7.1 KiB
Installation
You can download the latest tarball by clicking here or latest zipball by clicking here.
Preferably, you can download fuxi-scanner by cloning the Git repository:
git clone --depth 1 https://github.com/jeffzh3ng/Fuxi-Scanner.git fuxi-scanner
Fuxi Scanner works out of the box with Python version 2.6.x and 2.7.x on any platform.
Environment Setup
This guide should get you going on Ubuntu system.
Install the base dev packages
sudo apt update
sudo apt install python python-dev python-pip python-setuptools nmap hydra curl
cd fuxi-scanner
sudo python -m pip install pip==9.0.3
sudo pip install -r requirements.txt
Install MongoDB Community Edition (Ubuntu)
Import the public key used by the package management system.
The Ubuntu package management tools (i.e. dpkg and apt) ensure package consistency and authenticity by requiring that distributors sign packages with GPG keys.
Issue the following command to import the MongoDB public GPG Key:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
Create a list file for MongoDB.
Create the /etc/apt/sources.list.d/mongodb-org-3.6.list list file using the command appropriate for your version of Ubuntu:
Ubuntu 14.04
echo "deb https://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
Ubuntu 16.04
echo "deb https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
Reload local package database.
Issue the following command to reload the local package database:
sudo apt-get update
Install the MongoDB packages.
Install the latest stable version of MongoDB.
Issue the following command:
sudo apt-get install -y mongodb-org
Run MongoDB Community Edition
Start MongoDB.
Issue the following command to start mongod:
sudo service mongod start
Connect to the instance.
mongo
Create the user administrator.
In the admin database, add a user with the userAdminAnyDatabase role
use admin
db.createUser(
{
user: "admin",
pwd: "14b3xfY1wd",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Add Scanner Users
The following operation creates a user in the reporting database with the specified name, password, and roles
use fuxi
db.createUser(
{
user: "fuxi_scanner",
pwd: "W94MRYDqOZ",
roles: [
{ role: "readWrite", db: "fuxi"},
]
}
)
Enable Auth
sudo vi /etc/mongod.conf
security:
authorization: "enabled"
sudo service mongod restart
sudo systemctl enable mongod.service
To authenticate after connecting
jeffzhang@ubuntu:~$ mongo
MongoDB shell version v3.6.5
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.6.5
> use fuxi
switched to db fuxi
> db.auth("fuxi_scanner", "W94MRYDqOZ")
1
Configuration Handling
fuxi-scanner configuration files are located in the fuxi-scanner/instance/ directory.
Full Example Configuration
import os
basedir = os.path.abspath(os.path.dirname(__file__))
class Config:
def __init__(self):
pass
WEB_USER = 'admin' #Web Auth User
WEB_PASSWORD = 'xHmRu4sJxZ' #Web Auth Password
POCSUITE_PATH = basedir + '/../fuxi/views/modules/scanner/pocsuite_plugin/'
AWVS_REPORT_PATH = basedir + '/../fuxi/static/download/' # static file download
WEB_HOST = '127.0.0.1' #Web Server Host
WEB_PORT = 5000 #Web Server Port
UPDATE_URL = "https://fuxi.hook.ga/update" #check update
VERSION = '1.2.0' #scanner version
AWVS_URL = 'https://192.168.56.2:3443' #Acunetix Web Vulnerability Scanner Url
AWVS_API_KEY = "" #Acunetix Web Vulnerability Scanner API Key
class ProductionConfig(Config):
DB_HOST = '127.0.0.1' #MongoDB Host
DB_PORT = 27017 #MongoDB Port (int)
DB_NAME = 'fuxi' #MongoDB Name
DB_USERNAME = 'fuxi_scanner' #MongoDB User
DB_PASSWORD = 'W94MRYDqOZ' #MongoDB Password
CONFIG_NAME = 'fuxi' #Scanner config name
PLUGIN_DB = 'dev_plugin_info' #Plugin collection
TASKS_DB = 'dev_tasks' #Scan tasks collection
VULNERABILITY_DB = 'dev_vuldb' #Vulnerability collection
ASSET_DB = 'dev_asset' #Asset collection
CONFIG_DB = 'dev_config' #Scanner config collection
SERVER_DB = 'dev_server' #Asset server collection
SUBDOMAIN_DB = 'dev_subdomain' #Subdomain server collection
DOMAIN_DB = 'dev_domain' #Domain server collection
PORT_DB = 'dev_port_scanner' #Port scan collection
AUTH_DB = 'dev_auth_tester' #Auth tester tasks collection
ACUNETIX_DB = 'dev_acunetix' #Acunetix scanner tasks collection
WEEKPASSWD_DB = 'dev_week_passwd' #Week password collection
Using Fuxi-Scanner
Running tests
sudo service mongod restart
cd fuxi-scanner
python migration/start.py
python fuxi_scanner.py
* Running on http://127.0.0.1:5000
Done! Open your browser to http://127.0.0.1:5000 to see it working
Run it as background process
./run.sh start # start
./run.sh restart # restart
./run.sh stop # stop
Using Caddy (Optional)
Caddy, sometimes clarified as the Caddy web server, is an open source, HTTP/2-enabled web server written in Go. It uses the Go standard library for its HTTP functionality.
One of Caddy's most notable features is enabling HTTPS by default.
Install Caddy
- PLATFORM: Linux 64
- PLUGINS: None
- TELEMETRY: Off
- LICENSE: Personal (free)
curl https://getcaddy.com | bash -s personal
Using Caddy
Create caddy folder
sudo mkdir /etc/caddy
sudo touch /etc/caddy/caddy.config
sudo chown -R root:www-data /etc/caddy
sudo vi /etc/caddy/caddy.config
The HTTP Caddyfile:
www.example.com {
log /var/log/caddy_fuxi.log
proxy / 127.0.0.1:5000 {
transparent
}
}
Create SSL certificates folder
sudo mkdir /etc/ssl/caddy
sudo chown -R www-data:root /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy
Start Caddy
sudo caddy -conf /etc/caddy/caddy.config
---- The End ----