Git Product home page Git Product logo

szhe_scan's Issues

运行成功了

有几个建议:
1.扫描不到那种需要登录的网站
2.不知道能不能提供扫描选项,我只想扫某个网站的SQL注入漏洞,和XSS
3.后期会加入扫描暗链和恶意关键字的功能吗

再提issus,新功能

还可以增加 漏洞及时通知反馈功能

结果发送给server酱
或者微信公众号,或者钉钉等等

这样感觉能及时知道结果

问题

您好师傅,成功在服务器上通过源码搭建了,但是只能本地访问,外网访问会直接拒绝请求(已经放行所有端口),请问怎么进行配置使得外网可以访问

成功运行,但是瑕疵还比较多

用了一下感觉误报还是太多了,报出很多xss根本就没有参数输入的地方并且payload中还插着日期,emmmmmm,还有高危的洞是js文件后边跟了命令注入的payload,但是并没有办法传参,而且有的完全相同的漏洞会重复报很多次。

mac docker运行报错,报错信息如下

b53cfa67fd97 szhe_scan_web "flask run" 2 minutes ago Restarting (2) 50 seconds ago szhe_scan_web_1

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

  • Serving Flask app "index.py"
  • Environment: production
    WARNING: This is a development server. Do not use it in a production deployment.
    Use a production WSGI server instead.
  • Debug mode: off
    Usage: flask run [OPTIONS]

Error: While importing "index", an ImportError was raised:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'

能否弄个管理待扫描目标的地方?

安裝成功了,弄了一批域名进行扫描,扫描到第6个的时候卡住了,几个小时都是那个目标,没有地方查看当前进度及管理待扫描不目标,就有点难受,连取消都没地方取消,像我这样,卡住在某个域名不动了,就完全没有任何办法

小建议

搭建成功了, 能够运行,还是很不错的。

  1. 希望能够优化一下漏洞误报,能够点选想查找类型的漏洞和漏洞分级查看
  2. 漏洞类型统计的那个地方的百分比显示,可以移到进度条右端,现在看着有点遮挡
    扫描进度那里也是
  3. 能够取消添加的任务
  4. 明明扫描完成了,还是显示待扫描。

成功部署运行

mac环境下用docker成功搭建运行起来了,棒棒哒
不过测试了一下有几个小想法:
1、新建任务栏和预览图有点不太一样,输入链接后可以新建任务,不过感觉还缺一个任务列表,这样待扫描、已扫描就一目了然了,不然总有几个待扫描任务不知道为啥进行不下去;
image

2、控制台里预留的统计信息按钮点不了,如果能点进查看详情就完美了;
image

3、扫描过程考虑设置个进度条?可以根据需要随时终止扫描就好了
4、扫描结果考虑生成报告文件导出么。比如html格式或者pdf格式
5、作者的头像很帅,不过都比较适合女孩子啊,囧。要是新注册账号也能修改头像就好了。注册的时候没提示成功,不过多试几次就可以了。

无法进行扫描

windows下的docker 安装后,登录后在控制台输入域名点击“新建任务”没任何反应

docker版安装后登陆报错

docker版安装完成以后,运行起来。
登陆进去报500

服务器挂了,正在暴打开发人员中^_^你被丢到火星了,送只猫咪陪你以表慰问Go Home

报错如下:
sqlalchemy.exc.ProgrammingError: (pymysql.err.ProgrammingError) (1146, "Table 'SZheScan.log' doesn't exist")
[SQL: INSERT INTO log (ip, email, date) VALUES (%(ip)s, %(email)s, %(date)s)]
[parameters: {'ip': '1.1.2.100', 'email': '[email protected]', 'date': datetime.datetime(2020, 6, 15, 3, 34, 18, 154845)}]
(Background on this error at: http://sqlalche.me/e/f405)

功能建议

1.能直接看高危危险的漏洞,而不是显示有漏洞,打开一看几千条
2.能取消任务,而不是每次扫一半就卡主了
3.扫出来的漏洞能单独存放

docker部署问题

failed to solve: process "/bin/sh -c apt-get update -y && apt-get upgrade -y && apt-get install aptitude -y && mv /etc/apt/sources.list /etc/apt/sources.list.bak && echo "deb http://mirrors.aliyun.com/debian stretch main contrib non-free" >/etc/apt/sources.list && echo "deb-src http://mirrors.aliyun.com/debian stretch main contrib non-free" >>/etc/apt/sources.list && echo "deb http://mirrors.aliyun.com/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list && echo "deb-src http://mirrors.aliyun.com/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list && echo "deb http://mirrors.aliyun.com/debian-security stretch/updates main contrib non-free" >>/etc/apt/sources.list && echo "deb-src http://mirrors.aliyun.com/debian-security stretch/updates main contrib non-free" >>/etc/apt/sources.list && echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" >>/etc/apt/sources.list && wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && aptitude update && aptitude install google-chrome-stable -y && wget --no-check-certificate --content-disposition https://github.com/Qianlitp/crawlergo/releases/download/v0.4.3/crawlergo_linux_amd64 -O crawlergo && chmod 777 crawlergo && pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple" did not complete successfully: exit code: 255

docker部署报错

系统 : Ubuntu 22.04.1 LTS

架构 :aarch64

报错内容:

=> CANCELED [szhe_scan_celery internal] load m 0.4s
=> ERROR [szhe_scan_mysql internal] load metad 0.3s

[szhe_scan_mysql internal] load metadata for docker.io/library/mysql:5.7:

failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to create LLB definition: no match for platform in manifest sha256:94176d0ad4ed85767fc0d74b8071387109a0390e7c1afd39788269c96d2dad74: not found

功能建议

建议查看漏洞的时候,可以筛选,比如只看高危,或者低危这样的功能。

Suggestion

建议资产扫描做成分布式扫描,否则单机扫描目标的全端口在时间上就行不通.我的漏扫功能是可以全选插件扫描或指定插件扫描,好处就是新的漏洞出来先测试一遍.功能模块分开的同时也能关联起来.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.