├── .env ├── .gitattributes ├── .travis.yml ├── .travis ├── elasticsearch-setup-passwords.exp ├── lib │ └── testing.sh ├── run-tests-apm-server.sh ├── run-tests-app-search.sh └── run-tests-core.sh ├── README.md ├── docker-compose.yml ├── elasticsearch ├── Dockerfile └── config │ └── elasticsearch.yml ├── export.ndjson ├── install.sh ├── kibana ├── Dockerfile └── config │ └── kibana.yml ├── nmap_es.py ├── 主机端口.png └── 服务版本.png /.env: -------------------------------------------------------------------------------- 1 | ELK_VERSION=7.6.0 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Declare files that will always have LF line endings on checkout. 2 | *.sh text eol=lf -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: minimal 2 | services: docker 3 | 4 | env: 5 | - DOCKER_COMPOSE_VERSION=1.20.1 6 | 7 | before_install: 8 | - sudo apt-get update 9 | - sudo apt-get install -y expect jq 10 | 11 | install: 12 | # Install Docker Compose 13 | - curl -L "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o "$HOME/bin/docker-compose" 14 | - chmod +x "$HOME/bin/docker-compose" 15 | - docker-compose --version 16 | 17 | before_script: 18 | # Build images 19 | - docker-compose build 20 | 21 | # Use built-in users with passwords set by 'elasticsearch-setup-passwords.exp' 22 | - sed -i -e 's/\(elasticsearch.username:\) elastic/\1 kibana/g' -e 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' kibana/config/kibana.yml 23 | - sed -i -e 's/\(xpack.monitoring.elasticsearch.username:\) elastic/\1 logstash_system/g' -e 's/\(xpack.monitoring.elasticsearch.password:\) changeme/\1 testpasswd/g' logstash/config/logstash.yml 24 | - sed -i 's/\(password =>\) "changeme"/\1 "testpasswd"/g' logstash/pipeline/logstash.conf 25 | - sed -i 's/\(elasticsearch.password:\) changeme/\1 testpasswd/g' extensions/app-search/config/app-search.yml 26 | - sed -i 's/\(password:\) changeme/\1 testpasswd/g' extensions/apm-server/config/apm-server.yml 27 | 28 | script: 29 | # Core Elastic Stack 30 | - docker-compose up -d elasticsearch 31 | - sleep 30 32 | - .travis/elasticsearch-setup-passwords.exp 33 | - docker-compose up -d 34 | - .travis/run-tests-core.sh 35 | - docker-compose ps 36 | - docker-compose logs elasticsearch 37 | - docker-compose logs kibana 38 | - docker-compose logs logstash 39 | - docker-compose stop logstash kibana 40 | 41 | # Extensions 42 | # App Search 43 | - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml up -d app-search 44 | - .travis/run-tests-app-search.sh 45 | - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml ps 46 | - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml logs app-search 47 | - docker-compose -f docker-compose.yml -f extensions/app-search/app-search-compose.yml stop app-search 48 | # APM Server 49 | - docker-compose -f docker-compose.yml -f extensions/apm-server/apm-server-compose.yml up -d apm-server 50 | - .travis/run-tests-apm-server.sh 51 | - docker-compose -f docker-compose.yml -f extensions/apm-server/apm-server-compose.yml ps 52 | - docker-compose -f docker-compose.yml -f extensions/apm-server/apm-server-compose.yml logs apm-server 53 | - docker-compose -f docker-compose.yml -f extensions/apm-server/apm-server-compose.yml stop apm-server 54 | 55 | # Tear down 56 | - >- 57 | docker-compose 58 | -f docker-compose.yml 59 | -f extensions/app-search/app-search-compose.yml 60 | -f extensions/apm-server/apm-server-compose.yml 61 | down -v 62 | 63 | # Swarm 64 | - docker swarm init 65 | - docker stack deploy -c ./docker-stack.yml elk 66 | - docker service scale elk_kibana=0 --detach=false 67 | - docker service scale elk_logstash=0 --detach=false 68 | - sleep 40 69 | - .travis/elasticsearch-setup-passwords.exp swarm 70 | - docker service scale elk_kibana=1 --detach=false 71 | - docker service scale elk_logstash=1 --detach=false 72 | - .travis/run-tests-core.sh swarm 73 | - docker stack services elk 74 | - docker service logs elk_elasticsearch 75 | - docker service logs elk_kibana 76 | - docker service logs elk_logstash 77 | - docker stack rm elk 78 | -------------------------------------------------------------------------------- /.travis/elasticsearch-setup-passwords.exp: -------------------------------------------------------------------------------- 1 | #!/usr/bin/expect -f 2 | 3 | # List of expected users with dummy password 4 | set user "(elastic|apm_system|kibana|logstash_system|beats_system|remote_monitoring_user)" 5 | set password "testpasswd" 6 | 7 | # Find elasticsearch container id 8 | set MODE [lindex $argv 0] 9 | if { [string match "swarm" $MODE] } { 10 | set cid [exec docker ps -q -f label=com.docker.swarm.service.name=elk_elasticsearch] 11 | } else { 12 | set cid [exec docker ps -q -f label=com.docker.compose.service=elasticsearch] 13 | } 14 | 15 | set cmd "docker exec -it $cid bin/elasticsearch-setup-passwords interactive -s -b" 16 | 17 | spawn {*}$cmd 18 | 19 | expect { 20 | -re "(E|Ree)nter password for \\\[$user\\\]: " { 21 | send "$password\r" 22 | exp_continue 23 | } 24 | eof 25 | } 26 | 27 | lassign [wait] pid spawnid os_error_flag value 28 | exit $value 29 | -------------------------------------------------------------------------------- /.travis/lib/testing.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function log { 4 | echo -e "\n[+] $1\n" 5 | } 6 | 7 | function poll_ready { 8 | local svc=$1 9 | local url=$2 10 | 11 | local -a args=( '-s' '-D-' '-w' '%{http_code}' "$url" ) 12 | if [ "$#" -ge 3 ]; then 13 | args+=( '-u' "$3" ) 14 | fi 15 | if [ "$#" -ge 4 ]; then 16 | args+=( '-o' '/dev/null' ) 17 | fi 18 | 19 | local label 20 | if [ "$MODE" == "swarm" ]; then 21 | label="com.docker.swarm.service.name=elk_${svc}" 22 | else 23 | label="com.docker.compose.service=${svc}" 24 | fi 25 | 26 | local -i result=1 27 | local cid 28 | local output 29 | 30 | # retry for max 120s (24*5s) 31 | for _ in $(seq 1 24); do 32 | cid="$(docker ps -q -f label="$label")" 33 | if [ -z "${cid:-}" ]; then 34 | echo "Container exited" 35 | return 1 36 | fi 37 | 38 | set +e 39 | output="$(curl "${args[@]}")" 40 | set -e 41 | if [ "${output: -3}" -eq 200 ]; then 42 | result=0 43 | break 44 | fi 45 | 46 | echo -n '.' 47 | sleep 5 48 | done 49 | 50 | echo -e "\n${output::-3}" 51 | 52 | return $result 53 | } 54 | -------------------------------------------------------------------------------- /.travis/run-tests-apm-server.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eu 4 | set -o pipefail 5 | 6 | 7 | source "$(dirname ${BASH_SOURCE[0]})/lib/testing.sh" 8 | 9 | 10 | declare MODE="" 11 | 12 | log 'Waiting for readiness of APM Server' 13 | poll_ready apm-server 'http://localhost:8200/' 14 | -------------------------------------------------------------------------------- /.travis/run-tests-app-search.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eu 4 | set -o pipefail 5 | 6 | 7 | source "$(dirname ${BASH_SOURCE[0]})/lib/testing.sh" 8 | 9 | 10 | declare MODE="" 11 | 12 | log 'Waiting for readiness of Elasticsearch' 13 | poll_ready elasticsearch 'http://localhost:9200/' 'elastic:testpasswd' 14 | 15 | log 'Waiting for readiness of App Search' 16 | poll_ready app-search 'http://localhost:3002/login' ':' quiet 17 | 18 | log 'Retrieving private key from Elasticsearch' 19 | response="$(curl 'http://localhost:9200/.app-search-actastic-loco_moco_api_tokens/_search?q=name:private-key' -s -u elastic:testpasswd)" 20 | hits="$(jq -rn --argjson data "${response}" '$data.hits.hits')" 21 | echo "$hits" 22 | count="$(jq -rn --argjson data "${response}" '$data.hits.total.value')" 23 | if [[ $count -ne 1 ]]; then 24 | echo "Private key not found. Expected 1 result, got ${count}" 25 | exit 1 26 | fi 27 | key="$(jq -rn --argjson data "${hits}" '$data[0]._source.authentication_token')" 28 | 29 | log 'Creating App Search engine' 30 | response="$(curl 'http://localhost:3002/api/as/v1/engines' -s -d '{"name": "dockerelk"}' -H "Authorization: Bearer ${key}")" 31 | echo "$response" 32 | name="$(jq -rn --argjson data "${response}" '$data.name')" 33 | if [[ $name != 'dockerelk' ]]; then 34 | echo 'Failed to create engine' 35 | exit 1 36 | fi 37 | -------------------------------------------------------------------------------- /.travis/run-tests-core.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eu 4 | set -o pipefail 5 | 6 | 7 | source "$(dirname ${BASH_SOURCE[0]})/lib/testing.sh" 8 | 9 | 10 | declare MODE="" 11 | if [ "$#" -ge 1 ]; then 12 | MODE=$1 13 | fi 14 | 15 | log 'Waiting for readiness of Elasticsearch' 16 | poll_ready elasticsearch 'http://localhost:9200/' 'elastic:testpasswd' 17 | 18 | log 'Waiting for readiness of Kibana' 19 | poll_ready kibana 'http://localhost:5601/api/status' 'kibana:testpasswd' 20 | 21 | log 'Waiting for readiness of Logstash' 22 | poll_ready logstash 'http://localhost:9600/_node/pipelines/main?pretty' 23 | 24 | log 'Creating Logstash index pattern in Kibana' 25 | source .env 26 | curl -X POST -D- 'http://localhost:5601/api/saved_objects/index-pattern' \ 27 | -s -w '\n' \ 28 | -H 'Content-Type: application/json' \ 29 | -H "kbn-version: ${ELK_VERSION}" \ 30 | -u elastic:testpasswd \ 31 | -d '{"attributes":{"title":"logstash-*","timeFieldName":"@timestamp"}}' 32 | 33 | log 'Searching index pattern via Kibana API' 34 | response="$(curl 'http://localhost:5601/api/saved_objects/_find?type=index-pattern' -s -u elastic:testpasswd)" 35 | echo "$response" 36 | count="$(jq -rn --argjson data "${response}" '$data.total')" 37 | if [[ $count -ne 1 ]]; then 38 | echo "Expected 1 index pattern, got ${count}" 39 | exit 1 40 | fi 41 | 42 | log 'Sending message to Logstash TCP input' 43 | echo 'dockerelk' | nc -q0 localhost 5000 44 | 45 | sleep 1 46 | curl -X POST 'http://localhost:9200/_refresh' -u elastic:testpasswd \ 47 | -s -w '\n' 48 | 49 | log 'Searching message in Elasticsearch' 50 | response="$(curl 'http://localhost:9200/_count?q=message:dockerelk&pretty' -s -u elastic:testpasswd)" 51 | echo "$response" 52 | count="$(jq -rn --argjson data "${response}" '$data.count')" 53 | if [[ $count -ne 1 ]]; then 54 | echo "Expected 1 document, got ${count}" 55 | exit 1 56 | fi 57 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Asset 2 | 3 | #### 1、简介 4 | 5 | ​ NMAP扫描主机资产信息,并把扫描信息导入到elasticsearch中,通过kibana前端进行展示. 6 | 7 | ​ 目前仅支持Centos7环境中部署 8 | 9 | ![主机端口1](https://github.com/netsecli/asset/blob/master/%E4%B8%BB%E6%9C%BA%E7%AB%AF%E5%8F%A3.png) 10 | ![服务版本1](https://github.com/netsecli/asset/blob/master/%E6%9C%8D%E5%8A%A1%E7%89%88%E6%9C%AC.png) 11 | #### 2、安装方法: 12 | 13 | ```bash 14 | git clone https://github.com/netsecli/asset.git 15 | cd asset 16 | bash install.sh 17 | ``` 18 | 19 | #### 3、访问 20 | 21 | ​ 打开`http://{IP}:5601`访问,导入`export.ndjson`即可查看 22 | 23 | 24 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.2' 2 | 3 | services: 4 | elasticsearch: 5 | build: 6 | context: elasticsearch/ 7 | args: 8 | ELK_VERSION: $ELK_VERSION 9 | volumes: 10 | - type: bind 11 | source: ./elasticsearch/config/elasticsearch.yml 12 | target: /usr/share/elasticsearch/config/elasticsearch.yml 13 | read_only: true 14 | - type: volume 15 | source: elasticsearch 16 | target: /usr/share/elasticsearch/data 17 | ulimits: 18 | memlock: 19 | soft: -1 20 | hard: -1 21 | ports: 22 | - "9200:9200" 23 | - "9300:9300" 24 | environment: 25 | ES_JAVA_OPTS: "-Xmx2g -Xms2g" 26 | ELASTIC_PASSWORD: f3b121f74e96 27 | # Use single node discovery in order to disable production mode and avoid bootstrap checks 28 | # see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html 29 | discovery.type: single-node 30 | networks: 31 | - elk 32 | 33 | kibana: 34 | build: 35 | context: kibana/ 36 | args: 37 | ELK_VERSION: $ELK_VERSION 38 | volumes: 39 | - type: bind 40 | source: ./kibana/config/kibana.yml 41 | target: /usr/share/kibana/config/kibana.yml 42 | read_only: true 43 | ports: 44 | - "5601:5601" 45 | networks: 46 | - elk 47 | depends_on: 48 | - elasticsearch 49 | 50 | networks: 51 | elk: 52 | driver: bridge 53 | 54 | volumes: 55 | elasticsearch: 56 | driver: local 57 | -------------------------------------------------------------------------------- /elasticsearch/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | # https://www.docker.elastic.co/ 4 | FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION} 5 | 6 | # Add your elasticsearch plugins setup here 7 | # Example: RUN elasticsearch-plugin install analysis-icu 8 | -------------------------------------------------------------------------------- /elasticsearch/config/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## Default Elasticsearch configuration from Elasticsearch base image. 3 | ## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml 4 | # 5 | cluster.name: "docker-cluster" 6 | network.host: 0.0.0.0 7 | 8 | ## X-Pack settings 9 | ## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html 10 | # 11 | xpack.license.self_generated.type: basic 12 | xpack.security.enabled: true 13 | xpack.monitoring.collection.enabled: true 14 | -------------------------------------------------------------------------------- /export.ndjson: -------------------------------------------------------------------------------- 1 | {"attributes":{"fields":"[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"hostname\",\"subType\":\"multi\"},{\"name\":\"ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"ip\",\"subType\":\"multi\"},{\"name\":\"port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"port\",\"subType\":\"multi\"},{\"name\":\"product_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"product_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"product_name\",\"subType\":\"multi\"},{\"name\":\"product_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"product_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"product_version\",\"subType\":\"multi\"},{\"name\":\"protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"protocol\",\"subType\":\"multi\"},{\"name\":\"scanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"scanner\",\"subType\":\"multi\"},{\"name\":\"service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"service\",\"subType\":\"multi\"},{\"name\":\"state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"parent\":\"state\",\"subType\":\"multi\"},{\"name\":\"time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","title":"nmap-*"},"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","migrationVersion":{"index-pattern":"6.5.0"},"references":[],"type":"index-pattern","updated_at":"2019-07-01T11:25:43.999Z","version":"WzM4LDFd"} 2 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"端口排名(Top 25)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"端口排名(Top 25)\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"port.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"03f12650-8688-11e8-aab9-2fc22f0c5406","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:10.655Z","version":"WzIwLDFd"} 3 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"端口分布 (Top 50)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"端口分布 (Top 50)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"百分比\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"port.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"端口\"}}]}"},"id":"7564b000-8687-11e8-aab9-2fc22f0c5406","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:11.541Z","version":"WzMyLDFd"} 4 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"服务排名(Top 25)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"服务排名(Top 25)\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"9ab72c10-8688-11e8-aab9-2fc22f0c5406","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:10.657Z","version":"WzIxLDFd"} 5 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"服务云(Top 50)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"服务云(Top 50)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"65811f90-868a-11e8-aab9-2fc22f0c5406","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:10.643Z","version":"WzE4LDFd"} 6 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"全部端口统计","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"全部端口统计\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"数量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"port.keyword\",\"size\":65535,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"端口(降序)\"}}]}"},"id":"d47a8c10-868a-11e8-aab9-2fc22f0c5406","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:11.524Z","version":"WzI5LDFd"} 7 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"开放端口(合计)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"开放端口(合计)\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":false},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}}]}"},"id":"45db5ba0-868b-11e8-aab9-2fc22f0c5406","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:10.636Z","version":"WzE3LDFd"} 8 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"在线主机(合计)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"在线主机(合计)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"ip.keyword\"}}]}"},"id":"95ccc040-868b-11e8-aab9-2fc22f0c5406","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:10.625Z","version":"WzE2LDFd"} 9 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"软件云(Top 50)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"软件云(Top 50)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"product_name.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"aecc5310-9a1f-11e8-94dd-f1f10a2241a0","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:11.523Z","version":"WzM2LDFd"} 10 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"全部软件统计","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"全部软件统计\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"数量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"product_name.keyword\",\"size\":65535,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"软件名(降序)\"}}]}"},"id":"1422ff00-9a27-11e8-94dd-f1f10a2241a0","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:11.521Z","version":"WzMwLDFd"} 11 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"软件版本分布","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"软件版本分布\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":20,\"rotate\":90},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"product_name.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"product_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"7dc13c80-9a2a-11e8-94dd-f1f10a2241a0","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:10.648Z","version":"WzE5LDFd"} 12 | {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"全部IP统计","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"全部IP统计\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"数量\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ip.keyword\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"其它\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP地址(降序)\"}}]}"},"id":"7528ef60-239f-11e9-915e-f74d36cd8ecd","migrationVersion":{"visualization":"7.2.0"},"references":[{"id":"f69a9eb0-9bf2-11e9-aca7-1f9ff99dc354","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2019-07-01T11:26:11.536Z","version":"WzMxLDFd"} 13 | {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"},"optionsJSON":"{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":58,\"w\":18,\"h\":18,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"spy\":null},\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":23,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":58,\"w\":16,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":9,\"w\":23,\"h\":14,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":23,\"w\":13,\"h\":17,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":11,\"y\":0,\"w\":12,\"h\":9,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":18,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":16,\"y\":58,\"w\":14,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":13,\"y\":23,\"w\":22,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"6.3.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"gridData\":{\"x\":35,\"y\":23,\"w\":13,\"h\":17,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"6.5.1\",\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"资产统计列表","version":1},"id":"b317d5e0-868b-11e8-aab9-2fc22f0c5406","migrationVersion":{"dashboard":"7.0.0"},"references":[{"id":"03f12650-8688-11e8-aab9-2fc22f0c5406","name":"panel_0","type":"visualization"},{"id":"7564b000-8687-11e8-aab9-2fc22f0c5406","name":"panel_1","type":"visualization"},{"id":"9ab72c10-8688-11e8-aab9-2fc22f0c5406","name":"panel_2","type":"visualization"},{"id":"65811f90-868a-11e8-aab9-2fc22f0c5406","name":"panel_3","type":"visualization"},{"id":"d47a8c10-868a-11e8-aab9-2fc22f0c5406","name":"panel_4","type":"visualization"},{"id":"45db5ba0-868b-11e8-aab9-2fc22f0c5406","name":"panel_5","type":"visualization"},{"id":"95ccc040-868b-11e8-aab9-2fc22f0c5406","name":"panel_6","type":"visualization"},{"id":"aecc5310-9a1f-11e8-94dd-f1f10a2241a0","name":"panel_7","type":"visualization"},{"id":"1422ff00-9a27-11e8-94dd-f1f10a2241a0","name":"panel_8","type":"visualization"},{"id":"7dc13c80-9a2a-11e8-94dd-f1f10a2241a0","name":"panel_9","type":"visualization"},{"id":"7528ef60-239f-11e9-915e-f74d36cd8ecd","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2019-07-01T11:26:06.198Z","version":"WzMzLDFd"} -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | Date=$(date +%F) 4 | Dire=/opt/nmap-xml/ 5 | Pip2_Install=$(rpm -qa python2-pip | wc -l) 6 | Nmap_Install=$(rpm -qa nmap | wc -l) 7 | Docker_Install=$(rpm -qa | grep docker-ce | wc -l) 8 | Selinux_Status=$(getenforce) 9 | Firewall_Status=$(systemctl status firewalld | grep Active | awk '{print $2}') 10 | Iptable_Status=$(rpm -qa iptables | wc -l) 11 | 12 | # 导入elastic登录密码 13 | function Elastic-Password 14 | { 15 | elastic_user='elastic' 16 | elastic_pass=$(openssl rand -hex 6) 17 | sed -i "s/ELASTIC_PASSWORD: .*/ELASTIC_PASSWORD: ${elastic_pass}/" docker-compose.yml 18 | sed -i "s/elasticsearch.password: .*/elasticsearch.password: ${elastic_pass}/" kibana/config/kibana.yml 19 | num=$(test -d ${Dire} && echo 1 || echo 0 ) 20 | if [ ! $num -eq 1 ];then 21 | mkdir -p ${Dire} 22 | fi 23 | echo "密码设置完成!" 24 | } 25 | 26 | # 基础安装,判断软件是否安装 27 | function Base_install 28 | { 29 | echo "基础环境安装,请稍等....." 30 | if [ !$Selinux_Status = 'Disabled' ];then 31 | sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config 32 | fi 33 | 34 | if [ !$Firewall_Status = 'inactive' ];then 35 | systemctl stop firewalld && systemctl disable firewalld 36 | fi 37 | 38 | if [ $Iptable_Status -eq 0 ];then 39 | yum -y install iptables-services git &> /dev/null 40 | systemctl enable iptables &> /dev/null 41 | systemctl start iptables &> /dev/null 42 | iptables -F &> /dev/null 43 | service iptables save &> /dev/null 44 | fi 45 | echo "vm.max_map_count=262144" >> /etc/sysctl.conf 46 | 47 | if [ $Nmap_Install -eq 0 ];then 48 | rpm -vhU https://nmap.org/dist/nmap-7.80-1.x86_64.rpm &> /dev/null 49 | fi 50 | 51 | if [ $Pip2_Install -eq 0 ];then 52 | yum -y install epel-release docker-compose &> /dev/null 53 | yum -y install python-devel python2-pip &> /dev/null 54 | mkdir -p ~/.pip/ 55 | echo "[global]" > ~/.pip/pip.conf 56 | echo "index-url = https://mirrors.aliyun.com/pypi/simple/" >> ~/.pip/pip.conf 57 | echo "[install]" >> ~/.pip/pip.conf 58 | echo "trusted-host = https://mirrors.aliyun.com" >> ~/.pip/pip.conf 59 | /usr/bin/pip install elasticsearch &> /dev/null 60 | fi 61 | 62 | if [ $Docker_Install -eq 0 ];then 63 | 64 | yum -y install yum-utils git &> /dev/null 65 | yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo &>/dev/null 66 | yum -y install docker-ce &> /dev/null 67 | systemctl start docker &> /dev/null 68 | systemctl enable docker &> /dev/null 69 | 70 | fi 71 | Docker_Status=$(systemctl status docker | grep Active | awk '{print $2}') 72 | if [ $Docker_Status = 'inactive' ];then 73 | systemctl start docker &> /dev/null 74 | systemctl enable docker &> /dev/null 75 | fi 76 | echo "基础环境配置完毕!" 77 | } 78 | 79 | # 启动扫描任务 80 | function Nmap_Scan 81 | { 82 | /usr/bin/docker-compose up -d &> /dev/null 83 | echo "开始扫描,请稍等......" 84 | sleep 60 85 | /usr/bin/nmap -sV -p1-65535 -oX /opt/nmap-xml/nmap-${Date}.xml $ipaddr &> /dev/null 86 | if [ $? -eq 0 ];then 87 | /usr/bin/python2.7 nmap_es.py -i /opt/nmap-xml/nmap-${Date}.xml -e 127.0.0.1 -r nmap -I nmap-${Date} -u ${elastic_user} -P ${elastic_pass} 88 | fi 89 | } 90 | 91 | read -p "请输入需要扫描的IP地址或网段: " ipaddr 92 | Base_install 93 | Elastic-Password 94 | Nmap_Scan 95 | echo "------------------------" 96 | echo "部署完成!" 97 | echo "访问地址:http://0.0.0.0:5601" 98 | echo "用户名:${elastic_user} ,密码:${elastic_pass}" 99 | echo "------------------------" 100 | -------------------------------------------------------------------------------- /kibana/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG ELK_VERSION 2 | 3 | # https://www.docker.elastic.co/ 4 | FROM docker.elastic.co/kibana/kibana:${ELK_VERSION} 5 | 6 | # Add your kibana plugins setup here 7 | # Example: RUN kibana-plugin install 8 | -------------------------------------------------------------------------------- /kibana/config/kibana.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## Default Kibana configuration from Kibana base image. 3 | ## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.js 4 | # 5 | server.name: kibana 6 | server.host: "0" 7 | elasticsearch.hosts: [ "http://elasticsearch:9200" ] 8 | xpack.monitoring.ui.container.elasticsearch.enabled: true 9 | i18n.locale: "zh-CN" 10 | ## X-Pack security credentials 11 | # 12 | elasticsearch.username: elastic 13 | elasticsearch.password: f3b121f74e96 14 | -------------------------------------------------------------------------------- /nmap_es.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: UTF-8 -*- 3 | from elasticsearch import Elasticsearch 4 | import sys 5 | import re 6 | import json 7 | import time 8 | import getopt 9 | import xml.etree.ElementTree as xml 10 | 11 | 12 | class NmapES: 13 | 14 | def __init__(self, input_file,es_ip,es_port,index_name,es_user,es_pass): 15 | self.input_file = input_file 16 | self.tree = self.__importXML() 17 | self.root = self.tree.getroot() 18 | self.es = Elasticsearch([{'host':es_ip,'port':es_port}],http_auth=(es_user,es_pass)) 19 | self.index_name = index_name 20 | 21 | def displayInputFileName(self): 22 | print self.input_file 23 | 24 | def __importXML(self): 25 | return xml.parse(self.input_file) 26 | 27 | def toES(self): 28 | 29 | for h in self.root.iter('host'): 30 | 31 | dict_item = {} 32 | dict_item['scanner'] = 'nmap' 33 | if h.tag == 'host': 34 | if 'endtime' in h.attrib and h.attrib['endtime']: 35 | dict_item['time'] = time.strftime('%Y/%m/%d %H:%M:%S', time.gmtime(float(h.attrib['endtime']))) 36 | 37 | for c in h: 38 | if c.tag == 'address' and c.attrib['addrtype'] == 'ipv4': 39 | if c.attrib['addr']: 40 | dict_item['ip'] = c.attrib['addr'] 41 | 42 | elif c.tag == 'hostnames': 43 | for names in c.getchildren(): 44 | if names.attrib['name']: 45 | dict_item['hostname'] = names.attrib['name'] 46 | 47 | elif c.tag == 'ports': 48 | for port in c.getchildren(): 49 | dict_item_ports = {} 50 | if port.tag == 'port': 51 | # print(port.tag, port.attrib) 52 | dict_item_ports['port'] = port.attrib['portid'] 53 | dict_item_ports['protocol'] = port.attrib['protocol'] 54 | for p in port.getchildren(): 55 | if p.tag == 'state': 56 | dict_item_ports['state'] = p.attrib['state'] 57 | elif p.tag == 'service': 58 | dict_item_ports['service'] = p.attrib['name'] 59 | if 'product' in p.attrib and p.attrib['product']: 60 | dict_item_ports['product_name'] = p.attrib['product'] 61 | if 'version' in p.attrib and p.attrib['version']: 62 | dict_item_ports['product_version'] = p.attrib['version'] 63 | if 'banner' in p.attrib and p.attrib['banner']: 64 | dict_item_ports['banner'] = p.attrib['banner'] 65 | elif p.tag == 'script': 66 | if p.attrib['id']: 67 | if p.attrib['output']: 68 | # dict_item_ports[p.attrib['id']] = p.attrib['output'] 69 | if 'scripts' in dict_item_ports: 70 | dict_item_ports['scripts'][p.attrib['id']] = p.attrib['output'] 71 | else: 72 | dict_item_ports['scripts'] = dict() 73 | dict_item_ports['scripts'][p.attrib['id']] = p.attrib['output'] 74 | 75 | to_upload = merge_two_dicts(dict_item, dict_item_ports) 76 | if to_upload['state'] == 'open': 77 | self.es.index(index=self.index_name,doc_type="vuln", body=json.dumps(to_upload)) 78 | 79 | 80 | def merge_two_dicts(x, y): 81 | z = x.copy() # start with x's keys and values 82 | z.update(y) # modifies z with y's keys and values & returns None 83 | return z 84 | 85 | 86 | def usage(): 87 | print "Usage: nmap_es.py [-i input_file ] [-e elasticsearch_ip ] [-p elasticsearch_port ] [-I index_name] [-r report_type | --report_type=type] [-s name=value] [-u username=value] [-P password=value] [-h | --help]" 88 | 89 | 90 | def main(): 91 | letters = 'i:I:e:p:r:s:u:P:h' #input_file, index_name es_ip_address, report_type, create_sql, create_xml, help 92 | keywords = ['input-file=', 'index_name=', 'es_ip=','es_port=','report_type=', 'static=', 'es_user=', 'es_pass=', 'help' ] 93 | try: 94 | opts, extraparams = getopt.getopt(sys.argv[1:], letters, keywords) 95 | except getopt.GetoptError, err: 96 | print str(err) 97 | usage() 98 | sys.exit() 99 | 100 | in_file = '' 101 | es_ip = '' 102 | es_port = 9200 103 | report_type = '' 104 | index_name = '' 105 | es_user = '' 106 | es_pass = '' 107 | static_fields = dict() 108 | 109 | for o,p in opts: 110 | if o in ['-i','--input-file=']: 111 | in_file = p 112 | elif o in ['-r', '--report_type=']: 113 | report_type = p 114 | elif o in ['-e', '--es_ip=']: 115 | es_ip=p 116 | elif o in ['-p', '--es_port=']: 117 | es_port=p 118 | elif o in ['-I', '--index_name=']: 119 | index_name=p 120 | elif o in ['-s', '--static']: 121 | name, value = p.split("=", 1) 122 | static_fields[name] = value 123 | elif o in ['-u', '--es_user=']: 124 | es_user=p 125 | elif o in ['-P', '--es_pass=']: 126 | es_pass=p 127 | elif o in ['-h', '--help']: 128 | usage() 129 | sys.exit() 130 | 131 | if (len(sys.argv) < 1): 132 | usage() 133 | sys.exit() 134 | 135 | try: 136 | with open(in_file) as f: pass 137 | except IOError as e: 138 | print "Input file does not exist. Exiting." 139 | sys.exit() 140 | 141 | if report_type.lower() == 'nmap': 142 | 143 | np = NmapES(in_file,es_ip,es_port,index_name,es_user,es_pass) 144 | np.toES() 145 | print "数据导入完毕!" 146 | 147 | else: 148 | print "类型输入错误!类型为:nmap" 149 | sys.exit() 150 | 151 | if __name__ == "__main__": 152 | main() 153 | -------------------------------------------------------------------------------- /主机端口.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/netsecli/asset/a4751204dc81ef210dbe91c2d2159affa41a652a/主机端口.png -------------------------------------------------------------------------------- /服务版本.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/netsecli/asset/a4751204dc81ef210dbe91c2d2159affa41a652a/服务版本.png --------------------------------------------------------------------------------