├── img ├── 效果.png ├── 配置.png ├── MCP.png ├── tch.png ├── 攻击链.jpg ├── 调用链1.png ├── 外部MCP接入.png ├── mcp-stdio1.png └── mcp-stdio2.png ├── web └── static │ ├── logo.png │ └── favicon.ico ├── requirements.txt ├── tools ├── cat.yaml ├── api-schema-analyzer.yaml ├── wpscan.yaml ├── enum4linux.yaml ├── checksec.yaml ├── wafw00f.yaml ├── ropgadget.yaml ├── xsser.yaml ├── delete-file.yaml ├── fierce.yaml ├── wfuzz.yaml ├── strings.yaml ├── binwalk.yaml ├── john.yaml ├── objdump.yaml ├── subfinder.yaml ├── jwt-analyzer.yaml ├── amass.yaml ├── autorecon.yaml ├── dotdotpwn.yaml ├── one-gadget.yaml ├── smbmap.yaml ├── ffuf.yaml ├── mimikatz.yaml ├── gdb.yaml ├── dnsenum.yaml ├── xxd.yaml ├── feroxbuster.yaml ├── volatility.yaml ├── hakrawler.yaml ├── list-files.yaml ├── foremost.yaml ├── nuclei.yaml ├── arp-scan.yaml ├── pacu.yaml ├── stegsolve.yaml ├── volatility3.yaml ├── nbtscan.yaml ├── clair.yaml ├── waybackurls.yaml ├── linpeas.yaml ├── winpeas.yaml ├── docker-bench-security.yaml ├── cloudmapper.yaml ├── hashpump.yaml ├── zsteg.yaml ├── gau.yaml ├── paramspider.yaml ├── burpsuite.yaml ├── gdb-peda.yaml ├── gobuster.yaml ├── pwninit.yaml ├── cyberchef.yaml ├── hashcat.yaml ├── rustscan.yaml ├── pdfcrack.yaml ├── falco.yaml ├── ghidra.yaml ├── graphql-scanner.yaml ├── hydra.yaml ├── katana.yaml ├── scout-suite.yaml ├── checkov.yaml ├── kube-bench.yaml ├── jaeles.yaml ├── netexec.yaml ├── x8.yaml ├── steghide.yaml ├── msfvenom.yaml ├── dirsearch.yaml ├── masscan.yaml ├── trivy.yaml ├── dalfox.yaml ├── exiftool.yaml ├── arjun.yaml ├── prowler.yaml ├── kube-hunter.yaml ├── ropper.yaml ├── uro.yaml ├── nikto.yaml ├── terrascan.yaml ├── bloodhound.yaml ├── metasploit.yaml ├── fcrackzip.yaml ├── zap.yaml ├── anew.yaml ├── hash-identifier.yaml ├── qsreplace.yaml ├── modify-file.yaml ├── create-file.yaml ├── enum4linux-ng.yaml ├── pwntools.yaml ├── nmap-advanced.yaml ├── libc-database.yaml ├── responder.yaml ├── dirb.yaml ├── exec.yaml ├── httpx.yaml ├── impacket.yaml ├── install-python-package.yaml ├── angr.yaml ├── nmap.yaml ├── execute-python-script.yaml ├── rpcclient.yaml ├── sqlmap.yaml ├── api-fuzzer.yaml ├── query-execution-result.yaml └── http-intruder.yaml ├── cmd ├── server │ └── main.go ├── mcp-stdio │ └── main.go ├── test-config │ └── main.go └── test-external-mcp │ └── main.go ├── run.sh ├── internal ├── security │ ├── auth_middleware.go │ └── auth_manager.go ├── logger │ └── logger.go ├── handler │ ├── conversation.go │ ├── task_manager.go │ ├── auth.go │ └── attackchain.go ├── openai │ └── openai.go └── database │ └── attackchain.go ├── go.mod └── config.yaml /img/效果.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/效果.png -------------------------------------------------------------------------------- /img/配置.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/配置.png -------------------------------------------------------------------------------- /img/MCP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/MCP.png -------------------------------------------------------------------------------- /img/tch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/tch.png -------------------------------------------------------------------------------- /img/攻击链.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/攻击链.jpg -------------------------------------------------------------------------------- /img/调用链1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/调用链1.png -------------------------------------------------------------------------------- /img/外部MCP接入.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/外部MCP接入.png -------------------------------------------------------------------------------- /img/mcp-stdio1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/mcp-stdio1.png -------------------------------------------------------------------------------- /img/mcp-stdio2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/img/mcp-stdio2.png -------------------------------------------------------------------------------- /web/static/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/web/static/logo.png -------------------------------------------------------------------------------- /web/static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ed1s0nZ/CyberStrikeAI/HEAD/web/static/favicon.ico -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # Python HTTP helpers leveraged by tools like api-fuzzer, dnslog, http-intruder, http-framework-test 2 | requests>=2.32.3 3 | httpx>=0.27.0 4 | charset-normalizer>=3.3.2 5 | chardet>=5.2.0 6 | 7 | # Python exploitation / analysis frameworks referenced by tool recipes 8 | angr>=9.2.96 9 | # pwntools>=4.12.0 10 | arjun>=2.2.0 11 | uro>=1.0.2 12 | 13 | bloodhound>=1.6.1 14 | impacket>=0.11.0 15 | -------------------------------------------------------------------------------- /tools/cat.yaml: -------------------------------------------------------------------------------- 1 | name: "cat" 2 | enabled: true 3 | command: "cat" 4 | short_description: "读取并输出文件内容" 5 | description: | 6 | 读取文件内容并输出到标准输出。用于查看文件内容。 7 | 8 | **使用场景:** 9 | - 查看文本文件内容 10 | - 读取配置文件 11 | - 查看日志文件 12 | 13 | **注意事项:** 14 | - 如果文件很大,结果可能会被保存到存储中 15 | - 只能读取文本文件,二进制文件可能显示乱码 16 | parameters: 17 | - name: "file" 18 | type: "string" 19 | description: "要读取的文件路径" 20 | required: true 21 | format: "positional" 22 | position: 0 23 | -------------------------------------------------------------------------------- /tools/api-schema-analyzer.yaml: -------------------------------------------------------------------------------- 1 | name: "api-schema-analyzer" 2 | command: "spectral" 3 | args: ["lint"] 4 | enabled: true 5 | short_description: "API模式分析工具,识别潜在安全问题" 6 | description: | 7 | 调用 `spectral lint` 对 OpenAPI/Swagger/GraphQL 模式进行静态分析,可结合自定义规则集或输出格式。 8 | parameters: 9 | - name: "schema_url" 10 | type: "string" 11 | description: "API模式文件或URL(传递给 spectral lint 的目标)" 12 | required: true 13 | position: 0 14 | format: "positional" 15 | - name: "additional_args" 16 | type: "string" 17 | description: | 18 | 额外的 Spectral 参数,例如 `--ruleset`, `--format`, `--fail-severity` 等。 19 | required: false 20 | format: "positional" 21 | -------------------------------------------------------------------------------- /tools/wpscan.yaml: -------------------------------------------------------------------------------- 1 | name: "wpscan" 2 | command: "wpscan" 3 | enabled: true 4 | short_description: "WordPress安全扫描器,用于检测WordPress漏洞" 5 | description: | 6 | WPScan是专门用于WordPress安全扫描的工具,可以检测主题、插件和核心漏洞。 7 | 8 | **主要功能:** 9 | - WordPress核心漏洞检测 10 | - 主题和插件漏洞扫描 11 | - 用户枚举 12 | - 密码暴力破解 13 | - 安全配置检查 14 | 15 | **使用场景:** 16 | - WordPress安全评估 17 | - 漏洞扫描 18 | - 渗透测试 19 | - 安全审计 20 | parameters: 21 | - name: "url" 22 | type: "string" 23 | description: "WordPress站点URL" 24 | required: true 25 | flag: "--url" 26 | format: "flag" 27 | - name: "additional_args" 28 | type: "string" 29 | description: "额外的WPScan参数" 30 | required: false 31 | format: "positional" 32 | -------------------------------------------------------------------------------- /tools/enum4linux.yaml: -------------------------------------------------------------------------------- 1 | name: "enum4linux" 2 | command: "enum4linux" 3 | enabled: true 4 | short_description: "SMB枚举工具,用于Windows/Samba系统信息收集" 5 | description: | 6 | Enum4linux是一个用于枚举SMB共享和Windows系统信息的工具。 7 | 8 | **主要功能:** 9 | - SMB共享枚举 10 | - 用户和组枚举 11 | - 密码策略信息 12 | - 系统信息收集 13 | 14 | **使用场景:** 15 | - Windows系统渗透测试 16 | - SMB安全评估 17 | - 网络信息收集 18 | - 域环境侦察 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP地址" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "additional_args" 27 | type: "string" 28 | description: "额外的Enum4linux参数(默认:-a)" 29 | required: false 30 | default: "-a" 31 | format: "positional" 32 | -------------------------------------------------------------------------------- /cmd/server/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "cyberstrike-ai/internal/app" 5 | "cyberstrike-ai/internal/config" 6 | "cyberstrike-ai/internal/logger" 7 | "flag" 8 | "fmt" 9 | ) 10 | 11 | func main() { 12 | var configPath = flag.String("config", "config.yaml", "配置文件路径") 13 | flag.Parse() 14 | 15 | // 加载配置 16 | cfg, err := config.Load(*configPath) 17 | if err != nil { 18 | fmt.Printf("加载配置失败: %v\n", err) 19 | return 20 | } 21 | 22 | // 初始化日志 23 | log := logger.New(cfg.Log.Level, cfg.Log.Output) 24 | 25 | // 创建应用 26 | application, err := app.New(cfg, log) 27 | if err != nil { 28 | log.Fatal("应用初始化失败", "error", err) 29 | } 30 | 31 | // 启动服务器 32 | if err := application.Run(); err != nil { 33 | log.Fatal("服务器启动失败", "error", err) 34 | } 35 | } 36 | 37 | -------------------------------------------------------------------------------- /tools/checksec.yaml: -------------------------------------------------------------------------------- 1 | name: "checksec" 2 | command: "checksec" 3 | enabled: true 4 | short_description: "二进制安全特性检查工具" 5 | description: | 6 | Checksec是一个用于检查二进制文件安全特性的工具。 7 | 8 | **主要功能:** 9 | - 安全特性检查 10 | - 保护机制检测 11 | - 多种架构支持 12 | - 详细报告 13 | 14 | **使用场景:** 15 | - 二进制安全分析 16 | - 保护机制检查 17 | - 漏洞研究 18 | - 安全评估 19 | parameters: 20 | - name: "binary" 21 | type: "string" 22 | description: "要检查的二进制文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "additional_args" 27 | type: "string" 28 | description: | 29 | 额外的checksec参数。用于传递未在参数列表中定义的checksec选项。 30 | 31 | **示例值:** 32 | - 根据工具特性添加常用参数示例 33 | 34 | **注意事项:** 35 | - 多个参数用空格分隔 36 | - 确保参数格式正确,避免命令注入 37 | - 此参数会直接追加到命令末尾 38 | required: false 39 | format: "positional" 40 | -------------------------------------------------------------------------------- /tools/wafw00f.yaml: -------------------------------------------------------------------------------- 1 | name: "wafw00f" 2 | command: "wafw00f" 3 | enabled: true 4 | short_description: "WAF识别和指纹识别工具" 5 | description: | 6 | Wafw00f是一个Web应用防火墙(WAF)识别和指纹识别工具。 7 | 8 | **主要功能:** 9 | - WAF检测 10 | - WAF指纹识别 11 | - 多种WAF支持 12 | - 绕过技术检测 13 | 14 | **使用场景:** 15 | - WAF识别 16 | - 安全测试 17 | - 渗透测试 18 | - 安全评估 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标URL或IP" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "additional_args" 27 | type: "string" 28 | description: | 29 | 额外的wafw00f参数。用于传递未在参数列表中定义的wafw00f选项。 30 | 31 | **示例值:** 32 | - 根据工具特性添加常用参数示例 33 | 34 | **注意事项:** 35 | - 多个参数用空格分隔 36 | - 确保参数格式正确,避免命令注入 37 | - 此参数会直接追加到命令末尾 38 | required: false 39 | format: "positional" 40 | -------------------------------------------------------------------------------- /tools/ropgadget.yaml: -------------------------------------------------------------------------------- 1 | name: "ropgadget" 2 | command: "ROPgadget" 3 | enabled: true 4 | short_description: "ROP gadget搜索工具" 5 | description: | 6 | ROPgadget是一个用于在二进制文件中搜索ROP gadget的工具。 7 | 8 | **主要功能:** 9 | - ROP gadget搜索 10 | - 多种架构支持 11 | - Gadget分类 12 | - 利用链生成 13 | 14 | **使用场景:** 15 | - 二进制分析 16 | - 漏洞利用开发 17 | - ROP链构建 18 | - 安全研究 19 | parameters: 20 | - name: "binary" 21 | type: "string" 22 | description: "要分析的二进制文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "additional_args" 27 | type: "string" 28 | description: | 29 | 额外的ropgadget参数。用于传递未在参数列表中定义的ropgadget选项。 30 | 31 | **示例值:** 32 | - 根据工具特性添加常用参数示例 33 | 34 | **注意事项:** 35 | - 多个参数用空格分隔 36 | - 确保参数格式正确,避免命令注入 37 | - 此参数会直接追加到命令末尾 38 | required: false 39 | format: "positional" 40 | -------------------------------------------------------------------------------- /tools/xsser.yaml: -------------------------------------------------------------------------------- 1 | name: "xsser" 2 | command: "xsser" 3 | enabled: true 4 | short_description: "XSS漏洞测试工具" 5 | description: | 6 | XSSer是一个自动化XSS漏洞测试工具。 7 | 8 | **主要功能:** 9 | - XSS漏洞检测 10 | - 多种XSS技术 11 | - 自动化测试 12 | - 报告生成 13 | 14 | **使用场景:** 15 | - XSS漏洞测试 16 | - Web应用安全测试 17 | - 渗透测试 18 | - 漏洞验证 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "--url" 25 | format: "flag" 26 | - name: "params" 27 | type: "string" 28 | description: "要测试的参数" 29 | required: false 30 | flag: "--Fp" 31 | format: "flag" 32 | - name: "additional_args" 33 | type: "string" 34 | description: | 35 | 额外的xsser参数。用于传递未在参数列表中定义的xsser选项。 36 | 37 | **示例值:** 38 | - 根据工具特性添加常用参数示例 39 | 40 | **注意事项:** 41 | - 多个参数用空格分隔 42 | - 确保参数格式正确,避免命令注入 43 | - 此参数会直接追加到命令末尾 44 | required: false 45 | format: "positional" 46 | -------------------------------------------------------------------------------- /tools/delete-file.yaml: -------------------------------------------------------------------------------- 1 | name: "delete-file" 2 | command: "rm" 3 | enabled: true 4 | short_description: "删除文件或目录工具" 5 | description: | 6 | 删除服务器上的文件或目录。 7 | 8 | **主要功能:** 9 | - 删除文件 10 | - 删除目录 11 | - 递归删除 12 | 13 | **使用场景:** 14 | - 文件清理 15 | - 临时文件删除 16 | - 目录清理 17 | parameters: 18 | - name: "filename" 19 | type: "string" 20 | description: "要删除的文件或目录名" 21 | required: true 22 | position: 0 23 | format: "positional" 24 | - name: "recursive" 25 | type: "bool" 26 | description: "递归删除目录" 27 | required: false 28 | flag: "-r" 29 | format: "flag" 30 | default: false 31 | - name: "additional_args" 32 | type: "string" 33 | description: | 34 | 额外的delete-file参数。用于传递未在参数列表中定义的delete-file选项。 35 | 36 | **示例值:** 37 | - 根据工具特性添加常用参数示例 38 | 39 | **注意事项:** 40 | - 多个参数用空格分隔 41 | - 确保参数格式正确,避免命令注入 42 | - 此参数会直接追加到命令末尾 43 | required: false 44 | format: "positional" 45 | -------------------------------------------------------------------------------- /tools/fierce.yaml: -------------------------------------------------------------------------------- 1 | name: "fierce" 2 | command: "fierce" 3 | enabled: true 4 | short_description: "DNS侦察工具" 5 | description: | 6 | Fierce是一个DNS侦察工具,用于发现目标域名的子域名。 7 | 8 | **主要功能:** 9 | - 子域名发现 10 | - DNS暴力破解 11 | - 区域传输测试 12 | - 网络映射 13 | 14 | **使用场景:** 15 | - DNS侦察 16 | - 子域名枚举 17 | - 网络映射 18 | - 渗透测试 19 | parameters: 20 | - name: "domain" 21 | type: "string" 22 | description: "目标域名" 23 | required: true 24 | flag: "-dns" 25 | format: "flag" 26 | - name: "dns_server" 27 | type: "string" 28 | description: "要使用的DNS服务器" 29 | required: false 30 | flag: "-dnsserver" 31 | format: "flag" 32 | - name: "additional_args" 33 | type: "string" 34 | description: | 35 | 额外的fierce参数。用于传递未在参数列表中定义的fierce选项。 36 | 37 | **示例值:** 38 | - 根据工具特性添加常用参数示例 39 | 40 | **注意事项:** 41 | - 多个参数用空格分隔 42 | - 确保参数格式正确,避免命令注入 43 | - 此参数会直接追加到命令末尾 44 | required: false 45 | format: "positional" 46 | -------------------------------------------------------------------------------- /tools/wfuzz.yaml: -------------------------------------------------------------------------------- 1 | name: "wfuzz" 2 | command: "wfuzz" 3 | enabled: true 4 | short_description: "Web应用模糊测试工具" 5 | description: | 6 | Wfuzz是一个Web应用模糊测试工具,用于发现Web应用中的漏洞。 7 | 8 | **主要功能:** 9 | - Web应用模糊测试 10 | - 参数发现 11 | - 目录发现 12 | - 多种过滤器 13 | 14 | **使用场景:** 15 | - Web应用安全测试 16 | - 参数模糊测试 17 | - 目录枚举 18 | - 漏洞发现 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL(使用FUZZ作为占位符)" 23 | required: true 24 | flag: "-u" 25 | format: "flag" 26 | - name: "wordlist" 27 | type: "string" 28 | description: "字典文件路径" 29 | required: false 30 | flag: "-w" 31 | format: "flag" 32 | - name: "additional_args" 33 | type: "string" 34 | description: | 35 | 额外的wfuzz参数。用于传递未在参数列表中定义的wfuzz选项。 36 | 37 | **示例值:** 38 | - 根据工具特性添加常用参数示例 39 | 40 | **注意事项:** 41 | - 多个参数用空格分隔 42 | - 确保参数格式正确,避免命令注入 43 | - 此参数会直接追加到命令末尾 44 | required: false 45 | format: "positional" 46 | -------------------------------------------------------------------------------- /tools/strings.yaml: -------------------------------------------------------------------------------- 1 | name: "strings" 2 | command: "strings" 3 | enabled: true 4 | short_description: "从二进制文件中提取字符串" 5 | description: | 6 | Strings工具用于从二进制文件中提取可打印字符串。 7 | 8 | **主要功能:** 9 | - 字符串提取 10 | - 可配置最小长度 11 | - 支持多种文件格式 12 | 13 | **使用场景:** 14 | - 二进制分析 15 | - 恶意软件分析 16 | - 取证分析 17 | - 逆向工程 18 | parameters: 19 | - name: "file_path" 20 | type: "string" 21 | description: "要分析的文件路径" 22 | required: true 23 | position: 0 24 | format: "positional" 25 | - name: "min_len" 26 | type: "int" 27 | description: "最小字符串长度" 28 | required: false 29 | flag: "-n" 30 | format: "flag" 31 | default: 4 32 | - name: "additional_args" 33 | type: "string" 34 | description: | 35 | 额外的strings参数。用于传递未在参数列表中定义的strings选项。 36 | 37 | **示例值:** 38 | - 根据工具特性添加常用参数示例 39 | 40 | **注意事项:** 41 | - 多个参数用空格分隔 42 | - 确保参数格式正确,避免命令注入 43 | - 此参数会直接追加到命令末尾 44 | required: false 45 | format: "positional" 46 | -------------------------------------------------------------------------------- /tools/binwalk.yaml: -------------------------------------------------------------------------------- 1 | name: "binwalk" 2 | command: "binwalk" 3 | enabled: true 4 | short_description: "固件和文件分析工具" 5 | description: | 6 | Binwalk是一个固件分析工具,用于分析、提取和逆向工程固件镜像。 7 | 8 | **主要功能:** 9 | - 文件签名识别 10 | - 文件提取 11 | - 熵分析 12 | - 固件分析 13 | 14 | **使用场景:** 15 | - 固件分析 16 | - 文件格式识别 17 | - 数据提取 18 | - 逆向工程 19 | parameters: 20 | - name: "file_path" 21 | type: "string" 22 | description: "要分析的文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "extract" 27 | type: "bool" 28 | description: "提取发现的文件" 29 | required: false 30 | flag: "-e" 31 | format: "flag" 32 | default: false 33 | - name: "additional_args" 34 | type: "string" 35 | description: | 36 | 额外的binwalk参数。用于传递未在参数列表中定义的binwalk选项。 37 | 38 | **示例值:** 39 | - 根据工具特性添加常用参数示例 40 | 41 | **注意事项:** 42 | - 多个参数用空格分隔 43 | - 确保参数格式正确,避免命令注入 44 | - 此参数会直接追加到命令末尾 45 | required: false 46 | format: "positional" 47 | -------------------------------------------------------------------------------- /tools/john.yaml: -------------------------------------------------------------------------------- 1 | name: "john" 2 | command: "john" 3 | enabled: true 4 | short_description: "John the Ripper密码破解工具" 5 | description: | 6 | John the Ripper是一个快速的密码破解工具,支持多种哈希算法。 7 | 8 | **主要功能:** 9 | - 多种哈希算法支持 10 | - 字典攻击 11 | - 暴力破解 12 | - 规则引擎 13 | 14 | **使用场景:** 15 | - 密码恢复 16 | - 哈希破解 17 | - 安全测试 18 | - 取证分析 19 | parameters: 20 | - name: "hash_file" 21 | type: "string" 22 | description: "包含哈希的文件" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "wordlist" 27 | type: "string" 28 | description: "字典文件" 29 | required: false 30 | default: "/usr/share/wordlists/rockyou.txt" 31 | flag: "--wordlist" 32 | format: "flag" 33 | - name: "format_type" 34 | type: "string" 35 | description: "哈希格式类型" 36 | required: false 37 | flag: "--format" 38 | format: "flag" 39 | - name: "additional_args" 40 | type: "string" 41 | description: "额外的John参数" 42 | required: false 43 | format: "positional" 44 | -------------------------------------------------------------------------------- /tools/objdump.yaml: -------------------------------------------------------------------------------- 1 | name: "objdump" 2 | command: "objdump" 3 | enabled: true 4 | short_description: "二进制文件反汇编工具" 5 | description: | 6 | Objdump是GNU binutils的一部分,用于反汇编二进制文件。 7 | 8 | **主要功能:** 9 | - 反汇编 10 | - 符号表显示 11 | - 节信息显示 12 | - 多种架构支持 13 | 14 | **使用场景:** 15 | - 二进制分析 16 | - 逆向工程 17 | - 程序理解 18 | - 调试辅助 19 | parameters: 20 | - name: "binary" 21 | type: "string" 22 | description: "要分析的二进制文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "disassemble" 27 | type: "bool" 28 | description: "反汇编二进制文件" 29 | required: false 30 | flag: "-d" 31 | format: "flag" 32 | default: true 33 | - name: "additional_args" 34 | type: "string" 35 | description: | 36 | 额外的objdump参数。用于传递未在参数列表中定义的objdump选项。 37 | 38 | **示例值:** 39 | - 根据工具特性添加常用参数示例 40 | 41 | **注意事项:** 42 | - 多个参数用空格分隔 43 | - 确保参数格式正确,避免命令注入 44 | - 此参数会直接追加到命令末尾 45 | required: false 46 | format: "positional" 47 | -------------------------------------------------------------------------------- /tools/subfinder.yaml: -------------------------------------------------------------------------------- 1 | name: "subfinder" 2 | command: "subfinder" 3 | enabled: true 4 | short_description: "被动子域名发现工具,使用多个数据源" 5 | description: | 6 | Subfinder是一个被动子域名发现工具,通过查询多个数据源来发现子域名。 7 | 8 | **主要功能:** 9 | - 被动子域名发现 10 | - 多个数据源集成 11 | - 快速扫描 12 | - 支持API密钥配置 13 | 14 | **使用场景:** 15 | - 子域名枚举 16 | - 资产发现 17 | - Bug bounty侦察 18 | - 渗透测试信息收集 19 | parameters: 20 | - name: "domain" 21 | type: "string" 22 | description: "目标域名" 23 | required: true 24 | flag: "-d" 25 | format: "flag" 26 | - name: "silent" 27 | type: "bool" 28 | description: "静默模式" 29 | required: false 30 | default: true 31 | flag: "-silent" 32 | format: "flag" 33 | - name: "all_sources" 34 | type: "bool" 35 | description: "使用所有数据源" 36 | required: false 37 | default: false 38 | flag: "-all" 39 | format: "flag" 40 | - name: "additional_args" 41 | type: "string" 42 | description: "额外的Subfinder参数" 43 | required: false 44 | format: "positional" 45 | -------------------------------------------------------------------------------- /tools/jwt-analyzer.yaml: -------------------------------------------------------------------------------- 1 | name: "jwt-analyzer" 2 | command: "jwt_tool" 3 | enabled: true 4 | short_description: "JWT令牌分析和漏洞测试工具" 5 | description: | 6 | 高级JWT令牌分析和漏洞测试工具,用于检测JWT实现中的安全问题。 7 | 8 | **主要功能:** 9 | - JWT令牌分析 10 | - 漏洞测试 11 | - 攻击向量检测 12 | - 令牌操作 13 | 14 | **使用场景:** 15 | - JWT安全测试 16 | - 令牌分析 17 | - 漏洞发现 18 | - 安全测试 19 | parameters: 20 | - name: "jwt_token" 21 | type: "string" 22 | description: "要分析的JWT令牌" 23 | required: true 24 | flag: "-t" 25 | format: "flag" 26 | - name: "target_url" 27 | type: "string" 28 | description: "用于测试令牌操作的可选目标URL" 29 | required: false 30 | flag: "-u" 31 | format: "flag" 32 | - name: "additional_args" 33 | type: "string" 34 | description: | 35 | 额外的jwt-analyzer参数。用于传递未在参数列表中定义的jwt-analyzer选项。 36 | 37 | **示例值:** 38 | - 根据工具特性添加常用参数示例 39 | 40 | **注意事项:** 41 | - 多个参数用空格分隔 42 | - 确保参数格式正确,避免命令注入 43 | - 此参数会直接追加到命令末尾 44 | required: false 45 | format: "positional" 46 | -------------------------------------------------------------------------------- /tools/amass.yaml: -------------------------------------------------------------------------------- 1 | name: "amass" 2 | command: "amass" 3 | enabled: true 4 | short_description: "子域名枚举和网络映射工具" 5 | description: | 6 | Amass是一个深度子域名枚举和网络映射工具,通过多种技术发现目标域名的子域名。 7 | 8 | **主要功能:** 9 | - 被动和主动子域名枚举 10 | - 多种数据源集成 11 | - 网络映射和可视化 12 | - 证书透明度日志查询 13 | 14 | **使用场景:** 15 | - 子域名发现 16 | - 资产发现 17 | - 渗透测试信息收集 18 | - Bug bounty侦察 19 | parameters: 20 | - name: "mode" 21 | type: "string" 22 | description: | 23 | 运行模式(Amass子命令): 24 | - `enum`: 子域名枚举 25 | - `intel`: 威胁情报模式 26 | - `viz`: 结果可视化 27 | 28 | **注意:** Amass使用子命令形式,需作为第一个位置参数。 29 | required: false 30 | default: "enum" 31 | position: 0 32 | format: "positional" 33 | options: ["enum", "intel", "viz"] 34 | - name: "domain" 35 | type: "string" 36 | description: "目标域名" 37 | required: true 38 | flag: "-d" 39 | format: "flag" 40 | - name: "additional_args" 41 | type: "string" 42 | description: "额外的Amass参数" 43 | required: false 44 | format: "positional" 45 | -------------------------------------------------------------------------------- /tools/autorecon.yaml: -------------------------------------------------------------------------------- 1 | name: "autorecon" 2 | command: "autorecon" 3 | enabled: true 4 | short_description: "自动化综合侦察工具" 5 | description: | 6 | AutoRecon是一个自动化综合侦察工具,用于执行全面的目标枚举。 7 | 8 | **主要功能:** 9 | - 自动化端口扫描 10 | - 服务识别 11 | - 漏洞扫描 12 | - 综合报告 13 | 14 | **使用场景:** 15 | - 综合安全评估 16 | - 渗透测试 17 | - 网络侦察 18 | - 安全审计 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP地址或主机名" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "output_dir" 27 | type: "string" 28 | description: "输出目录" 29 | required: false 30 | flag: "-o" 31 | format: "flag" 32 | default: "/tmp/autorecon" 33 | - name: "additional_args" 34 | type: "string" 35 | description: | 36 | 额外的autorecon参数。用于传递未在参数列表中定义的autorecon选项。 37 | 38 | **示例值:** 39 | - 根据工具特性添加常用参数示例 40 | 41 | **注意事项:** 42 | - 多个参数用空格分隔 43 | - 确保参数格式正确,避免命令注入 44 | - 此参数会直接追加到命令末尾 45 | required: false 46 | format: "positional" 47 | -------------------------------------------------------------------------------- /tools/dotdotpwn.yaml: -------------------------------------------------------------------------------- 1 | name: "dotdotpwn" 2 | command: "dotdotpwn" 3 | enabled: true 4 | short_description: "目录遍历漏洞测试工具" 5 | description: | 6 | DotDotPwn是一个目录遍历漏洞测试工具,支持多种协议。 7 | 8 | **主要功能:** 9 | - 目录遍历测试 10 | - 多种协议支持(HTTP, FTP, TFTP等) 11 | - 自动化测试 12 | - 报告生成 13 | 14 | **使用场景:** 15 | - 目录遍历漏洞测试 16 | - Web应用安全测试 17 | - 渗透测试 18 | - 漏洞验证 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标主机名或IP" 23 | required: true 24 | flag: "-h" 25 | format: "flag" 26 | - name: "module" 27 | type: "string" 28 | description: "要使用的模块(http, ftp, tftp等)" 29 | required: false 30 | flag: "-m" 31 | format: "flag" 32 | default: "http" 33 | - name: "additional_args" 34 | type: "string" 35 | description: | 36 | 额外的dotdotpwn参数。用于传递未在参数列表中定义的dotdotpwn选项。 37 | 38 | **示例值:** 39 | - 根据工具特性添加常用参数示例 40 | 41 | **注意事项:** 42 | - 多个参数用空格分隔 43 | - 确保参数格式正确,避免命令注入 44 | - 此参数会直接追加到命令末尾 45 | required: false 46 | format: "positional" 47 | -------------------------------------------------------------------------------- /tools/one-gadget.yaml: -------------------------------------------------------------------------------- 1 | name: "one-gadget" 2 | command: "one_gadget" 3 | enabled: true 4 | short_description: "在libc中查找one-shot RCE gadget的工具" 5 | description: | 6 | One-gadget是一个用于在libc中查找one-shot RCE gadget的工具。 7 | 8 | **主要功能:** 9 | - One-shot gadget搜索 10 | - 约束级别检查 11 | - 多种libc支持 12 | 13 | **使用场景:** 14 | - CTF挑战 15 | - 漏洞利用开发 16 | - ROP链简化 17 | - 安全研究 18 | parameters: 19 | - name: "libc_path" 20 | type: "string" 21 | description: "libc二进制文件路径" 22 | required: true 23 | position: 0 24 | format: "positional" 25 | - name: "level" 26 | type: "int" 27 | description: "约束级别(0, 1, 2)" 28 | required: false 29 | flag: "-l" 30 | format: "flag" 31 | default: 1 32 | - name: "additional_args" 33 | type: "string" 34 | description: | 35 | 额外的one-gadget参数。用于传递未在参数列表中定义的one-gadget选项。 36 | 37 | **示例值:** 38 | - 根据工具特性添加常用参数示例 39 | 40 | **注意事项:** 41 | - 多个参数用空格分隔 42 | - 确保参数格式正确,避免命令注入 43 | - 此参数会直接追加到命令末尾 44 | required: false 45 | format: "positional" 46 | -------------------------------------------------------------------------------- /tools/smbmap.yaml: -------------------------------------------------------------------------------- 1 | name: "smbmap" 2 | command: "smbmap" 3 | enabled: true 4 | short_description: "SMB共享枚举和访问工具" 5 | description: | 6 | SMBMap是一个用于枚举SMB共享并提供文件访问功能的工具。 7 | 8 | **主要功能:** 9 | - SMB共享枚举 10 | - 文件列表和下载 11 | - 权限检查 12 | - 支持多种认证方式 13 | 14 | **使用场景:** 15 | - SMB安全测试 16 | - 文件共享审计 17 | - 渗透测试 18 | - 网络侦察 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP地址" 23 | required: true 24 | flag: "-H" 25 | format: "flag" 26 | - name: "username" 27 | type: "string" 28 | description: "用户名" 29 | required: false 30 | flag: "-u" 31 | format: "flag" 32 | - name: "password" 33 | type: "string" 34 | description: "密码" 35 | required: false 36 | flag: "-p" 37 | format: "flag" 38 | - name: "domain" 39 | type: "string" 40 | description: "域名" 41 | required: false 42 | flag: "-d" 43 | format: "flag" 44 | - name: "additional_args" 45 | type: "string" 46 | description: "额外的SMBMap参数" 47 | required: false 48 | format: "positional" 49 | -------------------------------------------------------------------------------- /tools/ffuf.yaml: -------------------------------------------------------------------------------- 1 | name: "ffuf" 2 | command: "ffuf" 3 | enabled: true 4 | short_description: "快速Web模糊测试工具,用于目录、参数和内容发现" 5 | description: | 6 | FFuf是一个快速的Web模糊测试工具,用于目录发现、参数模糊测试和内容发现。 7 | 8 | **主要功能:** 9 | - 快速目录和文件发现 10 | - 参数模糊测试 11 | - 虚拟主机发现 12 | - 自定义过滤器和匹配器 13 | - 多线程支持 14 | 15 | **使用场景:** 16 | - Web应用安全测试 17 | - 目录枚举 18 | - 参数发现 19 | - 内容发现 20 | parameters: 21 | - name: "url" 22 | type: "string" 23 | description: "目标URL(使用FUZZ作为占位符)" 24 | required: true 25 | flag: "-u" 26 | format: "flag" 27 | - name: "wordlist" 28 | type: "string" 29 | description: "字典文件路径" 30 | required: false 31 | default: "/usr/share/wordlists/dirb/common.txt" 32 | flag: "-w" 33 | format: "flag" 34 | - name: "match_codes" 35 | type: "string" 36 | description: "匹配的HTTP状态码(逗号分隔)" 37 | required: false 38 | default: "200,204,301,302,307,401,403" 39 | flag: "-mc" 40 | format: "flag" 41 | - name: "additional_args" 42 | type: "string" 43 | description: "额外的FFuf参数" 44 | required: false 45 | format: "positional" 46 | -------------------------------------------------------------------------------- /tools/mimikatz.yaml: -------------------------------------------------------------------------------- 1 | name: "mimikatz" 2 | command: "mimikatz.exe" 3 | enabled: false 4 | short_description: "Windows 凭证提取工具,用于提取内存中的密码和哈希" 5 | description: | 6 | Mimikatz 是一个强大的 Windows 凭证提取工具,可以从内存中提取明文密码、哈希值、票据等敏感信息。 7 | 8 | **主要功能:** 9 | - 提取内存中的明文密码 10 | - 提取 NTLM 哈希 11 | - 提取 Kerberos 票据 12 | - Pass-the-Hash 攻击 13 | - Pass-the-Ticket 攻击 14 | - 凭证转储 15 | 16 | **使用场景:** 17 | - 后渗透测试 18 | - 横向移动 19 | - 权限提升 20 | - 安全研究 21 | 22 | **注意事项:** 23 | - 需要管理员权限运行 24 | - 可能被杀毒软件检测 25 | - 仅用于授权的安全测试 26 | - 使用前需要进入 mimikatz 交互式命令行 27 | parameters: 28 | - name: "command" 29 | type: "string" 30 | description: "Mimikatz 命令,例如 'privilege::debug sekurlsa::logonpasswords'" 31 | required: true 32 | format: "positional" 33 | - name: "additional_args" 34 | type: "string" 35 | description: | 36 | 额外的mimikatz参数。用于传递未在参数列表中定义的mimikatz选项。 37 | 38 | **示例值:** 39 | - 根据工具特性添加常用参数示例 40 | 41 | **注意事项:** 42 | - 多个参数用空格分隔 43 | - 确保参数格式正确,避免命令注入 44 | - 此参数会直接追加到命令末尾 45 | required: false 46 | format: "positional" 47 | -------------------------------------------------------------------------------- /cmd/mcp-stdio/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "cyberstrike-ai/internal/config" 5 | "cyberstrike-ai/internal/logger" 6 | "cyberstrike-ai/internal/mcp" 7 | "cyberstrike-ai/internal/security" 8 | "flag" 9 | "fmt" 10 | "os" 11 | 12 | "go.uber.org/zap" 13 | ) 14 | 15 | func main() { 16 | var configPath = flag.String("config", "config.yaml", "配置文件路径") 17 | flag.Parse() 18 | 19 | // 加载配置 20 | cfg, err := config.Load(*configPath) 21 | if err != nil { 22 | fmt.Fprintf(os.Stderr, "加载配置失败: %v\n", err) 23 | os.Exit(1) 24 | } 25 | 26 | // 初始化日志(stdio 模式下使用 stderr 输出日志,避免干扰 JSON-RPC 通信) 27 | log := logger.New(cfg.Log.Level, "stderr") 28 | 29 | // 创建MCP服务器 30 | mcpServer := mcp.NewServer(log.Logger) 31 | 32 | // 创建安全工具执行器 33 | executor := security.NewExecutor(&cfg.Security, mcpServer, log.Logger) 34 | 35 | // 注册工具 36 | executor.RegisterTools(mcpServer) 37 | 38 | log.Logger.Info("MCP服务器(stdio模式)已启动,等待消息...") 39 | 40 | // 运行 stdio 循环 41 | if err := mcpServer.HandleStdio(); err != nil { 42 | log.Logger.Error("MCP服务器运行失败", zap.Error(err)) 43 | os.Exit(1) 44 | } 45 | } 46 | 47 | -------------------------------------------------------------------------------- /tools/gdb.yaml: -------------------------------------------------------------------------------- 1 | name: "gdb" 2 | command: "gdb" 3 | enabled: true 4 | short_description: "GNU调试器,用于二进制分析和调试" 5 | description: | 6 | GDB是GNU调试器,用于调试和分析二进制程序。 7 | 8 | **主要功能:** 9 | - 程序调试 10 | - 内存分析 11 | - 反汇编 12 | - 断点设置 13 | 14 | **使用场景:** 15 | - 二进制分析 16 | - 漏洞研究 17 | - 逆向工程 18 | - 程序调试 19 | parameters: 20 | - name: "binary" 21 | type: "string" 22 | description: "要分析的二进制文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "commands" 27 | type: "string" 28 | description: "要执行的GDB命令(分号分隔)" 29 | required: false 30 | flag: "-ex" 31 | format: "flag" 32 | - name: "script_file" 33 | type: "string" 34 | description: "GDB脚本文件路径" 35 | required: false 36 | flag: "-x" 37 | format: "flag" 38 | - name: "additional_args" 39 | type: "string" 40 | description: | 41 | 额外的gdb参数。用于传递未在参数列表中定义的gdb选项。 42 | 43 | **示例值:** 44 | - 根据工具特性添加常用参数示例 45 | 46 | **注意事项:** 47 | - 多个参数用空格分隔 48 | - 确保参数格式正确,避免命令注入 49 | - 此参数会直接追加到命令末尾 50 | required: false 51 | format: "positional" 52 | -------------------------------------------------------------------------------- /tools/dnsenum.yaml: -------------------------------------------------------------------------------- 1 | name: "dnsenum" 2 | command: "dnsenum" 3 | enabled: true 4 | short_description: "DNS枚举工具" 5 | description: | 6 | DNSenum是一个DNS信息收集工具,用于枚举DNS信息。 7 | 8 | **主要功能:** 9 | - DNS信息收集 10 | - 子域名枚举 11 | - 区域传输测试 12 | - 反向查找 13 | 14 | **使用场景:** 15 | - DNS枚举 16 | - 子域名发现 17 | - 网络侦察 18 | - 渗透测试 19 | parameters: 20 | - name: "domain" 21 | type: "string" 22 | description: "目标域名" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "dns_server" 27 | type: "string" 28 | description: "要使用的DNS服务器" 29 | required: false 30 | flag: "-n" 31 | format: "flag" 32 | - name: "wordlist" 33 | type: "string" 34 | description: "用于暴力破解的字典文件" 35 | required: false 36 | flag: "-f" 37 | format: "flag" 38 | - name: "additional_args" 39 | type: "string" 40 | description: | 41 | 额外的dnsenum参数。用于传递未在参数列表中定义的dnsenum选项。 42 | 43 | **示例值:** 44 | - 根据工具特性添加常用参数示例 45 | 46 | **注意事项:** 47 | - 多个参数用空格分隔 48 | - 确保参数格式正确,避免命令注入 49 | - 此参数会直接追加到命令末尾 50 | required: false 51 | format: "positional" 52 | -------------------------------------------------------------------------------- /tools/xxd.yaml: -------------------------------------------------------------------------------- 1 | name: "xxd" 2 | command: "xxd" 3 | enabled: true 4 | short_description: "十六进制转储工具" 5 | description: | 6 | Xxd是一个十六进制转储工具,用于以十六进制格式显示文件内容。 7 | 8 | **主要功能:** 9 | - 十六进制转储 10 | - 可配置偏移和长度 11 | - 反向转换 12 | - 多种输出格式 13 | 14 | **使用场景:** 15 | - 二进制分析 16 | - 文件检查 17 | - 数据提取 18 | - 取证分析 19 | parameters: 20 | - name: "file_path" 21 | type: "string" 22 | description: "要转储的文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "offset" 27 | type: "string" 28 | description: "开始读取的偏移量" 29 | required: false 30 | flag: "-s" 31 | format: "flag" 32 | default: "0" 33 | - name: "length" 34 | type: "string" 35 | description: "要读取的字节数" 36 | required: false 37 | flag: "-l" 38 | format: "flag" 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的xxd参数。用于传递未在参数列表中定义的xxd选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/feroxbuster.yaml: -------------------------------------------------------------------------------- 1 | name: "feroxbuster" 2 | command: "feroxbuster" 3 | enabled: true 4 | short_description: "递归内容发现工具" 5 | description: | 6 | Feroxbuster是一个快速、简单的递归内容发现工具。 7 | 8 | **主要功能:** 9 | - 递归目录发现 10 | - 多线程支持 11 | - 自动过滤 12 | - 多种输出格式 13 | 14 | **使用场景:** 15 | - Web内容发现 16 | - 目录枚举 17 | - 文件发现 18 | - 安全测试 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "-u" 25 | format: "flag" 26 | - name: "wordlist" 27 | type: "string" 28 | description: "字典文件路径" 29 | required: false 30 | flag: "-w" 31 | format: "flag" 32 | - name: "threads" 33 | type: "int" 34 | description: "线程数" 35 | required: false 36 | flag: "-t" 37 | format: "flag" 38 | default: 10 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的feroxbuster参数。用于传递未在参数列表中定义的feroxbuster选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/volatility.yaml: -------------------------------------------------------------------------------- 1 | name: "volatility" 2 | command: "volatility" 3 | enabled: true 4 | short_description: "内存取证分析工具" 5 | description: | 6 | Volatility是一个内存取证框架,用于从内存转储中提取数字证据。 7 | 8 | **主要功能:** 9 | - 内存转储分析 10 | - 进程列表提取 11 | - 网络连接分析 12 | - 文件系统重建 13 | 14 | **使用场景:** 15 | - 内存取证 16 | - 恶意软件分析 17 | - 事件响应 18 | - 数字取证 19 | parameters: 20 | - name: "memory_file" 21 | type: "string" 22 | description: "内存转储文件路径" 23 | required: true 24 | flag: "-f" 25 | format: "flag" 26 | - name: "plugin" 27 | type: "string" 28 | description: "要使用的Volatility插件" 29 | required: true 30 | position: 0 31 | format: "positional" 32 | - name: "profile" 33 | type: "string" 34 | description: "内存配置文件" 35 | required: false 36 | flag: "--profile" 37 | format: "flag" 38 | - name: "additional_args" 39 | type: "string" 40 | description: | 41 | 额外的volatility参数。用于传递未在参数列表中定义的volatility选项。 42 | 43 | **示例值:** 44 | - 根据工具特性添加常用参数示例 45 | 46 | **注意事项:** 47 | - 多个参数用空格分隔 48 | - 确保参数格式正确,避免命令注入 49 | - 此参数会直接追加到命令末尾 50 | required: false 51 | format: "positional" 52 | -------------------------------------------------------------------------------- /tools/hakrawler.yaml: -------------------------------------------------------------------------------- 1 | name: "hakrawler" 2 | command: "hakrawler" 3 | enabled: true 4 | short_description: "Web端点发现工具" 5 | description: | 6 | Hakrawler是一个快速、简单的Web端点发现工具。 7 | 8 | **主要功能:** 9 | - Web端点发现 10 | - 链接提取 11 | - JavaScript文件发现 12 | - 快速爬取 13 | 14 | **使用场景:** 15 | - Web端点发现 16 | - 内容爬取 17 | - 安全测试 18 | - Bug bounty侦察 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "-url" 25 | format: "flag" 26 | - name: "depth" 27 | type: "int" 28 | description: "爬取深度" 29 | required: false 30 | flag: "-d" 31 | format: "flag" 32 | default: 2 33 | - name: "forms" 34 | type: "bool" 35 | description: "包含表单" 36 | required: false 37 | flag: "-forms" 38 | format: "flag" 39 | default: true 40 | - name: "additional_args" 41 | type: "string" 42 | description: | 43 | 额外的hakrawler参数。用于传递未在参数列表中定义的hakrawler选项。 44 | 45 | **示例值:** 46 | - 根据工具特性添加常用参数示例 47 | 48 | **注意事项:** 49 | - 多个参数用空格分隔 50 | - 确保参数格式正确,避免命令注入 51 | - 此参数会直接追加到命令末尾 52 | required: false 53 | format: "positional" 54 | -------------------------------------------------------------------------------- /tools/list-files.yaml: -------------------------------------------------------------------------------- 1 | name: "list-files" 2 | command: "ls" 3 | enabled: true 4 | short_description: "列出目录文件工具" 5 | description: | 6 | 列出服务器上指定目录中的文件。 7 | 8 | **主要功能:** 9 | - 列出文件 10 | - 显示详细信息 11 | - 递归列出 12 | 13 | **使用场景:** 14 | - 目录浏览 15 | - 文件查找 16 | - 系统检查 17 | parameters: 18 | - name: "directory" 19 | type: "string" 20 | description: "要列出的目录(相对于服务器基础目录)" 21 | required: false 22 | default: "." 23 | position: 0 24 | format: "positional" 25 | - name: "long_format" 26 | type: "bool" 27 | description: "显示详细信息(长格式)" 28 | required: false 29 | flag: "-l" 30 | format: "flag" 31 | default: false 32 | - name: "recursive" 33 | type: "bool" 34 | description: "递归列出" 35 | required: false 36 | flag: "-R" 37 | format: "flag" 38 | default: false 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的list-files参数。用于传递未在参数列表中定义的list-files选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/foremost.yaml: -------------------------------------------------------------------------------- 1 | name: "foremost" 2 | command: "foremost" 3 | enabled: true 4 | short_description: "文件恢复工具" 5 | description: | 6 | Foremost是一个基于文件头和尾的文件恢复工具。 7 | 8 | **主要功能:** 9 | - 文件恢复 10 | - 多种文件类型支持 11 | - 磁盘镜像分析 12 | - 数据恢复 13 | 14 | **使用场景:** 15 | - 数据恢复 16 | - 取证分析 17 | - 文件提取 18 | - 磁盘分析 19 | parameters: 20 | - name: "input_file" 21 | type: "string" 22 | description: "输入文件或设备" 23 | required: true 24 | flag: "-i" 25 | format: "flag" 26 | - name: "output_dir" 27 | type: "string" 28 | description: "输出目录" 29 | required: false 30 | flag: "-o" 31 | format: "flag" 32 | default: "/tmp/foremost_output" 33 | - name: "file_types" 34 | type: "string" 35 | description: "要恢复的文件类型(jpg,gif,png等)" 36 | required: false 37 | flag: "-t" 38 | format: "flag" 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的foremost参数。用于传递未在参数列表中定义的foremost选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/nuclei.yaml: -------------------------------------------------------------------------------- 1 | name: "nuclei" 2 | command: "nuclei" 3 | enabled: true 4 | short_description: "快速漏洞扫描器,使用YAML模板进行漏洞检测" 5 | description: | 6 | Nuclei是一个基于模板的快速漏洞扫描器,使用社区维护的YAML模板进行漏洞检测。 7 | 8 | **主要功能:** 9 | - 快速漏洞扫描 10 | - 基于模板的检测 11 | - 支持多种协议(HTTP, TCP, DNS等) 12 | - 实时结果输出 13 | - 支持自定义模板 14 | 15 | **使用场景:** 16 | - 漏洞扫描和发现 17 | - 安全评估 18 | - 渗透测试 19 | - 漏洞验证 20 | parameters: 21 | - name: "target" 22 | type: "string" 23 | description: "目标URL或IP" 24 | required: true 25 | flag: "-u" 26 | format: "flag" 27 | - name: "severity" 28 | type: "string" 29 | description: "严重程度过滤(critical,high,medium,low,info)" 30 | required: false 31 | flag: "-s" 32 | format: "flag" 33 | - name: "tags" 34 | type: "string" 35 | description: "标签过滤(如cve,rce,lfi)" 36 | required: false 37 | flag: "-tags" 38 | format: "flag" 39 | - name: "template" 40 | type: "string" 41 | description: "自定义模板路径" 42 | required: false 43 | flag: "-t" 44 | format: "flag" 45 | - name: "additional_args" 46 | type: "string" 47 | description: "额外的Nuclei参数" 48 | required: false 49 | format: "positional" 50 | -------------------------------------------------------------------------------- /tools/arp-scan.yaml: -------------------------------------------------------------------------------- 1 | name: "arp-scan" 2 | command: "arp-scan" 3 | enabled: true 4 | short_description: "ARP网络发现工具" 5 | description: | 6 | Arp-scan是一个ARP网络发现工具,用于发现本地网络中的活动主机。 7 | 8 | **主要功能:** 9 | - ARP扫描 10 | - 本地网络发现 11 | - MAC地址识别 12 | - 快速扫描 13 | 14 | **使用场景:** 15 | - 本地网络发现 16 | - 主机发现 17 | - 网络映射 18 | - 渗透测试 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP范围(如果不使用local_network)" 23 | required: false 24 | position: 0 25 | format: "positional" 26 | - name: "interface" 27 | type: "string" 28 | description: "网络接口" 29 | required: false 30 | flag: "-I" 31 | format: "flag" 32 | - name: "local_network" 33 | type: "bool" 34 | description: "扫描本地网络" 35 | required: false 36 | flag: "-l" 37 | format: "flag" 38 | default: false 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的arp-scan参数。用于传递未在参数列表中定义的arp-scan选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/pacu.yaml: -------------------------------------------------------------------------------- 1 | name: "pacu" 2 | command: "pacu" 3 | enabled: false 4 | short_description: "AWS渗透测试框架" 5 | description: | 6 | Pacu是一个AWS渗透测试框架,用于测试AWS环境的安全性。 7 | 8 | **主要功能:** 9 | - AWS渗透测试 10 | - 权限提升 11 | - 数据访问 12 | - 模块化架构 13 | 14 | **使用场景:** 15 | - AWS安全测试 16 | - 渗透测试 17 | - 权限测试 18 | - 安全评估 19 | parameters: 20 | - name: "session_name" 21 | type: "string" 22 | description: "Pacu会话名称" 23 | required: false 24 | flag: "--session" 25 | format: "flag" 26 | default: "hexstrike_session" 27 | - name: "modules" 28 | type: "string" 29 | description: "要运行的模块(逗号分隔)" 30 | required: false 31 | flag: "--modules" 32 | format: "flag" 33 | - name: "regions" 34 | type: "string" 35 | description: "AWS区域(逗号分隔)" 36 | required: false 37 | flag: "--regions" 38 | format: "flag" 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的pacu参数。用于传递未在参数列表中定义的pacu选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/stegsolve.yaml: -------------------------------------------------------------------------------- 1 | name: "stegsolve" 2 | command: "java" 3 | args: ["-jar"] 4 | enabled: true 5 | short_description: "图片隐写分析工具,用于分析图片中的隐写数据" 6 | description: | 7 | Stegsolve 是一个 Java 图片隐写分析工具,支持多种图片格式和隐写分析技术。 8 | 9 | **主要功能:** 10 | - 图片格式转换 11 | - 颜色通道分析 12 | - LSB 隐写检测 13 | - 图片叠加分析 14 | - 数据提取 15 | 16 | **使用场景:** 17 | - CTF 隐写题目 18 | - 图片隐写分析 19 | - 数字取证 20 | - 安全研究 21 | 22 | **注意事项:** 23 | - 需要 Java 环境 24 | - 通常以 GUI 形式运行 25 | - 可能需要通过命令行参数或脚本调用 26 | parameters: 27 | - name: "jar_file" 28 | type: "string" 29 | description: "Stegsolve JAR 文件路径,例如 'stegsolve.jar'" 30 | required: true 31 | position: 0 32 | format: "positional" 33 | - name: "image" 34 | type: "string" 35 | description: "要分析的图片文件路径" 36 | required: false 37 | position: 1 38 | format: "positional" 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的stegsolve参数。用于传递未在参数列表中定义的stegsolve选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/volatility3.yaml: -------------------------------------------------------------------------------- 1 | name: "volatility3" 2 | command: "volatility3" 3 | enabled: true 4 | short_description: "Volatility3内存取证分析工具" 5 | description: | 6 | Volatility3是Volatility框架的下一代版本,用于内存取证分析。 7 | 8 | **主要功能:** 9 | - 内存转储分析 10 | - 高级插件系统 11 | - 改进的性能 12 | - 更好的文档 13 | 14 | **使用场景:** 15 | - 内存取证 16 | - 恶意软件分析 17 | - 事件响应 18 | - 数字取证 19 | parameters: 20 | - name: "memory_file" 21 | type: "string" 22 | description: "内存转储文件路径" 23 | required: true 24 | flag: "-f" 25 | format: "flag" 26 | - name: "plugin" 27 | type: "string" 28 | description: "要执行的Volatility3插件" 29 | required: true 30 | position: 0 31 | format: "positional" 32 | - name: "output_file" 33 | type: "string" 34 | description: "输出文件路径" 35 | required: false 36 | flag: "-o" 37 | format: "flag" 38 | - name: "additional_args" 39 | type: "string" 40 | description: | 41 | 额外的volatility3参数。用于传递未在参数列表中定义的volatility3选项。 42 | 43 | **示例值:** 44 | - 根据工具特性添加常用参数示例 45 | 46 | **注意事项:** 47 | - 多个参数用空格分隔 48 | - 确保参数格式正确,避免命令注入 49 | - 此参数会直接追加到命令末尾 50 | required: false 51 | format: "positional" 52 | -------------------------------------------------------------------------------- /tools/nbtscan.yaml: -------------------------------------------------------------------------------- 1 | name: "nbtscan" 2 | command: "nbtscan" 3 | enabled: true 4 | short_description: "NetBIOS名称扫描工具" 5 | description: | 6 | Nbtscan是一个NetBIOS名称扫描工具,用于发现网络中的Windows系统。 7 | 8 | **主要功能:** 9 | - NetBIOS名称扫描 10 | - Windows系统发现 11 | - 网络映射 12 | - 快速扫描 13 | 14 | **使用场景:** 15 | - Windows网络发现 16 | - NetBIOS枚举 17 | - 网络映射 18 | - 渗透测试 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP地址或范围" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "verbose" 27 | type: "bool" 28 | description: "详细输出" 29 | required: false 30 | flag: "-v" 31 | format: "flag" 32 | default: false 33 | - name: "timeout" 34 | type: "int" 35 | description: "超时时间(秒)" 36 | required: false 37 | flag: "-t" 38 | format: "flag" 39 | default: 2 40 | - name: "additional_args" 41 | type: "string" 42 | description: | 43 | 额外的nbtscan参数。用于传递未在参数列表中定义的nbtscan选项。 44 | 45 | **示例值:** 46 | - 根据工具特性添加常用参数示例 47 | 48 | **注意事项:** 49 | - 多个参数用空格分隔 50 | - 确保参数格式正确,避免命令注入 51 | - 此参数会直接追加到命令末尾 52 | required: false 53 | format: "positional" 54 | -------------------------------------------------------------------------------- /tools/clair.yaml: -------------------------------------------------------------------------------- 1 | name: "clair" 2 | command: "clair" 3 | enabled: false 4 | short_description: "容器漏洞分析工具" 5 | description: | 6 | Clair是一个容器漏洞分析工具,用于扫描容器镜像中的漏洞。 7 | 8 | **主要功能:** 9 | - 容器镜像扫描 10 | - 漏洞检测 11 | - 多种数据库支持 12 | - API接口 13 | 14 | **使用场景:** 15 | - 容器安全扫描 16 | - 漏洞检测 17 | - CI/CD集成 18 | - 安全审计 19 | parameters: 20 | - name: "image" 21 | type: "string" 22 | description: "要扫描的容器镜像" 23 | required: true 24 | flag: "--image" 25 | format: "flag" 26 | - name: "config" 27 | type: "string" 28 | description: "Clair配置文件" 29 | required: false 30 | flag: "--config" 31 | format: "flag" 32 | default: "/etc/clair/config.yaml" 33 | - name: "output_format" 34 | type: "string" 35 | description: "输出格式(json, yaml)" 36 | required: false 37 | flag: "--format" 38 | format: "flag" 39 | default: "json" 40 | - name: "additional_args" 41 | type: "string" 42 | description: | 43 | 额外的clair参数。用于传递未在参数列表中定义的clair选项。 44 | 45 | **示例值:** 46 | - 根据工具特性添加常用参数示例 47 | 48 | **注意事项:** 49 | - 多个参数用空格分隔 50 | - 确保参数格式正确,避免命令注入 51 | - 此参数会直接追加到命令末尾 52 | required: false 53 | format: "positional" 54 | -------------------------------------------------------------------------------- /tools/waybackurls.yaml: -------------------------------------------------------------------------------- 1 | name: "waybackurls" 2 | command: "waybackurls" 3 | enabled: true 4 | short_description: "从Wayback Machine获取历史URL" 5 | description: | 6 | Waybackurls从Wayback Machine获取目标域名的历史URL。 7 | 8 | **主要功能:** 9 | - 历史URL发现 10 | - 版本获取 11 | - 子域名支持 12 | 13 | **使用场景:** 14 | - 历史URL收集 15 | - Bug bounty侦察 16 | - 安全测试 17 | - 内容发现 18 | parameters: 19 | - name: "domain" 20 | type: "string" 21 | description: "目标域名" 22 | required: true 23 | position: 0 24 | format: "positional" 25 | - name: "get_versions" 26 | type: "bool" 27 | description: "获取所有版本的URL" 28 | required: false 29 | flag: "-get-versions" 30 | format: "flag" 31 | default: false 32 | - name: "no_subs" 33 | type: "bool" 34 | description: "不包含子域名" 35 | required: false 36 | flag: "-no-subs" 37 | format: "flag" 38 | default: false 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的waybackurls参数。用于传递未在参数列表中定义的waybackurls选项。 43 | 44 | **示例值:** 45 | - 根据工具特性添加常用参数示例 46 | 47 | **注意事项:** 48 | - 多个参数用空格分隔 49 | - 确保参数格式正确,避免命令注入 50 | - 此参数会直接追加到命令末尾 51 | required: false 52 | format: "positional" 53 | -------------------------------------------------------------------------------- /tools/linpeas.yaml: -------------------------------------------------------------------------------- 1 | name: "linpeas" 2 | command: "linpeas.sh" 3 | enabled: true 4 | short_description: "Linux 权限提升枚举脚本,自动检测常见提权路径" 5 | description: | 6 | LinPEAS (Linux Privilege Escalation Awesome Script) 是一个自动化权限提升枚举脚本,用于检测 Linux 系统中的常见提权路径。 7 | 8 | **主要功能:** 9 | - 系统信息收集 10 | - 权限和组检查 11 | - 可写文件和目录检测 12 | - SUID/SGID 文件查找 13 | - 环境变量检查 14 | - 定时任务分析 15 | - 网络配置检查 16 | - 敏感文件查找 17 | 18 | **使用场景:** 19 | - 渗透测试中的权限提升 20 | - 安全审计 21 | - 后渗透测试 22 | - CTF 竞赛 23 | 24 | **注意事项:** 25 | - 需要目标系统上已下载 linpeas.sh 脚本 26 | - 执行时间可能较长 27 | - 输出信息量大,建议保存到文件 28 | parameters: 29 | - name: "output" 30 | type: "string" 31 | description: "输出文件路径(可选)" 32 | required: false 33 | flag: "-o" 34 | format: "flag" 35 | - name: "fast" 36 | type: "bool" 37 | description: "快速模式,跳过耗时检查" 38 | required: false 39 | flag: "-fast" 40 | format: "flag" 41 | - name: "additional_args" 42 | type: "string" 43 | description: | 44 | 额外的linpeas参数。用于传递未在参数列表中定义的linpeas选项。 45 | 46 | **示例值:** 47 | - 根据工具特性添加常用参数示例 48 | 49 | **注意事项:** 50 | - 多个参数用空格分隔 51 | - 确保参数格式正确,避免命令注入 52 | - 此参数会直接追加到命令末尾 53 | required: false 54 | format: "positional" 55 | -------------------------------------------------------------------------------- /tools/winpeas.yaml: -------------------------------------------------------------------------------- 1 | name: "winpeas" 2 | command: "winPEAS.exe" 3 | enabled: true 4 | short_description: "Windows 权限提升枚举工具,自动检测常见提权路径" 5 | description: | 6 | WinPEAS (Windows Privilege Escalation Awesome Script) 是一个自动化权限提升枚举工具,用于检测 Windows 系统中的常见提权路径。 7 | 8 | **主要功能:** 9 | - 系统信息收集 10 | - 用户和组权限检查 11 | - 服务配置分析 12 | - 注册表检查 13 | - 计划任务分析 14 | - 网络配置检查 15 | - 文件权限检查 16 | - 凭证查找 17 | 18 | **使用场景:** 19 | - 渗透测试中的权限提升 20 | - Windows 安全审计 21 | - 后渗透测试 22 | - CTF 竞赛 23 | 24 | **注意事项:** 25 | - 需要目标系统上已下载 winPEAS.exe 26 | - 可能需要管理员权限 27 | - 输出信息量大,建议保存到文件 28 | parameters: 29 | - name: "quiet" 30 | type: "bool" 31 | description: "安静模式,只显示重要信息" 32 | required: false 33 | flag: "-q" 34 | format: "flag" 35 | - name: "notcolor" 36 | type: "bool" 37 | description: "禁用颜色输出" 38 | required: false 39 | flag: "-notcolor" 40 | format: "flag" 41 | - name: "additional_args" 42 | type: "string" 43 | description: | 44 | 额外的winpeas参数。用于传递未在参数列表中定义的winpeas选项。 45 | 46 | **示例值:** 47 | - 根据工具特性添加常用参数示例 48 | 49 | **注意事项:** 50 | - 多个参数用空格分隔 51 | - 确保参数格式正确,避免命令注入 52 | - 此参数会直接追加到命令末尾 53 | required: false 54 | format: "positional" 55 | -------------------------------------------------------------------------------- /tools/docker-bench-security.yaml: -------------------------------------------------------------------------------- 1 | name: "docker-bench-security" 2 | command: "docker-bench-security" 3 | enabled: true 4 | short_description: "Docker安全基准检查工具" 5 | description: | 6 | Docker Bench for Security是一个Docker安全基准检查工具,用于检查Docker配置是否符合安全最佳实践。 7 | 8 | **主要功能:** 9 | - Docker安全基准检查 10 | - 配置审计 11 | - 安全最佳实践检查 12 | - 详细报告 13 | 14 | **使用场景:** 15 | - Docker安全审计 16 | - 配置检查 17 | - 合规性验证 18 | - 安全评估 19 | parameters: 20 | - name: "checks" 21 | type: "string" 22 | description: "要运行的特定检查" 23 | required: false 24 | flag: "-c" 25 | format: "flag" 26 | - name: "exclude" 27 | type: "string" 28 | description: "要排除的检查" 29 | required: false 30 | flag: "-e" 31 | format: "flag" 32 | - name: "output_file" 33 | type: "string" 34 | description: "输出文件路径" 35 | required: false 36 | flag: "-l" 37 | format: "flag" 38 | - name: "additional_args" 39 | type: "string" 40 | description: | 41 | 额外的docker-bench-security参数。用于传递未在参数列表中定义的docker-bench-security选项。 42 | 43 | **示例值:** 44 | - 根据工具特性添加常用参数示例 45 | 46 | **注意事项:** 47 | - 多个参数用空格分隔 48 | - 确保参数格式正确,避免命令注入 49 | - 此参数会直接追加到命令末尾 50 | required: false 51 | format: "positional" 52 | -------------------------------------------------------------------------------- /tools/cloudmapper.yaml: -------------------------------------------------------------------------------- 1 | name: "cloudmapper" 2 | command: "cloudmapper" 3 | enabled: true 4 | short_description: "AWS网络可视化和安全分析工具" 5 | description: | 6 | CloudMapper是一个AWS网络可视化和安全分析工具。 7 | 8 | **主要功能:** 9 | - AWS网络可视化 10 | - 安全分析 11 | - 网络映射 12 | - 管理员查找 13 | 14 | **使用场景:** 15 | - AWS网络分析 16 | - 安全评估 17 | - 网络可视化 18 | - 安全审计 19 | parameters: 20 | - name: "action" 21 | type: "string" 22 | description: "要执行的操作(collect, prepare, webserver, find_admins等)" 23 | required: false 24 | default: "collect" 25 | position: 0 26 | format: "positional" 27 | - name: "account" 28 | type: "string" 29 | description: "要分析的AWS账户" 30 | required: false 31 | flag: "--account" 32 | format: "flag" 33 | - name: "config" 34 | type: "string" 35 | description: "配置文件路径" 36 | required: false 37 | flag: "--config" 38 | format: "flag" 39 | default: "config.json" 40 | - name: "additional_args" 41 | type: "string" 42 | description: | 43 | 额外的cloudmapper参数。用于传递未在参数列表中定义的cloudmapper选项。 44 | 45 | **示例值:** 46 | - 根据工具特性添加常用参数示例 47 | 48 | **注意事项:** 49 | - 多个参数用空格分隔 50 | - 确保参数格式正确,避免命令注入 51 | - 此参数会直接追加到命令末尾 52 | required: false 53 | format: "positional" 54 | -------------------------------------------------------------------------------- /tools/hashpump.yaml: -------------------------------------------------------------------------------- 1 | name: "hashpump" 2 | command: "hashpump" 3 | enabled: true 4 | short_description: "哈希长度扩展攻击工具" 5 | description: | 6 | HashPump是一个用于执行哈希长度扩展攻击的工具。 7 | 8 | **主要功能:** 9 | - 哈希长度扩展攻击 10 | - 多种哈希算法支持 11 | - 签名生成 12 | - 数据追加 13 | 14 | **使用场景:** 15 | - 密码学攻击 16 | - 哈希函数测试 17 | - CTF挑战 18 | - 安全研究 19 | parameters: 20 | - name: "signature" 21 | type: "string" 22 | description: "原始哈希签名" 23 | required: true 24 | flag: "-s" 25 | format: "flag" 26 | - name: "data" 27 | type: "string" 28 | description: "原始数据" 29 | required: true 30 | flag: "-d" 31 | format: "flag" 32 | - name: "key_length" 33 | type: "int" 34 | description: "密钥长度" 35 | required: true 36 | flag: "-k" 37 | format: "flag" 38 | - name: "append_data" 39 | type: "string" 40 | description: "要追加的数据" 41 | required: true 42 | flag: "-a" 43 | format: "flag" 44 | - name: "additional_args" 45 | type: "string" 46 | description: | 47 | 额外的hashpump参数。用于传递未在参数列表中定义的hashpump选项。 48 | 49 | **示例值:** 50 | - 根据工具特性添加常用参数示例 51 | 52 | **注意事项:** 53 | - 多个参数用空格分隔 54 | - 确保参数格式正确,避免命令注入 55 | - 此参数会直接追加到命令末尾 56 | required: false 57 | format: "positional" 58 | -------------------------------------------------------------------------------- /tools/zsteg.yaml: -------------------------------------------------------------------------------- 1 | name: "zsteg" 2 | command: "zsteg" 3 | enabled: true 4 | short_description: "LSB 隐写检测工具,用于检测 PNG/BMP 图片中的隐写数据" 5 | description: | 6 | zsteg 是一个用于检测 PNG 和 BMP 图片中 LSB (Least Significant Bit) 隐写的工具。 7 | 8 | **主要功能:** 9 | - LSB 隐写检测 10 | - 多种隐写算法支持 11 | - 自动提取隐写数据 12 | - 支持多种图片格式 13 | 14 | **使用场景:** 15 | - CTF 隐写题目 16 | - 图片隐写分析 17 | - 数字取证 18 | - 安全研究 19 | 20 | **注意事项:** 21 | - 需要 Ruby 环境 22 | - 支持 PNG 和 BMP 格式 23 | - 可以检测多种隐写算法 24 | parameters: 25 | - name: "file" 26 | type: "string" 27 | description: "要分析的图片文件路径" 28 | required: true 29 | position: 0 30 | format: "positional" 31 | - name: "all" 32 | type: "bool" 33 | description: "检测所有可能的隐写方法" 34 | required: false 35 | flag: "--all" 36 | format: "flag" 37 | - name: "lsb" 38 | type: "bool" 39 | description: "只检测 LSB 隐写" 40 | required: false 41 | flag: "--lsb" 42 | format: "flag" 43 | - name: "additional_args" 44 | type: "string" 45 | description: | 46 | 额外的zsteg参数。用于传递未在参数列表中定义的zsteg选项。 47 | 48 | **示例值:** 49 | - 根据工具特性添加常用参数示例 50 | 51 | **注意事项:** 52 | - 多个参数用空格分隔 53 | - 确保参数格式正确,避免命令注入 54 | - 此参数会直接追加到命令末尾 55 | required: false 56 | format: "positional" 57 | -------------------------------------------------------------------------------- /tools/gau.yaml: -------------------------------------------------------------------------------- 1 | name: "gau" 2 | command: "gau" 3 | enabled: true 4 | short_description: "从多个数据源获取所有URL" 5 | description: | 6 | Gau (Get All URLs) 从多个数据源获取目标域名的所有URL。 7 | 8 | **主要功能:** 9 | - 从Wayback Machine获取URL 10 | - 从CommonCrawl获取URL 11 | - 从OTX获取URL 12 | - 从URLScan获取URL 13 | 14 | **使用场景:** 15 | - URL发现 16 | - 历史URL收集 17 | - Bug bounty侦察 18 | - 安全测试 19 | parameters: 20 | - name: "domain" 21 | type: "string" 22 | description: "目标域名" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "providers" 27 | type: "string" 28 | description: "数据源(wayback,commoncrawl,otx,urlscan)" 29 | required: false 30 | flag: "-providers" 31 | format: "flag" 32 | - name: "include_subs" 33 | type: "bool" 34 | description: "包含子域名" 35 | required: false 36 | flag: "-subs" 37 | format: "flag" 38 | default: true 39 | - name: "additional_args" 40 | type: "string" 41 | description: | 42 | 额外的Gau参数。用于传递未在参数列表中定义的Gau选项。 43 | 44 | **示例值:** 45 | - "-o output.txt": 输出到文件 46 | - "-t": 线程数 47 | - "-b": 黑名单扩展 48 | 49 | **注意事项:** 50 | - 多个参数用空格分隔 51 | - 确保参数格式正确,避免命令注入 52 | - 此参数会直接追加到命令末尾 53 | required: false 54 | format: "positional" 55 | -------------------------------------------------------------------------------- /tools/paramspider.yaml: -------------------------------------------------------------------------------- 1 | name: "paramspider" 2 | command: "paramspider" 3 | enabled: true 4 | short_description: "从Web档案中挖掘参数" 5 | description: | 6 | ParamSpider从Web档案中挖掘参数,用于发现隐藏的参数。 7 | 8 | **主要功能:** 9 | - 参数挖掘 10 | - Web档案查询 11 | - 多级深度支持 12 | - 扩展名过滤 13 | 14 | **使用场景:** 15 | - 参数发现 16 | - Bug bounty侦察 17 | - Web应用安全测试 18 | - 安全测试 19 | parameters: 20 | - name: "domain" 21 | type: "string" 22 | description: "目标域名" 23 | required: true 24 | flag: "-d" 25 | format: "flag" 26 | - name: "level" 27 | type: "int" 28 | description: "挖掘深度级别" 29 | required: false 30 | flag: "-l" 31 | format: "flag" 32 | default: 2 33 | - name: "exclude" 34 | type: "string" 35 | description: "要排除的文件扩展名" 36 | required: false 37 | flag: "-e" 38 | format: "flag" 39 | - name: "output" 40 | type: "string" 41 | description: "输出文件路径" 42 | required: false 43 | flag: "-o" 44 | format: "flag" 45 | - name: "additional_args" 46 | type: "string" 47 | description: | 48 | 额外的paramspider参数。用于传递未在参数列表中定义的paramspider选项。 49 | 50 | **示例值:** 51 | - 根据工具特性添加常用参数示例 52 | 53 | **注意事项:** 54 | - 多个参数用空格分隔 55 | - 确保参数格式正确,避免命令注入 56 | - 此参数会直接追加到命令末尾 57 | required: false 58 | format: "positional" 59 | -------------------------------------------------------------------------------- /tools/burpsuite.yaml: -------------------------------------------------------------------------------- 1 | name: "burpsuite" 2 | command: "burpsuite" 3 | enabled: true 4 | short_description: "Web应用安全测试平台" 5 | description: | 6 | Burp Suite是一个Web应用安全测试平台,提供全面的Web安全测试功能。 7 | 8 | **主要功能:** 9 | - Web应用安全扫描 10 | - 代理拦截 11 | - 漏洞扫描 12 | - 手动测试工具 13 | 14 | **使用场景:** 15 | - Web应用安全测试 16 | - 渗透测试 17 | - 漏洞扫描 18 | - 安全评估 19 | parameters: 20 | - name: "project_file" 21 | type: "string" 22 | description: "Burp Suite项目文件路径(--project-file)" 23 | required: false 24 | flag: "--project-file" 25 | format: "flag" 26 | - name: "config_file" 27 | type: "string" 28 | description: "自动化/扫描配置文件(--config-file)" 29 | required: false 30 | flag: "--config-file" 31 | format: "flag" 32 | - name: "user_config_file" 33 | type: "string" 34 | description: "用户配置文件(--user-config-file)" 35 | required: false 36 | flag: "--user-config-file" 37 | format: "flag" 38 | - name: "headless" 39 | type: "bool" 40 | description: "无头模式运行" 41 | required: false 42 | flag: "--headless" 43 | format: "flag" 44 | default: false 45 | - name: "additional_args" 46 | type: "string" 47 | description: | 48 | 额外的burpsuite参数。用于传递未在参数列表中定义的burpsuite选项(例如 --project-config、--log-config 等)。 49 | required: false 50 | format: "positional" 51 | -------------------------------------------------------------------------------- /tools/gdb-peda.yaml: -------------------------------------------------------------------------------- 1 | name: "gdb-peda" 2 | command: "gdb" 3 | enabled: true 4 | short_description: "带PEDA增强的GDB调试器" 5 | description: | 6 | GDB-PEDA是带有PEDA(Python Exploit Development Assistance)增强的GDB调试器。 7 | 8 | **主要功能:** 9 | - 增强的GDB功能 10 | - 自动化分析 11 | - 漏洞利用辅助 12 | - 可视化显示 13 | 14 | **使用场景:** 15 | - 二进制调试 16 | - 漏洞利用开发 17 | - 逆向工程 18 | - 安全研究 19 | parameters: 20 | - name: "binary" 21 | type: "string" 22 | description: "要调试的二进制文件" 23 | required: false 24 | position: 0 25 | format: "positional" 26 | - name: "commands" 27 | type: "string" 28 | description: "GDB命令(分号分隔)" 29 | required: false 30 | flag: "-ex" 31 | format: "flag" 32 | - name: "attach_pid" 33 | type: "int" 34 | description: "要附加的进程ID" 35 | required: false 36 | flag: "-p" 37 | format: "flag" 38 | - name: "core_file" 39 | type: "string" 40 | description: "核心转储文件路径" 41 | required: false 42 | flag: "-c" 43 | format: "flag" 44 | - name: "additional_args" 45 | type: "string" 46 | description: | 47 | 额外的gdb-peda参数。用于传递未在参数列表中定义的gdb-peda选项。 48 | 49 | **示例值:** 50 | - 根据工具特性添加常用参数示例 51 | 52 | **注意事项:** 53 | - 多个参数用空格分隔 54 | - 确保参数格式正确,避免命令注入 55 | - 此参数会直接追加到命令末尾 56 | required: false 57 | format: "positional" 58 | -------------------------------------------------------------------------------- /tools/gobuster.yaml: -------------------------------------------------------------------------------- 1 | name: "gobuster" 2 | command: "gobuster" 3 | enabled: true 4 | short_description: "Web内容扫描工具,用于发现目录、文件和子域名" 5 | description: | 6 | Gobuster是一个快速的内容发现工具,用于Web应用程序的目录、文件和子域名枚举。 7 | 8 | **主要功能:** 9 | - 目录和文件发现 10 | - DNS子域名枚举 11 | - 虚拟主机发现 12 | - 支持多种模式(dir, dns, fuzz, vhost) 13 | 14 | **使用场景:** 15 | - Web应用安全测试 16 | - 目录枚举和文件发现 17 | - 子域名发现 18 | - 渗透测试信息收集 19 | parameters: 20 | - name: "mode" 21 | type: "string" 22 | description: | 23 | 扫描模式(Gobuster子命令),对应以下取值: 24 | - `dir`: 目录/文件枚举 25 | - `dns`: DNS子域名枚举 26 | - `fuzz`: 模板FUZZ扫描 27 | - `vhost`: 虚拟主机发现 28 | 29 | **注意:** 30 | Gobuster要求第一个参数为模式子命令,因此这里作为位置参数传递。 31 | required: false 32 | default: "dir" 33 | position: 0 34 | format: "positional" 35 | options: ["dir", "dns", "fuzz", "vhost"] 36 | - name: "url" 37 | type: "string" 38 | description: "目标URL" 39 | required: true 40 | flag: "-u" 41 | format: "flag" 42 | - name: "wordlist" 43 | type: "string" 44 | description: "字典文件路径" 45 | required: false 46 | default: "/usr/share/wordlists/dirb/common.txt" 47 | flag: "-w" 48 | format: "flag" 49 | - name: "additional_args" 50 | type: "string" 51 | description: "额外的Gobuster参数" 52 | required: false 53 | format: "positional" 54 | -------------------------------------------------------------------------------- /tools/pwninit.yaml: -------------------------------------------------------------------------------- 1 | name: "pwninit" 2 | command: "pwninit" 3 | enabled: true 4 | short_description: "CTF二进制漏洞利用设置工具" 5 | description: | 6 | Pwninit是一个用于CTF二进制漏洞利用设置的工具,自动配置libc和loader。 7 | 8 | **主要功能:** 9 | - 自动libc识别 10 | - Loader配置 11 | - 模板生成 12 | - 环境设置 13 | 14 | **使用场景:** 15 | - CTF挑战 16 | - 漏洞利用开发 17 | - 环境配置 18 | - 安全研究 19 | parameters: 20 | - name: "binary" 21 | type: "string" 22 | description: "二进制文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "libc" 27 | type: "string" 28 | description: "libc文件路径" 29 | required: false 30 | flag: "--libc" 31 | format: "flag" 32 | - name: "ld" 33 | type: "string" 34 | description: "Loader文件路径" 35 | required: false 36 | flag: "--ld" 37 | format: "flag" 38 | - name: "template_type" 39 | type: "string" 40 | description: "模板类型(python, c)" 41 | required: false 42 | flag: "--template" 43 | format: "flag" 44 | default: "python" 45 | - name: "additional_args" 46 | type: "string" 47 | description: | 48 | 额外的pwninit参数。用于传递未在参数列表中定义的pwninit选项。 49 | 50 | **示例值:** 51 | - 根据工具特性添加常用参数示例 52 | 53 | **注意事项:** 54 | - 多个参数用空格分隔 55 | - 确保参数格式正确,避免命令注入 56 | - 此参数会直接追加到命令末尾 57 | required: false 58 | format: "positional" 59 | -------------------------------------------------------------------------------- /tools/cyberchef.yaml: -------------------------------------------------------------------------------- 1 | name: "cyberchef" 2 | command: "cyberchef" 3 | enabled: true 4 | short_description: "数据转换和分析工具,支持多种编码、加密和数据处理操作" 5 | description: | 6 | CyberChef 是一个强大的数据转换和分析工具,支持数百种数据操作。 7 | 8 | **主要功能:** 9 | - 编码/解码(Base64, Hex, URL 等) 10 | - 加密/解密(AES, DES, RSA 等) 11 | - 哈希计算 12 | - 数据格式转换 13 | - 正则表达式操作 14 | - 数据提取和分析 15 | 16 | **使用场景:** 17 | - CTF 竞赛 18 | - 数据分析和转换 19 | - 加密算法研究 20 | - 数字取证 21 | 22 | **注意事项:** 23 | - 通常以 Web 界面运行 24 | - 命令行版本可能需要 Node.js 25 | - 功能强大,操作复杂 26 | parameters: 27 | - name: "recipe" 28 | type: "string" 29 | description: "操作配方(JSON 格式),定义要执行的操作序列" 30 | required: true 31 | flag: "-Recipe" 32 | format: "flag" 33 | - name: "input" 34 | type: "string" 35 | description: "输入数据(字符串或文件路径)" 36 | required: true 37 | flag: "-Input" 38 | format: "flag" 39 | - name: "output" 40 | type: "string" 41 | description: "输出文件路径(可选)" 42 | required: false 43 | flag: "-Output" 44 | format: "flag" 45 | - name: "additional_args" 46 | type: "string" 47 | description: | 48 | 额外的cyberchef参数。用于传递未在参数列表中定义的cyberchef选项。 49 | 50 | **示例值:** 51 | - 根据工具特性添加常用参数示例 52 | 53 | **注意事项:** 54 | - 多个参数用空格分隔 55 | - 确保参数格式正确,避免命令注入 56 | - 此参数会直接追加到命令末尾 57 | required: false 58 | format: "positional" 59 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | # CyberStrikeAI 启动脚本 6 | ROOT_DIR="$(cd "$(dirname "$0")" && pwd)" 7 | cd "$ROOT_DIR" 8 | 9 | echo "🚀 启动 CyberStrikeAI..." 10 | 11 | CONFIG_FILE="$ROOT_DIR/config.yaml" 12 | VENV_DIR="$ROOT_DIR/venv" 13 | REQUIREMENTS_FILE="$ROOT_DIR/requirements.txt" 14 | 15 | # 检查配置文件 16 | if [ ! -f "$CONFIG_FILE" ]; then 17 | echo "❌ 配置文件 config.yaml 不存在" 18 | exit 1 19 | fi 20 | 21 | # 检查 Python 环境 22 | if ! command -v python3 >/dev/null 2>&1; then 23 | echo "❌ 未找到 python3,请先安装 Python 3.10+" 24 | exit 1 25 | fi 26 | 27 | # 创建并激活虚拟环境 28 | if [ ! -d "$VENV_DIR" ]; then 29 | echo "🐍 创建 Python 虚拟环境..." 30 | python3 -m venv "$VENV_DIR" 31 | fi 32 | 33 | echo "🐍 激活虚拟环境..." 34 | # shellcheck disable=SC1091 35 | source "$VENV_DIR/bin/activate" 36 | 37 | if [ -f "$REQUIREMENTS_FILE" ]; then 38 | echo "📦 安装/更新 Python 依赖..." 39 | pip install -r "$REQUIREMENTS_FILE" 40 | else 41 | echo "⚠️ 未找到 requirements.txt,跳过 Python 依赖安装" 42 | fi 43 | 44 | # 检查 Go 环境 45 | if ! command -v go >/dev/null 2>&1; then 46 | echo "❌ Go 未安装,请先安装 Go 1.21 或更高版本" 47 | exit 1 48 | fi 49 | 50 | # 下载依赖 51 | echo "📦 下载 Go 依赖..." 52 | go mod download 53 | 54 | # 构建项目 55 | echo "🔨 构建项目..." 56 | go build -o cyberstrike-ai cmd/server/main.go 57 | 58 | # 运行服务器 59 | echo "✅ 启动服务器..." 60 | ./cyberstrike-ai 61 | -------------------------------------------------------------------------------- /tools/hashcat.yaml: -------------------------------------------------------------------------------- 1 | name: "hashcat" 2 | command: "hashcat" 3 | enabled: true 4 | short_description: "高级密码破解工具,支持GPU加速" 5 | description: | 6 | Hashcat是一个高级密码恢复工具,支持多种哈希算法和攻击模式。 7 | 8 | **主要功能:** 9 | - 支持多种哈希算法 10 | - GPU加速 11 | - 多种攻击模式(字典、组合、掩码等) 12 | - 规则引擎 13 | 14 | **使用场景:** 15 | - 密码恢复 16 | - 哈希破解 17 | - 安全测试 18 | - 取证分析 19 | parameters: 20 | - name: "hash_file" 21 | type: "string" 22 | description: "包含哈希的文件" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "hash_type" 27 | type: "string" 28 | description: "哈希类型编号" 29 | required: true 30 | flag: "-m" 31 | format: "flag" 32 | - name: "attack_mode" 33 | type: "string" 34 | description: "攻击模式(0=字典, 1=组合, 3=掩码等)" 35 | required: false 36 | default: "0" 37 | flag: "-a" 38 | format: "flag" 39 | - name: "wordlist" 40 | type: "string" 41 | description: "字典文件" 42 | required: false 43 | default: "/usr/share/wordlists/rockyou.txt" 44 | position: 1 45 | format: "positional" 46 | - name: "mask" 47 | type: "string" 48 | description: "掩码(用于掩码攻击)" 49 | required: false 50 | position: 2 51 | format: "positional" 52 | - name: "additional_args" 53 | type: "string" 54 | description: "额外的Hashcat参数" 55 | required: false 56 | format: "positional" 57 | -------------------------------------------------------------------------------- /internal/security/auth_middleware.go: -------------------------------------------------------------------------------- 1 | package security 2 | 3 | import ( 4 | "net/http" 5 | "strings" 6 | 7 | "github.com/gin-gonic/gin" 8 | ) 9 | 10 | const ( 11 | ContextAuthTokenKey = "authToken" 12 | ContextSessionExpiry = "authSessionExpiry" 13 | ) 14 | 15 | // AuthMiddleware enforces authentication on protected routes. 16 | func AuthMiddleware(manager *AuthManager) gin.HandlerFunc { 17 | return func(c *gin.Context) { 18 | token := extractTokenFromRequest(c) 19 | session, ok := manager.ValidateToken(token) 20 | if !ok { 21 | c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ 22 | "error": "未授权访问,请先登录", 23 | }) 24 | return 25 | } 26 | 27 | c.Set(ContextAuthTokenKey, session.Token) 28 | c.Set(ContextSessionExpiry, session.ExpiresAt) 29 | c.Next() 30 | } 31 | } 32 | 33 | func extractTokenFromRequest(c *gin.Context) string { 34 | authHeader := c.GetHeader("Authorization") 35 | if authHeader != "" { 36 | if len(authHeader) > 7 && strings.EqualFold(authHeader[0:7], "Bearer ") { 37 | return strings.TrimSpace(authHeader[7:]) 38 | } 39 | return strings.TrimSpace(authHeader) 40 | } 41 | 42 | if token := c.Query("token"); token != "" { 43 | return strings.TrimSpace(token) 44 | } 45 | 46 | if cookie, err := c.Cookie("auth_token"); err == nil { 47 | return strings.TrimSpace(cookie) 48 | } 49 | 50 | return "" 51 | } 52 | -------------------------------------------------------------------------------- /tools/rustscan.yaml: -------------------------------------------------------------------------------- 1 | name: "rustscan" 2 | command: "rustscan" 3 | enabled: true 4 | short_description: "超快速端口扫描工具,使用Rust编写" 5 | description: | 6 | Rustscan是一个用Rust编写的超快速端口扫描工具,可以快速扫描大量端口。 7 | 8 | **主要功能:** 9 | - 超快速端口扫描 10 | - 可配置的扫描速度 11 | - 支持Nmap脚本集成 12 | - 批量扫描支持 13 | 14 | **使用场景:** 15 | - 快速端口扫描 16 | - 大规模网络扫描 17 | - 渗透测试信息收集 18 | parameters: 19 | - name: "target" 20 | type: "string" 21 | description: "目标IP地址或主机名" 22 | required: true 23 | flag: "-a" 24 | format: "flag" 25 | - name: "ports" 26 | type: "string" 27 | description: "要扫描的端口(如:22,80,443或1-1000)" 28 | required: false 29 | flag: "-p" 30 | format: "flag" 31 | - name: "ulimit" 32 | type: "int" 33 | description: "文件描述符限制" 34 | required: false 35 | flag: "-u" 36 | format: "flag" 37 | default: 5000 38 | - name: "scripts" 39 | type: "bool" 40 | description: "在发现的端口上运行Nmap脚本" 41 | required: false 42 | flag: "--scripts" 43 | format: "flag" 44 | default: false 45 | - name: "additional_args" 46 | type: "string" 47 | description: | 48 | 额外的rustscan参数。用于传递未在参数列表中定义的rustscan选项。 49 | 50 | **示例值:** 51 | - 根据工具特性添加常用参数示例 52 | 53 | **注意事项:** 54 | - 多个参数用空格分隔 55 | - 确保参数格式正确,避免命令注入 56 | - 此参数会直接追加到命令末尾 57 | required: false 58 | format: "positional" 59 | -------------------------------------------------------------------------------- /tools/pdfcrack.yaml: -------------------------------------------------------------------------------- 1 | name: "pdfcrack" 2 | command: "pdfcrack" 3 | enabled: true 4 | short_description: "PDF 文件密码破解工具,支持暴力破解和字典攻击" 5 | description: | 6 | pdfcrack 是一个用于破解受密码保护的 PDF 文件密码的工具。 7 | 8 | **主要功能:** 9 | - 暴力破解 10 | - 字典攻击 11 | - 用户密码和所有者密码破解 12 | - 支持多种加密算法 13 | 14 | **使用场景:** 15 | - CTF 竞赛 16 | - PDF 文件密码恢复 17 | - 安全测试 18 | - 数字取证 19 | 20 | **注意事项:** 21 | - 破解时间取决于密码复杂度 22 | - 建议使用字典文件提高效率 23 | - 仅用于授权的安全测试 24 | parameters: 25 | - name: "file" 26 | type: "string" 27 | description: "要破解的 PDF 文件路径" 28 | required: true 29 | position: 0 30 | format: "positional" 31 | - name: "wordlist" 32 | type: "string" 33 | description: "字典文件路径" 34 | required: false 35 | flag: "-w" 36 | format: "flag" 37 | - name: "min_length" 38 | type: "int" 39 | description: "最小密码长度" 40 | required: false 41 | flag: "-n" 42 | format: "flag" 43 | - name: "max_length" 44 | type: "int" 45 | description: "最大密码长度" 46 | required: false 47 | flag: "-m" 48 | format: "flag" 49 | - name: "additional_args" 50 | type: "string" 51 | description: | 52 | 额外的pdfcrack参数。用于传递未在参数列表中定义的pdfcrack选项。 53 | 54 | **示例值:** 55 | - 根据工具特性添加常用参数示例 56 | 57 | **注意事项:** 58 | - 多个参数用空格分隔 59 | - 确保参数格式正确,避免命令注入 60 | - 此参数会直接追加到命令末尾 61 | required: false 62 | format: "positional" 63 | -------------------------------------------------------------------------------- /tools/falco.yaml: -------------------------------------------------------------------------------- 1 | name: "falco" 2 | command: "falco" 3 | enabled: true 4 | short_description: "运行时安全监控工具" 5 | description: | 6 | Falco是一个运行时安全监控工具,用于检测容器和主机中的异常行为。 7 | 8 | **主要功能:** 9 | - 运行时监控 10 | - 异常检测 11 | - 规则引擎 12 | - 实时告警 13 | 14 | **使用场景:** 15 | - 运行时安全监控 16 | - 异常检测 17 | - 安全事件响应 18 | - 合规性监控 19 | parameters: 20 | - name: "config_file" 21 | type: "string" 22 | description: "Falco配置文件" 23 | required: false 24 | flag: "--config" 25 | format: "flag" 26 | default: "/etc/falco/falco.yaml" 27 | - name: "rules_file" 28 | type: "string" 29 | description: "自定义规则文件" 30 | required: false 31 | flag: "--rules" 32 | format: "flag" 33 | - name: "json_output" 34 | type: "bool" 35 | description: "以JSON格式输出(等同于 -o json_output=true)" 36 | required: false 37 | flag: "-o json_output=true" 38 | format: "flag" 39 | default: true 40 | - name: "duration" 41 | type: "int" 42 | description: "监控持续时间(秒)" 43 | required: false 44 | flag: "--duration" 45 | format: "flag" 46 | default: 60 47 | - name: "additional_args" 48 | type: "string" 49 | description: | 50 | 额外的falco参数。用于传递未在参数列表中定义的falco选项。 51 | 52 | **示例值:** 53 | - 根据工具特性添加常用参数示例 54 | 55 | **注意事项:** 56 | - 多个参数用空格分隔 57 | - 确保参数格式正确,避免命令注入 58 | - 此参数会直接追加到命令末尾 59 | required: false 60 | format: "positional" 61 | -------------------------------------------------------------------------------- /tools/ghidra.yaml: -------------------------------------------------------------------------------- 1 | name: "ghidra" 2 | command: "analyzeHeadless" 3 | enabled: true 4 | short_description: "高级二进制分析和逆向工程工具" 5 | description: | 6 | Ghidra是NSA开发的免费二进制分析和逆向工程工具。 7 | 8 | **主要功能:** 9 | - 反汇编和反编译 10 | - 高级分析 11 | - 脚本支持 12 | - 协作功能 13 | 14 | **使用场景:** 15 | - 二进制分析 16 | - 逆向工程 17 | - 恶意软件分析 18 | - 漏洞研究 19 | parameters: 20 | - name: "project_dir" 21 | type: "string" 22 | description: "Ghidra项目存放目录" 23 | required: false 24 | default: "/tmp/ghidra_projects" 25 | position: 0 26 | format: "positional" 27 | - name: "project_name" 28 | type: "string" 29 | description: "Ghidra项目名称" 30 | required: false 31 | default: "cyberstrike_analysis" 32 | position: 1 33 | format: "positional" 34 | - name: "binary" 35 | type: "string" 36 | description: "要分析的二进制文件路径" 37 | required: true 38 | flag: "-import" 39 | format: "flag" 40 | - name: "script_file" 41 | type: "string" 42 | description: "可选的Ghidra脚本文件(通过 -postScript 执行)" 43 | required: false 44 | flag: "-postScript" 45 | format: "flag" 46 | - name: "additional_args" 47 | type: "string" 48 | description: | 49 | 额外的ghidra参数。用于传递未在参数列表中定义的ghidra选项。 50 | 51 | **示例值:** 52 | - 根据工具特性添加常用参数示例 53 | 54 | **注意事项:** 55 | - 多个参数用空格分隔 56 | - 确保参数格式正确,避免命令注入 57 | - 此参数会直接追加到命令末尾 58 | required: false 59 | format: "positional" 60 | -------------------------------------------------------------------------------- /tools/graphql-scanner.yaml: -------------------------------------------------------------------------------- 1 | name: "graphql-scanner" 2 | command: "graphqlmap" 3 | enabled: true 4 | short_description: "GraphQL安全扫描和自省工具" 5 | description: | 6 | 高级GraphQL安全扫描和自省工具,用于检测GraphQL API中的安全问题。 7 | 8 | **主要功能:** 9 | - GraphQL自省 10 | - 查询深度测试 11 | - 突变操作测试 12 | - 漏洞评估 13 | 14 | **使用场景:** 15 | - GraphQL安全测试 16 | - API安全评估 17 | - 漏洞发现 18 | - 安全测试 19 | parameters: 20 | - name: "endpoint" 21 | type: "string" 22 | description: "GraphQL端点URL" 23 | required: true 24 | flag: "-u" 25 | format: "flag" 26 | - name: "introspection" 27 | type: "bool" 28 | description: "测试自省查询" 29 | required: false 30 | default: true 31 | flag: "--introspection" 32 | format: "flag" 33 | - name: "query_depth" 34 | type: "int" 35 | description: "要测试的最大查询深度" 36 | required: false 37 | default: 10 38 | flag: "--depth" 39 | format: "flag" 40 | - name: "test_mutations" 41 | type: "bool" 42 | description: "测试突变操作" 43 | required: false 44 | default: true 45 | flag: "--mutations" 46 | format: "flag" 47 | - name: "additional_args" 48 | type: "string" 49 | description: | 50 | 额外的graphql-scanner参数。用于传递未在参数列表中定义的graphql-scanner选项。 51 | 52 | **示例值:** 53 | - 根据工具特性添加常用参数示例 54 | 55 | **注意事项:** 56 | - 多个参数用空格分隔 57 | - 确保参数格式正确,避免命令注入 58 | - 此参数会直接追加到命令末尾 59 | required: false 60 | format: "positional" 61 | -------------------------------------------------------------------------------- /tools/hydra.yaml: -------------------------------------------------------------------------------- 1 | name: "hydra" 2 | command: "hydra" 3 | enabled: true 4 | short_description: "密码暴力破解工具,支持多种协议和服务" 5 | description: | 6 | Hydra是一个快速的网络登录破解工具,支持多种协议和服务的密码暴力破解。 7 | 8 | **主要功能:** 9 | - 支持多种协议(SSH, FTP, HTTP, SMB等) 10 | - 快速并行破解 11 | - 支持用户名和密码字典 12 | - 可恢复的会话 13 | 14 | **使用场景:** 15 | - 密码强度测试 16 | - 渗透测试 17 | - 安全评估 18 | - 弱密码检测 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP或主机名" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "service" 27 | type: "string" 28 | description: "服务类型(ssh, ftp, http等)" 29 | required: true 30 | position: 1 31 | format: "positional" 32 | - name: "username" 33 | type: "string" 34 | description: "单个用户名" 35 | required: false 36 | flag: "-l" 37 | format: "flag" 38 | - name: "username_file" 39 | type: "string" 40 | description: "用户名字典文件" 41 | required: false 42 | flag: "-L" 43 | format: "flag" 44 | - name: "password" 45 | type: "string" 46 | description: "单个密码" 47 | required: false 48 | flag: "-p" 49 | format: "flag" 50 | - name: "password_file" 51 | type: "string" 52 | description: "密码字典文件" 53 | required: false 54 | flag: "-P" 55 | format: "flag" 56 | - name: "additional_args" 57 | type: "string" 58 | description: "额外的Hydra参数" 59 | required: false 60 | format: "positional" 61 | -------------------------------------------------------------------------------- /tools/katana.yaml: -------------------------------------------------------------------------------- 1 | name: "katana" 2 | command: "katana" 3 | enabled: true 4 | short_description: "下一代Web爬虫和蜘蛛工具" 5 | description: | 6 | Katana是一个快速、智能的Web爬虫工具,用于发现Web应用中的端点和资源。 7 | 8 | **主要功能:** 9 | - 智能Web爬虫 10 | - JavaScript渲染支持 11 | - 表单提取 12 | - 端点发现 13 | 14 | **使用场景:** 15 | - Web应用侦察 16 | - 端点发现 17 | - 内容爬取 18 | - 安全测试 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "-u" 25 | format: "flag" 26 | - name: "depth" 27 | type: "int" 28 | description: "爬取深度" 29 | required: false 30 | flag: "-d" 31 | format: "flag" 32 | default: 3 33 | - name: "js_crawl" 34 | type: "bool" 35 | description: "启用JavaScript爬取" 36 | required: false 37 | flag: "-jc" 38 | format: "flag" 39 | default: true 40 | - name: "form_extraction" 41 | type: "bool" 42 | description: "启用表单提取" 43 | required: false 44 | flag: "-forms" 45 | format: "flag" 46 | default: true 47 | - name: "additional_args" 48 | type: "string" 49 | description: | 50 | 额外的Katana参数。用于传递未在参数列表中定义的Katana选项。 51 | 52 | **示例值:** 53 | - "--headless": 使用无头浏览器 54 | - "-f": 输出格式 55 | - "-o output.txt": 输出到文件 56 | - "-c": 并发数 57 | 58 | **注意事项:** 59 | - 多个参数用空格分隔 60 | - 确保参数格式正确,避免命令注入 61 | - 此参数会直接追加到命令末尾 62 | required: false 63 | format: "positional" 64 | -------------------------------------------------------------------------------- /tools/scout-suite.yaml: -------------------------------------------------------------------------------- 1 | name: "scout-suite" 2 | command: "scout" 3 | enabled: true 4 | short_description: "多云安全评估工具" 5 | description: | 6 | Scout Suite是一个多云安全评估工具,支持AWS、Azure、GCP、Aliyun和OCI。 7 | 8 | **主要功能:** 9 | - 多云安全评估 10 | - 配置审计 11 | - 安全最佳实践检查 12 | - 详细报告生成 13 | 14 | **使用场景:** 15 | - 云安全审计 16 | - 合规性检查 17 | - 安全评估 18 | - 云配置审计 19 | parameters: 20 | - name: "provider" 21 | type: "string" 22 | description: "云提供商(aws, azure, gcp, aliyun, oci)" 23 | required: false 24 | flag: "--provider" 25 | format: "flag" 26 | default: "aws" 27 | - name: "profile" 28 | type: "string" 29 | description: "AWS配置文件" 30 | required: false 31 | flag: "--profile" 32 | format: "flag" 33 | default: "default" 34 | - name: "report_dir" 35 | type: "string" 36 | description: "报告保存目录" 37 | required: false 38 | flag: "--report-dir" 39 | format: "flag" 40 | default: "/tmp/scout-suite" 41 | - name: "services" 42 | type: "string" 43 | description: "要评估的特定服务" 44 | required: false 45 | flag: "--services" 46 | format: "flag" 47 | - name: "additional_args" 48 | type: "string" 49 | description: | 50 | 额外的scout-suite参数。用于传递未在参数列表中定义的scout-suite选项。 51 | 52 | **示例值:** 53 | - 根据工具特性添加常用参数示例 54 | 55 | **注意事项:** 56 | - 多个参数用空格分隔 57 | - 确保参数格式正确,避免命令注入 58 | - 此参数会直接追加到命令末尾 59 | required: false 60 | format: "positional" 61 | -------------------------------------------------------------------------------- /tools/checkov.yaml: -------------------------------------------------------------------------------- 1 | name: "checkov" 2 | command: "checkov" 3 | enabled: true 4 | short_description: "基础设施即代码安全扫描工具" 5 | description: | 6 | Checkov是一个静态代码分析工具,用于基础设施即代码(IaC)的安全扫描。 7 | 8 | **主要功能:** 9 | - 支持多种IaC框架(Terraform, CloudFormation, Kubernetes等) 10 | - 数百个内置策略 11 | - 自定义策略支持 12 | - CI/CD集成 13 | 14 | **使用场景:** 15 | - IaC安全扫描 16 | - 云配置审计 17 | - 安全策略检查 18 | - 合规性检查 19 | parameters: 20 | - name: "directory" 21 | type: "string" 22 | description: "要扫描的目录" 23 | required: false 24 | flag: "-d" 25 | format: "flag" 26 | default: "." 27 | - name: "framework" 28 | type: "string" 29 | description: "要扫描的框架(terraform, cloudformation, kubernetes等)" 30 | required: false 31 | flag: "--framework" 32 | format: "flag" 33 | - name: "check" 34 | type: "string" 35 | description: "要运行的特定检查" 36 | required: false 37 | flag: "--check" 38 | format: "flag" 39 | - name: "output_format" 40 | type: "string" 41 | description: "输出格式(json, yaml, cli)" 42 | required: false 43 | flag: "--output" 44 | format: "flag" 45 | default: "json" 46 | - name: "additional_args" 47 | type: "string" 48 | description: | 49 | 额外的checkov参数。用于传递未在参数列表中定义的checkov选项。 50 | 51 | **示例值:** 52 | - 根据工具特性添加常用参数示例 53 | 54 | **注意事项:** 55 | - 多个参数用空格分隔 56 | - 确保参数格式正确,避免命令注入 57 | - 此参数会直接追加到命令末尾 58 | required: false 59 | format: "positional" 60 | -------------------------------------------------------------------------------- /tools/kube-bench.yaml: -------------------------------------------------------------------------------- 1 | name: "kube-bench" 2 | command: "kube-bench" 3 | enabled: true 4 | short_description: "CIS Kubernetes基准检查工具" 5 | description: | 6 | Kube-bench是一个CIS Kubernetes基准检查工具,用于检查Kubernetes集群是否符合CIS基准。 7 | 8 | **主要功能:** 9 | - CIS基准检查 10 | - 多种目标支持(master, node, etcd, policies) 11 | - 详细报告 12 | - 配置验证 13 | 14 | **使用场景:** 15 | - Kubernetes合规性检查 16 | - 安全配置审计 17 | - CIS基准验证 18 | - 安全评估 19 | parameters: 20 | - name: "targets" 21 | type: "string" 22 | description: "要检查的目标(master, node, etcd, policies)" 23 | required: false 24 | flag: "--targets" 25 | format: "flag" 26 | - name: "version" 27 | type: "string" 28 | description: "Kubernetes版本" 29 | required: false 30 | flag: "--version" 31 | format: "flag" 32 | - name: "config_dir" 33 | type: "string" 34 | description: "配置目录" 35 | required: false 36 | flag: "--config-dir" 37 | format: "flag" 38 | - name: "output_format" 39 | type: "string" 40 | description: "输出格式(json, yaml)" 41 | required: false 42 | flag: "--output" 43 | format: "flag" 44 | default: "json" 45 | - name: "additional_args" 46 | type: "string" 47 | description: | 48 | 额外的kube-bench参数。用于传递未在参数列表中定义的kube-bench选项。 49 | 50 | **示例值:** 51 | - 根据工具特性添加常用参数示例 52 | 53 | **注意事项:** 54 | - 多个参数用空格分隔 55 | - 确保参数格式正确,避免命令注入 56 | - 此参数会直接追加到命令末尾 57 | required: false 58 | format: "positional" 59 | -------------------------------------------------------------------------------- /tools/jaeles.yaml: -------------------------------------------------------------------------------- 1 | name: "jaeles" 2 | command: "jaeles" 3 | args: ["scan"] 4 | enabled: true 5 | short_description: "高级漏洞扫描器,支持自定义签名" 6 | description: | 7 | Jaeles是一个高级漏洞扫描器,支持自定义签名进行漏洞检测。 8 | 9 | **主要功能:** 10 | - 自定义签名支持 11 | - 多种漏洞检测 12 | - 快速扫描 13 | - 详细报告 14 | 15 | **使用场景:** 16 | - 漏洞扫描 17 | - Web应用安全测试 18 | - 自定义检测规则 19 | - 安全测试 20 | parameters: 21 | - name: "url" 22 | type: "string" 23 | description: "目标URL" 24 | required: true 25 | flag: "-u" 26 | format: "flag" 27 | - name: "signatures" 28 | type: "string" 29 | description: "自定义签名路径" 30 | required: false 31 | flag: "-s" 32 | format: "flag" 33 | - name: "config" 34 | type: "string" 35 | description: "配置文件" 36 | required: false 37 | flag: "-c" 38 | format: "flag" 39 | - name: "threads" 40 | type: "int" 41 | description: "线程数" 42 | required: false 43 | flag: "-t" 44 | format: "flag" 45 | default: 20 46 | - name: "timeout" 47 | type: "int" 48 | description: "请求超时时间(秒)" 49 | required: false 50 | flag: "--timeout" 51 | format: "flag" 52 | default: 20 53 | - name: "additional_args" 54 | type: "string" 55 | description: | 56 | 额外的jaeles参数。用于传递未在参数列表中定义的jaeles选项。 57 | 58 | **示例值:** 59 | - 根据工具特性添加常用参数示例 60 | 61 | **注意事项:** 62 | - 多个参数用空格分隔 63 | - 确保参数格式正确,避免命令注入 64 | - 此参数会直接追加到命令末尾 65 | required: false 66 | format: "positional" 67 | -------------------------------------------------------------------------------- /tools/netexec.yaml: -------------------------------------------------------------------------------- 1 | name: "netexec" 2 | command: "netexec" 3 | enabled: true 4 | short_description: "网络枚举和利用框架(原CrackMapExec)" 5 | description: | 6 | NetExec(原CrackMapExec)是一个网络枚举和利用框架,支持多种协议。 7 | 8 | **主要功能:** 9 | - 多协议支持(SMB, SSH, WinRM等) 10 | - 凭证验证 11 | - 横向移动 12 | - 模块化架构 13 | 14 | **使用场景:** 15 | - 网络渗透测试 16 | - 域环境测试 17 | - 横向移动测试 18 | - 凭证验证 19 | parameters: 20 | - name: "protocol" 21 | type: "string" 22 | description: "协议类型(smb, ssh, winrm等)" 23 | required: false 24 | default: "smb" 25 | position: 0 26 | format: "positional" 27 | - name: "target" 28 | type: "string" 29 | description: "目标IP或网络" 30 | required: true 31 | position: 1 32 | format: "positional" 33 | - name: "username" 34 | type: "string" 35 | description: "用户名" 36 | required: false 37 | flag: "-u" 38 | format: "flag" 39 | - name: "password" 40 | type: "string" 41 | description: "密码" 42 | required: false 43 | flag: "-p" 44 | format: "flag" 45 | - name: "hash_value" 46 | type: "string" 47 | description: "NTLM哈希(用于Pass-the-Hash)" 48 | required: false 49 | flag: "-H" 50 | format: "flag" 51 | - name: "module" 52 | type: "string" 53 | description: "要执行的模块" 54 | required: false 55 | flag: "-M" 56 | format: "flag" 57 | - name: "additional_args" 58 | type: "string" 59 | description: "额外的NetExec参数" 60 | required: false 61 | format: "positional" 62 | -------------------------------------------------------------------------------- /tools/x8.yaml: -------------------------------------------------------------------------------- 1 | name: "x8" 2 | command: "x8" 3 | enabled: true 4 | short_description: "隐藏参数发现工具" 5 | description: | 6 | X8是一个用于发现Web应用中隐藏参数的工具。 7 | 8 | **主要功能:** 9 | - 隐藏参数发现 10 | - 多种HTTP方法支持 11 | - 自定义字典 12 | - 快速扫描 13 | 14 | **使用场景:** 15 | - 参数发现 16 | - Web应用安全测试 17 | - Bug bounty侦察 18 | - 安全测试 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "--url" 25 | format: "flag" 26 | - name: "wordlist" 27 | type: "string" 28 | description: "参数字典" 29 | required: false 30 | flag: "--wordlist" 31 | format: "flag" 32 | default: "/usr/share/wordlists/x8/params.txt" 33 | - name: "method" 34 | type: "string" 35 | description: "HTTP方法" 36 | required: false 37 | flag: "--method" 38 | format: "flag" 39 | default: "GET" 40 | - name: "body" 41 | type: "string" 42 | description: "请求体" 43 | required: false 44 | flag: "--body" 45 | format: "flag" 46 | - name: "headers" 47 | type: "string" 48 | description: "自定义请求头" 49 | required: false 50 | flag: "--headers" 51 | format: "flag" 52 | - name: "additional_args" 53 | type: "string" 54 | description: | 55 | 额外的x8参数。用于传递未在参数列表中定义的x8选项。 56 | 57 | **示例值:** 58 | - 根据工具特性添加常用参数示例 59 | 60 | **注意事项:** 61 | - 多个参数用空格分隔 62 | - 确保参数格式正确,避免命令注入 63 | - 此参数会直接追加到命令末尾 64 | required: false 65 | format: "positional" 66 | -------------------------------------------------------------------------------- /tools/steghide.yaml: -------------------------------------------------------------------------------- 1 | name: "steghide" 2 | command: "steghide" 3 | enabled: true 4 | short_description: "隐写术分析工具" 5 | description: | 6 | Steghide是一个隐写术工具,用于在图像和音频文件中隐藏数据。 7 | 8 | **主要功能:** 9 | - 数据隐藏 10 | - 数据提取 11 | - 信息查看 12 | - 密码保护 13 | 14 | **使用场景:** 15 | - 隐写术分析 16 | - 数据隐藏检测 17 | - 取证分析 18 | - CTF挑战 19 | parameters: 20 | - name: "action" 21 | type: "string" 22 | description: "操作类型(extract, embed, info)" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "cover_file" 27 | type: "string" 28 | description: "载体文件路径(embed/info操作使用 -cf)" 29 | required: false 30 | flag: "-cf" 31 | format: "flag" 32 | - name: "embed_file" 33 | type: "string" 34 | description: "要嵌入的文件(embed操作时)" 35 | required: false 36 | flag: "-ef" 37 | format: "flag" 38 | - name: "passphrase" 39 | type: "string" 40 | description: "密码" 41 | required: false 42 | flag: "-p" 43 | format: "flag" 44 | - name: "stego_file" 45 | type: "string" 46 | description: "隐写文件路径(embed时输出,extract时输入)" 47 | required: false 48 | flag: "-sf" 49 | format: "flag" 50 | - name: "additional_args" 51 | type: "string" 52 | description: | 53 | 额外的steghide参数。用于传递未在参数列表中定义的steghide选项。 54 | 55 | **示例值:** 56 | - 根据工具特性添加常用参数示例 57 | 58 | **注意事项:** 59 | - 多个参数用空格分隔 60 | - 确保参数格式正确,避免命令注入 61 | - 此参数会直接追加到命令末尾 62 | required: false 63 | format: "positional" 64 | -------------------------------------------------------------------------------- /tools/msfvenom.yaml: -------------------------------------------------------------------------------- 1 | name: "msfvenom" 2 | command: "msfvenom" 3 | enabled: true 4 | short_description: "Metasploit载荷生成工具" 5 | description: | 6 | MSFVenom是Metasploit框架的载荷生成工具,用于创建各种类型的攻击载荷。 7 | 8 | **主要功能:** 9 | - 多种载荷类型 10 | - 编码器支持 11 | - 多种输出格式 12 | - 平台支持 13 | 14 | **使用场景:** 15 | - 渗透测试 16 | - 载荷生成 17 | - 漏洞利用 18 | - 安全测试 19 | parameters: 20 | - name: "payload" 21 | type: "string" 22 | description: "要生成的载荷(如:windows/meterpreter/reverse_tcp)" 23 | required: true 24 | flag: "-p" 25 | format: "flag" 26 | - name: "format_type" 27 | type: "string" 28 | description: "输出格式(exe, elf, raw等)" 29 | required: false 30 | flag: "-f" 31 | format: "flag" 32 | - name: "output_file" 33 | type: "string" 34 | description: "输出文件路径" 35 | required: false 36 | flag: "-o" 37 | format: "flag" 38 | - name: "encoder" 39 | type: "string" 40 | description: "编码器(如:x86/shikata_ga_nai)" 41 | required: false 42 | flag: "-e" 43 | format: "flag" 44 | - name: "iterations" 45 | type: "string" 46 | description: "编码迭代次数" 47 | required: false 48 | flag: "-i" 49 | format: "flag" 50 | - name: "additional_args" 51 | type: "string" 52 | description: | 53 | 额外的msfvenom参数。用于传递未在参数列表中定义的msfvenom选项。 54 | 55 | **示例值:** 56 | - 根据工具特性添加常用参数示例 57 | 58 | **注意事项:** 59 | - 多个参数用空格分隔 60 | - 确保参数格式正确,避免命令注入 61 | - 此参数会直接追加到命令末尾 62 | required: false 63 | format: "positional" 64 | -------------------------------------------------------------------------------- /tools/dirsearch.yaml: -------------------------------------------------------------------------------- 1 | name: "dirsearch" 2 | command: "dirsearch" 3 | enabled: true 4 | short_description: "高级目录和文件发现工具" 5 | description: | 6 | Dirsearch是一个高级Web内容扫描器,用于发现目录和文件。 7 | 8 | **主要功能:** 9 | - 快速目录和文件发现 10 | - 多线程支持 11 | - 递归扫描 12 | - 扩展名过滤 13 | 14 | **使用场景:** 15 | - Web应用安全测试 16 | - 目录枚举 17 | - 文件发现 18 | - 渗透测试 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "-u" 25 | format: "flag" 26 | - name: "extensions" 27 | type: "string" 28 | description: "文件扩展名(逗号分隔)" 29 | required: false 30 | flag: "-e" 31 | format: "flag" 32 | default: "php,html,js,txt,xml,json" 33 | - name: "wordlist" 34 | type: "string" 35 | description: "字典文件路径" 36 | required: false 37 | flag: "-w" 38 | format: "flag" 39 | - name: "threads" 40 | type: "int" 41 | description: "线程数" 42 | required: false 43 | flag: "-t" 44 | format: "flag" 45 | default: 30 46 | - name: "recursive" 47 | type: "bool" 48 | description: "启用递归扫描" 49 | required: false 50 | flag: "-r" 51 | format: "flag" 52 | default: false 53 | - name: "additional_args" 54 | type: "string" 55 | description: | 56 | 额外的dirsearch参数。用于传递未在参数列表中定义的dirsearch选项。 57 | 58 | **示例值:** 59 | - 根据工具特性添加常用参数示例 60 | 61 | **注意事项:** 62 | - 多个参数用空格分隔 63 | - 确保参数格式正确,避免命令注入 64 | - 此参数会直接追加到命令末尾 65 | required: false 66 | format: "positional" 67 | -------------------------------------------------------------------------------- /tools/masscan.yaml: -------------------------------------------------------------------------------- 1 | name: "masscan" 2 | command: "masscan" 3 | enabled: true 4 | short_description: "高速互联网级端口扫描工具" 5 | description: | 6 | Masscan是一个高速端口扫描工具,可以在几分钟内扫描整个互联网。 7 | 8 | **主要功能:** 9 | - 极高的扫描速度 10 | - 支持大规模网络扫描 11 | - Banner抓取 12 | - 可配置扫描速率 13 | 14 | **使用场景:** 15 | - 大规模网络扫描 16 | - 互联网级扫描 17 | - 快速端口发现 18 | parameters: 19 | - name: "target" 20 | type: "string" 21 | description: "目标IP地址或CIDR范围" 22 | required: true 23 | position: 0 24 | format: "positional" 25 | - name: "ports" 26 | type: "string" 27 | description: "端口范围(如:1-65535)" 28 | required: false 29 | flag: "-p" 30 | format: "flag" 31 | default: "1-65535" 32 | - name: "rate" 33 | type: "int" 34 | description: "每秒数据包数" 35 | required: false 36 | flag: "--rate" 37 | format: "flag" 38 | default: 1000 39 | - name: "interface" 40 | type: "string" 41 | description: "网络接口" 42 | required: false 43 | flag: "-e" 44 | format: "flag" 45 | - name: "banners" 46 | type: "bool" 47 | description: "启用Banner抓取" 48 | required: false 49 | flag: "--banners" 50 | format: "flag" 51 | default: false 52 | - name: "additional_args" 53 | type: "string" 54 | description: | 55 | 额外的masscan参数。用于传递未在参数列表中定义的masscan选项。 56 | 57 | **示例值:** 58 | - 根据工具特性添加常用参数示例 59 | 60 | **注意事项:** 61 | - 多个参数用空格分隔 62 | - 确保参数格式正确,避免命令注入 63 | - 此参数会直接追加到命令末尾 64 | required: false 65 | format: "positional" 66 | -------------------------------------------------------------------------------- /cmd/test-config/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | "cyberstrike-ai/internal/config" 8 | ) 9 | 10 | func main() { 11 | if len(os.Args) < 2 { 12 | fmt.Println("Usage: go run cmd/test-config/main.go ") 13 | os.Exit(1) 14 | } 15 | 16 | configPath := os.Args[1] 17 | cfg, err := config.Load(configPath) 18 | if err != nil { 19 | fmt.Printf("Error loading config: %v\n", err) 20 | os.Exit(1) 21 | } 22 | 23 | if cfg.ExternalMCP.Servers == nil { 24 | fmt.Println("No external MCP servers configured") 25 | os.Exit(0) 26 | } 27 | 28 | fmt.Printf("Found %d external MCP server(s):\n\n", len(cfg.ExternalMCP.Servers)) 29 | 30 | for name, srv := range cfg.ExternalMCP.Servers { 31 | fmt.Printf("Name: %s\n", name) 32 | fmt.Printf(" Transport: %s\n", getTransport(srv)) 33 | fmt.Printf(" Command: %s\n", srv.Command) 34 | if len(srv.Args) > 0 { 35 | fmt.Printf(" Args: %v\n", srv.Args) 36 | } 37 | fmt.Printf(" URL: %s\n", srv.URL) 38 | fmt.Printf(" Description: %s\n", srv.Description) 39 | fmt.Printf(" Timeout: %d seconds\n", srv.Timeout) 40 | fmt.Printf(" Enabled: %v\n", srv.Enabled) 41 | fmt.Printf(" Disabled: %v\n", srv.Disabled) 42 | fmt.Println() 43 | } 44 | } 45 | 46 | func getTransport(srv config.ExternalMCPServerConfig) string { 47 | if srv.Transport != "" { 48 | return srv.Transport 49 | } 50 | if srv.Command != "" { 51 | return "stdio" 52 | } 53 | if srv.URL != "" { 54 | return "http" 55 | } 56 | return "unknown" 57 | } 58 | -------------------------------------------------------------------------------- /tools/trivy.yaml: -------------------------------------------------------------------------------- 1 | name: "trivy" 2 | command: "trivy" 3 | enabled: true 4 | short_description: "容器和文件系统漏洞扫描器" 5 | description: | 6 | Trivy是一个简单而全面的容器和文件系统漏洞扫描器。 7 | 8 | **主要功能:** 9 | - 容器镜像扫描 10 | - 文件系统扫描 11 | - 代码仓库扫描 12 | - 配置文件扫描 13 | 14 | **使用场景:** 15 | - 容器安全扫描 16 | - CI/CD集成 17 | - 漏洞检测 18 | - 安全审计 19 | parameters: 20 | - name: "scan_type" 21 | type: "string" 22 | description: "扫描类型(image, fs, repo, config)" 23 | required: false 24 | default: "image" 25 | position: 0 26 | format: "positional" 27 | - name: "target" 28 | type: "string" 29 | description: "扫描目标(镜像名、目录、仓库)" 30 | required: true 31 | position: 1 32 | format: "positional" 33 | - name: "severity" 34 | type: "string" 35 | description: "严重程度过滤(UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL)" 36 | required: false 37 | flag: "--severity" 38 | format: "flag" 39 | - name: "output_format" 40 | type: "string" 41 | description: "输出格式(json, table, sarif)" 42 | required: false 43 | flag: "--format" 44 | format: "flag" 45 | default: "json" 46 | - name: "additional_args" 47 | type: "string" 48 | description: | 49 | 额外的Trivy参数。用于传递未在参数列表中定义的Trivy选项。 50 | 51 | **示例值:** 52 | - "--exit-code 1": 发现漏洞时退出码为1 53 | - "--skip-dirs": 跳过目录 54 | - "--skip-files": 跳过文件 55 | - "--no-progress": 不显示进度条 56 | 57 | **注意事项:** 58 | - 多个参数用空格分隔 59 | - 确保参数格式正确,避免命令注入 60 | - 此参数会直接追加到命令末尾 61 | required: false 62 | format: "positional" 63 | -------------------------------------------------------------------------------- /tools/dalfox.yaml: -------------------------------------------------------------------------------- 1 | name: "dalfox" 2 | command: "dalfox" 3 | enabled: true 4 | short_description: "高级XSS漏洞扫描器" 5 | description: | 6 | Dalfox是一个高级XSS漏洞扫描器,支持多种XSS检测技术。 7 | 8 | **主要功能:** 9 | - XSS漏洞检测 10 | - 盲XSS测试 11 | - DOM挖掘 12 | - 字典挖掘 13 | 14 | **使用场景:** 15 | - XSS漏洞测试 16 | - Web应用安全测试 17 | - Bug bounty侦察 18 | - 安全测试 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "-u" 25 | format: "flag" 26 | - name: "pipe_mode" 27 | type: "bool" 28 | description: "使用管道模式输入" 29 | required: false 30 | flag: "--pipe" 31 | format: "flag" 32 | default: false 33 | - name: "blind" 34 | type: "string" 35 | description: "盲XSS回调地址(例如Burp Collaborator URL)" 36 | required: false 37 | flag: "--blind" 38 | format: "flag" 39 | - name: "mining_dom" 40 | type: "bool" 41 | description: "启用DOM挖掘" 42 | required: false 43 | flag: "--mining-dom" 44 | format: "flag" 45 | default: true 46 | - name: "mining_dict" 47 | type: "bool" 48 | description: "启用字典挖掘" 49 | required: false 50 | flag: "--mining-dict" 51 | format: "flag" 52 | default: true 53 | - name: "additional_args" 54 | type: "string" 55 | description: | 56 | 额外的dalfox参数。用于传递未在参数列表中定义的dalfox选项。 57 | 58 | **示例值:** 59 | - 根据工具特性添加常用参数示例 60 | 61 | **注意事项:** 62 | - 多个参数用空格分隔 63 | - 确保参数格式正确,避免命令注入 64 | - 此参数会直接追加到命令末尾 65 | required: false 66 | format: "positional" 67 | -------------------------------------------------------------------------------- /tools/exiftool.yaml: -------------------------------------------------------------------------------- 1 | name: "exiftool" 2 | command: "exiftool" 3 | enabled: true 4 | short_description: "元数据提取工具" 5 | description: | 6 | ExifTool用于读取、写入和编辑各种文件格式的元数据。 7 | 8 | **主要功能:** 9 | - 元数据提取 10 | - 多种文件格式支持 11 | - 元数据编辑 12 | - 批量处理 13 | 14 | **使用场景:** 15 | - 取证分析 16 | - 元数据检查 17 | - 隐私保护 18 | - 文件分析 19 | parameters: 20 | - name: "file_path" 21 | type: "string" 22 | description: "要分析的文件路径" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "output_json" 27 | type: "bool" 28 | description: "以JSON格式输出(等同于 -json)" 29 | required: false 30 | flag: "-json" 31 | format: "flag" 32 | default: false 33 | - name: "output_xml" 34 | type: "bool" 35 | description: "以XML格式输出(等同于 -X)" 36 | required: false 37 | flag: "-X" 38 | format: "flag" 39 | default: false 40 | - name: "output_csv" 41 | type: "bool" 42 | description: "以CSV格式输出(等同于 -csv)" 43 | required: false 44 | flag: "-csv" 45 | format: "flag" 46 | default: false 47 | - name: "tags" 48 | type: "string" 49 | description: "要提取的特定标签" 50 | required: false 51 | format: "template" 52 | template: "-{value}" 53 | - name: "additional_args" 54 | type: "string" 55 | description: | 56 | 额外的exiftool参数。用于传递未在参数列表中定义的exiftool选项。 57 | 58 | **示例值:** 59 | - 根据工具特性添加常用参数示例 60 | 61 | **注意事项:** 62 | - 多个参数用空格分隔 63 | - 确保参数格式正确,避免命令注入 64 | - 此参数会直接追加到命令末尾 65 | required: false 66 | format: "positional" 67 | -------------------------------------------------------------------------------- /internal/logger/logger.go: -------------------------------------------------------------------------------- 1 | package logger 2 | 3 | import ( 4 | "os" 5 | 6 | "go.uber.org/zap" 7 | "go.uber.org/zap/zapcore" 8 | ) 9 | 10 | type Logger struct { 11 | *zap.Logger 12 | } 13 | 14 | func New(level, output string) *Logger { 15 | var zapLevel zapcore.Level 16 | switch level { 17 | case "debug": 18 | zapLevel = zapcore.DebugLevel 19 | case "info": 20 | zapLevel = zapcore.InfoLevel 21 | case "warn": 22 | zapLevel = zapcore.WarnLevel 23 | case "error": 24 | zapLevel = zapcore.ErrorLevel 25 | default: 26 | zapLevel = zapcore.InfoLevel 27 | } 28 | 29 | config := zap.NewProductionConfig() 30 | config.Level = zap.NewAtomicLevelAt(zapLevel) 31 | config.EncoderConfig.TimeKey = "timestamp" 32 | config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder 33 | 34 | var writeSyncer zapcore.WriteSyncer 35 | if output == "stdout" { 36 | writeSyncer = zapcore.AddSync(os.Stdout) 37 | } else { 38 | file, err := os.OpenFile(output, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666) 39 | if err != nil { 40 | writeSyncer = zapcore.AddSync(os.Stdout) 41 | } else { 42 | writeSyncer = zapcore.AddSync(file) 43 | } 44 | } 45 | 46 | core := zapcore.NewCore( 47 | zapcore.NewJSONEncoder(config.EncoderConfig), 48 | writeSyncer, 49 | zapLevel, 50 | ) 51 | 52 | logger := zap.New(core, zap.AddCaller(), zap.AddStacktrace(zapcore.ErrorLevel)) 53 | 54 | return &Logger{Logger: logger} 55 | } 56 | 57 | func (l *Logger) Fatal(msg string, fields ...interface{}) { 58 | l.Logger.Fatal(msg, zap.Any("fields", fields)) 59 | } 60 | 61 | -------------------------------------------------------------------------------- /tools/arjun.yaml: -------------------------------------------------------------------------------- 1 | name: "arjun" 2 | command: "arjun" 3 | enabled: true 4 | short_description: "HTTP参数发现工具" 5 | description: | 6 | Arjun是一个HTTP参数发现工具,用于发现Web应用中的隐藏参数。 7 | 8 | **主要功能:** 9 | - HTTP参数发现 10 | - 多种HTTP方法支持 11 | - 多线程支持 12 | - 稳定模式 13 | 14 | **使用场景:** 15 | - 参数发现 16 | - Web应用安全测试 17 | - Bug bounty侦察 18 | - 安全测试 19 | parameters: 20 | - name: "url" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "-u" 25 | format: "flag" 26 | - name: "method" 27 | type: "string" 28 | description: "HTTP方法(GET, POST等)" 29 | required: false 30 | flag: "-m" 31 | format: "flag" 32 | default: "GET" 33 | - name: "wordlist" 34 | type: "string" 35 | description: "自定义字典文件" 36 | required: false 37 | flag: "-w" 38 | format: "flag" 39 | - name: "threads" 40 | type: "int" 41 | description: "线程数" 42 | required: false 43 | flag: "-t" 44 | format: "flag" 45 | default: 25 46 | - name: "stable" 47 | type: "bool" 48 | description: "使用稳定模式" 49 | required: false 50 | flag: "--stable" 51 | format: "flag" 52 | default: false 53 | - name: "additional_args" 54 | type: "string" 55 | description: | 56 | 额外的Arjun参数。用于传递未在参数列表中定义的Arjun选项。 57 | 58 | **示例值:** 59 | - "-o output.txt": 输出到文件 60 | - "-q": 安静模式 61 | - "-i": 从文件读取URL 62 | 63 | **注意事项:** 64 | - 多个参数用空格分隔 65 | - 确保参数格式正确,避免命令注入 66 | - 此参数会直接追加到命令末尾 67 | required: false 68 | format: "positional" 69 | -------------------------------------------------------------------------------- /tools/prowler.yaml: -------------------------------------------------------------------------------- 1 | name: "prowler" 2 | command: "prowler" 3 | enabled: true 4 | short_description: "云安全评估工具(AWS, Azure, GCP)" 5 | description: | 6 | Prowler是一个全面的云安全评估工具,支持AWS、Azure和GCP。 7 | 8 | **主要功能:** 9 | - 云安全评估 10 | - 合规性检查 11 | - 安全最佳实践检查 12 | - 多种输出格式 13 | 14 | **使用场景:** 15 | - 云安全审计 16 | - 合规性检查 17 | - 安全评估 18 | - 云配置审计 19 | parameters: 20 | - name: "provider" 21 | type: "string" 22 | description: "云提供商(aws, azure, gcp)" 23 | required: false 24 | default: "aws" 25 | position: 0 26 | format: "positional" 27 | - name: "profile" 28 | type: "string" 29 | description: "AWS配置文件" 30 | required: false 31 | flag: "-p" 32 | format: "flag" 33 | default: "default" 34 | - name: "region" 35 | type: "string" 36 | description: "要扫描的特定区域" 37 | required: false 38 | flag: "-r" 39 | format: "flag" 40 | - name: "checks" 41 | type: "string" 42 | description: "要运行的特定检查" 43 | required: false 44 | flag: "-c" 45 | format: "flag" 46 | - name: "output_format" 47 | type: "string" 48 | description: "输出格式(json, csv, html)" 49 | required: false 50 | flag: "-M" 51 | format: "flag" 52 | default: "json" 53 | - name: "additional_args" 54 | type: "string" 55 | description: | 56 | 额外的prowler参数。用于传递未在参数列表中定义的prowler选项。 57 | 58 | **示例值:** 59 | - 根据工具特性添加常用参数示例 60 | 61 | **注意事项:** 62 | - 多个参数用空格分隔 63 | - 确保参数格式正确,避免命令注入 64 | - 此参数会直接追加到命令末尾 65 | required: false 66 | format: "positional" 67 | -------------------------------------------------------------------------------- /tools/kube-hunter.yaml: -------------------------------------------------------------------------------- 1 | name: "kube-hunter" 2 | command: "kube-hunter" 3 | enabled: true 4 | short_description: "Kubernetes渗透测试工具" 5 | description: | 6 | Kube-hunter是一个Kubernetes渗透测试工具,用于发现Kubernetes集群中的安全问题。 7 | 8 | **主要功能:** 9 | - Kubernetes安全扫描 10 | - 漏洞发现 11 | - 配置问题检测 12 | - 主动和被动模式 13 | 14 | **使用场景:** 15 | - Kubernetes安全测试 16 | - 集群安全评估 17 | - 渗透测试 18 | - 安全审计 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "特定目标扫描" 23 | required: false 24 | flag: "--remote" 25 | format: "flag" 26 | - name: "cidr" 27 | type: "string" 28 | description: "CIDR范围扫描" 29 | required: false 30 | flag: "--cidr" 31 | format: "flag" 32 | - name: "interface" 33 | type: "string" 34 | description: "网络接口扫描" 35 | required: false 36 | flag: "--interface" 37 | format: "flag" 38 | - name: "active" 39 | type: "bool" 40 | description: "启用主动扫描(可能有风险)" 41 | required: false 42 | flag: "--active" 43 | format: "flag" 44 | default: false 45 | - name: "report" 46 | type: "string" 47 | description: "报告格式(json, yaml)" 48 | required: false 49 | flag: "--report" 50 | format: "flag" 51 | default: "json" 52 | - name: "additional_args" 53 | type: "string" 54 | description: | 55 | 额外的kube-hunter参数。用于传递未在参数列表中定义的kube-hunter选项。 56 | 57 | **示例值:** 58 | - 根据工具特性添加常用参数示例 59 | 60 | **注意事项:** 61 | - 多个参数用空格分隔 62 | - 确保参数格式正确,避免命令注入 63 | - 此参数会直接追加到命令末尾 64 | required: false 65 | format: "positional" 66 | -------------------------------------------------------------------------------- /tools/ropper.yaml: -------------------------------------------------------------------------------- 1 | name: "ropper" 2 | command: "ropper" 3 | enabled: true 4 | short_description: "高级ROP/JOP gadget搜索工具" 5 | description: | 6 | Ropper是一个高级ROP/JOP gadget搜索工具,用于漏洞利用开发。 7 | 8 | **主要功能:** 9 | - ROP/JOP gadget搜索 10 | - Gadget质量评估 11 | - 多种架构支持 12 | - 利用链生成 13 | 14 | **使用场景:** 15 | - 漏洞利用开发 16 | - ROP链构建 17 | - 二进制分析 18 | - 安全研究 19 | parameters: 20 | - name: "binary" 21 | type: "string" 22 | description: "要分析的二进制文件路径" 23 | required: true 24 | flag: "--file" 25 | format: "flag" 26 | - name: "gadget_type" 27 | type: "string" 28 | description: "Gadget类型(rop, jop, sys, all)" 29 | required: false 30 | flag: "--type" 31 | format: "flag" 32 | default: "rop" 33 | - name: "quality" 34 | type: "int" 35 | description: "Gadget质量级别(1-5)" 36 | required: false 37 | flag: "--quality" 38 | format: "flag" 39 | default: 1 40 | - name: "arch" 41 | type: "string" 42 | description: "目标架构(x86, x86_64, arm等)" 43 | required: false 44 | flag: "--arch" 45 | format: "flag" 46 | - name: "search_string" 47 | type: "string" 48 | description: "要搜索的特定gadget模式" 49 | required: false 50 | flag: "--search" 51 | format: "flag" 52 | - name: "additional_args" 53 | type: "string" 54 | description: | 55 | 额外的ropper参数。用于传递未在参数列表中定义的ropper选项。 56 | 57 | **示例值:** 58 | - 根据工具特性添加常用参数示例 59 | 60 | **注意事项:** 61 | - 多个参数用空格分隔 62 | - 确保参数格式正确,避免命令注入 63 | - 此参数会直接追加到命令末尾 64 | required: false 65 | format: "positional" 66 | -------------------------------------------------------------------------------- /tools/uro.yaml: -------------------------------------------------------------------------------- 1 | name: "uro" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import subprocess 8 | import sys 9 | 10 | if len(sys.argv) < 2: 11 | sys.stderr.write("缺少URL列表\n") 12 | sys.exit(1) 13 | 14 | urls = sys.argv[1] 15 | extra = sys.argv[2] if len(sys.argv) > 2 else "" 16 | 17 | cmd = ["uro"] 18 | if extra: 19 | cmd.extend(shlex.split(extra)) 20 | 21 | proc = subprocess.run( 22 | cmd, 23 | input=urls, 24 | capture_output=True, 25 | text=True, 26 | ) 27 | if proc.stdout: 28 | sys.stdout.write(proc.stdout) 29 | if proc.stderr: 30 | sys.stderr.write(proc.stderr) 31 | sys.exit(proc.returncode) 32 | enabled: true 33 | short_description: "URL过滤工具,用于过滤相似的URL" 34 | description: | 35 | Uro是一个URL过滤工具,用于过滤掉相似的URL,去除重复项。 36 | 37 | **主要功能:** 38 | - URL去重 39 | - 相似URL过滤 40 | - 白名单/黑名单支持 41 | - 快速处理 42 | 43 | **使用场景:** 44 | - URL去重 45 | - 结果过滤 46 | - 数据清理 47 | - 工具链集成 48 | parameters: 49 | - name: "urls" 50 | type: "string" 51 | description: "要过滤的URL(每行一个)" 52 | required: true 53 | position: 0 54 | format: "positional" 55 | - name: "additional_args" 56 | type: "string" 57 | description: | 58 | 额外的uro参数。用于传递未在参数列表中定义的uro选项。 59 | 60 | **示例值:** 61 | - 根据工具特性添加常用参数示例 62 | 63 | **注意事项:** 64 | - 多个参数用空格分隔 65 | - 确保参数格式正确,避免命令注入 66 | - 此参数会直接追加到命令末尾 67 | required: false 68 | default: "" 69 | position: 1 70 | format: "positional" 71 | -------------------------------------------------------------------------------- /tools/nikto.yaml: -------------------------------------------------------------------------------- 1 | name: "nikto" 2 | command: "nikto" 3 | enabled: true 4 | # 简短描述(用于工具列表,减少token消耗) 5 | short_description: "Web服务器扫描工具,用于检测Web服务器和应用程序中的已知漏洞和配置错误" 6 | # 工具详细描述 7 | description: | 8 | Web服务器扫描工具,用于检测Web服务器和应用程序中的已知漏洞、配置错误和潜在安全问题。 9 | 10 | **主要功能:** 11 | - 检测Web服务器版本和配置问题 12 | - 识别已知的Web漏洞和CVE 13 | - 检测危险文件和目录 14 | - 检查服务器配置错误 15 | - 识别过时的软件版本 16 | - 检测默认文件和脚本 17 | 18 | **使用场景:** 19 | - Web应用安全评估 20 | - 服务器配置审计 21 | - 漏洞扫描和发现 22 | - 渗透测试前期信息收集 23 | 24 | **注意事项:** 25 | - 扫描可能产生大量日志,注意日志管理 26 | - 某些扫描可能触发WAF或IDS告警 27 | - 建议在授权范围内使用 28 | - 扫描结果需要人工验证 29 | # 参数定义 30 | parameters: 31 | - name: "target" 32 | type: "string" 33 | description: | 34 | 目标URL或IP地址。可以是完整的URL或IP地址。 35 | 36 | **格式要求:** 37 | - 可以包含协议(http:// 或 https://) 38 | - 可以只提供IP地址或域名 39 | - 如果只提供IP,默认使用http协议 40 | 41 | **示例值:** 42 | - 完整URL: "http://example.com" 43 | - HTTPS: "https://example.com" 44 | - IP地址: "192.168.1.1" 45 | - 带端口: "http://example.com:8080" 46 | - 带路径: "http://example.com/admin" 47 | 48 | **注意事项:** 49 | - 如果只提供IP,工具会使用http协议 50 | - 建议提供完整URL以确保正确扫描 51 | - 必需参数,不能为空 52 | required: true 53 | flag: "-h" 54 | format: "flag" 55 | - name: "additional_args" 56 | type: "string" 57 | description: | 58 | 额外的nikto参数。用于传递未在参数列表中定义的nikto选项。 59 | 60 | **示例值:** 61 | - 根据工具特性添加常用参数示例 62 | 63 | **注意事项:** 64 | - 多个参数用空格分隔 65 | - 确保参数格式正确,避免命令注入 66 | - 此参数会直接追加到命令末尾 67 | required: false 68 | format: "positional" 69 | -------------------------------------------------------------------------------- /tools/terrascan.yaml: -------------------------------------------------------------------------------- 1 | name: "terrascan" 2 | command: "terrascan" 3 | enabled: true 4 | short_description: "基础设施即代码安全扫描工具" 5 | description: | 6 | Terrascan是一个基础设施即代码安全扫描工具,用于检测IaC配置中的安全问题。 7 | 8 | **主要功能:** 9 | - IaC安全扫描 10 | - 多种框架支持 11 | - 策略检查 12 | - 合规性验证 13 | 14 | **使用场景:** 15 | - IaC安全扫描 16 | - 云配置审计 17 | - 安全策略检查 18 | - 合规性检查 19 | parameters: 20 | - name: "scan_type" 21 | type: "string" 22 | description: "扫描类型(all, terraform, k8s等)" 23 | required: false 24 | flag: "--scan-type" 25 | format: "flag" 26 | default: "all" 27 | - name: "iac_dir" 28 | type: "string" 29 | description: "IaC目录" 30 | required: false 31 | flag: "-d" 32 | format: "flag" 33 | default: "." 34 | - name: "policy_type" 35 | type: "string" 36 | description: "要使用的策略类型" 37 | required: false 38 | flag: "--policy-type" 39 | format: "flag" 40 | - name: "output_format" 41 | type: "string" 42 | description: "输出格式(json, yaml, xml)" 43 | required: false 44 | flag: "--output" 45 | format: "flag" 46 | default: "json" 47 | - name: "severity" 48 | type: "string" 49 | description: "严重程度过滤(high, medium, low)" 50 | required: false 51 | flag: "--severity" 52 | format: "flag" 53 | - name: "additional_args" 54 | type: "string" 55 | description: | 56 | 额外的terrascan参数。用于传递未在参数列表中定义的terrascan选项。 57 | 58 | **示例值:** 59 | - 根据工具特性添加常用参数示例 60 | 61 | **注意事项:** 62 | - 多个参数用空格分隔 63 | - 确保参数格式正确,避免命令注入 64 | - 此参数会直接追加到命令末尾 65 | required: false 66 | format: "positional" 67 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module cyberstrike-ai 2 | 3 | go 1.21 4 | 5 | require ( 6 | github.com/gin-gonic/gin v1.9.1 7 | github.com/google/uuid v1.5.0 8 | github.com/mattn/go-sqlite3 v1.14.18 9 | github.com/pkoukk/tiktoken-go v0.1.8 10 | go.uber.org/zap v1.26.0 11 | gopkg.in/yaml.v3 v3.0.1 12 | ) 13 | 14 | require ( 15 | github.com/bytedance/sonic v1.9.1 // indirect 16 | github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect 17 | github.com/dlclark/regexp2 v1.10.0 // indirect 18 | github.com/gabriel-vasile/mimetype v1.4.2 // indirect 19 | github.com/gin-contrib/sse v0.1.0 // indirect 20 | github.com/go-playground/locales v0.14.1 // indirect 21 | github.com/go-playground/universal-translator v0.18.1 // indirect 22 | github.com/go-playground/validator/v10 v10.14.0 // indirect 23 | github.com/goccy/go-json v0.10.2 // indirect 24 | github.com/json-iterator/go v1.1.12 // indirect 25 | github.com/klauspost/cpuid/v2 v2.2.4 // indirect 26 | github.com/leodido/go-urn v1.2.4 // indirect 27 | github.com/mattn/go-isatty v0.0.19 // indirect 28 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 29 | github.com/modern-go/reflect2 v1.0.2 // indirect 30 | github.com/pelletier/go-toml/v2 v2.0.8 // indirect 31 | github.com/twitchyliquid64/golang-asm v0.15.1 // indirect 32 | github.com/ugorji/go/codec v1.2.11 // indirect 33 | go.uber.org/multierr v1.11.0 // indirect 34 | golang.org/x/arch v0.3.0 // indirect 35 | golang.org/x/crypto v0.14.0 // indirect 36 | golang.org/x/net v0.17.0 // indirect 37 | golang.org/x/sys v0.13.0 // indirect 38 | golang.org/x/text v0.13.0 // indirect 39 | google.golang.org/protobuf v1.30.0 // indirect 40 | ) 41 | -------------------------------------------------------------------------------- /tools/bloodhound.yaml: -------------------------------------------------------------------------------- 1 | name: "bloodhound" 2 | command: "bloodhound-python" 3 | enabled: true 4 | short_description: "Active Directory 攻击路径分析和可视化工具" 5 | description: | 6 | BloodHound 是一个 Active Directory 攻击路径分析和可视化工具,通过收集域内信息并分析攻击路径。 7 | 8 | **主要功能:** 9 | - 域信息收集 10 | - 攻击路径分析 11 | - 权限关系可视化 12 | - 最短攻击路径计算 13 | - 高风险路径识别 14 | 15 | **使用场景:** 16 | - Active Directory 安全评估 17 | - 后渗透测试 18 | - 域环境审计 19 | - 红队演练 20 | 21 | **注意事项:** 22 | - 需要域用户凭据 23 | - 需要 Neo4j 数据库支持 24 | - 收集过程可能需要较长时间 25 | - 建议在授权环境中使用 26 | parameters: 27 | - name: "domain" 28 | type: "string" 29 | description: "目标域名" 30 | required: false 31 | flag: "-d" 32 | format: "flag" 33 | - name: "username" 34 | type: "string" 35 | description: "域用户名" 36 | required: false 37 | flag: "-u" 38 | format: "flag" 39 | - name: "password" 40 | type: "string" 41 | description: "域用户密码" 42 | required: false 43 | flag: "-p" 44 | format: "flag" 45 | - name: "collection_method" 46 | type: "string" 47 | description: "收集模式 (All, ACL, DCOM, LocalAdmin, RDP 等)" 48 | required: false 49 | default: "All" 50 | flag: "-c" 51 | format: "flag" 52 | - name: "dc" 53 | type: "string" 54 | description: "域控制器 IP 地址" 55 | required: false 56 | flag: "-dc" 57 | format: "flag" 58 | - name: "additional_args" 59 | type: "string" 60 | description: | 61 | 额外的bloodhound参数。用于传递未在参数列表中定义的bloodhound选项。 62 | 63 | **示例值:** 64 | - 根据工具特性添加常用参数示例 65 | 66 | **注意事项:** 67 | - 多个参数用空格分隔 68 | - 确保参数格式正确,避免命令注入 69 | - 此参数会直接追加到命令末尾 70 | required: false 71 | format: "positional" 72 | -------------------------------------------------------------------------------- /tools/metasploit.yaml: -------------------------------------------------------------------------------- 1 | name: "metasploit" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import json 7 | import shlex 8 | import subprocess 9 | import sys 10 | 11 | if len(sys.argv) < 2: 12 | sys.stderr.write("缺少模块名称\n") 13 | sys.exit(1) 14 | 15 | module = sys.argv[1] 16 | options_raw = sys.argv[2] if len(sys.argv) > 2 else "{}" 17 | extra = sys.argv[3] if len(sys.argv) > 3 else "" 18 | 19 | try: 20 | options = json.loads(options_raw) if options_raw else {} 21 | except json.JSONDecodeError as exc: 22 | sys.stderr.write(f"选项解析失败: {exc}\n") 23 | sys.exit(1) 24 | 25 | commands = [f"use {module}"] 26 | for key, value in options.items(): 27 | commands.append(f"set {key} {value}") 28 | commands.append("run") 29 | commands.append("exit") 30 | 31 | cmd = ["msfconsole", "-q", "-x", "; ".join(commands)] 32 | if extra: 33 | cmd.extend(shlex.split(extra)) 34 | 35 | subprocess.run(cmd, check=False) 36 | enabled: true 37 | short_description: "Metasploit渗透测试框架" 38 | description: | 39 | 通过 `msfconsole -q -x` 非交互执行模块。可提供JSON格式的模块选项,脚本自动构建 `set` 与 `run` 指令。 40 | parameters: 41 | - name: "module" 42 | type: "string" 43 | description: "要使用的Metasploit模块(例如 exploit/windows/smb/ms17_010_eternalblue)" 44 | required: true 45 | position: 0 46 | format: "positional" 47 | - name: "options" 48 | type: "string" 49 | description: "模块选项(JSON对象,键值对应 set 指令)" 50 | required: false 51 | default: "{}" 52 | position: 1 53 | format: "positional" 54 | - name: "additional_args" 55 | type: "string" 56 | description: "额外的 msfconsole 参数(追加在命令末尾)" 57 | required: false 58 | default: "" 59 | position: 2 60 | format: "positional" 61 | -------------------------------------------------------------------------------- /tools/fcrackzip.yaml: -------------------------------------------------------------------------------- 1 | name: "fcrackzip" 2 | command: "fcrackzip" 3 | enabled: true 4 | short_description: "ZIP 文件密码破解工具,支持暴力破解和字典攻击" 5 | description: | 6 | fcrackzip 是一个用于破解受密码保护的 ZIP 文件密码的工具。 7 | 8 | **主要功能:** 9 | - 暴力破解 10 | - 字典攻击 11 | - 指定字符集 12 | - 指定密码长度范围 13 | - 多线程支持 14 | 15 | **使用场景:** 16 | - CTF 竞赛 17 | - ZIP 文件密码恢复 18 | - 安全测试 19 | - 数字取证 20 | 21 | **注意事项:** 22 | - 破解时间取决于密码复杂度 23 | - 建议使用字典文件提高效率 24 | - 仅用于授权的安全测试 25 | parameters: 26 | - name: "file" 27 | type: "string" 28 | description: "要破解的 ZIP 文件路径" 29 | required: true 30 | position: 0 31 | format: "positional" 32 | - name: "dictionary_mode" 33 | type: "bool" 34 | description: "启用字典攻击模式(等同于 -D)" 35 | required: false 36 | flag: "-D" 37 | format: "flag" 38 | default: false 39 | - name: "dictionary" 40 | type: "string" 41 | description: "字典文件路径(与 -D 配合使用)" 42 | required: false 43 | flag: "-p" 44 | format: "flag" 45 | - name: "bruteforce" 46 | type: "bool" 47 | description: "使用暴力破解模式" 48 | required: false 49 | flag: "-b" 50 | format: "flag" 51 | - name: "charset" 52 | type: "string" 53 | description: "字符集,例如 'aA1' 表示小写字母、大写字母和数字" 54 | required: false 55 | flag: "-c" 56 | format: "flag" 57 | - name: "length_range" 58 | type: "string" 59 | description: "密码长度范围,格式为min-max(例如 4-8)" 60 | required: false 61 | flag: "-l" 62 | format: "flag" 63 | - name: "additional_args" 64 | type: "string" 65 | description: | 66 | 额外的fcrackzip参数。用于传递未在参数列表中定义的fcrackzip选项。 67 | 68 | **示例值:** 69 | - 根据工具特性添加常用参数示例 70 | 71 | **注意事项:** 72 | - 多个参数用空格分隔 73 | - 确保参数格式正确,避免命令注入 74 | - 此参数会直接追加到命令末尾 75 | required: false 76 | format: "positional" 77 | -------------------------------------------------------------------------------- /config.yaml: -------------------------------------------------------------------------------- 1 | # ============================================ 2 | # CyberStrikeAI 配置文件 3 | # ============================================ 4 | # 本配置文件支持通过 Web 界面进行可视化配置 5 | # 点击右上角"设置"按钮即可修改配置 6 | # ============================================ 7 | 8 | # 服务器配置 9 | server: 10 | host: 0.0.0.0 # 监听地址,0.0.0.0 表示监听所有网络接口 11 | port: 8080 # HTTP 服务端口,可通过浏览器访问 http://localhost:8080 12 | # 认证配置 13 | auth: 14 | password: # Web 登录密码,请修改为强密码 15 | session_duration_hours: 12 # 登录有效期(小时),超时后需重新登录 16 | # 日志配置 17 | log: 18 | level: info # 日志级别: debug(调试), info(信息), warn(警告), error(错误) 19 | output: stdout # 日志输出位置: stdout(标准输出), stderr(标准错误), 或文件路径 20 | # MCP 协议配置 21 | # MCP (Model Context Protocol) 用于工具注册和调用 22 | mcp: 23 | enabled: false # 是否启用 MCP 服务器(http模式) 24 | host: 0.0.0.0 # MCP 服务器监听地址 25 | port: 8081 # MCP 服务器端口 26 | # AI 模型配置(支持 OpenAI 兼容 API) 27 | # 必填项:api_key, base_url, model 必须填写才能正常运行 28 | openai: 29 | base_url: https://api.deepseek.com/v1 # API 基础 URL(必填) 30 | api_key: sk-xxxx # API 密钥(必填) 31 | # 支持的 API 服务商: 32 | # - OpenAI: https://api.openai.com/v1 33 | # - DeepSeek: https://api.deepseek.com/v1 34 | # - 其他兼容 OpenAI 协议的 API 35 | model: deepseek-chat # 模型名称(必填) 36 | max_total_tokens: 120000 # LLM 相关上下文的最大 Token 数限制(内存压缩和攻击链构建会共用此配置) 37 | # 常用模型: gpt-4, gpt-3.5-turbo, deepseek-chat, claude-3-opus 等 38 | # Agent 配置 39 | agent: 40 | max_iterations: 120 # 最大迭代次数,AI 代理最多执行多少轮工具调用 41 | # 达到最大迭代次数时,AI 会自动总结测试结果 42 | large_result_threshold: 102400 # 大结果阈值(字节),默认50KB,超过此大小会自动保存到存储 43 | result_storage_dir: tmp # 结果存储目录,大结果会保存在此目录下 44 | # 数据库配置 45 | database: 46 | path: data/conversations.db # SQLite 数据库文件路径,用于存储对话历史和消息 47 | # 安全工具配置 48 | security: 49 | tools_dir: tools # 工具配置文件目录(相对于配置文件所在目录) 50 | # 系统会从该目录加载所有 .yaml 格式的工具配置文件 51 | # 推荐方式:在 tools/ 目录下为每个工具创建独立的配置文件 52 | # 外部MCP配置 53 | external_mcp: 54 | servers: {} 55 | -------------------------------------------------------------------------------- /tools/zap.yaml: -------------------------------------------------------------------------------- 1 | name: "zap" 2 | command: "zap-cli" 3 | enabled: false 4 | short_description: "OWASP ZAP Web应用安全扫描器" 5 | description: | 6 | OWASP ZAP是一个Web应用安全扫描器,用于发现Web应用中的安全漏洞。 7 | 8 | **主要功能:** 9 | - Web应用安全扫描 10 | - 主动和被动扫描 11 | - API测试 12 | - 详细报告 13 | 14 | **使用场景:** 15 | - Web应用安全测试 16 | - 漏洞扫描 17 | - 安全评估 18 | - 渗透测试 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标URL" 23 | required: true 24 | flag: "-t" 25 | format: "flag" 26 | - name: "scan_type" 27 | type: "string" 28 | description: "扫描类型(baseline, full, api)" 29 | required: false 30 | flag: "--scan-type" 31 | format: "flag" 32 | default: "baseline" 33 | - name: "api_key" 34 | type: "string" 35 | description: "ZAP API密钥" 36 | required: false 37 | flag: "--api-key" 38 | format: "flag" 39 | - name: "daemon" 40 | type: "bool" 41 | description: "以守护进程模式运行" 42 | required: false 43 | flag: "--daemon" 44 | format: "flag" 45 | default: false 46 | - name: "port" 47 | type: "string" 48 | description: "ZAP守护进程端口" 49 | required: false 50 | flag: "--port" 51 | format: "flag" 52 | default: "8090" 53 | - name: "format_type" 54 | type: "string" 55 | description: "输出格式(xml, json, html)" 56 | required: false 57 | flag: "--format" 58 | format: "flag" 59 | default: "xml" 60 | - name: "output_file" 61 | type: "string" 62 | description: "输出文件路径" 63 | required: false 64 | flag: "--output" 65 | format: "flag" 66 | - name: "additional_args" 67 | type: "string" 68 | description: | 69 | 额外的zap参数。用于传递未在参数列表中定义的zap选项。 70 | 71 | **示例值:** 72 | - 根据工具特性添加常用参数示例 73 | 74 | **注意事项:** 75 | - 多个参数用空格分隔 76 | - 确保参数格式正确,避免命令注入 77 | - 此参数会直接追加到命令末尾 78 | required: false 79 | format: "positional" 80 | -------------------------------------------------------------------------------- /tools/anew.yaml: -------------------------------------------------------------------------------- 1 | name: "anew" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import subprocess 8 | import sys 9 | 10 | if len(sys.argv) < 2: 11 | sys.stderr.write("缺少输入数据\n") 12 | sys.exit(1) 13 | 14 | input_data = sys.argv[1] 15 | output_file = sys.argv[2] if len(sys.argv) > 2 else "" 16 | additional = sys.argv[3] if len(sys.argv) > 3 else "" 17 | 18 | cmd = ["anew"] 19 | if additional: 20 | cmd.extend(shlex.split(additional)) 21 | if output_file: 22 | cmd.append(output_file) 23 | 24 | proc = subprocess.run( 25 | cmd, 26 | input=input_data.encode("utf-8"), 27 | capture_output=True, 28 | text=True, 29 | ) 30 | 31 | if proc.returncode != 0: 32 | sys.stderr.write(proc.stderr or proc.stdout) 33 | sys.exit(proc.returncode) 34 | 35 | sys.stdout.write(proc.stdout) 36 | enabled: true 37 | short_description: "数据去重工具,用于处理文件中的新行" 38 | description: | 39 | Anew是一个数据去重工具,用于将新行追加到文件中,自动过滤重复项。 40 | 41 | **主要功能:** 42 | - 数据去重 43 | - 文件追加 44 | - 唯一行过滤 45 | - 快速处理 46 | 47 | **使用场景:** 48 | - 数据处理 49 | - 结果去重 50 | - 数据合并 51 | - 工具链集成 52 | parameters: 53 | - name: "input_data" 54 | type: "string" 55 | description: "输入数据" 56 | required: true 57 | position: 0 58 | format: "positional" 59 | - name: "output_file" 60 | type: "string" 61 | description: "输出文件路径" 62 | required: false 63 | default: "" 64 | position: 1 65 | format: "positional" 66 | - name: "additional_args" 67 | type: "string" 68 | description: | 69 | 额外的anew参数。用于传递未在参数列表中定义的anew选项。 70 | 71 | **示例值:** 72 | - 根据工具特性添加常用参数示例 73 | 74 | **注意事项:** 75 | - 多个参数用空格分隔 76 | - 确保参数格式正确,避免命令注入 77 | - 此参数会直接追加到命令末尾 78 | required: false 79 | default: "" 80 | position: 2 81 | format: "positional" 82 | -------------------------------------------------------------------------------- /tools/hash-identifier.yaml: -------------------------------------------------------------------------------- 1 | name: "hash-identifier" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import subprocess 8 | import sys 9 | 10 | if len(sys.argv) < 2: 11 | sys.stderr.write("缺少哈希值\n") 12 | sys.exit(1) 13 | 14 | hash_value = sys.argv[1] 15 | extra = sys.argv[2] if len(sys.argv) > 2 else "" 16 | 17 | cmd = ["hash-identifier"] 18 | if extra: 19 | cmd.extend(shlex.split(extra)) 20 | 21 | proc = subprocess.run( 22 | cmd, 23 | input=f"{hash_value}\n", 24 | capture_output=True, 25 | text=True, 26 | ) 27 | 28 | if proc.returncode != 0: 29 | sys.stderr.write(proc.stderr or proc.stdout) 30 | sys.exit(proc.returncode) 31 | 32 | sys.stdout.write(proc.stdout) 33 | enabled: true 34 | short_description: "哈希类型识别工具,用于识别未知哈希值的类型" 35 | description: | 36 | hash-identifier 是一个用于识别哈希值类型的工具,可以帮助确定未知哈希值使用的算法。 37 | 38 | **主要功能:** 39 | - 识别多种哈希算法 40 | - 支持 MD5, SHA1, SHA256, bcrypt 等 41 | - 交互式识别 42 | - 快速识别常见哈希类型 43 | 44 | **支持的哈希类型:** 45 | - MD5 46 | - SHA1, SHA256, SHA512 47 | - bcrypt 48 | - NTLM 49 | - MySQL 50 | - PostgreSQL 51 | - 等多种哈希算法 52 | 53 | **使用场景:** 54 | - CTF 密码破解 55 | - 哈希值分析 56 | - 密码学研究 57 | - 安全审计 58 | 59 | **注意事项:** 60 | - 需要 Python 环境 61 | - 交互式工具,可能需要特殊处理 62 | parameters: 63 | - name: "hash" 64 | type: "string" 65 | description: "要识别的哈希值" 66 | required: true 67 | position: 0 68 | format: "positional" 69 | - name: "additional_args" 70 | type: "string" 71 | description: | 72 | 额外的hash-identifier参数。用于传递未在参数列表中定义的hash-identifier选项。 73 | 74 | **示例值:** 75 | - 根据工具特性添加常用参数示例 76 | 77 | **注意事项:** 78 | - 多个参数用空格分隔 79 | - 确保参数格式正确,避免命令注入 80 | - 此参数会直接追加到命令末尾 81 | required: false 82 | default: "" 83 | position: 1 84 | format: "positional" 85 | -------------------------------------------------------------------------------- /tools/qsreplace.yaml: -------------------------------------------------------------------------------- 1 | name: "qsreplace" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import subprocess 8 | import sys 9 | 10 | if len(sys.argv) < 2: 11 | sys.stderr.write("缺少URL列表\n") 12 | sys.exit(1) 13 | 14 | urls = sys.argv[1] 15 | replacement = sys.argv[2] if len(sys.argv) > 2 else "" 16 | extra = sys.argv[3] if len(sys.argv) > 3 else "" 17 | 18 | cmd = ["qsreplace"] 19 | if extra: 20 | cmd.extend(shlex.split(extra)) 21 | if replacement: 22 | cmd.append(replacement) 23 | 24 | proc = subprocess.run( 25 | cmd, 26 | input=urls, 27 | capture_output=True, 28 | text=True, 29 | ) 30 | if proc.stdout: 31 | sys.stdout.write(proc.stdout) 32 | if proc.stderr: 33 | sys.stderr.write(proc.stderr) 34 | sys.exit(proc.returncode) 35 | enabled: true 36 | short_description: "查询字符串参数替换工具" 37 | description: | 38 | Qsreplace是一个用于替换URL中查询字符串参数的工具,常用于模糊测试。 39 | 40 | **主要功能:** 41 | - 参数替换 42 | - 批量处理 43 | - 多种替换模式 44 | - 快速处理 45 | 46 | **使用场景:** 47 | - 参数模糊测试 48 | - URL处理 49 | - 工具链集成 50 | - 安全测试 51 | parameters: 52 | - name: "urls" 53 | type: "string" 54 | description: "要处理的URL(每行一个)" 55 | required: true 56 | position: 0 57 | format: "positional" 58 | - name: "replacement" 59 | type: "string" 60 | description: "替换字符串" 61 | required: false 62 | default: "" 63 | position: 1 64 | format: "positional" 65 | - name: "additional_args" 66 | type: "string" 67 | description: | 68 | 额外的Qsreplace参数。用于传递未在参数列表中定义的Qsreplace选项。 69 | 70 | **示例值:** 71 | - "-a": 追加模式 72 | - "-d": 删除参数 73 | 74 | **注意事项:** 75 | - 多个参数用空格分隔 76 | - 确保参数格式正确,避免命令注入 77 | - 此参数会直接追加到命令末尾 78 | required: false 79 | default: "" 80 | position: 2 81 | format: "positional" 82 | -------------------------------------------------------------------------------- /tools/modify-file.yaml: -------------------------------------------------------------------------------- 1 | name: "modify-file" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import sys 7 | from pathlib import Path 8 | 9 | if len(sys.argv) < 3: 10 | sys.stderr.write("Usage: modify-file [append]\n") 11 | sys.exit(1) 12 | 13 | filename = sys.argv[1] 14 | content = sys.argv[2] 15 | append_arg = sys.argv[3].lower() if len(sys.argv) > 3 else "false" 16 | append = append_arg in ("1", "true", "yes", "on") 17 | 18 | path = Path(filename) 19 | if not path.is_absolute(): 20 | path = Path.cwd() / path 21 | path.parent.mkdir(parents=True, exist_ok=True) 22 | 23 | mode = "a" if append else "w" 24 | with path.open(mode, encoding="utf-8") as f: 25 | f.write(content) 26 | 27 | action = "追加" if append else "覆盖" 28 | print(f"{action}写入完成: {path}") 29 | enabled: true 30 | short_description: "修改文件工具" 31 | description: | 32 | 修改服务器上的现有文件。 33 | 34 | **主要功能:** 35 | - 修改文件 36 | - 追加内容 37 | - 覆盖内容 38 | 39 | **使用场景:** 40 | - 文件编辑 41 | - 内容追加 42 | - 配置修改 43 | parameters: 44 | - name: "filename" 45 | type: "string" 46 | description: "要修改的文件名" 47 | required: true 48 | position: 0 49 | format: "positional" 50 | - name: "content" 51 | type: "string" 52 | description: "要写入或追加的内容" 53 | required: true 54 | position: 1 55 | format: "positional" 56 | - name: "append" 57 | type: "bool" 58 | description: "是否追加(true)或覆盖(false)" 59 | required: false 60 | default: false 61 | position: 2 62 | format: "positional" 63 | - name: "additional_args" 64 | type: "string" 65 | description: | 66 | 额外的modify-file参数。用于传递未在参数列表中定义的modify-file选项。 67 | 68 | **示例值:** 69 | - 根据工具特性添加常用参数示例 70 | 71 | **注意事项:** 72 | - 多个参数用空格分隔 73 | - 确保参数格式正确,避免命令注入 74 | - 此参数会直接追加到命令末尾 75 | required: false 76 | format: "positional" 77 | -------------------------------------------------------------------------------- /tools/create-file.yaml: -------------------------------------------------------------------------------- 1 | name: "create-file" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import base64 7 | import sys 8 | from pathlib import Path 9 | 10 | if len(sys.argv) < 3: 11 | sys.stderr.write("Usage: create-file [binary]\n") 12 | sys.exit(1) 13 | 14 | filename = sys.argv[1] 15 | content = sys.argv[2] 16 | binary_arg = sys.argv[3].lower() if len(sys.argv) > 3 else "false" 17 | binary = binary_arg in ("1", "true", "yes", "on") 18 | 19 | path = Path(filename) 20 | if not path.is_absolute(): 21 | path = Path.cwd() / path 22 | path.parent.mkdir(parents=True, exist_ok=True) 23 | 24 | if binary: 25 | data = base64.b64decode(content) 26 | path.write_bytes(data) 27 | else: 28 | path.write_text(content, encoding="utf-8") 29 | 30 | print(f"文件已创建: {path}") 31 | enabled: true 32 | short_description: "创建文件工具" 33 | description: | 34 | 在服务器上创建指定内容的文件。 35 | 36 | **主要功能:** 37 | - 创建文件 38 | - 写入内容 39 | - 支持二进制文件 40 | 41 | **使用场景:** 42 | - 文件创建 43 | - 脚本生成 44 | - 数据保存 45 | parameters: 46 | - name: "filename" 47 | type: "string" 48 | description: "要创建的文件名" 49 | required: true 50 | position: 0 51 | format: "positional" 52 | - name: "content" 53 | type: "string" 54 | description: "文件内容" 55 | required: true 56 | position: 1 57 | format: "positional" 58 | - name: "binary" 59 | type: "bool" 60 | description: "内容是否为Base64编码的二进制" 61 | required: false 62 | position: 2 63 | format: "positional" 64 | default: false 65 | - name: "additional_args" 66 | type: "string" 67 | description: | 68 | 额外的create-file参数。用于传递未在参数列表中定义的create-file选项。 69 | 70 | **示例值:** 71 | - 根据工具特性添加常用参数示例 72 | 73 | **注意事项:** 74 | - 多个参数用空格分隔 75 | - 确保参数格式正确,避免命令注入 76 | - 此参数会直接追加到命令末尾 77 | required: false 78 | format: "positional" 79 | -------------------------------------------------------------------------------- /tools/enum4linux-ng.yaml: -------------------------------------------------------------------------------- 1 | name: "enum4linux-ng" 2 | command: "enum4linux-ng" 3 | enabled: true 4 | short_description: "高级SMB枚举工具(Enum4linux的下一代版本)" 5 | description: | 6 | Enum4linux-ng是Enum4linux的下一代版本,提供更强大的SMB枚举功能。 7 | 8 | **主要功能:** 9 | - SMB共享枚举 10 | - 用户和组枚举 11 | - 策略枚举 12 | - 系统信息收集 13 | 14 | **使用场景:** 15 | - Windows系统渗透测试 16 | - SMB安全评估 17 | - 域环境侦察 18 | - 安全测试 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP地址" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "username" 27 | type: "string" 28 | description: "用户名" 29 | required: false 30 | flag: "-u" 31 | format: "flag" 32 | - name: "password" 33 | type: "string" 34 | description: "密码" 35 | required: false 36 | flag: "-p" 37 | format: "flag" 38 | - name: "domain" 39 | type: "string" 40 | description: "域名" 41 | required: false 42 | flag: "-d" 43 | format: "flag" 44 | - name: "shares" 45 | type: "bool" 46 | description: "枚举共享" 47 | required: false 48 | flag: "-S" 49 | format: "flag" 50 | default: true 51 | - name: "users" 52 | type: "bool" 53 | description: "枚举用户" 54 | required: false 55 | flag: "-U" 56 | format: "flag" 57 | default: true 58 | - name: "groups" 59 | type: "bool" 60 | description: "枚举组" 61 | required: false 62 | flag: "-G" 63 | format: "flag" 64 | default: true 65 | - name: "policy" 66 | type: "bool" 67 | description: "枚举策略" 68 | required: false 69 | flag: "-P" 70 | format: "flag" 71 | default: true 72 | - name: "additional_args" 73 | type: "string" 74 | description: | 75 | 额外的enum4linux-ng参数。用于传递未在参数列表中定义的enum4linux-ng选项。 76 | 77 | **示例值:** 78 | - 根据工具特性添加常用参数示例 79 | 80 | **注意事项:** 81 | - 多个参数用空格分隔 82 | - 确保参数格式正确,避免命令注入 83 | - 此参数会直接追加到命令末尾 84 | required: false 85 | format: "positional" 86 | -------------------------------------------------------------------------------- /tools/pwntools.yaml: -------------------------------------------------------------------------------- 1 | name: "pwntools" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import os 7 | import sys 8 | 9 | if len(sys.argv) < 2: 10 | sys.stderr.write("缺少脚本内容\n") 11 | sys.exit(1) 12 | 13 | script_content = sys.argv[1] 14 | target_binary = sys.argv[2] if len(sys.argv) > 2 else "" 15 | target_host = sys.argv[3] if len(sys.argv) > 3 else "" 16 | target_port = sys.argv[4] if len(sys.argv) > 4 else "" 17 | exploit_type = sys.argv[5] if len(sys.argv) > 5 else "local" 18 | 19 | if target_binary: 20 | os.environ["PWN_BINARY"] = target_binary 21 | if target_host: 22 | os.environ["PWN_HOST"] = target_host 23 | if target_port: 24 | os.environ["PWN_PORT"] = str(target_port) 25 | if exploit_type: 26 | os.environ["PWN_EXPLOIT_TYPE"] = exploit_type 27 | 28 | exec(script_content, {}) 29 | enabled: true 30 | short_description: "CTF和漏洞利用开发框架" 31 | description: | 32 | 执行自定义pwntools脚本,并通过环境变量注入常用目标信息: 33 | - `PWN_BINARY`, `PWN_HOST`, `PWN_PORT`, `PWN_EXPLOIT_TYPE` 34 | parameters: 35 | - name: "script_content" 36 | type: "string" 37 | description: "Python脚本内容(使用pwntools)" 38 | required: true 39 | position: 0 40 | format: "positional" 41 | - name: "target_binary" 42 | type: "string" 43 | description: "本地二进制文件路径(注入PWN_BINARY)" 44 | required: false 45 | default: "" 46 | position: 1 47 | format: "positional" 48 | - name: "target_host" 49 | type: "string" 50 | description: "远程主机地址(PWN_HOST)" 51 | required: false 52 | default: "" 53 | position: 2 54 | format: "positional" 55 | - name: "target_port" 56 | type: "string" 57 | description: "远程端口(PWN_PORT)" 58 | required: false 59 | default: "" 60 | position: 3 61 | format: "positional" 62 | - name: "exploit_type" 63 | type: "string" 64 | description: "漏洞利用类型标签(PWN_EXPLOIT_TYPE)" 65 | required: false 66 | default: "local" 67 | position: 4 68 | format: "positional" 69 | -------------------------------------------------------------------------------- /tools/nmap-advanced.yaml: -------------------------------------------------------------------------------- 1 | name: "nmap-advanced" 2 | command: "nmap" 3 | enabled: true 4 | short_description: "高级Nmap扫描,支持自定义NSE脚本和优化时序" 5 | description: | 6 | 高级Nmap扫描工具,支持自定义NSE脚本、优化时序和多种扫描技术。 7 | 8 | **主要功能:** 9 | - 多种扫描技术(SYN, TCP, UDP等) 10 | - 自定义NSE脚本 11 | - 时序优化 12 | - OS检测和版本检测 13 | 14 | **使用场景:** 15 | - 高级网络扫描 16 | - 深度安全评估 17 | - 渗透测试 18 | - 网络侦察 19 | parameters: 20 | - name: "target" 21 | type: "string" 22 | description: "目标IP地址或主机名" 23 | required: true 24 | position: 0 25 | format: "positional" 26 | - name: "scan_type" 27 | type: "string" 28 | description: "扫描类型(-sS, -sT, -sU等)" 29 | required: false 30 | format: "template" 31 | template: "{value}" 32 | default: "-sS" 33 | - name: "ports" 34 | type: "string" 35 | description: "要扫描的端口" 36 | required: false 37 | flag: "-p" 38 | format: "flag" 39 | - name: "timing" 40 | type: "string" 41 | description: "时序模板(T0-T5)" 42 | required: false 43 | format: "template" 44 | template: "-T{value}" 45 | default: "4" 46 | - name: "nse_scripts" 47 | type: "string" 48 | description: "要运行的自定义NSE脚本" 49 | required: false 50 | flag: "--script" 51 | format: "flag" 52 | - name: "os_detection" 53 | type: "bool" 54 | description: "启用OS检测" 55 | required: false 56 | flag: "-O" 57 | format: "flag" 58 | default: false 59 | - name: "version_detection" 60 | type: "bool" 61 | description: "启用版本检测" 62 | required: false 63 | flag: "-sV" 64 | format: "flag" 65 | default: false 66 | - name: "aggressive" 67 | type: "bool" 68 | description: "启用激进扫描" 69 | required: false 70 | flag: "-A" 71 | format: "flag" 72 | default: false 73 | - name: "additional_args" 74 | type: "string" 75 | description: | 76 | 额外的nmap-advanced参数。用于传递未在参数列表中定义的nmap-advanced选项。 77 | 78 | **示例值:** 79 | - 根据工具特性添加常用参数示例 80 | 81 | **注意事项:** 82 | - 多个参数用空格分隔 83 | - 确保参数格式正确,避免命令注入 84 | - 此参数会直接追加到命令末尾 85 | required: false 86 | format: "positional" 87 | -------------------------------------------------------------------------------- /tools/libc-database.yaml: -------------------------------------------------------------------------------- 1 | name: "libc-database" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import subprocess 8 | import sys 9 | 10 | if len(sys.argv) < 2: 11 | sys.stderr.write("缺少操作类型(find/dump/download)\n") 12 | sys.exit(1) 13 | 14 | action = sys.argv[1] 15 | symbols = sys.argv[2] if len(sys.argv) > 2 else "" 16 | libc_id = sys.argv[3] if len(sys.argv) > 3 else "" 17 | extra = sys.argv[4] if len(sys.argv) > 4 else "" 18 | 19 | cmd = ["libc-database", action] 20 | 21 | if symbols: 22 | cmd.extend(shlex.split(symbols)) 23 | 24 | if libc_id: 25 | cmd.append(libc_id) 26 | 27 | if extra: 28 | cmd.extend(shlex.split(extra)) 29 | 30 | proc = subprocess.run(cmd, capture_output=True, text=True) 31 | if proc.stdout: 32 | sys.stdout.write(proc.stdout) 33 | if proc.stderr: 34 | sys.stderr.write(proc.stderr) 35 | sys.exit(proc.returncode) 36 | enabled: true 37 | short_description: "libc识别和偏移查找工具" 38 | description: | 39 | Libc-database是一个用于libc识别和偏移查找的工具。 40 | 41 | **主要功能:** 42 | - libc识别 43 | - 符号偏移查找 44 | - libc下载 45 | - 数据库查询 46 | 47 | **使用场景:** 48 | - CTF挑战 49 | - 漏洞利用开发 50 | - libc识别 51 | - 安全研究 52 | parameters: 53 | - name: "action" 54 | type: "string" 55 | description: "要执行的操作(find, dump, download)" 56 | required: true 57 | position: 0 58 | format: "positional" 59 | - name: "symbols" 60 | type: "string" 61 | description: "符号和偏移(格式:symbol1:offset1 symbol2:offset2)" 62 | required: false 63 | default: "" 64 | position: 1 65 | format: "positional" 66 | - name: "libc_id" 67 | type: "string" 68 | description: "Libc ID(用于dump/download操作)" 69 | required: false 70 | default: "" 71 | position: 2 72 | format: "positional" 73 | - name: "additional_args" 74 | type: "string" 75 | description: | 76 | 额外的libc-database参数。用于传递未在参数列表中定义的libc-database选项。 77 | 78 | **示例值:** 79 | - 根据工具特性添加常用参数示例 80 | 81 | **注意事项:** 82 | - 多个参数用空格分隔 83 | - 确保参数格式正确,避免命令注入 84 | - 此参数会直接追加到命令末尾 85 | required: false 86 | default: "" 87 | position: 3 88 | format: "positional" 89 | -------------------------------------------------------------------------------- /tools/responder.yaml: -------------------------------------------------------------------------------- 1 | name: "responder" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import subprocess 8 | import sys 9 | import time 10 | 11 | interface = sys.argv[1] if len(sys.argv) > 1 else "eth0" 12 | analyze = sys.argv[2].lower() == "true" if len(sys.argv) > 2 else False 13 | wpad = sys.argv[3].lower() == "true" if len(sys.argv) > 3 else True 14 | fingerprint = sys.argv[4].lower() == "true" if len(sys.argv) > 4 else False 15 | duration = int(sys.argv[5]) if len(sys.argv) > 5 and sys.argv[5] else 300 16 | extra = sys.argv[6] if len(sys.argv) > 6 else "" 17 | 18 | cmd = ["responder", "-I", interface] 19 | if analyze: 20 | cmd.append("-A") 21 | if wpad: 22 | cmd.append("-w") 23 | if fingerprint: 24 | cmd.append("-f") 25 | if extra: 26 | cmd.extend(shlex.split(extra)) 27 | 28 | proc = subprocess.Popen(cmd) 29 | try: 30 | if duration > 0: 31 | time.sleep(duration) 32 | proc.terminate() 33 | proc.wait(timeout=10) 34 | else: 35 | proc.wait() 36 | except KeyboardInterrupt: 37 | proc.terminate() 38 | proc.wait(timeout=10) 39 | enabled: true 40 | short_description: "LLMNR/NBT-NS/MDNS投毒和凭据收集工具" 41 | description: | 42 | 封装 Responder,支持自动在指定持续时间后停止进程,避免占用网络。 43 | parameters: 44 | - name: "interface" 45 | type: "string" 46 | description: "网络接口(-I)" 47 | required: false 48 | default: "eth0" 49 | position: 0 50 | format: "positional" 51 | - name: "analyze" 52 | type: "bool" 53 | description: "仅分析模式(-A)" 54 | required: false 55 | default: false 56 | position: 1 57 | format: "positional" 58 | - name: "wpad" 59 | type: "bool" 60 | description: "启用WPAD恶意代理(-w)" 61 | required: false 62 | default: true 63 | position: 2 64 | format: "positional" 65 | - name: "fingerprint" 66 | type: "bool" 67 | description: "指纹识别模式(-f)" 68 | required: false 69 | default: false 70 | position: 3 71 | format: "positional" 72 | - name: "duration" 73 | type: "int" 74 | description: "运行持续时间(秒,0表示直到手动停止)" 75 | required: false 76 | default: 300 77 | position: 4 78 | format: "positional" 79 | - name: "additional_args" 80 | type: "string" 81 | description: "额外的Responder参数(直接追加)" 82 | required: false 83 | default: "" 84 | position: 5 85 | format: "positional" 86 | -------------------------------------------------------------------------------- /tools/dirb.yaml: -------------------------------------------------------------------------------- 1 | name: "dirb" 2 | command: "dirb" 3 | enabled: true 4 | # 简短描述(用于工具列表,减少token消耗) 5 | short_description: "Web目录和文件扫描工具,通过暴力破解方式发现Web服务器上的隐藏目录和文件" 6 | # 工具详细描述 7 | description: | 8 | Web目录和文件扫描工具,通过暴力破解方式发现Web服务器上的隐藏目录和文件。 9 | 10 | **主要功能:** 11 | - 目录和文件发现 12 | - 支持自定义字典文件 13 | - 检测常见的Web目录结构 14 | - 识别备份文件、配置文件等敏感文件 15 | - 支持多种HTTP方法 16 | 17 | **使用场景:** 18 | - Web应用目录枚举 19 | - 发现隐藏的管理界面 20 | - 查找备份文件和敏感信息 21 | - 渗透测试中的信息收集 22 | 23 | **注意事项:** 24 | - 扫描可能产生大量HTTP请求 25 | - 某些请求可能被WAF拦截 26 | - 建议使用合适的字典文件以提高效率 27 | - 扫描结果需要人工验证 28 | # 参数定义 29 | parameters: 30 | - name: "url" 31 | type: "string" 32 | description: | 33 | 目标URL,要扫描的Web服务器地址。 34 | 35 | **格式要求:** 36 | - 必须包含协议(http:// 或 https://) 37 | - 可以包含基础路径 38 | - 末尾不要带斜杠(除非要扫描特定目录) 39 | 40 | **示例值:** 41 | - 基础URL: "http://example.com" 42 | - HTTPS: "https://example.com" 43 | - 带端口: "http://example.com:8080" 44 | - 特定目录: "http://example.com/admin" 45 | - 带路径: "http://example.com/app" 46 | 47 | **注意事项:** 48 | - URL必须可访问 49 | - 确保URL格式正确,包含协议前缀 50 | - 必需参数,不能为空 51 | required: true 52 | position: 0 53 | format: "positional" 54 | - name: "wordlist" 55 | type: "string" 56 | description: | 57 | 字典文件路径,包含要尝试的目录和文件名列表。 58 | 59 | **格式要求:** 60 | - 文件路径,可以是绝对路径或相对路径 61 | - 文件每行一个目录或文件名 62 | - 支持常见的字典文件格式 63 | 64 | **示例值:** 65 | - 默认字典: "/usr/share/dirb/wordlists/common.txt" 66 | - 自定义字典: "/path/to/custom-wordlist.txt" 67 | - 常用字典: "/usr/share/wordlists/dirb/common.txt" 68 | 69 | **常用字典文件:** 70 | - common.txt: 常见目录和文件 71 | - big.txt: 大型字典 72 | - small.txt: 小型快速字典 73 | - extensions_common.txt: 常见文件扩展名 74 | 75 | **注意事项:** 76 | - 如果不指定,将使用默认字典 77 | - 确保字典文件存在且可读 78 | - 大型字典会显著增加扫描时间 79 | required: false 80 | position: 1 81 | format: "positional" 82 | - name: "additional_args" 83 | type: "string" 84 | description: | 85 | 额外的Dirb参数。用于传递未在参数列表中定义的Dirb选项。 86 | 87 | **示例值:** 88 | - "-a": 用户代理字符串 89 | - "-H": 自定义HTTP头 90 | - "-c": Cookie字符串 91 | - "-X": 文件扩展名 92 | - "-z": 毫秒延迟 93 | 94 | **注意事项:** 95 | - 多个参数用空格分隔 96 | - 确保参数格式正确,避免命令注入 97 | - 此参数会直接追加到命令末尾 98 | required: false 99 | format: "positional" 100 | -------------------------------------------------------------------------------- /tools/exec.yaml: -------------------------------------------------------------------------------- 1 | name: "exec" 2 | command: "sh" 3 | args: ["-c"] 4 | enabled: true 5 | # 简短描述(用于工具列表,减少token消耗) 6 | short_description: "系统命令执行工具,用于执行Shell命令和系统操作(谨慎使用)" 7 | # 工具详细描述 8 | description: | 9 | 系统命令执行工具,用于执行Shell命令和系统操作。 10 | 11 | **主要功能:** 12 | - 执行任意Shell命令 13 | - 支持bash、sh等shell 14 | - 可以指定工作目录 15 | - 返回命令执行结果 16 | 17 | **使用场景:** 18 | - 系统管理和维护 19 | - 自动化脚本执行 20 | - 文件操作和处理 21 | - 系统信息收集 22 | 23 | **安全警告:** 24 | - ⚠️ 此工具可以执行任意系统命令,存在安全风险 25 | - ⚠️ 仅应在受控环境中使用 26 | - ⚠️ 所有命令执行都会被记录 27 | - ⚠️ 建议限制可执行的命令范围 28 | - ⚠️ 不要执行不可信的命令 29 | # 参数定义 30 | parameters: 31 | - name: "command" 32 | type: "string" 33 | description: | 34 | 要执行的系统命令。可以是任何有效的Shell命令。 35 | 36 | **格式要求:** 37 | - 完整的Shell命令 38 | - 可以包含管道、重定向等Shell特性 39 | - 支持环境变量 40 | 41 | **示例值:** 42 | - 简单命令: "ls -la" 43 | - 带管道: "ps aux | grep nginx" 44 | - 文件操作: "cat /etc/passwd" 45 | - 网络命令: "curl http://example.com" 46 | - 系统信息: "uname -a" 47 | - 查找文件: "find /var/log -name '*.log'" 48 | 49 | **注意事项:** 50 | - 命令会在指定的shell中执行 51 | - 确保命令语法正确 52 | - 注意命令的安全影响 53 | - 必需参数,不能为空 54 | required: true 55 | position: 0 56 | format: "positional" 57 | - name: "shell" 58 | type: "string" 59 | description: | 60 | 使用的Shell类型,默认为sh。 61 | 62 | **可选值:** 63 | - sh: 标准Shell(默认) 64 | - bash: Bash Shell 65 | - zsh: Z Shell 66 | - 其他系统可用的shell 67 | 68 | **示例值:** 69 | - "sh" (默认) 70 | - "bash" 71 | - "zsh" 72 | 73 | **注意事项:** 74 | - 确保指定的shell在系统中可用 75 | - 不同shell的命令语法可能略有差异 76 | required: false 77 | default: "sh" 78 | - name: "workdir" 79 | type: "string" 80 | description: | 81 | 命令执行的工作目录。如果不指定,使用当前工作目录。 82 | 83 | **格式要求:** 84 | - 绝对路径或相对路径 85 | - 目录必须存在 86 | 87 | **示例值:** 88 | - "/tmp" 89 | - "/var/log" 90 | - "./data" 91 | - "/home/user/project" 92 | 93 | **注意事项:** 94 | - 确保目录存在且有访问权限 95 | - 相对路径相对于程序运行目录 96 | required: false 97 | - name: "additional_args" 98 | type: "string" 99 | description: | 100 | 额外的exec参数。用于传递未在参数列表中定义的exec选项。 101 | 102 | **示例值:** 103 | - 根据工具特性添加常用参数示例 104 | 105 | **注意事项:** 106 | - 多个参数用空格分隔 107 | - 确保参数格式正确,避免命令注入 108 | - 此参数会直接追加到命令末尾 109 | required: false 110 | format: "positional" 111 | -------------------------------------------------------------------------------- /tools/httpx.yaml: -------------------------------------------------------------------------------- 1 | name: "httpx" 2 | command: "httpx" 3 | enabled: true 4 | short_description: "基于Python httpx库的HTTP客户端" 5 | description: | 6 | 该工具包装的是 Python 社区版 httpx CLI(`pip install httpx` 提供),可用于快速向 Web 目标发起请求、调试接口。 7 | 8 | **提示:** 9 | - 官方 CLI 的调用方式为 `httpx [OPTIONS]` 10 | - 不支持 ProjectDiscovery 版本的 `-u/-l/-td` 等参数,请使用下方列出的原生选项或 additional_args 自行扩展 11 | parameters: 12 | - name: "url" 13 | type: "string" 14 | description: "目标URL(必填,作为位置参数传入)" 15 | required: true 16 | format: "positional" 17 | - name: "method" 18 | type: "string" 19 | description: "HTTP方法,默认GET" 20 | required: false 21 | flag: "-m" 22 | format: "flag" 23 | - name: "content" 24 | type: "string" 25 | description: "原始请求体内容(对应 httpx CLI 的 --content)" 26 | required: false 27 | flag: "-c" 28 | format: "flag" 29 | - name: "json" 30 | type: "string" 31 | description: "JSON 请求体(字符串形式)" 32 | required: false 33 | flag: "-j" 34 | format: "flag" 35 | - name: "proxy" 36 | type: "string" 37 | description: "代理地址(http(s):// 或 socks5://)" 38 | required: false 39 | flag: "--proxy" 40 | format: "flag" 41 | - name: "timeout" 42 | type: "string" 43 | description: "网络超时时间(秒,可为小数)" 44 | required: false 45 | flag: "--timeout" 46 | format: "flag" 47 | - name: "follow_redirects" 48 | type: "bool" 49 | description: "是否自动跟随重定向" 50 | required: false 51 | flag: "--follow-redirects" 52 | format: "flag" 53 | default: false 54 | - name: "no_verify" 55 | type: "bool" 56 | description: "关闭TLS证书校验(对应 --no-verify)" 57 | required: false 58 | flag: "--no-verify" 59 | format: "flag" 60 | default: false 61 | - name: "http2" 62 | type: "bool" 63 | description: "启用HTTP/2" 64 | required: false 65 | flag: "--http2" 66 | format: "flag" 67 | default: false 68 | - name: "download" 69 | type: "string" 70 | description: "将响应内容保存至文件" 71 | required: false 72 | flag: "--download" 73 | format: "flag" 74 | - name: "verbose" 75 | type: "bool" 76 | description: "显示请求与响应的详细信息" 77 | required: false 78 | flag: "-v" 79 | format: "flag" 80 | default: false 81 | - name: "additional_args" 82 | type: "string" 83 | description: | 84 | 额外 httpx CLI 选项,格式直接与官方命令保持一致。 85 | 86 | **示例:** 87 | - "--headers 'X-Test 1' 'X-Token secret'" 88 | - "--cookies 'session abc123'" 89 | - "--auth user pass" 90 | required: false 91 | format: "positional" 92 | -------------------------------------------------------------------------------- /tools/impacket.yaml: -------------------------------------------------------------------------------- 1 | name: "impacket" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import json 7 | import shlex 8 | import subprocess 9 | import sys 10 | 11 | if len(sys.argv) < 2: 12 | sys.stderr.write("缺少Impacket脚本路径\n") 13 | sys.exit(1) 14 | 15 | script_path = sys.argv[1] 16 | args_raw = sys.argv[2] if len(sys.argv) > 2 else "" 17 | extra = sys.argv[3] if len(sys.argv) > 3 else "" 18 | 19 | cmd = [script_path] 20 | 21 | if args_raw: 22 | parsed = [] 23 | try: 24 | candidate = json.loads(args_raw) 25 | if isinstance(candidate, list): 26 | parsed = [str(item) for item in candidate] 27 | elif isinstance(candidate, str): 28 | parsed = shlex.split(candidate) 29 | except (json.JSONDecodeError, ValueError): 30 | parsed = shlex.split(args_raw) 31 | cmd.extend(parsed) 32 | 33 | if extra: 34 | cmd.extend(shlex.split(extra)) 35 | 36 | proc = subprocess.run(cmd, capture_output=True, text=True) 37 | if proc.stdout: 38 | sys.stdout.write(proc.stdout) 39 | if proc.stderr: 40 | sys.stderr.write(proc.stderr) 41 | sys.exit(proc.returncode) 42 | enabled: true 43 | short_description: "Impacket 网络协议工具集,用于网络协议攻击和横向移动" 44 | description: | 45 | Impacket 是一个 Python 工具集,用于处理网络协议,常用于渗透测试和横向移动。 46 | 47 | **主要功能:** 48 | - SMB 协议攻击 49 | - Kerberos 协议攻击 50 | - RPC 协议攻击 51 | - 远程命令执行 52 | - 凭证转储 53 | - 票据传递攻击 54 | 55 | **常用工具:** 56 | - psexec: 远程命令执行 57 | - smbexec: SMB 远程执行 58 | - wmiexec: WMI 远程执行 59 | - secretsdump: 凭证转储 60 | - getTGT: Kerberos 票据获取 61 | 62 | **使用场景:** 63 | - 横向移动 64 | - 凭证转储 65 | - 远程命令执行 66 | - 后渗透测试 67 | 68 | **注意事项:** 69 | - 需要 Python 环境 70 | - 需要相应的凭据 71 | - 仅用于授权的安全测试 72 | - 工具路径通常在 /usr/share/doc/python3-impacket/examples/ 或通过 pip 安装 73 | parameters: 74 | - name: "script" 75 | type: "string" 76 | description: "Impacket 脚本路径,例如 '/usr/share/doc/python3-impacket/examples/psexec.py'" 77 | required: true 78 | position: 0 79 | format: "positional" 80 | - name: "args" 81 | type: "string" 82 | description: "脚本参数(JSON数组或空格分隔字符串)" 83 | required: false 84 | default: "" 85 | position: 1 86 | format: "positional" 87 | - name: "additional_args" 88 | type: "string" 89 | description: | 90 | 额外的impacket参数。用于传递未在参数列表中定义的impacket选项。 91 | 92 | **示例值:** 93 | - 根据工具特性添加常用参数示例 94 | 95 | **注意事项:** 96 | - 多个参数用空格分隔 97 | - 确保参数格式正确,避免命令注入 98 | - 此参数会直接追加到命令末尾 99 | required: false 100 | default: "" 101 | position: 2 102 | format: "positional" 103 | -------------------------------------------------------------------------------- /tools/install-python-package.yaml: -------------------------------------------------------------------------------- 1 | name: "install-python-package" 2 | command: "/bin/bash" 3 | args: 4 | - "-c" 5 | - | 6 | set -euo pipefail 7 | 8 | PACKAGE="$1" 9 | ENV_NAME="${2:-default}" 10 | ADDITIONAL_ARGS="${3:-}" 11 | 12 | BASE_DIR="${HOME}/.cyberstrike/venvs" 13 | 14 | detect_project_root() { 15 | if [ -n "${CYBERSTRIKE_ROOT:-}" ] && [ -d "${CYBERSTRIKE_ROOT}" ]; then 16 | printf '%s\n' "${CYBERSTRIKE_ROOT}" 17 | return 18 | fi 19 | if command -v git >/dev/null 2>&1; then 20 | local root_path 21 | if root_path=$(git rev-parse --show-toplevel 2>/dev/null); then 22 | printf '%s\n' "$root_path" 23 | return 24 | fi 25 | fi 26 | printf '%s\n' "$(pwd)" 27 | } 28 | 29 | resolve_env_dir() { 30 | local requested="$1" 31 | if [ -n "${VIRTUAL_ENV:-}" ] && { [ -z "$requested" ] || [ "$requested" = "default" ]; }; then 32 | printf '%s\n' "$VIRTUAL_ENV" 33 | return 34 | fi 35 | if [ -z "$requested" ] || [ "$requested" = "default" ]; then 36 | local root 37 | root="$(detect_project_root)" 38 | printf '%s/venv\n' "$root" 39 | return 40 | fi 41 | printf '%s/%s\n' "$BASE_DIR" "$requested" 42 | } 43 | 44 | ENV_DIR="$(resolve_env_dir "$ENV_NAME")" 45 | mkdir -p "$(dirname "$ENV_DIR")" 46 | if [ ! -d "$ENV_DIR" ]; then 47 | python3 -m venv "$ENV_DIR" 48 | fi 49 | 50 | # shellcheck disable=SC1090 51 | source "$ENV_DIR/bin/activate" 52 | 53 | if [ -n "$ADDITIONAL_ARGS" ]; then 54 | pip install "$PACKAGE" $ADDITIONAL_ARGS 55 | else 56 | pip install "$PACKAGE" 57 | fi 58 | - "_" 59 | enabled: true 60 | short_description: "在指定虚拟环境中创建/激活并安装Python依赖" 61 | description: | 62 | 在虚拟环境中安装Python包。 63 | 64 | **主要功能:** 65 | - 安装Python包 66 | - 虚拟环境支持 67 | - 依赖管理 68 | 69 | **使用场景:** 70 | - 环境配置 71 | - 依赖安装 72 | - 工具安装 73 | parameters: 74 | - name: "package" 75 | type: "string" 76 | description: "要安装的Python包名" 77 | required: true 78 | position: 0 79 | format: "positional" 80 | - name: "env_name" 81 | type: "string" 82 | description: "虚拟环境名称(默认default)" 83 | required: false 84 | default: "default" 85 | position: 1 86 | format: "positional" 87 | - name: "additional_args" 88 | type: "string" 89 | description: | 90 | 额外的install-python-package参数。用于传递未在参数列表中定义的install-python-package选项。 91 | 92 | **示例值:** 93 | - 根据工具特性添加常用参数示例 94 | 95 | **注意事项:** 96 | - 多个参数用空格分隔 97 | - 确保参数格式正确,避免命令注入 98 | - 此参数会直接追加到命令末尾 99 | required: false 100 | format: "positional" 101 | default: "" 102 | -------------------------------------------------------------------------------- /internal/handler/conversation.go: -------------------------------------------------------------------------------- 1 | package handler 2 | 3 | import ( 4 | "net/http" 5 | "strconv" 6 | 7 | "cyberstrike-ai/internal/database" 8 | "github.com/gin-gonic/gin" 9 | "go.uber.org/zap" 10 | ) 11 | 12 | // ConversationHandler 对话处理器 13 | type ConversationHandler struct { 14 | db *database.DB 15 | logger *zap.Logger 16 | } 17 | 18 | // NewConversationHandler 创建新的对话处理器 19 | func NewConversationHandler(db *database.DB, logger *zap.Logger) *ConversationHandler { 20 | return &ConversationHandler{ 21 | db: db, 22 | logger: logger, 23 | } 24 | } 25 | 26 | // CreateConversationRequest 创建对话请求 27 | type CreateConversationRequest struct { 28 | Title string `json:"title"` 29 | } 30 | 31 | // CreateConversation 创建新对话 32 | func (h *ConversationHandler) CreateConversation(c *gin.Context) { 33 | var req CreateConversationRequest 34 | if err := c.ShouldBindJSON(&req); err != nil { 35 | c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) 36 | return 37 | } 38 | 39 | title := req.Title 40 | if title == "" { 41 | title = "新对话" 42 | } 43 | 44 | conv, err := h.db.CreateConversation(title) 45 | if err != nil { 46 | h.logger.Error("创建对话失败", zap.Error(err)) 47 | c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) 48 | return 49 | } 50 | 51 | c.JSON(http.StatusOK, conv) 52 | } 53 | 54 | // ListConversations 列出对话 55 | func (h *ConversationHandler) ListConversations(c *gin.Context) { 56 | limitStr := c.DefaultQuery("limit", "50") 57 | offsetStr := c.DefaultQuery("offset", "0") 58 | 59 | limit, _ := strconv.Atoi(limitStr) 60 | offset, _ := strconv.Atoi(offsetStr) 61 | 62 | if limit <= 0 || limit > 100 { 63 | limit = 50 64 | } 65 | 66 | conversations, err := h.db.ListConversations(limit, offset) 67 | if err != nil { 68 | h.logger.Error("获取对话列表失败", zap.Error(err)) 69 | c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) 70 | return 71 | } 72 | 73 | c.JSON(http.StatusOK, conversations) 74 | } 75 | 76 | // GetConversation 获取对话 77 | func (h *ConversationHandler) GetConversation(c *gin.Context) { 78 | id := c.Param("id") 79 | 80 | conv, err := h.db.GetConversation(id) 81 | if err != nil { 82 | h.logger.Error("获取对话失败", zap.Error(err)) 83 | c.JSON(http.StatusNotFound, gin.H{"error": "对话不存在"}) 84 | return 85 | } 86 | 87 | c.JSON(http.StatusOK, conv) 88 | } 89 | 90 | // DeleteConversation 删除对话 91 | func (h *ConversationHandler) DeleteConversation(c *gin.Context) { 92 | id := c.Param("id") 93 | 94 | if err := h.db.DeleteConversation(id); err != nil { 95 | h.logger.Error("删除对话失败", zap.Error(err)) 96 | c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) 97 | return 98 | } 99 | 100 | c.JSON(http.StatusOK, gin.H{"message": "删除成功"}) 101 | } 102 | 103 | -------------------------------------------------------------------------------- /tools/angr.yaml: -------------------------------------------------------------------------------- 1 | name: "angr" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import sys 8 | 9 | if len(sys.argv) < 2: 10 | sys.stderr.write("缺少脚本内容\n") 11 | sys.exit(1) 12 | 13 | script_content = sys.argv[1] 14 | binary = sys.argv[2] if len(sys.argv) > 2 else "" 15 | find_address = sys.argv[3] if len(sys.argv) > 3 else "" 16 | avoid_addresses = sys.argv[4] if len(sys.argv) > 4 else "" 17 | analysis_type = sys.argv[5] if len(sys.argv) > 5 else "" 18 | extra = sys.argv[6] if len(sys.argv) > 6 else "" 19 | 20 | context = { 21 | "binary_path": binary, 22 | "find_address": find_address, 23 | "avoid_addresses": [addr.strip() for addr in avoid_addresses.split(",") if addr.strip()], 24 | "analysis_type": analysis_type or "symbolic", 25 | } 26 | 27 | if extra: 28 | context["additional_args"] = shlex.split(extra) 29 | else: 30 | context["additional_args"] = [] 31 | 32 | # 执行用户脚本,提供上下文变量 33 | exec(script_content, context) 34 | enabled: true 35 | short_description: "符号执行和二进制分析框架" 36 | description: | 37 | Angr是一个符号执行和二进制分析框架,用于自动化漏洞发现和利用。 38 | 39 | **使用方式:** 40 | - 通过 `script_content` 参数提供Python脚本,可直接导入 `angr` 并访问以下变量: 41 | - `binary_path`: 目标二进制路径 42 | - `find_address`: 待寻找的地址(可为空) 43 | - `avoid_addresses`: 需要避开的地址列表 44 | - `analysis_type`: 自定义分析类型标记(默认symbolic) 45 | - `additional_args`: 额外参数列表(通过 `additional_args` 传入) 46 | - 在脚本中自行控制分析流程,可调用 `print()` 输出结果。 47 | parameters: 48 | - name: "script_content" 49 | type: "string" 50 | description: "要执行的angr Python脚本内容" 51 | required: true 52 | position: 0 53 | format: "positional" 54 | - name: "binary" 55 | type: "string" 56 | description: "要分析的二进制文件路径,将作为 binary_path 变量传递给脚本" 57 | required: false 58 | default: "" 59 | position: 1 60 | format: "positional" 61 | - name: "find_address" 62 | type: "string" 63 | description: "符号执行中要查找的地址(可选,传入脚本变量 find_address)" 64 | required: false 65 | default: "" 66 | position: 2 67 | format: "positional" 68 | - name: "avoid_addresses" 69 | type: "string" 70 | description: "要避免的地址(逗号分隔,脚本变量 avoid_addresses)" 71 | required: false 72 | default: "" 73 | position: 3 74 | format: "positional" 75 | - name: "analysis_type" 76 | type: "string" 77 | description: "用于脚本内自定义分支的分析类型标签(例如 symbolic/cfg/static)" 78 | required: false 79 | default: "symbolic" 80 | position: 4 81 | format: "positional" 82 | - name: "additional_args" 83 | type: "string" 84 | description: | 85 | 额外参数,脚本中可通过 `additional_args` 列表访问。 86 | 87 | **示例:** 88 | - "--max-depth 8 --timeout 60" 89 | 90 | **注意事项:** 91 | - 参数会按照shell规则拆分 92 | required: false 93 | default: "" 94 | position: 5 95 | format: "positional" 96 | -------------------------------------------------------------------------------- /tools/nmap.yaml: -------------------------------------------------------------------------------- 1 | name: "nmap" 2 | command: "nmap" 3 | args: ["-sT", "-sV", "-sC"] # 固定参数:TCP连接扫描、版本检测、默认脚本 4 | enabled: true 5 | # 简短描述(用于工具列表,减少token消耗)- 一句话说明工具用途 6 | short_description: "网络扫描工具,用于发现网络主机、开放端口和服务" 7 | # 工具详细描述 - 帮助大模型理解工具用途和使用场景 8 | description: | 9 | 网络映射和端口扫描工具,用于发现网络中的主机、服务和开放端口。 10 | 11 | **主要功能:** 12 | - 主机发现:检测网络中的活动主机 13 | - 端口扫描:识别目标主机上开放的端口 14 | - 服务识别:检测运行在端口上的服务类型和版本 15 | - 操作系统检测:识别目标主机的操作系统类型 16 | - 漏洞检测:使用NSE脚本检测常见漏洞 17 | 18 | **使用场景:** 19 | - 网络资产发现和枚举 20 | - 安全评估和渗透测试 21 | - 网络故障排查 22 | - 端口和服务审计 23 | 24 | **注意事项:** 25 | - 使用 -sT (TCP连接扫描) 而不是 -sS (SYN扫描),因为 -sS 需要root权限 26 | - 扫描速度取决于网络延迟和目标响应 27 | - 某些扫描可能被防火墙或IDS检测到 28 | - 请确保有权限扫描目标网络 29 | # 参数定义 30 | parameters: 31 | - name: "target" 32 | type: "string" 33 | description: | 34 | 目标IP地址或域名。可以是单个IP、IP范围、CIDR格式或域名。 35 | 36 | **示例值:** 37 | - 单个IP: "192.168.1.1" 38 | - IP范围: "192.168.1.1-100" 39 | - CIDR: "192.168.1.0/24" 40 | - 域名: "example.com" 41 | - URL: "https://example.com" (会自动提取域名部分) 42 | 43 | **注意事项:** 44 | - 如果提供URL,会自动提取域名部分 45 | - 确保目标地址格式正确 46 | - 必需参数,不能为空 47 | required: true 48 | position: 0 # 位置参数,放在命令最后 49 | format: "positional" 50 | - name: "ports" 51 | type: "string" 52 | description: | 53 | 要扫描的端口范围。可以是单个端口、端口范围、逗号分隔的端口列表,或特殊值。 54 | 55 | **示例值:** 56 | - 单个端口: "80" 57 | - 端口范围: "1-1000" 58 | - 多个端口: "80,443,8080,8443" 59 | - 组合: "80,443,8000-9000" 60 | - 常用端口: "1-1024" 61 | - 所有端口: "1-65535" 62 | - 快速扫描: "80,443,22,21,25,53,110,143,993,995" 63 | 64 | **注意事项:** 65 | - 如果不指定,将扫描默认的1000个常用端口 66 | - 扫描所有端口(1-65535)会非常耗时 67 | - 建议先扫描常用端口,再根据结果决定是否扫描全部端口 68 | required: false 69 | flag: "-p" 70 | format: "flag" 71 | - name: "scan_type" 72 | type: "string" 73 | description: | 74 | 扫描类型选项。可以覆盖默认的扫描类型。 75 | 76 | **常用选项:** 77 | - "-sV": 版本检测 78 | - "-sC": 默认脚本扫描 79 | - "-sS": SYN扫描(需要root权限) 80 | - "-sT": TCP连接扫描(默认) 81 | - "-sU": UDP扫描 82 | - "-A": 全面扫描(OS检测、版本检测、脚本扫描、路由追踪) 83 | 84 | **注意事项:** 85 | - 多个选项可以组合,用空格分隔,例如: "-sV -sC" 86 | - 默认已包含 "-sT -sV -sC" 87 | - 如果指定此参数,将替换默认的扫描类型 88 | required: false 89 | format: "template" 90 | template: "{value}" 91 | - name: "additional_args" 92 | type: "string" 93 | description: | 94 | 额外的Nmap参数。用于传递未在参数列表中定义的Nmap选项。 95 | 96 | **示例值:** 97 | - "--script vuln": 运行漏洞检测脚本 98 | - "-O": 操作系统检测 99 | - "-T4": 时间模板(0-5,数字越大越快) 100 | - "--max-retries 3": 最大重试次数 101 | - "-v": 详细输出 102 | 103 | **注意事项:** 104 | - 多个参数用空格分隔 105 | - 确保参数格式正确,避免命令注入 106 | - 此参数会直接追加到命令末尾 107 | required: false 108 | format: "positional" 109 | -------------------------------------------------------------------------------- /tools/execute-python-script.yaml: -------------------------------------------------------------------------------- 1 | name: "execute-python-script" 2 | command: "/bin/bash" 3 | args: 4 | - "-c" 5 | - | 6 | set -euo pipefail 7 | 8 | SCRIPT_CONTENT="$1" 9 | ENV_NAME="${2:-default}" 10 | ADDITIONAL_ARGS="${3:-}" 11 | 12 | BASE_DIR="${HOME}/.cyberstrike/venvs" 13 | 14 | detect_project_root() { 15 | if [ -n "${CYBERSTRIKE_ROOT:-}" ] && [ -d "${CYBERSTRIKE_ROOT}" ]; then 16 | printf '%s\n' "${CYBERSTRIKE_ROOT}" 17 | return 18 | fi 19 | if command -v git >/dev/null 2>&1; then 20 | local root_path 21 | if root_path=$(git rev-parse --show-toplevel 2>/dev/null); then 22 | printf '%s\n' "$root_path" 23 | return 24 | fi 25 | fi 26 | printf '%s\n' "$(pwd)" 27 | } 28 | 29 | resolve_env_dir() { 30 | local requested="$1" 31 | if [ -n "${VIRTUAL_ENV:-}" ] && { [ -z "$requested" ] || [ "$requested" = "default" ]; }; then 32 | printf '%s\n' "$VIRTUAL_ENV" 33 | return 34 | fi 35 | if [ -z "$requested" ] || [ "$requested" = "default" ]; then 36 | local root 37 | root="$(detect_project_root)" 38 | printf '%s/venv\n' "$root" 39 | return 40 | fi 41 | printf '%s/%s\n' "$BASE_DIR" "$requested" 42 | } 43 | 44 | ENV_DIR="$(resolve_env_dir "$ENV_NAME")" 45 | mkdir -p "$(dirname "$ENV_DIR")" 46 | if [ ! -d "$ENV_DIR" ]; then 47 | python3 -m venv "$ENV_DIR" 48 | fi 49 | 50 | # shellcheck disable=SC1090 51 | source "$ENV_DIR/bin/activate" 52 | 53 | if [ -n "$ADDITIONAL_ARGS" ]; then 54 | python3 $ADDITIONAL_ARGS -c "$SCRIPT_CONTENT" 55 | else 56 | python3 -c "$SCRIPT_CONTENT" 57 | fi 58 | - "_" 59 | enabled: true 60 | short_description: "在指定虚拟环境中编写并执行Python脚本" 61 | description: | 62 | 在虚拟环境中执行Python脚本。 63 | 64 | **主要功能:** 65 | - 执行Python脚本 66 | - 虚拟环境支持 67 | - 脚本内容执行 68 | 69 | **使用场景:** 70 | - 脚本执行 71 | - 自动化任务 72 | - 数据处理 73 | parameters: 74 | - name: "script" 75 | type: "string" 76 | description: | 77 | 要执行的Python脚本内容,支持多行。 78 | 79 | **示例:** 80 | ``` 81 | for i in range(1, 10): 82 | print(i) 83 | ``` 84 | required: true 85 | position: 0 86 | format: "positional" 87 | - name: "env_name" 88 | type: "string" 89 | description: "虚拟环境名称(默认default)" 90 | required: false 91 | default: "default" 92 | position: 1 93 | format: "positional" 94 | - name: "additional_args" 95 | type: "string" 96 | description: | 97 | 额外的execute-python-script参数。用于传递未在参数列表中定义的execute-python-script选项。 98 | 99 | **示例值:** 100 | - 根据工具特性添加常用参数示例 101 | 102 | **注意事项:** 103 | - 多个参数用空格分隔 104 | - 确保参数格式正确,避免命令注入 105 | - 此参数会直接追加到命令末尾 106 | required: false 107 | format: "positional" 108 | default: "" 109 | -------------------------------------------------------------------------------- /tools/rpcclient.yaml: -------------------------------------------------------------------------------- 1 | name: "rpcclient" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import shlex 7 | import subprocess 8 | import sys 9 | 10 | if len(sys.argv) < 2: 11 | sys.stderr.write("缺少目标地址\n") 12 | sys.exit(1) 13 | 14 | target = sys.argv[1] 15 | username = sys.argv[2] if len(sys.argv) > 2 else "" 16 | password = sys.argv[3] if len(sys.argv) > 3 else "" 17 | domain = sys.argv[4] if len(sys.argv) > 4 else "" 18 | commands = sys.argv[5] if len(sys.argv) > 5 else "" 19 | extra = sys.argv[6] if len(sys.argv) > 6 else "" 20 | 21 | cmd = ["rpcclient"] 22 | 23 | if username: 24 | cred = username 25 | if password: 26 | cred = f"{username}%{password}" 27 | cmd.extend(["-U", cred]) 28 | elif password: 29 | # 如果只提供了密码,仍然尝试以空用户名连接 30 | cmd.extend(["-U", f"%{password}"]) 31 | 32 | if domain: 33 | cmd.extend(["-W", domain]) 34 | 35 | if commands: 36 | cmd.extend(["-c", commands]) 37 | 38 | if extra: 39 | cmd.extend(shlex.split(extra)) 40 | 41 | cmd.append(target) 42 | 43 | proc = subprocess.run(cmd, capture_output=True, text=True) 44 | if proc.stdout: 45 | sys.stdout.write(proc.stdout) 46 | if proc.stderr: 47 | sys.stderr.write(proc.stderr) 48 | sys.exit(proc.returncode) 49 | enabled: true 50 | short_description: "RPC枚举工具" 51 | description: | 52 | Rpcclient是一个RPC客户端工具,用于枚举Windows/Samba系统信息。 53 | 54 | **主要功能:** 55 | - RPC枚举 56 | - 用户和组枚举 57 | - 域信息查询 58 | - 系统信息收集 59 | 60 | **使用场景:** 61 | - Windows系统渗透测试 62 | - Samba枚举 63 | - 域环境侦察 64 | - 安全测试 65 | parameters: 66 | - name: "target" 67 | type: "string" 68 | description: "目标IP地址" 69 | required: true 70 | position: 0 71 | format: "positional" 72 | - name: "username" 73 | type: "string" 74 | description: "用户名" 75 | required: false 76 | default: "" 77 | position: 1 78 | format: "positional" 79 | - name: "password" 80 | type: "string" 81 | description: "密码" 82 | required: false 83 | default: "" 84 | position: 2 85 | format: "positional" 86 | - name: "domain" 87 | type: "string" 88 | description: "域名" 89 | required: false 90 | default: "" 91 | position: 3 92 | format: "positional" 93 | - name: "commands" 94 | type: "string" 95 | description: "RPC命令(分号分隔)" 96 | required: false 97 | default: "enumdomusers;enumdomgroups;querydominfo" 98 | position: 4 99 | format: "positional" 100 | - name: "additional_args" 101 | type: "string" 102 | description: | 103 | 额外的rpcclient参数。用于传递未在参数列表中定义的rpcclient选项。 104 | 105 | **示例值:** 106 | - 根据工具特性添加常用参数示例 107 | 108 | **注意事项:** 109 | - 多个参数用空格分隔 110 | - 确保参数格式正确,避免命令注入 111 | - 此参数会直接追加到命令末尾 112 | required: false 113 | default: "" 114 | position: 5 115 | format: "positional" 116 | -------------------------------------------------------------------------------- /internal/handler/task_manager.go: -------------------------------------------------------------------------------- 1 | package handler 2 | 3 | import ( 4 | "context" 5 | "errors" 6 | "sync" 7 | "time" 8 | ) 9 | 10 | // ErrTaskCancelled 用户取消任务的错误 11 | var ErrTaskCancelled = errors.New("agent task cancelled by user") 12 | 13 | // ErrTaskAlreadyRunning 会话已有任务正在执行 14 | var ErrTaskAlreadyRunning = errors.New("agent task already running for conversation") 15 | 16 | // AgentTask 描述正在运行的Agent任务 17 | type AgentTask struct { 18 | ConversationID string `json:"conversationId"` 19 | Message string `json:"message,omitempty"` 20 | StartedAt time.Time `json:"startedAt"` 21 | Status string `json:"status"` 22 | 23 | cancel func(error) 24 | } 25 | 26 | // AgentTaskManager 管理正在运行的Agent任务 27 | type AgentTaskManager struct { 28 | mu sync.RWMutex 29 | tasks map[string]*AgentTask 30 | } 31 | 32 | // NewAgentTaskManager 创建任务管理器 33 | func NewAgentTaskManager() *AgentTaskManager { 34 | return &AgentTaskManager{ 35 | tasks: make(map[string]*AgentTask), 36 | } 37 | } 38 | 39 | // StartTask 注册并开始一个新的任务 40 | func (m *AgentTaskManager) StartTask(conversationID, message string, cancel context.CancelCauseFunc) (*AgentTask, error) { 41 | m.mu.Lock() 42 | defer m.mu.Unlock() 43 | 44 | if _, exists := m.tasks[conversationID]; exists { 45 | return nil, ErrTaskAlreadyRunning 46 | } 47 | 48 | task := &AgentTask{ 49 | ConversationID: conversationID, 50 | Message: message, 51 | StartedAt: time.Now(), 52 | Status: "running", 53 | cancel: func(err error) { 54 | if cancel != nil { 55 | cancel(err) 56 | } 57 | }, 58 | } 59 | 60 | m.tasks[conversationID] = task 61 | return task, nil 62 | } 63 | 64 | // CancelTask 取消指定会话的任务 65 | func (m *AgentTaskManager) CancelTask(conversationID string, cause error) (bool, error) { 66 | m.mu.Lock() 67 | task, exists := m.tasks[conversationID] 68 | if !exists { 69 | m.mu.Unlock() 70 | return false, nil 71 | } 72 | 73 | // 如果已经处于取消流程,直接返回 74 | if task.Status == "cancelling" { 75 | m.mu.Unlock() 76 | return false, nil 77 | } 78 | 79 | task.Status = "cancelling" 80 | cancel := task.cancel 81 | m.mu.Unlock() 82 | 83 | if cause == nil { 84 | cause = ErrTaskCancelled 85 | } 86 | if cancel != nil { 87 | cancel(cause) 88 | } 89 | return true, nil 90 | } 91 | 92 | // UpdateTaskStatus 更新任务状态但不删除任务(用于在发送事件前更新状态) 93 | func (m *AgentTaskManager) UpdateTaskStatus(conversationID string, status string) { 94 | m.mu.Lock() 95 | defer m.mu.Unlock() 96 | 97 | task, exists := m.tasks[conversationID] 98 | if !exists { 99 | return 100 | } 101 | 102 | if status != "" { 103 | task.Status = status 104 | } 105 | } 106 | 107 | // FinishTask 完成任务并从管理器中移除 108 | func (m *AgentTaskManager) FinishTask(conversationID string, finalStatus string) { 109 | m.mu.Lock() 110 | defer m.mu.Unlock() 111 | 112 | task, exists := m.tasks[conversationID] 113 | if !exists { 114 | return 115 | } 116 | 117 | if finalStatus != "" { 118 | task.Status = finalStatus 119 | } 120 | 121 | delete(m.tasks, conversationID) 122 | } 123 | 124 | // GetActiveTasks 返回所有正在运行的任务 125 | func (m *AgentTaskManager) GetActiveTasks() []*AgentTask { 126 | m.mu.RLock() 127 | defer m.mu.RUnlock() 128 | 129 | result := make([]*AgentTask, 0, len(m.tasks)) 130 | for _, task := range m.tasks { 131 | result = append(result, &AgentTask{ 132 | ConversationID: task.ConversationID, 133 | Message: task.Message, 134 | StartedAt: task.StartedAt, 135 | Status: task.Status, 136 | }) 137 | } 138 | return result 139 | } 140 | -------------------------------------------------------------------------------- /tools/sqlmap.yaml: -------------------------------------------------------------------------------- 1 | name: "sqlmap" 2 | command: "sqlmap" 3 | enabled: true 4 | # 简短描述(用于工具列表,减少token消耗) 5 | short_description: "自动化SQL注入检测和利用工具,用于发现和利用SQL注入漏洞" 6 | # 工具详细描述 7 | description: | 8 | 自动化SQL注入检测和利用工具,用于发现和利用SQL注入漏洞。 9 | 10 | **主要功能:** 11 | - 自动检测SQL注入漏洞 12 | - 支持多种数据库类型(MySQL, PostgreSQL, Oracle, MSSQL等) 13 | - 自动提取数据库信息(表、列、数据) 14 | - 支持多种注入技术(布尔盲注、时间盲注、联合查询等) 15 | - 支持文件上传/下载、命令执行等高级功能 16 | 17 | **使用场景:** 18 | - Web应用安全测试 19 | - SQL注入漏洞检测 20 | - 数据库信息收集 21 | - 渗透测试和漏洞验证 22 | 23 | **注意事项:** 24 | - 仅用于授权的安全测试 25 | - 某些操作可能对目标系统造成影响 26 | - 建议在测试环境中先验证 27 | - 使用 --batch 参数避免交互式提示 28 | # 参数定义 29 | parameters: 30 | - name: "url" 31 | type: "string" 32 | description: | 33 | 目标URL,包含可能存在SQL注入的参数。 34 | 35 | **格式要求:** 36 | - 完整的URL,包含协议(http:// 或 https://) 37 | - 必须包含查询参数,参数值用 * 标记注入点 38 | - 或者直接提供完整的URL,sqlmap会自动检测参数 39 | 40 | **示例值:** 41 | - 标记注入点: "http://example.com/page?id=1*" 42 | - 完整URL: "http://example.com/page?id=1" 43 | - POST数据: "http://example.com/login" (需要配合data参数) 44 | - Cookie注入: "http://example.com/page" (需要配合cookie参数) 45 | 46 | **注意事项:** 47 | - URL必须可访问 48 | - 确保URL格式正确,包含协议前缀 49 | - 如果使用POST请求,需要配合data参数 50 | - 必需参数,不能为空 51 | required: true 52 | flag: "-u" 53 | format: "flag" 54 | - name: "batch" 55 | type: "bool" 56 | description: | 57 | 非交互模式,自动选择默认选项,不需要用户输入。 58 | 59 | **使用场景:** 60 | - 自动化测试脚本 61 | - 批量扫描 62 | - 避免交互式提示 63 | 64 | **注意事项:** 65 | - 建议始终设置为true,避免工具等待用户输入 66 | - 默认值为true 67 | required: false 68 | default: true 69 | flag: "--batch" 70 | format: "flag" 71 | - name: "level" 72 | type: "int" 73 | description: | 74 | 测试级别,范围1-5,级别越高测试越全面但耗时越长。 75 | 76 | **级别说明:** 77 | - Level 1: 基本测试,快速但可能遗漏漏洞 78 | - Level 2: 默认级别,平衡速度和覆盖率 79 | - Level 3: 扩展测试,更全面的检测 80 | - Level 4: 深度测试,包含更多payload 81 | - Level 5: 最全面测试,包含所有已知技术 82 | 83 | **建议:** 84 | - 快速扫描使用1-2 85 | - 常规测试使用3(默认) 86 | - 深度测试使用4-5 87 | 88 | **注意事项:** 89 | - 级别越高,请求数量越多,可能被WAF拦截 90 | - 默认值为3 91 | required: false 92 | default: 3 93 | flag: "--level" 94 | format: "combined" # --level=3 95 | - name: "data" 96 | type: "string" 97 | description: | 98 | POST数据字符串,用于POST请求的SQL注入检测。 99 | 100 | **格式:** 101 | - 表单数据格式,例如: "username=admin&password=123" 102 | - JSON格式,例如: '{"username":"admin","password":"123"}' 103 | 104 | **注意事项:** 105 | - 如果URL使用POST方法,需要提供此参数 106 | - 参数值中的注入点用 * 标记 107 | required: false 108 | flag: "--data" 109 | format: "flag" 110 | - name: "cookie" 111 | type: "string" 112 | description: | 113 | Cookie字符串,用于Cookie注入检测。 114 | 115 | **格式:** 116 | - 标准Cookie格式,例如: "sessionid=abc123; user=admin" 117 | 118 | **注意事项:** 119 | - 如果存在Cookie注入,需要提供此参数 120 | required: false 121 | flag: "--cookie" 122 | format: "flag" 123 | - name: "additional_args" 124 | type: "string" 125 | description: | 126 | 额外的SQLMap参数。用于传递未在参数列表中定义的SQLMap选项。 127 | 128 | **示例值:** 129 | - "--dbs": 列出所有数据库 130 | - "--tables -D database": 列出指定数据库的表 131 | - "--dump -D database -T table": 导出表数据 132 | - "--os-shell": 获取操作系统shell 133 | - "--risk 2": 风险级别(1-3) 134 | - "--threads 10": 并发线程数 135 | - "--tamper space2comment": 使用tamper脚本绕过WAF 136 | 137 | **注意事项:** 138 | - 多个参数用空格分隔 139 | - 确保参数格式正确,避免命令注入 140 | - 此参数会直接追加到命令末尾 141 | required: false 142 | format: "positional" 143 | -------------------------------------------------------------------------------- /internal/security/auth_manager.go: -------------------------------------------------------------------------------- 1 | package security 2 | 3 | import ( 4 | "errors" 5 | "strings" 6 | "sync" 7 | "time" 8 | 9 | "github.com/google/uuid" 10 | ) 11 | 12 | // Predefined errors for authentication operations. 13 | var ( 14 | ErrInvalidPassword = errors.New("invalid password") 15 | ) 16 | 17 | // Session represents an authenticated user session. 18 | type Session struct { 19 | Token string 20 | ExpiresAt time.Time 21 | } 22 | 23 | // AuthManager manages password-based authentication and session lifecycle. 24 | type AuthManager struct { 25 | password string 26 | sessionDuration time.Duration 27 | 28 | mu sync.RWMutex 29 | sessions map[string]Session 30 | } 31 | 32 | // NewAuthManager creates a new AuthManager instance. 33 | func NewAuthManager(password string, sessionDurationHours int) (*AuthManager, error) { 34 | if strings.TrimSpace(password) == "" { 35 | return nil, errors.New("auth password must be configured") 36 | } 37 | 38 | if sessionDurationHours <= 0 { 39 | sessionDurationHours = 12 40 | } 41 | 42 | return &AuthManager{ 43 | password: password, 44 | sessionDuration: time.Duration(sessionDurationHours) * time.Hour, 45 | sessions: make(map[string]Session), 46 | }, nil 47 | } 48 | 49 | // Authenticate validates the password and creates a new session. 50 | func (a *AuthManager) Authenticate(password string) (string, time.Time, error) { 51 | if password != a.password { 52 | return "", time.Time{}, ErrInvalidPassword 53 | } 54 | 55 | token := uuid.NewString() 56 | expiresAt := time.Now().Add(a.sessionDuration) 57 | 58 | a.mu.Lock() 59 | a.sessions[token] = Session{ 60 | Token: token, 61 | ExpiresAt: expiresAt, 62 | } 63 | a.mu.Unlock() 64 | 65 | return token, expiresAt, nil 66 | } 67 | 68 | // ValidateToken checks whether the provided token is still valid. 69 | func (a *AuthManager) ValidateToken(token string) (Session, bool) { 70 | if strings.TrimSpace(token) == "" { 71 | return Session{}, false 72 | } 73 | 74 | a.mu.RLock() 75 | session, ok := a.sessions[token] 76 | a.mu.RUnlock() 77 | if !ok { 78 | return Session{}, false 79 | } 80 | 81 | if time.Now().After(session.ExpiresAt) { 82 | a.mu.Lock() 83 | delete(a.sessions, token) 84 | a.mu.Unlock() 85 | return Session{}, false 86 | } 87 | 88 | return session, true 89 | } 90 | 91 | // CheckPassword verifies whether the provided password matches the current password. 92 | func (a *AuthManager) CheckPassword(password string) bool { 93 | a.mu.RLock() 94 | defer a.mu.RUnlock() 95 | return password == a.password 96 | } 97 | 98 | // RevokeToken invalidates the specified token. 99 | func (a *AuthManager) RevokeToken(token string) { 100 | if strings.TrimSpace(token) == "" { 101 | return 102 | } 103 | 104 | a.mu.Lock() 105 | delete(a.sessions, token) 106 | a.mu.Unlock() 107 | } 108 | 109 | // SessionDurationHours returns the configured session duration in hours. 110 | func (a *AuthManager) SessionDurationHours() int { 111 | return int(a.sessionDuration / time.Hour) 112 | } 113 | 114 | // UpdateConfig updates the password and session duration, revoking existing sessions. 115 | func (a *AuthManager) UpdateConfig(password string, sessionDurationHours int) error { 116 | password = strings.TrimSpace(password) 117 | if password == "" { 118 | return errors.New("auth password must be configured") 119 | } 120 | 121 | if sessionDurationHours <= 0 { 122 | sessionDurationHours = 12 123 | } 124 | 125 | a.mu.Lock() 126 | defer a.mu.Unlock() 127 | 128 | a.password = password 129 | a.sessionDuration = time.Duration(sessionDurationHours) * time.Hour 130 | a.sessions = make(map[string]Session) 131 | return nil 132 | } 133 | -------------------------------------------------------------------------------- /tools/api-fuzzer.yaml: -------------------------------------------------------------------------------- 1 | name: "api-fuzzer" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import pathlib 7 | import sys 8 | import textwrap 9 | from urllib.parse import urljoin 10 | 11 | import requests 12 | 13 | if len(sys.argv) < 2: 14 | sys.stderr.write("缺少 base_url 参数\n") 15 | sys.exit(1) 16 | 17 | base_url = sys.argv[1] 18 | endpoints_arg = sys.argv[2] if len(sys.argv) > 2 else "" 19 | methods_arg = sys.argv[3] if len(sys.argv) > 3 else "GET,POST" 20 | wordlist_path = sys.argv[4] if len(sys.argv) > 4 else "" 21 | timeout = float(sys.argv[5]) if len(sys.argv) > 5 and sys.argv[5] else 10.0 22 | 23 | methods = [m.strip().upper() for m in methods_arg.split(",") if m.strip()] 24 | if not methods: 25 | methods = ["GET"] 26 | 27 | endpoints = [] 28 | if endpoints_arg: 29 | endpoints = [ep.strip() for ep in endpoints_arg.split(",") if ep.strip()] 30 | elif wordlist_path: 31 | path = pathlib.Path(wordlist_path) 32 | if not path.is_file(): 33 | sys.stderr.write(f"字典文件不存在: {path}\n") 34 | sys.exit(1) 35 | endpoints = [line.strip() for line in path.read_text().splitlines() if line.strip()] 36 | 37 | if not endpoints: 38 | sys.stderr.write("未提供端点列表或字典。\n") 39 | sys.exit(1) 40 | 41 | results = [] 42 | for endpoint in endpoints: 43 | url = urljoin(base_url.rstrip("/") + "/", endpoint.lstrip("/")) 44 | for method in methods: 45 | try: 46 | resp = requests.request(method, url, timeout=timeout, allow_redirects=False) 47 | results.append({ 48 | "method": method, 49 | "endpoint": endpoint, 50 | "status": resp.status_code, 51 | "length": len(resp.content), 52 | "redirect": resp.headers.get("Location", "") 53 | }) 54 | except requests.RequestException as exc: 55 | results.append({ 56 | "method": method, 57 | "endpoint": endpoint, 58 | "error": str(exc) 59 | }) 60 | 61 | for item in results: 62 | if "error" in item: 63 | print(f"[{item['method']}] {item['endpoint']} -> ERROR: {item['error']}") 64 | else: 65 | redirect = f" -> {item['redirect']}" if item.get("redirect") else "" 66 | print(f"[{item['method']}] {item['endpoint']} -> {item['status']} ({item['length']} bytes){redirect}") 67 | enabled: true 68 | short_description: "API端点模糊测试工具,支持智能参数发现" 69 | description: | 70 | 基于requests的轻量级API端点探测脚本,可按照提供的端点列表或字典,对多个HTTP方法进行探测并记录状态码与响应长度。 71 | parameters: 72 | - name: "base_url" 73 | type: "string" 74 | description: "API基础URL,例如 https://api.example.com/" 75 | required: true 76 | position: 0 77 | format: "positional" 78 | - name: "endpoints" 79 | type: "string" 80 | description: "逗号分隔的端点列表(如 /v1/users,/v1/auth/login)" 81 | required: false 82 | default: "" 83 | position: 1 84 | format: "positional" 85 | - name: "methods" 86 | type: "string" 87 | description: "HTTP方法列表,逗号分隔(默认 GET,POST)" 88 | required: false 89 | default: "GET,POST" 90 | position: 2 91 | format: "positional" 92 | - name: "wordlist" 93 | type: "string" 94 | description: "端点字典文件路径(当未提供endpoints时使用)" 95 | required: false 96 | default: "/usr/share/wordlists/api/api-endpoints.txt" 97 | position: 3 98 | format: "positional" 99 | - name: "timeout" 100 | type: "string" 101 | description: "每个请求的超时时间(秒,默认10)" 102 | required: false 103 | default: "10" 104 | position: 4 105 | format: "positional" 106 | -------------------------------------------------------------------------------- /tools/query-execution-result.yaml: -------------------------------------------------------------------------------- 1 | name: "query_execution_result" 2 | # 注意:这是一个内部工具,不执行外部命令 3 | # command 字段设置为特殊值,实际功能需要在代码中实现 4 | # 实现位置:internal/mcp/server.go 或 internal/handler/agent.go 5 | command: "internal:query_execution_result" 6 | enabled: true 7 | # 简短描述(用于工具列表,减少token消耗) 8 | short_description: "查询工具执行结果,支持分页、搜索和过滤大结果集" 9 | # 工具详细描述 10 | description: | 11 | 查询工具执行结果工具,用于查询已保存的工具执行结果。当工具返回的结果过大时,系统会自动保存完整结果,此工具用于按需查询这些结果。 12 | 13 | **主要功能:** 14 | - 分页查询:支持分页浏览大结果集,避免一次性加载过多数据 15 | - 全文搜索:在结果中搜索特定关键词 16 | - 条件过滤:根据条件过滤结果(如只显示包含"error"的行) 17 | - 元信息查询:获取结果的基本信息(总行数、总页数等) 18 | 19 | **使用场景:** 20 | - 当工具返回的结果超过阈值(如50KB)时,系统会自动保存结果 21 | - 需要查看完整结果时,使用此工具按需查询 22 | - 需要搜索特定信息时,使用搜索功能 23 | - 需要过滤特定类型的内容时,使用过滤功能 24 | 25 | **工作流程:** 26 | 1. 工具执行完成后,如果结果过大,系统会保存完整结果并返回执行ID 27 | 2. 使用此工具,通过 execution_id 查询结果 28 | 3. 可以分页浏览、搜索关键词或过滤条件 29 | 30 | **注意事项:** 31 | - execution_id 是必需参数,从工具执行的返回消息中获取 32 | - 默认每页返回100行,可以通过 limit 参数调整 33 | - 搜索和过滤功能可以组合使用 34 | - 结果会保留一段时间(默认7天),之后可能被清理 35 | 36 | # 参数定义 37 | parameters: 38 | - name: "execution_id" 39 | type: "string" 40 | description: | 41 | 工具执行的ID。从工具执行完成后的返回消息中获取。 42 | 43 | **格式要求:** 44 | - 执行ID字符串,格式通常为 "exec_xxxxx" 或 UUID 45 | - 必需参数,不能为空 46 | 47 | **示例值:** 48 | - "exec_12345" 49 | - "550e8400-e29b-41d4-a716-446655440000" 50 | 51 | **如何获取:** 52 | - 当工具返回大结果时,系统会在消息中提供 execution_id 53 | - 格式示例:`工具执行完成。结果已保存(ID: exec_12345)` 54 | 55 | **注意事项:** 56 | - 确保 execution_id 正确,否则查询会失败 57 | - execution_id 区分大小写 58 | required: true 59 | format: "positional" 60 | position: 0 61 | 62 | - name: "page" 63 | type: "integer" 64 | description: | 65 | 要查询的页码。从1开始计数。 66 | 67 | **格式要求:** 68 | - 正整数,从1开始 69 | - 如果不指定,默认为1(第一页) 70 | 71 | **示例值:** 72 | - 1 (第一页,默认) 73 | - 2 (第二页) 74 | - 10 (第十页) 75 | 76 | **注意事项:** 77 | - 页码不能小于1 78 | - 如果指定的页码超过总页数,会返回空结果 79 | - 建议先查询第一页了解结果结构,再决定是否需要查看其他页 80 | required: false 81 | default: 1 82 | 83 | - name: "limit" 84 | type: "integer" 85 | description: | 86 | 每页返回的行数。控制单次查询返回的数据量。 87 | 88 | **格式要求:** 89 | - 正整数,建议范围:10-500 90 | - 如果不指定,默认为100行 91 | 92 | **示例值:** 93 | - 50 (每页50行) 94 | - 100 (每页100行,默认) 95 | - 200 (每页200行) 96 | 97 | **注意事项:** 98 | - 较小的 limit 可以减少单次查询的token消耗 99 | - 较大的 limit 可以减少查询次数,但会增加单次返回的数据量 100 | - 建议根据实际需要调整,平衡查询次数和数据量 101 | required: false 102 | default: 100 103 | 104 | - name: "search" 105 | type: "string" 106 | description: | 107 | 搜索关键词。在结果中搜索包含此关键词的行。 108 | 109 | **格式要求:** 110 | - 任意字符串 111 | - 搜索是大小写敏感的 112 | - 支持部分匹配 113 | 114 | **示例值:** 115 | - "open" (搜索包含"open"的行,如开放端口) 116 | - "error" (搜索包含"error"的行) 117 | - "CVE-2023" (搜索包含CVE编号的行) 118 | - "80/tcp" (搜索特定端口) 119 | 120 | **使用场景:** 121 | - 快速定位关键信息 122 | - 查找特定类型的条目 123 | - 过滤感兴趣的内容 124 | 125 | **注意事项:** 126 | - 搜索会在所有行中进行,可能返回多页结果 127 | - 搜索结果也会分页返回 128 | - 可以结合 page 和 limit 参数控制返回结果 129 | - 如果同时指定 search 和 filter,会先应用 filter,再在结果中搜索 130 | required: false 131 | 132 | - name: "filter" 133 | type: "string" 134 | description: | 135 | 过滤条件。只返回包含此关键词的行。 136 | 137 | **格式要求:** 138 | - 任意字符串 139 | - 过滤是大小写敏感的 140 | - 支持部分匹配 141 | 142 | **示例值:** 143 | - "error" (只返回包含"error"的行) 144 | - "warning" (只返回包含"warning"的行) 145 | - "open" (只返回包含"open"的行) 146 | - "200" (只返回包含"200"的行,如HTTP状态码) 147 | 148 | **使用场景:** 149 | - 只查看错误信息 150 | - 只查看特定状态的结果 151 | - 过滤掉不感兴趣的内容 152 | 153 | **注意事项:** 154 | - 过滤会在所有行中进行,可能返回多页结果 155 | - 过滤结果也会分页返回 156 | - 可以结合 page 和 limit 参数控制返回结果 157 | - 如果同时指定 search 和 filter,会先应用 filter,再在结果中搜索 158 | required: false 159 | 160 | -------------------------------------------------------------------------------- /internal/openai/openai.go: -------------------------------------------------------------------------------- 1 | package openai 2 | 3 | import ( 4 | "bytes" 5 | "context" 6 | "encoding/json" 7 | "fmt" 8 | "io" 9 | "net/http" 10 | "strings" 11 | "time" 12 | 13 | "cyberstrike-ai/internal/config" 14 | 15 | "go.uber.org/zap" 16 | ) 17 | 18 | // Client 统一封装与OpenAI兼容模型交互的HTTP客户端。 19 | type Client struct { 20 | httpClient *http.Client 21 | config *config.OpenAIConfig 22 | logger *zap.Logger 23 | } 24 | 25 | // APIError 表示OpenAI接口返回的非200错误。 26 | type APIError struct { 27 | StatusCode int 28 | Body string 29 | } 30 | 31 | func (e *APIError) Error() string { 32 | return fmt.Sprintf("openai api error: status=%d body=%s", e.StatusCode, e.Body) 33 | } 34 | 35 | // NewClient 创建一个新的OpenAI客户端。 36 | func NewClient(cfg *config.OpenAIConfig, httpClient *http.Client, logger *zap.Logger) *Client { 37 | if httpClient == nil { 38 | httpClient = http.DefaultClient 39 | } 40 | if logger == nil { 41 | logger = zap.NewNop() 42 | } 43 | return &Client{ 44 | httpClient: httpClient, 45 | config: cfg, 46 | logger: logger, 47 | } 48 | } 49 | 50 | // UpdateConfig 动态更新OpenAI配置。 51 | func (c *Client) UpdateConfig(cfg *config.OpenAIConfig) { 52 | c.config = cfg 53 | } 54 | 55 | // ChatCompletion 调用 /chat/completions 接口。 56 | func (c *Client) ChatCompletion(ctx context.Context, payload interface{}, out interface{}) error { 57 | if c == nil { 58 | return fmt.Errorf("openai client is not initialized") 59 | } 60 | if c.config == nil { 61 | return fmt.Errorf("openai config is nil") 62 | } 63 | if strings.TrimSpace(c.config.APIKey) == "" { 64 | return fmt.Errorf("openai api key is empty") 65 | } 66 | 67 | baseURL := strings.TrimSuffix(c.config.BaseURL, "/") 68 | if baseURL == "" { 69 | baseURL = "https://api.openai.com/v1" 70 | } 71 | 72 | body, err := json.Marshal(payload) 73 | if err != nil { 74 | return fmt.Errorf("marshal openai payload: %w", err) 75 | } 76 | 77 | c.logger.Debug("sending OpenAI chat completion request", 78 | zap.Int("payloadSizeKB", len(body)/1024)) 79 | 80 | req, err := http.NewRequestWithContext(ctx, http.MethodPost, baseURL+"/chat/completions", bytes.NewReader(body)) 81 | if err != nil { 82 | return fmt.Errorf("build openai request: %w", err) 83 | } 84 | req.Header.Set("Content-Type", "application/json") 85 | req.Header.Set("Authorization", "Bearer "+c.config.APIKey) 86 | 87 | requestStart := time.Now() 88 | resp, err := c.httpClient.Do(req) 89 | if err != nil { 90 | return fmt.Errorf("call openai api: %w", err) 91 | } 92 | defer resp.Body.Close() 93 | 94 | bodyChan := make(chan []byte, 1) 95 | errChan := make(chan error, 1) 96 | go func() { 97 | responseBody, err := io.ReadAll(resp.Body) 98 | if err != nil { 99 | errChan <- err 100 | return 101 | } 102 | bodyChan <- responseBody 103 | }() 104 | 105 | var respBody []byte 106 | select { 107 | case respBody = <-bodyChan: 108 | case err := <-errChan: 109 | return fmt.Errorf("read openai response: %w", err) 110 | case <-ctx.Done(): 111 | return fmt.Errorf("read openai response timeout: %w", ctx.Err()) 112 | case <-time.After(25 * time.Minute): 113 | return fmt.Errorf("read openai response timeout (25m)") 114 | } 115 | 116 | c.logger.Debug("received OpenAI response", 117 | zap.Int("status", resp.StatusCode), 118 | zap.Duration("duration", time.Since(requestStart)), 119 | zap.Int("responseSizeKB", len(respBody)/1024), 120 | ) 121 | 122 | if resp.StatusCode != http.StatusOK { 123 | c.logger.Warn("OpenAI chat completion returned non-200", 124 | zap.Int("status", resp.StatusCode), 125 | zap.String("body", string(respBody)), 126 | ) 127 | return &APIError{ 128 | StatusCode: resp.StatusCode, 129 | Body: string(respBody), 130 | } 131 | } 132 | 133 | if out != nil { 134 | if err := json.Unmarshal(respBody, out); err != nil { 135 | c.logger.Error("failed to unmarshal OpenAI response", 136 | zap.Error(err), 137 | zap.String("body", string(respBody)), 138 | ) 139 | return fmt.Errorf("unmarshal openai response: %w", err) 140 | } 141 | } 142 | 143 | return nil 144 | } 145 | -------------------------------------------------------------------------------- /cmd/test-external-mcp/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "os" 7 | "time" 8 | 9 | "cyberstrike-ai/internal/config" 10 | "cyberstrike-ai/internal/logger" 11 | "cyberstrike-ai/internal/mcp" 12 | ) 13 | 14 | func main() { 15 | if len(os.Args) < 2 { 16 | fmt.Println("Usage: go run cmd/test-external-mcp/main.go ") 17 | os.Exit(1) 18 | } 19 | 20 | configPath := os.Args[1] 21 | cfg, err := config.Load(configPath) 22 | if err != nil { 23 | fmt.Printf("Error loading config: %v\n", err) 24 | os.Exit(1) 25 | } 26 | 27 | if cfg.ExternalMCP.Servers == nil || len(cfg.ExternalMCP.Servers) == 0 { 28 | fmt.Println("No external MCP servers configured") 29 | os.Exit(0) 30 | } 31 | 32 | fmt.Printf("Found %d external MCP server(s)\n\n", len(cfg.ExternalMCP.Servers)) 33 | 34 | // 创建日志 35 | log := logger.New("info", "stdout") 36 | 37 | // 创建外部MCP管理器 38 | manager := mcp.NewExternalMCPManager(log.Logger) 39 | manager.LoadConfigs(&cfg.ExternalMCP) 40 | 41 | // 显示配置 42 | fmt.Println("=== 配置信息 ===") 43 | for name, srv := range cfg.ExternalMCP.Servers { 44 | fmt.Printf("\n%s:\n", name) 45 | fmt.Printf(" Transport: %s\n", getTransport(srv)) 46 | if srv.Command != "" { 47 | fmt.Printf(" Command: %s\n", srv.Command) 48 | fmt.Printf(" Args: %v\n", srv.Args) 49 | } 50 | if srv.URL != "" { 51 | fmt.Printf(" URL: %s\n", srv.URL) 52 | } 53 | fmt.Printf(" Description: %s\n", srv.Description) 54 | fmt.Printf(" Timeout: %d seconds\n", srv.Timeout) 55 | fmt.Printf(" Enabled: %v\n", srv.Enabled) 56 | fmt.Printf(" Disabled: %v\n", srv.Disabled) 57 | } 58 | 59 | // 获取统计信息 60 | fmt.Println("\n=== 统计信息 ===") 61 | stats := manager.GetStats() 62 | fmt.Printf("总数: %d\n", stats["total"]) 63 | fmt.Printf("已启用: %d\n", stats["enabled"]) 64 | fmt.Printf("已停用: %d\n", stats["disabled"]) 65 | fmt.Printf("已连接: %d\n", stats["connected"]) 66 | 67 | // 测试启动(仅测试启用的) 68 | fmt.Println("\n=== 测试启动 ===") 69 | for name, srv := range cfg.ExternalMCP.Servers { 70 | if srv.Enabled && !srv.Disabled { 71 | fmt.Printf("\n尝试启动 %s...\n", name) 72 | // 注意:实际启动可能会失败,因为需要真实的MCP服务器 73 | err := manager.StartClient(name) 74 | if err != nil { 75 | fmt.Printf(" 启动失败(这是正常的,如果没有真实的MCP服务器): %v\n", err) 76 | } else { 77 | fmt.Printf(" 启动成功\n") 78 | // 获取客户端状态 79 | if client, exists := manager.GetClient(name); exists { 80 | fmt.Printf(" 状态: %s\n", client.GetStatus()) 81 | fmt.Printf(" 已连接: %v\n", client.IsConnected()) 82 | } 83 | } 84 | } 85 | } 86 | 87 | // 等待一下 88 | time.Sleep(2 * time.Second) 89 | 90 | // 测试获取工具列表 91 | fmt.Println("\n=== 测试获取工具列表 ===") 92 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) 93 | defer cancel() 94 | 95 | tools, err := manager.GetAllTools(ctx) 96 | if err != nil { 97 | fmt.Printf("获取工具列表失败: %v\n", err) 98 | } else { 99 | fmt.Printf("获取到 %d 个工具\n", len(tools)) 100 | for i, tool := range tools { 101 | if i < 5 { // 只显示前5个 102 | fmt.Printf(" - %s: %s\n", tool.Name, tool.Description) 103 | } 104 | } 105 | if len(tools) > 5 { 106 | fmt.Printf(" ... 还有 %d 个工具\n", len(tools)-5) 107 | } 108 | } 109 | 110 | // 测试停止 111 | fmt.Println("\n=== 测试停止 ===") 112 | for name := range cfg.ExternalMCP.Servers { 113 | fmt.Printf("\n停止 %s...\n", name) 114 | err := manager.StopClient(name) 115 | if err != nil { 116 | fmt.Printf(" 停止失败: %v\n", err) 117 | } else { 118 | fmt.Printf(" 停止成功\n") 119 | } 120 | } 121 | 122 | // 最终统计 123 | fmt.Println("\n=== 最终统计 ===") 124 | stats = manager.GetStats() 125 | fmt.Printf("总数: %d\n", stats["total"]) 126 | fmt.Printf("已启用: %d\n", stats["enabled"]) 127 | fmt.Printf("已停用: %d\n", stats["disabled"]) 128 | fmt.Printf("已连接: %d\n", stats["connected"]) 129 | 130 | fmt.Println("\n=== 测试完成 ===") 131 | } 132 | 133 | func getTransport(srv config.ExternalMCPServerConfig) string { 134 | if srv.Transport != "" { 135 | return srv.Transport 136 | } 137 | if srv.Command != "" { 138 | return "stdio" 139 | } 140 | if srv.URL != "" { 141 | return "http" 142 | } 143 | return "unknown" 144 | } 145 | 146 | -------------------------------------------------------------------------------- /tools/http-intruder.yaml: -------------------------------------------------------------------------------- 1 | name: "http-intruder" 2 | command: "python3" 3 | args: 4 | - "-c" 5 | - | 6 | import json 7 | import sys 8 | import time 9 | from urllib.parse import urlencode, urlparse, parse_qs, urlunparse 10 | 11 | import requests 12 | 13 | if len(sys.argv) < 3: 14 | sys.stderr.write("需要至少URL和载荷\n") 15 | sys.exit(1) 16 | 17 | url = sys.argv[1] 18 | method = (sys.argv[2] or "GET").upper() 19 | location = (sys.argv[3] or "query").lower() 20 | params_json = sys.argv[4] if len(sys.argv) > 4 else "{}" 21 | payloads_json = sys.argv[5] if len(sys.argv) > 5 else "[]" 22 | max_requests = int(sys.argv[6]) if len(sys.argv) > 6 and sys.argv[6] else 0 23 | 24 | try: 25 | params_template = json.loads(params_json) if params_json else {} 26 | except json.JSONDecodeError as exc: 27 | sys.stderr.write(f"参数模板解析失败: {exc}\n") 28 | sys.exit(1) 29 | 30 | try: 31 | payloads = json.loads(payloads_json) 32 | except json.JSONDecodeError as exc: 33 | sys.stderr.write(f"载荷解析失败: {exc}\n") 34 | sys.exit(1) 35 | 36 | if not isinstance(payloads, list) or not payloads: 37 | sys.stderr.write("载荷列表不能为空\n") 38 | sys.exit(1) 39 | 40 | param_names = list(params_template.keys()) 41 | if not param_names: 42 | sys.stderr.write("参数模板不能为空\n") 43 | sys.exit(1) 44 | 45 | session = requests.Session() 46 | sent = 0 47 | 48 | def build_query(original_url, data): 49 | parsed = urlparse(original_url) 50 | existing = {k: v[0] for k, v in parse_qs(parsed.query, keep_blank_values=True).items()} 51 | existing.update(data) 52 | new_query = urlencode(existing, doseq=True) 53 | return urlunparse(parsed._replace(query=new_query)) 54 | 55 | for param in param_names: 56 | for payload in payloads: 57 | if max_requests and sent >= max_requests: 58 | break 59 | payload_str = str(payload) 60 | if location == "query": 61 | new_url = build_query(url, {param: payload_str}) 62 | response = session.request(method, new_url) 63 | elif location == "body": 64 | body = params_template.copy() 65 | body[param] = payload_str 66 | response = session.request(method, url, data=body) 67 | elif location == "headers": 68 | headers = params_template.copy() 69 | headers[param] = payload_str 70 | response = session.request(method, url, headers=headers) 71 | elif location == "cookie": 72 | cookies = params_template.copy() 73 | cookies[param] = payload_str 74 | response = session.request(method, url, cookies=cookies) 75 | else: 76 | sys.stderr.write(f"不支持的位置: {location}\n") 77 | sys.exit(1) 78 | 79 | sent += 1 80 | length = len(response.content) 81 | print(f"[{sent}] {param} = {payload_str} -> {response.status_code} ({length} bytes)") 82 | if max_requests and sent >= max_requests: 83 | break 84 | 85 | if sent == 0: 86 | sys.stderr.write("未发送任何请求,请检查参数配置。\n") 87 | enabled: true 88 | short_description: "简单的Intruder(sniper)模糊测试工具" 89 | description: | 90 | 轻量级HTTP“狙击手”模式模糊器,对每个参数逐一替换载荷并记录响应。 91 | parameters: 92 | - name: "url" 93 | type: "string" 94 | description: "目标URL" 95 | required: true 96 | position: 0 97 | format: "positional" 98 | - name: "method" 99 | type: "string" 100 | description: "HTTP方法(默认GET)" 101 | required: false 102 | default: "GET" 103 | position: 1 104 | format: "positional" 105 | - name: "location" 106 | type: "string" 107 | description: "载荷位置(query, body, headers, cookie)" 108 | required: false 109 | default: "query" 110 | position: 2 111 | format: "positional" 112 | - name: "params" 113 | type: "string" 114 | description: "参数模板(JSON字典),指定要模糊的键及默认值" 115 | required: true 116 | position: 3 117 | format: "positional" 118 | - name: "payloads" 119 | type: "string" 120 | description: "载荷列表(JSON数组)" 121 | required: true 122 | position: 4 123 | format: "positional" 124 | - name: "max_requests" 125 | type: "int" 126 | description: "最大请求数(0表示全部)" 127 | required: false 128 | default: 0 129 | position: 5 130 | format: "positional" 131 | -------------------------------------------------------------------------------- /internal/handler/auth.go: -------------------------------------------------------------------------------- 1 | package handler 2 | 3 | import ( 4 | "net/http" 5 | "strings" 6 | "time" 7 | 8 | "cyberstrike-ai/internal/config" 9 | "cyberstrike-ai/internal/security" 10 | 11 | "github.com/gin-gonic/gin" 12 | "go.uber.org/zap" 13 | ) 14 | 15 | // AuthHandler handles authentication-related endpoints. 16 | type AuthHandler struct { 17 | manager *security.AuthManager 18 | config *config.Config 19 | configPath string 20 | logger *zap.Logger 21 | } 22 | 23 | // NewAuthHandler creates a new AuthHandler. 24 | func NewAuthHandler(manager *security.AuthManager, cfg *config.Config, configPath string, logger *zap.Logger) *AuthHandler { 25 | return &AuthHandler{ 26 | manager: manager, 27 | config: cfg, 28 | configPath: configPath, 29 | logger: logger, 30 | } 31 | } 32 | 33 | type loginRequest struct { 34 | Password string `json:"password" binding:"required"` 35 | } 36 | 37 | type changePasswordRequest struct { 38 | OldPassword string `json:"oldPassword"` 39 | NewPassword string `json:"newPassword"` 40 | } 41 | 42 | // Login verifies password and returns a session token. 43 | func (h *AuthHandler) Login(c *gin.Context) { 44 | var req loginRequest 45 | if err := c.ShouldBindJSON(&req); err != nil { 46 | c.JSON(http.StatusBadRequest, gin.H{"error": "密码不能为空"}) 47 | return 48 | } 49 | 50 | token, expiresAt, err := h.manager.Authenticate(req.Password) 51 | if err != nil { 52 | c.JSON(http.StatusUnauthorized, gin.H{"error": "密码错误"}) 53 | return 54 | } 55 | 56 | c.JSON(http.StatusOK, gin.H{ 57 | "token": token, 58 | "expires_at": expiresAt.UTC().Format(time.RFC3339), 59 | "session_duration_hr": h.manager.SessionDurationHours(), 60 | }) 61 | } 62 | 63 | // Logout revokes the current session token. 64 | func (h *AuthHandler) Logout(c *gin.Context) { 65 | token := c.GetString(security.ContextAuthTokenKey) 66 | if token == "" { 67 | authHeader := c.GetHeader("Authorization") 68 | if len(authHeader) > 7 && strings.EqualFold(authHeader[:7], "Bearer ") { 69 | token = strings.TrimSpace(authHeader[7:]) 70 | } else { 71 | token = strings.TrimSpace(authHeader) 72 | } 73 | } 74 | 75 | h.manager.RevokeToken(token) 76 | c.JSON(http.StatusOK, gin.H{"message": "已退出登录"}) 77 | } 78 | 79 | // ChangePassword updates the login password. 80 | func (h *AuthHandler) ChangePassword(c *gin.Context) { 81 | var req changePasswordRequest 82 | if err := c.ShouldBindJSON(&req); err != nil { 83 | c.JSON(http.StatusBadRequest, gin.H{"error": "参数无效"}) 84 | return 85 | } 86 | 87 | oldPassword := strings.TrimSpace(req.OldPassword) 88 | newPassword := strings.TrimSpace(req.NewPassword) 89 | 90 | if oldPassword == "" || newPassword == "" { 91 | c.JSON(http.StatusBadRequest, gin.H{"error": "当前密码和新密码均不能为空"}) 92 | return 93 | } 94 | 95 | if len(newPassword) < 8 { 96 | c.JSON(http.StatusBadRequest, gin.H{"error": "新密码长度至少需要 8 位"}) 97 | return 98 | } 99 | 100 | if oldPassword == newPassword { 101 | c.JSON(http.StatusBadRequest, gin.H{"error": "新密码不能与旧密码相同"}) 102 | return 103 | } 104 | 105 | if !h.manager.CheckPassword(oldPassword) { 106 | c.JSON(http.StatusUnauthorized, gin.H{"error": "当前密码不正确"}) 107 | return 108 | } 109 | 110 | if err := config.PersistAuthPassword(h.configPath, newPassword); err != nil { 111 | if h.logger != nil { 112 | h.logger.Error("保存新密码失败", zap.Error(err)) 113 | } 114 | c.JSON(http.StatusInternalServerError, gin.H{"error": "保存新密码失败,请重试"}) 115 | return 116 | } 117 | 118 | if err := h.manager.UpdateConfig(newPassword, h.config.Auth.SessionDurationHours); err != nil { 119 | if h.logger != nil { 120 | h.logger.Error("更新认证配置失败", zap.Error(err)) 121 | } 122 | c.JSON(http.StatusInternalServerError, gin.H{"error": "更新认证配置失败"}) 123 | return 124 | } 125 | 126 | h.config.Auth.Password = newPassword 127 | h.config.Auth.GeneratedPassword = "" 128 | h.config.Auth.GeneratedPasswordPersisted = false 129 | h.config.Auth.GeneratedPasswordPersistErr = "" 130 | 131 | if h.logger != nil { 132 | h.logger.Info("登录密码已更新,所有会话已失效") 133 | } 134 | 135 | c.JSON(http.StatusOK, gin.H{"message": "密码已更新,请使用新密码重新登录"}) 136 | } 137 | 138 | // Validate returns the current session status. 139 | func (h *AuthHandler) Validate(c *gin.Context) { 140 | token := c.GetString(security.ContextAuthTokenKey) 141 | if token == "" { 142 | c.JSON(http.StatusUnauthorized, gin.H{"error": "会话无效"}) 143 | return 144 | } 145 | 146 | session, ok := h.manager.ValidateToken(token) 147 | if !ok { 148 | c.JSON(http.StatusUnauthorized, gin.H{"error": "会话已过期"}) 149 | return 150 | } 151 | 152 | c.JSON(http.StatusOK, gin.H{ 153 | "token": session.Token, 154 | "expires_at": session.ExpiresAt.UTC().Format(time.RFC3339), 155 | }) 156 | } 157 | -------------------------------------------------------------------------------- /internal/database/attackchain.go: -------------------------------------------------------------------------------- 1 | package database 2 | 3 | import ( 4 | "database/sql" 5 | "encoding/json" 6 | "fmt" 7 | 8 | "go.uber.org/zap" 9 | ) 10 | 11 | // AttackChainNode 攻击链节点 12 | type AttackChainNode struct { 13 | ID string `json:"id"` 14 | Type string `json:"type"` // tool, vulnerability, target, exploit 15 | Label string `json:"label"` 16 | ToolExecutionID string `json:"tool_execution_id,omitempty"` 17 | Metadata map[string]interface{} `json:"metadata"` 18 | RiskScore int `json:"risk_score"` 19 | } 20 | 21 | // AttackChainEdge 攻击链边 22 | type AttackChainEdge struct { 23 | ID string `json:"id"` 24 | Source string `json:"source"` 25 | Target string `json:"target"` 26 | Type string `json:"type"` // leads_to, exploits, enables, depends_on 27 | Weight int `json:"weight"` 28 | } 29 | 30 | // SaveAttackChainNode 保存攻击链节点 31 | func (db *DB) SaveAttackChainNode(conversationID, nodeID, nodeType, nodeName, toolExecutionID, metadata string, riskScore int) error { 32 | var toolExecID sql.NullString 33 | if toolExecutionID != "" { 34 | toolExecID = sql.NullString{String: toolExecutionID, Valid: true} 35 | } 36 | 37 | var metadataJSON sql.NullString 38 | if metadata != "" { 39 | metadataJSON = sql.NullString{String: metadata, Valid: true} 40 | } 41 | 42 | query := ` 43 | INSERT OR REPLACE INTO attack_chain_nodes 44 | (id, conversation_id, node_type, node_name, tool_execution_id, metadata, risk_score, created_at) 45 | VALUES (?, ?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP) 46 | ` 47 | 48 | _, err := db.Exec(query, nodeID, conversationID, nodeType, nodeName, toolExecID, metadataJSON, riskScore) 49 | if err != nil { 50 | db.logger.Error("保存攻击链节点失败", zap.Error(err), zap.String("nodeId", nodeID)) 51 | return err 52 | } 53 | 54 | return nil 55 | } 56 | 57 | // SaveAttackChainEdge 保存攻击链边 58 | func (db *DB) SaveAttackChainEdge(conversationID, edgeID, sourceNodeID, targetNodeID, edgeType string, weight int) error { 59 | query := ` 60 | INSERT OR REPLACE INTO attack_chain_edges 61 | (id, conversation_id, source_node_id, target_node_id, edge_type, weight, created_at) 62 | VALUES (?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP) 63 | ` 64 | 65 | _, err := db.Exec(query, edgeID, conversationID, sourceNodeID, targetNodeID, edgeType, weight) 66 | if err != nil { 67 | db.logger.Error("保存攻击链边失败", zap.Error(err), zap.String("edgeId", edgeID)) 68 | return err 69 | } 70 | 71 | return nil 72 | } 73 | 74 | // LoadAttackChainNodes 加载攻击链节点 75 | func (db *DB) LoadAttackChainNodes(conversationID string) ([]AttackChainNode, error) { 76 | query := ` 77 | SELECT id, node_type, node_name, tool_execution_id, metadata, risk_score 78 | FROM attack_chain_nodes 79 | WHERE conversation_id = ? 80 | ORDER BY created_at ASC 81 | ` 82 | 83 | rows, err := db.Query(query, conversationID) 84 | if err != nil { 85 | return nil, fmt.Errorf("查询攻击链节点失败: %w", err) 86 | } 87 | defer rows.Close() 88 | 89 | var nodes []AttackChainNode 90 | for rows.Next() { 91 | var node AttackChainNode 92 | var toolExecID sql.NullString 93 | var metadataJSON sql.NullString 94 | 95 | err := rows.Scan(&node.ID, &node.Type, &node.Label, &toolExecID, &metadataJSON, &node.RiskScore) 96 | if err != nil { 97 | db.logger.Warn("扫描攻击链节点失败", zap.Error(err)) 98 | continue 99 | } 100 | 101 | if toolExecID.Valid { 102 | node.ToolExecutionID = toolExecID.String 103 | } 104 | 105 | if metadataJSON.Valid && metadataJSON.String != "" { 106 | if err := json.Unmarshal([]byte(metadataJSON.String), &node.Metadata); err != nil { 107 | db.logger.Warn("解析节点元数据失败", zap.Error(err)) 108 | node.Metadata = make(map[string]interface{}) 109 | } 110 | } else { 111 | node.Metadata = make(map[string]interface{}) 112 | } 113 | 114 | nodes = append(nodes, node) 115 | } 116 | 117 | return nodes, nil 118 | } 119 | 120 | // LoadAttackChainEdges 加载攻击链边 121 | func (db *DB) LoadAttackChainEdges(conversationID string) ([]AttackChainEdge, error) { 122 | query := ` 123 | SELECT id, source_node_id, target_node_id, edge_type, weight 124 | FROM attack_chain_edges 125 | WHERE conversation_id = ? 126 | ORDER BY created_at ASC 127 | ` 128 | 129 | rows, err := db.Query(query, conversationID) 130 | if err != nil { 131 | return nil, fmt.Errorf("查询攻击链边失败: %w", err) 132 | } 133 | defer rows.Close() 134 | 135 | var edges []AttackChainEdge 136 | for rows.Next() { 137 | var edge AttackChainEdge 138 | 139 | err := rows.Scan(&edge.ID, &edge.Source, &edge.Target, &edge.Type, &edge.Weight) 140 | if err != nil { 141 | db.logger.Warn("扫描攻击链边失败", zap.Error(err)) 142 | continue 143 | } 144 | 145 | edges = append(edges, edge) 146 | } 147 | 148 | return edges, nil 149 | } 150 | 151 | // DeleteAttackChain 删除对话的攻击链数据 152 | func (db *DB) DeleteAttackChain(conversationID string) error { 153 | // 先删除边(因为有外键约束) 154 | _, err := db.Exec("DELETE FROM attack_chain_edges WHERE conversation_id = ?", conversationID) 155 | if err != nil { 156 | db.logger.Warn("删除攻击链边失败", zap.Error(err)) 157 | } 158 | 159 | // 再删除节点 160 | _, err = db.Exec("DELETE FROM attack_chain_nodes WHERE conversation_id = ?", conversationID) 161 | if err != nil { 162 | db.logger.Error("删除攻击链节点失败", zap.Error(err), zap.String("conversationId", conversationID)) 163 | return err 164 | } 165 | 166 | return nil 167 | } 168 | 169 | -------------------------------------------------------------------------------- /internal/handler/attackchain.go: -------------------------------------------------------------------------------- 1 | package handler 2 | 3 | import ( 4 | "context" 5 | "net/http" 6 | "sync" 7 | "time" 8 | 9 | "cyberstrike-ai/internal/attackchain" 10 | "cyberstrike-ai/internal/config" 11 | "cyberstrike-ai/internal/database" 12 | 13 | "github.com/gin-gonic/gin" 14 | "go.uber.org/zap" 15 | ) 16 | 17 | // AttackChainHandler 攻击链处理器 18 | type AttackChainHandler struct { 19 | db *database.DB 20 | logger *zap.Logger 21 | openAIConfig *config.OpenAIConfig 22 | mu sync.RWMutex // 保护 openAIConfig 的并发访问 23 | // 用于防止同一对话的并发生成 24 | generatingLocks sync.Map // map[string]*sync.Mutex 25 | } 26 | 27 | // NewAttackChainHandler 创建新的攻击链处理器 28 | func NewAttackChainHandler(db *database.DB, openAIConfig *config.OpenAIConfig, logger *zap.Logger) *AttackChainHandler { 29 | return &AttackChainHandler{ 30 | db: db, 31 | logger: logger, 32 | openAIConfig: openAIConfig, 33 | } 34 | } 35 | 36 | // UpdateConfig 更新OpenAI配置 37 | func (h *AttackChainHandler) UpdateConfig(cfg *config.OpenAIConfig) { 38 | h.mu.Lock() 39 | defer h.mu.Unlock() 40 | h.openAIConfig = cfg 41 | h.logger.Info("AttackChainHandler配置已更新", 42 | zap.String("base_url", cfg.BaseURL), 43 | zap.String("model", cfg.Model), 44 | ) 45 | } 46 | 47 | // getOpenAIConfig 获取OpenAI配置(线程安全) 48 | func (h *AttackChainHandler) getOpenAIConfig() *config.OpenAIConfig { 49 | h.mu.RLock() 50 | defer h.mu.RUnlock() 51 | return h.openAIConfig 52 | } 53 | 54 | // GetAttackChain 获取攻击链(按需生成) 55 | // GET /api/attack-chain/:conversationId 56 | func (h *AttackChainHandler) GetAttackChain(c *gin.Context) { 57 | conversationID := c.Param("conversationId") 58 | if conversationID == "" { 59 | c.JSON(http.StatusBadRequest, gin.H{"error": "conversationId is required"}) 60 | return 61 | } 62 | 63 | // 检查对话是否存在 64 | _, err := h.db.GetConversation(conversationID) 65 | if err != nil { 66 | h.logger.Warn("对话不存在", zap.String("conversationId", conversationID), zap.Error(err)) 67 | c.JSON(http.StatusNotFound, gin.H{"error": "对话不存在"}) 68 | return 69 | } 70 | 71 | // 先尝试从数据库加载(如果已生成过) 72 | openAIConfig := h.getOpenAIConfig() 73 | builder := attackchain.NewBuilder(h.db, openAIConfig, h.logger) 74 | chain, err := builder.LoadChainFromDatabase(conversationID) 75 | if err == nil && len(chain.Nodes) > 0 { 76 | // 如果已存在,直接返回 77 | h.logger.Info("返回已存在的攻击链", zap.String("conversationId", conversationID)) 78 | c.JSON(http.StatusOK, chain) 79 | return 80 | } 81 | 82 | // 如果不存在,则生成新的攻击链(按需生成) 83 | // 使用锁机制防止同一对话的并发生成 84 | lockInterface, _ := h.generatingLocks.LoadOrStore(conversationID, &sync.Mutex{}) 85 | lock := lockInterface.(*sync.Mutex) 86 | 87 | // 尝试获取锁,如果正在生成则返回错误 88 | acquired := lock.TryLock() 89 | if !acquired { 90 | h.logger.Info("攻击链正在生成中,请稍后再试", zap.String("conversationId", conversationID)) 91 | c.JSON(http.StatusConflict, gin.H{"error": "攻击链正在生成中,请稍后再试"}) 92 | return 93 | } 94 | defer lock.Unlock() 95 | 96 | // 再次检查是否已生成(可能在等待锁的过程中已经生成完成) 97 | chain, err = builder.LoadChainFromDatabase(conversationID) 98 | if err == nil && len(chain.Nodes) > 0 { 99 | h.logger.Info("返回已存在的攻击链(在锁等待期间已生成)", zap.String("conversationId", conversationID)) 100 | c.JSON(http.StatusOK, chain) 101 | return 102 | } 103 | 104 | h.logger.Info("开始生成攻击链", zap.String("conversationId", conversationID)) 105 | 106 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) 107 | defer cancel() 108 | 109 | chain, err = builder.BuildChainFromConversation(ctx, conversationID) 110 | if err != nil { 111 | h.logger.Error("生成攻击链失败", zap.String("conversationId", conversationID), zap.Error(err)) 112 | c.JSON(http.StatusInternalServerError, gin.H{"error": "生成攻击链失败: " + err.Error()}) 113 | return 114 | } 115 | 116 | // 生成完成后,从锁映射中删除(可选,保留也可以用于防止短时间内重复生成) 117 | // h.generatingLocks.Delete(conversationID) 118 | 119 | c.JSON(http.StatusOK, chain) 120 | } 121 | 122 | // RegenerateAttackChain 重新生成攻击链 123 | // POST /api/attack-chain/:conversationId/regenerate 124 | func (h *AttackChainHandler) RegenerateAttackChain(c *gin.Context) { 125 | conversationID := c.Param("conversationId") 126 | if conversationID == "" { 127 | c.JSON(http.StatusBadRequest, gin.H{"error": "conversationId is required"}) 128 | return 129 | } 130 | 131 | // 检查对话是否存在 132 | _, err := h.db.GetConversation(conversationID) 133 | if err != nil { 134 | h.logger.Warn("对话不存在", zap.String("conversationId", conversationID), zap.Error(err)) 135 | c.JSON(http.StatusNotFound, gin.H{"error": "对话不存在"}) 136 | return 137 | } 138 | 139 | // 删除旧的攻击链 140 | if err := h.db.DeleteAttackChain(conversationID); err != nil { 141 | h.logger.Warn("删除旧攻击链失败", zap.Error(err)) 142 | } 143 | 144 | // 使用锁机制防止并发生成 145 | lockInterface, _ := h.generatingLocks.LoadOrStore(conversationID, &sync.Mutex{}) 146 | lock := lockInterface.(*sync.Mutex) 147 | 148 | acquired := lock.TryLock() 149 | if !acquired { 150 | h.logger.Info("攻击链正在生成中,请稍后再试", zap.String("conversationId", conversationID)) 151 | c.JSON(http.StatusConflict, gin.H{"error": "攻击链正在生成中,请稍后再试"}) 152 | return 153 | } 154 | defer lock.Unlock() 155 | 156 | // 生成新的攻击链 157 | h.logger.Info("重新生成攻击链", zap.String("conversationId", conversationID)) 158 | 159 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) 160 | defer cancel() 161 | 162 | openAIConfig := h.getOpenAIConfig() 163 | builder := attackchain.NewBuilder(h.db, openAIConfig, h.logger) 164 | chain, err := builder.BuildChainFromConversation(ctx, conversationID) 165 | if err != nil { 166 | h.logger.Error("生成攻击链失败", zap.String("conversationId", conversationID), zap.Error(err)) 167 | c.JSON(http.StatusInternalServerError, gin.H{"error": "生成攻击链失败: " + err.Error()}) 168 | return 169 | } 170 | 171 | c.JSON(http.StatusOK, chain) 172 | } 173 | 174 | --------------------------------------------------------------------------------