We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
使用新版xray测试的漏洞 数据没有写入数据库,分析原因发现是webhook的API解析过时了。测试使用的是xray 1.7.1, webhook的JSON形式如下:
{'data': {'create_time': 1618633896328, 'detail': {'addr': 'http://paidui.meituan.com:80/static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map', 'extra': {'param': {}}, 'payload': '/static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map', 'snapshot': [['GET /static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map HTTP/1.1\r\nHost: paidui.meituan.com:80\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0\r\nAccept: */*\r\nRange: bytes=0-128\r\nSpider-Name: crawlergo\r\n\r\n', 'HTTP/1.1 206 Partial Content\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nConnection: keep-alive\r\nContent-Length: 129\r\nContent-Range: bytes 0-128/314405\r\nContent-Type: application/json; charset=UTF-8\r\nDate: Sat, 17 Apr 2021 04:31:35 GMT\r\nEtag: W/"4cc25-177d7f0af78"\r\nKeep-Alive: timeout=5\r\nLast-Modified: Thu, 25 Feb 2021 06:46:51 GMT\r\nServer: openresty\r\n\r\n{"version":3,"sources":["webpack:///static/js/queueMerchant.5c31f03fb0aebb92a0ef.js","webpack:///./src/components/queue-merchant.']]}, 'plugin': 'dirscan/sourcemap/default', 'target': {'url': 'http://paidui.meituan.com:80/static/js/queueMerchant.5c31f03fb0aebb92a0ef.js.map'}}, 'type': 'web_vuln'}
形式变了,很多字段也不对了,所以下面的代码已经不实用了。
@APP.route('/webhook', methods=['POST']) def xray_webhook(): try: vuln = request.json except: pass else: if 'create_time' in vuln: plugin = vuln.get('plugin', '') + '--' +vuln.get('vuln_class', '') url = vuln['detail'].get('url') payload = vuln['detail'].get('payload', '') raw = vuln['detail'].get('request', '') print(f'新漏洞:{url}') scan_write(plugin, url, payload, raw, flag=False, scan_name='xray') finally: return "ok"
改改:
@APP.route('/webhook', methods=['POST']) def xray_webhook(): try: vuln = request.json.get('data') print(vuln) except Exception as e: print(e) pass else: if 'create_time' in str(vuln): plugin = vuln.get('plugin', '') + '--' +vuln.get('vuln_class', '') url = vuln['detail'].get('addr') payload = vuln['detail'].get('payload', '') raw = vuln['detail'].get('snapshot', '')[0][0] print(f'新漏洞:{url}') scan_write(plugin, url, payload, raw, flag=False, scan_name='xray') finally: return "ok"
The text was updated successfully, but these errors were encountered:
No branches or pull requests
使用新版xray测试的漏洞 数据没有写入数据库,分析原因发现是webhook的API解析过时了。测试使用的是xray 1.7.1, webhook的JSON形式如下:
形式变了,很多字段也不对了,所以下面的代码已经不实用了。
改改:
The text was updated successfully, but these errors were encountered: