Koko-moni is an attack surface management platform that aggregates and cleans asset data from multiple cyberspace search engines to enable timely asset discovery and risk assessment.
一个基于网络空间搜索引擎的攻击面管理平台,可定时进行资产信息爬取,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行去重与清洗
Security professionals and vulnerability managers use koko-moni to continuously monitor and discover new assets across their network by leveraging data from various search engines like Fofa, Hunter, Quake, Zoomeye, and Threatbook. This helps organizations maintain an updated inventory of assets and identify potential vulnerabilities early.
Users need to obtain and configure API keys for each integrated search engine to fully utilize the tool. Proper scheduling setup is recommended to maintain up-to-date asset information. Data cleaning is essential to avoid redundant or stale asset entries.
Clone the repository: git clone https://github.com/burpheart/koko-moni.git
Navigate to the project directory: cd koko-moni
Install required dependencies as per the README (not explicitly provided, likely Python or Go environment setup)
Configure API keys for integrated data sources (Fofa, Hunter, Quake, Zoomeye, Threatbook)
Run the tool using provided scripts or CLI commandspython koko-moni.py --start
Start the asset crawling and aggregation process
python koko-moni.py --schedule
Set up scheduled tasks for periodic asset discovery
python koko-moni.py --clean
Perform data de-duplication and cleaning on collected asset data