Skip to content

建议:用SQLite/PostgreSQL+REST API替代Excel中心化的报告 #181

Description

@hmkklol

你好 @0x727

ShuiZe的Excel报告非常直观,但在自动化和规模化使用中存在局限:

当前问题:

  • .xlsx格式难以被程序解析和处理
  • 无法同时查询多个项目的历史数据
  • 团队协作时频繁传递文件效率低
  • 无法与其他系统集成

建议:增加数据库后端

实现方式:

  1. 增加--db参数支持两种数据库:
    python3 ShuiZe.py -d example.com --db sqlite:///shuize.db
    python3 ShuiZe.py -d example.com --db postgresql://user:pass@host/shuize
  2. 数据库Schema设计:
    CREATE TABLE domains (id, root_domain, discovered_at);
    CREATE TABLE subdomains (id, domain, root_domain, ips, cdn, sources);
    CREATE TABLE ips (id, ip, subnet, geo, reverse_domains);
    CREATE TABLE ports (id, ip, port, protocol, service, banner);
    CREATE TABLE vulns (id, target, vuln_name, severity, proof, scanner);
    CREATE TABLE web_titles (id, url, title, server, status_code);
    CREATE TABLE certificates (id, domain, issuer, subject, san_list);
  3. 提供FastAPI只读API用于查询资产

保留Excel导出:
作为可选功能保留,满足需要下载查看的场景。

这个改动会让ShuiZe从个人工具升级为团队资产平台。

[English Translation / 英文摘要]

Hi maintainers, this issue is a feature / architecture / security suggestion for 10_ShuiZe.
The Chinese text above contains the detailed proposal with technical context and implementation ideas.
In summary: we are requesting the enhancement described above and would be happy to provide PRs or further discussion in either Chinese or English.
Thank you for the excellent work on this project!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions