WooYun漏洞查询程序部署与填坑全录
自从乌云关闭之后,能够直接查看漏洞详情的平台几乎没有
每次日站都要翻一下相关漏洞才有办法
于是,在诸位师傅的指导下,找到了一个Python开发的WooYun漏洞查询程序
https://github.com/hanc00l/wooyun_public
官方教程里面有组件的部署教程,网速快,不想折腾搭建环境的可以直接下载打包好了的虚拟机镜像
这里就不复述了,简述一下部署到Apache跟一些填坑的步骤吧
首先要解决的是ROOT权限的问题,因为官方给的这个虚拟机是没有root权限的hancool
这个账号的权限并不能apt-get的方式安装软件
所以这里我们需要先通过找回ROOT密码的方式获取ROOT权限
然后切换到ROOT权限之后,我们先安装好Apache
apt-get install apache2
安装好Apache之后我们还需要安装一个模块
mod_wsgi
具体的命令是
apt-get install libapache2-mod-wsgi
然后创建一个wsgi文件 放在wooyun_public/flask/目录下命名为wooyun.wsgi
import sys sys.path.insert(0, '/home/hancool/wooyun_public/flask') from app import app as application
然后修改Apache配置文件 /etc/apache2/sites-enabled/000-default.conf
[size=13.3333px]<VirtualHost *:5000> ServerName 你的ip# WSGIDaemonProcess yourapplication user=user1 group=group1 threads=5 WSGIScriptAlias / /home/hancool/wooyun_public/flask/wooyun.wsgi <Directory /home/hancool/wooyun_public/flask> Order deny,allow Allow from all </Directory></VirtualHost>[size=0.9em]
完事之后重启apache
/etc/init.d/apache2 restart
这个时候我们已经成功的部署到了apache里面,但是请注意,有可能会出现403错误,这个时候我们可以修改一下权限
这个时候要来一些重头戏了,就是填补一个坑,因为这套程序是通过elasticsearch全文检索引擎来进行一个查询速度的优化的但是在这套程序里面有一个很坑的地方就是,如果不修改他的一个配置文件
就会出现一个情况,比如我们获得一个搜索结果,这个结果有501页就会出现500错误,因为他给elasticsearch设置的是最多10000个结果显示,超过了就会出现500内部服务器错误
这个时候我们需要手动修改一个配置文件
修改/home/hancool/elasticsearch-2.3.4/config/目录下的elasticsearch.yml
# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please see the documentation for further information on configuration options: # <http://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html> # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # # cluster.name: my-application # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # # node.name: node-1 # # Add custom attributes to the node: # # node.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # # path.data: /path/to/data # # Path to log files: # # path.logs: /path/to/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # # bootstrap.mlockall: true # # Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory # available on the system and that the owner of the process is allowed to use this limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # # network.host: 192.168.0.1 # # Set a custom port for HTTP: # # http.port: 9200 # # For more information, see the documentation at: # <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html> # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # # discovery.zen.ping.unicast.hosts: ["host1", "host2"] # # Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1): # # discovery.zen.minimum_master_nodes: 3 # # For more information, see the documentation at: # <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html> # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # # gateway.recover_after_nodes: 3 # # For more information, see the documentation at: # <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html> # # ---------------------------------- Various ----------------------------------- # # Disable starting multiple nodes on a single system: # # node.max_local_storage_nodes: 1 # # Require explicit names when deleting indices: # # action.destructive_requires_name: true index.analysis.analyzer.ik.type : 'ik' index.analysis.analyzer.default.type : 'ik' index.max_result_window : 100000
这里主要是在后面添加了一个
index.max_result_window : 100000
这样就将这个最大数给到了100000
然后我们将elasticsearch启动并重启一下apache服务
成功之后访问ip:5000不出意外的话是不会出现别的问题的
成功地址:http://wooyun.chouxianyu.com:5000
欢迎参与讨论,挖掘出更好的玩法,优化出更快的速度,解决掉更多的坑.
上一篇:138个运营工具洪荒推荐
下一篇:分享一些无特征PHP一句话