乌云2年多了。。突发奇想在内网搭建个知识库+漏洞库

准备

为了方便,我用了Windows服务器,详细配置如下

服务器配置

Windows Server 2016 DC
Apache 2.4.25
PHP 5.6.30
MySQL 5.7.17-log

所需文件下载地址

知识库:
链接:https://pan.baidu.com/s/1CZVZxdHzl7L8y3dGWN-aOQ
提取码:uuuo
漏洞库
链接:https://pan.baidu.com/s/1LGSwDmVwtlffyM8I-1hQzw
提取码:8duw

步骤

漏洞库

  1. 将漏洞库中的wooyun目录下所有文件移入mysql的data目录,然后查看数据库中是否存在名称为wooyun的数据库库和bugs、whitehats的数据表
    mysql> SHOW DATABASES;
    +--------------------+
    | Database |
    +--------------------+
    | information_schema |
    | mysql |
    | performance_schema |
    | sys |
    | wooyun |
    +--------------------+
    5 rows in set (0.00 sec)
    mysql> use wooyun
    Database changed
    mysql> SHOW TABLES;
    +------------------+?
    | Tables_in_wooyun |
    +------------------+
    | bugs |
    | whitehats |
    +------------------+
    3 rows in set (0.00 sec)
  2. 更改bugs\conn.php的内容为你数据库信息
  3. 访问查看查看是否正常,如页面显示报错信息,删掉那一行即可

    知识库

    知识库均为静态内容,为了方便浏览,写了个python脚本插入数据库
    在wooyun数据库新建个drops表,SQL如下
CREATE TABLE `drops` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`title` text NOT NULL,
`link` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1270 DEFAULT CHARSET=utf8

Python脚本如下(Python 3)

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Date : 2018-10-15 14:21:13
# @Author : Sp4ce
# @Github : https://github.com/NS-Sp4ce
# @Version : 1.0

import os
import re
import time
import pymysql

path = "" # 乌云知识库文件夹目录


def getFiles(path):
dirs = os.listdir(path) # 得到文件夹下的所有文件名称
#print(dirs)
file = []
i = 0
for dir in dirs: # 遍历文件夹
file.append(dir)
i += 1
# print(files)
print('文件夹读取完毕,共有'+str(i)+'个文件')
return file #返回file

def insertDB(string):
url='/content/'+titles
conn=pymysql.connect(host='localhost', port=3306, user='root', password="", db='wooyun', charset='utf8') #定义数据库链接
cur = conn.cursor()
insert_sql ="""INSERT INTO drops (title,link) VALUES ('%s','%s');"""
cur.execute(insert_sql%(string,url))
conn.commit()
#time.sleep(0.5)

def getTitle(file):
global titles
for titles in file:
#判断是否是文件夹,不是文件夹才打开
if not os.path.isdir(path + '\\' + titles):
#打开文件
with open(path + '\\' + titles, 'r',encoding='utf-8') as files:
p1 = re.compile('<title>([\s\S]*)</title>') #将正则表达式编译成 p1 对象
try:
for line in files:
match1 = p1.search(line)#匹配
#print(match1)
if match1:
string=match1.group(0)
string=string.replace('<title>','')
string=string.replace(' | WooYun知识库</title>','')#标题处理
try:
insertDB(string)
print('[+]' + string + '<->插入成功')
except:
print('[-]' + string + '<->插入失败')
fo = open('error.txt', "ab+") #失败记录
fo.write(('\r''[-]' + string + "--------插入失败" + '\r\n').encode('UTF-8'))
fo.close()

except:
fo = open('error.txt', "ab+")#失败记录
fo.write(('\r''[-]' + titles + "--------获取失败" + '\r\n').encode('UTF-8'))
fo.close()
return titles


if __name__ == "__main__":
getTitle(getFiles(path))

入完库后做个页面来查询【PS:写的不好 见谅。。】

dops.php

<?php

require('conn.php');
?>
<!DOCTYPE html>
<html>

<head>
<meta charset="utf-8">
<title>
乌云知识库
</title>
<meta content="webkit" name="renderer">
<meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
<meta content="width=device-width, initial-scale=1, maximum-scale=1" name="viewport">
<link href="/layui/css/layui.css" media="all" rel="stylesheet">
</head>

<body class="layui-main">
<div class="layui-container">
<div class="layui-col-xs6 layui-col-md12">
<div class="layui-field-title">
<h1><a href="#">乌云知识库</a></h1>
<h2><a href="#">WooYun Drops</a></h2>
</div>
</div>
<hr class="layui-bg-blue">
<div class="layui-col-xs6 layui-col-md12 layui-text-center layui-mt-5 layui-mb-5">
<h1 class="layui-text-h1">乌云知识库</h1>
</div>
<div class="layui-col-xs6 layui-col-md12 layui-mt-5">
<form class="layui-form" action="" method="get">
<div class="layui-form-item" style="width: 90%;margin: 0 auto">
<div class="layui-input-inline">
<input type="text" name="q" required="" lay-verify="required" placeholder="搜索条件" class="layui-input">
</div>
<button class="layui-btn layui-btn-normal" type="submit">搜索</button>
</div>
</form>
</div>
<div class="layui-col-xs6 layui-col-md12">
<!--检索结果-start-->
<?
if(isset($_GET['q'])){
@$q0=isset($_GET['q'])?$_GET['q']:'SQL注射';
@$q = str_replace("'","",$q0);
$qs = mysql_query("select * from drops where title like '%"[email protected]$q."%' or link like '%"[email protected]$q."%' group by id order by id desc");
$num = "15"; //每页显示30条
@$page=isset($_GET['page'])?intval($_GET['page']):1;
@$total=mysql_num_rows($qs); //查询数据的总数total
@$pagenum=ceil($total/$num);
@$offset=($page-1)*$num;
@$$drops_result2222 = mysql_query("select * from drops where title like '%"[email protected]$q."%' or link like '%"[email protected]$q."%' group by id order by id desc limit ".$offset.",15");
if (mysql_num_rows($$drops_result2222)>0) {
echo '
<fieldset class="layui-elem-field layui-field-title" style="margin-top: 50px;">
<legend>
搜索结果
</legend>
</fieldset>
<table class="layui-table">
<colgroup>
<col>
<col>
<col>
</colgroup>
<thead>
<tr>
<th>
标题
</th>
<th>
链接
</th>
<th>
操作
</th>
</tr>
</thead>';
echo "<tbody>";
while(@$row223 = mysql_fetch_array($$drops_result2222)){
echo "<tr>";
echo '<td>'.$row223['title'].'</td>'. PHP_EOL;
echo '<td>'.$row223['link'].'</td>'. PHP_EOL;
echo '<td> <a href="http://'.$_SERVER["SERVER_ADDR"].$row223['link'].'" class="layui-btn layui-btn-normal">查看</a></td>'. PHP_EOL;
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
echo '<div style="float:right;padding:10px 30px 0 0">';
@$page = $_GET['page']?$_GET['page']:1;//当前页数,默认是1
if($page==1){
$prepage=1;
}else{
$prepage=$page-1;
}
if($page==$pagenum){
$nextpage=$pagenum;
}else{
$nextpage=$page+1;
}
echo '<center> 共 '.$total.' 条记录';
echo ','.$pagenum.' 页 ';
echo '<a href="drops.php?q='.$q.'&page=1" class="layui-btn layui-btn-sm">首页</a>'. PHP_EOL;
echo '<a href="drops.php?q='.$q.'&page='.$prepage.'" class="layui-btn layui-btn-primary layui-btn-sm">上一页</a>'. PHP_EOL;
echo '<a href="drops.php?q='.$q.'&page='.$nextpage.'" class="layui-btn layui-btn-primary layui-btn-sm">下一页</a>'. PHP_EOL;
echo '<a href="drops.php?q='.$q.'&page='.$pagenum.'" class="layui-btn layui-btn-danger layui-btn-sm">末页</a></center>'. PHP_EOL;
echo '</div>';
}else{
echo '<blockquote class="layui-elem-quote layui-text layui-mt-5">未检索到相关内容!</blockquote>';
}
}

?>
</div>
<!---检索结果-end-->
<div class="layui-col-xs6 layui-col-md12"style="margin-bottom: 100px;">
<fieldset class="layui-elem-field layui-field-title" style="margin-top: 50px;">
<legend>
随机文章
</legend>
</fieldset>
<?php
@$drops_random = mysql_query("SELECT * FROM drops WHERE id >= ((SELECT MAX(id) FROM drops)-(SELECT MIN(id) FROM drops)) * RAND() + (SELECT MIN(id) FROM drops) LIMIT 5");
@$drops_random = mysql_query("SELECT * FROM drops WHERE id >= ((SELECT MAX(id) FROM drops)-(SELECT MIN(id) FROM drops)) * RAND() + (SELECT MIN(id) FROM drops) LIMIT 5");
if (mysql_num_rows($drops_random)>0) {
echo '
<table class="layui-table">
<colgroup>
<col>
<col>
<col>
</colgroup>
<thead>
<tr>
<th>
标题
</th>
<th>
链接
</th>
<th>
操作
</th>
</tr>
</thead>';
echo "<tbody>";
while(@$row223333 = mysql_fetch_array($drops_random)){
echo "<tr>";
echo '<td>'.$row223333['title'].'</td>'. PHP_EOL;
echo '<td>'.$row223333['link'].'</td>'. PHP_EOL;
echo '<td> <a href="http://'.$_SERVER["SERVER_ADDR"].$row223333['link'].'" class="layui-btn layui-btn-normal">查看</a></td>'. PHP_EOL;
echo "</tr>";
}
echo '</tbody>';
echo '</table>';
}
?>
</div>
</div>
<div class="layui-footer" style="margin-top: 50px;">
<ul>
<li><a href="/">wooyun.org</a></li>
</ul>
</div>
</body>
<script charset="utf-8" src="/layui/layui.js">
</script>

</html>

文件夹目录如下

文件夹目录

成果

屏幕截图

所需文件

https://github.com/NS-Sp4ce/wooyun-drops-tools