What's xray?
xray is a community-based vulnerability scanning tool extracted from the core engine of Changting Insight, supporting active and passive scanning methods, with its own blind typing platform, flexible definition of POC, feature-rich, easy to call, support for Windows / macOS / Linux multiple operating systems to meet the needs of the majority of automated Web vulnerability detection for security practitioners .
How to be the first to know when there's a hole in the sweep
For security engineers, the scanner found vulnerabilities can be the first time to give the alarm is very important, because the security engineers use the xray basic crawler mode, the crawler has been crawling will not always be manually refreshed and view the vulnerability report, may also be the use of passive agent mode, so that the testers hang scanner agent and then access to the various business pages, but I do not know what time the tester It is also possible that the passive proxy mode is used, allowing testers to hang scanner proxies and then access various business pages, but it is not known what time testers can start and complete the test.
There are many companies have built their own vulnerability management system, work order system, etc., if the scanner found vulnerabilities can automatically synchronize these systems will also greatly liberate security personnel. For these scenarios xray has a vulnerability output mode calledwebhook-output When a vulnerability is found, it will post the vulnerability data to the specified url, the code in the demo is
import requests (webhook, json=vuln_info)
If we write an intermediate conversion and forwarding layer, we can easily implement the following functionality
- Send email, SMS alerts
- Send WeChat, Enterprise WeChat, Nail, slack alerts
- Vulnerability information is synchronized to its own database
- Create a work order for this vulnerability
- Use other tools to verify that the vulnerability exists
……
Using webhooks for autopush
In this article, with the help ofServer Sauce cap (a poem)Enterprise WeChat Robotto demonstrate how to notify xray in real time that a vulnerability has been discovered.
What is xray's webhook?
For xray, the webhook should be an url, which means we need to build a web server to receive the vulnerability information sent by xray and then forward it. With the help of Python's flask framework, we quickly wrote a demo of the webhook url.
from flask import Flask, request
import requests
app = Flask(__name__)
@('/webhook', methods=['POST'])
def xray_webhook():
print()
return 'ok'
if __name__ == '__main__':
()
utilizationxray webscan --url /sqli/?name=root --plugins sqldet --webhook-output http://127.0.0.1:5000/webhook Tested and then found that the vulnerability information was successfully printed.
* Serving Flask app ""
* Environment: development
* Debug mode: off
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
{'create_time': 1566836256580, 'detail': {'host': '', 'param': {'key': 'name', 'position': 'query', 'value': "root'and'lW'='lql"}, 'payload': "root'and'lW'='lql", 'port': 80, 'request': '', 'request1': 'GET /sqli/?name=root%27and%274w%27%3D%274w HTTP/1.1rnHost: -Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169rnCookie: key=valuernAccept-Encoding: gziprnrn', 'request2': 'GET /sqli/?name=root%27and%27lW%27%3D%27lql HTTP/1.1rnHost: -Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169rnCookie: key=valuernAccept-Encoding: gziprnrn', 'response': '', 'response1': 'HTTP/1.1 200 OKrn...', 'response2': 'HTTP/1.1 200 OKrn...', 'title': "Generic Boolean based case ['string']", 'type': 'boolean_based', 'url': '/sqli/?name=root'}, 'plugin': 'sqldet', 'target': {'url': '/sqli/', 'params': [{'position': 'query', 'path': ['name']}]}, 'vuln_class': ''}
127.0.0.1 - - [27/Aug/2019 00:17:36] "POST /webhook HTTP/1.1" 200 -
The next step is to parse the xray vulnerability information and generate the corresponding page template. You will need to refer to the/xray/#/guide/vuln of the document. Since pushing is not suitable for sending too large a volume of data, some of the basic fields were chosen.
from flask import Flask, request
import requests
app = Flask(__name__)
@('/webhook', methods=['POST'])
def xray_webhook():
vuln =
content = """## xray has discovered a new vulnerability ##
url: {url}
plug-in (software component): {plugin}
Vulnerability Type: {vuln_class}
Discovery Time: {create_time}
Please check and deal with it in a timely manner
""".format(url=vuln["target"]["url"], plugin=vuln["plugin"],
vuln_class=vuln["vuln_class"] or "Default",
create_time=str((vuln["create_time"] / 1000)))
print(content)
return 'ok'
if __name__ == '__main__':
()
Server Sauce
Server sauce is a communication software between programmers and servers, that is, it is a tool that pushes alarms and logs from the server to the phone.
It's easy to get up and running.
- Login: Sign in / with your GitHub account to get a SECKEY!
- Binding: Scan the code to follow to complete the binding
- Send a message: to
/{SECKEY}.sendSend a request and you can receive a message in WeChat!
Let's write a simple demo in Python, where I use all the actual values of SECKEY as follows{SECKEY} Instead, people need to modify it to their own values.
import requests
("/{SECKEY}.send",
data={"text": "xray vuln alarm", "desp": "test content"})
It was simple to receive the message, and combining the vulnerability information from xray above, it was
from flask import Flask, request
import requests
import datetime
import logging
app = Flask(__name__)
def push_ftqq(content):
resp = ("/",
data={"text": "xray vuln alarm", "desp": content})
if ()["errno"] != 0:
raise ValueError("push ftqq failed, %s" % )
@('/webhook', methods=['POST'])
def xray_webhook():
vuln =
content = """## xray has discovered a new vulnerability ##
url: {url}
plug-in (software component): {plugin}
Vulnerability Type: {vuln_class}
Discovery Time: {create_time}
Please check and deal with it in a timely manner
""".format(url=vuln["target"]["url"], plugin=vuln["plugin"],
vuln_class=vuln["vuln_class"] or "Default",
create_time=str((vuln["create_time"] / 1000)))
try:
push_ftqq(content)
except Exception as e:
(e)
return 'ok'
if __name__ == '__main__':
()
The display effect is shown in the figure
Enterprise microsoft group robot
An enterprise WeChat group robot is like a regular member who can speak and@ People, if we access the enterprise WeChat group to do xray vulnerability alerts, will also greatly facilitate the vulnerability of the first time to find.
How to open and use
- Click on the top right corner of the group chat, then find 'Group Bots' and click 'Add'
- Copy the address of the Webhook and save it
The calling code is also very simple, we just need to show the main part of it
def push_wechat_group(content):
resp = ("/cgi-bin/webhook/send?key=9651234b-f90e-4064-80fd-0a69d6c1d867",
json={"msgtype": "markdown",
"markdown": {"content": content}})
if ()["errno"] != 0:
raise ValueError("push wechat group failed, %s" % )
The display effect is shown in the figure
summarize
The above is a small introduction to the Python docking xray and WeChat to achieve automatic alarms, I hope to help you, if you have any questions please leave me a message, I will reply to you in a timely manner. I would also like to thank you very much for your support of my website!
If you find this article helpful, please feel free to reprint it, and please note the source, thank you!