table of Contents
Project github address: https: //github.com/ATpiu/asset-scan
Brief introduction
asset-scan for the party extranet assets periodic scans to monitor for new assets port service automation unauthorized access / weak passwords burst detection and real-time alerts to facilitate foreign enterprises network attack surface exposed converge
Combined kibana, the user can always search extranet assets exposed ports, services and other information versions; the production of various types of charts, an open port statistics, the new service version scanning time consuming analysis and asset statistics; internal use Dashboard and other reports show
Currently support ssh
, redis
, mysql
, ftp
, mongodb
, postgresql
and mssql
weak passwords blasting seven kinds of services, additional support mongod
, redis
and
memcached
unauthorized access test
Please users to comply with "People's Republic of China Network Security Act", not for unauthorized test.
Features
- Periodic scans to monitor
- Automated unauthorized access / blasting weak passwords
- Scanning white list support, configuration and alarm control hot update
- Search, custom charts, multi-dimensional analysis
Illustration shows
- with Kibana powerful statistical analysis features, you can customize charts and other dial
- new asset servicing brute success notification
Profile Description
nmap:
path: #不指定则使用系统默认的nmap
masscan:
path: #不指定则使用系统默认的masscan
rate: 5000 #masscan扫描速度,不建议设很大
es:
address: 127.0.0.1:9200 #elasticsearch地址
scan:
ipFile: ip.txt #包含扫描的ip范围文件,文件内容格式参照nmap -iL参数所支持的格式
ipexcludeFile: ipExclude.txt #包含需排除的ip范围文件,文件内容格式参照nmap --excludefile参数所支持的格式
port: 1-65535 #扫描端口范围
userDict: user.txt #对服务进行弱口令爆破的用户名字典
passwordDict: password.txt #对服务进行弱口令爆破的密码字典
scan_interval: 30 #扫描间隔,单位:秒
observe:
switch: on #观察者模式开关:(1)开启:on (2)关闭:off
mail: #告警邮箱设置,若观察者模式始终开启,则可忽略邮箱配置
host: xxx.xxx.com
port: 123
username: [email protected]
password: xxx
from: [email protected]
to: ["[email protected]","[email protected]"]
Run Guide
- Linux environment to run, need Nmap, Masscan, Es and Kibana 5.6.x version, see the Installation Guide: Installation Guide
- After the desired components are installed, the release from the downloaded archive, for config.yaml configuration, the IP segment ip.txt fill to be scanned (refer to nmap -iL parameter format supported format), can be entered directly after the
./asset-scan
operation - The initial scan, it is recommended config.yaml the observer mode switch to
on
avoid causing alarm bombing (of opening up new service or brute success will send warning messages) - ipExclude.txt to be excluded from scanning for IP segment, user.txt and password.txt are the user name field and password dictionary
Es Field Description
Currently there are five Es type:
-
result
It contains basic scanning probe each asset data:
-
scanhistory
Start time and end of each scan includes time
-
addhistory
Compared with the most recent scan of the historical range, the new port services
-
uphistory
Compared with the most recent scan of the historical range, the same assets (with the same IP, port and protocol) service updates
-
bruteforce
Services include asset unauthorized access / brute record