更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/04-server-security/misconfiguration/tools/misconfig-lab.py
+++ b/04-server-security/misconfiguration/tools/misconfig-lab.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python3
+"""
+Misconfiguration Lab Tool
+
+LAB ONLY | AUTHORIZED TARGETS ONLY
+"""
+
+from __future__ import annotations
+
+import argparse
+import sys
+from pathlib import Path
+from typing import Any, Dict, List
+from urllib.parse import urljoin
+
+import requests
+
+SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
+if str(SCRIPTS_DIR) not in sys.path:
+    sys.path.insert(0, str(SCRIPTS_DIR))
+
+from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence  # noqa: E402
+
+
+DEFAULT_PATHS = [
+    "/.env",
+    "/server-status",
+    "/actuator/health",
+    "/swagger-ui.html",
+    "/phpinfo.php",
+    "/admin/",
+    "/debug",
+]
+
+
+def probe(target: str, timeout: float, headers: Dict[str, str]) -> List[Dict[str, Any]]:
+    results = []
+    for path in DEFAULT_PATHS:
+        url = urljoin(target if target.endswith("/") else target + "/", path.lstrip("/"))
+        try:
+            response = requests.get(url, timeout=timeout, headers=headers, verify=False)
+            results.append(
+                {
+                    "path": path,
+                    "url": url,
+                    "status_code": response.status_code,
+                    "server": response.headers.get("Server"),
+                    "content_type": response.headers.get("Content-Type"),
+                    "body_excerpt": response.text[:300],
+                }
+            )
+        except Exception as exc:
+            results.append({"path": path, "url": url, "error": str(exc)})
+    return results
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(description="Misconfiguration Lab Tool")
+    parser.add_argument("--target", required=True, help="目标 URL")
+    parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
+    add_common_args(parser)
+    args = parser.parse_args()
+    ensure_authorized(args, parser)
+
+    headers = parse_headers(args.header)
+    results = probe(args.target, args.timeout, headers)
+    evidence_refs = []
+    ref = write_evidence(args, "misconfig-lab.json", {"results": results})
+    if ref:
+        evidence_refs.append(ref)
+    suspicious = [item for item in results if item.get("status_code") in {200, 401, 403}]
+    report = make_report(
+        tool="misconfig-lab",
+        mode="misconfiguration-surface-check",
+        target=args.target,
+        status="verified" if suspicious else "needs-review",
+        severity="medium" if suspicious else "info",
+        payload_or_probe={"results": results, "suspicious": suspicious},
+        request_summary={"timeout": args.timeout, "paths": DEFAULT_PATHS},
+        evidence_refs=evidence_refs,
+        destructive_risk="low",
+        args=args,
+    )
+    text_lines = [
+        "=" * 60,
+        "Misconfiguration Lab Tool",
+        "=" * 60,
+        f"Target: {args.target}",
+        f"Paths Checked: {len(DEFAULT_PATHS)}",
+        f"Suspicious Responses: {len(suspicious)}",
+    ]
+    return emit_report(args, report, text_lines)
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())