Skip to content

Commit

Permalink
Merge pull request #55 from wikiZ/main
Browse files Browse the repository at this point in the history
Update Kunyu Version 1.7.2
  • Loading branch information
0x7Fancy authored Apr 21, 2022
2 parents e2e6bcc + a79df9f commit 1d58fa3
Show file tree
Hide file tree
Showing 12 changed files with 302 additions and 19 deletions.
13 changes: 9 additions & 4 deletions CHANGELOG
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,27 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [v1.7.1] - 2021-3-22
## [v1.7.2] - 2022-4-20
### Added
- Added the Cscan command,Scans port information about cobaltStrike
- Fixed LAT/LON missing bug

## [v1.7.1] - 2022-3-22
### Added
- Improved the pupilsearch regex
- Fixed a problem with HTTP domain name re recognition errors

## [v1.7.0] - 2021-3-18
## [v1.7.0] - 2022-3-18
### Added
- Part of the code has been refactored to optimize the program structure
- Added "PupilSearch" command

## [v1.6.5] - 2021-2-25
## [v1.6.5] - 2022-2-25
### Added
- Added The retrieval results were scanned for viability
- Fixed some module incompatibilities

## [v1.6.4] - 2021-1-4
## [v1.6.4] - 2022-1-4
### Added
- Added "show rule"/"show config" command
- Added the function of loading fingerprint files externally
Expand Down
15 changes: 14 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ Global commands:
Seebug <query> Search Seebug vulnerability information
set <option> Set Global arguments values
view/views <ID> Look over banner row data information
Cscan <IP>/<Port> Scans port information about cobaltStrike
PupilSearch <URL>/<ID> Example Query sensitive interfaces
Pocsuite3 Invoke the pocsuite component
ExportPath Returns the path of the output file
Expand All @@ -118,7 +119,7 @@ ZoomEye:
deep Set PupilSearch Search Deep(default is 2)
all PupilSearch Add All Url To Check List
fuzz PupilSearch Add Api To Check List
proxy PupilSearch HTTP Proxy
proxy PupilSearch HTTP Proxy
```

Expand Down Expand Up @@ -202,6 +203,18 @@ Command format: **views ID**

![](./images/views.png)

**Cscan Scans port information about cobaltStrike**

Cscan, a new feature in Kunyu version 1.7.2, allows you to use this command to identify whether a network asset is cobaltStrike and to enumerate configuration file details.

**Command format:**

Cscan 1.1.1.1 443

Cscan 1.1.1.1 443,80

![](./images/cscan.png)

**PupilSearch Sensitive Information Collection**

After Kunyu v1.7.0, the KeyWord command was removed and replaced with PupilSearch, which is the function of extracting sensitive data. Of course, it also supports the extraction of historical banner information through spatial mapping. For example, such as accesskey, the banner in historical data leaks sensitive data. Information, even if the service is changed now, but the AK/SK has not expired, it can still be used directly, understand everything, and support the extraction of sensitive information **(ID number, IP, JWT, API interface, appid, appkey, GithubAccessKey, default username \password, email, etc.)**.
Expand Down
13 changes: 13 additions & 0 deletions doc/README_CN.md
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ Global commands:
Seebug <query> Search Seebug vulnerability information
set <option> Set Global arguments values
view/views <ID> Look over banner row data information
Cscan <IP>/<Port> Scans port information about cobaltStrike
PupilSearch <URL>/<ID> Example Query sensitive interfaces
Pocsuite3 Invoke the pocsuite component
ExportPath Returns the path of the output file
Expand Down Expand Up @@ -202,6 +203,18 @@ SearchIcon /root/favicon.ico

![](../images/views.png)

**Cscan扫描cobaltStrike的端口信息**

Cscan是Kunyu 1.7.2版本的一个新特性,允许您使用此命令来识别网络资产是否为cobaltStrike,并列举配置文件的详细信息。

**命令格式:**

Cscan 1.1.1.1 443

Cscan 1.1.1.1 443, 80

![](../images/cscan.png)

**PupilSearch敏感信息收集**

在Kunyu v1.7.0版本后,移除了KeyWord命令替换为PupilSearch,就是提取敏感数据的功能,当然也支持通过空间测绘提取历史banner信息,举个例子像accesskey这种,历史数据中banner泄露了敏感信息,哪怕现在换了服务,但是AK/SK没有过期,依旧可以直接利用,懂得都懂,支持提取敏感信息**(身份证号、IP、JWT、API接口、appid、appkey、GithubAccessKey,default username\password、邮箱等)**
Expand Down
Binary file added images/cscan.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified images/infos.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified images/setinfo.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified images/show.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion kunyu/config/__version__.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
__python_version__ = sys.version.split()[0]
__platform__ = platform.platform()
__url__ = "https://github.com/knownsec/Kunyu"
__version__ = '1.7.1'
__version__ = '1.7.2'
__author__ = '风起'
__Team__ = 'KnownSec 404 Team'
__author_email__ = 'onlyzaliks@gmail.com'
Expand Down
7 changes: 7 additions & 0 deletions kunyu/core/scanalive.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
@File: scanalive.py
@Time: 2022/2/24 10:47
"""
import os

import nmap

Expand All @@ -21,3 +22,9 @@ def scan_port_status(self, ip, port):
for port in nm[host][proto].keys():
self.alive_data_params = {"ip": ip, "port":port, "state":nm[host][proto][port]['state']}
return self.alive_data_params

def scan_cobaltstrike_status(self, ip, port):
nm = nmap.PortScanner()
nse_path = str(os.path.abspath(os.path.dirname(os.path.dirname(__file__))) + "/lib/grab_beacon_config").replace("\\","/")
result = nm.scan(ip, port, "--script={}".format(nse_path))
return result
37 changes: 25 additions & 12 deletions kunyu/core/zoomeye.py
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@ class ZoomEye:
Seebug <query> Search Seebug vulnerability information
set <option> Set Global arguments values
view/views <ID> Look over banner row data information
Cscan <IP>/<Port> Scans port information about cobaltStrike
PupilSearch <URL>/<ID> Example Query sensitive interfaces and information
Pocsuite3 Invoke the pocsuite component
ExportPath Returns the path of the output file
Expand All @@ -210,7 +211,7 @@ class ZoomEye:

# ZoomEye Command List
Command_Info = ["help", "info", "set", "Seebug", "SearchWeb", "SearchHost", "SearchIcon", "HostCrash",
"SearchBatch", "SearchCert", "SearchDomain", "EncodeHash", "Pocsuite3", "ExportPath",
"SearchBatch", "SearchCert", "SearchDomain", "EncodeHash", "Pocsuite3", "ExportPath","Cscan",
"show", "clear", "view", "DirectoryCrash", "AliveScan","views", "PupilSearch", "CreateMap", "exit"]

def __init__(self):
Expand Down Expand Up @@ -269,11 +270,6 @@ def __command_search(self, search, types="host"):
except:
pass

# Set the Latitude and longitude information
if data.geoinfo.location:
lat = data.geoinfo.location.lat
lon = data.geoinfo.location.lon

# Set the output field
table.add_row(str(num), data.ip, str(data.portinfo.port), str(data.portinfo.service),
str(data.portinfo.app), str(data_isp), str(data.geoinfo.country.names.en),
Expand All @@ -284,10 +280,14 @@ def __command_search(self, search, types="host"):
str(data.portinfo.app), str(data_isp), str(data.geoinfo.country.names.en),
str(data.geoinfo.city.names.en), str(title), str(data.timestamp).split("T")[0]]

# Set scatter_params info
self.scatter_params.append({
"lng": str(lon), "lat": str(lat), "ip": data.ip
})
# Set the Latitude and longitude information
if data.geoinfo.location:
lat = data.geoinfo.location.lat
lon = data.geoinfo.location.lon
# Set scatter_params info
self.scatter_params.append({
"lng": str(lon), "lat": str(lat), "ip": data.ip
})

self.scan_alive_params.append({
"ip":data.ip,
Expand Down Expand Up @@ -625,7 +625,6 @@ def command_alivescan(cls, *args, **kwargs):
"""
Verify the current viability of the last retrieval result
"""
from kunyu.utils.convert import convert
ip_port_params, num = cls.scan_alive_params, 0
table = DisposeTables().result_table(ALIVE_SCAN_INFO ,overflow)
logger.info("IP Service Viability Scan:")
Expand All @@ -634,11 +633,25 @@ def command_alivescan(cls, *args, **kwargs):
for data in ip_port_params:
try:
num += 1
alive_status = convert(Scan_Alive_Ip().scan_port_status(data["ip"], data["port"]))
alive_status = cls.convert(Scan_Alive_Ip().scan_port_status(data["ip"], data["port"]))
table.add_row(
str(num), alive_status.ip, str(alive_status.port), str(alive_status.state)
)
except Exception:
continue
logger.info("IP Service Viability Scan is completed\n")

@classmethod
def command_cscan(cls, args):
try:
# Check whether a parameter exists
if args == "":
raise ArithmeticError
# Get args ip and search
ip, _, port = args.strip().partition(" ")
logger.info("Cscan scan results:")
scan_result = Scan_Alive_Ip().scan_cobaltstrike_status(ip, port)
console.print(scan_result)
logger.info("Cobaltstrike Scan is completed\n")
except ArithmeticError:
return logger.warning("Please Input IP and Port")
Loading

0 comments on commit 1d58fa3

Please sign in to comment.