wukong agent

wukong agent

作者: amazing_bing | 来源:发表于2017-08-22 14:16 被阅读0次

Wukong Scanner Agent v1



  • system structure : python + flower + celery + redis
  • Cross platform operation
  • The current module as the following :
    • awvs : Awvs scanner
    • nessus : Nessus scanner
    • brute : System service account password burst test
    • web : System web service vulnerability test
    • pscan : Port scans
  • Custom plug-in
  • It can distributed deployment
  • It access to third-party scanning tools


modify setting.py as the following

redis_host = 'localhost'    #your redis address
redis_port = 6379           #your redis port
redis_pwd = ''              #your redis password

"awvs_url" : "" ,  #your awvs host
"awvs_port" : 8183 ,        #your awvs password

"nessus_url" : "https://xxx.com" ,  #your nessus host
"nessus_name" : "xx" ,          #your nessus user
"nessus_pass" : "xx" ,  #your nessus password


runing on the server

start server:
    celery -A tasks worker --loglevel=info --concurrency=10
    celery flower --port=8080 --broker=redis://
    #celery flower --port=8080 --broker=redis://:password@
    #celery flower --port=8080 --broker=redis:// --basic_auth=xx:xx

send task:
    curl -X POST -d '{"args":["taskid-23","www.baidu.com"]}'
    curl -X POST -d '{"args":["taskid-23","www.baidu.com","web"]}'

runing on the console

python wukong.py -d 100.xueersi.com -m pscan        #port scans
python wukong.py -d 100.xueersi.com -m nessus       #nessus scans
python wukong.py -d 100.xueersi.com -m awvs         #awvs scans
python wukong.py -d 100.xueersi.com -m web          #all zero day vulnerability scans 
python wukong.py -d 100.xueersi.com -m brute        #all brute service vulnerability scans 
python wukong.py -d 100.xueersi.com -m brute -c SESSION=232     #all brute service vulnerability scans by cookie
python wukong.py -d 100.xueersi.com -m web -t subdomain     #subdomain scans by webapi
python wukong.py -d 100.xueersi.com -m brute -t subdomain   #subdomain scans by brute
python wukong.py -d 100.xueersi.com -m all          #scan all the weaknesses

running screenshot as the following

wukong agent console


wukong web api

celery.png flower.png send_task.png flower_result.png wukong_agent_result.png

Custom plug-in

#!/user/bin python
# -*- coding:utf-8 -*- 
# Author:Bing
# Contact:amazing_bing@outlook.com
# Description:  coding 

import sys

from common.captcha import Captcha  # Captcha 
from common.func import *           # Common function
from common.check import *          # Common format validation 

import json,re,subprocess,time

class WuKong(object):
    args = { "cookies": cookie , "user_pass": ( "username" , "password" ) , "args" : "" }
    # cookies : it is your cookie
    # user_pass : it is username and password 
    # args : it could be a path,a subdomain prefix , a WEB fingerprint as  x.php / www / discuz! 2.3x etc ...  depending on your poc type
    def __init__(self,  target = "", args = ""):    
        self.target = target
        self.cookies = args["cookies"]
        self.website = "https://www.threatminer.org"
        self.result = {
            "bug_author" : "Bing",
            "bug_name" : "Threatminer subdomain api",
            "bug_summary" : "Subdomain search", 
            "bug_level" : "Normal" , 
            "bug_detail" : [] ,
            "bug_repair" : "none"
    def exploit(self):
        if is_Domain(self.target) == False :
            return []

        target = str(".".join(self.target.split(".")[1:]))
            url = "{0}/getData.php?e=subdomains_container&q={1}&t=0&rt=10&p=1".format(self.website, target )
            content = http_request_get(url).content

            _regex = re.compile(r'(?<=<a href\="domain.php\?q=).*?(?=">)')
            for sub in _regex.findall(content):
                if is_Domain(sub):

            return list(set(self.result))

''' local test '''            
# test = WuKong(target ='www.aliyun.com',args = {"cookies":"" , "user_pass": "" , "args" : "www" })
# test.exploit()
# print test.result 


Python version Wukong Agent version Link
2.7.3 1.0 v1

please waiting for update


If you want to contribute to my project please don't hesitate to send a pull request. You can also join our users, by sending an email to me, to ask questions and participate in discussions.


if you hava some question or good idea,you can leave a message to me!



      本文标题:wukong agent
