企業Web網站很多直接對Internet提供服務,往往會被黑客作為惡意攻擊的突破口,Web的安全和企業的信息安全高度相連。
現實的管理中,在安全制度不完善的情況下,網站開發人員和維護人員經常因為業務緊急上線或者Bug修復,私自上線新的內容或變更,安全人員往往在出現問題後追查時才發現,之前的安全環境或者代碼已經都變更了。
今天介紹如何利用GitHut上的SimpleAutoBurp項目,利用Python腳本實現網站的定時的自動掃描,這樣能夠在更短的時間發現Web系統的漏洞。GitHub上的腳本針對Linux平台,本文將腳本修改為在Windows平台上運行。
一、工作原理:
利用Crontab(linux平台)或任務計劃程序(windows平台)定期執行SimpleAutoBurp.py,該腳本利用BurpsuitePro的RESTAPI和配置文件config.json對目標主機進行web掃描。
二、腳本文件 SimpleAutoBurp+Config.json
SimpleAutoBurp.py 是調用Burp suite API的腳本,config.json是其配置文件。
SimpleAutoBurp.py
from os import strerror
from subprocess import Popen
import requests
import time
import subprocess
import logging
import os
import signal
import json
import sys
from datetime import datetime
#將configFile指向你的config.json文件
configFile = r"F:/pythonCode/SimpleAutoBurp/SimpleAutoBurp-main/config.json"
try:
with open(configFile) as json_data:
config=json.load(json_data)
except:
print("Missing config.json file. Make sure the configuration file is in the same folder")
sys.exit()
burpConfigs=config["burpConfigs"][0]
siteConfigs=config["sites"]
def set_logging():
global rootLogger
logFormatter = logging.Formatter("%(asctime)s [%(levelname)-5.5s] %(message)s")
rootLogger = logging.getLogger()
NumericLevel = getattr(logging, burpConfigs["loglevel"].upper(), 10)
rootLogger.setLevel(NumericLevel)
fileHandler = logging.FileHandler("{0}/{1}.log".format(burpConfigs["logPath"], burpConfigs["logfileName"]))
fileHandler.setFormatter(logFormatter)
rootLogger.addHandler(fileHandler)
consoleHandler = logging.StreamHandler()
consoleHandler.setFormatter(logFormatter)
rootLogger.addHandler(consoleHandler)
def execute_burp(site):
cmd = burpConfigs["java"] + " -jar -Xmx" + burpConfigs["memory"] + " -Djava.awt.headless="
+ str(burpConfigs["headless"]) + " " + burpConfigs["burpJar"] + " --project-file=" + site["project"] + " --unpause-spider-and-scanner"
try:
rootLogger.debug("Executing Burp: " + str(cmd))
p = Popen(cmd, shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
return p.pid
except:
rootLogger.error("Burp Suite failed to execute.")
exit()
def check_burp(site):
count = 0
url = "http://127.0.0.1:1337/"+ site["apikey"] +"/v0.1/"
time.sleep(10)
while True:
if count > burpConfigs["retry"]:
rootLogger.error("Too many attempts to connect to Burp")
exit()
else:
rootLogger.debug("Cheking API: " + str(url))
init = requests.get(url)
if init.status_code == 200:
rootLogger.debug("API running, response code: " + str(init.status_code))
# Let Brup time to load extensions
time.sleep(30)
break
else:
rootLogger.debug("Burp is not ready yet, response code: " + str(init.status_code))
time.sleep(10)
def execute_scan(site):
data = '{"urls":["'+ site["scanURL"] + '"]}'
url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan"
rootLogger.info("Starting scan to: " + str(site["scanURL"]))
scan = requests.post(url, data=data)
rootLogger.debug("Task ID: " + scan.headers["Location"])
while True:
url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan/" + scan.headers["Location"]
scanresults = requests.get(url)
data = scanresults.json()
rootLogger.info("Current status: " + data["scan_status"])
if data["scan_status"] == "failed":
rootLogger.error("Scan failed")
kill_burp()
exit()
elif data["scan_status"] == "succeeded":
rootLogger.info("Scan competed")
return data
else:
rootLogger.debug("Waiting 60 before cheking the status again")
time.sleep(60)
def kill_burp(child_pid):
rootLogger.info("Killing Burp.")
try:
os.kill(child_pid, signal.SIGTERM)
rootLogger.debug("Burp killed")
except:
rootLogger.error("Failed to stop Burp")
def get_data(data, site):
for issue in data["issue_events"]:
rootLogger.info("Vulnerability - Name: " + issue["issue"]["name"] + " Path: " + issue["issue"]["path"] + " Severity: " + issue["issue"]["severity"])
token=site["scanURL"].split('/')[2]
top_level=token.split('.')[-2]+'.'+token.split('.')[-1]
file = top_level + "-" + datetime.now().strftime("%Y_%m_%d-%I_%M_%S_%p") + ".txt"
file = burpConfigs["ScanOutput"] + file
rootLogger.info("Writing full results to: "+ file)
with open(file, "w") as f:
f.write(str(data["issue_events"]))
def main():
set_logging()
for site in config["sites"]:
# Execute BurpSuite Pro
child_pid = execute_burp(site)
# Check if API burp is up
check_burp(site)
# Execute Scan
data = execute_scan(site)
# Get Vulnerability data
get_data(data, site)
# Stop Burp
rootLogger.info("Scan finished, killing Burp.")
kill_burp(child_pid)
if __name__ == '__main__':
main() Config.json(這裏面配置要掃描的站點, APIKEY在BurpSuite裏面生成)
{
"sites" : [{
"scanURL" : "http://192.168.168.180/",
"project" : "d:/temp/Metasploitable2.burp",
"apikey" : "S44ZGKWIXsGa8eWiASfDz7u5d2CzsbHm"
}],
"burpConfigs" : [{
"memory" : "2048m",
"headless" : "true",
"java" : "C:/Program Files/Java/jdk-11.0.11/bin/java.exe",
"burpJar" : "F:/Download/burpsuite_pro_v2021.6.1.jar",
"retry" : 5,
"logPath" : "d:/temp/ScanOutput/",
"logfileName" : "SimpleAutoBurp",
"loglevel" : "debug",
"ScanOutput" : "d:/temp/ScanOutput/"
}]
}三、Burp suite pro REST API服務開啟方法
Burp Suite Pro 開啟REST API 界面
四、使用任務計劃程序(taskschd.msc)自動執行腳本,這裡不再啰嗦如何利用Windows任務計劃程序執行腳本,可以參考Windows相關幫助文件。
使用SimpleAutoBurp腳本來及時發現網站的安全漏洞是一種補救措施,我們更應該建立和遵循安全的軟件發佈流程,標準的軟件發佈流程我們可以參考ITIL中的發佈,部署流程,也可以參考Microsoft的SDL流程。
原創文章,作者:投稿專員,如若轉載,請註明出處:https://www.506064.com/zh-hk/n/222816.html
微信掃一掃 
支付寶掃一掃 