ClawHub

Fofa Search v1.0

v1.0.0

用于调用 FOFA OpenAPI 进行批量检索并导出 CSV/JSON。用户提到 FOFA、资产测绘、批量查询、自动翻页、导出 CSV、key+查询语句等需求时优先加载本 skill。

0· 22·0 current·0 all-time
bybigass@biglizi775
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe FOFA batch search and export; the included CLI implements exactly that using only the requests library. Minor mismatch: the skill metadata declares no required environment variables, while the SKILL.md and examples recommend providing a FOFA API key (FOFA_KEY) to run the tool. Functionally this is consistent (the CLI accepts --key) but the metadata omission is worth noting.
Instruction Scope
SKILL.md instructs how to run the bundled CLI, create a venv, install requests, and pass a key and query. The runtime instructions and code stay within scope: they only call the FOFA API (configurable base_url), process results, and write CSV/JSON files. The script prompts for input in interactive mode and does not read unrelated system files or secrets.
Install Mechanism
No automated install spec is provided (instruction-only). The recommended installation is to pip install the single dependency from scripts/requirements.txt (requests), which is proportional and low-risk.
Credentials
The tool legitimately needs a FOFA API key to function, but the skill metadata does not declare any required env vars or a primary credential. The SKILL.md recommends injecting FOFA_KEY via environment variables or passing it on the CLI. One additional consideration: the CLI exposes a --base-url flag, so if a user (or an automated process) supplies a malicious base URL, the FOFA key would be sent to that endpoint — this is expected behavior for a configurable client but is a potential misuse vector if the base URL is untrusted.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request elevated persistence or modify other skills or system-wide settings. It writes output files only to user-specified paths.
Assessment
This skill appears to do what it says: run FOFA queries and export results. Before installing, note that you will need a FOFA API key (the metadata did not declare this explicitly). Prefer passing the key at runtime (e.g., via environment variable expansion) rather than committing it to source control. Use the default base URL unless you trust the alternative — supplying a custom --base-url will send your key and queries to that endpoint. Run the tool in a virtual environment and test with small sample queries first. If you plan to let an agent invoke this skill autonomously, ensure the agent cannot override the base URL or leak the API key to untrusted destinations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d20856skg9cmahxqk4tqyex856kg2
22downloads
0stars
1versions
Updated 10h ago
v1.0.0
MIT-0
bigass@biglizi775
latest
Download

FOFA Search Use

First

  • 目标是让用户只提供 keyquery 就能检索并导出数据。
  • 脚本自动选择翻页策略:
    1. 优先 search/next
    2. 不支持时回退 search/all?page
  • 默认导出 CSV,可选导出 JSON
  • 本 skill 不依赖固定机器路径,整个文件夹可直接复制到任意项目使用。

入口脚本

  • 主脚本:scripts/fofa_search_cli.py
  • 运行方式:
    • AI 无交互推荐:
      • python3 scripts/fofa_search_cli.py --no-interactive --key "$FOFA_KEY" --query 'title="test"' --output-file results.csv --json-output
    • 兼容交互:
      • python3 scripts/fofa_search_cli.py

环境与安装(可移植)

  • 推荐虚拟环境:
    • python3 -m venv .venv
    • source .venv/bin/activate(Windows PowerShell: .venv\Scripts\Activate.ps1
    • pip install -r scripts/requirements.txt
  • 最小依赖文件:scripts/requirements.txt

参数说明

  • --key:FOFA API key
  • --query:FOFA 查询语句
  • --fields:返回字段,默认 host,ip,port,protocol,title
  • --max-records:最大导出条数,默认 1000
  • --page-size:每页请求数量,默认 10000(最大 10000
  • --output-file:CSV 文件名,默认 fofa_results.csv
  • --json-output:额外导出 JSON
  • --base-url:FOFA 地址,默认 https://fofa.info
  • --no-interactive:禁止交互输入,缺参直接报错

推荐执行策略

  • 先用小样本测试语句(如 --max-records 10)。
  • 字段尽量精简,减少无效数据和消耗。
  • 大批量导出时优先使用无交互参数模式,便于自动化和复现。

CSV 导出帮助

  • 自定义导出字段:使用 --fields,字段顺序即 CSV 列顺序。
  • 常用字段示例:host,ip,port,protocol,title,country,city,server
  • 无交互导出示例:
    • python3 scripts/fofa_search_cli.py --no-interactive --key "$FOFA_KEY" --query 'title="test"' --fields "ip,port,host,title,country,city" --max-records 500 --page-size 100 --output-file fofa_custom.csv
  • 交互导出要点:
    • 运行脚本后在 fields 提示中输入逗号分隔字段。
    • 如果某列为空,CSV 中对应单元格会保留空值,这是正常现象。
  • Excel 打开乱码处理:
    • 脚本默认用 utf-8-sig 写出 CSV,通常可直接被 Excel 正确识别。
    • 若仍异常,导入时手动选择 UTF-8 编码。

安全注意事项

  • 不要把真实 key 写入仓库文件或提交历史。
  • 推荐通过环境变量注入:FOFA_KEY
  • 必须持久化时使用本地安全存储,不要明文保存在代码库。

Comments

Loading comments...