xray 设置钉钉告警

发表于 2019-12-05 | 分类于 Config

字数统计: 1.5k | 阅读时长 ≈ 8

xray 扫描

xray目录为/tools/scanner/xray

1. 安装 supervisord

1	apt install supervisor

2. 设置 python 告警脚本

from flask import Flask, request
import requests
import json
import time

app = Flask(__name__)

token="XXXXXXXXXXXXXXXXXXXXXXXXXX"

headers = {'Content-Type': 'application/json;charset=utf-8'}

webhook="https://oapi.dingtalk.com/robot/send?access_token=%s"%(token)

def dingding_markdown_msg(webhook, message):
    time_local = time.localtime(message['create_time']/1000)
    stime = time.strftime("%Y-%m-%d %H:%M:%S", time_local)
    data_module = '''**主机:** {name} 出现漏洞   
    **漏洞 url:** {url}   
    **漏洞 port:** {port}     
    **漏洞 plugin:** {plugin}      
    **漏洞 vuln_class:** {vuln_class}   
    **出现时间:** {datatime}    
    '''.format(name=message['detail']['host'], plugin=message['plugin'], url=message['target']['url'],
               port=message['detail']['port'],request1=message['detail']['request1'],
               request2=message['detail']['request2'],vuln_class=message['vuln_class'],datatime=stime)

    json_text = {
        "msgtype": "markdown",
        "at": {
            "atMobiles": [
            ],
            "isAtAll": False
        },
        "markdown": {
            "title":"xray 告警：%s 出现漏洞"%message['detail']['host'],
            "text": data_module
        }
    }
    try:
        info = requests.post(webhook, json.dumps(json_text), headers=headers).content

    except Exception as e:
        print(str(e))


@app.route('/webhook', methods=['POST'])
def xray_webhook():
    try:
        data = request.json
        dingding_markdown_msg(webhook,data)
    except Exception as e:
        print(str(e))
    return 'ok'


if __name__ == '__main__':
    app.run(port=7071)

3. 设置 xray 自启动脚本 `/tools/scanner/xray/xray.sh`

#!/bin/bash

cd /tools/scanner/xray/
[ -e "output/index.html" ] && mv output/index.html output/index-"`date +%Y%m%d%H%M%S`".html
./xray webscan --listen 127.0.0.1:7777 --html-output  output/index.html --webhook-output http://127.0.0.1:7071/webhook

4. Supervisor conf

[program:xray]
command=/tools/scanner/xray/xray.sh
user=nobody
autostart = true
autorestart=true
redirect_stderr=true
directory=/tools/scanner/xray/
stdout_logfile=/tools/scanner/xray/log/xray.log
stdout_logfile_maxbytes=20MB
[program:xraygaojing]
command=/usr/bin/python3 /tools/scanner/xray/xray_dingding.py
user=nobody
autostart = true
autorestart=true
redirect_stderr=true
directory=/tools/scanner/xray/
stdout_logfile=/tools/scanner/xray/log/xray_gaojing.log
stdout_logfile_maxbytes=20MB

配置 xray dnslog http 告警

1. 告警脚本

#！-*- coding:utf-8 -*-
import time
import json
import requests
import traceback

host="http://127.0.0.1:88"
token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"

webhook = "https://oapi.dingtalk.com/robot/send?access_token=%s" % (token)

xray_header = {
    "x-token": "5a3103e6-163d-11ea-86f9-acde48001122"
}
headers = {'Content-Type': 'application/json;charset=utf-8'}
run_data = {"http": {"first": True, "lastid": 0}, "dns": {"first": True, "lastid": 0}}


def dingding_markdown_msg(webhook, message):
    time_local = time.localtime(message['time_stamp'] / 1000)
    stime = time.strftime("%Y-%m-%d %H:%M:%S", time_local)
    data_module = '''**消息类型:** {event_type} 出现消息      
    **消息 id:** {id}    
    **消息 group_id:** {group_id}    
    **消息 remote_addr:** {remote_addr}            
    **消息 request:** {request}     
    **出现时间:** {datatime}       
    '''.format(id=message['id'], group_id=message['group_id'], remote_addr=message['remote_addr'],
               request=message['request'], event_type=message['event_type'], datatime=stime)

    json_text = {
        "msgtype": "markdown",
        "at": {
            "atMobiles": [
            ],
            "isAtAll": False
        },
        "markdown": {
            "title": u"xray 告警：%s 出现消息" % message['event_type'],
            "text": data_module
        }
    }
    try:
        info = requests.post(webhook, json.dumps(json_text), headers=headers).content

    except Exception as e:
        print(traceback.format_exc())


session = requests.session()

def send_msg():
    httprc = session.get("%s/_/api/event/list?lastID=&count=10&eventType=http&action=Next"%(host), headers=xray_header)
    httpdata = httprc.json()['data']['events'][0]
    if run_data['http']['first']:
        run_data['http']['first']=False
        run_data['http']['lastid'] = httpdata['id']
        print("第一次记录 http id：%s 不发送告警"%(httpdata['id']))
    else:
        if httpdata['id'] > run_data['http']['lastid']:
            run_data['http']['lastid'] = httpdata['id']
            dingding_markdown_msg(webhook,httpdata)
            print("发送 http message %s"%(httpdata['id']))

    dnsrc = session.get("%s//_/api/event/list?lastID=&count=10&eventType=dns&action=Next"%(host), headers=xray_header)
    dnsdata = dnsrc.json()['data']['events'][0]
    if run_data['dns']['first']:
        run_data['dns']['first'] = False
        run_data['dns']['lastid'] = dnsdata['id']
        print("第一次记录 dns id：%s 不发送告警" % (dnsdata['id']))
    else:
        if dnsdata['id'] > run_data['dns']['lastid']:
            run_data['dns']['lastid'] = dnsdata['id']
            dingding_markdown_msg(webhook, dnsdata)
            print("发送 dns message %s" % (dnsdata['id']))

if __name__ == '__main__':
    while True:
        try:
            send_msg()
        except Exception as e:
            print(traceback.format_exc())
        print("wait 5s")
        time.sleep(5)

2. Xray 配置文件

reverse:
  db_file_path: "/tools/scanner/xray/xray.db"
  token: "xxxxxxxxx"
  http:
    enabled: true
    listen_ip: 0.0.0.0
    listen_port: 88
  dns:
    enabled: true
    listen_ip: 0.0.0.0
    domain: "xxx.cc"
    is_domain_name_server: true
    # 静态解析规则
    resolve:
    - type: A
      record: mxx
      value: x5.xx.xx.1x0
    - type: A
      record: ns1
      value: x5.xx.xxx.1x0
      ttl: 60
    - type: A
      record: ns2
      ttl: 60
      value: x5.xx.xx.1x0
  client:
    http_base_url: "http://mxx.xx.cc:88"
    dns_server_ip: ""
    remote_server: false

3. 配置 supervisor

[program:xray]
command=/tools/scanner/xray/xray reverse
user=nobody
autostart = true
autorestart=true
redirect_stderr=true
directory=/tools/scanner/xray/
stdout_logfile=/tools/scanner/xray/log/xray.log
stdout_logfile_maxbytes=20MB

[program:xray_rec]
command=/usr/bin/python /tools/scanner/xray/xray_rev_ding.py
user=nobody
autostart = true
autorestart=true
redirect_stderr=true
directory=/tools/scanner/xray/
stdout_logfile=/tools/scanner/xray/log/xray_rev.log
stdout_logfile_maxbytes=20MB

4. 配置 nginx https 访问

server {
    listen 80;
     server_name mxx.xxx.cc;
    rewrite ^(.*) https://$host$1 permanent;
}

server {
  listen 443 ssl;
  server_name mxx.xxx.cc;
  ssl_certificate /tools/scanner/xray/mxx.xxx.cc.pem;
  ssl_certificate_key /tools/scanner/xray/mxx.xxx.cc.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers on;
  location / {

   proxy_pass  http://127.0.0.1:88;

        #Proxy Settings
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_max_temp_file_size 0;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;

    }
}

低权限使用1024以下端口

1	setcap cap_net_bind_service=+eip xray

设置开机自启动

1	systemctl enable supervisor
2	systemctl start supervisor