{"version":"https://jsonfeed.org/version/1.1","title":"Rain99","home_page_url":"https://blog-rain99-xyz.pages.dev","feed_url":"https://blog-rain99-xyz.pages.dev/json/","description":"<p>再上路</p>","icon":"https://media-cdn.rain99.xyz/blog-rain99-xyz/production/images/channel-14b684493fcc616dc0794e6d3d00a778.jpg","favicon":"https://media-cdn.rain99.xyz/blog-rain99-xyz/production/images/favicon-7964bd562d7ff74c5f14e68b54d0d0a0.jpg","language":"zh-cn","items":[{"id":"04qPH58PTue","title":"集成AI的批量扫描实践","url":"https://blog.rain99.xyz/i/aishijian-04qPH58PTue/","content_html":"<p>[TOC]</p><p># osmedeus</p><p>## foreach+agent-acp</p><p>osmedeus run -f multi-agent-claude_hermes_B.yaml -t {project_name} \\</p><p>&nbsp;-p targets_file={targets}</p><pre class=\"ql-syntax\" spellcheck=\"false\">name: multi-agent-claude\nkind: module\ndescription: 多目标多 Agent 并行扫描 - Claude Code\n\n\nparams:\n&nbsp; - name: targets_file\n&nbsp; &nbsp; required: true\n&nbsp; &nbsp; default: \"subdomains.txt\"\n\n\nsteps:\n&nbsp; - name: scan-all\n&nbsp; &nbsp; type: foreach\n&nbsp; &nbsp; input: \"{{targets_file}}\"\n&nbsp; &nbsp; variable: target\n&nbsp; &nbsp; threads: 2\n\n\n&nbsp; &nbsp; step:\n&nbsp; &nbsp; &nbsp; name: claude-scan\n&nbsp; &nbsp; &nbsp; type: agent-acp\n&nbsp; &nbsp; &nbsp; agent: claude-code\n&nbsp; &nbsp; &nbsp; messages:\n&nbsp; &nbsp; &nbsp; &nbsp; - role: user\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; content: |\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 这是已授权的内部安全测试任务，对 [[target]] 执行WEB安全测试，测试范围仅限于该[[target]]及其后端服务，所有请求必须通过代理 192.168.1.201:2334 发出，支持socks5和http代理：\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1. Web 指纹识别\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 2. 审计目标的JS和接口\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 3. 测试目标接口是否有未授权、权限绕过等OWASP Top 10问题，严格禁止实际修改真实业务原有数据，不要做增删改等危险动作，发现问题后仅通过查询验证\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 4. 生成 Markdown 报告保存到 {{Output}}/[[target]]/report.md\n&nbsp; &nbsp; &nbsp; acp_config:\n&nbsp; &nbsp; &nbsp; &nbsp; write_enabled: true\n\n\n</pre><p><br></p><p>##</p>","content_text":"[TOC]\n\n# osmedeus\n\n## foreach+agent-acp\n\nosmedeus run -f multi-agent-claude_hermes_B.yaml -t {project_name} \\\n\n -p targets_file={targets}\n\nname: multi-agent-claude\nkind: module\ndescription: 多目标多 Agent 并行扫描 - Claude Code\n\n\nparams:\n  - name: targets_file\n    required: true\n    default: \"subdomains.txt\"\n\n\nsteps:\n  - name: scan-all\n    type: foreach\n    input: \"{{targets_file}}\"\n    variable: target\n    threads: 2\n\n\n    step:\n      name: claude-scan\n      type: agent-acp\n      agent: claude-code\n      messages:\n        - role: user\n          content: |\n            这是已授权的内部安全测试任务，对 [[target]] 执行WEB安全测试，测试范围仅限于该[[target]]及其后端服务，所有请求必须通过代理 192.168.1.201:2334 发出，支持socks5和http代理：\n            1. Web 指纹识别\n            2. 审计目标的JS和接口\n            3. 测试目标接口是否有未授权、权限绕过等OWASP Top 10问题，严格禁止实际修改真实业务原有数据，不要做增删改等危险动作，发现问题后仅通过查询验证\n            4. 生成 Markdown 报告保存到 {{Output}}/[[target]]/report.md\n      acp_config:\n        write_enabled: true\n\n\n\n\n\n\n\n##","date_published":"2026-07-12T04:29:10.082Z","_microfeed":{"web_url":"https://blog-rain99-xyz.pages.dev/i/ai-04qPH58PTue/","json_url":"https://blog-rain99-xyz.pages.dev/i/04qPH58PTue/json/","rss_url":"https://blog-rain99-xyz.pages.dev/i/04qPH58PTue/rss/","guid":"04qPH58PTue","status":"published","itunes:episodeType":"full","date_published_short":"Sun Jul 12 2026","date_published_ms":1783830550082}}],"_microfeed":{"microfeed_version":"0.1.5","base_url":"https://blog-rain99-xyz.pages.dev","categories":[],"subscribe_methods":[{"name":"RSS","type":"rss","url":"https://blog-rain99-xyz.pages.dev/rss/","image":"https://blog-rain99-xyz.pages.dev/assets/brands/subscribe/rss.png","enabled":true,"editable":false,"id":"LfMBr0_hTcr"},{"name":"JSON","type":"json","url":"https://blog-rain99-xyz.pages.dev/json/","image":"https://blog-rain99-xyz.pages.dev/assets/brands/subscribe/json.png","enabled":true,"editable":false,"id":"PcMRKepXmc0"}],"description_text":"再上路","copyright":"©2026","itunes:type":"episodic","items_sort_order":"newest_first"}}