Sirius 开源免费的漏扫工具
通用漏洞扫描工具,Scan是业内首款真正开源的,靠信息安全社区的集体技术力,功能上有超越部分商业产品的潜力。它的核心框架含四大关键模块:漏洞数据库、网络扫描引擎、代理发现机制和自定义评估分析
一、安装
推荐通过 Docker 方式安装 Sirius Scan,
具体操作步骤如下:首先克隆项目仓库至本地执行命令拉取源码:
git clone https://github.com/SiriusScan/Sirius.git
# 进入项目根目录
cd Sirius
# 启动 Docker 容器服务
docker compose up -d执行结果
[root@ops-tools-2-252 ~]# git clone https://github.com/SiriusScan/Sirius.git
Cloning into 'Sirius'...
remote: Enumerating objects: 18920, done.
remote: Counting objects: 100% (285/285), done.
remote: Compressing objects: 100% (203/203), done.
remote: Total 18920 (delta 97), reused 200 (delta 75), pack-reused 18635 (from 2)
Receiving objects: 100% (18920/18920), 174.97 MiB | 2.10 MiB/s, done.
Resolving deltas: 100% (10335/10335), done.
[root@ops-tools-2-252 ~]# cd Sirius/
[root@ops-tools-2-252 Sirius]# ll
total 92
-rw-r--r-- 1 root root 409 Sep 28 15:29 cookies.txt
-rw-r--r-- 1 root root 868 Sep 28 15:29 docker-compose.aws.yaml
-rw-r--r-- 1 root root 1024 Sep 28 15:29 docker-compose.local.example.yaml
-rw-r--r-- 1 root root 3087 Sep 28 15:29 docker-compose.override.yaml
-rw-r--r-- 1 root root 1113 Sep 28 15:29 docker-compose.production.yaml
-rw-r--r-- 1 root root 649 Sep 28 15:29 docker-compose.prod.yml
-rw-r--r-- 1 root root 3693 Sep 28 15:29 docker-compose.staging.yaml
-rw-r--r-- 1 root root 3426 Sep 28 15:29 docker-compose.user.yaml
-rw-r--r-- 1 root root 4933 Sep 28 15:29 docker-compose.yaml
drwxr-xr-x 4 root root 4096 Sep 28 15:29 documentation
drwxr-xr-x 2 root root 50 Sep 28 15:29 environments
-rwxr-xr-x 1 root root 1067 Sep 28 15:29 LICENSE
drwxr-xr-x 2 root root 27 Sep 28 15:29 rabbitmq
-rw-r--r-- 1 root root 3231 Sep 28 15:29 README.deployment.md
-rw-r--r-- 1 root root 4644 Sep 28 15:29 README-DEVELOPMENT.md
-rwxr-xr-x 1 root root 20935 Sep 28 15:29 README.md
drwxr-xr-x 4 root root 4096 Sep 28 15:29 scripts
drwxr-xr-x 6 root root 184 Sep 28 15:29 sirius-api
drwxr-xr-x 3 root root 151 Sep 28 15:29 sirius-engine
drwxr-xr-x 7 root root 4096 Sep 28 15:29 sirius-ui
drwxr-xr-x 2 root root 201 Sep 28 15:29 tasks
drwxr-xr-x 5 root root 66 Sep 28 15:29 templates
[root@ops-tools-2-252 Sirius]# docker compose up -d
[+] Running 23/23
✔ sirius-rabbitmq Pulled 69.2s
✔ 8176e34d5d92 Pull complete 44.6s
✔ 26aa5c2fc28c Pull complete 45.2s
✔ 5a6866d83ad7 Pull complete 45.2s
✔ 424ad5823c0c Pull complete 45.3s
✔ d23f7e6945ef Pull complete 45.4s
✔ 2983462f8b69 Pull complete 63.2s
✔ 967a9b528d24 Pull complete 64.0s
✔ 8d0036e245ae Pull complete
.........
=> [sirius-engine development 15/20] COPY .air.toml .air.toml 0.1s
=> [sirius-engine development 16/20] COPY start.sh /start.sh 0.1s
=> [sirius-engine development 17/20] COPY start-enhanced.sh /start-enhanced.sh 0.0s
=> [sirius-engine development 18/20] COPY apps/ /engine/apps/ 0.1s
=> [sirius-engine development 19/20] RUN if [ -f /engine/apps/app-scanner/manifest.json ]; then mkdir -p /opt/sirius/nse/sirius-nse && cp /e 0.3s
=> [sirius-engine development 20/20] RUN dos2unix /start.sh /start-enhanced.sh && chmod +x /start.sh /start-enhanced.sh 0.4s
=> [sirius-engine] exporting to image 81.2s
=> => exporting layers 81.1s
=> => writing image sha256:c834afd227a90b85897887cec5a6869a3de610f89dc230392b2606275fedcf9a 0.0s
=> => naming to docker.io/library/sirius-sirius-engine 0.0s
[+] Running 11/11
✔ Network sirius Created 0.2s
✔ Volume "sirius_valkey_data" Created 0.0s
✔ Volume "sirius_node_modules" Created 0.0s
✔ Volume "sirius_rabbitmq_data" Created 0.0s
✔ Volume "sirius_postgres_data" Created 0.0s
✔ Container sirius-valkey Started 19.4s
✔ Container sirius-postgres Started 19.3s
✔ Container sirius-rabbitmq Started 19.3s
✔ Container sirius-ui Started 19.4s
✔ Container sirius-engine Started 19.4s
✔ Container sirius-api Started 19.3s
[root@ops-tools-2-252 Sirius]# 安装完成
查看启动情况
[root@ops-tools-2-252 Sirius]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8582c416b3f3 sirius-sirius-engine "/start-enhanced.sh" 7 minutes ago Restarting (0) 44 seconds ago sirius-engine
3e5122f4e034 sirius-sirius-api "sh -c 'cd /api && g..." 7 minutes ago Up 3 minutes 0.0.0.0:9001->9001/tcp, :::9001->9001/tcp sirius-api
678373a05528 sirius-sirius-ui "docker-entrypoint.s..." 7 minutes ago Up 7 minutes 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp sirius-ui
8e63498e7b62 valkey/valkey:latest "docker-entrypoint.s..." 7 minutes ago Up 7 minutes 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp sirius-valkey
1d49fa1d6f57 rabbitmq:3.7.3-management "docker-entrypoint.s..." 7 minutes ago Up 7 minutes 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, :::5672->5672/tcp, 15671/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp, :::15672->15672/tcp sirius-rabbitmq
200814b488f7 postgres:15-alpine "docker-entrypoint.s..." 7 minutes ago Up 7 minutes 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp sirius-postgres二、问题处理
安装中遇到很多问题,主要就是网络不通(都懂的)
报错:
sirius-engine development 4/20\] RUN go install github.com/air-verse/air@v1.52.3: 30.24 go: github.com/air-verse/air@v1.52.3: github.com/air-verse/air@v1.52.3: Get "https://proxy.golang.org/github.com/air-verse/air/@v/v1.52.3.info": dial tcp 142.250.198.81:443: i/o timeout
failed to solve: process "/bin/sh -c go install github.com/air-verse/air@v1.52.3" did not complete successfully: exit code: 1
解决办法:
报错的核心是 go install github.com/air-verse/air@v1.52.3 时访问 https://proxy.golang.org 超时,原因一般是网络问题(国内环境经常被墙)
1、关闭 Go Proxy,直接走 GitHub
在 Dockerfile 的 RUN go install ... 前加上:
ENV GOPROXY=https://goproxy.cn,direct
修改Dockerfile
/root/Sirius/sirius-engine/Dockerfile
Install air for live reloading (compatible version with Go 1.23)
RUN go install github.com/air-verse/air@v1.52.3
大概在88行这里
前面加上
ENV GOPROXY=https://goproxy.cn,direct
重新运行
docker compose up -d
2、如果直接走 GitHub不行 替换如下
#RUN git clone https://hub.fastgit.org/SiriusScan/app-scanner.git \
RUN git clone https://gitclone.com/github.com/SiriusScan/app-scanner.git
&& cd app-scanner \
&& git checkout main \
&& go mod download \
&& CGO_ENABLED=1 GOOS=linux go build -ldflags="-w -s" -o scanner main.go
3、如果还是报错,加代理
编辑dockerfile
ENV GOPROXY=https://mirrors.aliyun.com/goproxy/,direct
ENV GOSUMDB=off
RUN git clone https://gitclone.com/github.com/SiriusScan/app-scanner.git && \
cd app-scanner && \
git checkout main && \
go mod download && \
CGO_ENABLED=1 GOOS=linux go build -ldflags="-w -s" -o scanner main.go
4、sirius-sirius-engine 不停的重启的问题
[root@ops-tools-2-252 sirius-engine]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e2501cdf09bc sirius-sirius-api "sh -c 'cd /api && g..." 39 minutes ago Up 3 minutes 0.0.0.0:9001->9001/tcp, :::9001->9001/tcp sirius-api
c4cfb6069495 sirius-sirius-engine "/start-enhanced.sh" 39 minutes ago Restarting (0) 33 seconds ago sirius-engine
d438de48f910 sirius-sirius-ui "docker-entrypoint.s..." 39 minutes ago Up 39 minutes 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp sirius-ui
0499ab2e452b rabbitmq:3.7.3-management "docker-entrypoint.s..." 39 minutes ago Up 39 minutes 4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, :::5672->5672/tcp, 15671/tcp, 25672/tcp, 0.0.0.0:15672->15672/tcp, :::15672->15672/tcp sirius-rabbitmq
cedfb34a00c8 postgres:15-alpine "docker-entrypoint.s..." 39 minutes ago Up 39 minutes 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp sirius-postgres
4f9e1d1be399 valkey/valkey:latest "docker-entrypoint.s..." 39 minutes ago Up 39 minutes 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp sirius-valkey
[root@ops-tools-2-252 sirius-engine]#
在 app-terminal 的构建步骤中添加 Go 代理设置:
dockerfile
# Clone app-terminal
RUN git clone https://gitclone.com/github.com/SiriusScan/app-terminal.git && \
cd app-terminal && \
git checkout ${APP_TERMINAL_COMMIT_SHA} && \
sed -i '/replace.*github.com\/SiriusScan\/go-api/d' go.mod && \
GOPROXY=https://mirrors.aliyun.com/goproxy/,direct GOSUMDB=off go mod tidy && \
GOPROXY=https://mirrors.aliyun.com/goproxy/,direct GOSUMDB=off go mod download && \
CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o terminal cmd/main.go三、访问方式
安装完成后, 在浏览器中打开http://192.168.2.252:3000
初始用户名和密码:admin:password
