Update: 增加对IP、域名一键拉黑功能（请使用前务必了解注意事项）

hanc00l · Apr 13, 2023 · c9d22d4 · c9d22d4
1 parent b95e8f2
commit c9d22d4
Show file tree

Hide file tree

Showing 10 changed files with 105 additions and 51 deletions.
diff --git a/pkg/task/custom/blackdomain.go b/pkg/task/custom/blackdomain.go
@@ -10,7 +10,7 @@ import (
 )
 
 type BlackDomain struct {
-	blackList []string
+	blackListMap map[string]struct{}
 }
 
 // NewBlackDomain 创建域名黑名单对象
@@ -22,6 +22,8 @@ func NewBlackDomain() *BlackDomain {
 
 // loadBlankList 从配置文件中加载域名黑名单列表
 func (b *BlackDomain) loadBlankList() {
+	b.blackListMap = make(map[string]struct{})
+
 	inputFile, err := os.Open(filepath.Join(conf.GetRootPath(), "thirdparty/custom/black_domain.txt"))
 	if err != nil {
 		return
@@ -33,9 +35,9 @@ func (b *BlackDomain) loadBlankList() {
 			continue
 		}
 		if strings.HasPrefix(text, ".") == false {
-			b.blackList = append(b.blackList, "."+text)
+			b.blackListMap["."+text] = struct{}{}
 		} else {
-			b.blackList = append(b.blackList, text)
+			b.blackListMap[text] = struct{}{}
 		}
 	}
 	inputFile.Close()
@@ -44,7 +46,7 @@ func (b *BlackDomain) loadBlankList() {
 
 // CheckBlack 检查一个域名是否是位于黑名单中
 func (b *BlackDomain) CheckBlack(domain string) bool {
-	for _, txt := range b.blackList {
+	for txt := range b.blackListMap {
 		// 生成格式为.qq.com$
 		regPattern := strings.ReplaceAll(txt, ".", "\\.") + "$"
 		if m, _ := regexp.MatchString(regPattern, domain); m == true {

diff --git a/pkg/web/controllers/domain.go b/pkg/web/controllers/domain.go
@@ -899,19 +899,26 @@ func (c *DomainController) BlockDomainAction() {
 		c.FailedStatus("当前用户权限不允许！")
 		return
 	}
-	domainName := c.GetString("domain")
-	workspaceId, err := c.GetInt("workspace", 0)
-	if len(domainName) == 0 || err != nil || workspaceId <= 0 {
-		c.FailedStatus("err param")
+
+	id, err := c.GetInt("id")
+	if err != nil {
+		logging.RuntimeLog.Error(err.Error())
+		c.FailedStatus(err.Error())
+		return
+	}
+	domain := db.Domain{Id: id}
+	if domain.Get() == false {
+		c.FailedStatus("get domain fail")
 		return
 	}
-	if utils.CheckDomain(domainName) == false {
-		c.FailedStatus("invalid domain")
+	workspace := db.Workspace{Id: domain.WorkspaceId}
+	if workspace.Get() == false {
+		c.FailedStatus("get workspace fail")
 		return
 	}
 	//  域提取名参数的主域，比如www.images.qq.com的主域名为.qq.com
 	tld := domainscan.NewTldExtract()
-	fldDomain := tld.ExtractFLD(domainName)
+	fldDomain := tld.ExtractFLD(domain.DomainName)
 	if len(fldDomain) == 0 {
 		c.FailedStatus("err domain format")
 		return
@@ -925,15 +932,10 @@ func (c *DomainController) BlockDomainAction() {
 		c.FailedStatus(err.Error())
 		return
 	}
-	workspace := db.Workspace{Id: workspaceId}
-	if workspace.Get() == false {
-		c.FailedStatus("获取当前工作空间失败")
-		return
-	}
 	domainRelatedIP := make(map[string]struct{})
 	// 从数据中获取主域的所有子域名记录
 	domainDb := db.Domain{}
-	domainResult := domainDb.GetsForBlackListDomain(fldDomain, workspaceId)
+	domainResult := domainDb.GetsForBlackListDomain(fldDomain, workspace.Id)
 	for _, d := range domainResult {
 		// 获取域名关联的IP解析记录
 		domainAttr := db.DomainAttr{RelatedId: d.Id}
@@ -954,11 +956,12 @@ func (c *DomainController) BlockDomainAction() {
 	// 删除关联的IP记录
 	for ip := range domainRelatedIP {
 		// 删除数据库中IP记录
-		ipDB := db.Ip{IpName: ip, WorkspaceId: workspaceId}
+		ipDB := db.Ip{IpName: ip, WorkspaceId: workspace.Id}
 		if ipDB.GetByIp() {
 			ipDB.Delete()
 		}
 		ss := fingerprint.NewScreenShot()
 		ss.Delete(workspace.WorkspaceGUID, ip)
 	}
+	c.SucceededStatus("success")
 }
diff --git a/pkg/web/controllers/ip.go b/pkg/web/controllers/ip.go
@@ -956,46 +956,40 @@ func (c *IPController) BlackIPAction() {
 		c.FailedStatus("当前用户权限不允许！")
 		return
 	}
-
-	ip := c.GetString("ip", "")
-	workspaceId, err := c.GetInt("workspace", 0)
-	if len(ip) == 0 || err != nil || workspaceId <= 0 {
-		c.FailedStatus("err param")
+	id, err := c.GetInt("id")
+	if err != nil {
+		logging.RuntimeLog.Error(err.Error())
+		c.FailedStatus(err.Error())
 		return
 	}
-	if utils.CheckIPV4(ip) == false {
-		c.FailedStatus("invalid ipv4")
+	ip := db.Ip{Id: id}
+	if ip.Get() == false {
+		c.FailedStatus("get ip fail")
+		return
+	}
+	workspace := db.Workspace{Id: ip.WorkspaceId}
+	if workspace.Get() == false {
+		c.FailedStatus("get workspace fail")
 		return
 	}
 	// 将IP追加到黑名单文件
 	blackIP := custom.NewBlackIP()
-	err = blackIP.AppendBlackIP(ip)
+	err = blackIP.AppendBlackIP(ip.IpName)
 	if err != nil {
 		c.FailedStatus(err.Error())
 		return
 	}
-	// 删除数据库中IP记录
-	ipDB := db.Ip{IpName: ip, WorkspaceId: workspaceId}
-	if ipDB.GetByIp() == false {
-		c.FailedStatus("数据库不存在当前IP！")
-		return
-	}
-	if ipDB.Delete() == false {
+	// 删除IP
+	if ip.Delete() == false {
 		c.FailedStatus("删除IP失败！")
 		return
 	}
-	// 删除IP相关的screenshot
-	workspace := db.Workspace{Id: workspaceId}
-	if workspace.Get() == false {
-		c.FailedStatus("获取当前工作空间失败")
-		return
-	}
 	ss := fingerprint.NewScreenShot()
-	ss.Delete(workspace.WorkspaceGUID, ip)
+	ss.Delete(workspace.WorkspaceGUID, ip.IpName)
 	// 删除IP关联的域名记录的信息
-	domains := getIpRelatedDomain(workspaceId, ip)
+	domains := getIpRelatedDomain(workspace.Id, ip.IpName)
 	for _, d := range domains {
-		domain := db.Domain{DomainName: d, WorkspaceId: workspaceId}
+		domain := db.Domain{DomainName: d, WorkspaceId: workspace.Id}
 		if domain.GetByDomain() {
 			ss.Delete(workspace.WorkspaceGUID, domain.DomainName)
 			domain.Delete()

diff --git a/thirdparty/custom/black_domain.txt b/thirdparty/custom/black_domain.txt
@@ -1,4 +1,3 @@
 # 用于域名任务，以及在线资产管理平台收集到的黑名称匹配，采用正则匹配的方式
-# 格式为完整的主/子域如: qq.com、stmp.qq.com、.pop3.qq.com
-# 或.gov.cn
+# 格式为完整的主/子域如: qq.com、stmp.qq.com、.pop3.qq.com；或.gov.cn
 .gov.cn
diff --git a/thirdparty/custom/black_ip.txt b/thirdparty/custom/black_ip.txt
@@ -1,5 +1,3 @@
-# IP黑名单，格式为：ip 注释（注释为可选）
-# 单IP：172.16.8.1 XX公司
-# 连续IP地址：172.16.8.10-172.16.8.30 YY公司
-# CIDR：192.168.120.128/25 ZZ公司
-127.0.0.1 loopback
+# IP黑名单，格式为：ip 备注（备注为可选）
+# 单IP：172.16.8.1 XX公司；连续IP地址：172.16.8.10-172.16.8.30 YY公司；CIDR：192.168.120.128/25 ZZ公司
+127.0.0.1 localhost
diff --git a/web/static/js/server/domain-list.js b/web/static/js/server/domain-list.js
@@ -24,6 +24,33 @@ $(function () {
         $('#newXScan').modal('toggle');
         load_pocfile_list();
     });
+    $("#block_domain").click(function () {
+        swal({
+                title: "确定要一键拉黑域名吗?",
+                text: "该操作会将“第一个”选择的的“主域名”加入到黑名单列表中，同时从数据库中删除该主域名下的所有子域名、以及关联的所有IP！",
+                type: "warning",
+                showCancelButton: true,
+                confirmButtonColor: "#DD6B55",
+                confirmButtonText: "确认",
+                cancelButtonText: "取消",
+                closeOnConfirm: true
+            },
+            function () {
+                let selItem = $('#domain_table').DataTable().$('input[type=checkbox]:checked');
+                if (selItem.length >= 1) {
+                    let id = selItem.val().split("|")[0];
+                    $.ajax({
+                        type: 'post',
+                        url: 'domain-block?id=' + id,
+                        success: function (data) {
+                            $('#domain_table').DataTable().draw(false);
+                        },
+                        error: function (xhr, type) {
+                        }
+                    });
+                }
+            });
+    });
     //启动任务 
     $("#start_task").click(function () {
         const target = $('#text_target').val();

diff --git a/web/static/js/server/ip-list.js b/web/static/js/server/ip-list.js
@@ -28,6 +28,32 @@ $(function () {
     $("#import_portscan").click(function () {
         $('#importPortscan').modal('toggle');
     });
+    $("#block_ip").click(function () {
+        swal({
+                title: "确定要一键拉黑选定的IP吗?",
+                text: "该操作会将IP加入到黑名单列表中，同时从数据库中删除IP，以及IP关联的域名！",
+                type: "warning",
+                showCancelButton: true,
+                confirmButtonColor: "#DD6B55",
+                confirmButtonText: "确认",
+                cancelButtonText: "取消",
+                closeOnConfirm: true
+            },
+            function () {
+                $('#ip_table').DataTable().$('input[type=checkbox]:checked').each(function (i) {
+                    let id = $(this).val().split("|")[0];
+                    $.ajax({
+                        type: 'post',
+                        url: 'ip-block?id=' + id,
+                        success: function (data) {
+                        },
+                        error: function (xhr, type) {
+                        }
+                    });
+                });
+                $('#ip_table').DataTable().draw(false);
+            });
+    });
     $("#start_import").click(function () {
         var formData = new FormData();
         formData.append('file', $('#file')[0].files[0]);

diff --git a/web/views/custom.html b/web/views/custom.html
@@ -72,6 +72,7 @@ <h3 class="tile-title">蜜罐</h3>
         <div class="col-md-6">
             <div class="tile">
                 <h3 class="tile-title">IP/Domain黑名单</h3>
+                <small class="form-text text-muted">任务结果中黑名单中的IP与域名不会保存到数据库中；通过在线资产平台（如FOFA等）收集到的资产如果是黑名单中，会忽略指纹获取、漏洞扫描任务及保存；</small>
                 <div class="tile-body">
                     <label class="col-form-label" for="select_black_filename">
                         <b>配置文件</b>
@@ -83,14 +84,14 @@ <h3 class="tile-title">IP/Domain黑名单</h3>
                     <form>
                         <div class="form-group">
                             <label class="col-form-label" for="text_black_domain_ip">
-                                <b>配置参数</b>
+                                <b>黑名单列表</b>
                             </label>
                             <textarea class="form-control" id="text_black_domain_ip" rows="8"></textarea>
                         </div>
                     </form>
                     <div class="tile-footer">
                         <button class="btn btn-primary" type="button" id="buttonSaveBlackDomainIP"><i
-                                class="fa fa-fw fa-lg fa-check-circle"></i>保存IP设置
+                                class="fa fa-fw fa-lg fa-check-circle"></i>保存黑名单设置
                         </button>&nbsp;&nbsp;&nbsp;
                     </div>
                 </div>

diff --git a/web/views/domain-list.html b/web/views/domain-list.html
@@ -56,6 +56,8 @@
                                             class="fa fa-fw fa-lg fa-flag"></i>备忘录信息</a>
                                     <a class="dropdown-item" href="#" id="batch_delete"><i
                                             class="fa fa-fw fa-lg fa-remove"></i>删除</a>
+                                    <a class="dropdown-item" href="#" id="block_domain"><i
+                                            class="fa fa-fw fa-lg fa-ban"></i>域名一键拉黑</a>
                                 </div>
                             </div>
                             <button class="btn btn-secondary" type="button" data-toggle="collapse"

diff --git a/web/views/ip-list.html b/web/views/ip-list.html
@@ -51,6 +51,8 @@
                                             class="fa fa-fw fa-lg fa-remove"></i>删除</a>
                                     <a class="dropdown-item" href="#" id="import_portscan"><i
                                             class="fa fa-fw fa-lg fa-upload"></i>导入离线资产文件</a>
+                                    <a class="dropdown-item" href="#" id="block_ip"><i
+                                            class="fa fa-fw fa-lg fa-ban"></i>IP一键拉黑</a>
                                 </div>
                             </div>
                             <button class="btn btn-secondary" type="button" data-toggle="collapse"