https://github.com/binganao/FlowFlow 是一款基于 Docker 搭建的自动化 SRC 工作流,目前它包含了 nuclei、subfinder、naabu、httpx、notify 以及 xray,Flow 的整体工作流程为:子域名发现 -> 端口探测 -> http 服务发现 -> 漏洞扫描 -> 结果输出。Flow 能够在任务完成一小时后,重新启动任务,保持对资产的监控。
注:可以自行添加 xscan 开启自动化 XSS 漏洞挖掘能力
快速上手
# 克隆 Flow 到本地git clone https://github.com/binganao/Flow.gitcd Flow# 配置子域名发现vim domains.txt# 配置目标 (不进行子域名发现)vim targets.txt# 启动 Flowdocker-compose up
配置
Flow 默认包含了两个配置文件:notify.yaml、subfinder.yaml
notify
Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
配置文件参考(使用 tg 推送)
telegram:- id: "tel"telegram_api_key: ""telegram_chat_id: ""telegram_format: "{{data}}"
subfinder
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.
配置文件参考
binaryedge:- lsnflksnfklfnesklfsecensys: []certspotter: []chaos: []dnsdb: []github: []intelx: []passivetotal: []robtex: []securitytrails: []shodan: []spyse: []threatbook: []urlscan: []virustotal: []zoomeye: []zoomeyeapi: []fofa: []fullhunt: []
自行构建
为了增加 Flow 的能力,可自行构建 Docker 镜像
cd Flow# 例如 xxx/flow:0.0.6docker build -t xxx/flow:0.0.x .
配置 docker-compose.yml
version: '2'services:flow:image: xxx/flow:0.0.xcontainer_name: FLOWenvironment:- 'TZ="Asia/Shanghai"'volumes:- ./targets.txt:/script/targets.txt- ./domains.txt:/script/domains.txt- ./dict/sub-dict.txt:/script/dict/sub-dict.txt- ./config/subfinder.yaml:/root/.config/subfinder/provider-config.yaml- ./config/notify.yaml:/root/.config/notify/provider-config.yamlcommand: sh -c "./auto.sh"
Flow 网盘下载链接:
关注公众号,回复关键词 ' flow '获取
关注公众号,后台回复关键词获取安全相关资源:
【 1868 】 :弱口令字典
【 6956 】 :Windows提权工具包
【 1762 】 :渗透辅助综合工具
【 2595 】 :应急响应工具集
原文始发于微信公众号(菜鸟学安全):一款自动化 SRC 、渗透、打点工具
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论