tidesec / mars Goto Github PK
View Code? Open in Web Editor NEWMars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
Mars(战神)——资产发现、子域名枚举、C段扫描、资产变更监测、端口变更监测、域名解析变更监测、Awvs扫描、POC检测、web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等
访问不了AWVS
端口扫描处建议先使用masscan扫一遍开放端口,再使用nmap做精确扫描,这样速度会快很多。
不知能否公开一下Docker file
主要想精简一下docker里面内容,现在docker的确太大了
比较关心hydra、nmap、wafw00f这部分的配置内容,谢谢
本机测试时hydra依赖组件出错
求一份dockerfile本地构建
I want to modified some code, so can you share Dockerfile to fast deployment?
Thank you very much!
资产管理——资产任务:
127.0.0.1 - - [2020-05-13 14:57:04] "GET /new-customer HTTP/1.1" 200 13776 0.001000
127.0.0.1 - - [2020-05-13 14:57:08] "GET /new-asset HTTP/1.1" 200 15155 0.030000
127.0.0.1 - - [2020-05-13 14:57:14] "GET /asset-management HTTP/1.1" 302 392 0.093000
127.0.0.1 - - [2020-05-13 14:57:14] "GET /login HTTP/1.1" 200 3983 0.001000
'NoneType' object has no attribute 'getitem'
认证检测——添加扫描:
127.0.0.1 - - [2020-05-13 15:01:20] "GET /new-auth-tester HTTP/1.1" 302 392 0.030000
127.0.0.1 - - [2020-05-13 15:01:20] "GET /login HTTP/1.1" 200 3983 0.000000
'NoneType' object has no attribute 'getitem'
127.0.0.1 - - [2020-05-13 15:01:20] "GET /static/font/css/font-awesome.min.css HTTP/1.1" 404 9028 0.002000
系统设置——高级设置:
'NoneType' object has no attribute 'getitem'
127.0.0.1 - - [2020-05-13 15:02:29] "GET /advanced-option HTTP/1.1" 302 392 0.030000
127.0.0.1 - - [2020-05-13 15:02:29] "GET /login HTTP/1.1" 200 3983 0.001000
127.0.0.1 - - [2020-05-13 15:02:29] "GET /static/font/css/font-awesome.min.css HTTP/1.1" 404 9028 0.003000
看起来是某些地方空值导致?
请问添加资产等功能有没有提供api?
上传按照pocsuite格式编写的poc无法成功
是否开启了core dump功能?添加了一些资产,第二天30G的磁盘被占满,查看发现/Tide-Mars/taskpython/目录下有大量core文件,最大每个50M,查看ulimit -c命令发现是ulimited状态。是不是代码写了此功能,而且没做限制。
每次点击以后就还原,又要重新点击,比较麻烦。
自带的awvs坏了,许可证过期了
更换api还是用的镜像里的api
刚使用,先点赞,其它建议后续再提
https://www.cnblogs.com/QuLory/archive/2013/03/24/2978366.html
如何修改Mars的默认密码呢,后台里面没这个选项。emmmm,
docker pull registry.cn-hangzhou.aliyuncs.com/secplus/mars:1.0
Error response from daemon: Get https://registry.cn-hangzhou.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@localhost ~]# docker pull registry-internal.cn-hangzhou.aliyuncs.com/secplus/mars:1.0
Error response from daemon: Get https://registry-internal.cn-hangzhou.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@localhost ~]# docker pull registry-vpc.cn-hangzhou.aliyuncs.com/secplus/mars:1.0
Error response from daemon: Get https://registry-vpc.cn-hangzhou.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@localhost ~]# docker search mars
Error response from daemon: Get https://index.docker.io/v1/search?q=mars&n=25: dial tcp 3.220.75.233:443: i/o timeout
其他docker镜像可以正常安装,这个阿里云镜像总提示网络问题
漏扫报告下载时,awvs已经生成报告,但mars前台已知卡在等待下载阶段。另是否可以向WDscan一样提供统一的中文报告。谢谢!
成功运行docker后,无论账号对错,总是提示Account Locked,
1、服务器重启,服务永远要自己进入docker手动启动
2、资产添加,扫描的话,任务永远都是排队中,需要自己后台手动启动扫描脚本才行,每次启动任务都要,麻烦死了。
3、T填IP的话,永远扫不出目标的端口出来,永远只出一个IP就完事了。
4、填写单个IP,如果你之前选过C段的话,以后永远都是扫C段了,不能扫单IP了
awvs服务已起。进docker环境确认过了
资产任务编辑点击更新按钮没有任何反应,无法编辑。
访问不了AWVS
自写的poc无法上传。
上传文件后,无反应。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.