Kunyu, more efficient corporate asset collection

Overview

Kunyu(坤舆) - More efficient corporate asset collection

GitHub stars GitHub issues GitHub release


English | 中文文档

0x00 Introduce

Tool introduction

Kunyu (kunyu), whose name is taken from , is actually a professional subject related to geographic information, which counts the geographic information of the sea, land, and sky. The same applies to cyberspace. The same is true for discovering unknown and fragile assets. It is more like a cyberspace map, which is used to comprehensively describe and display cyberspace assets, various elements of cyberspace and the relationship between elements, as well as cyberspace and real space. The mapping relationship. So I think "Kun Yu" still fits this concept.

Kunyu aims to make corporate asset collection more efficient and enable more security-related practitioners to understand and use cyberspace surveying and mapping technology.

Application scenario

For the use of kunyu, there can be many application scenarios, such as:

  • Forgotten and isolated assets in the enterprise are identified and added to security management.
  • Perform quick investigation and statistics on externally exposed assets of the enterprise.
  • Red and blue are used against related requirements, and batch inspections of captured IPs are performed.
  • Collect vulnerable assets in batches (0day/1day) for equipment and terminals within the impact.
  • Information on sites involved in new-type cybercrime cases is quickly collected and merged for more efficient research, judgment, and analysis.
  • Statistic and reproduce the fragile assets on the Internet that are affected by related vulnerabilities.
  • .......

0x01 Install

Need Python3 or higher support

git clone https://github.com/knownsec/Kunyu.git
tar -xvf Kunyu.tar
cd Kunyu
pip3 install -r requirements.txt

Linux:
	python3 setup.py install
	kunyu console

Windows:
	cd kunyu
	python3 console.py
	
P.S. Windows also supports python3 setup.py install

0x02 Configuration instructions

When you run the program for the first time, you can initialize by entering the following command. Other login methods are provided. However, it is recommended to use the API method. Because the user name/password login requires an additional request, the API method is theoretically more efficient.

kunyu init --apikey  --seebug 

0x03 Tool instructions

Detailed command

kunyu console

ZoomEye

Global commands:
        info                                      Print User info
        SearchHost                         Basic Host search
        SearchWeb                          Basic Web search
        SearchIcon /                   Icon Image search
        SearchBatch                         Batch search Host
        SearchCert                        SSL certificate Search
        SearchDomain                      Domain name associated/subdomain search
        Seebug                             Search Seebug vulnerability information
        set 

OPTIONS

ZoomEye:
	page     				The number of pages returned by the query
	dtype <0/1>      				Query associated domain name/subdomain name
	btype  				Set the API interface for batch query

Use case introduction

Here we use the ZoomEye module for demonstration

User information query

HOST host search

Web host search

Batch IP search

Icon Search

When collecting corporate assets, we can use this method to retrieve the same ico icon assets, which usually has a good effect when associating related corporate assets. But it should be noted that if some sites also use this ico icon, irrelevant assets may be associated (but people who are bored with other people's ico icons are always in the minority). Support url or local file search.

SSL certificate search

Query through the serial number of the SSL certificate, so that the associated assets are more accurate, and services that use the same certificate can be searched. When you encounter an https site, you can use this method.

Associated Domain/Subdomain Search

Search for associated domain names and subdomains, and query associated domain names by default. Two modes can be set by setting the dtype parameter.

Seebug vulnerability query

You can query historical related vulnerabilities by entering information about the framework and equipment you want to find, but you need to note that only English is supported, and improvements and upgrades will be made later.

Setting parameters

When set page = 2, the returned results are 40. You can modify the page parameter to set the number of pages to be queried. Note that 1 page = 20/items. You can modify the value according to your needs to get more returned results.

The configurable parameters and the current values of the parameters are displayed through show.

Data result

All search results are saved in the user's root directory, and the directory is created based on the current timestamp. All query results of a single start are stored in an Excel format under one directory, giving a more intuitive experience. The output path can be returned through the ExportPath command.

0x04 Loading

​ In fact, there are still many ideas, but as an Alpha version, this is the case, and it will continue to be improved in the later period. I hope that Kunyu can be known to more security practitioners. Thank you for your support.

​ The tool framework has reference to Kunlun Mirror and Pocsuite3, which are all very good works.

​ Thanks to all the friends of KnownSec 404 Team.

“ 看得清 ” 是能力的体现,是 “ 器 ” ,而 “ 看得见 ” 就是思想的体现,那最后关联的是 “ 道 ”。

​ --SuperHei

0x05 Issue

1、Multi-factor search

ZoomEye search can use multi-factor search, dork:cisco +port:80 (note the space) can search all data that meet the conditions of cisco and port:80, if there is no space in between, it is the same search condition, it is that cisco is satisfied and the port is All data for 80. Kunyu's dork does not require quotation marks.

2、High-precision geographical location

ZoomEye gives privileged users high-precision geographic location data, but it should be noted that ordinary users do not have this function, so I hope you know.

3、Username/password login

If you use username/password as the initialization condition, the token will be valid for 12 hours. If you find that your search cannot return data, you may wish to info. If the session times out, the initialization command prompt will be returned. In most cases, we recommend that you use the API KEY method, there is no invalidation problem. This design is also for the security of your account and password. After all, the API KEY can be reset and the token will become invalid. However, with the account and password, it is possible to log in to your ZoomEye account.

4、Cert certificate search

It should be noted that, according to the normal logic, you need to encode the serial number of the target SSL certificate in hexadecimal to match the sentence search, but Kunyu only needs to provide the Domain address to search. The principle is to make a request to the target station to obtain the serial number and process it, but if your host cannot access the target that needs to be searched, it cannot be retrieved. At this time, you can also search with the sentence in the usual way.

5、Favicon icon search

ico icon search not only supports URL retrieval, but also supports local ico icon file search, which has better scalability and compatibility.

6、Query data save path

By default, your query data is in the Kunyu folder under the user directory. You can also use the ExportPath command to query the path in the console mode.

7、Autocomplete

Kunyu's auto-completion supports upper and lower case, command logging, etc., use Tab to complete, please refer to Metasploit for usage.

0x06 Contributions

风起@knownsec 404
[email protected] 404
[email protected] 404
[email protected] 404

0x07 Community

If you have any questions, you can submit an issue under the project, or contact us through the following methods.

Scan the QR code to add the ZoomEye staff member WeChat, and remark Kunyu, which will draw everyone to the ZoomEye cyberspace surveying and mapping exchange group

Comments
  • How to fix this error?

    How to fix this error?

    I try to install it in kali linux and this error appears. Please help me.

    I just also install the requirements still this error appears.

    Traceback (most recent call last): File "/usr/local/bin/kunyu", line 33, in sys.exit(load_entry_point('kunyu==1.6.4', 'console_scripts', 'kunyu')()) File "/usr/local/bin/kunyu", line 25, in importlib_load_entry_point return next(matches).load() File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load module = import_module(match.group('module')) File "/usr/lib/python3.9/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1030, in _gcd_import File "", line 1007, in _find_and_load File "", line 986, in _find_and_load_unlocked File "", line 680, in _load_unlocked File "", line 850, in exec_module File "", line 228, in _call_with_frames_removed File "/usr/local/lib/python3.9/dist-packages/kunyu-1.6.4-py3.9.egg/kunyu/console.py", line 17, in from kunyu.core.console import KunyuInterpreter File "/usr/local/lib/python3.9/dist-packages/kunyu-1.6.4-py3.9.egg/kunyu/core/init.py", line 16, in import grequests File "/usr/local/lib/python3.9/dist-packages/grequests-0.6.0-py3.9.egg/grequests.py", line 22, in curious_george.patch_all(thread=False, select=False) File "/usr/local/lib/python3.9/dist-packages/gevent-21.12.0-py3.9-linux-x86_64.egg/gevent/monkey.py", line 1253, in patch_all from gevent import events File "/usr/local/lib/python3.9/dist-packages/gevent-21.12.0-py3.9-linux-x86_64.egg/gevent/events.py", line 71, in from zope.event import subscribers ModuleNotFoundError: No module named 'zope.event'

    opened by Visalyaputra 8
  • Kunyu初始化报错

    Kunyu初始化报错

    使用命令kunyu init --apikey "01234567-acbd-0000" --seebug "a73503200157"(推荐)初始化 然后进入Kunyu (ZoomEye) > 输入info 报错[12:01:05] [zoomeye.py:105] [ERROR]- The token has expired, please re-initialize。重复再来一遍也是如此 使用该命令:kunyu init --apikey "01234567-acbd-00000-1111-22222222222",则不报错

    opened by d4rkduck 5
  • 运行python console.py命令报错

    运行python console.py命令报错

    Traceback (most recent call last): File "console.py", line 17, in from kunyu.core.console import KunyuInterpreter File "D:\XXX\XX\Kunyu\kunyu\core\console.py", line 22, in from kunyu.core.zoomeye import ZoomEye File "D:\XXX\XX\Kunyu\kunyu\core\zoomeye.py", line 25, in from pocsuite3.cli import check_environment, module_path File "C:\XXX\XXXX\Roaming\Python\Python38\site-packages\pocsuite3_init_.py", line 11, in from .cli import module_path File "C:\XXX\XXXX\Roaming\Python\Python38\site-packages\pocsuite3\cli.py", line 12, in from pocsuite3.lib.core.option import init File "C:\XXX\XXXX\Roaming\Python\Python38\site-packages\pocsuite3\lib\core\option.py", line 38, in from pocsuite3.lib.request.patch import patch_all File "C:\XXX\XXXX\Roaming\Python\Python38\site-packages\pocsuite3\lib\request\patch_init_.py", line 6, in from .hook_request import patch_session File "C:\XXX\XXXX\Roaming\Python\Python38\site-packages\pocsuite3\lib\request\patch\hook_request.py", line 9, in from requests.compat import OrderedDict, Mapping ImportError: cannot import name 'Mapping' from 'requests.compat' (C:\XXX\XXXX\Roaming\Python\Python38\site-packages\requests\compat.py)

    opened by m1m1cat 3
  • kunyu使用报错

    kunyu使用报错

    Kunyu (ZoomEye) > SearchHost ip:8.8.8.8 [10:58:16] [zoomeye.py:77] [ERROR]- Network timeout [10:58:16] [zoomeye.py:363] [ERROR]- The query result is empty

    opened by SlientLamb 2
  • kunyu console使用错误

    kunyu console使用错误

    └─# kunyu console 139 ⨯ 2 ⚙ :219: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject :219: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject :219: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject :219: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject :219: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject :219: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject :219: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject zsh: segmentation fault kunyu console

    opened by IR-create 1
  • Update Kunyu Version V1.6.1

    Update Kunyu Version V1.6.1

    • Optimized the issue of CTRL+C exiting the program when executing system commands
    • The stype parameter is added, and the data type can be set to IPV4 or IPV6
    • Added the views command to get the original information of the SSL certificate [views]
    opened by wikiZ 0
  • Update Kunyu Version V1.6.0

    Update Kunyu Version V1.6.0

    • Brand new style heading
    • Add Custom timeout options [timeout]
    • Add Raw data sensitive information matching [SearchKeyWord]
    • Added a command to view the output information banner information [view]
    • Optimized the abnormal launching program mechanism
    • Optimized the field information output by the info command
    • Support the execution of system commands
    • Optimized the host collision mechanism
    • Optimized the problem of incomplete information display on the mac system
    opened by wikiZ 0
  • Update Kunyu Version V1.6.0

    Update Kunyu Version V1.6.0

    • Brand new style heading
    • Add Custom timeout options [timeout]
    • Add Raw data sensitive information matching [SearchKeyWord]
    • Added a command to view the output information banner information [view]
    • Optimized the abnormal launching program mechanism
    • Optimized the field information output by the info command
    • Support the execution of system commands
    • Optimized the host collision mechanism
    • Optimized the problem of incomplete information display on the mac system
    opened by wikiZ 0
  • kunyu cconsole报错

    kunyu cconsole报错

    Kunyu (ZoomEye) > info *** Error in `/usr/local/bin/python3': double free or corruption (out): 0x00007fc648294f20 网上找了好久解决办法没找到,似乎是我的python问题,问问大佬有解决办法吗,人麻了

    opened by xiaoheiccc 0
  •  Encountered error while trying to install package. ╰─> mmh3

    Encountered error while trying to install package. ╰─> mmh3

    安装环境总是提示 这个,请问如何解决呀?

    Running setup.py install for mmh3 ... error error: subprocess-exited-with-error

    × Running setup.py install for mmh3 did not run successfully. │ exit code: 1 ╰─> [11 lines of output] [end of output]

    note: This error originates from a subprocess, and is likely not a problem with pip. error: legacy-install-failure

    × Encountered error while trying to install package. ╰─> mmh3

    note: This is an issue with the package mentioned above, not pip. hint: See above for output from the failure.

    opened by hanzhen668 9
  • error: pyee 7.0.3 is installed but pyee<9.0.0,>=8.1.0 is required by {'pyppeteer'} Kunyu 1.7.0报错解决方式

    error: pyee 7.0.3 is installed but pyee<9.0.0,>=8.1.0 is required by {'pyppeteer'} Kunyu 1.7.0报错解决方式

    出现这个报错,是因为Kunyu依赖模块pyee的版本问题,可以修改requirements.txt文件中pyee==版本的方式解决

    error: pyee 7.0.3 is installed but pyee<9.0.0,>=8.1.0 is required by {'pyppeteer'}

    这里可以看到上述的报错种描述道小于9.0.0大于等于8.1.0版本的模块可以运行,我们可以指定为这个区间任意版本,例如:

    pyee==8.2.0

    opened by wikiZ 0
Releases(v1.7.2)
  • v1.7.2(Apr 21, 2022)

  • v1.7.1(Mar 23, 2022)

  • v1.7.0(Mar 21, 2022)

  • v1.6.5(Feb 28, 2022)

  • v1.6.4(Jan 4, 2022)

  • v1.6.3(Dec 22, 2021)

  • 1.6.2(Dec 13, 2021)

    2021-12-11

    Added

    • Add the function of creating asset distribution map
    • Optimized the dependency package version
    • Added the configuration of hosts crash Serverless scan
    Source code(tar.gz)
    Source code(zip)
  • v1.6.1(Nov 22, 2021)

    2021-11-20

    Added

    • Optimized the issue of CTRL+C exiting the program when executing system commands
    • The stype parameter is added, and the data type can be set to IPV4 or IPV6
    • Added the views command to get the original information of the SSL certificate [views]
    Source code(tar.gz)
    Source code(zip)
  • v.1.6.0(Nov 15, 2021)

    2021-11-12

    Added

    • Brand new style heading
    • Add Custom timeout options [timeout]
    • Add Raw data sensitive information matching [SearchKeyWord]
    • Added a command to view the output information banner information [view]
    • Optimized the abnormal launching program mechanism
    • Optimized the field information output by the info command
    • Support the execution of system commands
    • Optimized the host collision mechanism
    • Optimized the problem of incomplete information display on the mac system
    Source code(tar.gz)
    Source code(zip)
  • v1.5.1(Oct 22, 2021)

  • v1.5(Oct 20, 2021)

    2021-10-20

    Added

    • Optimized the HOSTS collision function
    • Add HOSTS collision cross collision function
    • Increase the output file path customization function
    Source code(tar.gz)
    Source code(zip)
  • v1.4(Sep 6, 2021)

    2021-9-4

    Added

    • Modify the POC storage directory of the pocsuite module
    • Add HOST collision function
    • Example Change the output result set LAT and LON to Update time
    • Refactor part of the code
    Source code(tar.gz)
    Source code(zip)
  • v1.3(Aug 13, 2021)

    2021-8-12

    Added

    • Calculate hex/base64/mmh3/md5 Command : [EncodeHash]
    • Optimized the problem of red font garbled output in the terminal
    • Added public method of encode function
    • Support calling pocsuite components
    Source code(tar.gz)
    Source code(zip)
  • 1.2(Aug 3, 2021)

    2021-8-2

    Added

    • optimizedthe problem of outputting an empty table when no data is returned
    • optimized the problem that no data is returned when the number of parameters in the page is exceeded
    • update Use mmh3 encoding when querying iconhash
    • add Output the current icon query statement
    • update User credentials are saved as hidden files
    Source code(tar.gz)
    Source code(zip)
  • v1.1(Jul 28, 2021)

Owner
Knownsec, Inc.
Knownsec, Inc.
Generate obfuscated meterpreter shells

Generator Evade AV with obfuscated payloads Installation must install dotnet prior to running the script with net45 Running ./generator.py -ip Your-I

Fawaz Al-Mutairi 219 Nov 28, 2022
Operational information regarding the vulnerability in the Log4j logging library.

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
Python HDFS client

Python HDFS client Because the world needs yet another way to talk to HDFS from Python. Usage This library provides a Python client for WebHDFS. NameN

Jing Wang 82 Dec 28, 2022
Script for automatic dump and brute-force passwords using Volatility Framework

Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

whoamins 11 Apr 11, 2022
Hadoop Yan RPC unauthorized RCE

Vuln Impact On November 15, 2021, A security researcher disclosed that there was an unauthorized access vulnerability in Hadoop yarn RPC. This vulnera

Al1ex 25 Nov 24, 2022
Open source vulnerability DB and triage service.

OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

Google 893 Jan 04, 2023
A tool to extract the IdP cert from vCenter backups and log in as Administrator

vCenter SAML Login Tool A tool to extract the Identity Provider (IdP) cert from vCenter backups and log in as Administrator Background Commonly, durin

Horizon 3 AI Inc 343 Dec 31, 2022
This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking 💣 Note: you can use this pa

Sina.f 13 Dec 08, 2022
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

东方有鱼名为咸 135 Dec 14, 2022
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Python Code Quality Authority 4.8k Dec 31, 2022
Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

Brayden Karnes 1 Dec 03, 2021
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022
CVE-2021-21972

CVE-2021-21972 % python3 /tmp/CVE_2021_21972.py -i /tmp/urls.txt -n 8 -e [*] Creating tmp.tar containing ../../../../../home/vsphere-ui/.ssh/authoriz

Keith Lee 30 Nov 19, 2022
A Python Scanner for log4j

log4j-Scanner scanner for log4j cat web-urls.txt | python3 log4j.py ID.burpcollaborator.net web-urls.txt http://127.0.0.1:8080 https://www.google.c

Ihebski 5 Jun 26, 2022
FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

$ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

Neon 24 Dec 10, 2021
OpenPort scanner GUI tool (CNMAP)

CNMAP-GUI- OpenPort scanner GUI tool (CNMAP) as you know it is the advanced tool to find open port, firewalls and we also added here heartbleed scanni

9 Mar 05, 2022
A security system to warn you when people enter your room 🎥

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
An auxiliary tool for iot vulnerability hunter

firmeye - IoT固件漏洞挖掘工具 firmeye 是一个 IDA 插件,基于敏感函数参数回溯来辅助漏洞挖掘。我们知道,在固件漏洞挖掘中,从敏感/危险函数出发,寻找其参数来源,是一种很有效的漏洞挖掘方法,但程序中调用敏感函数的地方非常多,人工分析耗时费力,通过该插件,可以帮助排除大部分的安全

Firmy Yang 171 Nov 28, 2022
Blinder is a tool that will help you simplify the exploitation of blind SQL injection

Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

10 Dec 06, 2022
This is a keylogger in python for Windows, Mac and Linux!

Python-Keylogger This is a keylogger in python for Windows, Mac and Linux! #How to use it by downloading the zip file? Download the zip file first The

Zeus_Dxvxm 2 Nov 12, 2021