diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 00000000..104b8cc1 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,44 @@ +name: Docker Publish +on: + push: + tags: + - "v*" + workflow_call: + workflow_dispatch: +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Git Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Build and push observer_ward + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64 + target: observer_ward + push: true + tags: ${{ secrets.DOCKER_USERNAME }}/observer_ward:latest + cache-from: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/observer_ward:latest + cache-to: type=inline + - name: Build and push observer_ward + uses: docker/build-push-action@v5 + with: + context: . + platforms: linux/amd64 + target: observer_ward_with_nuclei + push: true + tags: ${{ secrets.DOCKER_USERNAME }}/observer_ward:with_nuclei + cache-from: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/observer_ward:with_nuclei + cache-to: type=inline diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..bb3945c1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +FROM rust:latest AS builder + +WORKDIR /app +#为了命中docker构建缓存,先拷贝这几个文件进去 +RUN apt-get update &&\ + apt-get install -y --no-install-recommends gcc-multilib xz-utils liblz4-tool libc6-dev libssl-dev pkg-config musl-tools patchelf build-essential zlib1g-dev ca-certificates +COPY .cargo .cargo +COPY observer_ward/Cargo.toml Cargo.toml +COPY engine/ /engine +RUN cargo fetch +COPY observer_ward/src src +RUN rustup target add x86_64-unknown-linux-musl +RUN cargo build --release --target=x86_64-unknown-linux-musl + +# Use any runner as you want +# But beware that some images have old glibc which makes rust unhappy +FROM alpine:latest AS observer_ward +ENV TZ=Asia/Shanghai +RUN apk -U upgrade --no-cache \ + && apk add --no-cache bind-tools ca-certificates +COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/observer_ward /usr/local/bin/ +ARG SKIP_COPY=false +ADD "https://0x727.github.io/FingerprintHub/web_fingerprint_v4.json" web_fingerprint_v4.json +RUN observer_ward --update-plugin +ENTRYPOINT [ "observer_ward" ] +#docker build --target observer_ward_with_nuclei -t "observer_ward:dev" . -f Dockerfile +FROM observer_ward AS observer_ward_with_nuclei +COPY --from=projectdiscovery/nuclei:latest /usr/local/bin/nuclei /usr/local/bin/ diff --git a/README.md b/README.md index 70622799..cb0a1c8b 100644 --- a/README.md +++ b/README.md @@ -73,19 +73,54 @@ ## 安装 +### 源码安装 + - 从源码编译安装,更多可以查看github的action工作流文件 [workflow](https://github.com/emo-crab/observer_ward/blob/main/.github/workflows/post-release.yml) ```bash,no-run cargo build --release --manifest-path=observer_ward/Cargo.toml ``` +### 二进制安装 + - 从发布页面下载 [release](https://github.com/emo-crab/observer_ward/releases) - 如果是Mac系统可以通过brew安装 +### 使用Mac系统brew安装 + ```bash,no-run brew install observer_ward ``` +### Docker镜像 + +- docker镜像,`observer_ward`只有指纹识别功能 + +```bash,no-run +➜ docker run --rm -it kaliteam/observer_ward -t http://172.17.0.2 +[INFO ] probes loaded: 2223 +[INFO ] optimized probes: 7 +[INFO ] target loaded: 1 +target: http://172.17.0.2/ + |_uri:[ http://172.17.0.2/ [apache-http] <> (200 OK) ] + |_uri:[ http://172.17.0.2/ [thinkphp] <> (200 OK) ] +``` + +- `kaliteam/observer_ward:with_nuclei`是内置nuclei,在默认配置文件夹有`plugins`目录 + +```bash,no-run +➜ docker run --rm -it kaliteam/observer_ward:with_nuclei -t http://172.17.0.2 --plugin default +[INFO ] probes loaded: 2223 +[INFO ] optimized probes: 7 +[INFO ] target loaded: 1 +target: http://172.17.0.2/ + |_uri:[ http://172.17.0.2/ [apache-http] <> (200 OK) ] + |_uri:[ http://172.17.0.2/ [thinkphp] <> (200 OK) ] + |_exploitable: [Critical] thinkphp-5023-rce: ThinkPHP 5.0.23 - Remote Code Execution + |_matched_at: http://172.17.0.2/index.php?s=captcha + |_shell: curl -X 'POST' -d '_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1' -H 'Accept: */*' -H 'Accept-Language: en' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.3.23' 'http://172.17.0.2/index.php?s=captcha' +``` + ## 入门 @@ -311,7 +346,8 @@ Options: {"target":"https://www.example.com/","matched_result":{"https://www.example.com/":{"title":["Example Domain"],"status":200,"favicon":{},"fingerprints":[],"nuclei-result":{}}}} ``` -- 再保存文件的同时也会在终端打印进度信息,如果要想只打印纯结果数据可以使用`--silent`开启静默模式,例如:我只想打印`json`格式的数据并输出到jq +- 再保存文件的同时也会在终端打印进度信息,如果要想只打印纯结果数据可以使用`--silent`开启静默模式,例如:我只想打印`json` + 格式的数据并输出到jq ```bash,no-run ➜ ~ ./observer_ward_amd64 -t http://172.17.0.2 --format json --or --oc --silent |jq @@ -366,7 +402,8 @@ Press CTRL+C to quit ### 更新nuclei插件 - 使用`--update-plugin`更新nuclei插件到配置文件夹的`plugins`目录 -- 当然你也可以手动将[plugins.zip](https://github.com/0x727/FingerprintHub/releases/download/defaultv4/plugins.zip)下载到配置文件夹并解压 +- 当然你也可以手动将[plugins.zip](https://github.com/0x727/FingerprintHub/releases/download/defaultv4/plugins.zip) + 下载到配置文件夹并解压 - 注意:每次更新会将原来的插件文件夹删除掉再解压,如果你有自己的插件需要单独存放在别的文件夹 ### 集成nuclei验证漏洞 diff --git a/observer_ward/Cargo.toml b/observer_ward/Cargo.toml index 1e9baa26..3784e478 100644 --- a/observer_ward/Cargo.toml +++ b/observer_ward/Cargo.toml @@ -32,3 +32,6 @@ openssl = { version = "0.10", features = ["vendored"] } winres = "0.1" [target.'cfg(not(target_os = "windows"))'.dependencies] daemonize = "0.5.0" +[[bin]] +name = "observer_ward" +path = "src/main.rs" \ No newline at end of file