-
Notifications
You must be signed in to change notification settings - Fork 137
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from wikiZ/main
feat(): init
- Loading branch information
Showing
38 changed files
with
2,175 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| # Changelog | ||
| All notable changes to this project will be documented in this file. | ||
|
|
||
| The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), | ||
| and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). | ||
|
|
||
|
|
||
| ## [v1.1] - 2021-7-13 | ||
| ### Added | ||
| - Initialize project |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| include MANIFEST.in | ||
| include README.md | ||
| include CHANGELOG | ||
| recursive-include kunyu * | ||
| recursive-exclude kunyu __pycache__ | ||
| recursive-exclude kunyu *.py[co] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,210 @@ | ||
| # Kunyu | ||
| <h1 align="center">Kunyu(坤舆) - More efficient corporate asset collection</h1> | ||
|
|
||
| [](https://github.com/knownsec/Kunyu) [](https://github.com/knownsec/Kunyu/issues) [](https://github.com/knownsec/Kunyu/releases) [](https://github.com/wikiZ) [](https://github.com/wikiZ) | ||
|
|
||
| -------------- | ||
| English | [中文文档](./doc/README_CN.md) | ||
|
|
||
| # 0x00 Introduce | ||
|
|
||
| ## Tool introduction | ||
|
|
||
| Kunyu (kunyu), whose name is taken from <Knuyu Wanguo Quantu>, is actually a professional subject related to geographic information, which counts the geographic information of the sea, land, and sky. The same applies to cyberspace. The same is true for discovering unknown and fragile assets. It is more like a cyberspace map, which is used to comprehensively describe and display cyberspace assets, various elements of cyberspace and the relationship between elements, as well as cyberspace and real space. The mapping relationship. So I think "Kun Yu" still fits this concept. | ||
|
|
||
| Kunyu aims to make corporate asset collection more efficient and enable more security-related practitioners to understand and use cyberspace surveying and mapping technology. | ||
|
|
||
| ## Application scenario | ||
|
|
||
| For the use of kunyu, there can be many application scenarios, such as: | ||
|
|
||
| * Forgotten and isolated assets in the enterprise are identified and added to security management. | ||
| * Perform quick investigation and statistics on externally exposed assets of the enterprise. | ||
| * Red and blue are used against related requirements, and batch inspections of captured IPs are performed. | ||
| * Collect vulnerable assets in batches (0day/1day) for equipment and terminals within the impact. | ||
| * Information on sites involved in new-type cybercrime cases is quickly collected and merged for more efficient research, judgment, and analysis. | ||
| * Statistic and reproduce the fragile assets on the Internet that are affected by related vulnerabilities. | ||
| * ....... | ||
|
|
||
| # 0x01 Install | ||
|
|
||
| **Need Python3 or higher support** | ||
|
|
||
| ``` | ||
| git clone https://github.com/knownsec/Kunyu.git | ||
| tar -xvf Kunyu.tar | ||
| cd Kunyu | ||
| pip3 install -r requirements.txt | ||
| Linux: | ||
| python3 setup.py install | ||
| kunyu console | ||
| Windows: | ||
| cd kunyu | ||
| python3 console.py | ||
| ``` | ||
|
|
||
| # 0x02 Configuration instructions | ||
| When you run the program for the first time, you can initialize by entering the following command. Other login methods are provided. However, it is recommended to use the API method. Because the user name/password login requires an additional request, the API method is theoretically more efficient. | ||
| ``` | ||
| kunyu init --apikey <your zoomeye key> --seebug <your seebug key> | ||
| ``` | ||
|  | ||
|
|
||
| # 0x03 Tool instructions | ||
|
|
||
| ## Detailed command | ||
|
|
||
| ``` | ||
| kunyu console | ||
| ``` | ||
|  | ||
|
|
||
| **ZoomEye** | ||
|
|
||
| ``` | ||
| Global commands: | ||
| info Print User info | ||
| SearchHost <query> Basic Host search | ||
| SearchWeb <query> Basic Web search | ||
| SearchIcon <File>/<URL> Icon Image search | ||
| SearchBatch <File> Batch search Host | ||
| SearchCert <Domain> SSL certificate Search | ||
| SearchDomain <Domain> Domain name associated/subdomain search | ||
| Seebug <Query> Search Seebug vulnerability information | ||
| set <Option> Set arguments values | ||
| ExportPath Returns the path of the output file | ||
| clear Clear the console screen | ||
| show Show can set options | ||
| help Print Help info | ||
| exit Exit KunYu & | ||
| ``` | ||
|
|
||
| **OPTIONS** | ||
|
|
||
| ``` | ||
| ZoomEye: | ||
| page <Number> The number of pages returned by the query | ||
| dtype <0/1> Query associated domain name/subdomain name | ||
| btype <host/web> Set the API interface for batch query | ||
| ``` | ||
|
|
||
| ## Use case introduction | ||
|
|
||
| *Here we use the ZoomEye module for demonstration* | ||
|
|
||
| **User information query** | ||
|
|
||
|  | ||
|
|
||
| **HOST host search** | ||
|
|
||
|  | ||
|
|
||
| **Web host search** | ||
|
|
||
|  | ||
|
|
||
| **Batch IP search** | ||
|
|
||
|  | ||
|
|
||
| **Icon Search** | ||
|
|
||
| When collecting corporate assets, we can use this method to retrieve the same ico icon assets, which usually has a good effect when associating related corporate assets. But it should be noted that if some sites also use this ico icon, irrelevant assets may be associated (but people who are bored with other people's ico icons are always in the minority). Support url or local file search. | ||
|
|
||
|  | ||
|
|
||
| **SSL certificate search** | ||
|
|
||
| Query through the serial number of the SSL certificate, so that the associated assets are more accurate, and services that use the same certificate can be searched. When you encounter an https site, you can use this method. | ||
|
|
||
|  | ||
|
|
||
| **Associated Domain/Subdomain Search** | ||
|
|
||
| Search for associated domain names and subdomains, and query associated domain names by default. Two modes can be set by setting the dtype parameter. | ||
|
|
||
|  | ||
|
|
||
| **Seebug vulnerability query** | ||
|
|
||
| You can query historical related vulnerabilities by entering information about the framework and equipment you want to find, but you need to note that only English is supported, and improvements and upgrades will be made later. | ||
|
|
||
|  | ||
|
|
||
| **Setting parameters** | ||
|
|
||
| When set page = 2, the returned results are 40. You can modify the page parameter to set the number of pages to be queried. Note that 1 page = 20/items. You can modify the value according to your needs to get more returned results. | ||
|
|
||
| The configurable parameters and the current values of the parameters are displayed through show. | ||
|
|
||
|  | ||
|
|
||
|  | ||
|
|
||
| **Data result** | ||
|
|
||
| All search results are saved in the user's root directory, and the directory is created based on the current timestamp. All query results of a single start are stored in an Excel format under one directory, giving a more intuitive experience. The output path can be returned through the ExportPath command. | ||
|
|
||
|  | ||
|
|
||
|
|
||
| # 0x04 Loading | ||
|
|
||
| In fact, there are still many ideas, but as an Alpha version, this is the case, and it will continue to be improved in the later period. I hope that Kunyu can be known to more security practitioners. Thank you for your support. | ||
|
|
||
| The tool framework has reference to Kunlun Mirror and Pocsuite3, which are all very good works. | ||
|
|
||
| Thanks to all the friends of KnownSec 404 Team. | ||
|
|
||
| > “ 看得清 ” 是能力的体现,是 “ 器 ” ,而 “ 看得见 ” 就是思想的体现,那最后关联的是 “ 道 ”。 | ||
| > | ||
| > --SuperHei | ||
| # 0x05 Issue | ||
|
|
||
| **1、Multi-factor search** | ||
|
|
||
| ZoomEye search can use multi-factor search, dork:cisco +port:80 (note the space) can search all data that meet the conditions of cisco and port:80, if there is no space in between, it is the same search condition, it is that cisco is satisfied and the port is All data for 80. Kunyu's dork does not require quotation marks. | ||
|
|
||
| **2、High-precision geographical location** | ||
|
|
||
| ZoomEye gives privileged users high-precision geographic location data, but it should be noted that ordinary users do not have this function, so I hope you know. | ||
|
|
||
| **3、Username/password login** | ||
|
|
||
| If you use username/password as the initialization condition, the token will be valid for 12 hours. If you find that your search cannot return data, you may wish to info. If the session times out, the initialization command prompt will be returned. In most cases, we recommend that you use the API KEY method, there is no invalidation problem. This design is also for the security of your account and password. After all, the API KEY can be reset and the token will become invalid. However, with the account and password, it is possible to log in to your ZoomEye account. | ||
|
|
||
| **4、Cert certificate search** | ||
|
|
||
| It should be noted that, according to the normal logic, you need to encode the serial number of the target SSL certificate in hexadecimal to match the sentence search, but Kunyu only needs to provide the Domain address to search. The principle is to make a request to the target station to obtain the serial number and process it, but if your host cannot access the target that needs to be searched, it cannot be retrieved. At this time, you can also search with the sentence in the usual way. | ||
|
|
||
| **5、Favicon icon search** | ||
|
|
||
| ico icon search not only supports URL retrieval, but also supports local ico icon file search, which has better scalability and compatibility. | ||
|
|
||
| **6、Query data save path** | ||
|
|
||
| By default, your query data is in the Kunyu folder under the user directory. You can also use the ExportPath command to query the path in the console mode. | ||
|
|
||
| **7、Autocomplete** | ||
|
|
||
| Kunyu's auto-completion supports upper and lower case, command logging, etc., use Tab to complete, please refer to Metasploit for usage. | ||
|
|
||
| # 0x06 Contributions | ||
|
|
||
| [风起@knownsec 404](https://github.com/wikiZ) | ||
|
|
||
| [wh0am1i@knownsec 404](https://github.com/wh0am1i) | ||
| [fenix@knownsec 404](https://github.com/13ph03nix) | ||
| [0x7F@knownsec 404](https://github.com/0x7Fancy) | ||
|
|
||
|
|
||
| # 0x07 Community | ||
|
|
||
| If you have any questions, you can submit an issue under the project, or contact us through the following methods. | ||
|
|
||
| Scan the QR code to add the ZoomEye staff member WeChat, and remark Kunyu, which will draw everyone to the ZoomEye cyberspace surveying and mapping exchange group | ||
|
|
||
|  |
Oops, something went wrong.