update 1.0.2

update 1.0.2

LSpider/settings.py.bak

@@ -213,5 +213,11 @@ WECHAT_NOTICE_DEBUG = {
     'agent_id': ' ',
 }
 
+# for xray result
+VUL_LIST_PATH = os.path.join(BASE_DIR, 'vuls/')
+
+if os.path.isdir(VUL_LIST_PATH) is not True:
+    os.mkdir(VUL_LIST_PATH)
+
 # for test
 IS_TEST_ENVIRONMENT = False

README.md

@@ -58,9 +58,22 @@ LSpider从设计之初是为了配合像xray这种被动扫描器而诞生的，
 python3 manage.py SpiderCoreBackendStart --test
 ```
 
+通过dockerfile安装（不推荐的安装模式）
+```
+cd ./docker
+
+docker-compose up -d
+```
+
+[dockerfile 安装&使用](./docker/readme.md)
+
+**使用dockerfile安装，推荐修改其中必要的配置信息以避免安全漏洞诞生。**
+
 **值得注意的是，以下脚本可能会涉及到项目路径影响，使用前请修改相应的配置**
 
-启动LSpider webhook（默认端口2062）
+建议配合screen来挂起进程
+
+启动LSpider webhook 与漏洞展示页面（默认端口2062）
 
 ```
 ./lspider_webhook.sh
@@ -93,6 +106,10 @@ python3 manage.py SpiderCoreBackendStart --test
 
 [如何配置扫描任务 以及 其他的配置相关](./docs/manage.md)
 
+扫描器结果输出到配置文件相同目录（默认为vuls/）,则可以通过web界面访问。
+
+![](./docs/6.png)
+
 # 使用内置的hackerone、bugcrowd爬虫获取目标
 
 使用hackerone爬虫，你需要首先配置好hackerone账号
@@ -108,6 +125,12 @@ python3 manage.py SpiderCoreBackendStart --test
 
 ![](./docs/5.png)
 
+# Contributors
+
+感谢如下贡献者对本工具发展过程中的贡献：
+
+- [QGW](https://github.com/qboy0000)
+
 # 404StarLink
 ![](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
 

core/chromeheadless.py

@@ -417,7 +417,7 @@ def finish_form(self):
     def click_button(self):
 
         try:
-            submit_buttons = self.driver.find_element_by_xpath("//input[@type='submit']")
+            submit_buttons = self.driver.find_elements_by_xpath("//input[@type='submit']")
 
             submit_buttons_len = len(submit_buttons)
 

docker/Dockerfile

@@ -0,0 +1,59 @@
+#FROM ubuntu:16.04
+
+FROM python:3.7.9-alpine3.12
+
+Label author "qboy0000<[email protected]>"
+
+#COPY dist/floodlight /root/floodlight
+
+ENV XARY 1.7.0
+ENV PYTHON3 3.7.9
+ENV CHROMEDRIVER_VERSION 88.0.4324.96
+
+# RUN sed -i 's/http:\/\/archive.ubuntu.com/http:\/\/mirrors.huaweicloud.com/g' /etc/apt/sources.list && \
+#     sed -i 's/http:\/\/security.ubuntu.com/http:\/\/mirrors.huaweicloud.com/g' /etc/apt/sources.list && \
+#     apt-get update && \
+
+COPY ./requirement.txt /tmp/
+
+RUN set -x && sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \
+    apk update && \
+# GM+8
+# set time zone
+	apk add --no-cache tzdata && \
+	echo "Asia/Shanghai" > /etc/timezone && \
+	cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
+	# dpkg-reconfigure -f noninteractive tzdata && \
+    apk add --no-cache musl-dev linux-headers  git wget curl unzip mysql-client mariadb-dev make gcc chromium chromium-chromedriver && \
+
+# update python3 to 3.7
+    # wget https://www.python.org/ftp/python/$PYTHON3/Python-$PYTHON3.tar.xz -O /tmp/Python-$PYTHON3.tar.xz && \
+    # cd /tmp && tar -xvf Python-$PYTHON3.tar.xz && cd Python-$PYTHON3 && ./configure && make && make install && \
+
+    git clone --depth 1 https://github.com/knownsec/LSpider.git /opt/LSpider && \
+
+    cd /opt/LSpider/ && \
+    pip3 install -r /tmp/requirement.txt -i https://mirrors.aliyun.com/pypi/simple && \
+
+    wget https://download.xray.cool/xray/$XARY/xray_linux_amd64.zip -O /tmp/xray_linux_amd64.zip && \
+    mkdir -p /opt/xray && \
+    unzip /tmp/xray_linux_amd64.zip -d /opt/xray && \
+
+    # wget http://npm.taobao.org/mirrors/chromedriver/$CHROMEDRIVER_VERSION/chromedriver_linux64.zip -O /tmp/chromedriver_linux64.zip && \
+    # mkdir /opt/LSpider/bin && \
+    # unzip /tmp/chromedriver_linux64.zip -d /usr/bin && \
+    # mv /usr/bin/chromedriver /usr/bin/chromedriver_linux64 && \
+
+    rm -rf /tmp/*
+
+WORKDIR /opt/LSpider/
+COPY ./docker-entrypoint.sh /opt/LSpider/docker-entrypoint.sh
+COPY ./settings.py.docker.bak /opt/LSpider/LSpider/settings.py
+COPY ./xray.sh /opt/LSpider/xray.sh
+COPY ./chromeheadless.py /opt/LSpider/core/
+
+RUN chmod a+x /opt/LSpider/*.sh
+
+EXPOSE 2062
+
+CMD /opt/LSpider/docker-entrypoint.sh