Mars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
乙方安全狗,平常比较忙,很多issues也来不及回,见谅。
虽然尽量避免造轮子,但部分代码都有借鉴github上其它优秀项目。
若用本人项目去进行:HW演练/红蓝对抗/APT/黑产/恶意行为/违法行为/割韭菜,等行为,本人概不负责,也与本人无关。
本人已不参与大小HW活动的攻击方了,若溯源到ID:重剑无锋与本人无关。
访问不了AWVS
资产管理——资产任务:
127.0.0.1 - - [2020-05-13 14:57:04] "GET /new-customer HTTP/1.1" 200 13776 0.001000
127.0.0.1 - - [2020-05-13 14:57:08] "GET /new-asset HTTP/1.1" 200 15155 0.030000
127.0.0.1 - - [2020-05-13 14:57:14] "GET /asset-management HTTP/1.1" 302 392 0.093000
127.0.0.1 - - [2020-05-13 14:57:14] "GET /login HTTP/1.1" 200 3983 0.001000
'NoneType' object has no attribute 'getitem'
认证检测——添加扫描:
127.0.0.1 - - [2020-05-13 15:01:20] "GET /new-auth-tester HTTP/1.1" 302 392 0.030000
127.0.0.1 - - [2020-05-13 15:01:20] "GET /login HTTP/1.1" 200 3983 0.000000
'NoneType' object has no attribute 'getitem'
127.0.0.1 - - [2020-05-13 15:01:20] "GET /static/font/css/font-awesome.min.css HTTP/1.1" 404 9028 0.002000
系统设置——高级设置:
'NoneType' object has no attribute 'getitem'
127.0.0.1 - - [2020-05-13 15:02:29] "GET /advanced-option HTTP/1.1" 302 392 0.030000
127.0.0.1 - - [2020-05-13 15:02:29] "GET /login HTTP/1.1" 200 3983 0.001000
127.0.0.1 - - [2020-05-13 15:02:29] "GET /static/font/css/font-awesome.min.css HTTP/1.1" 404 9028 0.003000
看起来是某些地方空值导致?
自写的poc无法上传。
上传文件后,无反应。
漏扫报告下载时,awvs已经生成报告,但mars前台已知卡在等待下载阶段。另是否可以向WDscan一样提供统一的中文报告。谢谢!
自带的awvs坏了,许可证过期了
是否开启了core dump功能?添加了一些资产,第二天30G的磁盘被占满,查看发现/Tide-Mars/taskpython/目录下有大量core文件,最大每个50M,查看ulimit -c命令发现是ulimited状态。是不是代码写了此功能,而且没做限制。
这里有问题
你的根目录是Tide-mars,但是你数据库里还是Mars. 默认的插件DB里应该修改下位置吧。
昨天早上添加的,到现在已经一天多时间了,还没有进行扫描,没有wdscanner使用起来方便
I want to modified some code, so can you share Dockerfile to fast deployment?
Thank you very much!
本机测试时hydra依赖组件出错
求一份dockerfile本地构建
不知能否公开一下Docker file
主要想精简一下docker里面内容,现在docker的确太大了
比较关心hydra、nmap、wafw00f这部分的配置内容,谢谢
资产扫描IP地区和状态信息是空的
每次点击以后就还原,又要重新点击,比较麻烦。
访问不了AWVS
如何修改Mars的默认密码呢,后台里面没这个选项。emmmm,
成功运行docker后,无论账号对错,总是提示Account Locked,
docker pull registry.cn-hangzhou.aliyuncs.com/secplus/mars:1.0
Error response from daemon: Get https://registry.cn-hangzhou.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@localhost ~]# docker pull registry-internal.cn-hangzhou.aliyuncs.com/secplus/mars:1.0
Error response from daemon: Get https://registry-internal.cn-hangzhou.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@localhost ~]# docker pull registry-vpc.cn-hangzhou.aliyuncs.com/secplus/mars:1.0
Error response from daemon: Get https://registry-vpc.cn-hangzhou.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@localhost ~]# docker search mars
Error response from daemon: Get https://index.docker.io/v1/search?q=mars&n=25: dial tcp 3.220.75.233:443: i/o timeout
其他docker镜像可以正常安装,这个阿里云镜像总提示网络问题
上传按照pocsuite格式编写的poc无法成功
awvs服务已起。进docker环境确认过了
更换api还是用的镜像里的api
端口扫描处建议先使用masscan扫一遍开放端口,再使用nmap做精确扫描,这样速度会快很多。
1、服务器重启,服务永远要自己进入docker手动启动
2、资产添加,扫描的话,任务永远都是排队中,需要自己后台手动启动扫描脚本才行,每次启动任务都要,麻烦死了。
3、T填IP的话,永远扫不出目标的端口出来,永远只出一个IP就完事了。
4、填写单个IP,如果你之前选过C段的话,以后永远都是扫C段了,不能扫单IP了
请问添加资产等功能有没有提供api?
刚使用,先点赞,其它建议后续再提
https://www.cnblogs.com/QuLory/archive/2013/03/24/2978366.html
资产任务编辑点击更新按钮没有任何反应,无法编辑。
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
