web后台开发,CSS清除默认样式

全球优质数字资产“聚合器” 普罗交易所开创专业、安全、便捷的区块链世界

  返回  

SimpleAutoBurp实现企业网站自动安全检测

2021/7/21 18:44:15 浏览:

企业Web网站很多直接对Internet直接提供服务,往往会被黑客作为恶意攻击的突破口,Web的安全和企业的信息安全高度相连。

现实的管理中,在安全制度不完善的情况下,网站开发人员和维护人员经常会未经过发布管理或者变更管理,私自上线新的内容或变更,安全人员往往在出现问题后追查时才发现,之前的安全环境或者代码已经都变更了。

今天介绍如何GitHut上的SimpleAutoBurp项目,利用Python脚本实现网站的定时的自动扫描,这样能够在更短的时间发现Web系统的漏洞。GitHub上的脚本针对Linux平台,本文将脚本修改为在Windows平台上运行。

一、工作原理:

利用Crontab(linux平台)或任务计划程序(windows平台)定期执行SimpleAutoBurp.py,该脚本利用BurpsuitePro的RESTAPI和配置文件config.json对目标主机进行web扫描。

二、脚本文件 SimpleAutoBurp+Config.json

SimpleAutoBurp.py 是调用Burp suite API的脚本,config.json是其配置文件。

SimpleAutoBurp.py

from os import strerror
from subprocess import Popen
import requests
import time
import subprocess
import logging
import os
import signal
import json
import sys
from datetime import datetime

configFile = r"F:/pythonCode/SimpleAutoBurp/SimpleAutoBurp-main/config.json"

try:
    with open(configFile) as json_data:
        config=json.load(json_data)
except:
    print("Missing config.json file. Make sure the configuration file is in the same folder")
    sys.exit()

burpConfigs=config["burpConfigs"][0]
siteConfigs=config["sites"]

def set_logging():
    global rootLogger
    logFormatter = logging.Formatter("%(asctime)s [%(levelname)-5.5s]  %(message)s")
    rootLogger = logging.getLogger()
    NumericLevel = getattr(logging, burpConfigs["loglevel"].upper(), 10)
    rootLogger.setLevel(NumericLevel)

    fileHandler = logging.FileHandler("{0}/{1}.log".format(burpConfigs["logPath"], burpConfigs["logfileName"]))
    fileHandler.setFormatter(logFormatter)
    rootLogger.addHandler(fileHandler) 

    consoleHandler = logging.StreamHandler()
    consoleHandler.setFormatter(logFormatter)
    rootLogger.addHandler(consoleHandler)

def execute_burp(site):
    cmd = burpConfigs["java"] + " -jar -Xmx" + burpConfigs["memory"] + " -Djava.awt.headless=" \
        + str(burpConfigs["headless"]) + " " + burpConfigs["burpJar"] + " --project-file=" + site["project"] + " --unpause-spider-and-scanner"
    try:
        rootLogger.debug("Executing Burp: " + str(cmd))
        p = Popen(cmd, shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
        return p.pid
    except:
        rootLogger.error("Burp Suite failed to execute.")
        exit()

def check_burp(site):
    count = 0 
    url = "http://127.0.0.1:1337/"+ site["apikey"] +"/v0.1/"
    time.sleep(10)
    while True:
        if count > burpConfigs["retry"]:
            rootLogger.error("Too many attempts to connect to Burp")
            exit()
        else:
            rootLogger.debug("Cheking API: " + str(url))
            init = requests.get(url)
            if init.status_code == 200:
                rootLogger.debug("API running, response code: " + str(init.status_code))
                # Let Brup time to load extensions
                time.sleep(30)
                break
            else:
                rootLogger.debug("Burp is not ready yet, response code: " + str(init.status_code))
                time.sleep(10)

def execute_scan(site):
    data = '{"urls":["'+ site["scanURL"] + '"]}'
    url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan"
    rootLogger.info("Starting scan to: " + str(site["scanURL"]))
    scan = requests.post(url, data=data)
    rootLogger.debug("Task ID: " + scan.headers["Location"])
    while True:
        url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan/" + scan.headers["Location"]
        scanresults = requests.get(url)
        data = scanresults.json()
        rootLogger.info("Current status: " + data["scan_status"])
        if data["scan_status"] == "failed":
            rootLogger.error("Scan failed")
            kill_burp()
            exit()
        elif data["scan_status"] == "succeeded":
            rootLogger.info("Scan competed")
            return data
        else:
            rootLogger.debug("Waiting 60 before cheking the status again")
            time.sleep(60)

def kill_burp(child_pid):
    rootLogger.info("Killing Burp.")
    try:
            os.kill(child_pid, signal.SIGTERM)
            rootLogger.debug("Burp killed")
    except:
            rootLogger.error("Failed to stop Burp")

def get_data(data, site):
    for issue in data["issue_events"]:
        rootLogger.info("Vulnerability - Name: " + issue["issue"]["name"] + " Path: " + issue["issue"]["path"] + " Severity: " + issue["issue"]["severity"])
    token=site["scanURL"].split('/')[2]
    top_level=token.split('.')[-2]+'.'+token.split('.')[-1]
    file = top_level + "-" + datetime.now().strftime("%Y_%m_%d-%I_%M_%S_%p") + ".txt"
    file = burpConfigs["ScanOutput"] + file
    rootLogger.info("Writing full results to: "+ file)
    with open(file, "w") as f:
        f.write(str(data["issue_events"]))

def main():
    set_logging()
    for site in config["sites"]:
        # Execute BurpSuite Pro
        child_pid = execute_burp(site)
        # Check if API burp is up
        check_burp(site)
        # Execute Scan
        data = execute_scan(site)
        # Get Vulnerability data
        get_data(data, site)
        # Stop Burp
        rootLogger.info("Scan finished, killing Burp.")
        kill_burp(child_pid)

if __name__ == '__main__':
    main() 

今天介绍如何GitHut上的SimpleAutoBurp项目,利用Python脚本实现网站的定时的自动扫描,这样能够在更短的时间发现Web系统的漏洞。GitHub上的脚本针对Linux平台,本文将脚本修改为在Windows平台上运行。

一、工作原理:

利用Crontab(linux平台)或任务计划程序(windows平台)定期执行SimpleAutoBurp.py,该脚本利用BurpsuitePro的RESTAPI和配置文件config.json对目标主机进行web扫描。

二、脚本文件 SimpleAutoBurp+Config.json

SimpleAutoBurp.py 是调用Burp suite API的脚本,config.json是其配置文件。

SimpleAutoBurp.py

from os import strerror
from subprocess import Popen
import requests
import time
import subprocess
import logging
import os
import signal
import json
import sys
from datetime import datetime

#将configFile指向你的config.json文件
configFile = r"F:/pythonCode/SimpleAutoBurp/SimpleAutoBurp-main/config.json"

try:
    with open(configFile) as json_data:
        config=json.load(json_data)
except:
    print("Missing config.json file. Make sure the configuration file is in the same folder")
    sys.exit()

burpConfigs=config["burpConfigs"][0]
siteConfigs=config["sites"]

def set_logging():
    global rootLogger
    logFormatter = logging.Formatter("%(asctime)s [%(levelname)-5.5s]  %(message)s")
    rootLogger = logging.getLogger()
    NumericLevel = getattr(logging, burpConfigs["loglevel"].upper(), 10)
    rootLogger.setLevel(NumericLevel)

    fileHandler = logging.FileHandler("{0}/{1}.log".format(burpConfigs["logPath"], burpConfigs["logfileName"]))
    fileHandler.setFormatter(logFormatter)
    rootLogger.addHandler(fileHandler) 

    consoleHandler = logging.StreamHandler()
    consoleHandler.setFormatter(logFormatter)
    rootLogger.addHandler(consoleHandler)

def execute_burp(site):
    cmd = burpConfigs["java"] + " -jar -Xmx" + burpConfigs["memory"] + " -Djava.awt.headless=" \
        + str(burpConfigs["headless"]) + " " + burpConfigs["burpJar"] + " --project-file=" + site["project"] + " --unpause-spider-and-scanner"
    try:
        rootLogger.debug("Executing Burp: " + str(cmd))
        p = Popen(cmd, shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
        return p.pid
    except:
        rootLogger.error("Burp Suite failed to execute.")
        exit()

def check_burp(site):
    count = 0 
    url = "http://127.0.0.1:1337/"+ site["apikey"] +"/v0.1/"
    time.sleep(10)
    while True:
        if count > burpConfigs["retry"]:
            rootLogger.error("Too many attempts to connect to Burp")
            exit()
        else:
            rootLogger.debug("Cheking API: " + str(url))
            init = requests.get(url)
            if init.status_code == 200:
                rootLogger.debug("API running, response code: " + str(init.status_code))
                # Let Brup time to load extensions
                time.sleep(30)
                break
            else:
                rootLogger.debug("Burp is not ready yet, response code: " + str(init.status_code))
                time.sleep(10)

def execute_scan(site):
    data = '{"urls":["'+ site["scanURL"] + '"]}'
    url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan"
    rootLogger.info("Starting scan to: " + str(site["scanURL"]))
    scan = requests.post(url, data=data)
    rootLogger.debug("Task ID: " + scan.headers["Location"])
    while True:
        url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan/" + scan.headers["Location"]
        scanresults = requests.get(url)
        data = scanresults.json()
        rootLogger.info("Current status: " + data["scan_status"])
        if data["scan_status"] == "failed":
            rootLogger.error("Scan failed")
            kill_burp()
            exit()
        elif data["scan_status"] == "succeeded":
            rootLogger.info("Scan competed")
            return data
        else:
            rootLogger.debug("Waiting 60 before cheking the status again")
            time.sleep(60)

def kill_burp(child_pid):
    rootLogger.info("Killing Burp.")
    try:
            os.kill(child_pid, signal.SIGTERM)
            rootLogger.debug("Burp killed")
    except:
            rootLogger.error("Failed to stop Burp")

def get_data(data, site):
    for issue in data["issue_events"]:
        rootLogger.info("Vulnerability - Name: " + issue["issue"]["name"] + " Path: " + issue["issue"]["path"] + " Severity: " + issue["issue"]["severity"])
    token=site["scanURL"].split('/')[2]
    top_level=token.split('.')[-2]+'.'+token.split('.')[-1]
    file = top_level + "-" + datetime.now().strftime("%Y_%m_%d-%I_%M_%S_%p") + ".txt"
    file = burpConfigs["ScanOutput"] + file
    rootLogger.info("Writing full results to: "+ file)
    with open(file, "w") as f:
        f.write(str(data["issue_events"]))

def main():
    set_logging()
    for site in config["sites"]:
        # Execute BurpSuite Pro
        child_pid = execute_burp(site)
        # Check if API burp is up
        check_burp(site)
        # Execute Scan
        data = execute_scan(site)
        # Get Vulnerability data
        get_data(data, site)
        # Stop Burp
        rootLogger.info("Scan finished, killing Burp.")
        kill_burp(child_pid)

if __name__ == '__main__':
    main() 

Config.json(这里面配置要扫描的站点, APIKEY在BurpSuite里面生成)

{
    "sites" : [{
    "scanURL" : "http://192.168.168.180/",
    "project" : "d:/temp/Metasploitable2.burp",
    "apikey" : "S44ZGKWIXsGa8eWiASfDz7u5d2CzsbHm"
    }],
    "burpConfigs" : [{
    "memory" : "2048m",
    "headless" : "true",
    "java" : "C:/Program Files/Java/jdk-11.0.11/bin/java.exe",
    "burpJar" : "F:/Download/burpsuite_pro_v2021.6.1.jar",
    "retry" : 5,
    "logPath" : "d:/temp/ScanOutput/",
    "logfileName" : "SimpleAutoBurp",
    "loglevel" : "debug",
    "ScanOutput" : "d:/temp/ScanOutput/"
    }]
}

三、Burp suite pro REST API服务开启方法

 四、使用任务计划程序(taskschd.msc)自动执行脚本,这里不再啰嗦如何利用Windows任务计划程序执行脚本,可以参考Windows相关帮助文件。

使用SimpleAutoBurp脚本来及时发现网站的安全漏洞是一种补救措施,我们更应该建立和遵循安全的软件发布流程,标准的软件发布流程我们可以参考ITIL中的发布,部署流程,也可以参考Microsoft的SDL流程。

关注网络安全那些事,带你知晓网络安全发展动态

联系我们

如果您对我们的服务有兴趣,请及时和我们联系!

服务热线:18288888888
座机:18288888888
传真:
邮箱:888888@qq.com
地址:郑州市文化路红专路93号