joy-cli/docs/ops/manhuang-guishi-probe.md
feibisi 2c6281d041 feat(manhuang): supply-chain dashboard, probes, and side-cache data
Expand manhuang collect/UI (tabs, markets, guishi/quote probes), add
configs and launchd helpers, ops handbooks, and scripts for channel
validation and price/threat enrichment. Keys stay in keys.env.example only.
2026-07-13 02:08:29 +08:00

152 lines
6.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 鬼市核验探针
> 总手册:[manhuang-handbook.md](./manhuang-handbook.md)(黑市/鬼市/shops/onion/管线一体)
## 运行平面:**scout only**(本机 Mac 不跑 Tor
| 角色 | 做什么 |
|------|--------|
| **scout** | Tor `:9050` · 跑 `probe-guishi.py` · 写 `~/data/manhuang/guishi/status.json` |
| **Mac** | 不跑 onion 探针;`collect` 经 scout asset 读 `guishi_probe`;可选 `ssh scout` 触发 |
### 部署
```bash
scp scripts/manhuang/probe-guishi.py scripts/manhuang/build-guishi-handbooks.py scout:~/scripts/manhuang/
ssh scout 'python3 ~/scripts/manhuang/probe-guishi.py'
# cron 已建议25 */2 * * * probe-guishi + handbooks
```
### 实测scout
- `socks: true` @ 127.0.0.1:9050
- `role: scout` · `onion_probed ≥ 0`
- Mac collect 字段:`manhuang.guishi.probe.host == scout`
## 脚本
| 脚本 | 输出scout |
|------|------|
| `~/scripts/manhuang/probe-guishi.py` | `~/data/manhuang/guishi/status.json` |
| `~/scripts/manhuang/build-guishi-handbooks.py` | `~/data/manhuang/guishi/handbooks.json` |
| cron | `25 */2 * * *`(见下) |
| Mac launchd | `run-quote-probe.sh` → ssh 触发 scout |
## 检查类
- **clearnet 首页**Ahmia / dark.fail / onion.live / abuse.ch 系 / ransomware / 论坛壳BHW·Hostloc·Linux.do·NodeSeek·V2EX/ paste / 闲鱼 goofish
- **JSON/文本 feed**CISA KEV · onionoo · HIBP · 5sim guest · urlscan brand · ransomware.live v2 · RansomLook · OpenPhish · Phishing.Database · Maltrail onion · Feodo IP · RWOS commits · ransomwatch
- **SOCKS**9050 或 9150check.torproject.org/api/ip · 合法 onion · `onion-markets.json` 白名单
- **不自动爬**:暗网商城商品页、下单、盗号店列表分页
## 白名单
```bash
cp configs/manhuang/onion-markets.example.json ~/.config/manhuang/onion-markets.json
# 编辑真实 .onionexample.onion 会被跳过
```
## API 字段
`manhuang.guishi.probe` · `handbooks` · `demand` · `channels` · `product_types` · `counts.by_depth|by_layer|by_region`
链环 **exit** → tab `mh-guishi`
## 子代理增补源(已部分接入)
见 probe 内 CLEARNET/JSON更多ThreatFox POST需 key、LeakIX需 key、urlscan brand q、自建 RSSHub TG channel。
## 深水目录 v3
`configs/manhuang/guishi-channels.json`~115 扩展条 + seed/运营渠道合并)
| 维度 | 值 |
|------|-----|
| depth | shallow / mid / deep |
| layer | osint · onion_infra · trade_grey · c2c_cn · forum · register · payment · infra |
| region | global · cn · en · ru |
| 品类 | `_guishi_product_types()` ~35Team 席、镜像面板、虚拟卡、eSIM、品牌 IOC… |
覆盖:`~/.config/manhuang/guishi-channels.json`
加载:`manhuang.guishi.channels` · `catalog_version: 3`
## 本地店表 shops.json
```bash
# 初始化 / 校验 / 同步
python3 scripts/manhuang/ensure-shops.py
python3 scripts/manhuang/ensure-shops.py --add-stub # 加可编辑位
python3 scripts/manhuang/ensure-shops.py --validate
python3 scripts/manhuang/ensure-shops.py --sync-scout # scp → scout:data/manhuang/
```
- 路径:`~/.config/manhuang/shops.json`**不进 git**)· scout `~/data/manhuang/shops.json`
- collect 合并进 `guishi.channels` + `guishi.shops`(有 handle/url → quality=signal
- demand 按 `sku_for` 匹配 capabilitycodex/claude/sms…
- 内容可为FunPay/GGSel 公开 lot、5sim、X **检索式** URL、样本发卡/中转;**勿**提交私人 TG
- probe 对有 `url` 的店做首页健康;可选 `RSSHUB_BASE` + `rsshub_path` 拉标题
- CD`ensure-cd-watches.py --shops`
- 详述:手册 [§8 本地店表](./manhuang-handbook.md)
## Torscout
```bash
bash scripts/manhuang/check-tor-scout.sh
bash scripts/manhuang/check-tor-scout.sh --restart # 可选重启 tor 服务
```
结果写入 `pipeline-last.json``tor_hint`circuit_ok / tor_down
## 品牌撞库
probe 在 OpenPhish / Phishing.Database / urlscan brand / ransomware 等 body 上扫 `BRAND_DOMAINS`(默认 feibisi/wenpai…
结果:`guishi.brand_hits` · `probe.samples`(勒索摘要、最新 HIBP 等,非全量 dump
| severity | 来源 | 推 konqi |
|----------|------|----------|
| **threat** | openphish / phishing-db / maltrail / urlhaus… | 是(`notify-guishi-brand.sh`4h 节流) |
| **exposure** | urlscan 自有域旁证 | 否(`--exposure` 可开) |
```bash
bash scripts/manhuang/notify-guishi-brand.sh
bash scripts/manhuang/notify-guishi-brand.sh --force
bash scripts/manhuang/notify-guishi-brand.sh --exposure
```
## ChangeDetection 盯 shops + 鬼市浅水
```bash
# 幂等创建缺失 watch
python3 scripts/manhuang/ensure-cd-watches.py --all-guishi
# 仅 shops.json 的 http URL
python3 scripts/manhuang/ensure-cd-watches.py --shops
# 仅 Ahmia/dark.fail/ransomware…
python3 scripts/manhuang/ensure-cd-watches.py --guishi
```
`run-quote-probe.sh` 在 scout 鬼市探针之后自动跑 `--all-guishi` + `notify-guishi-brand.sh`
## 管线健康
Mac `run-quote-probe.sh` 末尾写 `~/.cache/manhuang/pipeline-last.json`quotes / relays / CD / guishi / tab-caches 年龄)。
collect → `manhuang.pipeline` → 数据源 tab 可见。
注意:脚本 exit code 仍以 **quotes** 为主;尾部失败记 log + pipeline 快照,不伪装 quotes 失败。
## 黑市 / 鬼市分层(本质不同 · 都不在本系统成交)
| | 黑市 heishi | 鬼市 guishi |
|--|-------------|-------------|
| 对象 | 清网可审计平台、SKU 比价 | 隐渠、onion、OSINT、shops |
| 能做 | 探价、demand 挂钩、价差/缺口推 konqi | Tor 标题探活、品牌撞库、目录质量 |
| 不做 | 代下单/代付 | 登录市场、爬商品分页、自动成交 |
- 明面 `marketplace` **heishi kind 优先**
- 鬼市:`signal|live|placeholder`onion **标题级**`<title>`),白名单见 `onion-markets.json`
- 大胆观察可以,**成交在系统外人工**。
### Onion 白名单
```bash
cp configs/manhuang/onion-markets.example.json ~/.config/manhuang/onion-markets.json
# 同步 scout:
scp ~/.config/manhuang/onion-markets.json scout:data/manhuang/
```