企业Web网站很多直接对Internet提供服务,往往会被黑客作为恶意攻击的突破口,Web的安全和企业的信息安全高度相连。今天介绍如何利用GitHut上的SimpleAutoBurp项目,利用Python脚本实现网站的定时的自动扫描,这样能够在更短的时间发现Web系统的漏洞。GitHub上的脚本针对Linux平台,本文将脚本修改为在Windows平台上运行。
企业Web网站很多直接对Internet提供服务,往往会被黑客作为恶意攻击的突破口,Web的安全和企业的信息安全高度相连。
现实的管理中,在安全制度不完善的情况下,网站开发人员和维护人员经常因为业务紧急上线或者Bug修复,私自上线新的内容或变更,安全人员往往在出现问题后追查时才发现,之前的安全环境或者代码已经都变更了。
今天介绍如何利用GitHut上的SimpleAutoBurp项目,利用Python脚本实现网站的定时的自动扫描,这样能够在更短的时间发现Web系统的漏洞。GitHub上的脚本针对Linux平台,本文将脚本修改为在Windows平台上运行。
一、工作原理:
利用Crontab(linux平台)或任务计划程序(windows平台)定期执行SimpleAutoBurp.py,该脚本利用BurpsuitePro的RESTAPI和配置文件config.json对目标主机进行web扫描。
二、脚本文件 SimpleAutoBurp+Config.json
SimpleAutoBurp.py 是调用Burp suite API的脚本,config.json是其配置文件。
SimpleAutoBurp.py
from os import strerrorfrom subprocess import Popenimport requestsimport timeimport subprocessimport loggingimport osimport signalimport jsonimport sysfrom datetime import datetime#将configFile指向你的config.json文件configFile = r"F:/pythonCode/SimpleAutoBurp/SimpleAutoBurp-main/config.json"try:with open(configFile) as json_data:config=json.load(json_data)except:print("Missing config.json file. Make sure the configuration file is in the same folder")sys.exit()burpConfigs=config["burpConfigs"][0]siteConfigs=config["sites"]def set_logging():global rootLoggerlogFormatter = logging.Formatter("%(asctime)s [%(levelname)-5.5s]%(message)s")rootLogger = logging.getLogger()NumericLevel = getattr(logging, burpConfigs["loglevel"].upper(), 10)rootLogger.setLevel(NumericLevel)fileHandler = logging.FileHandler("{0}/{1}.log".format(burpConfigs["logPath"], burpConfigs["logfileName"]))fileHandler.setFormatter(logFormatter)rootLogger.addHandler(fileHandler)consoleHandler = logging.StreamHandler()consoleHandler.setFormatter(logFormatter)rootLogger.addHandler(consoleHandler)def execute_burp(site):cmd = burpConfigs["java"] + " -jar -Xmx" + burpConfigs["memory"] + " -Djava.awt.headless="+ str(burpConfigs["headless"]) + " " + burpConfigs["burpJar"] + " --project-file=" + site["project"] + " --unpause-spider-and-scanner"try:rootLogger.debug("Executing Burp: " + str(cmd))p = Popen(cmd, shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)return p.pidexcept:rootLogger.error("Burp Suite failed to execute.")exit()def check_burp(site):count = 0url = "http://127.0.0.1:1337/"+ site["apikey"] +"/v0.1/"time.sleep(10)while True:if count > burpConfigs["retry"]:rootLogger.error("Too many attempts to connect to Burp")exit()else:rootLogger.debug("Cheking API: " + str(url))init = requests.get(url)if init.status_code == 200:rootLogger.debug("API running, response code: " + str(init.status_code))# Let Brup time to load extensionstime.sleep(30)breakelse:rootLogger.debug("Burp is not ready yet, response code: " + str(init.status_code))time.sleep(10)def execute_scan(site):data = '{"urls":["'+ site["scanURL"] + '"]}'url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan"rootLogger.info("Starting scan to: " + str(site["scanURL"]))scan = requests.post(url, data=data)rootLogger.debug("Task ID: " + scan.headers["Location"])while True:url="http://127.0.0.1:1337/" + site["apikey"] + "/v0.1/scan/" + scan.headers["Location"]scanresults = requests.get(url)data = scanresults.json()rootLogger.info("Current status: " + data["scan_status"])if data["scan_status"] == "failed":rootLogger.error("Scan failed")kill_burp()exit()elif data["scan_status"] == "succeeded":rootLogger.info("Scan competed")return dataelse:rootLogger.debug("Waiting 60 before cheking the status again")time.sleep(60)def kill_burp(child_pid):rootLogger.info("Killing Burp.")try:os.kill(child_pid, signal.SIGTERM)rootLogger.debug("Burp killed")except:rootLogger.error("Failed to stop Burp")def get_data(data, site):for issue in data["issue_events"]:rootLogger.info("Vulnerability - Name: " + issue["issue"]["name"] + " Path: " + issue["issue"]["path"] + " Severity: " + issue["issue"]["severity"])token=site["scanURL"].split('/')[2]top_level=token.split('.')[-2]+'.'+token.split('.')[-1]file = top_level + "-" + datetime.now().strftime("%Y_%m_%d-%I_%M_%S_%p") + ".txt"file = burpConfigs["ScanOutput"] + filerootLogger.info("Writing full results to: "+ file)with open(file, "w") as f:f.write(str(data["issue_events"]))def main():set_logging()for site in config["sites"]:# Execute BurpSuite Prochild_pid = execute_burp(site)# Check if API burp is upcheck_burp(site)# Execute Scandata = execute_scan(site)# Get Vulnerability dataget_data(data, site)# Stop BurprootLogger.info("Scan finished, killing Burp.")kill_burp(child_pid)if __name__ == '__main__':main()Config.json(这里面配置要扫描的站点, APIKEY在BurpSuite里面生成)
{"sites" : [{"scanURL" : "http://192.168.168.180/","project" : "d:/temp/Metasploitable2.burp","apikey" : "S44ZGKWIXsGa8eWiASfDz7u5d2CzsbHm"}],"burpConfigs" : [{"memory" : "2048m","headless" : "true","java" : "C:/Program Files/Java/jdk-11.0.11/bin/java.exe","burpJar" : "F:/Download/burpsuite_pro_v2021.6.1.jar","retry" : 5,"logPath" : "d:/temp/ScanOutput/","logfileName" : "SimpleAutoBurp","loglevel" : "debug","ScanOutput" : "d:/temp/ScanOutput/"}]}三、Burp suite pro REST API服务开启方法
Burp Suite Pro 开启REST API 界面
四、使用任务计划程序(taskschd.msc)自动执行脚本,这里不再啰嗦如何利用Windows任务计划程序执行脚本,可以参考Windows相关帮助文件。
使用SimpleAutoBurp脚本来及时发现网站的安全漏洞是一种补救措施,我们更应该建立和遵循安全的软件发布流程,标准的软件发布流程我们可以参考ITIL中的发布,部署流程,也可以参考Microsoft的SDL流程。
