1. Background
Dragonfly Security Workbench is a security tool integration platform that integrates mainstream security tools on the market and arranges them according to work scenarios. Currently, there are four main prefabricated scenarios: information collection, black box scanning, POC batch verification, and code auditing;
The biggest feature is that there are many integrated tools and all kinds of tools. You can arrange the tools you want into any scene and quickly create your own security workbench~
In this article, we will explain how to support custom tools; tools need to be encapsulated by docker images. Let's talk about how to encapsulate tools.
I take the weak password detection tool WebCrack as an example to explain how to submit the tool in the Dragonfly Security Workbench.
The use of learning tools
2.1 Tool download
Download the tool from the official website or GitHub
git clone https://github.com/yzddmr6/WebCrackThe return content is as follows
Cloning into 'WebCrack'...
remote: Enumerating objects: 104, done.
remote: Counting objects: 100% (31/31), done.
remote: Compressing objects: 100% (25/25), done.
remote: Total 104 (delta 9), reused 17 (delta 3), pack-reused 73
Receiving objects: 100% (104/104), 138.12 KiB | 867.00 KiB/s, done.
Resolving deltas: 100% (30/30), done.2.2 Dependency of installation tools
cd WebCrack && pip3 install -r requirements.txtreturn result
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: bs4 in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from -r requirements.txt (line 1)) (0.0.1)
Requirement already satisfied: lxml in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from -r requirements.txt (line 2)) (4.8.0)
Requirement already satisfied: requests in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from -r requirements.txt (line 3)) (2.27.1)
Requirement already satisfied: beautifulsoup4 in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from bs4->-r requirements.txt (line 1)) (4.11.1)
Requirement already satisfied: charset-normalizer~=2.0.0 in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from requests->-r requirements.txt (line 3)) (2.0.12)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from requests->-r requirements.txt (line 3)) (1.26.9)
Requirement already satisfied: certifi>=2017.4.17 in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from requests->-r requirements.txt (line 3)) (2021.10.8)
Requirement already satisfied: idna<4,>=2.5 in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from requests->-r requirements.txt (line 3)) (3.3)
Requirement already satisfied: soupsieve>1.2 in /Users/tangqingsong/Library/Python/3.8/lib/python/site-packages (from beautifulsoup4->bs4->-r requirements.txt (line 1)) (2.3.2.post1)2.3 Learning how to use
Learn how to use the tool now and prepare for subsequent access
➜ WebCrack git:(master) python3 webcrack.py
+---------------------------------------------------+
| __ __ _ _____ _ |
| \ \ / / | | / ____| | | |
| \ \ /\ / /__| |__ | | _ __ __ _ ___| | __ |
| \ \/ \/ / _ \ '_ \| | | '__/ _' |/ __| |/ / |
| \ /\ / __/ |_) | |____| | | (_| | (__| < |
| \/ \/ \___|_.__/ \_____|_| \__,_|\___|_|\_\ |
| |
| code by @yzddmr6 |
| version: 2.2 |
+---------------------------------------------------+
File or Url:2.4 Retrofit tools
In the experience that I didn't use, I found that I still need to interact, which is very inconvenient. I want to execute a command to make it work, so I need to change the code
Before changing the code, you need to analyze the main entry file, which has a variable name url_file_name
url_file_name = input('File or Url:\n')
if '://' in url_file_name:
CrackTask().run(1, url_file_name)
else:
url_list = []
if os.path.exists(url_file_name):I can modify his to this and get it from the parameters
url_file_name = sys.argv[1]
Next I built a shooting range with permeate and put the login address in it
python3 webcrack.py http://*.*.*/home/index.php?m=user&a=loginThe returned result is as follows, you can see that the received parameters were successful and the operation has been successful.
➜ WebCrack git:(master) ✗ python3 webcrack.py http://xx.xx.xx/home/index.php\?m\=user\&a\=login
2022-05-09 19:36:53 id: 1 [*] Start: http://xx.xx.xx/home/index.php?m=user&a=login
2022-05-09 19:36:53 id: 1 [*] http://xx.xx.xx/home/index.php?m=user&a=login 进度: (1/27) checking: admin admin
.....中间过程删减....
2022-05-09 19:36:53 id: 1 [*] http://xx.xx.xx/home/index.php?m=user&a=login 进度: (2/27) checking: admin 123456
2022-05-09 19:36:56 id: 1 [*] http://xx.xx.xx/home/index.php?m=user&a=login 启动万能密码爆破模块
2022-05-09 19:36:56 id: 1 [*] http://xx.xx.xx/home/index.php?m=user&a=login 进度: (1/25) checking: admin' or 'a'='a admin' or 'a'='a
2022-05-09 19:36:56 id: 1 [*] Rechecking... http://xx.xx.xx/home/index.php?m=user&a=login admin' or 'a'='a admin' or 'a'='a
2022-05-09 19:36:56 id: 1 [+] Success: http://xx.xx.xx/home/index.php?m=user&a=login admin' or 'a'='a/admin' or 'a'='a
➜ WebCrack git:(master) ✗Judging from the feedback results, the tool used the universal password brute force to crack successfully.
3. Learn how to make mirror images
Now that we know how to access the tool, we just need to let the program execute it, so we need to learn some basic rules of the Dragonfly Security Workbench plugin. The learning rules are very simple.
We just need to download the plugin that Dragonfly has written, and see how the previous plugin is written.
3.1 Case study
The following picture is the plugin that Dragonfly Security Workbench has written,
We randomly select a case, taking Changting's xray tool access as an example,
You can see that there are three directories in the tool: code , tools , Dockerfile
Let's analyze the dockerfile file first
FROM daxia/qingting:base
COPY ./code /root/code
COPY ./tools /data/tools
CMD ["php","/root/code/index.php"]You can see from the Dockerfile file that the mirror is actually created, just copy the two directories to the mirror, and then let him start and execute a main entry file;
Let's continue to look at the code directory where the main entry file is located, open the file to view, index.php The content is as follows
As can be seen from this figure, the process of the plugin is actually to read the target to be scanned, then throw the target to the tool to scan, and then store the scanned result in the database
4. Making tool mirror
Now we start to try to write the plug-in by ourselves, first copy the entire folder of xray, the new folder name is webcrack , and then delete the content in the tools
Then copy the webcrack code downloaded at the beginning, as shown in the following figure
Next, let's analyze the specific logic of index.php , here is a spoiler, we only need to look at index.php, no need to read other places, just use the previous configuration.
Then we start to replace the file content and directly change the xray of the file content to webcrack, as shown in the following figure
Another spoiler, we only need to change these two functions.
4.1 Invoking the tool
First of all, we need to pay attention to the function of the execution tool, here we only need to pay attention to the CMD command
Change this command to the calling command of webcrack.
4.2 Entering data
Then look at the next function to import data writeData
In this method, you can see that only three things are done. First, read the result of the tool, then convert the JSON string of the result into an array, and then insert it into the database.
Author: Tang Qingsong WeChat: songboy8888
Date: May 09, 2022
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。