Comments (9)
LoRexxar
commented on July 20, 2024
我注意到定时爆破任务依赖的是crontab,那如果任务量达到一定程度,应该会对服务器造成很大的压力吧
from 404starlink.
awake1t
commented on July 20, 2024
定时任务依赖的是:github.com/robfig/cron
我记得这个定时任务机制是:
对于同一类型任务(比如端口爆破是一个类型)。如果当前执行时上一个任务还没有完成。当前任务作废,直到上一个任务完成。才会执行新的任务。 所以并不会存在同时并发执行N个任务场景。并发执行多少个任务,是依据任务类型。 当然这样设计也有弊端,具体是否加入任务列队控制,还要在实践中具体考虑。目前是不会对服务器造成很大压力。
而且我怕自己记错,刚刚简单打印日志测试了。简单日志+代码片段如下:
from 404starlink.
LoRexxar
commented on July 20, 2024
那如果是这样的话,我感觉应该会造成非常多的任务失效的样子,按理来说,这里如果有很多任务,再加上内置poc过多的话。
感觉会出很多问题。
包括我看到msscan也是多线程在跑
from 404starlink.
LoRexxar
commented on July 20, 2024
那如果是这样的话,我感觉应该会造成非常多的任务失效的样子,按理来说,这里如果有很多任务,再加上内置poc过多的话。
感觉会出很多问题。
包括我看到msscan也是多线程在跑
from 404starlink.
awake1t
commented on July 20, 2024
对,目前可能会有任务失效的bug。 目前的任务理论上会有10个左右。因为目前的poc只是端口检测类poc(弱口令、未授权)。任务数量不会太多, masscan跟nmap跑的不是定时任务的逻辑。masscan应该不受影响。 但是确实会有同一时间执行,任务失效的bug ,谢谢指正~
from 404starlink.
LoRexxar
commented on July 20, 2024
就目前而言,我觉得项目还是不太宜用,因为甲方产品和乙方小工具不一样,需要比较成熟或者有特性才行。
可能需要你把todo中的几个完成才比较好
from 404starlink.
awake1t
commented on July 20, 2024
收到,感谢建议,冲冲冲!
from 404starlink.
awake1t
commented on July 20, 2024
根据师傅的建议,进行了一次大版本更新。自己搭建环境跑了下。定时任务不会丢失,会排队等待,本次新增了指纹识别、调用XrayPOC扫描功能。目前功能清单如下:
- masscan+namp巡航扫描资产
- 创建定时爆破任务(FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD)
- 管理后台识别
- 结果导出
- 报表展示
- docker一键部署 [21-02-08]
- CMS识别 - 结合威胁情报、如果某个CMS爆出漏洞,可以快速定位企业内部有多少资产 [21-02-20]
- poc扫描 - 调用xray的Poc,对新发现的资产自动扫描poc [21-02-20]
更多见: https://github.com/awake1t/linglong
from 404starlink.
LoRexxar
commented on July 20, 2024
合入5th
from 404starlink.
Related Issues (20)
- [项目申请]: searchall敏感信息搜索工具 HOT 11
- [项目申请]: superman HOT 1
- [项目申请]: Phobos红队专用免杀木马生成器 HOT 1
- [项目申请]: qsnctf-python HOT 1
- [项目申请]: Pscan HOT 1
- [项目申请]: AppScan申请 HOT 3
- [项目申请]: Pillager HOT 1
- [项目申请]: HackerPermKeeper HOT 1
- [项目申请]: Choccy HOT 3
- [项目申请]: pathScan HOT 1
- 😧
- [项目申请]: mostart HOT 1
- [项目申请]: SpringBoot-Scan HOT 1
- [项目申请]: 昆吾webshell检测 HOT 3
- [项目申请]: 昆吾webshell检测 HOT 4
- [项目申请]: CaA项目 HOT 3
- [项目申请]: vultrap HOT 4
- [项目申请]: LC HOT 1
- [项目申请]: dddd HOT 1
- [项目申请]: Pilot漏洞测试教学靶场 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from 404starlink.