update v3.2.0

base/src/main/java/com/trackray/base/annotation/Option.java

@@ -0,0 +1,11 @@
+package com.trackray.base.annotation;
+
+public @interface Option {
+
+    String name();
+    String formName();
+    String description() default "";
+    String defaultValue() ;
+
+
+}

base/src/main/java/com/trackray/base/annotation/Rule.java

@@ -23,6 +23,7 @@ Param[] params() default {
             @Param( key = "PATH" , desc = "远程路径" , defaultValue = "/"),
             @Param( key = "SSL" , desc = "是否开启SSL" , defaultValue = "false"),
     }; // 插件参数
+    Option[] options() default {};  // MVC配置项
     boolean defParam() default false; // 是否使用默认的参数
     CommonPlugin.Type type() default CommonPlugin.Type.JSON;    //当使用commonplugin时返回给浏览器的文本类型
     CommonPlugin.Charset charset() default CommonPlugin.Charset.UTF8;   //使用commonplugin时返回给浏览器的文本编码

base/src/main/java/com/trackray/base/attack/Awvs.java

@@ -56,7 +56,6 @@ public   static class State{
 
     private Header[] headers;
 
-    @PostConstruct
     public void initCheck(){
         headers = new Header[]{
                 new BasicHeader("X-Auth",apikey),
@@ -71,9 +70,10 @@ public void initCheck(){
         int statusCode = page.getResponse().getStatus().getStatusCode();
         if (statusCode>=200 && statusCode<300){
             ok = true;
+            SysLog.info("[AWVS] AWVS配置正常");
         }else {
             ok = false;
-            SysLog.error("AWVS配置异常请检查。");
+            SysLog.error("[AWVS] AWVS配置异常请检查");
         }
 
     }

base/src/main/java/com/trackray/base/attack/Python.java

@@ -31,7 +31,7 @@ public class Python {
 
     private PythonInterpreter interpreter;
 
-    public PythonInterpreter interpreter(){
+    public synchronized PythonInterpreter interpreter(){
 
         if (this.interpreter!=null){
             return interpreter;

base/src/main/java/com/trackray/base/attack/XRay.java

@@ -0,0 +1,249 @@
+package com.trackray.base.attack;
+
+import com.trackray.base.annotation.Plugin;
+import com.trackray.base.annotation.Rule;
+import com.trackray.base.bean.Constant;
+import com.trackray.base.handle.Shell;
+import com.trackray.base.plugin.InnerPlugin;
+import com.trackray.base.stream.PluginDataOutputStream;
+import org.apache.commons.exec.*;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
+
+import java.io.*;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+/**
+ * @author 浅蓝
+ * @email [email protected]
+ * @since 2019/8/7 10:49
+ */
+@Plugin(value = "xray" , title = "XRay内部插件" , author = "浅蓝")
+@Rule
+public class XRay extends InnerPlugin<XRay> {
+
+    public final static String VERSION = "0.18.2";
+
+    public final static String LINUX_PATH = BASE + "/xray/linux/xray_linux_amd64";
+
+    public final static String WIN_PATH = BASE + "/xray/windows/xray_windows_amd64.exe";
+
+    public final static String REAL_PATH = Constant.TRACKRAY_SYSTEMOS == Constant.WINDOWS?WIN_PATH:LINUX_PATH;
+
+    public static String[] PLUGINS = "crlf_injection,redirect,baseline,ssrf,jsonp,brute_force,upload,phantasm,xxe,path_traversal,dirscan,cmd_injection,sqldet".split(",");
+
+    public final static File REAL_PATH_PARENT = new File(REAL_PATH);
+
+    private List<String> command = new ArrayList<>();
+    private File outfile ;
+
+    private boolean setOutfileFlag = false;
+
+    @Value("${temp.dir}")
+    private String tempdir;
+
+    @Value("${xray.console.log}")
+    private boolean ouputConsole;
+
+    private File outputDir = null;
+
+    private boolean block = false;
+
+
+    public static StringBuffer logBuffer = new StringBuffer();
+
+
+    @Override
+    public boolean check(Map param) {
+        String content = "";
+        if (Constant.TRACKRAY_SYSTEMOS == Constant.WINDOWS){
+            Shell block = shell().block(true);
+            if (REAL_PATH_PARENT.exists()&&REAL_PATH_PARENT.isFile()){
+                block.workdir(REAL_PATH_PARENT.getParentFile());
+            }
+            try {
+                block.exec(REAL_PATH +" version");
+            } catch (IOException e) {
+                throw new RuntimeException("执行XRAY版本命令时异常");
+            }
+            content = block.readAll();
+        }else{
+            Shell chomod = shell().block(true);
+            try {
+                chomod.exec( "chmod +x " + LINUX_PATH);
+            } catch (IOException e) {
+                throw new RuntimeException("赋予XRAY可执行权限时异常");
+            }
+
+            Shell block = shell().block(true);
+            if (REAL_PATH_PARENT.exists()&&REAL_PATH_PARENT.isFile()){
+                block.workdir(REAL_PATH_PARENT.getParentFile());
+            }
+            try {
+                block.exec(REAL_PATH + " version");
+            } catch (IOException e) {
+                throw new RuntimeException("执行XRAY版本命令时异常");
+            }
+            content = block.readAll();
+        }
+        if (StringUtils.containsAny(content,"Version",VERSION)){
+            return true;
+        }
+        return false;
+    }
+
+    public File getOutputDir() {
+        return new File(tempdir.concat("xray/"));
+    }
+
+    @Override
+    public void process() {
+        result = this;
+        command.add(REAL_PATH);
+        command.add("webscan");
+
+        outputDir = new File(tempdir.concat("xray/"));
+
+        if (!outputDir.exists())
+            outputDir.mkdirs();
+
+    }
+
+    public  boolean isLocalPortUsing(int port){
+        boolean flag = false;
+        try {
+            flag = isPortUsing("127.0.0.1", port);
+        } catch (Exception e) {
+        }
+        return flag;
+    }
+    /***
+     * 测试主机Host的port端口是否被使用
+     * @param host
+     * @param port
+     * @throws UnknownHostException
+     */
+    public static boolean isPortUsing(String host,int port)  {
+        boolean flag = false;
+        Socket socket = null;
+        try {
+
+            InetAddress Address = InetAddress.getByName(host);
+            socket = new Socket(Address,port);  //建立一个Socket连接
+            flag = true;
+        } catch (IOException e) {
+
+        }finally {
+
+        }
+        return flag;
+    }
+
+        public XRay setCommand(String command){
+        this.command.add(command);
+        return this;
+    }
+
+    public XRay setListen(String ip , int port) {
+        String host = (ip+":"+port);
+        command.add("--listen "+host);
+        return this;
+    }
+    public XRay setBasicCrawler(String url) {
+        command.add("--basic-crawler "+url);
+        return this;
+    }
+    public XRay setPlugins(String... plugins){
+        command.add("--plugins "+String.join(",",plugins));
+        return this;
+    }
+    public XRay setUrl(String url){
+        url = url.replaceAll("\\&","%26");
+        url = url.replaceAll("\"","\\\"");
+        url = url.replaceAll("\\|","%7C");
+
+        command.add("--url "+ "\"" + url + "\"");
+        return this;
+    }
+
+    public XRay outputJSON(String filename){
+        output("json",filename);
+        return this;
+    }
+
+    public XRay outputTEXT(String filename){
+        output("text",filename);
+        return this;
+    }
+    public XRay outputHTML(String filename){
+        output("html",filename);
+        return this;
+    }
+
+    private void output(String type , String filename){
+        setOutfileFlag = true;
+        File output = new File(tempdir.concat("xray/"));
+        outfile = new File(output, filename);
+        command.add("--"+type+"-output "+outfile.getAbsolutePath());
+    }
+
+    public File getOutfile() {
+        return outfile;
+    }
+
+    public void setOutfile(File outfile) {
+        this.outfile = outfile;
+    }
+
+    public DefaultExecutor run(){
+        DefaultExecutor executor = new DefaultExecutor();
+
+        if (REAL_PATH_PARENT.exists()&&REAL_PATH_PARENT.isFile()){
+            executor.setWorkingDirectory(REAL_PATH_PARENT.getParentFile());
+        }
+        if (!setOutfileFlag)
+            outputTEXT(UUID.randomUUID().toString());
+        try {
+            String joinCmd = String.join(" ", command.toArray(new String[]{}));
+            CommandLine commandLine = CommandLine.parse(joinCmd);
+            final ExecuteWatchdog watchdog = new ExecuteWatchdog(Integer.MAX_VALUE);
+            final DefaultExecuteResultHandler resultHandler = new DefaultExecuteResultHandler();
+
+            if (!ouputConsole){
+                PluginDataOutputStream pluginDataOutputStream = new PluginDataOutputStream(new ByteArrayOutputStream(), logBuffer);
+
+                PumpStreamHandler pumpStreamHandler = new PumpStreamHandler(pluginDataOutputStream);
+
+                //PumpStreamHandler pumpStreamHandler = new PumpStreamHandler(new ByteArrayOutputStream());
+                executor.setStreamHandler(pumpStreamHandler);
+            }
+
+
+
+            executor.setWatchdog(watchdog);
+
+            if (block){
+                executor.execute(commandLine);
+            }else {
+                executor.execute(commandLine,resultHandler);
+            }
+        } catch (Exception e) {
+            log.error(e.getMessage(),e);
+        }
+        return executor;
+    }
+
+    public boolean isBlock() {
+        return block;
+    }
+
+    public void setBlock(boolean block) {
+        this.block = block;
+    }
+}

base/src/main/java/com/trackray/base/bean/Banner.java

@@ -79,7 +79,7 @@ public int crawlerCount() {
         return dispatchController.getAppContext().getBeansOfType(CrawlerPlugin.class).size();
     }
     public int jsonPluginCount(){
-        String jsonPath = Constant.RESOURCES_PATH.concat("json/");
+        String jsonPath = Constant.RESOURCES_INCLUDE_PATH.concat("/json/");
 
         File file = new File(jsonPath);
         if (file.isDirectory()){

base/src/main/java/com/trackray/base/bean/Constant.java

@@ -1,5 +1,7 @@
 package com.trackray.base.bean;
 
+import com.trackray.base.utils.PropertyUtil;
+
 import java.util.HashMap;
 import java.util.Map;
 
@@ -12,7 +14,12 @@ public class Constant {
 
     public static String USER_DIR = System.getProperty("user.dir"); // 当前程序工作目录
 
-    public static String RESOURCES_PATH = USER_DIR.concat("/resources/");
+    public static String RESOURCES_PATH = USER_DIR + (
+                    USER_DIR.contains("release")?
+                    ( PropertyUtil.getProperty("trackray.resource") ):
+                    ( "/release"+PropertyUtil.getProperty("trackray.resource") )
+
+    );
 
     public static String RESOURCES_INCLUDE_PATH; //插件包含资源文件路径
 

base/src/main/java/com/trackray/base/bean/Rule.java

@@ -11,6 +11,7 @@
 public class Rule {
 
     public boolean crawler = false; //爬虫
+    public boolean crawlergo = false;//crawlergo爬虫
     public boolean sense = false;   //信息泄露
     public boolean port = false;    //端口
     public boolean finger = false;  //指纹识别

base/src/main/java/com/trackray/base/bean/Vulnerable.java

@@ -14,6 +14,8 @@ public class Vulnerable {
     private Integer level = Level.INFO.getLevel();//漏洞等级
     private Integer type = Type.UNKNOWN.getType(); //漏洞类型
     private String payload = "";//攻击载荷
+    private String request = "";
+    private String response = "";
     private List<String> vulnId ;//漏洞ID
     private List<String> risk;    //存在的风险
     private String repair ;  //修复建议