更新: 359 个文件 - 2026-03-16 23:30:01

04-server-security/infrastructure/tools/site-scope-mapper.py

@@ -30,13 +30,22 @@ import socket
 import ssl
 import warnings
 from dataclasses import asdict, dataclass, field
+from pathlib import Path
 from typing import Dict, List, Optional, Set
+import sys
 
 warnings.filterwarnings("ignore", message="urllib3 v2 only supports OpenSSL")
 
 import requests
 
 
+SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
+if str(SCRIPTS_DIR) not in sys.path:
+    sys.path.insert(0, str(SCRIPTS_DIR))
+
+from tool_contract import add_common_args, emit_report, make_report, write_evidence  # noqa: E402
+
+
 DEFAULT_PORTS = [80, 443, 8080, 8443]
 
 
@@ -226,6 +235,7 @@ def main() -> int:
         action="store_true",
         help="确认目标属于自有资产或已明确授权",
     )
+    add_common_args(parser, include_network=False)
     args = parser.parse_args()
 
     if not args.ack_authorized:
@@ -267,11 +277,25 @@ def main() -> int:
         "related_hosts": sorted(related_hosts),
     }
 
-    if args.json:
-        print(json.dumps(report, indent=2, ensure_ascii=True))
-    else:
-        print(render_text(report))
-    return 0
+    evidence_refs = []
+    ref = write_evidence(args, "site-scope-map.json", report)
+    if ref:
+        evidence_refs.append(ref)
+    payload = make_report(
+        tool="site-scope-mapper",
+        mode="single-target-scope-map",
+        target=args.target,
+        status="verified" if report["http"] or report["tls"] else "needs-review",
+        severity="low",
+        payload_or_probe=report,
+        request_summary={"ports": ports, "target_type": target_type},
+        evidence_refs=evidence_refs,
+        destructive_risk="low",
+        args=args,
+    )
+    if args.json and args.format == "text":
+        args.format = "json"
+    return emit_report(args, payload, render_text(report).splitlines())
 
 
 if __name__ == "__main__":