连接及基本信息

默认安装环境下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
root@ubuntu:/opt/xunfeng/xunfengdb/bin# ./mongo mongodb://127.0.0.1:65521/xunfeng
MongoDB shell version v3.4.0
connecting to: mongodb://127.0.0.1:65521/xunfeng
MongoDB server version: 3.4.0
> db.auth('scan','scanlol66')
1
> show collections
Config
Heartbeat
History
Info
Plugin
Result
Statistics
Task
Update

资产相关表

根据巡风代码,主要是Info表

https://github.com/ysrc/xunfeng/blob/master/nascan/lib/scan.py

1
2
3
mongo.NA_INFO.insert({"ip": self.ip, "port": self.port,“hostname": hostname, "banner": banner, "time": time_})
                                  
mongo.NA_INFO.update({'ip': self.ip, 'port': self.port},{"$set": {'banner': self.banner, 'server': 'web', 'webinfo': web_info,'time': time_}})

以一条具体数据为例:

1
2
3
db.Info.find()

{ "_id" : ObjectId("id信息"), "ip" : "ip_address", "hostname" : "hostname_miao", "time" : ISODate("2019-03-06T02:49:18.268Z"), "banner" : "banner 信息", "port" : 2333, "webinfo" : { "tag" : [ "php","apache"], "title" : "Error 404 Not Found" }, "server" : "web" }

在巡风web界面大概是这样

ip,port,hostname,banner等顾名思义

server:web

webinfo中php,apache

打码的蓝色信息为webinfo中title

可以获取下Info中的key:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
mr = db.runCommand({ "mapreduce" : "Info", "map" : function() { for (var key in this) { emit(key, null); } }, "reduce" : function(key, stuff) { return null; },  "out": "Info" + "_keys" })
{
	"result" : "Info_keys",
	"timeMillis" : 112,
	"counts" : {
		"input" : 1209,
		"emit" : 8707,
		"reduce" : 102,
		"output" : 8
	},
	"ok" : 1
}

> db.Info_keys.distinct("_id")
[
	"_id",
	"banner",
	"hostname",
	"ip",
	"port",
	"server",
	"time",
	"webinfo"
]

可以看到主要就这些信息

因此如果认为巡风自身资产探测不完善,需要手工导入资产信息,既可以按照这种格式构造数据进行导入