ClawHub

Li Base Scan

Security

Linux base security scanner integrating multiple tools - nmap, lynis, nikto, sqlmap, trivy. SINGLE HOST ONLY. Features secure temp files, progress bar, scan history, report export. Comprehensive security baseline scanning with hardened implementation.

Install

openclaw skills install li-base-scan

Li Base Scan v0.0.2 - Linux安全基线扫描器 / Linux Security Baseline Scanner

作者 Author: 北京老李 (Beijing Lao Li)
版本 Version: 0.0.2
许可证 License: MIT

🌐 Language / 语言

<a name="中文文档-chinese-docs"></a>

中文文档 Chinese Docs

⚠️ 安全限制 - 重要

本工具仅支持单主机扫描,出于安全考虑,以下输入会被拒绝:

  • ❌ CIDR网段 (如 192.168.1.0/24)
  • ❌ IP范围 (如 192.168.1.1-254)
  • ❌ 多目标 (如 192.168.1.1,192.168.1.2)

允许的目标格式:

  • ✅ 单个IP: 192.168.1.1
  • ✅ 域名: scanme.nmap.org
  • ✅ 本地地址: 127.0.0.1, localhost

概述

Li Base Scan 是一个集成多种安全工具的Linux基线扫描器,v0.0.2版本包含以下增强功能:

  • 网络安全 - 使用安全临时文件、完善超时处理、错误脱敏
  • 进度显示 - 实时进度条显示扫描进度
  • 历史记录 - SQLite数据库存储扫描历史
  • 报告导出 - 支持Markdown和JSON格式导出
  • AI分析 - 自动生成AI分析请求区块

集成工具

工具功能扫描类型
nmap端口扫描、服务识别网络层
lynis系统安全审计主机层
niktoWeb漏洞扫描应用层
sqlmapSQL注入测试应用层
trivy容器/文件系统漏洞多层

扫描模式

1. Quick Scan (快速扫描)

快速扫描 127.0.0.1
  • 工具: nmap
  • 时间: ~30秒
  • 用途: 快速了解开放端口

2. Standard Scan (标准扫描)

标准扫描 127.0.0.1
  • 工具: nmap + lynis
  • 时间: 2-5分钟
  • 用途: 端口+系统配置审计

3. Full Scan (完整扫描)

完整扫描 127.0.0.1
完整扫描 127.0.0.1 包含web
  • 工具: nmap + lynis + trivy
  • 时间: 5-10分钟
  • 用途: 全面安全评估

4. Web Focused (Web专项)

web扫描 http://localhost
扫描网站 http://example.com
  • 工具: nmap + nikto
  • 时间: 2-3分钟
  • 用途: Web应用安全检测

5. Compliance (合规检查)

合规扫描 127.0.0.1
基线检查 localhost
  • 工具: lynis + trivy
  • 时间: 3-5分钟
  • 用途: CIS基线合规检查

6. Stealth (隐蔽扫描) [v0.0.2新增]

隐蔽扫描 192.168.1.1
慢速扫描 target.com
  • 工具: nmap (stealth模式)
  • 时间: 5-10分钟
  • 用途: 避免IDS/IPS检测

对话输入示例

基础命令

"快速扫描 192.168.1.1"
"标准扫描 localhost"
"检查系统安全"
"扫描网站 http://localhost:8080"
"完整安全评估 127.0.0.1"
"基线扫描"
"隐蔽扫描 10.0.0.1"

LLM 交互式对话

"扫描 example.com 并检查SQL注入"
"发现什么漏洞?"
"给我修复建议"
"导出HTML报告"
"系统加固情况如何?"
"Web应用有什么问题?"

命令行使用

基本扫描

# 快速扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick

# 标准扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard

# 完整扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode full

对话模式

python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"

导出报告 [v0.0.2新增]

# 导出Markdown报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

# 导出JSON报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json

# 生成HTML报告(通过entrypoint)
python3 scripts/entrypoint.py '{"target": "127.0.0.1", "tools": ["nmap", "lynis"], "format": "html"}'

查看历史 [v0.0.2新增]

python3 scripts/li_base_scan.py --history

JSON输出

python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json

输出格式

控制台报告

  • 执行摘要 - 整体风险评级
  • 网络发现 - nmap端口扫描结果
  • 系统审计 - lynis合规评分和建议
  • Web安全 - nikto发现的Web漏洞
  • 漏洞清单 - trivy发现的CVE
  • 修复建议 - 按优先级排序的行动项
  • AI分析区块 - 供大模型分析的原始数据

导出文件 [v0.0.2新增]

报告保存在: /root/.openclaw/skills/li-base-scan/reports/

  • scan_<hash>_<timestamp>.md - Markdown格式
  • scan_<hash>_<timestamp>.json - JSON格式

历史记录 [v0.0.2新增]

数据库位置: /root/.openclaw/skills/li-base-scan/history.db

v0.0.2 安全增强

1. 安全临时文件

# 使用tempfile.NamedTemporaryFile代替硬编码路径
with tempfile.NamedTemporaryFile(mode='w', suffix='.json', 
                                 delete=False, dir='/tmp') as f:
    temp_file = f.name
os.chmod(temp_file, 0o600)  # 限制权限

2. 完善的超时处理

# 子进程超时后正确终止
proc.terminate()
try:
    proc.wait(timeout=5)
except subprocess.TimeoutExpired:
    proc.kill()

3. 错误信息脱敏

# 不暴露内部实现细节
return {"error": "扫描执行失败", "tool": "nmap"}
# 详细错误记录到日志
logger.error(f"Nmap scan failed")

4. 审计日志

日志位置: /var/log/li-base-scan.log

2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4

依赖工具

# 安装所有依赖
apt-get update
apt-get install -y nmap lynis nikto sqlmap

# trivy安装
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

使用建议

快速检查 (日常)

python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"

定期深度扫描 (每周)

python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

Web应用测试

python3 scripts/li_base_scan.py http://localhost:8080 --mode web

查看历史趋势

python3 scripts/li_base_scan.py --history

安全警告

⚠️ 仅扫描您拥有或获得明确授权的系统!

  • 未经授权的扫描可能违反法律
  • sqlmap测试需谨慎,可能触发WAF/IDS
  • 生产环境请使用--safe-mode避免破坏性测试

故障排除

扫描超时

# 增加超时时间
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600

禁用进度条

# JSON输出或禁用进度
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress

查看日志

tail -f /var/log/li-base-scan.log

<a name="english-documentation"></a>

English Documentation

⚠️ Security Restrictions - Important

This tool supports SINGLE HOST scanning only. The following inputs are REJECTED for security reasons:

  • ❌ CIDR ranges (e.g., 192.168.1.0/24)
  • ❌ IP ranges (e.g., 192.168.1.1-254)
  • ❌ Multiple targets (e.g., 192.168.1.1,192.168.1.2)

Allowed target formats:

  • ✅ Single IP: 192.168.1.1
  • ✅ Domain: scanme.nmap.org
  • ✅ Local address: 127.0.0.1, localhost

Overview

Li Base Scan is a Linux security baseline scanner integrating multiple tools. Version 0.0.2 includes:

  • Security Hardening - Secure temp files, proper timeout handling, error sanitization
  • Progress Display - Real-time progress bar
  • Scan History - SQLite database for scan history
  • Report Export - Markdown and JSON export support
  • AI Analysis - Auto-generated AI analysis blocks

Integrated Tools

ToolFunctionScan Type
nmapPort scanning, service detectionNetwork Layer
lynisSystem security auditHost Layer
niktoWeb vulnerability scanningApplication Layer
sqlmapSQL injection testingApplication Layer
trivyContainer/filesystem vulnerabilitiesMulti-layer

Scan Modes

1. Quick Scan

quick scan 127.0.0.1
  • Tool: nmap
  • Time: ~30 seconds
  • Purpose: Quick port discovery

2. Standard Scan

standard scan 127.0.0.1
  • Tools: nmap + lynis
  • Time: 2-5 minutes
  • Purpose: Port + system configuration audit

3. Full Scan

full scan 127.0.0.1
  • Tools: nmap + lynis + trivy
  • Time: 5-10 minutes
  • Purpose: Comprehensive security assessment

4. Web Focused

web scan http://localhost
scan website http://example.com
  • Tools: nmap + nikto
  • Time: 2-3 minutes
  • Purpose: Web application security detection

5. Compliance

compliance scan 127.0.0.1
baseline check localhost
  • Tools: lynis + trivy
  • Time: 3-5 minutes
  • Purpose: CIS baseline compliance check

6. Stealth [v0.0.2 New]

stealth scan 192.168.1.1
slow scan target.com
  • Tool: nmap (stealth mode)
  • Time: 5-10 minutes
  • Purpose: Avoid IDS/IPS detection

Command Line Usage

Basic Scanning

# Quick scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick

# Standard scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard

# Full scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode full

Conversation Mode

python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"

Export Reports [v0.0.2 New]

# Export Markdown report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

# Export JSON report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json

View History [v0.0.2 New]

python3 scripts/li_base_scan.py --history

JSON Output

python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json

Output Format

Console Report

  • Executive Summary - Overall risk rating
  • Network Discovery - nmap port scan results
  • System Audit - lynis compliance score and recommendations
  • Web Security - Web vulnerabilities found by nikto
  • Vulnerability List - CVEs discovered by trivy
  • Remediation - Prioritized action items
  • AI Analysis Block - Raw data for LLM analysis

Exported Files [v0.0.2 New]

Reports saved to: /root/.openclaw/skills/li-base-scan/reports/

  • scan_<hash>_<timestamp>.md - Markdown format
  • scan_<hash>_<timestamp>.json - JSON format

History [v0.0.2 New]

Database location: /root/.openclaw/skills/li-base-scan/history.db

v0.0.2 Security Enhancements

1. Secure Temp Files

# Use tempfile.NamedTemporaryFile instead of hardcoded paths
with tempfile.NamedTemporaryFile(mode='w', suffix='.json', 
                                 delete=False, dir='/tmp') as f:
    temp_file = f.name
os.chmod(temp_file, 0o600)  # Restrict permissions

2. Proper Timeout Handling

# Properly terminate subprocess after timeout
proc.terminate()
try:
    proc.wait(timeout=5)
except subprocess.TimeoutExpired:
    proc.kill()

3. Error Sanitization

# Don't expose internal implementation details
return {"error": "Scan execution failed", "tool": "nmap"}
# Log detailed errors
logger.error(f"Nmap scan failed")

4. Audit Logging

Log location: /var/log/li-base-scan.log

2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4

Dependencies

# Install all dependencies
apt-get update
apt-get install -y nmap lynis nikto sqlmap

# Install trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

Usage Recommendations

Quick Check (Daily)

python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"

Periodic Deep Scan (Weekly)

python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

Web Application Testing

python3 scripts/li_base_scan.py http://localhost:8080 --mode web

View History Trends

python3 scripts/li_base_scan.py --history

Security Warning

⚠️ Only scan systems you own or have explicit authorization to scan!

  • Unauthorized scanning may violate laws
  • sqlmap tests should be used cautiously, may trigger WAF/IDS
  • Use --safe-mode in production to avoid destructive testing

Troubleshooting

Scan Timeout

# Increase timeout
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600

Disable Progress Bar

# JSON output or disable progress
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress

View Logs

tail -f ~/.openclaw/logs/li-base-scan.log

📞 Contact / 联系方式

Author: 北京老李 (Beijing Lao Li)
Email: (请添加您的邮箱)
GitHub: (请添加您的GitHub链接)

Made with ❤️ by 北京老李 (Beijing Lao Li)

More in Security