Li Base Scan
by @43622283
Linux base security scanner integrating multiple tools - nmap, lynis, nikto, sqlmap, trivy. SINGLE HOST ONLY. Features secure temp files, progress bar, scan...
clawhub install li-base-scan📖 About This Skill
name: li-base-scan description: Linux base security scanner integrating multiple tools - nmap, lynis, nikto, sqlmap, trivy. SINGLE HOST ONLY. Features secure temp files, progress bar, scan history, report export. Comprehensive security baseline scanning with hardened implementation. license: MIT metadata: author: 北京老李 (Beijing Lao Li) version: "0.0.2" tags: [security, scanning, nmap, linux, audit]
Li Base Scan v0.0.2 - Linux安全基线扫描器 / Linux Security Baseline Scanner
作者 Author: 北京老李 (Beijing Lao Li) 版本 Version: 0.0.2 许可证 License: MIT
🌐 Language / 语言
中文文档 Chinese Docs
⚠️ 安全限制 - 重要
本工具仅支持单主机扫描,出于安全考虑,以下输入会被拒绝:
允许的目标格式:
192.168.1.1scanme.nmap.org127.0.0.1, localhost概述
Li Base Scan 是一个集成多种安全工具的Linux基线扫描器,v0.0.2版本包含以下增强功能:
集成工具
| 工具 | 功能 | 扫描类型 | |------|------|----------| | nmap | 端口扫描、服务识别 | 网络层 | | lynis | 系统安全审计 | 主机层 | | nikto | Web漏洞扫描 | 应用层 | | sqlmap | SQL注入测试 | 应用层 | | trivy | 容器/文件系统漏洞 | 多层 |
扫描模式
#### 1. Quick Scan (快速扫描)
快速扫描 127.0.0.1
#### 2. Standard Scan (标准扫描)
标准扫描 127.0.0.1
#### 3. Full Scan (完整扫描)
完整扫描 127.0.0.1
完整扫描 127.0.0.1 包含web
#### 4. Web Focused (Web专项)
web扫描 http://localhost
扫描网站 http://example.com
#### 5. Compliance (合规检查)
合规扫描 127.0.0.1
基线检查 localhost
#### 6. Stealth (隐蔽扫描) [v0.0.2新增]
隐蔽扫描 192.168.1.1
慢速扫描 target.com
对话输入示例
#### 基础命令
"快速扫描 192.168.1.1"
"标准扫描 localhost"
"检查系统安全"
"扫描网站 http://localhost:8080"
"完整安全评估 127.0.0.1"
"基线扫描"
"隐蔽扫描 10.0.0.1"
#### LLM 交互式对话
"扫描 example.com 并检查SQL注入"
"发现什么漏洞?"
"给我修复建议"
"导出HTML报告"
"系统加固情况如何?"
"Web应用有什么问题?"
命令行使用
#### 基本扫描
# 快速扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick标准扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard完整扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode full
#### 对话模式
python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"
#### 导出报告 [v0.0.2新增]
# 导出Markdown报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown导出JSON报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json生成HTML报告(通过entrypoint)
python3 scripts/entrypoint.py '{"target": "127.0.0.1", "tools": ["nmap", "lynis"], "format": "html"}'
#### 查看历史 [v0.0.2新增]
python3 scripts/li_base_scan.py --history
#### JSON输出
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json
输出格式
#### 控制台报告
#### 导出文件 [v0.0.2新增]
报告保存在: /root/.openclaw/skills/li-base-scan/reports/
scan__.md - Markdown格式scan__.json - JSON格式#### 历史记录 [v0.0.2新增]
数据库位置: /root/.openclaw/skills/li-base-scan/history.db
v0.0.2 安全增强
#### 1. 安全临时文件
# 使用tempfile.NamedTemporaryFile代替硬编码路径
with tempfile.NamedTemporaryFile(mode='w', suffix='.json',
delete=False, dir='/tmp') as f:
temp_file = f.name
os.chmod(temp_file, 0o600) # 限制权限
#### 2. 完善的超时处理
# 子进程超时后正确终止
proc.terminate()
try:
proc.wait(timeout=5)
except subprocess.TimeoutExpired:
proc.kill()
#### 3. 错误信息脱敏
# 不暴露内部实现细节
return {"error": "扫描执行失败", "tool": "nmap"}
详细错误记录到日志
logger.error(f"Nmap scan failed")
#### 4. 审计日志
日志位置: /var/log/li-base-scan.log
2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4
依赖工具
# 安装所有依赖
apt-get update
apt-get install -y nmap lynis nikto sqlmaptrivy安装
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
使用建议
#### 快速检查 (日常)
python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"
#### 定期深度扫描 (每周)
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown
#### Web应用测试
python3 scripts/li_base_scan.py http://localhost:8080 --mode web
#### 查看历史趋势
python3 scripts/li_base_scan.py --history
安全警告
⚠️ 仅扫描您拥有或获得明确授权的系统!
故障排除
#### 扫描超时
# 增加超时时间
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600
#### 禁用进度条
# JSON输出或禁用进度
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress
#### 查看日志
tail -f /var/log/li-base-scan.log
English Documentation
⚠️ Security Restrictions - Important
This tool supports SINGLE HOST scanning only. The following inputs are REJECTED for security reasons:
Allowed target formats:
192.168.1.1scanme.nmap.org127.0.0.1, localhostOverview
Li Base Scan is a Linux security baseline scanner integrating multiple tools. Version 0.0.2 includes:
Integrated Tools
| Tool | Function | Scan Type | |------|----------|-----------| | nmap | Port scanning, service detection | Network Layer | | lynis | System security audit | Host Layer | | nikto | Web vulnerability scanning | Application Layer | | sqlmap | SQL injection testing | Application Layer | | trivy | Container/filesystem vulnerabilities | Multi-layer |
Scan Modes
#### 1. Quick Scan
quick scan 127.0.0.1
#### 2. Standard Scan
standard scan 127.0.0.1
#### 3. Full Scan
full scan 127.0.0.1
#### 4. Web Focused
web scan http://localhost
scan website http://example.com
#### 5. Compliance
compliance scan 127.0.0.1
baseline check localhost
#### 6. Stealth [v0.0.2 New]
stealth scan 192.168.1.1
slow scan target.com
Command Line Usage
#### Basic Scanning
# Quick scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode quickStandard scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode standardFull scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode full
#### Conversation Mode
python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"
#### Export Reports [v0.0.2 New]
# Export Markdown report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdownExport JSON report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json
#### View History [v0.0.2 New]
python3 scripts/li_base_scan.py --history
#### JSON Output
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json
Output Format
#### Console Report
#### Exported Files [v0.0.2 New]
Reports saved to: /root/.openclaw/skills/li-base-scan/reports/
scan__.md - Markdown formatscan__.json - JSON format#### History [v0.0.2 New]
Database location: /root/.openclaw/skills/li-base-scan/history.db
v0.0.2 Security Enhancements
#### 1. Secure Temp Files
# Use tempfile.NamedTemporaryFile instead of hardcoded paths
with tempfile.NamedTemporaryFile(mode='w', suffix='.json',
delete=False, dir='/tmp') as f:
temp_file = f.name
os.chmod(temp_file, 0o600) # Restrict permissions
#### 2. Proper Timeout Handling
# Properly terminate subprocess after timeout
proc.terminate()
try:
proc.wait(timeout=5)
except subprocess.TimeoutExpired:
proc.kill()
#### 3. Error Sanitization
# Don't expose internal implementation details
return {"error": "Scan execution failed", "tool": "nmap"}
Log detailed errors
logger.error(f"Nmap scan failed")
#### 4. Audit Logging
Log location: /var/log/li-base-scan.log
2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4
Dependencies
# Install all dependencies
apt-get update
apt-get install -y nmap lynis nikto sqlmapInstall trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
Usage Recommendations
#### Quick Check (Daily)
python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"
#### Periodic Deep Scan (Weekly)
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown
#### Web Application Testing
python3 scripts/li_base_scan.py http://localhost:8080 --mode web
#### View History Trends
python3 scripts/li_base_scan.py --history
Security Warning
⚠️ Only scan systems you own or have explicit authorization to scan!
Troubleshooting
#### Scan Timeout
# Increase timeout
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600
#### Disable Progress Bar
# JSON output or disable progress
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress
#### View Logs
tail -f ~/.openclaw/logs/li-base-scan.log
📞 Contact / 联系方式
Author: 北京老李 (Beijing Lao Li) Email: (请添加您的邮箱) GitHub: (请添加您的GitHub链接)
*Made with ❤️ by 北京老李 (Beijing Lao Li)*
📋 Tips & Best Practices
#### Scan Timeout
# Increase timeout
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600
#### Disable Progress Bar
# JSON output or disable progress
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress
#### View Logs
tail -f ~/.openclaw/logs/li-base-scan.log