From 259b400150aad88d4ba0151604b308d25af64881 Mon Sep 17 00:00:00 2001 From: SanJin Date: Sun, 25 Aug 2019 15:22:37 +0800 Subject: [PATCH] =?UTF-8?q?~=20Telnet=20=E9=AB=98=E4=BA=A4=E4=BA=92?= =?UTF-8?q?=E5=AE=8C=E5=96=84=20~=20Redis=20=E8=9C=9C=E7=BD=90=E9=AB=98?= =?UTF-8?q?=E4=BA=A4=E4=BA=92=E5=AE=8C=E5=96=84=20~=20MemCache=20=E8=9C=9C?= =?UTF-8?q?=E7=BD=90=E6=94=AF=E6=8C=81,=E6=94=AF=E6=8C=81=E9=AB=98?= =?UTF-8?q?=E4=BA=A4=E4=BA=92=20~=20HFish=20=E6=8F=92=E4=BB=B6=E6=94=AF?= =?UTF-8?q?=E6=8C=81=EF=BC=8C=E5=90=8E=E7=BB=AD=E4=BC=9A=E5=BC=80=E6=94=BE?= =?UTF-8?q?=E8=B6=85=E5=BC=BA=E8=9C=9C=E7=BD=90=E7=94=9F=E6=80=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- admin/colony.html | 31 ++++-- admin/dashboard.html | 161 +++++++++++++++++++++++++++-- admin/fish.html | 6 ++ config.ini | 29 +++--- core/protocol/memcache/memcache.go | 25 ++++- core/protocol/ssh/ssh.go | 21 +++- core/protocol/telnet/telnet.go | 30 ++++-- core/report/report.go | 46 +++++++-- core/rpc/client/client.go | 14 +-- core/rpc/server/server.go | 19 +++- db/hfish.db | Bin 121856 -> 121856 bytes libs/ssh/config.json | 2 +- libs/telnet/config.json | 23 +++++ libs/telnet/ls.hfish | 0 logs/hfish.log | 123 +++++++++++++++++++++- utils/setting/setting.go | 56 ++++++++-- view/api/view.go | 27 ++++- view/colony/view.go | 2 + view/dashboard/view.go | 127 +++++++++++++++++++---- view/url.go | 1 + 20 files changed, 654 insertions(+), 89 deletions(-) delete mode 100644 libs/telnet/ls.hfish diff --git a/admin/colony.html b/admin/colony.html index 4d5425c..1c1861f 100644 --- a/admin/colony.html +++ b/admin/colony.html @@ -63,13 +63,15 @@ 集群名称 集群 IP - WEB - 暗网 - SSH - Redis - Mysql - Telnet - FTP + 插件 + WEB + 暗网 + SSH + Redis + Mysql + Telnet + FTP + MemCache @@ -129,6 +131,12 @@ _h += ' ' + data[i].agent_name + ''; _h += ' ' + data[i].agent_ip + ''; + if (data[i].plug_status == "1") { + _h += ' '; + } else { + _h += ' '; + } + if (data[i].web_status == "1") { _h += ' '; } else { @@ -171,6 +179,13 @@ _h += ' '; } + if (data[i].mem_cache_status == "1") { + _h += ' '; + } else { + _h += ' '; + } + + // if (data[i].http_status == "1") { // _h += ' '; // } else { @@ -190,6 +205,8 @@ _h += ' '; _h += ' '; _h += ' '; + _h += ' '; + _h += ' '; // _h += ' '; _h += ' '; _h += ' '; diff --git a/admin/dashboard.html b/admin/dashboard.html index 230edea..0549af5 100644 --- a/admin/dashboard.html +++ b/admin/dashboard.html @@ -4,6 +4,7 @@ font-weight: bold; font-size: 18px; margin-bottom: 30px; + color: #383838; } .openx { @@ -52,6 +53,9 @@ color: #000000; } + .lb_mem_cache { + color: #3d9671; + }
@@ -95,7 +99,16 @@
-
+ +
+
+ +
MemCache 蜜罐
+

{{.memCacheSum}}

+
+
+ +
TELNET 蜜罐
@@ -103,7 +116,7 @@
-
+
WEB 蜜罐
@@ -111,7 +124,7 @@
-
+
DEEP 蜜罐
@@ -119,9 +132,8 @@
-
-
+

服务状态

ADMIN

@@ -131,6 +143,12 @@

API

{{end}} + {{if eq .apiStatus "1"}} +

PLUG

+ {{else}} +

PLUG

+ {{end}} + {{if eq .webStatus "1"}}

WEB

{{else}} @@ -173,12 +191,28 @@

FTP

{{end}} + {{if eq .memCacheStatus "1"}} +

MEMCACHE

+ {{else}} +

MEMCACHE

+ {{end}} +
-
+
+
+
+
+
+
+
+
+
+
+
@@ -390,6 +424,33 @@ 0 ]; + var memCacheData = [ + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0 + ]; + var myChart = echarts.init(document.getElementById('myChart')); $.ajax({ @@ -435,6 +496,12 @@ telnetData[index] = d.telnet[item]; } + for (var item in d.memCache) { + var index = xdata.indexOf(item); + memCacheData[index] = d.memCache[item]; + } + + var option = { title: { text: '最近24小时' @@ -449,7 +516,7 @@ } }, legend: { - data: ['WEB', 'DEEP', 'SSH', 'REDIS', 'MYSQL', 'TELNET', 'FTP'] + data: ['WEB', 'DEEP', 'SSH', 'REDIS', 'MYSQL', 'TELNET', 'FTP', 'MEMCACHE'] }, grid: { left: '0%', @@ -518,6 +585,13 @@ stack: '总量', areaStyle: {normal: {}}, data: ftpData + }, + { + name: 'MEMCACHE', + type: 'line', + stack: '总量', + areaStyle: {normal: {}}, + data: memCacheData } ] }; @@ -527,4 +601,77 @@ }); + var myChart1 = echarts.init(document.getElementById('myChart1')); + var myChart2 = echarts.init(document.getElementById('myChart2')); + + + $.ajax({ + type: "GET", + url: "/get/dashboard/pie_data", + dataType: "json", + success: function (e) { + var d = e; + + console.log(d); + + var option = { + title: { + text: '攻击地区', + x: 'left' + }, + tooltip: { + trigger: 'item', + formatter: "{a}
{b} : {c} ({d}%)" + }, + series: [ + { + name: '来源地区', + type: 'pie', + radius: '70%', + center: ['50%', '50%'], + data: d.regionList, + itemStyle: { + emphasis: { + shadowBlur: 10, + shadowOffsetX: 0, + shadowColor: 'rgba(0, 0, 0, 0.5)' + } + } + } + ] + }; + + myChart1.setOption(option); + + + var option = { + title: { + text: '攻击 IP', + x: 'left' + }, + tooltip: { + trigger: 'item', + formatter: "{a}
{b} : {c} ({d}%)" + }, + series: [ + { + name: '攻击者IP', + type: 'pie', + radius: '70%', + center: ['50%', '50%'], + data: d.ipList, + itemStyle: { + emphasis: { + shadowBlur: 10, + shadowOffsetX: 0, + shadowColor: 'rgba(0, 0, 0, 0.5)' + } + } + } + ] + }; + + myChart2.setOption(option); + } + }); \ No newline at end of file diff --git a/admin/fish.html b/admin/fish.html index df59035..355b6bb 100644 --- a/admin/fish.html +++ b/admin/fish.html @@ -62,6 +62,10 @@ background-color: #000000; } + .lb_mem_cache { + background-color: #3d9671; + } + .pre { background: #2c2c31; color: #4fe21b; @@ -358,6 +362,8 @@ _h += ' TELNET '; } else if (data[i].type == "DEEP") { _h += ' DEEP '; + } else if (data[i].type == "MEMCACHE") { + _h += ' MEMCACHE '; } _h += ' ' + data[i].project_name + ''; diff --git a/config.ini b/config.ini index 9e7e93c..3258c17 100644 --- a/config.ini +++ b/config.ini @@ -9,11 +9,16 @@ account = admin # 登录账号 password = admin # 登录密码 [api] -status = 0 # 是否启动 API 1 启动 0 关闭 -web_url = /api/v1/post/report # 管理后台启动地址 -deep_url = /api/v1/post/deep_report # 管理后台启动地址 +status = 0 # 是否启动 API 0 关闭 1 启动 +web_url = /api/v1/post/report # WEB蜜罐上报 API +deep_url = /api/v1/post/deep_report # 暗网蜜罐上报 API +plug_url = /api/v1/post/plug_report # 插件蜜罐上报 API sec_key = 9cbf8a4dcb8e30682b927f352d6559a0 # API 认证秘钥 +[plug] +status = 0 # 是否启动 蜜罐插件 0 关闭 1 启动, 需要先启动 API +addr = 0.0.0.0:8989 # 蜜罐插件 启动地址 + [web] status = 0 # 是否启动 WEB 1 启动 0 关闭, 启动 API 后 WEB 方可上报结果 addr = 0.0.0.0:9000 # WEB 启动地址,0.0.0.0 对外开放,127.0.0.1 对内开放 可走 Nginx 反向代理 @@ -31,27 +36,27 @@ static = deep/static # 暗网 WEB 静态文件路径 url = / # 暗网 WEB 访问目录,默认 / 可更改成 index.html index.asp index.php [ssh] -status = 2 # 是否启动 SSH 0 关闭 1 低交互 2 高交互 +status = 0 # 是否启动 SSH 0 关闭 1 低交互 2 高交互 addr = 0.0.0.0:22 # SSH 服务端地址 注意端口冲突,请先关闭服务器 openssh 服务 或 修改端口 [redis] -status = 1 # 是否启动 Redis 1 启动 0 关闭 +status = 0 # 是否启动 Redis 0 关闭 1 启动 addr = 0.0.0.0:6379 # Redis 服务端地址 注意端口冲突 [mysql] -status = 0 # 是否启动 Mysql 1 启动 0 关闭 +status = 0 # 是否启动 Mysql 0 关闭 1 启动 addr = 0.0.0.0:3306 # Mysql 服务端地址 注意端口冲突 files = /etc/passwd,/etc/group # Mysql 服务端读取客户端任意文件; 多写逗号分隔,会随机取 [telnet] -status = 0 # 是否启动 Telnet 1 启动 0 关闭 +status = 0 # 是否启动 Telnet 0 关闭 1 启动 addr = 0.0.0.0:23 # Telnet 服务端地址 注意端口冲突 [ftp] -status = 0 # 是否启动 Ftp 1 启动 0 关闭 +status = 0 # 是否启动 Ftp 0 关闭 1 启动 addr = 0.0.0.0:21 # Ftp 服务端地址 注意端口冲突 -#[mem_cache] -#status = 0 # 是否启动 MemCache 1 启动 0 关闭 -#addr = 0.0.0.0:11211 # Memcache 服务端地址 注意端口冲突 -#rate_limit = 4 # 每秒响应次数 \ No newline at end of file +[mem_cache] +status = 1 # 是否启动 MemCache 0 关闭 1 启动 +addr = 0.0.0.0:11211 # Memcache 服务端地址 注意端口冲突 +rate_limit = 4 # 每秒响应次数 \ No newline at end of file diff --git a/core/protocol/memcache/memcache.go b/core/protocol/memcache/memcache.go index 4b35843..735f3e0 100644 --- a/core/protocol/memcache/memcache.go +++ b/core/protocol/memcache/memcache.go @@ -29,6 +29,9 @@ import ( "strconv" "strings" "time" + "HFish/utils/is" + "HFish/core/rpc/client" + "HFish/core/report" ) var linkedHashMap = LinkedHashMap.NewLinkedHashMap() @@ -421,6 +424,18 @@ func tcpServer(address string, rateLimitChan chan int, exitChan chan int) { skip := false reader := bufio.NewReader(conn) log.Printf("[Memcache TCP %d] Accepted a client socket from %s\n", trackID, conn.RemoteAddr().String()) + + arr := strings.Split(conn.RemoteAddr().String(), ":") + + // 判断是否为 RPC 客户端 + var id string + + if is.Rpc() { + id = client.ReportResult("MEMCACHE", "", arr[0], conn.RemoteAddr().String()+" 已经连接", "0") + } else { + id = strconv.FormatInt(report.ReportMemCche(arr[0], "本机", conn.RemoteAddr().String()+" 已经连接"), 10) + } + for { <-rateLimitChan str, err := reader.ReadString('\n') @@ -435,6 +450,12 @@ func tcpServer(address string, rateLimitChan chan int, exitChan chan int) { } str = strings.TrimSpace(str) + if is.Rpc() { + go client.ReportResult("MEMCACHE", "", "", "&&"+str, id) + } else { + go report.ReportUpdateMemCche(id, "&&"+str) + } + log.Printf("[Memcache TCP %d] Client request: %s.\n", trackID, str) args := strings.Split(str, " ") function, exist := commands[args[0]] @@ -544,7 +565,9 @@ func Start(addr string, rateLimitStr string) { // 将服务器并发运行 go tcpServer(addr, rateLimitChan, exitChan) - go udpServer(addr, rateLimitChan, exitChan) + + // UPD 暂不支持 + //go udpServer(addr, rateLimitChan, exitChan) // 通道阻塞,等待接受返回值 code := <-exitChan diff --git a/core/protocol/ssh/ssh.go b/core/protocol/ssh/ssh.go index f506c0d..e44f852 100644 --- a/core/protocol/ssh/ssh.go +++ b/core/protocol/ssh/ssh.go @@ -3,7 +3,6 @@ package ssh import ( "github.com/gliderlabs/ssh" "golang.org/x/crypto/ssh/terminal" - "fmt" "io" "strings" "HFish/utils/is" @@ -14,8 +13,11 @@ import ( "HFish/utils/json" "github.com/bitly/go-simplejson" "HFish/utils/file" + "strconv" ) +var clientData map[string]string + func getJson() *simplejson.Json { res, err := json.Get("ssh") @@ -26,6 +28,8 @@ func getJson() *simplejson.Json { } func Start(addr string) { + clientData = make(map[string]string) + ssh.ListenAndServe( addr, func(s ssh.Session) { @@ -47,7 +51,13 @@ func Start(addr string) { output := file.ReadLibsText("ssh", fileName) - fmt.Println(line) + id := clientData[s.RemoteAddr().String()] + + if is.Rpc() { + go client.ReportResult("SSH", "", "", "&&"+line, id) + } else { + go report.ReportUpdateSSH(id, "&&"+line) + } io.WriteString(s, output+"\n") } @@ -59,11 +69,13 @@ func Start(addr string) { log.Pr("SSH", arr[0], "已经连接") + var id string + // 判断是否为 RPC 客户端 if is.Rpc() { - go client.ReportResult("SSH", "", arr[0], info, "0") + id = client.ReportResult("SSH", "", arr[0], info, "0") } else { - go report.ReportSSH(arr[0], "本机", info) + id = strconv.FormatInt(report.ReportSSH(arr[0], "本机", info), 10) } sshStatus := conf.Get("ssh", "status") @@ -75,6 +87,7 @@ func Start(addr string) { passwordx := res.Get("password") if (accountx.MustString() == s.User() && passwordx.MustString() == password) { + clientData[s.RemoteAddr().String()] = id return true } } diff --git a/core/protocol/telnet/telnet.go b/core/protocol/telnet/telnet.go index 26809f7..39576aa 100644 --- a/core/protocol/telnet/telnet.go +++ b/core/protocol/telnet/telnet.go @@ -11,6 +11,9 @@ import ( "strconv" "HFish/core/report" "HFish/utils/log" + "github.com/bitly/go-simplejson" + "HFish/utils/json" + "HFish/utils/file" ) // 服务端连接 @@ -50,6 +53,15 @@ func server(address string, exitChan chan int) { } } +func getJson() *simplejson.Json { + res, err := json.Get("telnet") + + if err != nil { + log.Pr("HFish", "127.0.0.1", "解析 Telnet JSON 文件失败", err) + } + return res +} + // 会话处理 func handleSession(conn net.Conn, exitChan chan int, id string) { fmt.Println("Session started") @@ -65,7 +77,7 @@ func handleSession(conn net.Conn, exitChan chan int, id string) { if is.Rpc() { go client.ReportResult("TELNET", "", "", "&&"+str, id) } else { - go report.ReportUpdateRedis(id, "&&"+str) + go report.ReportUpdateTelnet(id, "&&"+str) } if !processTelnetCommand(str, exitChan) { @@ -73,7 +85,17 @@ func handleSession(conn net.Conn, exitChan chan int, id string) { break } - conn.Write([]byte("OK" + "\r\n")) + res := getJson() + + fileName := res.Get("command").Get(str).MustString() + + if (fileName == "") { + fileName = res.Get("command").Get("default").MustString() + } + + output := file.ReadLibsText("telnet", fileName) + + conn.Write([]byte(output + "\r\n")) } else { // 发生错误 fmt.Println("Session closed") @@ -97,11 +119,7 @@ func processTelnetCommand(str string, exitChan chan int) bool { exitChan <- 0 return false } - - // 打印输入的字符串 - fmt.Println(str) return true - } func Start(addr string) { diff --git a/core/report/report.go b/core/report/report.go index d1fce04..4042a5e 100644 --- a/core/report/report.go +++ b/core/report/report.go @@ -111,7 +111,7 @@ func alert(id string, model string, typex string, projectName string, agent stri } // 上报 集群 状态 -func ReportAgentStatus(agentName string, agentIp string, webStatus string, deepStatus string, sshStatus string, redisStatus string, mysqlStatus string, httpStatus string, telnetStatus string, ftpStatus string) { +func ReportAgentStatus(agentName string, agentIp string, webStatus string, deepStatus string, sshStatus string, redisStatus string, mysqlStatus string, httpStatus string, telnetStatus string, ftpStatus string, memCacheStatus string, plugStatus string) { sql := ` INSERT INTO hfish_colony ( agent_name, @@ -124,24 +124,26 @@ func ReportAgentStatus(agentName string, agentIp string, webStatus string, deepS http_status, telnet_status, ftp_status, + mem_cache_status, + plug_status, last_update_time ) VALUES - (?,?,?,?,?,?,?,?,?,?,?); + (?,?,?,?,?,?,?,?,?,?,?,?,?); ` - id := dbUtil.Insert(sql, agentName, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, time.Now().Format("2006-01-02 15:04:05")) + id := dbUtil.Insert(sql, agentName, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, memCacheStatus, plugStatus, time.Now().Format("2006-01-02 15:04:05")) // 如果 ID 等于0 代表 该数据以及存在 if id == 0 { sql := ` UPDATE hfish_colony - SET agent_ip = ?, web_status = ?, deep_status = ?, ssh_status = ?, redis_status = ?, mysql_status = ?, http_status = ?, telnet_status = ?, ftp_status = ?, last_update_time =? + SET agent_ip = ?, web_status = ?, deep_status = ?, ssh_status = ?, redis_status = ?, mysql_status = ?, http_status = ?, telnet_status = ?, ftp_status = ?, mem_cache_status = ?, plug_status = ?, last_update_time = ? WHERE agent_name =?; ` - dbUtil.Update(sql, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, time.Now().Format("2006-01-02 15:04:05"), agentName) + dbUtil.Update(sql, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, memCacheStatus, plugStatus, time.Now().Format("2006-01-02 15:04:05"), agentName) } } @@ -161,12 +163,28 @@ func ReportDeepWeb(projectName string, agent string, ipx string, info string) { go alert(strconv.FormatInt(id, 10), "new", "DEEP", projectName, agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05")) } +// 上报 蜜罐插件 +func ReportPlugWeb(projectName string, agent string, ipx string, info string) { + country, region, city := ip.GetIp(ipx) + sql := `INSERT INTO hfish_info(type,project_name,agent,ip,country,region,city,info,create_time) values(?,?,?,?,?,?,?,?,?);` + id := dbUtil.Insert(sql, "PLUG", projectName, agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05")) + go alert(strconv.FormatInt(id, 10), "new", "PLUG", projectName, agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05")) +} + // 上报 SSH -func ReportSSH(ipx string, agent string, info string) { +func ReportSSH(ipx string, agent string, info string) int64 { country, region, city := ip.GetIp(ipx) sql := `INSERT INTO hfish_info(type,project_name,agent,ip,country,region,city,info,create_time) values(?,?,?,?,?,?,?,?,?);` id := dbUtil.Insert(sql, "SSH", "SSH蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05")) go alert(strconv.FormatInt(id, 10), "new", "SSH", "SSH蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05")) + return id +} + +// 更新 SSH 操作 +func ReportUpdateSSH(id string, info string) { + sql := `UPDATE hfish_info SET info = info||? WHERE id = ?;` + dbUtil.Update(sql, info, id) + go alert(id, "update", "SSH", "SSH蜜罐", "", "", "", "", "", info, time.Now().Format("2006-01-02 15:04:05")) } // 上报 Redis @@ -224,3 +242,19 @@ func ReportUpdateTelnet(id string, info string) { dbUtil.Update(sql, info, id) go alert(id, "update", "TELNET", "Telnet蜜罐", "", "", "", "", "", info, time.Now().Format("2006-01-02 15:04:05")) } + +// 上报 MemCache +func ReportMemCche(ipx string, agent string, info string) int64 { + country, region, city := ip.GetIp(ipx) + sql := `INSERT INTO hfish_info(type,project_name,agent,ip,country,region,city,info,create_time) values(?,?,?,?,?,?,?,?,?);` + id := dbUtil.Insert(sql, "MEMCACHE", "MemCache蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05")) + go alert(strconv.FormatInt(id, 10), "new", "MEMCACHE", "MemCache蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05")) + return id +} + +// 更新 MemCache 操作 +func ReportUpdateMemCche(id string, info string) { + sql := `UPDATE hfish_info SET info = info||? WHERE id = ?;` + dbUtil.Update(sql, info, id) + go alert(id, "update", "MEMCACHE", "MemCache蜜罐", "", "", "", "", "", info, time.Now().Format("2006-01-02 15:04:05")) +} diff --git a/core/rpc/client/client.go b/core/rpc/client/client.go index 35164c4..bd23265 100644 --- a/core/rpc/client/client.go +++ b/core/rpc/client/client.go @@ -9,9 +9,9 @@ import ( // 上报状态结构 type Status struct { - AgentIp string - AgentName string - Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp string + AgentIp string + AgentName string + Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp, MemCahe, Plug string } // 上报结果结构 @@ -39,7 +39,7 @@ func createClient() (*rpc.Client, string, bool) { return client, ipArr[0], true } -func reportStatus(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string) { +func reportStatus(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string, memCacheStatus string, plugStatus string) { client, addr, boolStatus := createClient() if boolStatus { @@ -56,6 +56,8 @@ func reportStatus(rpcName string, ftpStatus string, telnetStatus string, httpSta httpStatus, telnetStatus, ftpStatus, + memCacheStatus, + plugStatus, } var reply string @@ -100,6 +102,6 @@ func ReportResult(typex string, projectName string, sourceIp string, info string return "" } -func Start(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string) { - reportStatus(rpcName, ftpStatus, telnetStatus, httpStatus, mysqlStatus, redisStatus, sshStatus, webStatus, darkStatus) +func Start(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string, memCacheStatus string, plugStatus string) { + reportStatus(rpcName, ftpStatus, telnetStatus, httpStatus, mysqlStatus, redisStatus, sshStatus, webStatus, darkStatus, memCacheStatus, plugStatus) } diff --git a/core/rpc/server/server.go b/core/rpc/server/server.go index 2a1fcd0..077e8f5 100644 --- a/core/rpc/server/server.go +++ b/core/rpc/server/server.go @@ -11,9 +11,9 @@ import ( // 上报状态结构 type Status struct { - AgentIp string - AgentName string - Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp string + AgentIp string + AgentName string + Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp, MemCahe, Plug string } // 上报结果结构 @@ -44,6 +44,8 @@ func (t *HFishRPCService) ReportStatus(s *Status, reply *string) error { s.Http, s.Telnet, s.Ftp, + s.MemCahe, + s.Plug, ) return nil @@ -54,6 +56,8 @@ func (t *HFishRPCService) ReportResult(r *Result, reply *string) error { var idx string switch r.Type { + case "PLUG": + go report.ReportPlugWeb(r.ProjectName, r.AgentName, r.SourceIp, r.Info) case "WEB": go report.ReportWeb(r.ProjectName, r.AgentName, r.SourceIp, r.Info) case "DEEP": @@ -81,8 +85,13 @@ func (t *HFishRPCService) ReportResult(r *Result, reply *string) error { } else { go report.ReportUpdateTelnet(r.Id, r.Info) } - case "FTP": - go report.ReportFTP(r.SourceIp, r.AgentName, r.Info) + case "MEMCACHE": + if r.Id == "0" { + id := report.ReportMemCche(r.SourceIp, r.AgentName, r.Info) + idx = strconv.FormatInt(id, 10) + } else { + go report.ReportUpdateMemCche(r.Id, r.Info) + } } *reply = idx diff --git a/db/hfish.db b/db/hfish.db index a4d9e9a3d197d4321f91767508d1e373f9f48584..429f15860e425afb99f30b0ea09532f6d69c10ac 100644 GIT binary patch delta 2488 zcmaJ?eM}qY8Gk>{XJh+z<|DO@F*c<(2?^nBV+;;uaeY%cy3jRNJIv%U>vB@11c1 zYqqnVyYoH2d!FC(d)|AW(Ruagyn5V{y8r+fq86oQrWQE6&7)rc6=_CA|6zP*=FmxO z%9ULjBR#1N@^c2??m9CpC&uAX>zN2o8-*Ly@=tiu5)mAnT{1#YjJ*W(hD@%Qw0^?}dGlFm_L z1$YFlpaEb-8YsaMa1)HnA@}Kkv6QoMX5yMCVpAXd^s9yQq>gPyO$Q`9h7RbKmM|>V z`F6jo1NjaGImTGnLmMBBGt31m?M<#RRLm0xP|XzI)l{wS3Z~23py#KDm+lrAU6p-lV=4Hu}=DCzj78rP>_WK5Jn0nr;BQ5dkZtMDq`_ zQWWKnZ8EBjfdD+|O?18z2`dU9w^zAhw|77qeGfY6gSnr40k@%9J7dx_=q|vY;#YAs zx|=M~e2Fwqsd-RZ%Jb6i{s7CYg5VZhwG~25g}ch`_V`^czt`Qw^1x9>Avu49<)sfH zE|=X^>vy~T-kN}lLQ43|!AWfd+PAC&3U*hG-|h8RdFmM+*d73R-qZL}P#Up8|ZBvR=ZU&*i=jr?G*@rLa5P9qtH4dV0eNwX|>(3VM!$5xfWBJ@hm! zZW%JICe|oj=AoN$dplfNf#&wS3FqK!BQAI!Kg&R4lG(P3p()91rWZ5$ZpGtC=M#U% zurSFK+{Zdx0}$06*CRrs9!GYuL=5VIb&J{NaB!m06Ko1L1R8cX1;f#X&QN!l{A$ER zE)3a1-l|%`XHU(|-v0OuU03NhFFKu(xYKzsoNzkh;e_2~ciTP6fBUf0x%%(b`)thV zj1BZ89<;%0cX<>oytF!255#(LuO65kG`X1*!-W5#nS3^)Cx(HXvecOLw`)@_w{N>Z zf3$T~K40~J%2Xbjy`nP`aXNdtLVdkmJqOq5IF(~(DAE@XujfRY z?(us(9Jm6spaSDd_!;z1bPmUmIm0N+ra#Lj)S0kXh7+O6{?2%O=zC7*5LIy_BY{@zLEC^v&aqE? zTFGT0cMhA_%;!jQ;}r$+lJ@!C!t>&uEE!IU{T|w73E7N8VH84QA7sD55-{C~_%kIA1-4W+CI(JnTu}#&SqW|pn2M>pnghpai_0~502iWpbO5fv3$PJ<4G1Yr zM2)B&=(FXvi90t&QkqK+C5m)y;0$VP7u{%jl9*% zicq|;pO}*#|?rVK+Z}3Pw7Fm9aEYDnD8)eDsCmQkW1z5*n zx)-8d2<^g~(MNPgtU=mXWWyLupBP_0dV_p)s~H{YCH1OG^7UWp=vLkn%?wF0quQii zi%a(2YLgfAn)gjG6?At%|qP@nwG zN`Ns@J-m1dhjB4lM5j;#yaf+~d*DZB14eC22NhzgGPD|5wjOZ+OF#VB%gM{8lt?$Ej z)@NajEe>ghhbHOF7%YT_567X}t};<|Y9;+NtgPKaZ_BCepq581pV}sBergVCrPS)F UJxQ&Onv9e2TjmneaBS;;00q3YLI3~& delta 1283 zcmZ{kTTI(k9LLY^oPY2CKfQ4&rKK&{p@^d$?SQs2u0!0^E%CPEtV+PL%B2hjJh8t% zhzp67qn?*#n^}x8%Oay1|bHw1lMUA1ns6)A?7I}f}Z!_x9qU_IWnKzirT8W0S3LAq>>n~&L z*b*<7B~Px)nU71;Omvz+&({q{tt?9zOA)rsQtTU+%G-=jFv(_NK|W-OiyI0!Llj5b zAU!gAI-MFFADLKSKM+5pb~=bvW&!%Imwe5)Ey40QVJf5aHChQDK!SWpUM2CI8rWU^ z_?k^G8&?RdP)>?GVEly_J!2v*Lu28@9T=x;e#zy~!`r~FvqAbBoux7w2lD}AJ?K(Z z^}YsSvp|hd+#rkED0s!=W-vM0{ozn7d?41+Hgn2Iv@o74PSEryZ(eK?SF0gmAaiNW zBYv%hX_|hy@w>um)%qI{v*RvFAYykoaQe!`}57ATMVjqf|dUSe<6YAed$RsIt(yLaP(pN zBRxl(;3iCBa!KHm+2`d!wckRVzG`1EsEF)M@bk$T6Aztn@IuyU3&*1EgX-ZuB5qGr zltrV1YTuszDxAM}4{sssFoq(rNLy0v;eX9MZ9r~Ks@)pbA|F(+3TDzs*aUOXb^0t6 z;R1A#yX1B5o*rXKwG%^o`K{?n1LA%&A_M`^wTu}~ z$4Z=;)wq3!Efz&>v*3|w<>2bvAb4)YjcZz5Mvh{W!Lq->;|QPH+q|zJLXPlc`JB}?PcEGyRPJK6uTr>KVh3} znAOtTbeRrd<`*DLJ|g`&^#Ph0ElsLj`1L>FI*6?*@Ud{;knl6;5grD2XwL(NdiN diff --git a/libs/ssh/config.json b/libs/ssh/config.json index 218cf2c..1ab1098 100644 --- a/libs/ssh/config.json +++ b/libs/ssh/config.json @@ -13,7 +13,7 @@ "hostname": "hostname", "cat /etc/inittab": "inittab", "cat /proc/meminfo": "meminfo", - "cat /proc/passwd": "passwd", + "cat /etc/passwd": "passwd", "cat /etc/resolv.conf": "resolv", "cat /proc/version": "version", "ifconfig": "ifconfig", diff --git a/libs/telnet/config.json b/libs/telnet/config.json index e69de29..25baa32 100644 --- a/libs/telnet/config.json +++ b/libs/telnet/config.json @@ -0,0 +1,23 @@ +{ + "command": { + "default": "default", + "ls": "ls", + "ls -all": "ls_all", + "arp": "arp", + "cat /proc/cpuinfo": "cpuinfo", + "cat /etc/group": "group", + "cat /etc/hosts": "hosts", + "hostname": "hostname", + "cat /etc/inittab": "inittab", + "cat /proc/meminfo": "meminfo", + "cat /etc/passwd": "passwd", + "cat /etc/resolv.conf": "resolv", + "cat /proc/version": "version", + "ifconfig": "ifconfig", + "df -h": "df_h", + "df": "df", + "wget": "wget", + "ll": "ll", + "ll -h": "ll_h" + } +} \ No newline at end of file diff --git a/libs/telnet/ls.hfish b/libs/telnet/ls.hfish deleted file mode 100644 index e69de29..0000000 diff --git a/logs/hfish.log b/logs/hfish.log index d8296e2..3e2a13f 100644 --- a/logs/hfish.log +++ b/logs/hfish.log @@ -1 +1,122 @@ -[SSH] 127.0.0.1 - [2019-08-25 00:17:23] 已经连接 [] +[HFish] 127.0.0.1 - [2019-08-25 15:19:44] "GET /setting HTTP/1.1 200 3.868203ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:19:44 | 200 | 3.950528ms | 127.0.0.1 | GET /setting +[HFish] 127.0.0.1 - [2019-08-25 15:19:44] "GET /static/favicon.ico HTTP/1.1 200 5.045725ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:19:44 | 200 | 5.09216ms | 127.0.0.1 | GET /static/favicon.ico +[HFish] 127.0.0.1 - [2019-08-25 15:19:45] "GET /colony HTTP/1.1 200 2.069057ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:19:45 | 200 | 2.111292ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:19:45] "GET /get/colony/list HTTP/1.1 200 1.17125ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:19:45 | 200 | 1.213546ms | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:20:06] "GET /colony HTTP/1.1 200 2.339492ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:06 | 200 | 2.397969ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:20:06] "GET /get/colony/list HTTP/1.1 200 813.84µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:06 | 200 | 853.996µs | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:20:06] "GET /static/favicon.ico HTTP/1.1 200 634.548µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:06 | 200 | 754.254µs | 127.0.0.1 | GET /static/favicon.ico +[HFish] 127.0.0.1 - [2019-08-25 15:20:20] "GET /colony HTTP/1.1 200 3.28396ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:20 | 200 | 3.343365ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:20:20] "GET /get/colony/list HTTP/1.1 200 846.762µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:20 | 200 | 888.242µs | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:20:20] "GET /static/favicon.ico HTTP/1.1 200 201.18µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:20 | 200 | 255.766µs | 127.0.0.1 | GET /static/favicon.ico +[HFish] 127.0.0.1 - [2019-08-25 15:20:34] "GET /colony HTTP/1.1 200 1.834003ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:34 | 200 | 1.884242ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:20:34] "GET /get/colony/list HTTP/1.1 200 1.16712ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:34 | 200 | 1.261211ms | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:20:34] "GET /static/favicon.ico HTTP/1.1 200 230.866µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:20:34 | 200 | 309.926µs | 127.0.0.1 | GET /static/favicon.ico +[HFish] 127.0.0.1 - [2019-08-25 15:21:15] "GET /colony HTTP/1.1 200 2.065056ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:15 | 200 | 2.142428ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:21:15] "GET /get/colony/list HTTP/1.1 200 1.166819ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:15 | 200 | 1.204985ms | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:21:15] "GET /static/favicon.ico HTTP/1.1 200 372.689µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:15 | 200 | 483.119µs | 127.0.0.1 | GET /static/favicon.ico +[HFish] 127.0.0.1 - [2019-08-25 15:21:26] "GET /colony HTTP/1.1 200 2.842474ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:26 | 200 | 2.895649ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:21:26] "GET /get/colony/list HTTP/1.1 200 1.131351ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:26 | 200 | 1.172075ms | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:21:27] "GET /static/favicon.ico HTTP/1.1 200 197.309µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:27 | 200 | 272.561µs | 127.0.0.1 | GET /static/favicon.ico +[HFish] 127.0.0.1 - [2019-08-25 15:21:28] "GET /dashboard HTTP/1.1 200 6.180131ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:28 | 200 | 6.225546ms | 127.0.0.1 | GET /dashboard +[HFish] 127.0.0.1 - [2019-08-25 15:21:29] "GET /get/dashboard/pie_data HTTP/1.1 200 2.308906ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:29 | 200 | 2.354239ms | 127.0.0.1 | GET /get/dashboard/pie_data +[HFish] 127.0.0.1 - [2019-08-25 15:21:29] "GET /get/dashboard/data HTTP/1.1 200 8.919782ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:29 | 200 | 9.03726ms | 127.0.0.1 | GET /get/dashboard/data +[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /fish HTTP/1.1 200 2.087863ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:35 | 200 | 2.129194ms | 127.0.0.1 | GET /fish +[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /static/libs/page/jquery.sPage.css HTTP/1.1 304 129.35µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:35 | 304 | 178.971µs | 127.0.0.1 | GET /static/libs/page/jquery.sPage.css +[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.135393ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:35 | 200 | 2.186183ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= +[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /get/fish/typeList HTTP/1.1 200 1.882745ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:35 | 200 | 1.916116ms | 127.0.0.1 | GET /get/fish/typeList +[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /colony HTTP/1.1 200 3.112042ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:35 | 200 | 3.173845ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /get/colony/list HTTP/1.1 200 749.659µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:35 | 200 | 783.463µs | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:21:36] "GET /mail HTTP/1.1 200 2.047757ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:36 | 200 | 8.821724ms | 127.0.0.1 | GET /mail +[HFish] 127.0.0.1 - [2019-08-25 15:21:36] "GET /setting HTTP/1.1 200 2.663358ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:36 | 200 | 2.703441ms | 127.0.0.1 | GET /setting +[HFish] 127.0.0.1 - [2019-08-25 15:21:37] "GET /mail HTTP/1.1 200 1.496658ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:37 | 200 | 1.537187ms | 127.0.0.1 | GET /mail +[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /colony HTTP/1.1 200 3.282241ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:38 | 200 | 3.357717ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /get/colony/list HTTP/1.1 200 795.657µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:38 | 200 | 831.698µs | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /fish HTTP/1.1 200 1.913492ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:38 | 200 | 1.952857ms | 127.0.0.1 | GET /fish +[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /get/fish/typeList HTTP/1.1 200 2.025435ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:38 | 200 | 2.065044ms | 127.0.0.1 | GET /get/fish/typeList +[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.227488ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:38 | 200 | 2.329691ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= +[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /dashboard HTTP/1.1 200 6.336137ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:38 | 200 | 6.376156ms | 127.0.0.1 | GET /dashboard +[HFish] 127.0.0.1 - [2019-08-25 15:21:39] "GET /get/dashboard/pie_data HTTP/1.1 200 2.803106ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:39 | 200 | 2.845759ms | 127.0.0.1 | GET /get/dashboard/pie_data +[HFish] 127.0.0.1 - [2019-08-25 15:21:39] "GET /get/dashboard/data HTTP/1.1 200 7.006924ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:39 | 200 | 7.067156ms | 127.0.0.1 | GET /get/dashboard/data +[HFish] 127.0.0.1 - [2019-08-25 15:21:45] "GET /fish HTTP/1.1 200 1.898809ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:45 | 200 | 1.955998ms | 127.0.0.1 | GET /fish +[HFish] 127.0.0.1 - [2019-08-25 15:21:45] "GET /get/fish/typeList HTTP/1.1 200 2.33959ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:45 | 200 | 2.388269ms | 127.0.0.1 | GET /get/fish/typeList +[HFish] 127.0.0.1 - [2019-08-25 15:21:45] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.54735ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:45 | 200 | 2.60593ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= +[HFish] 127.0.0.1 - [2019-08-25 15:21:46] "GET /colony HTTP/1.1 200 1.838044ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:46 | 200 | 1.873524ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:21:46] "GET /get/colony/list HTTP/1.1 200 1.038366ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:46 | 200 | 1.983434ms | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:21:47] "GET /mail HTTP/1.1 200 1.773735ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:47 | 200 | 1.81538ms | 127.0.0.1 | GET /mail +[HFish] 127.0.0.1 - [2019-08-25 15:21:48] "GET /setting HTTP/1.1 200 3.122959ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:48 | 200 | 3.162942ms | 127.0.0.1 | GET /setting +[HFish] 127.0.0.1 - [2019-08-25 15:21:49] "GET /mail HTTP/1.1 200 1.472018ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:49 | 200 | 1.522748ms | 127.0.0.1 | GET /mail +[HFish] 127.0.0.1 - [2019-08-25 15:21:49] "GET /setting HTTP/1.1 200 2.636284ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:49 | 200 | 2.685672ms | 127.0.0.1 | GET /setting +[HFish] 127.0.0.1 - [2019-08-25 15:21:50] "GET /colony HTTP/1.1 200 2.267542ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:50 | 200 | 2.306864ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:21:50] "GET /get/colony/list HTTP/1.1 200 754.628µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:50 | 200 | 785.658µs | 127.0.0.1 | GET /get/colony/list +[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /fish HTTP/1.1 200 1.928452ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:51 | 200 | 1.970332ms | 127.0.0.1 | GET /fish +[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/fish/typeList HTTP/1.1 200 2.122325ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:51 | 200 | 2.160561ms | 127.0.0.1 | GET /get/fish/typeList +[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.315912ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:51 | 200 | 2.33972ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= +[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /dashboard HTTP/1.1 200 7.733019ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:51 | 200 | 7.799823ms | 127.0.0.1 | GET /dashboard +[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/dashboard/pie_data HTTP/1.1 200 2.088386ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:51 | 200 | 2.119638ms | 127.0.0.1 | GET /get/dashboard/pie_data +[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/dashboard/data HTTP/1.1 200 6.821703ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:51 | 200 | 6.872761ms | 127.0.0.1 | GET /get/dashboard/data +[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /fish HTTP/1.1 200 2.762985ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:52 | 200 | 2.815749ms | 127.0.0.1 | GET /fish +[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /get/fish/typeList HTTP/1.1 200 2.984472ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:52 | 200 | 3.069217ms | 127.0.0.1 | GET /get/fish/typeList +[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 3.0926ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:52 | 200 | 3.131943ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= +[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /colony HTTP/1.1 200 2.021751ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:52 | 200 | 2.060145ms | 127.0.0.1 | GET /colony +[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /get/colony/list HTTP/1.1 200 977.794µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" " +[GIN] 2019/08/25 - 15:21:52 | 200 | 1.020393ms | 127.0.0.1 | GET /get/colony/list diff --git a/utils/setting/setting.go b/utils/setting/setting.go index 722a4f1..adfdf93 100644 --- a/utils/setting/setting.go +++ b/utils/setting/setting.go @@ -20,6 +20,7 @@ import ( "HFish/core/rpc/client" "HFish/view/api" "HFish/utils/cors" + "HFish/core/protocol/memcache" ) func RunWeb(template string, index string, static string, url string) http.Handler { @@ -78,6 +79,24 @@ func RunDeep(template string, index string, static string, url string) http.Hand return r } +func RunPlug() http.Handler { + r := gin.New() + r.Use(gin.Recovery()) + + // API 启用状态 + apiStatus := conf.Get("api", "status") + + // 判断 API 是否启用 + if apiStatus == "1" { + // 启动 蜜罐插件 API + r.Use(cors.Cors()) + plugUrl := conf.Get("api", "plug_url") + r.POST(plugUrl, api.ReportPlugWeb) + } + + return r +} + func RunAdmin() http.Handler { gin.DisableConsoleColor() @@ -117,14 +136,14 @@ func RunAdmin() http.Handler { func Run() { // 启动 MemCache 蜜罐 - //memCacheStatus := conf.Get("mem_cache", "status") - // - //// 判断 MemCache 蜜罐 是否开启 - //if memCacheStatus == "1" { - // memCacheRateLimit := conf.Get("mem_cache", "rate_limit") - // memCacheAddr := conf.Get("mem_cache", "addr") - // go memcache.Start(memCacheAddr, memCacheRateLimit) - //} + memCacheStatus := conf.Get("mem_cache", "status") + + // 判断 MemCache 蜜罐 是否开启 + if memCacheStatus == "1" { + memCacheAddr := conf.Get("mem_cache", "addr") + memCacheRateLimit := conf.Get("mem_cache", "rate_limit") + go memcache.Start(memCacheAddr, memCacheRateLimit) + } //=========================// @@ -244,6 +263,25 @@ func Run() { //=========================// + // 启动 蜜罐插件 + plugStatus := conf.Get("plug", "status") + + // 判断 蜜罐插件 是否开启 + if plugStatus != "0" { + plugAddr := conf.Get("plug", "addr") + + serverPlug := &http.Server{ + Addr: plugAddr, + Handler: RunPlug(), + ReadTimeout: 5 * time.Second, + WriteTimeout: 10 * time.Second, + } + + go serverPlug.ListenAndServe() + } + + //=========================// + // 启动 RPC rpcStatus := conf.Get("rpc", "status") @@ -260,7 +298,7 @@ func Run() { for { // 这样写 提高IO读写性能 - go client.Start(rpcName, ftpStatus, telnetStatus, "0", mysqlStatus, redisStatus, sshStatus, webStatus, deepStatus) + go client.Start(rpcName, ftpStatus, telnetStatus, "0", mysqlStatus, redisStatus, sshStatus, webStatus, deepStatus, memCacheStatus, plugStatus) time.Sleep(time.Duration(1) * time.Minute) } diff --git a/view/api/view.go b/view/api/view.go index 95e5c97..58e40cb 100644 --- a/view/api/view.go +++ b/view/api/view.go @@ -59,14 +59,37 @@ func ReportDeepWeb(c *gin.Context) { } } -// 获取记录黑客IP +// 蜜罐插件API +func ReportPlugWeb(c *gin.Context) { + name := c.PostForm("name") + info := c.PostForm("info") + secKey := c.PostForm("sec_key") + ip := c.PostForm("ip") + + apiSecKey := conf.Get("api", "sec_key") + + if secKey != apiSecKey { + c.JSON(http.StatusOK, error.ErrFailApiKey()) + } else { + // 判断是否为 RPC 客户端 + if is.Rpc() { + go client.ReportResult("PLUG", name, ip, info, "0") + } else { + go report.ReportPlugWeb(name, "本机", ip, info) + } + + c.JSON(http.StatusOK, error.ErrSuccessNull()) + } +} + +// 获取黑名单 黑客IP 列表 func GetIpList(c *gin.Context) { sql := `select ip from hfish_info GROUP BY ip;` result := dbUtil.Query(sql) c.JSON(http.StatusOK, error.ErrSuccess(result)) } -// 获取记录黑客IP +// 获取钓鱼列表 API func GetFishInfo(c *gin.Context) { sql := `select * from hfish_info ORDER BY id desc` result := dbUtil.Query(sql) diff --git a/view/colony/view.go b/view/colony/view.go index df7c833..779b17f 100644 --- a/view/colony/view.go +++ b/view/colony/view.go @@ -26,6 +26,8 @@ func GetColony(c *gin.Context) { http_status, telnet_status, ftp_status, + mem_cache_status, + plug_status, last_update_time FROM hfish_colony diff --git a/view/dashboard/view.go b/view/dashboard/view.go index 730da63..c743021 100644 --- a/view/dashboard/view.go +++ b/view/dashboard/view.go @@ -18,6 +18,7 @@ func Html(c *gin.Context) { deepMysql := `select count(1) as sum from hfish_info where type="DEEP";` telnetMysql := `select count(1) as sum from hfish_info where type="TELNET";` ftpMysql := `select count(1) as sum from hfish_info where type="FTP";` + memCacheMysql := `select count(1) as sum from hfish_info where type="MEMCACHE";` resultWeb := dbUtil.Query(sqlWeb) resultSsh := dbUtil.Query(sqlSsh) @@ -26,6 +27,7 @@ func Html(c *gin.Context) { resultDeep := dbUtil.Query(deepMysql) resultTelnet := dbUtil.Query(telnetMysql) resultFtp := dbUtil.Query(ftpMysql) + resultMemCache := dbUtil.Query(memCacheMysql) webSum := strconv.FormatInt(resultWeb[0]["sum"].(int64), 10) sshSum := strconv.FormatInt(resultSsh[0]["sum"].(int64), 10) @@ -34,6 +36,7 @@ func Html(c *gin.Context) { deepSum := strconv.FormatInt(resultDeep[0]["sum"].(int64), 10) telnetSum := strconv.FormatInt(resultTelnet[0]["sum"].(int64), 10) ftpSum := strconv.FormatInt(resultFtp[0]["sum"].(int64), 10) + memCacheSum := strconv.FormatInt(resultMemCache[0]["sum"].(int64), 10) // 读取服务运行状态 mysqlStatus := conf.Get("mysql", "status") @@ -44,23 +47,26 @@ func Html(c *gin.Context) { deepStatus := conf.Get("deep", "status") telnetStatus := conf.Get("telnet", "status") ftpStatus := conf.Get("ftp", "status") + memCacheStatus := conf.Get("mem_cache", "status") c.HTML(http.StatusOK, "dashboard.html", gin.H{ - "webSum": webSum, - "sshSum": sshSum, - "redisSum": redisSum, - "mysqlSum": mysqlSum, - "deepSum": deepSum, - "telnetSum": telnetSum, - "ftpSum": ftpSum, - "webStatus": webStatus, - "sshStatus": sshStatus, - "redisStatus": redisStatus, - "mysqlStatus": mysqlStatus, - "apiStatus": apiStatus, - "deepStatus": deepStatus, - "telnetStatus": telnetStatus, - "ftpStatus": ftpStatus, + "webSum": webSum, + "sshSum": sshSum, + "redisSum": redisSum, + "mysqlSum": mysqlSum, + "deepSum": deepSum, + "telnetSum": telnetSum, + "ftpSum": ftpSum, + "memCacheSum": memCacheSum, + "webStatus": webStatus, + "sshStatus": sshStatus, + "redisStatus": redisStatus, + "mysqlStatus": mysqlStatus, + "apiStatus": apiStatus, + "deepStatus": deepStatus, + "telnetStatus": telnetStatus, + "ftpStatus": ftpStatus, + "memCacheStatus": memCacheStatus, }) } @@ -213,16 +219,93 @@ func GetFishData(c *gin.Context) { telnetMap[resultTelnet[k]["hour"].(string)] = resultTelnet[k]["sum"].(int64) } + // 统计 MemCache + sqlMemCache := ` + SELECT + strftime("%H", create_time) AS hour, + sum(1) AS sum + FROM + hfish_info + WHERE + strftime('%s', datetime('now')) - strftime('%s', create_time) < (24 * 3600) + AND type="MEMCACHE" + GROUP BY + hour; + ` + + resultMemCache := dbUtil.Query(sqlMemCache) + + memCacheMap := make(map[string]int64) + for k := range resultMemCache { + memCacheMap[resultMemCache[k]["hour"].(string)] = resultMemCache[k]["sum"].(int64) + } + // 拼接 json s := map[string]map[string]int64{ - "web": webMap, - "ssh": sshMap, - "redis": redisMap, - "mysql": mysqlMap, - "deep": deepMap, - "ftp": ftpMap, - "telnet": telnetMap, + "web": webMap, + "ssh": sshMap, + "redis": redisMap, + "mysql": mysqlMap, + "deep": deepMap, + "ftp": ftpMap, + "telnet": telnetMap, + "memCache": memCacheMap, } c.JSON(http.StatusOK, error.ErrSuccessEdit(s)) } + +// 仪表盘攻击饼图统计 +func GetFishPieData(c *gin.Context) { + // 统计攻击地区 + sqlRegion := ` + SELECT + region, + count(1) AS sum + FROM + hfish_info + WHERE + region != "" + GROUP BY + region; + ` + + resultRegion := dbUtil.Query(sqlRegion) + + var regionList []map[string]string + + for k := range resultRegion { + regionMap := make(map[string]string) + regionMap["name"] = resultRegion[k]["region"].(string) + regionMap["value"] = strconv.FormatInt(resultRegion[k]["sum"].(int64), 10) + regionList = append(regionList, regionMap) + } + + // 统计攻击IP + sqlIP := ` + SELECT + ip, + count(1) AS sum + FROM + hfish_info + WHERE + ip != "" + GROUP BY + ip; + ` + resultIP := dbUtil.Query(sqlIP) + + var ipList []map[string]string + + for k := range resultIP { + ipMap := make(map[string]string) + ipMap["name"] = resultIP[k]["ip"].(string) + ipMap["value"] = strconv.FormatInt(resultIP[k]["sum"].(int64), 10) + ipList = append(ipList, ipMap) + } + + c.JSON(http.StatusOK, gin.H{ + "regionList": regionList, + "ipList": ipList, + }) +} diff --git a/view/url.go b/view/url.go index b0dd6a3..3b82680 100644 --- a/view/url.go +++ b/view/url.go @@ -23,6 +23,7 @@ func LoadUrl(r *gin.Engine) { r.GET("/", login.Jump, dashboard.Html) r.GET("/dashboard", login.Jump, dashboard.Html) r.GET("/get/dashboard/data", login.Jump, dashboard.GetFishData) + r.GET("/get/dashboard/pie_data", login.Jump, dashboard.GetFishPieData) // 蜜罐列表 r.GET("/fish", login.Jump, fish.Html)