Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

版本计划 #8

Closed
leveryd opened this issue Jan 5, 2023 · 5 comments
Closed

版本计划 #8

leveryd opened this issue Jan 5, 2023 · 5 comments
Labels
documentation Improvements or additions to documentation

Comments

@leveryd
Copy link
Contributor

leveryd commented Jan 5, 2023
edited
Loading

v0.0.2版本计划

用户场景

  • 支持"浏览器设置代理后访问网站,利用代理扫描发现站点漏洞"
  • 支持"探测指定资产是否存在后台对外暴露,站点截图辅助告警运营"
  • 支持"在控制台运营dnslog报警"

核心功能

功能模块 目标 为什么需要这个
信息收集-支持对全端口的web服务探测 可以发现更多的web服务
信息收集-网站接口 支持katana在扫描时带上身份信息 带上身份信息后,可以收集更多接口
漏洞扫描-带外辅助模块 支持xray、nuclei使用dnslog 部分命令执行、反序列化漏洞需要
@leveryd leveryd added the documentation Improvements or additions to documentation label Jan 5, 2023
@leveryd leveryd pinned this issue Jan 5, 2023
leveryd pushed a commit that referenced this issue Jan 6, 2023
add: nuclei oob server
488d521 
#8
@leveryd
Copy link
Contributor Author

leveryd commented Jan 6, 2023
edited
Loading

背景

向集群外提供被动代理扫描服务,有以下两种方式,该选用哪个?

  • ingress
  • nodeport service

作为代理服务,目前可选方案是 xray、 proxify基于Nodejs的代理服务,该选用哪个?

该选用nodeport service还是ingress?

考虑因素是用户体验,尽量不需要让用户记住多个服务地址。如果不可避免,就需要想其他办法优化,比如在控制台dashboard上做超链接、信息提示等。

如果使用ingress形式暴露服务,就无法代理https请求。

如果使用nodeport service,需要固定nodeport service暴露的端口,这样容易提示用户http/https代理地址是"console.com:nodeport"。

代理服务应该选哪个?

需要考虑的因素:

  • 代理的性能
  • 成本:尽量能拿来就用
  • 满足功能需求:代理服务需要支持认证,最好是basic auth认证,最差是ip白名单;兼容性上最好支持http/http2/https/websocket代理;流量镜像到多个后端的扫描服务

性能没测,目前感觉xray是最合适的。不过它只能支持指定一个upstream-server,流量镜像到多个后端的扫描服务或许需要看看其他的方案,或者变通实现。

TODO: 研究下istio的流量复制、apisix的流量复制,目前看起来似乎也只能镜像到一个后端服务

leveryd pushed a commit to leveryd-asm/tools that referenced this issue Jan 16, 2023
add: url screenshot
8ae6d41 
leveryd-asm/asm#8
@leveryd
Copy link
Contributor Author

leveryd commented Jan 16, 2023

image

leveryd pushed a commit to leveryd-asm/console-fe that referenced this issue Jan 16, 2023
新增:表字段选项新增view字段,控制是否在表格中显示
aac5af6 
新增:管理后台 告警模块

leveryd-asm/asm#8
leveryd pushed a commit to leveryd-asm/tools that referenced this issue Jan 16, 2023
add: mange system alarm export to console
8fb1000 
fix: screenshot output line should end with \n

leveryd-asm/asm#8
leveryd pushed a commit that referenced this issue Jan 16, 2023
add: headless chrome service
1222d79 
add: database "ms" table
optimize: project structure

#8
leveryd pushed a commit to leveryd-asm/tools that referenced this issue Jan 16, 2023
update: x-tool image version
3543e07 
leveryd-asm/asm#8
leveryd pushed a commit that referenced this issue Jan 16, 2023
add: identify-ms、screenshot、save-alarm、subdomain from es
e026084 
#8
leveryd pushed a commit that referenced this issue Jan 17, 2023
add: identify manage system workflow
4d56971 
add: httpx port range template

#8
leveryd pushed a commit that referenced this issue Feb 16, 2023
add: support all port scan
599a620 
#8
leveryd pushed a commit that referenced this issue Feb 18, 2023
add: support xray reverse platform
2cf1aa4 
update: xray proxy scan option

#8
@leveryd
Copy link
Contributor Author

leveryd commented Feb 22, 2023

有两项没有做:

  • nuclei oob server
  • 支持katana在扫描时带上身份信息

@leveryd leveryd closed this as completed Feb 22, 2023
@leveryd leveryd unpinned this issue Feb 22, 2023
leveryd pushed a commit that referenced this issue Feb 23, 2023
add: proxy and kibana service can be access via ingress
f8f4156 
#8
leveryd pushed a commit that referenced this issue Feb 23, 2023
add: proxy and kibana service can be access via ingress
03f91ac 
#8
@leveryd
Copy link
Contributor Author

leveryd commented Feb 23, 2023
edited
Loading

当xray代理以ingress方式对外提供服务时,只能代理http请求、无法代理https

image

leveryd pushed a commit that referenced this issue Feb 23, 2023
add: kibana service can be accessed via ingress
2f8ba1a 
optimize: proxy service node port can be fixed by user

#8
@leveryd
Copy link
Contributor Author

leveryd commented Mar 13, 2023
edited
Loading

nginx mirror指令很容易拷贝流量到多个代理

location / {
    mirror /mirror; # mirror 指令制定镜像 uri 为 /mirror
    mirror /mirror; # 每多加一份mirror,流量放大一倍
    proxy_pass http://service_a;
}

location = /mirror {
    # 判断请求方法,不是GET返回403
    if($request_method != GET) {
        return 403;
    }
    internal; # internal 指定此 location 只能被“内部的”请求调用,外部的调用请求会返回 ”Not found” (404)
    rewrite ^/mirror(.*)$ $1$request_uri break;
    proxy_pass http://service_b$request_uri;
}

参考 Nginx流量镜像(Mirror)

对于 https 流量呢?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

版本计划-v0.0.2 leveryd-asm/asm
1 participant
@leveryd