ARL基础
目前文件路径:
更改的docker名称:arl_worker
OneForAll存放位置:/opt/OneForAll-0.4.3
test文件夹路径:/code/test/test_getoneforall.py
测试部分
测试使用test文件夹下相关文件
可能出现路径不存在等问题,
sys.path.append补充下就行了
服务部分
路径:/code/app/service
存放各种应用服务
OneForAll添加
记得先安装OneForAll相关py依赖
python3 -m pip install -r /opt/OneForAll-0.4.3/requirements.txt测试是否可用
修改OneForAll返回
修改文件:/opt/OneForAll-0.4.3/oneforall.py
修改run和domain函数
参考文章https://www.anquanke.com/post/id/253481#h3-4
调用OneForAll
新增文件:/code/app/services/getOneforall.py
# -*- coding: utf-8 -*-
# @Time : 2022/1/22 4:33 下午
# @Author : ki9mu
# @File : getOneforall.py
import os
import sys
from app.utils import http_req, get_logger
logger = get_logger()
sys.path.append("/opt/OneForAll-0.4.3/")
import oneforall
class getOneforall():
pass
def get_oneforall_domain(target_domain):
a = oneforall.OneForAll(target=target_domain)
a_domain = a.run()
return a_domain测试OneForAll
文件创建:test/test_getoneforall.py
import unittest
import sys
sys.path.append("/code")
print(sys.path)
from app.services.getOneforall import get_oneforall_domain
class TestGetOnerForallDomain(unittest.TestCase):
def test_getdomain(self):
data = get_oneforall_domain("写你想测试的域名")
print(data)
if __name__ == '__main__':
unittest.main()然后执行这个test_getoneforall文件
如果以上都没问题,正常打印了相关子域名列表,再进行下一步。
新增导入
文件修改:/code/app/services/__init__.py
from .getOneforall import get_oneforall_domain修改前端显示
更改文件:/code/app/modules/__init__.py
CollectSource类新增属性:ONEFORALL = "oneforall"
修改任务
更改文件:/code/app/tasks/domain.py
更改函数domain_fetch
这里甚至能看到fuzz模块的敷衍
def domain_fetch(self):
'''****域名爆破开始****'''
if self.options.get("domain_brute"):
self.update_task_field("status", "domain_brute")
t1 = time.time()
self.domain_brute()
elapse = time.time() - t1
self.update_services("domain_brute", elapse)
else:
domain_info = self.build_single_domain_info(self.base_domain)
if domain_info:
self.domain_info_list.append(domain_info)
self.save_domain_info_list([domain_info])
if "{fuzz}" in self.base_domain:
return
# oneforall 查询
self.update_task_field("status", "oneforall_search")
t1 = time.time()
self.oneforall_search()
elapse = time.time() - t1
self.update_services("oneforall_search", elapse)
# ***RiskIQ查询****新增函数oneforall_search
基本上就是复制粘贴?
def riskiq_search(self):
riskiq_t1 = time.time()
logger.info("start riskiq fetch {}".format(self.base_domain))
riskiq_all_domains = services.riskiq_search(self.base_domain)
domain_info_list = self.build_domain_info(riskiq_all_domains)
if self.task_tag == "task":
domain_info_list = self.clear_domain_info_by_record(domain_info_list)
self.save_domain_info_list(domain_info_list, source=CollectSource.RISKIQ)
self.domain_info_list.extend(domain_info_list)
elapse = time.time() - riskiq_t1
logger.info("end riskiq fetch {} {} elapse {}".format(
self.base_domain, len(domain_info_list), elapse))
def oneforall_search(self):
oneforall_t1 = time.time()
logger.info("start oneforall fetch {}".format(self.base_domain))
oneforall_all_domains = services.get_oneforall_domain(self.base_domain)
domain_info_list = self.build_domain_info(oneforall_all_domains)
if self.task_tag == "task":
domain_info_list = self.clear_domain_info_by_record(domain_info_list)
self.save_domain_info_list(domain_info_list, source=CollectSource.ONEFORALL)
self.domain_info_list.extend(domain_info_list)
elapse = time.time() - oneforall_t1
logger.info("end oneforall fetch {} {} elapse {}".format(
self.base_domain, len(domain_info_list), elapse))
def arl_search(self):
arl_t1 = time.time()
logger.info("start arl fetch {}".format(self.base_domain))测试domain模块
python3 test/test_doamin.py
没啥问题就重启下docker就行了
叨叨几句... NOTHING