初始化: Web安全攻防知识库

- 靶场环境: DVWA/WebGoat/Pikachu/BWAPP/SQLi-Labs/XSS-Labs - SQL注入工具: sqli-scanner.py, blind-sqli.py, sqli-exploit.go - XSS工具: xss-fuzzer.py, xss-scanner.go - 认证攻击: web-brute.py, jwt-cracker.py - 服务端安全: port-scanner.py, tls-scanner.py - 防御配置: nginx-hardening.conf - 案例研究: 福建政采网安全评估报告 (13份) - 同步脚本: sync-gitea.sh
2026-03-16 17:10:23 -07:00
--- a/06-case-studies/fujian-gov-procurement/scripts/http_fuzz.sh
+++ b/06-case-studies/fujian-gov-procurement/scripts/http_fuzz.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+export PATH="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin"
+
+TARGET_IPS="112.54.45.252 120.35.30.176 114.115.172.176"
+PATHS="/ /login /admin /api /api/v1 /gateway /actuator /actuator/health /swagger-ui.html /v2/api-docs /.env /.git/config /robots.txt /server-status /portal"
+
+echo "Starting HTTP Web Directory Fuzzing on port 8080..."
+
+for ip in $TARGET_IPS; do 
+    for path in $PATHS; do 
+        # Perform silent request to get the status code only
+        code=$(curl -k -s -o /dev/null -w "%{http_code}" -m 3 "http://$ip:8080$path" 2>/dev/null)
+        
+        # Only print if valid code and not 404 (or connection refused 000)
+        if [ "$code" != "404" ] && [ "$code" != "000" ] && [ ! -z "$code" ]; then 
+            echo "[HTTP $code] http://$ip:8080$path"
+        fi
+    done
+done
+
+echo "Fuzzing complete."
--- a/06-case-studies/fujian-gov-procurement/scripts/port_scan.py
+++ b/06-case-studies/fujian-gov-procurement/scripts/port_scan.py
@@ -0,0 +1,30 @@
+import socket
+import concurrent.futures
+
+targets = ["112.54.45.252", "120.35.30.176", "114.115.172.176"]
+ports = [21, 22, 23, 80, 81, 443, 3389, 8080, 8443, 8888, 9000, 3306, 6379, 27017, 11211, 8000, 8081, 9090, 8090, 4430]
+
+def scan(ip, port):
+    try:
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.settimeout(2.5)
+        result = sock.connect_ex((ip, port))
+        sock.close()
+        if result == 0:
+            return (ip, port, "open")
+    except Exception:
+        pass
+    return (ip, port, "closed/filtered")
+
+if __name__ == '__main__':
+    print("Starting port scan on targets: ", targets)
+    with concurrent.futures.ThreadPoolExecutor(max_workers=50) as executor:
+        futures = []
+        for ip in targets:
+            for port in ports:
+                futures.append(executor.submit(scan, ip, port))
+        for future in concurrent.futures.as_completed(futures):
+            res = future.result()
+            if res[2] == "open":
+                print(f"Host: {res[0]} Port: {res[1]} is OPEN")
+    print("Scan complete.")