更新: 359 个文件 - 2026-03-16 23:30:01

2026-03-16 23:30:01 -07:00
--- a/scripts/lab/attack.py
+++ b/scripts/lab/attack.py
@@ -0,0 +1,66 @@
+from __future__ import annotations
+
+import subprocess
+from pathlib import Path
+from typing import Any, Dict, List
+
+from lab.utils import write_json
+
+
+TOOL_COMMANDS = {
+    "xss-fuzzer": ["python3", "/Users/x/websafe/02-xss/tools/xss-fuzzer.py"],
+    "xss-scanner": ["go", "run", "/Users/x/websafe/02-xss/tools/xss-scanner.go"],
+    "sqli-scanner": ["python3", "/Users/x/websafe/01-sql-injection/tools/sqli-scanner.py"],
+    "blind-sqli": ["python3", "/Users/x/websafe/01-sql-injection/tools/blind-sqli.py"],
+    "session-lab": ["python3", "/Users/x/websafe/03-authentication/session/tools/session-lab.py"],
+    "misconfig-lab": ["python3", "/Users/x/websafe/04-server-security/misconfiguration/tools/misconfig-lab.py"],
+    "tls-scanner": ["python3", "/Users/x/websafe/04-server-security/tls/tools/tls-scanner.py"],
+    "site-scope-mapper": ["python3", "/Users/x/websafe/04-server-security/infrastructure/tools/site-scope-mapper.py"],
+}
+
+
+def _render_args(step: Dict[str, Any], profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path) -> List[str]:
+    target = (profile.get("baseline_urls") or [""])[0]
+    mapping = {
+        "{target_url}": target,
+        "{run_id}": run_dir.name,
+        "{case_id}": advisory["canonical_id"],
+        "{evidence_dir}": str(run_dir / "logs"),
+    }
+    args: List[str] = []
+    for item in step.get("args", []):
+        rendered = item
+        for key, value in mapping.items():
+            rendered = rendered.replace(key, value)
+        args.append(rendered)
+    return args
+
+
+def run_attack(profile: Dict[str, Any], advisory: Dict[str, Any], run_dir: Path, dry_run: bool = False) -> Dict[str, Any]:
+    steps: List[Dict[str, Any]] = []
+    for step in profile.get("attack_actions", []):
+        tool_name = step.get("tool")
+        args = _render_args(step, profile, advisory, run_dir)
+        record = {
+            "kind": step.get("kind", "tool"),
+            "tool": tool_name,
+            "args": args,
+            "status": "planned" if dry_run else "skipped",
+        }
+        if step.get("kind") == "tool" and tool_name in TOOL_COMMANDS and not dry_run:
+            output_path = run_dir / "logs" / f"{tool_name}.json"
+            cmd = TOOL_COMMANDS[tool_name] + args + ["--ack-authorized", "--format", "json", "--output", str(output_path)]
+            completed = subprocess.run(cmd, text=True, capture_output=True)
+            record.update(
+                {
+                    "status": "completed" if completed.returncode == 0 else "failed",
+                    "returncode": completed.returncode,
+                    "stdout_excerpt": completed.stdout[-400:],
+                    "stderr_excerpt": completed.stderr[-400:],
+                    "result_path": str(output_path),
+                }
+            )
+        steps.append(record)
+    payload = {"steps": steps}
+    write_json(run_dir / "logs" / "attack.json", payload)
+    return payload