Shikong/HFish
1
0
Fork 0
mirror of https://gitee.com/lauix/HFish synced 2025-05-11 12:28:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

~ Telnet 高交互完善

Browse Source 
~ Redis 蜜罐高交互完善
~ MemCache 蜜罐支持,支持高交互
~ HFish 插件支持,后续会开放超强蜜罐生态
This commit is contained in:
SanJin 2019-08-25 15:22:37 +08:00
parent b97dae897a
commit 259b400150
20 changed files with 654 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
admin/colony.html
View File

@ -63,13 +63,15 @@
<tr>
<th width="10%">集群名称</th>
<th width="10%">集群 IP</th>
<th width="10%" style="text-align: center;">WEB</th>
<th width="10%" style="text-align: center;">暗网</th>
<th width="10%" style="text-align: center;">SSH</th>
<th width="10%" style="text-align: center;">Redis</th>
<th width="10%" style="text-align: center;">Mysql</th>
<th width="10%" style="text-align: center;">Telnet</th>
<th width="10%" style="text-align: center;">FTP</th>
<th width="8%" style="text-align: center;">插件</th>
<th width="8%" style="text-align: center;">WEB</th>
<th width="8%" style="text-align: center;">暗网</th>
<th width="8%" style="text-align: center;">SSH</th>
<th width="8%" style="text-align: center;">Redis</th>
<th width="8%" style="text-align: center;">Mysql</th>
<th width="8%" style="text-align: center;">Telnet</th>
<th width="8%" style="text-align: center;">FTP</th>
<th width="8%" style="text-align: center;">MemCache</th>
<th width="1%"></th>
</tr>
</thead>
@ -129,6 +131,12 @@
_h += ' <td class="td agent_name"><span class="openx"></span>' + data[i].agent_name + '</td>';
_h += ' <td class="td"><span>' + data[i].agent_ip + '</span></td>';
if (data[i].plug_status == "1") {
_h += ' <td class="td" style="text-align: center;"><span class="openx"></span></td>';
} else {
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
}
if (data[i].web_status == "1") {
_h += ' <td class="td" style="text-align: center;"><span class="openx"></span></td>';
} else {
@ -171,6 +179,13 @@
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
}
if (data[i].mem_cache_status == "1") {
_h += ' <td class="td" style="text-align: center;"><span class="openx"></span></td>';
} else {
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
}
// if (data[i].http_status == "1") {
// _h += ' <td class="td" style="text-align: center;"><span class="openx"></span></td>';
// } else {
@ -190,6 +205,8 @@
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
_h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
// _h += ' <td class="td" style="text-align: center;"><span class="closex"></span></td>';
_h += ' <td class="td" style="text-align: center;">';
_h += ' <i class="fa fa-trash-o" onclick="del(' + data[i].id + ')"></i>';

161
admin/dashboard.html
View File

@ -4,6 +4,7 @@
font-weight: bold;
font-size: 18px;
margin-bottom: 30px;
color: #383838;
}
.openx {
@ -52,6 +53,9 @@
color: #000000;
}
.lb_mem_cache {
color: #3d9671;
}
</style>
<div class="row">
<div class="col-sm-12">
@ -95,7 +99,16 @@
</div>
</div>
<div class="col-xs-12 col-md-6 col-lg-6 col-xl-4">
<div class="col-xs-12 col-md-6 col-lg-6 col-xl-3">
<div class="card-box tilebox-two">
<i class="icon-social-pintarest pull-xs-right text-muted"></i>
<h6 class="lb_mem_cache text-uppercase m-b-15 m-t-10">MemCache 蜜罐</h6>
<h2 class="m-b-10"><span data-plugin="counterup">{{.memCacheSum}}</span></h2>
</div>
</div>
<div class="col-xs-12 col-md-6 col-lg-6 col-xl-3">
<div class="card-box tilebox-two">
<i class="icon-plane pull-xs-right text-muted"></i>
<h6 class="lb_telnet text-uppercase m-b-15 m-t-10">TELNET 蜜罐</h6>
@ -103,7 +116,7 @@
</div>
</div>
<div class="col-xs-12 col-md-6 col-lg-6 col-xl-4">
<div class="col-xs-12 col-md-6 col-lg-6 col-xl-3">
<div class="card-box tilebox-two">
<i class="icon-fire pull-xs-right text-muted"></i>
<h6 class="lb_web text-uppercase m-b-15 m-t-10">WEB 蜜罐</h6>
@ -111,7 +124,7 @@
</div>
</div>
<div class="col-xs-12 col-md-6 col-lg-6 col-xl-4">
<div class="col-xs-12 col-md-6 col-lg-6 col-xl-3">
<div class="card-box tilebox-two">
<i class="icon-globe pull-xs-right text-muted"></i>
<h6 class="lb_deep text-uppercase m-b-15 m-t-10">DEEP 蜜罐</h6>
@ -119,9 +132,8 @@
</div>
</div>
<div class="col-md-2">
<div class="card-box" style="height: 395px;">
<div class="card-box" style="height: 550px;">
<p class="title">服务状态</p>
<p><span class="openx"></span>ADMIN</p>
@ -131,6 +143,12 @@
<p><span class="closex"></span>API</p>
{{end}}
{{if eq .apiStatus "1"}}
<p><span class="openx"></span>PLUG</p>
{{else}}
<p><span class="closex"></span>PLUG</p>
{{end}}
{{if eq .webStatus "1"}}
<p><span class="openx"></span>WEB</p>
{{else}}
@ -173,12 +191,28 @@
<p><span class="closex"></span>FTP</p>
{{end}}
{{if eq .memCacheStatus "1"}}
<p><span class="openx"></span>MEMCACHE</p>
{{else}}
<p><span class="closex"></span>MEMCACHE</p>
{{end}}
</div>
</div>
<div class="col-md-10">
<div class="card-box">
<div id="myChart" style="width:100%;height:355px;"></div>
<div id="myChart" style="width:100%;height:200px;"></div>
</div>
</div>
<div class="col-md-5">
<div class="card-box">
<div id="myChart1" style="width:100%;height:250px;"></div>
</div>
</div>
<div class="col-md-5">
<div class="card-box">
<div id="myChart2" style="width:100%;height:250px;"></div>
</div>
</div>
</div>
@ -390,6 +424,33 @@
0
];
var memCacheData = [
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0
];
var myChart = echarts.init(document.getElementById('myChart'));
$.ajax({
@ -435,6 +496,12 @@
telnetData[index] = d.telnet[item];
}
for (var item in d.memCache) {
var index = xdata.indexOf(item);
memCacheData[index] = d.memCache[item];
}
var option = {
title: {
text: '最近24小时'
@ -449,7 +516,7 @@
}
},
legend: {
data: ['WEB', 'DEEP', 'SSH', 'REDIS', 'MYSQL', 'TELNET', 'FTP']
data: ['WEB', 'DEEP', 'SSH', 'REDIS', 'MYSQL', 'TELNET', 'FTP', 'MEMCACHE']
},
grid: {
left: '0%',
@ -518,6 +585,13 @@
stack: '总量',
areaStyle: {normal: {}},
data: ftpData
},
{
name: 'MEMCACHE',
type: 'line',
stack: '总量',
areaStyle: {normal: {}},
data: memCacheData
}
]
};
@ -527,4 +601,77 @@
});
var myChart1 = echarts.init(document.getElementById('myChart1'));
var myChart2 = echarts.init(document.getElementById('myChart2'));
$.ajax({
type: "GET",
url: "/get/dashboard/pie_data",
dataType: "json",
success: function (e) {
var d = e;
console.log(d);
var option = {
title: {
text: '攻击地区',
x: 'left'
},
tooltip: {
trigger: 'item',
formatter: "{a} <br/>{b} : {c} ({d}%)"
},
series: [
{
name: '来源地区',
type: 'pie',
radius: '70%',
center: ['50%', '50%'],
data: d.regionList,
itemStyle: {
emphasis: {
shadowBlur: 10,
shadowOffsetX: 0,
shadowColor: 'rgba(0, 0, 0, 0.5)'
}
}
}
]
};
myChart1.setOption(option);
var option = {
title: {
text: '攻击 IP',
x: 'left'
},
tooltip: {
trigger: 'item',
formatter: "{a} <br/>{b} : {c} ({d}%)"
},
series: [
{
name: '攻击者IP',
type: 'pie',
radius: '70%',
center: ['50%', '50%'],
data: d.ipList,
itemStyle: {
emphasis: {
shadowBlur: 10,
shadowOffsetX: 0,
shadowColor: 'rgba(0, 0, 0, 0.5)'
}
}
}
]
};
myChart2.setOption(option);
}
});
</script>

6
admin/fish.html
View File

@ -62,6 +62,10 @@
background-color: #000000;
}
.lb_mem_cache {
background-color: #3d9671;
}
.pre {
background: #2c2c31;
color: #4fe21b;
@ -358,6 +362,8 @@
_h += ' <span class="label lb_telnet">TELNET</span> ';
} else if (data[i].type == "DEEP") {
_h += ' <span class="label lb_deep">DEEP</span> ';
} else if (data[i].type == "MEMCACHE") {
_h += ' <span class="label lb_mem_cache">MEMCACHE</span> ';
}
_h += ' <span class="project">' + data[i].project_name + '</span>';

29
config.ini
View File

@ -9,11 +9,16 @@ account = admin # 登录账号
password = admin # 登录密码
[api]
status = 0 # 是否启动 API 1 启动 0 关闭
web_url = /api/v1/post/report # 管理后台启动地址
deep_url = /api/v1/post/deep_report # 管理后台启动地址
status = 0 # 是否启动 API 0 关闭 1 启动
web_url = /api/v1/post/report # WEB蜜罐上报 API
deep_url = /api/v1/post/deep_report # 暗网蜜罐上报 API
plug_url = /api/v1/post/plug_report # 插件蜜罐上报 API
sec_key = 9cbf8a4dcb8e30682b927f352d6559a0 # API 认证秘钥
[plug]
status = 0 # 是否启动 蜜罐插件 0 关闭 1 启动, 需要先启动 API
addr = 0.0.0.0:8989 # 蜜罐插件 启动地址
[web]
status = 0 # 是否启动 WEB 1 启动 0 关闭, 启动 API 后 WEB 方可上报结果
addr = 0.0.0.0:9000 # WEB 启动地址0.0.0.0 对外开放127.0.0.1 对内开放 可走 Nginx 反向代理
@ -31,27 +36,27 @@ static = deep/static # 暗网 WEB 静态文件路径
url = / # 暗网 WEB 访问目录,默认 / 可更改成 index.html index.asp index.php
[ssh]
status = 2 # 是否启动 SSH 0 关闭 1 低交互 2 高交互
status = 0 # 是否启动 SSH 0 关闭 1 低交互 2 高交互
addr = 0.0.0.0:22 # SSH 服务端地址 注意端口冲突,请先关闭服务器 openssh 服务 或 修改端口
[redis]
status = 1 # 是否启动 Redis 1 启动 0 关闭
status = 0 # 是否启动 Redis 0 关闭 1 启动
addr = 0.0.0.0:6379 # Redis 服务端地址 注意端口冲突
[mysql]
status = 0 # 是否启动 Mysql 1 启动 0 关闭
status = 0 # 是否启动 Mysql 0 关闭 1 启动
addr = 0.0.0.0:3306 # Mysql 服务端地址 注意端口冲突
files = /etc/passwd,/etc/group # Mysql 服务端读取客户端任意文件; 多写逗号分隔,会随机取
[telnet]
status = 0 # 是否启动 Telnet 1 启动 0 关闭
status = 0 # 是否启动 Telnet 0 关闭 1 启动
addr = 0.0.0.0:23 # Telnet 服务端地址 注意端口冲突
[ftp]
status = 0 # 是否启动 Ftp 1 启动 0 关闭
status = 0 # 是否启动 Ftp 0 关闭 1 启动
addr = 0.0.0.0:21 # Ftp 服务端地址 注意端口冲突
#[mem_cache]
#status = 0 # 是否启动 MemCache 1 启动 0 关闭
#addr = 0.0.0.0:11211 # Memcache 服务端地址 注意端口冲突
#rate_limit = 4 # 每秒响应次数
[mem_cache]
status = 1 # 是否启动 MemCache 0 关闭 1 启动
addr = 0.0.0.0:11211 # Memcache 服务端地址 注意端口冲突
rate_limit = 4 # 每秒响应次数

25
core/protocol/memcache/memcache.go
View File

@ -29,6 +29,9 @@ import (
"strconv"
"strings"
"time"
"HFish/utils/is"
"HFish/core/rpc/client"
"HFish/core/report"
)
var linkedHashMap = LinkedHashMap.NewLinkedHashMap()
@ -421,6 +424,18 @@ func tcpServer(address string, rateLimitChan chan int, exitChan chan int) {
skip := false
reader := bufio.NewReader(conn)
log.Printf("[Memcache TCP %d] Accepted a client socket from %s\n", trackID, conn.RemoteAddr().String())
arr := strings.Split(conn.RemoteAddr().String(), ":")
// 判断是否为 RPC 客户端
var id string
if is.Rpc() {
id = client.ReportResult("MEMCACHE", "", arr[0], conn.RemoteAddr().String()+" 已经连接", "0")
} else {
id = strconv.FormatInt(report.ReportMemCche(arr[0], "本机", conn.RemoteAddr().String()+" 已经连接"), 10)
}
for {
<-rateLimitChan
str, err := reader.ReadString('\n')
@ -435,6 +450,12 @@ func tcpServer(address string, rateLimitChan chan int, exitChan chan int) {
}
str = strings.TrimSpace(str)
if is.Rpc() {
go client.ReportResult("MEMCACHE", "", "", "&&"+str, id)
} else {
go report.ReportUpdateMemCche(id, "&&"+str)
}
log.Printf("[Memcache TCP %d] Client request: %s.\n", trackID, str)
args := strings.Split(str, " ")
function, exist := commands[args[0]]
@ -544,7 +565,9 @@ func Start(addr string, rateLimitStr string) {
// 将服务器并发运行
go tcpServer(addr, rateLimitChan, exitChan)
go udpServer(addr, rateLimitChan, exitChan)
// UPD 暂不支持
//go udpServer(addr, rateLimitChan, exitChan)
// 通道阻塞,等待接受返回值
code := <-exitChan

21
core/protocol/ssh/ssh.go
View File

@ -3,7 +3,6 @@ package ssh
import (
"github.com/gliderlabs/ssh"
"golang.org/x/crypto/ssh/terminal"
"fmt"
"io"
"strings"
"HFish/utils/is"
@ -14,8 +13,11 @@ import (
"HFish/utils/json"
"github.com/bitly/go-simplejson"
"HFish/utils/file"
"strconv"
)
var clientData map[string]string
func getJson() *simplejson.Json {
res, err := json.Get("ssh")
@ -26,6 +28,8 @@ func getJson() *simplejson.Json {
}
func Start(addr string) {
clientData = make(map[string]string)
ssh.ListenAndServe(
addr,
func(s ssh.Session) {
@ -47,7 +51,13 @@ func Start(addr string) {
output := file.ReadLibsText("ssh", fileName)
fmt.Println(line)
id := clientData[s.RemoteAddr().String()]
if is.Rpc() {
go client.ReportResult("SSH", "", "", "&&"+line, id)
} else {
go report.ReportUpdateSSH(id, "&&"+line)
}
io.WriteString(s, output+"\n")
}
@ -59,11 +69,13 @@ func Start(addr string) {
log.Pr("SSH", arr[0], "已经连接")
var id string
// 判断是否为 RPC 客户端
if is.Rpc() {
go client.ReportResult("SSH", "", arr[0], info, "0")
id = client.ReportResult("SSH", "", arr[0], info, "0")
} else {
go report.ReportSSH(arr[0], "本机", info)
id = strconv.FormatInt(report.ReportSSH(arr[0], "本机", info), 10)
}
sshStatus := conf.Get("ssh", "status")
@ -75,6 +87,7 @@ func Start(addr string) {
passwordx := res.Get("password")
if (accountx.MustString() == s.User() && passwordx.MustString() == password) {
clientData[s.RemoteAddr().String()] = id
return true
}
}

30
core/protocol/telnet/telnet.go
View File

@ -11,6 +11,9 @@ import (
"strconv"
"HFish/core/report"
"HFish/utils/log"
"github.com/bitly/go-simplejson"
"HFish/utils/json"
"HFish/utils/file"
)
// 服务端连接
@ -50,6 +53,15 @@ func server(address string, exitChan chan int) {
}
}
func getJson() *simplejson.Json {
res, err := json.Get("telnet")
if err != nil {
log.Pr("HFish", "127.0.0.1", "解析 Telnet JSON 文件失败", err)
}
return res
}
// 会话处理
func handleSession(conn net.Conn, exitChan chan int, id string) {
fmt.Println("Session started")
@ -65,7 +77,7 @@ func handleSession(conn net.Conn, exitChan chan int, id string) {
if is.Rpc() {
go client.ReportResult("TELNET", "", "", "&&"+str, id)
} else {
go report.ReportUpdateRedis(id, "&&"+str)
go report.ReportUpdateTelnet(id, "&&"+str)
}
if !processTelnetCommand(str, exitChan) {
@ -73,7 +85,17 @@ func handleSession(conn net.Conn, exitChan chan int, id string) {
break
}
conn.Write([]byte("OK" + "\r\n"))
res := getJson()
fileName := res.Get("command").Get(str).MustString()
if (fileName == "") {
fileName = res.Get("command").Get("default").MustString()
}
output := file.ReadLibsText("telnet", fileName)
conn.Write([]byte(output + "\r\n"))
} else {
// 发生错误
fmt.Println("Session closed")
@ -97,11 +119,7 @@ func processTelnetCommand(str string, exitChan chan int) bool {
exitChan <- 0
return false
}
// 打印输入的字符串
fmt.Println(str)
return true
}
func Start(addr string) {

46
core/report/report.go
View File

@ -111,7 +111,7 @@ func alert(id string, model string, typex string, projectName string, agent stri
}
// 上报 集群 状态
func ReportAgentStatus(agentName string, agentIp string, webStatus string, deepStatus string, sshStatus string, redisStatus string, mysqlStatus string, httpStatus string, telnetStatus string, ftpStatus string) {
func ReportAgentStatus(agentName string, agentIp string, webStatus string, deepStatus string, sshStatus string, redisStatus string, mysqlStatus string, httpStatus string, telnetStatus string, ftpStatus string, memCacheStatus string, plugStatus string) {
sql := `
INSERT INTO hfish_colony (
agent_name,
@ -124,24 +124,26 @@ func ReportAgentStatus(agentName string, agentIp string, webStatus string, deepS
http_status,
telnet_status,
ftp_status,
mem_cache_status,
plug_status,
last_update_time
)
VALUES
(?,?,?,?,?,?,?,?,?,?,?);
(?,?,?,?,?,?,?,?,?,?,?,?,?);
`
id := dbUtil.Insert(sql, agentName, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, time.Now().Format("2006-01-02 15:04:05"))
id := dbUtil.Insert(sql, agentName, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, memCacheStatus, plugStatus, time.Now().Format("2006-01-02 15:04:05"))
// 如果 ID 等于0 代表 该数据以及存在
if id == 0 {
sql := `
UPDATE hfish_colony
SET agent_ip = ?, web_status = ?, deep_status = ?, ssh_status = ?, redis_status = ?, mysql_status = ?, http_status = ?, telnet_status = ?, ftp_status = ?, last_update_time =?
SET agent_ip = ?, web_status = ?, deep_status = ?, ssh_status = ?, redis_status = ?, mysql_status = ?, http_status = ?, telnet_status = ?, ftp_status = ?, mem_cache_status = ?, plug_status = ?, last_update_time = ?
WHERE
agent_name =?;
`
dbUtil.Update(sql, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, time.Now().Format("2006-01-02 15:04:05"), agentName)
dbUtil.Update(sql, agentIp, webStatus, deepStatus, sshStatus, redisStatus, mysqlStatus, httpStatus, telnetStatus, ftpStatus, memCacheStatus, plugStatus, time.Now().Format("2006-01-02 15:04:05"), agentName)
}
}
@ -161,12 +163,28 @@ func ReportDeepWeb(projectName string, agent string, ipx string, info string) {
go alert(strconv.FormatInt(id, 10), "new", "DEEP", projectName, agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05"))
}
// 上报 蜜罐插件
func ReportPlugWeb(projectName string, agent string, ipx string, info string) {
country, region, city := ip.GetIp(ipx)
sql := `INSERT INTO hfish_info(type,project_name,agent,ip,country,region,city,info,create_time) values(?,?,?,?,?,?,?,?,?);`
id := dbUtil.Insert(sql, "PLUG", projectName, agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05"))
go alert(strconv.FormatInt(id, 10), "new", "PLUG", projectName, agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05"))
}
// 上报 SSH
func ReportSSH(ipx string, agent string, info string) {
func ReportSSH(ipx string, agent string, info string) int64 {
country, region, city := ip.GetIp(ipx)
sql := `INSERT INTO hfish_info(type,project_name,agent,ip,country,region,city,info,create_time) values(?,?,?,?,?,?,?,?,?);`
id := dbUtil.Insert(sql, "SSH", "SSH蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05"))
go alert(strconv.FormatInt(id, 10), "new", "SSH", "SSH蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05"))
return id
}
// 更新 SSH 操作
func ReportUpdateSSH(id string, info string) {
sql := `UPDATE hfish_info SET info = info||? WHERE id = ?;`
dbUtil.Update(sql, info, id)
go alert(id, "update", "SSH", "SSH蜜罐", "", "", "", "", "", info, time.Now().Format("2006-01-02 15:04:05"))
}
// 上报 Redis
@ -224,3 +242,19 @@ func ReportUpdateTelnet(id string, info string) {
dbUtil.Update(sql, info, id)
go alert(id, "update", "TELNET", "Telnet蜜罐", "", "", "", "", "", info, time.Now().Format("2006-01-02 15:04:05"))
}
// 上报 MemCache
func ReportMemCche(ipx string, agent string, info string) int64 {
country, region, city := ip.GetIp(ipx)
sql := `INSERT INTO hfish_info(type,project_name,agent,ip,country,region,city,info,create_time) values(?,?,?,?,?,?,?,?,?);`
id := dbUtil.Insert(sql, "MEMCACHE", "MemCache蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05"))
go alert(strconv.FormatInt(id, 10), "new", "MEMCACHE", "MemCache蜜罐", agent, ipx, country, region, city, info, time.Now().Format("2006-01-02 15:04:05"))
return id
}
// 更新 MemCache 操作
func ReportUpdateMemCche(id string, info string) {
sql := `UPDATE hfish_info SET info = info||? WHERE id = ?;`
dbUtil.Update(sql, info, id)
go alert(id, "update", "MEMCACHE", "MemCache蜜罐", "", "", "", "", "", info, time.Now().Format("2006-01-02 15:04:05"))
}

10
core/rpc/client/client.go
View File

@ -11,7 +11,7 @@ import (
type Status struct {
AgentIp string
AgentName string
Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp string
Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp, MemCahe, Plug string
}
// 上报结果结构
@ -39,7 +39,7 @@ func createClient() (*rpc.Client, string, bool) {
return client, ipArr[0], true
}
func reportStatus(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string) {
func reportStatus(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string, memCacheStatus string, plugStatus string) {
client, addr, boolStatus := createClient()
if boolStatus {
@ -56,6 +56,8 @@ func reportStatus(rpcName string, ftpStatus string, telnetStatus string, httpSta
httpStatus,
telnetStatus,
ftpStatus,
memCacheStatus,
plugStatus,
}
var reply string
@ -100,6 +102,6 @@ func ReportResult(typex string, projectName string, sourceIp string, info string
return ""
}
func Start(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string) {
reportStatus(rpcName, ftpStatus, telnetStatus, httpStatus, mysqlStatus, redisStatus, sshStatus, webStatus, darkStatus)
func Start(rpcName string, ftpStatus string, telnetStatus string, httpStatus string, mysqlStatus string, redisStatus string, sshStatus string, webStatus string, darkStatus string, memCacheStatus string, plugStatus string) {
reportStatus(rpcName, ftpStatus, telnetStatus, httpStatus, mysqlStatus, redisStatus, sshStatus, webStatus, darkStatus, memCacheStatus, plugStatus)
}

15
core/rpc/server/server.go
View File

@ -13,7 +13,7 @@ import (
type Status struct {
AgentIp string
AgentName string
Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp string
Web, Deep, Ssh, Redis, Mysql, Http, Telnet, Ftp, MemCahe, Plug string
}
// 上报结果结构
@ -44,6 +44,8 @@ func (t *HFishRPCService) ReportStatus(s *Status, reply *string) error {
s.Http,
s.Telnet,
s.Ftp,
s.MemCahe,
s.Plug,
)
return nil
@ -54,6 +56,8 @@ func (t *HFishRPCService) ReportResult(r *Result, reply *string) error {
var idx string
switch r.Type {
case "PLUG":
go report.ReportPlugWeb(r.ProjectName, r.AgentName, r.SourceIp, r.Info)
case "WEB":
go report.ReportWeb(r.ProjectName, r.AgentName, r.SourceIp, r.Info)
case "DEEP":
@ -81,8 +85,13 @@ func (t *HFishRPCService) ReportResult(r *Result, reply *string) error {
} else {
go report.ReportUpdateTelnet(r.Id, r.Info)
}
case "FTP":
go report.ReportFTP(r.SourceIp, r.AgentName, r.Info)
case "MEMCACHE":
if r.Id == "0" {
id := report.ReportMemCche(r.SourceIp, r.AgentName, r.Info)
idx = strconv.FormatInt(id, 10)
} else {
go report.ReportUpdateMemCche(r.Id, r.Info)
}
}
*reply = idx

BIN
db/hfish.db
View File

Binary file not shown.

2
libs/ssh/config.json
View File

@ -13,7 +13,7 @@
"hostname": "hostname",
"cat /etc/inittab": "inittab",
"cat /proc/meminfo": "meminfo",
"cat /proc/passwd": "passwd",
"cat /etc/passwd": "passwd",
"cat /etc/resolv.conf": "resolv",
"cat /proc/version": "version",
"ifconfig": "ifconfig",

23
libs/telnet/config.json
View File

@ -0,0 +1,23 @@
{
"command": {
"default": "default",
"ls": "ls",
"ls -all": "ls_all",
"arp": "arp",
"cat /proc/cpuinfo": "cpuinfo",
"cat /etc/group": "group",
"cat /etc/hosts": "hosts",
"hostname": "hostname",
"cat /etc/inittab": "inittab",
"cat /proc/meminfo": "meminfo",
"cat /etc/passwd": "passwd",
"cat /etc/resolv.conf": "resolv",
"cat /proc/version": "version",
"ifconfig": "ifconfig",
"df -h": "df_h",
"df": "df",
"wget": "wget",
"ll": "ll",
"ll -h": "ll_h"
}
}

0
libs/telnet/ls.hfish
View File

123
logs/hfish.log
View File

@ -1 +1,122 @@
[SSH] 127.0.0.1 - [2019-08-25 00:17:23] 已经连接 []
[HFish] 127.0.0.1 - [2019-08-25 15:19:44] "GET /setting HTTP/1.1 200 3.868203ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:19:44 | 200 | 3.950528ms | 127.0.0.1 | GET /setting
[HFish] 127.0.0.1 - [2019-08-25 15:19:44] "GET /static/favicon.ico HTTP/1.1 200 5.045725ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:19:44 | 200 | 5.09216ms | 127.0.0.1 | GET /static/favicon.ico
[HFish] 127.0.0.1 - [2019-08-25 15:19:45] "GET /colony HTTP/1.1 200 2.069057ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:19:45 | 200 | 2.111292ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:19:45] "GET /get/colony/list HTTP/1.1 200 1.17125ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:19:45 | 200 | 1.213546ms | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:20:06] "GET /colony HTTP/1.1 200 2.339492ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:06 | 200 | 2.397969ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:20:06] "GET /get/colony/list HTTP/1.1 200 813.84µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:06 | 200 | 853.996µs | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:20:06] "GET /static/favicon.ico HTTP/1.1 200 634.548µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:06 | 200 | 754.254µs | 127.0.0.1 | GET /static/favicon.ico
[HFish] 127.0.0.1 - [2019-08-25 15:20:20] "GET /colony HTTP/1.1 200 3.28396ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:20 | 200 | 3.343365ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:20:20] "GET /get/colony/list HTTP/1.1 200 846.762µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:20 | 200 | 888.242µs | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:20:20] "GET /static/favicon.ico HTTP/1.1 200 201.18µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:20 | 200 | 255.766µs | 127.0.0.1 | GET /static/favicon.ico
[HFish] 127.0.0.1 - [2019-08-25 15:20:34] "GET /colony HTTP/1.1 200 1.834003ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:34 | 200 | 1.884242ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:20:34] "GET /get/colony/list HTTP/1.1 200 1.16712ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:34 | 200 | 1.261211ms | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:20:34] "GET /static/favicon.ico HTTP/1.1 200 230.866µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:20:34 | 200 | 309.926µs | 127.0.0.1 | GET /static/favicon.ico
[HFish] 127.0.0.1 - [2019-08-25 15:21:15] "GET /colony HTTP/1.1 200 2.065056ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:15 | 200 | 2.142428ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:21:15] "GET /get/colony/list HTTP/1.1 200 1.166819ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:15 | 200 | 1.204985ms | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:21:15] "GET /static/favicon.ico HTTP/1.1 200 372.689µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:15 | 200 | 483.119µs | 127.0.0.1 | GET /static/favicon.ico
[HFish] 127.0.0.1 - [2019-08-25 15:21:26] "GET /colony HTTP/1.1 200 2.842474ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:26 | 200 | 2.895649ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:21:26] "GET /get/colony/list HTTP/1.1 200 1.131351ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:26 | 200 | 1.172075ms | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:21:27] "GET /static/favicon.ico HTTP/1.1 200 197.309µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:27 | 200 | 272.561µs | 127.0.0.1 | GET /static/favicon.ico
[HFish] 127.0.0.1 - [2019-08-25 15:21:28] "GET /dashboard HTTP/1.1 200 6.180131ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:28 | 200 | 6.225546ms | 127.0.0.1 | GET /dashboard
[HFish] 127.0.0.1 - [2019-08-25 15:21:29] "GET /get/dashboard/pie_data HTTP/1.1 200 2.308906ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:29 | 200 | 2.354239ms | 127.0.0.1 | GET /get/dashboard/pie_data
[HFish] 127.0.0.1 - [2019-08-25 15:21:29] "GET /get/dashboard/data HTTP/1.1 200 8.919782ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:29 | 200 | 9.03726ms | 127.0.0.1 | GET /get/dashboard/data
[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /fish HTTP/1.1 200 2.087863ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:35 | 200 | 2.129194ms | 127.0.0.1 | GET /fish
[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /static/libs/page/jquery.sPage.css HTTP/1.1 304 129.35µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:35 | 304 | 178.971µs | 127.0.0.1 | GET /static/libs/page/jquery.sPage.css
[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.135393ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:35 | 200 | 2.186183ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text=
[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /get/fish/typeList HTTP/1.1 200 1.882745ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:35 | 200 | 1.916116ms | 127.0.0.1 | GET /get/fish/typeList
[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /colony HTTP/1.1 200 3.112042ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:35 | 200 | 3.173845ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:21:35] "GET /get/colony/list HTTP/1.1 200 749.659µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:35 | 200 | 783.463µs | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:21:36] "GET /mail HTTP/1.1 200 2.047757ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:36 | 200 | 8.821724ms | 127.0.0.1 | GET /mail
[HFish] 127.0.0.1 - [2019-08-25 15:21:36] "GET /setting HTTP/1.1 200 2.663358ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:36 | 200 | 2.703441ms | 127.0.0.1 | GET /setting
[HFish] 127.0.0.1 - [2019-08-25 15:21:37] "GET /mail HTTP/1.1 200 1.496658ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:37 | 200 | 1.537187ms | 127.0.0.1 | GET /mail
[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /colony HTTP/1.1 200 3.282241ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:38 | 200 | 3.357717ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /get/colony/list HTTP/1.1 200 795.657µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:38 | 200 | 831.698µs | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /fish HTTP/1.1 200 1.913492ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:38 | 200 | 1.952857ms | 127.0.0.1 | GET /fish
[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /get/fish/typeList HTTP/1.1 200 2.025435ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:38 | 200 | 2.065044ms | 127.0.0.1 | GET /get/fish/typeList
[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.227488ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:38 | 200 | 2.329691ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text=
[HFish] 127.0.0.1 - [2019-08-25 15:21:38] "GET /dashboard HTTP/1.1 200 6.336137ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:38 | 200 | 6.376156ms | 127.0.0.1 | GET /dashboard
[HFish] 127.0.0.1 - [2019-08-25 15:21:39] "GET /get/dashboard/pie_data HTTP/1.1 200 2.803106ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:39 | 200 | 2.845759ms | 127.0.0.1 | GET /get/dashboard/pie_data
[HFish] 127.0.0.1 - [2019-08-25 15:21:39] "GET /get/dashboard/data HTTP/1.1 200 7.006924ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:39 | 200 | 7.067156ms | 127.0.0.1 | GET /get/dashboard/data
[HFish] 127.0.0.1 - [2019-08-25 15:21:45] "GET /fish HTTP/1.1 200 1.898809ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:45 | 200 | 1.955998ms | 127.0.0.1 | GET /fish
[HFish] 127.0.0.1 - [2019-08-25 15:21:45] "GET /get/fish/typeList HTTP/1.1 200 2.33959ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:45 | 200 | 2.388269ms | 127.0.0.1 | GET /get/fish/typeList
[HFish] 127.0.0.1 - [2019-08-25 15:21:45] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.54735ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:45 | 200 | 2.60593ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text=
[HFish] 127.0.0.1 - [2019-08-25 15:21:46] "GET /colony HTTP/1.1 200 1.838044ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:46 | 200 | 1.873524ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:21:46] "GET /get/colony/list HTTP/1.1 200 1.038366ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:46 | 200 | 1.983434ms | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:21:47] "GET /mail HTTP/1.1 200 1.773735ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:47 | 200 | 1.81538ms | 127.0.0.1 | GET /mail
[HFish] 127.0.0.1 - [2019-08-25 15:21:48] "GET /setting HTTP/1.1 200 3.122959ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:48 | 200 | 3.162942ms | 127.0.0.1 | GET /setting
[HFish] 127.0.0.1 - [2019-08-25 15:21:49] "GET /mail HTTP/1.1 200 1.472018ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:49 | 200 | 1.522748ms | 127.0.0.1 | GET /mail
[HFish] 127.0.0.1 - [2019-08-25 15:21:49] "GET /setting HTTP/1.1 200 2.636284ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:49 | 200 | 2.685672ms | 127.0.0.1 | GET /setting
[HFish] 127.0.0.1 - [2019-08-25 15:21:50] "GET /colony HTTP/1.1 200 2.267542ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:50 | 200 | 2.306864ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:21:50] "GET /get/colony/list HTTP/1.1 200 754.628µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:50 | 200 | 785.658µs | 127.0.0.1 | GET /get/colony/list
[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /fish HTTP/1.1 200 1.928452ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:51 | 200 | 1.970332ms | 127.0.0.1 | GET /fish
[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/fish/typeList HTTP/1.1 200 2.122325ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:51 | 200 | 2.160561ms | 127.0.0.1 | GET /get/fish/typeList
[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 2.315912ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:51 | 200 | 2.33972ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text=
[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /dashboard HTTP/1.1 200 7.733019ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:51 | 200 | 7.799823ms | 127.0.0.1 | GET /dashboard
[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/dashboard/pie_data HTTP/1.1 200 2.088386ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:51 | 200 | 2.119638ms | 127.0.0.1 | GET /get/dashboard/pie_data
[HFish] 127.0.0.1 - [2019-08-25 15:21:51] "GET /get/dashboard/data HTTP/1.1 200 6.821703ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:51 | 200 | 6.872761ms | 127.0.0.1 | GET /get/dashboard/data
[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /fish HTTP/1.1 200 2.762985ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:52 | 200 | 2.815749ms | 127.0.0.1 | GET /fish
[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /get/fish/typeList HTTP/1.1 200 2.984472ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:52 | 200 | 3.069217ms | 127.0.0.1 | GET /get/fish/typeList
[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text= HTTP/1.1 200 3.0926ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:52 | 200 | 3.131943ms | 127.0.0.1 | GET /get/fish/list?page=1&pageSize=10&type=all&colony=all&so_text=
[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /colony HTTP/1.1 200 2.021751ms "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:52 | 200 | 2.060145ms | 127.0.0.1 | GET /colony
[HFish] 127.0.0.1 - [2019-08-25 15:21:52] "GET /get/colony/list HTTP/1.1 200 977.794µs "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" "
[GIN] 2019/08/25 - 15:21:52 | 200 | 1.020393ms | 127.0.0.1 | GET /get/colony/list

56
utils/setting/setting.go
View File

@ -20,6 +20,7 @@ import (
"HFish/core/rpc/client"
"HFish/view/api"
"HFish/utils/cors"
"HFish/core/protocol/memcache"
)
func RunWeb(template string, index string, static string, url string) http.Handler {
@ -78,6 +79,24 @@ func RunDeep(template string, index string, static string, url string) http.Hand
return r
}
func RunPlug() http.Handler {
r := gin.New()
r.Use(gin.Recovery())
// API 启用状态
apiStatus := conf.Get("api", "status")
// 判断 API 是否启用
if apiStatus == "1" {
// 启动 蜜罐插件 API
r.Use(cors.Cors())
plugUrl := conf.Get("api", "plug_url")
r.POST(plugUrl, api.ReportPlugWeb)
}
return r
}
func RunAdmin() http.Handler {
gin.DisableConsoleColor()
@ -117,14 +136,14 @@ func RunAdmin() http.Handler {
func Run() {
// 启动 MemCache 蜜罐
//memCacheStatus := conf.Get("mem_cache", "status")
//
//// 判断 MemCache 蜜罐 是否开启
//if memCacheStatus == "1" {
// memCacheRateLimit := conf.Get("mem_cache", "rate_limit")
// memCacheAddr := conf.Get("mem_cache", "addr")
// go memcache.Start(memCacheAddr, memCacheRateLimit)
//}
memCacheStatus := conf.Get("mem_cache", "status")
// 判断 MemCache 蜜罐 是否开启
if memCacheStatus == "1" {
memCacheAddr := conf.Get("mem_cache", "addr")
memCacheRateLimit := conf.Get("mem_cache", "rate_limit")
go memcache.Start(memCacheAddr, memCacheRateLimit)
}
//=========================//
@ -244,6 +263,25 @@ func Run() {
//=========================//
// 启动 蜜罐插件
plugStatus := conf.Get("plug", "status")
// 判断 蜜罐插件 是否开启
if plugStatus != "0" {
plugAddr := conf.Get("plug", "addr")
serverPlug := &http.Server{
Addr: plugAddr,
Handler: RunPlug(),
ReadTimeout: 5 * time.Second,
WriteTimeout: 10 * time.Second,
}
go serverPlug.ListenAndServe()
}
//=========================//
// 启动 RPC
rpcStatus := conf.Get("rpc", "status")
@ -260,7 +298,7 @@ func Run() {
for {
// 这样写 提高IO读写性能
go client.Start(rpcName, ftpStatus, telnetStatus, "0", mysqlStatus, redisStatus, sshStatus, webStatus, deepStatus)
go client.Start(rpcName, ftpStatus, telnetStatus, "0", mysqlStatus, redisStatus, sshStatus, webStatus, deepStatus, memCacheStatus, plugStatus)
time.Sleep(time.Duration(1) * time.Minute)
}

27
view/api/view.go
View File

@ -59,14 +59,37 @@ func ReportDeepWeb(c *gin.Context) {
}
}
// 获取记录黑客IP
// 蜜罐插件API
func ReportPlugWeb(c *gin.Context) {
name := c.PostForm("name")
info := c.PostForm("info")
secKey := c.PostForm("sec_key")
ip := c.PostForm("ip")
apiSecKey := conf.Get("api", "sec_key")
if secKey != apiSecKey {
c.JSON(http.StatusOK, error.ErrFailApiKey())
} else {
// 判断是否为 RPC 客户端
if is.Rpc() {
go client.ReportResult("PLUG", name, ip, info, "0")
} else {
go report.ReportPlugWeb(name, "本机", ip, info)
}
c.JSON(http.StatusOK, error.ErrSuccessNull())
}
}
// 获取黑名单 黑客IP 列表
func GetIpList(c *gin.Context) {
sql := `select ip from hfish_info GROUP BY ip;`
result := dbUtil.Query(sql)
c.JSON(http.StatusOK, error.ErrSuccess(result))
}
// 获取记录黑客IP
// 获取钓鱼列表 API
func GetFishInfo(c *gin.Context) {
sql := `select * from hfish_info ORDER BY id desc`
result := dbUtil.Query(sql)

2
view/colony/view.go
View File

@ -26,6 +26,8 @@ func GetColony(c *gin.Context) {
http_status,
telnet_status,
ftp_status,
mem_cache_status,
plug_status,
last_update_time
FROM
hfish_colony

83
view/dashboard/view.go
View File

@ -18,6 +18,7 @@ func Html(c *gin.Context) {
deepMysql := `select count(1) as sum from hfish_info where type="DEEP";`
telnetMysql := `select count(1) as sum from hfish_info where type="TELNET";`
ftpMysql := `select count(1) as sum from hfish_info where type="FTP";`
memCacheMysql := `select count(1) as sum from hfish_info where type="MEMCACHE";`
resultWeb := dbUtil.Query(sqlWeb)
resultSsh := dbUtil.Query(sqlSsh)
@ -26,6 +27,7 @@ func Html(c *gin.Context) {
resultDeep := dbUtil.Query(deepMysql)
resultTelnet := dbUtil.Query(telnetMysql)
resultFtp := dbUtil.Query(ftpMysql)
resultMemCache := dbUtil.Query(memCacheMysql)
webSum := strconv.FormatInt(resultWeb[0]["sum"].(int64), 10)
sshSum := strconv.FormatInt(resultSsh[0]["sum"].(int64), 10)
@ -34,6 +36,7 @@ func Html(c *gin.Context) {
deepSum := strconv.FormatInt(resultDeep[0]["sum"].(int64), 10)
telnetSum := strconv.FormatInt(resultTelnet[0]["sum"].(int64), 10)
ftpSum := strconv.FormatInt(resultFtp[0]["sum"].(int64), 10)
memCacheSum := strconv.FormatInt(resultMemCache[0]["sum"].(int64), 10)
// 读取服务运行状态
mysqlStatus := conf.Get("mysql", "status")
@ -44,6 +47,7 @@ func Html(c *gin.Context) {
deepStatus := conf.Get("deep", "status")
telnetStatus := conf.Get("telnet", "status")
ftpStatus := conf.Get("ftp", "status")
memCacheStatus := conf.Get("mem_cache", "status")
c.HTML(http.StatusOK, "dashboard.html", gin.H{
"webSum": webSum,
@ -53,6 +57,7 @@ func Html(c *gin.Context) {
"deepSum": deepSum,
"telnetSum": telnetSum,
"ftpSum": ftpSum,
"memCacheSum": memCacheSum,
"webStatus": webStatus,
"sshStatus": sshStatus,
"redisStatus": redisStatus,
@ -61,6 +66,7 @@ func Html(c *gin.Context) {
"deepStatus": deepStatus,
"telnetStatus": telnetStatus,
"ftpStatus": ftpStatus,
"memCacheStatus": memCacheStatus,
})
}
@ -213,6 +219,27 @@ func GetFishData(c *gin.Context) {
telnetMap[resultTelnet[k]["hour"].(string)] = resultTelnet[k]["sum"].(int64)
}
// 统计 MemCache
sqlMemCache := `
SELECT
strftime("%H", create_time) AS hour,
sum(1) AS sum
FROM
hfish_info
WHERE
strftime('%s', datetime('now')) - strftime('%s', create_time) < (24 * 3600)
AND type="MEMCACHE"
GROUP BY
hour;
`
resultMemCache := dbUtil.Query(sqlMemCache)
memCacheMap := make(map[string]int64)
for k := range resultMemCache {
memCacheMap[resultMemCache[k]["hour"].(string)] = resultMemCache[k]["sum"].(int64)
}
// 拼接 json
s := map[string]map[string]int64{
"web": webMap,
@ -222,7 +249,63 @@ func GetFishData(c *gin.Context) {
"deep": deepMap,
"ftp": ftpMap,
"telnet": telnetMap,
"memCache": memCacheMap,
}
c.JSON(http.StatusOK, error.ErrSuccessEdit(s))
}
// 仪表盘攻击饼图统计
func GetFishPieData(c *gin.Context) {
// 统计攻击地区
sqlRegion := `
SELECT
region,
count(1) AS sum
FROM
hfish_info
WHERE
region != ""
GROUP BY
region;
`
resultRegion := dbUtil.Query(sqlRegion)
var regionList []map[string]string
for k := range resultRegion {
regionMap := make(map[string]string)
regionMap["name"] = resultRegion[k]["region"].(string)
regionMap["value"] = strconv.FormatInt(resultRegion[k]["sum"].(int64), 10)
regionList = append(regionList, regionMap)
}
// 统计攻击IP
sqlIP := `
SELECT
ip,
count(1) AS sum
FROM
hfish_info
WHERE
ip != ""
GROUP BY
ip;
`
resultIP := dbUtil.Query(sqlIP)
var ipList []map[string]string
for k := range resultIP {
ipMap := make(map[string]string)
ipMap["name"] = resultIP[k]["ip"].(string)
ipMap["value"] = strconv.FormatInt(resultIP[k]["sum"].(int64), 10)
ipList = append(ipList, ipMap)
}
c.JSON(http.StatusOK, gin.H{
"regionList": regionList,
"ipList": ipList,
})
}

1
view/url.go
View File

@ -23,6 +23,7 @@ func LoadUrl(r *gin.Engine) {
r.GET("/", login.Jump, dashboard.Html)
r.GET("/dashboard", login.Jump, dashboard.Html)
r.GET("/get/dashboard/data", login.Jump, dashboard.GetFishData)
r.GET("/get/dashboard/pie_data", login.Jump, dashboard.GetFishPieData)
// 蜜罐列表
r.GET("/fish", login.Jump, fish.Html)