Merge pull request #218 from fofapro/0.3.2.11

0.3.2.11
fofapro · Nov 5, 2021 · 6583c4c · 6583c4c
2 parents 911526f + 753940a
commit 6583c4c
Show file tree

Hide file tree

Showing 52 changed files with 1,110 additions and 201 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,17 @@
 ## 更新日志
 
+### v0.3.2.11
+更新时间：2021-11-05
+
+- 更新12个镜像
+- 开放镜像API
+- 新增已启动镜像标签
+- 修复首页分类标签重复问题
+- 修改镜像启动后现实域名不在显示IP
+- 修复注册页面与登录页面背景图不统一问题
+- 优化一键获取镜像信息504问题
+- 优化页面样式
+
 ### v0.3.2.10
 更新时间：2021-10-22
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 FROM python:3
-LABEL maintainer="Prometheus <[email protected]>" version="0.3.2.10" description="Vulfocus for Docker"
+LABEL maintainer="Prometheus <[email protected]>" version="0.3.2.11" description="Vulfocus for Docker"
 EXPOSE 80
 RUN mkdir /vulfocus-api/
 WORKDIR /vulfocus-api/

diff --git a/VULFOCUSAPI.md b/VULFOCUSAPI.md
@@ -0,0 +1,110 @@
+# 镜像信息获取
+
+镜像信息获取接口，通过GET请求，认证通过后返回所有镜像信息（镜像名称，漏洞名称，漏洞描述）
+
+## 请求URI
+
+`/api/imgs/operation  `
+
+## 请求方法
+
+`GET`
+
+## 请求参数
+
+| 参数名   | 类型   | 说明                                                   | 举例                                |
+| -------- | ------ | ------------------------------------------------------ | ----------------------------------- |
+| username | string | 用户名                                                 | username=admin                      |
+| licence  | string | 用户Licence，可登录vulfocus在用户界面 点击 Account查看 | licence=1da2sd1a565ad32a1d32a1sd32a |
+
+## 响应参数
+
+| 参数名                | 类型   | 说明     |
+| --------------------- | ------ | -------- |
+| data[].image_name     | string | 镜像名称 |
+| data[].image_vul_name | string | 漏洞名称 |
+| data[].image_desc     | string | 漏洞描述 |
+
+### demo
+
+```
+# 成功
+{"data": [{"image_name": "vulfocus/nuxeo-cve_2018_16341:latest", "image_vul_name": "nuxeo 命令执行 （CVE-2018-16341）", "image_desc": "Nuxeo Platform是一款跨平台开源的企业级内容管理系统(CMS)。\nnuxeo-jsf-ui组件处理facelet模板不当，当访问的facelet模板不存在时，相关的文件名会输出到错误页面上，而错误页面会当成模板被解析，文件名包含表达式也会被输出同时被解析执行，从而导致远程代码执行漏洞。\n用户名密码：Administrator:Administrator"}, {"image_name": "vulfocus/apache-cve_2021_41773:latest", "image_vul_name": "vulfocus/apache-cve_2021_41773", "image_desc": "Apache HTTP Server 2.4.49、2.4.50版本对路径规范化所做的更改中存在一个路径穿越漏洞，攻击者可利用该漏洞读取到Web目录外的其他文件，如系统配置文件、网站源码等，甚至在特定情况下，攻击者可构造恶意请求执行命令，控制服务器。"}, {"image_name": "vulfocus/wordpress-cve_2018_7422:latest", "image_vul_name": "wordpress 文件包含 （CVE-2018-7422）", "image_desc": "WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。Site Editor plugin是使用在其中的一个所见即所得的前端编辑器。\n\nWordPress Site Editor插件1.1.1及之前版本中存在本地文件包含漏洞。远程攻击者可通过向editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php文件发送‘ajax_path’参数利用该漏洞检索任意文件。\n密码：admin     admin"}, {"image_name": "jboss/keycloak:latest", "image_vul_name": "jboss/keycloak", "image_desc": "jboss/keycloak"}], "status": 200, "msg": "OK"}
+# 失败
+{"data": null, "status": 500, "msg": "认证信息错误"}
+```
+
+# 镜像操作
+
+镜像操作接口，通过此接口可以对镜像进行启动，停止，删除操作
+
+## 请求URI
+
+`/api/imgs/operation  `
+
+## 请求方法
+
+`POST`
+
+## 请求参数
+
+| 参数名      | 类型   | 说明                                                   | 举例                                              |
+| ----------- | ------ | ------------------------------------------------------ | ------------------------------------------------- |
+| username    | string | 用户名                                                 | username=admin                                    |
+| licence     | string | 用户Licence，可登录vulfocus在用户界面 点击 Account查看 | licence=1da2sd1a565ad32a1d32a1sd32a               |
+| image_name  | string | 镜像名称                                               | image_name=vulfocus/weblogic-cve_2018_2894:latest |
+| requisition | string | 请求操作 start（启动）stop（停止）delete（删除）       | requistion=start                                  |
+
+demo
+
+```
+POST /api/imgs/operation HTTP/1.1
+Host: vulfocus.fofa.so
+User-Agent: curl/7.64.1
+Accept: */*
+Content-Length: 126
+Content-Type: application/x-www-form-urlencoded
+Connection: close
+
+username=admin&licence=eb9cd000c2904b6ab&image_name=vulfocus/struts2-cve_2016_3081:latest&requisition=start
+```
+
+## 响应参数
+
+| 参数名 | 类型   | 说明             |
+| ------ | ------ | ---------------- |
+| host   | string | 返回容器请求地址 |
+| port   | string | 返回端口信息     |
+
+### demo
+
+```
+# 成功
+{"data": {"host": "vulfocus.fofa.so:44963,61748,26663", "port": "{\"8080\": \"44963\", \"8787\": \"61748\", \"9443\": \"26663\"}"}, "status": 200, "msg": "启动成功"}
+{"data": {"host": "vulfocus.fofa.so:44963,61748,26663", "port": "{\"8080\": \"44963\", \"8787\": \"61748\", \"9443\": \"26663\"}"}, "status": 200, "msg": "镜像已经启动"}
+#失败
+{"data": null, "status": 500, "msg": "认证信息错误"}
+{"data": null, "status": 500, "msg": "启动失败"}
+{"data": null, "status": 500, "msg": "镜像不存在"}
+{"data": null, "status": 500, "msg": "停止镜像失败"}
+{"data": null, "status": 500, "msg": "删除镜像失败"}
+
+```
+
+
+
+## 返回公共体
+
+| 参数名 | 类型   | 说明     | 举例                                                         |
+| ------ | ------ | -------- | ------------------------------------------------------------ |
+| data   | json   | 返回信息 | {"host": "vulfocus.fofa.so:36130,61060", "port": "{\"3306\": \"36130\", \"80\": \"61060\"}"} |
+| status | string | 返回状态 | "status": 200                                                |
+| msg    | string | 返回原因 | "msg": "启动成功"                                            |
+
+## status 状态
+
+| 状态码 | 说明     | 返回信息                                                     |
+| ------ | -------- | ------------------------------------------------------------ |
+| 200    | 请求成功 | 返回镜像信息成功/启动成功/停止成功/删除成功                  |
+| 500    | 请求失败 | 认证信息错误/镜像不存在/镜像名称不能为空/错误的请求/启动容器数量达到上线/启动失败/停止失败/ |
+
diff --git a/_sidebar.md b/_sidebar.md
@@ -1,5 +1,6 @@
 * [Vulfocus]()
 * [安装](INSTALL.md)
+* [API](VULFOCUSAPI.md)
 * [漏洞镜像规范](_sidebar.md)
 
 * Writeup

diff --git a/dist/index.html b/dist/index.html
@@ -1,2 +1,2 @@
-<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><link rel=icon href=/favicon.ico><title>vulfocus</title><link href=/static/css/chunk-elementUI.c86e93b4.css rel=stylesheet><link href=/static/css/chunk-libs.39c2b454.css rel=stylesheet><link href=/static/css/app.4b4cd4f1.css rel=stylesheet></head><body><noscript><strong>We're sorry but vulfocus doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id=app></div><script src=/static/js/chunk-elementUI.75e4b20f.js></script><script src=/static/js/chunk-libs.290acad0.js></script><script>(function(e){function c(c){for(var t,u,d=c[0],f=c[1],h=c[2],o=0,b=[];o<d.length;o++)u=d[o],r[u]&&b.push(r[u][0]),r[u]=0;for(t in f)Object.prototype.hasOwnProperty.call(f,t)&&(e[t]=f[t]);i&&i(c);while(b.length)b.shift()();return a.push.apply(a,h||[]),n()}function n(){for(var e,c=0;c<a.length;c++){for(var n=a[c],t=!0,u=1;u<n.length;u++){var d=n[u];0!==r[d]&&(t=!1)}t&&(a.splice(c--,1),e=f(f.s=n[0]))}return e}var t={},u={runtime:0},r={runtime:0},a=[];function d(e){return f.p+"static/js/"+({}[e]||e)+"."+{"chunk-0dc4cb06":"5d5465af","chunk-1aa9ca50":"f250db2b","chunk-2d0aa5b8":"c32e7151","chunk-0b4a74c9":"1922b9fb","chunk-470ec910":"cf0fc111","chunk-56eacc2a":"d90a4965","chunk-7d0fae0e":"587ac4d5","chunk-9bc80b7a":"40ff1625","chunk-97369b94":"6453cf6d","chunk-b0bede22":"95f55b12","chunk-e6555cb8":"6f758470","chunk-2d0abdfd":"e0124b63","chunk-4961a69c":"7c433a60","chunk-4de1c2b6":"f9ddb8b4","chunk-531b1983":"718b153c","chunk-581d3646":"391f41ff","chunk-781c03bd":"1856c09e","chunk-8c05fd72":"820f4b18","chunk-9d1474f8":"4ee1da55","chunk-bd6376c8":"3494b805","chunk-25e2b1ca":"4d67fd2f","chunk-d9e2f9e6":"99f1c486","chunk-dc51e700":"00c654ce","chunk-50bd59a6":"5084ab81","chunk-eeb0b196":"995c4c27","chunk-f1a2cab4":"db7ffcb9","chunk-fc8541be":"895962ed"}[e]+".js"}function f(c){if(t[c])return t[c].exports;var n=t[c]={i:c,l:!1,exports:{}};return e[c].call(n.exports,n,n.exports,f),n.l=!0,n.exports}f.e=function(e){var c=[],n={"chunk-0dc4cb06":1,"chunk-0b4a74c9":1,"chunk-56eacc2a":1,"chunk-7d0fae0e":1,"chunk-9bc80b7a":1,"chunk-b0bede22":1,"chunk-e6555cb8":1,"chunk-4961a69c":1,"chunk-4de1c2b6":1,"chunk-581d3646":1,"chunk-781c03bd":1,"chunk-8c05fd72":1,"chunk-9d1474f8":1,"chunk-bd6376c8":1,"chunk-25e2b1ca":1,"chunk-50bd59a6":1,"chunk-f1a2cab4":1,"chunk-fc8541be":1};u[e]?c.push(u[e]):0!==u[e]&&n[e]&&c.push(u[e]=new Promise((function(c,n){for(var t="static/css/"+({}[e]||e)+"."+{"chunk-0dc4cb06":"56e40efb","chunk-1aa9ca50":"31d6cfe0","chunk-2d0aa5b8":"31d6cfe0","chunk-0b4a74c9":"f93c2a7a","chunk-470ec910":"31d6cfe0","chunk-56eacc2a":"f6f3ca58","chunk-7d0fae0e":"e5e4dfbf","chunk-9bc80b7a":"195e89da","chunk-97369b94":"31d6cfe0","chunk-b0bede22":"bb28d2f3","chunk-e6555cb8":"198fc6df","chunk-2d0abdfd":"31d6cfe0","chunk-4961a69c":"74a73643","chunk-4de1c2b6":"a37cd815","chunk-531b1983":"31d6cfe0","chunk-581d3646":"4d44eb3a","chunk-781c03bd":"cdd0a300","chunk-8c05fd72":"d6edd1b6","chunk-9d1474f8":"9c9aecad","chunk-bd6376c8":"5f3c40a1","chunk-25e2b1ca":"c52976c7","chunk-d9e2f9e6":"31d6cfe0","chunk-dc51e700":"31d6cfe0","chunk-50bd59a6":"38aaaeb7","chunk-eeb0b196":"31d6cfe0","chunk-f1a2cab4":"bc4e486f","chunk-fc8541be":"619b6460"}[e]+".css",r=f.p+t,a=document.getElementsByTagName("link"),d=0;d<a.length;d++){var h=a[d],o=h.getAttribute("data-href")||h.getAttribute("href");if("stylesheet"===h.rel&&(o===t||o===r))return c()}var b=document.getElementsByTagName("style");for(d=0;d<b.length;d++){h=b[d],o=h.getAttribute("data-href");if(o===t||o===r)return c()}var i=document.createElement("link");i.rel="stylesheet",i.type="text/css",i.onload=c,i.onerror=function(c){var t=c&&c.target&&c.target.src||r,a=new Error("Loading CSS chunk "+e+" failed.\n("+t+")");a.code="CSS_CHUNK_LOAD_FAILED",a.request=t,delete u[e],i.parentNode.removeChild(i),n(a)},i.href=r;var k=document.getElementsByTagName("head")[0];k.appendChild(i)})).then((function(){u[e]=0})));var t=r[e];if(0!==t)if(t)c.push(t[2]);else{var a=new Promise((function(c,n){t=r[e]=[c,n]}));c.push(t[2]=a);var h,o=document.createElement("script");o.charset="utf-8",o.timeout=120,f.nc&&o.setAttribute("nonce",f.nc),o.src=d(e),h=function(c){o.onerror=o.onload=null,clearTimeout(b);var n=r[e];if(0!==n){if(n){var t=c&&("load"===c.type?"missing":c.type),u=c&&c.target&&c.target.src,a=new Error("Loading chunk "+e+" failed.\n("+t+": "+u+")");a.type=t,a.request=u,n[1](a)}r[e]=void 0}};var b=setTimeout((function(){h({type:"timeout",target:o})}),12e4);o.onerror=o.onload=h,document.head.appendChild(o)}return Promise.all(c)},f.m=e,f.c=t,f.d=function(e,c,n){f.o(e,c)||Object.defineProperty(e,c,{enumerable:!0,get:n})},f.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.t=function(e,c){if(1&c&&(e=f(e)),8&c)return e;if(4&c&&"object"===typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(f.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&c&&"string"!=typeof e)for(var t in e)f.d(n,t,function(c){return e[c]}.bind(null,t));return n},f.n=function(e){var c=e&&e.__esModule?function(){return e["default"]}:function(){return e};return f.d(c,"a",c),c},f.o=function(e,c){return Object.prototype.hasOwnProperty.call(e,c)},f.p="/",f.oe=function(e){throw console.error(e),e};var h=window["webpackJsonp"]=window["webpackJsonp"]||[],o=h.push.bind(h);h.push=c,h=h.slice();for(var b=0;b<h.length;b++)c(h[b]);var i=o;n()})([]);
-//# sourceMappingURL=runtime.fadabd88.js.map</script><script src=/static/js/app.1aa8b045.js></script></body></html>
+<!DOCTYPE html><html><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge,chrome=1"><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><link rel=icon href=/favicon.ico><title>vulfocus</title><link href=/static/css/chunk-elementUI.c86e93b4.css rel=stylesheet><link href=/static/css/chunk-libs.39c2b454.css rel=stylesheet><link href=/static/css/app.4b4cd4f1.css rel=stylesheet></head><body><noscript><strong>We're sorry but vulfocus doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id=app></div><script src=/static/js/chunk-elementUI.75e4b20f.js></script><script src=/static/js/chunk-libs.290acad0.js></script><script>(function(e){function c(c){for(var t,u,d=c[0],f=c[1],h=c[2],o=0,b=[];o<d.length;o++)u=d[o],r[u]&&b.push(r[u][0]),r[u]=0;for(t in f)Object.prototype.hasOwnProperty.call(f,t)&&(e[t]=f[t]);k&&k(c);while(b.length)b.shift()();return a.push.apply(a,h||[]),n()}function n(){for(var e,c=0;c<a.length;c++){for(var n=a[c],t=!0,u=1;u<n.length;u++){var d=n[u];0!==r[d]&&(t=!1)}t&&(a.splice(c--,1),e=f(f.s=n[0]))}return e}var t={},u={runtime:0},r={runtime:0},a=[];function d(e){return f.p+"static/js/"+({}[e]||e)+"."+{"chunk-0dc4cb06":"5d5465af","chunk-1aa9ca50":"f250db2b","chunk-2d0aa5b8":"c32e7151","chunk-0b4a74c9":"1922b9fb","chunk-470ec910":"cf0fc111","chunk-56eacc2a":"d90a4965","chunk-7d0fae0e":"587ac4d5","chunk-2e319a09":"2fbced96","chunk-97369b94":"6453cf6d","chunk-b0bede22":"95f55b12","chunk-e6555cb8":"6f758470","chunk-2d0abdfd":"e0124b63","chunk-4961a69c":"7c433a60","chunk-49dbd0c0":"2d3fd6e0","chunk-1fa92022":"351c3d48","chunk-4de1c2b6":"f9ddb8b4","chunk-531b1983":"718b153c","chunk-781c03bd":"1856c09e","chunk-7c362684":"6789ee0b","chunk-8c05fd72":"820f4b18","chunk-9d1474f8":"4ee1da55","chunk-bd6376c8":"3494b805","chunk-25e2b1ca":"4d67fd2f","chunk-d9e2f9e6":"99f1c486","chunk-dc51e700":"00c654ce","chunk-2fe8b569":"2cae4f02","chunk-eeb0b196":"995c4c27","chunk-fc8541be":"895962ed"}[e]+".js"}function f(c){if(t[c])return t[c].exports;var n=t[c]={i:c,l:!1,exports:{}};return e[c].call(n.exports,n,n.exports,f),n.l=!0,n.exports}f.e=function(e){var c=[],n={"chunk-0dc4cb06":1,"chunk-0b4a74c9":1,"chunk-56eacc2a":1,"chunk-7d0fae0e":1,"chunk-2e319a09":1,"chunk-b0bede22":1,"chunk-e6555cb8":1,"chunk-4961a69c":1,"chunk-1fa92022":1,"chunk-4de1c2b6":1,"chunk-781c03bd":1,"chunk-7c362684":1,"chunk-8c05fd72":1,"chunk-9d1474f8":1,"chunk-bd6376c8":1,"chunk-25e2b1ca":1,"chunk-2fe8b569":1,"chunk-fc8541be":1};u[e]?c.push(u[e]):0!==u[e]&&n[e]&&c.push(u[e]=new Promise((function(c,n){for(var t="static/css/"+({}[e]||e)+"."+{"chunk-0dc4cb06":"56e40efb","chunk-1aa9ca50":"31d6cfe0","chunk-2d0aa5b8":"31d6cfe0","chunk-0b4a74c9":"f93c2a7a","chunk-470ec910":"31d6cfe0","chunk-56eacc2a":"f6f3ca58","chunk-7d0fae0e":"e5e4dfbf","chunk-2e319a09":"ba7f6bee","chunk-97369b94":"31d6cfe0","chunk-b0bede22":"bb28d2f3","chunk-e6555cb8":"198fc6df","chunk-2d0abdfd":"31d6cfe0","chunk-4961a69c":"74a73643","chunk-49dbd0c0":"31d6cfe0","chunk-1fa92022":"4d44eb3a","chunk-4de1c2b6":"a37cd815","chunk-531b1983":"31d6cfe0","chunk-781c03bd":"cdd0a300","chunk-7c362684":"bc4e486f","chunk-8c05fd72":"d6edd1b6","chunk-9d1474f8":"9c9aecad","chunk-bd6376c8":"5f3c40a1","chunk-25e2b1ca":"c52976c7","chunk-d9e2f9e6":"31d6cfe0","chunk-dc51e700":"31d6cfe0","chunk-2fe8b569":"109c2dd4","chunk-eeb0b196":"31d6cfe0","chunk-fc8541be":"619b6460"}[e]+".css",r=f.p+t,a=document.getElementsByTagName("link"),d=0;d<a.length;d++){var h=a[d],o=h.getAttribute("data-href")||h.getAttribute("href");if("stylesheet"===h.rel&&(o===t||o===r))return c()}var b=document.getElementsByTagName("style");for(d=0;d<b.length;d++){h=b[d],o=h.getAttribute("data-href");if(o===t||o===r)return c()}var k=document.createElement("link");k.rel="stylesheet",k.type="text/css",k.onload=c,k.onerror=function(c){var t=c&&c.target&&c.target.src||r,a=new Error("Loading CSS chunk "+e+" failed.\n("+t+")");a.code="CSS_CHUNK_LOAD_FAILED",a.request=t,delete u[e],k.parentNode.removeChild(k),n(a)},k.href=r;var i=document.getElementsByTagName("head")[0];i.appendChild(k)})).then((function(){u[e]=0})));var t=r[e];if(0!==t)if(t)c.push(t[2]);else{var a=new Promise((function(c,n){t=r[e]=[c,n]}));c.push(t[2]=a);var h,o=document.createElement("script");o.charset="utf-8",o.timeout=120,f.nc&&o.setAttribute("nonce",f.nc),o.src=d(e),h=function(c){o.onerror=o.onload=null,clearTimeout(b);var n=r[e];if(0!==n){if(n){var t=c&&("load"===c.type?"missing":c.type),u=c&&c.target&&c.target.src,a=new Error("Loading chunk "+e+" failed.\n("+t+": "+u+")");a.type=t,a.request=u,n[1](a)}r[e]=void 0}};var b=setTimeout((function(){h({type:"timeout",target:o})}),12e4);o.onerror=o.onload=h,document.head.appendChild(o)}return Promise.all(c)},f.m=e,f.c=t,f.d=function(e,c,n){f.o(e,c)||Object.defineProperty(e,c,{enumerable:!0,get:n})},f.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.t=function(e,c){if(1&c&&(e=f(e)),8&c)return e;if(4&c&&"object"===typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(f.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&c&&"string"!=typeof e)for(var t in e)f.d(n,t,function(c){return e[c]}.bind(null,t));return n},f.n=function(e){var c=e&&e.__esModule?function(){return e["default"]}:function(){return e};return f.d(c,"a",c),c},f.o=function(e,c){return Object.prototype.hasOwnProperty.call(e,c)},f.p="/",f.oe=function(e){throw console.error(e),e};var h=window["webpackJsonp"]=window["webpackJsonp"]||[],o=h.push.bind(h);h.push=c,h=h.slice();for(var b=0;b<h.length;b++)c(h[b]);var k=o;n()})([]);
+//# sourceMappingURL=runtime.16452b32.js.map</script><script src=/static/js/app.d60c78ee.js></script></body></html>