquery，bootstrap之类的
第三方模块：应该下分子类比如统计、广告、评论之类的

你好，出现 undefined method `[]' for nil:NilClass错误请教。

在rake db:schema:load出现下面错误，请教怎么解决？
rake db:schema:load --trace
** Invoke db:schema:load (first_time)
** Invoke environment (first_time)
** Execute environment
rake aborted!
NoMethodError: undefined method []' for nil:NilClass /usr/share/fofa-clone/config/initializers/elasticsearch.rb:6:in<top (required)>'
/var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:268:in load' /var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:268:inblock in load'
/var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:240:in load_dependency' /var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:268:inload'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/engine.rb:652:in block in load_config_initializer' /var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/notifications.rb:166:ininstrument'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/engine.rb:651:in load_config_initializer' /var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/engine.rb:616:inblock (2 levels) in class:Engine'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/engine.rb:615:in each' /var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/engine.rb:615:inblock in class:Engine'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/initializable.rb:30:in instance_exec' /var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/initializable.rb:30:inrun'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/initializable.rb:55:in block in run_initializers' /usr/lib/ruby/2.1.0/tsort.rb:226:inblock in tsort_each'
/usr/lib/ruby/2.1.0/tsort.rb:348:in block (2 levels) in each_strongly_connected_component' /usr/lib/ruby/2.1.0/tsort.rb:418:inblock (2 levels) in each_strongly_connected_component_from'
/usr/lib/ruby/2.1.0/tsort.rb:427:in each_strongly_connected_component_from' /usr/lib/ruby/2.1.0/tsort.rb:417:inblock in each_strongly_connected_component_from'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/initializable.rb:44:in each' /var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/initializable.rb:44:intsort_each_child'
/usr/lib/ruby/2.1.0/tsort.rb:411:in call' /usr/lib/ruby/2.1.0/tsort.rb:411:ineach_strongly_connected_component_from'
/usr/lib/ruby/2.1.0/tsort.rb:347:in block in each_strongly_connected_component' /usr/lib/ruby/2.1.0/tsort.rb:345:ineach'
/usr/lib/ruby/2.1.0/tsort.rb:345:in call' /usr/lib/ruby/2.1.0/tsort.rb:345:ineach_strongly_connected_component'
/usr/lib/ruby/2.1.0/tsort.rb:224:in tsort_each' /usr/lib/ruby/2.1.0/tsort.rb:205:intsort_each'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/initializable.rb:54:in run_initializers' /var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/application.rb:352:ininitialize!'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/railtie.rb:194:in public_send' /var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/railtie.rb:194:inmethod_missing'
/usr/share/fofa-clone/config/environment.rb:5:in <top (required)>' /var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:274:inrequire'
/var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:274:in block in require' /var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:240:inload_dependency'
/var/lib/gems/2.1.0/gems/activesupport-4.2.3/lib/active_support/dependencies.rb:274:in require' /var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/application.rb:328:inrequire_environment!'
/var/lib/gems/2.1.0/gems/railties-4.2.3/lib/rails/application.rb:457:in block in run_tasks_blocks' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:240:incall'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:240:in block in execute' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:235:ineach'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:235:in execute' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:179:inblock in invoke_with_call_chain'
/usr/lib/ruby/2.1.0/monitor.rb:211:in mon_synchronize' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:172:ininvoke_with_call_chain'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:201:in block in invoke_prerequisites' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:199:ineach'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:199:in invoke_prerequisites' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:178:inblock in invoke_with_call_chain'
/usr/lib/ruby/2.1.0/monitor.rb:211:in mon_synchronize' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:172:ininvoke_with_call_chain'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/task.rb:165:in invoke' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:150:ininvoke_task'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:106:in block (2 levels) in top_level' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:106:ineach'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:106:in block in top_level' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:115:inrun_with_threads'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:100:in top_level' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:78:inblock in run'
/var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:176:in standard_exception_handling' /var/lib/gems/2.1.0/gems/rake-10.4.2/lib/rake/application.rb:75:inrun'
/var/lib/gems/2.1.0/gems/rake-10.4.2/bin/rake:33:in <top (required)>' /usr/local/bin/rake:23:inload'
/usr/local/bin/rake:23:in `

'
Tasks: TOP => db:schema:load => environment

支持增量实时显示更新数据功能

-用gearman系统，动态添加任务
-调用sphinx增量索引

ip的归一化

0x0079.0x000000000000000028.0x0083.00257

0x是16进制

00是8进制

1-9开头的是10进制

0b是2进制。

用户可以自定义生成报表

只能从发布的rule中选择多项，然后每天跑一次数据，自动生成报表

下划线（_）连起来的在sphinx中不会检索到

HTTP/1.1 200 OK
Content-Type: text/html; charset=gbk
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: KQ7w_2132_saltkey=xbQQQaL0; expires=Wed, 06-Aug-2014 10:50:25 GMT; path=/; httponly, KQ7w_2132_lastvisit=1404726625; expires=Wed, 06-Aug-2014 10:50:25 GMT; path=/, KQ7w_2132_sid=H4d16o; expires=Tue, 08-Jul-2014 10:50:25 GMT; path=/, KQ7w_2132_lastact=1404730225%09portal.php%09; expires=Tue, 08-Jul-2014 10:50:25 GMT; path=/, KQ7w_2132_stats_qc_reg=deleted; expires=Sun, 07-Jul-2013 10:50:24 GMT; path=/, KQ7w_2132_cloudstatpost=deleted; expires=Sun, 07-Jul-2013 10:50:24 GMT; path=/, KQ7w_2132_sid=H4d16o; expires=Tue, 08-Jul-2014 10:50:25 GMT; path=/
Server: IIS
X-Powered-By: WAF/2.0
Date: Mon, 07 Jul 2014 10:50:25 GMT
Connection: close
Content-Length: 22848

通过KQ7w_2132_cloudstatpost可以检索到，但是cloudstatpost这样的就不能检索到。需要测试一下如何进行配置。