linbing

• Linbing vulnerability scanning system
  • Instructions for use
  • Modify encryption key
    • Modify aes key
    • Modify rsa key
  • Package vue source code (enter the vue_src directory)
  • ubuntu deployment
  • centos deployment
  • Self-compile docker files for deployment
    • Configuration
    • Compile the image (enter the project root directory)
    • Start the container (enter the project root directory)
  • Get the image from dockerhub
  • access
  • use
  • interface
  • CHANGELOG
    • [v1.0] 2020.2.28
    • [v1.1] 2020.7.28
    • [v1.2] 2020.8.12
    • [v1.3] 2020.9.13
    • [v1.4] 2020.10.18
    • [v1.5] 2020.10.30
    • [v1.6] 2020.11.27
    • [v1.7] 2020.12.5
    • [v1.8] 2020.12.11
    • [v1.9] 2020.12.18
    • [v2.0] 2021.3.1
    • [v2.1] 2021.3.5
    • [v2.2] 2021.3.26
    • [v2.3] 2021.5.20
    • [v2.4] 2021.6.19
    • [v2.5] 2021.7.10
    • [v2.6] 2021.9.21
    • [v2.7] 2021.10.11
    • [v2.8] 2021.10.24
    • [v2.9] 2021.12.26
    • [v3.0] 2022.5.14
  • Acknowledgments
  • Disclaimer
  • License

This system is a system that automatically penetrates Web middleware and Web frameworks. It automatically collects assets according to scanning options, and then performs POC scanning. During POC scanning, POC plug-ins are selected based on fingerprints to scan. POC plug-in scanning is performed asynchronously. The front-end uses vue technology, and the back-end uses python fastapi.

Scanning is divided into fingerprint detection, subdomain blasting, port scanning, directory scanning, and POC scanning. If you select all scanning options, the IP scanned by the subdomain name will be passed to the port scan, the fingerprint will be identified in the port scan, and the scanned assets will be passed to the directory. Scan and POC scan, POC scan will load the plug-in scan based on the asset fingerprint, if If the fingerprint cannot be recognized, all plug-ins are loaded. POC plug-ins are divided into two types, http and port. The http type refers to sending http requests, and port refers to sending socket requests. If the scanned assets are in URL format, the http type plug-in is loaded. Otherwise, the port type plug-in is loaded.

The data stored in mysql is AES-encrypted data. The login request uses rsa request, which is currently the default key. If you need to modify the key, refer to the following. Modifying the key information requires recompiling the vue source code.

For python, you can directly modify the configuration of the aes part in /python/conf.ini. Use cbc mode, which requires key and iv. For the vue part, you need to modify the third and fourth lines in the vue_src/src/libs/AES.js file. OK, it must be consistent with conf.ini

You need to generate the public and private keys of rsa (private key 1024 bits). The reference address is to modify the public key and private key information in the python/rsa.py file. For the vue part, you need to modify line 77 of the vue_src/src/libs/crypto.js file. The public key must be consistent with the public key in the python/rsa.py file

After modifying the vue part, you need to repackage it, then copy the contents of the packaged folder dist to the vue folder, and delete the original vue files.

npm run build (it is packaged, that is, the vue folder, which can be used directly. For self-packaging, you need to install node and vue. Please refer to https://www.runoob.com/nodejs/nodejs-install-setup.html, https:/ /www.runoob.com/vue2/vue-install.html)

ubuntu deployment

centos deployment

Self-compile docker files for deployment

Get the image from dockerhub

Refer to https://github.com/taomujian/linbing/blob/master/ubuntu deployment.md)

Refer to https://github.com/taomujian/linbing/blob/master/centos deployment.md)

First download the project locally (https://github.com/taomujian/linbing.git), then configure the account and authorization code used to send emails in python/conf.ini, and then modify the mysql database account password in python/conf.ini , this account password must be consistent with the account password set in the dockerfile.

docker build -f ubuntu.dockerfile -t linbing .

docker run -it -d -p 11000:11000 -p 8800:8800 linbing

docker pull taomujian/linbing:latest

docker run -it -d -p 11000:11000 -p 8800:8800 taomujian/linbing

Just visit http://yourip:11000/login. The default account password is admin/X!ru0#M&%V

The usage process is to add the target first, and then scan the target. The scanning options include port scanning, directory scanning, and POC scanning. Currently, POC scanning loads all POCs by default, and custom selection is not supported at the moment.

• Initial completion of scanner function

• Added F5 BIG IP plug-in

• Add docker deployment

• Increase the number of phpstudy_back_rce plugins
• When adding a target, you can add multiple lines of targets

• Added view port details (port, protocol, product, version)
• Add subdomain details (subdomain name, subdomain ip), subdomain name is using OneForAll tool

• Fix some plug-in errors
• The number of concurrent coroutines during POC detection can be set in the scan settings.
• Add asyncio multi-coroutine function to improve POC scanning speed

• Modify the default avatar. If you want to replace it, just use the flask/images/default.png image.
• Optimize the front end and fix some minor BUGs

• Added function to set proxy and scan timeout time
• Optimize the front end and fix some minor BUGs
• Optimize file structure and synchronize docker time

• The avatar is lost after optimizing the front-end refresh BUG

• Modify the way to send emails and use postfix to send emails

• The front-end UI framework is changed from iview to element, and the front-end code is reconstructed
• Cancel the account registration and add it with the built-in administrator account instead
• Add directory scanning function for url target
• Added the ability to view all vulnerabilities and all port information
• Optimize database table data structure and sql statements

• Front-end interface optimization
• When multiple targets are scanned at the same time, task queue management is added.

• Add CVE-2021-22986 plug-in

• Optimize scanning logic
• Add fingerprint detection and detection framework
• Optimize the detection of Struts2 series vulnerabilities

• Add fingerprint judgment function
• Perform fingerprint identification on the scanned ports, and load the corresponding plug-ins after fingerprint identification to reduce the number of packages sent.
• Classify plug-ins into http and non-http categories
• When you click scan, you can provide customized scanning options, which are divided into fingerprint detection, subdomain scanning, port scanning, directory scanning, and POC scanning.
• Added functions to pause scan, resume scan, and cancel scan in scan list

• The backend framework is changed from flask to fastapi

• POC plug-in can be selected when scanning
• Add POC list
• Fix known BUG

• Fixed bug when scanning all targets
• Add XSS LOG function (the URL for receiving data refers to the URL after generating the token)

• Status information updates in target management and scan management are changed from Ajax polling to websocket

• Integrate the functions of dnslog.cn and provide dnslog function

• POC plug-in scanning is replaced by asynchronous scanning to speed up scanning

Thanks to the vulhub project for providing the target environment: https://github.com/vulhub/vulhub, https://hub.docker.com/r/2d8ru/struts2

POC also refers to many projects: https://github.com/Xyntax/POC-T,

https://github.com/ysrc/xunfeng、

https://github.com/se55i0n/DBScanner、

https://github.com/vulscanteam/vulscan

I would like to thank Master Pan for teaching me how to get started safely, and I would also like to thank my classmate Daiju for guiding me on Vue.

Tools are only used for security research and internal self-examination. It is prohibited to use tools to launch illegal attacks. The user is responsible for the consequences.

MIT