From 9fe1119fcb11c04689e82013fd70a46e422d6abb Mon Sep 17 00:00:00 2001 From: Medicean Date: Thu, 16 Feb 2017 10:25:03 +0800 Subject: [PATCH] =?UTF-8?q?(Add=20Tools:=20Ant)=20=E8=9A=81=E9=80=85=201.0?= =?UTF-8?q?=20(=E5=9F=BA=E4=BA=8E=E5=AE=9E=E6=97=B6=E4=B8=8A=E7=BA=BF?= =?UTF-8?q?=E7=9A=84XSS=E7=9B=B2=E6=89=93=E5=B9=B3=E5=8F=B0)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 1 + tools/README.md | 1 + tools/ant/Dockerfile | 58 +++++++++++++++++++++++++++++++++++++ tools/ant/README.md | 65 ++++++++++++++++++++++++++++++++++++++++++ tools/ant/src/db.conf | 4 +++ tools/ant/src/start.sh | 18 ++++++++++++ 6 files changed, 147 insertions(+) create mode 100644 tools/ant/Dockerfile create mode 100644 tools/ant/README.md create mode 100644 tools/ant/src/db.conf create mode 100644 tools/ant/src/start.sh diff --git a/README.md b/README.md index 538d356..2ddc329 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ docker run -d -p 80:8080 medicean/vulapps:s_struts2_s2-037 ## 安全工具环境 * [巡风](./tools/xunfeng/) +* [Ant(蚁逅)](./tools/ant/) ## 漏洞环境 diff --git a/tools/README.md b/tools/README.md index 8e73c20..6cfd1a2 100644 --- a/tools/README.md +++ b/tools/README.md @@ -2,3 +2,4 @@ --- 1. [巡风](./xunfeng) +2. [蚁逅](./ant) diff --git a/tools/ant/Dockerfile b/tools/ant/Dockerfile new file mode 100644 index 0000000..63d5639 --- /dev/null +++ b/tools/ant/Dockerfile @@ -0,0 +1,58 @@ +FROM ubuntu:14.04 + +MAINTAINER Medici.Yan@Gmail.com +ENV LC_ALL C.UTF-8 +ENV TZ=Asia/Shanghai +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + +### APT source list +# RUN sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list + +### Install Node.js +ARG NODE_URL=http://oe58q5lw3.bkt.clouddn.com/n/nodejs/nodejs/node-v4.3.2-linux-x64.tar.gz +RUN apt-get update \ + && apt-get install -y wget \ + && wget -qO /tmp/nodejs.tar.gz $NODE_URL \ + && mkdir -p /opt/node \ + && tar zxf /tmp/nodejs.tar.gz -C /opt/node --strip-components=1 \ + && ln -s /opt/node/bin/node /usr/bin/node \ + && ln -s /opt/node/bin/npm /usr/bin/npm \ + && rm -f /tmp/nodejs.tar.gz \ + && mkdir -p /htdocs + +ARG MONGO_URL=http://oe58q5lw3.bkt.clouddn.com/m/mongodb/mongodb/mongodb-linux-x86_64-ubuntu1404-3.2.0.tgz +RUN apt-get update \ + && apt-get install -y wget \ + && wget -qO /tmp/mongodb.tgz $MONGO_URL \ + && mkdir -p /opt/mongodb \ + && tar zxf /tmp/mongodb.tgz -C /opt/mongodb --strip-components=1 \ + && mkdir -p /var/data \ + && rm -f /tmp/mongodb.tgz + +ENV PATH /opt/node/bin:/opt/mongodb/bin:$PATH + +VOLUME /var/data +ARG ANT_ZIP=http://oe58q5lw3.bkt.clouddn.com/tools/ant/ant-1.0.zip +RUN apt-get update \ + && apt-get install -y wget unzip \ + && wget -qO /tmp/ant.zip $ANT_ZIP \ + && unzip -d /htdocs /tmp/ant.zip \ + && rm /tmp/ant.zip + +WORKDIR /tmp +COPY src/db.conf /htdocs/ant-master/database/db.conf +RUN set -x \ + && (nohup mongod -f /htdocs/ant-master/database/db.conf &) \ + && cd /htdocs/ant-master/database \ + && mongorestore \ + && rm -f /tmp/nohup.out + +WORKDIR /htdocs/ant-master/web +RUN npm install + +COPY src/start.sh /start.sh +RUN chmod +x /start.sh + +EXPOSE 3000 +ENTRYPOINT ["/start.sh"] +CMD ["tail", "-f", "/dev/null"] diff --git a/tools/ant/README.md b/tools/ant/README.md new file mode 100644 index 0000000..26a4536 --- /dev/null +++ b/tools/ant/README.md @@ -0,0 +1,65 @@ +蚁逅 +--- + +[项目地址: https://github.com/antoor/ant](https://github.com/antoor/ant) + +### 工具简介 + +**蚁逅**是一款实时上线的 XSS 盲打平台。是不是有点像当年的灰鸽子的感觉?开源,不维护系列 + +蚁逅有多酷?看演示就知道了:[**蚁逅演示视频**](http://v.youku.com/v_show/id_XMTI0OTYzNzMyMA==.html?f=25926434&spm=a2hzp.8253876.0.0) + +### 镜像信息 + +类型 | 用户名 | 密码 +:-:|:-:|:-: + 管理员 | i@root.cool | 123456 +ant物理路径 | /htdocs/ant-master | - +mongodb数据路径| /var/data | - + + +### 获取环境 + +1. 拉取镜像到本地 + + ``` +$ docker pull medicean/vulapps:tools_ant + ``` + +2. 启动环境 + + ``` +$ docker run -d -p 8000:3000 medicean/vulapps:tools_ant + ``` + > `-p 8000:80` 前面的 8000 代表物理机的端口,可随意指定。 + + 访问: `http://127.0.0.1:8000/` 正常访问则代表安装成功 + + **邮件服务设置** + > 如果需要自动设置邮件服务,则需要在启动时指定环境变量 + + 类型 | 环境变量名 | 默认 +:-:|:-:|:-: +邮箱账号 | `EMAIL_ADDRESS` | email@user.com +邮箱密码 | `EMAIL_PASSWORD` | email-password +SMTP服务器 | `SMTP_HOST` | smtp.qq.com +SMTP服务端口 | `SMTP_PORT` | 465 + + eg: 指定一个 QQ 邮箱来作为发信邮箱(默认使用的是QQ的发信服务器,所以不需要设置): + + ``` + $ docker run -d -p 8000:3000 -e EMAIL_ADDRESS=546074829@qq.com -e EMAIL_PASSWORD=123456 medicean/vulapps:tools_ant + ``` + + **挂载点** + + 如果需要将数据保存到物理机,需要在物理机上创建一个挂载点,在启动时使用`-v`参数挂载到容器的`/var/data`目录 + + 例如: + + ``` + $ mkdir -p ~/antdata + $ docker run -d -p 8000:3000 -v ~/antdata/:/var/data medicean/vulapps:tools_ant + ``` + + > 这样在销毁容器后,如果下次新建容器还指定了该数据目录,就会将数据还原 diff --git a/tools/ant/src/db.conf b/tools/ant/src/db.conf new file mode 100644 index 0000000..375f9f6 --- /dev/null +++ b/tools/ant/src/db.conf @@ -0,0 +1,4 @@ +port = 27017 +dbpath = /var/data +logpath = /var/log/ant.log +fork = false \ No newline at end of file diff --git a/tools/ant/src/start.sh b/tools/ant/src/start.sh new file mode 100644 index 0000000..3ac8862 --- /dev/null +++ b/tools/ant/src/start.sh @@ -0,0 +1,18 @@ +#!/bin/bash +if [[ "$EMAIL_ADDR" && "$EMAIL_PASSWORD" ]]; then + sed -i "s/email@user.com/${EMAIL_ADDR}/g" /htdocs/ant-master/web/modules/mail.js + sed -i "s/email-password/${EMAIL_PASSWORD}/g" /htdocs/ant-master/web/modules/mail.js +fi + +if [[ "$SMTP_HOST" && "$SMTP_PORT" ]]; then + sed -i "s/smtp.qq.com/${SMTP_HOST}/g" /htdocs/ant-master/web/modules/mail.js + sed -i "s/465/${SMTP_PORT}/g" /htdocs/ant-master/web/modules/mail.js +fi + +nohup mongod -f /htdocs/ant-master/database/db.conf > /var/log/mongodb.log & +cd /htdocs/ant-master/database +mongorestore + +cd /htdocs/ant-master/web +nohup node app & +/usr/bin/tail -f /dev/null