优化下载逻辑

feat(search): add result export functionality and pagination limit support
- Add optional limit parameter to AssetSearchService.search() method for controlling result set size - Implement AssetSearchExportView for exporting search results as CSV files with UTF-8 BOM encoding - Add CSV export endpoint at GET /api/assets/search/export/ with configurable MAX_EXPORT_ROWS limit (10000) - Support both website and endpoint asset types with type-specific column mappings in CSV export - Format array fields (tech, matched_gf_patterns) and dates appropriately in exported CSV - Update URL routing to include new search export endpoint - Update views __init__.py to export AssetSearchExportView - Add CSV generation with streaming response for efficient memory usage on large exports - Update frontend search service to support export functionality - Add internationalization strings for export feature in en.json and zh.json - Update smart-filter-input and search-results-table components to support export UI - Update installation and Docker startup scripts for deployment compatibility
2026-02-01 04:03:23 +08:00 · 2026-01-03 13:32:58 +08:00 · 2026-01-03 13:22:21 +08:00 · 2026-01-03 12:41:20 +08:00 · 2026-01-03 09:08:25 +08:00 · 2026-01-03 00:33:26 +00:00
275 changed files with 25665 additions and 12185 deletions
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -112,28 +112,59 @@ jobs:
          sbom: false

  # 所有镜像构建成功后，更新 VERSION 文件
-  # 只有正式版本（不含 -dev, -alpha, -beta, -rc 等后缀）才更新
+  # 根据 tag 所在的分支更新对应分支的 VERSION 文件
  update-version:
    runs-on: ubuntu-latest
    needs: build
-    if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-')
+    if: startsWith(github.ref, 'refs/tags/v')
    steps:
-      - name: Checkout
+      - name: Checkout repository
        uses: actions/checkout@v4
        with:
-          ref: main
+          fetch-depth: 0  # 获取完整历史，用于判断 tag 所在分支
          token: ${{ secrets.GITHUB_TOKEN }}

+      - name: Determine source branch and version
+        id: branch
+        run: |
+          VERSION="${GITHUB_REF#refs/tags/}"
+          
+          # 查找包含此 tag 的分支
+          BRANCHES=$(git branch -r --contains ${{ github.ref_name }})
+          echo "Branches containing tag: $BRANCHES"
+          
+          # 判断 tag 来自哪个分支
+          if echo "$BRANCHES" | grep -q "origin/main"; then
+            TARGET_BRANCH="main"
+            UPDATE_LATEST="true"
+          elif echo "$BRANCHES" | grep -q "origin/dev"; then
+            TARGET_BRANCH="dev"
+            UPDATE_LATEST="false"
+          else
+            echo "Warning: Tag not found in main or dev branch, defaulting to main"
+            TARGET_BRANCH="main"
+            UPDATE_LATEST="false"
+          fi
+          
+          echo "BRANCH=$TARGET_BRANCH" >> $GITHUB_OUTPUT
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "UPDATE_LATEST=$UPDATE_LATEST" >> $GITHUB_OUTPUT
+          echo "Will update VERSION on branch: $TARGET_BRANCH"
+
+      - name: Checkout target branch
+        run: |
+          git checkout ${{ steps.branch.outputs.BRANCH }}
+
      - name: Update VERSION file
        run: |
-          VERSION="${GITHUB_REF#refs/tags/}"
+          VERSION="${{ steps.branch.outputs.VERSION }}"
          echo "$VERSION" > VERSION
-          echo "Updated VERSION to $VERSION"
+          echo "Updated VERSION to $VERSION on branch ${{ steps.branch.outputs.BRANCH }}"

      - name: Commit and push
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add VERSION
-          git diff --staged --quiet || git commit -m "chore: bump version to ${GITHUB_REF#refs/tags/}"
-          git push
+          git diff --staged --quiet || git commit -m "chore: bump version to ${{ steps.branch.outputs.VERSION }}"
+          git push origin ${{ steps.branch.outputs.BRANCH }}
--- a/README.md
+++ b/README.md
@@ -13,14 +13,14 @@

 <p align="center">
  <a href="#-功能特性">功能特性</a> •
+  <a href="#-全局资产搜索">资产搜索</a> •
  <a href="#-快速开始">快速开始</a> •
  <a href="#-文档">文档</a> •
-  <a href="#-技术栈">技术栈</a> •
  <a href="#-反馈与贡献">反馈与贡献</a>
 </p>

 <p align="center">
-  <sub>🔍 关键词: ASM | 攻击面管理 | 漏洞扫描 | 资产发现 | Bug Bounty | 渗透测试 | Nuclei | 子域名枚举 | EASM</sub>
+  <sub>🔍 关键词: ASM | 攻击面管理 | 漏洞扫描 | 资产发现 | 资产搜索 | Bug Bounty | 渗透测试 | Nuclei | 子域名枚举 | EASM</sub>
 </p>

 ---
@@ -62,9 +62,14 @@
 - **自定义流程** - YAML 配置扫描流程，灵活编排
 - **定时扫描** - Cron 表达式配置，自动化周期扫描

+### 🔖 指纹识别
+- **多源指纹库** - 内置 EHole、Goby、Wappalyzer、Fingers、FingerPrintHub、ARL 等 2.7W+ 指纹规则
+- **自动识别** - 扫描流程自动执行，识别 Web 应用技术栈
+- **指纹管理** - 支持查询、导入、导出指纹规则
+
 #### 扫描流程架构

-完整的扫描流程包括：子域名发现、端口扫描、站点发现、URL 收集、目录扫描、漏洞扫描等阶段
+完整的扫描流程包括：子域名发现、端口扫描、站点发现、指纹识别、URL 收集、目录扫描、漏洞扫描等阶段

 ```mermaid
 flowchart LR
@@ -75,7 +80,8 @@ flowchart LR
        SUB["子域名发现<br/>subfinder, amass, puredns"]
        PORT["端口扫描<br/>naabu"]
        SITE["站点识别<br/>httpx"]
-        SUB --> PORT --> SITE
+        FINGER["指纹识别<br/>xingfinger"]
+        SUB --> PORT --> SITE --> FINGER
    end
    
    subgraph STAGE2["阶段 2: 深度分析"]
@@ -91,7 +97,7 @@ flowchart LR
    FINISH["扫描完成"]
    
    START --> STAGE1
-    SITE --> STAGE2
+    FINGER --> STAGE2
    STAGE2 --> STAGE3
    STAGE3 --> FINISH
    
@@ -103,6 +109,7 @@ flowchart LR
    style SUB fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff
    style PORT fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff
    style SITE fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff
+    style FINGER fill:#5dade2,stroke:#3498db,stroke-width:1px,color:#fff
    style URL fill:#bb8fce,stroke:#9b59b6,stroke-width:1px,color:#fff
    style DIR fill:#bb8fce,stroke:#9b59b6,stroke-width:1px,color:#fff
    style VULN fill:#f0b27a,stroke:#e67e22,stroke-width:1px,color:#fff
@@ -155,6 +162,30 @@ flowchart TB
    W3 -.心跳上报.-> REDIS
 ```

+### 🔎 全局资产搜索
+- **多类型搜索** - 支持 Website 和 Endpoint 两种资产类型
+- **表达式语法** - 支持 `=`（模糊）、`==`（精确）、`!=`（不等于）操作符
+- **逻辑组合** - 支持 `&&` (AND) 和 `||` (OR) 逻辑组合
+- **多字段查询** - 支持 host、url、title、tech、status、body、header 字段
+- **CSV 导出** - 流式导出全部搜索结果，无数量限制
+
+#### 搜索语法示例
+
+```bash
+# 基础搜索
+host="api"                    # host 包含 "api"
+status=="200"                 # 状态码精确等于 200
+tech="nginx"                  # 技术栈包含 nginx
+
+# 组合搜索
+host="api" && status=="200"   # host 包含 api 且状态码为 200
+tech="vue" || tech="react"    # 技术栈包含 vue 或 react
+
+# 复杂查询
+host="admin" && tech="php" && status=="200"
+url="/api/v1" && status!="404"
+```
+
 ### 📊 可视化界面
 - **数据统计** - 资产/漏洞统计仪表盘
 - **实时通知** - WebSocket 消息推送
@@ -165,7 +196,7 @@ flowchart TB

 ### 环境要求

- **操作系统**: Ubuntu 20.04+ / Debian 11+ （推荐）
+- **操作系统**: Ubuntu 20.04+ / Debian 11+ 
 - **硬件**: 2核 4G 内存起步，20GB+ 磁盘空间

 ### 一键安装
@@ -178,7 +209,7 @@ cd xingrin
 # 安装并启动（生产模式）
 sudo ./install.sh

-# 🇨🇳 中国大陆用户推荐使用镜像加速
+# 🇨🇳 中国大陆用户推荐使用镜像加速（第三方加速服务可能会失效，不保证长期可用）
 sudo ./install.sh --mirror
 ```

@@ -190,6 +221,7 @@ sudo ./install.sh --mirror
 ### 访问服务

 - **Web 界面**: `https://ip:8083` 
+- **默认账号**: admin / admin（首次登录后请修改密码）

 ### 常用命令

@@ -211,13 +243,12 @@ sudo ./uninstall.sh

 - 🐛 **如果发现 Bug** 可以点击右边链接进行提交 [Issue](https://github.com/yyhuni/xingrin/issues)
 - 💡 **有新想法，比如UI设计，功能设计等** 欢迎点击右边链接进行提交建议 [Issue](https://github.com/yyhuni/xingrin/issues)
- 🔧 **想参与开发？** 关注我公众号与我个人联系

 ## 📧 联系
 - 目前版本就我个人使用，可能会有很多边界问题
 - 如有问题，建议，其他，优先提交[Issue](https://github.com/yyhuni/xingrin/issues)，也可以直接给我的公众号发消息，我都会回复的

- 微信公众号: **洋洋的小黑屋**
+- 微信公众号: **塔罗安全学苑**

 <img src="docs/wechat-qrcode.png" alt="微信公众号" width="200">

--- a/2
+++ b/2
@@ -1 +1 @@
-v1.1.14
+v1.3.2-dev
--- a/backend/apps/asset/apps.py
+++ b/backend/apps/asset/apps.py
@@ -1,5 +1,10 @@
+import logging
+import sys
+
 from django.apps import AppConfig

+logger = logging.getLogger(__name__)
+

 class AssetConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
@@ -8,3 +13,94 @@ class AssetConfig(AppConfig):
    def ready(self):
        # 导入所有模型以确保Django发现并注册
        from . import models
+        
+        # 启用 pg_trgm 扩展（用于文本模糊搜索索引）
+        # 用于已有数据库升级场景
+        self._ensure_pg_trgm_extension()
+        
+        # 验证 pg_ivm 扩展是否可用（用于 IMMV 增量维护）
+        self._verify_pg_ivm_extension()
+    
+    def _ensure_pg_trgm_extension(self):
+        """
+        确保 pg_trgm 扩展已启用。
+        该扩展用于 response_body 和 response_headers 字段的 GIN 索引，
+        支持高效的文本模糊搜索。
+        """
+        from django.db import connection
+        
+        # 检查是否为 PostgreSQL 数据库
+        if connection.vendor != 'postgresql':
+            logger.debug("跳过 pg_trgm 扩展：当前数据库不是 PostgreSQL")
+            return
+        
+        try:
+            with connection.cursor() as cursor:
+                cursor.execute("CREATE EXTENSION IF NOT EXISTS pg_trgm;")
+                logger.debug("pg_trgm 扩展已启用")
+        except Exception as e:
+            # 记录错误但不阻止应用启动
+            # 常见原因：权限不足（需要超级用户权限）
+            logger.warning(
+                "无法创建 pg_trgm 扩展: %s。"
+                "这可能导致 response_body 和 response_headers 字段的 GIN 索引无法正常工作。"
+                "请手动执行: CREATE EXTENSION IF NOT EXISTS pg_trgm;",
+                str(e)
+            )
+    
+    def _verify_pg_ivm_extension(self):
+        """
+        验证 pg_ivm 扩展是否可用。
+        pg_ivm 用于 IMMV（增量维护物化视图），是系统必需的扩展。
+        如果不可用，将记录错误并退出。
+        """
+        from django.db import connection
+        
+        # 检查是否为 PostgreSQL 数据库
+        if connection.vendor != 'postgresql':
+            logger.debug("跳过 pg_ivm 验证：当前数据库不是 PostgreSQL")
+            return
+        
+        # 跳过某些管理命令（如 migrate、makemigrations）
+        import sys
+        if len(sys.argv) > 1 and sys.argv[1] in ('migrate', 'makemigrations', 'collectstatic', 'check'):
+            logger.debug("跳过 pg_ivm 验证：当前为管理命令")
+            return
+        
+        try:
+            with connection.cursor() as cursor:
+                # 检查 pg_ivm 扩展是否已安装
+                cursor.execute("""
+                    SELECT COUNT(*) FROM pg_extension WHERE extname = 'pg_ivm'
+                """)
+                count = cursor.fetchone()[0]
+                
+                if count > 0:
+                    logger.info("✓ pg_ivm 扩展已启用")
+                else:
+                    # 尝试创建扩展
+                    try:
+                        cursor.execute("CREATE EXTENSION IF NOT EXISTS pg_ivm;")
+                        logger.info("✓ pg_ivm 扩展已创建并启用")
+                    except Exception as create_error:
+                        logger.error(
+                            "=" * 60 + "\n"
+                            "错误: pg_ivm 扩展未安装\n"
+                            "=" * 60 + "\n"
+                            "pg_ivm 是系统必需的扩展，用于增量维护物化视图。\n\n"
+                            "请在 PostgreSQL 服务器上安装 pg_ivm：\n"
+                            "  curl -sSL https://raw.githubusercontent.com/yyhuni/xingrin/main/docker/scripts/install-pg-ivm.sh | sudo bash\n\n"
+                            "或手动安装：\n"
+                            "  1. apt install build-essential postgresql-server-dev-15 git\n"
+                            "  2. git clone https://github.com/sraoss/pg_ivm.git && cd pg_ivm && make && make install\n"
+                            "  3. 在 postgresql.conf 中添加: shared_preload_libraries = 'pg_ivm'\n"
+                            "  4. 重启 PostgreSQL\n"
+                            "=" * 60
+                        )
+                        # 在生产环境中退出，开发环境中仅警告
+                        from django.conf import settings
+                        if not settings.DEBUG:
+                            sys.exit(1)
+                        
+        except Exception as e:
+            logger.error(f"pg_ivm 扩展验证失败: {e}")
--- a/backend/apps/asset/dtos/asset/endpoint_dto.py
+++ b/backend/apps/asset/dtos/asset/endpoint_dto.py
@@ -14,12 +14,13 @@ class EndpointDTO:
    status_code: Optional[int] = None
    content_length: Optional[int] = None
    webserver: Optional[str] = None
-    body_preview: Optional[str] = None
+    response_body: Optional[str] = None
    content_type: Optional[str] = None
    tech: Optional[List[str]] = None
    vhost: Optional[bool] = None
    location: Optional[str] = None
    matched_gf_patterns: Optional[List[str]] = None
+    response_headers: Optional[str] = None
    
    def __post_init__(self):
        if self.tech is None:
--- a/backend/apps/asset/dtos/asset/website_dto.py
+++ b/backend/apps/asset/dtos/asset/website_dto.py
@@ -17,9 +17,10 @@ class WebSiteDTO:
    webserver: str = ''
    content_type: str = ''
    tech: List[str] = None
-    body_preview: str = ''
+    response_body: str = ''
    vhost: Optional[bool] = None
    created_at: str = None
+    response_headers: str = ''
    
    def __post_init__(self):
        if self.tech is None:
--- a/backend/apps/asset/dtos/snapshot/endpoint_snapshot_dto.py
+++ b/backend/apps/asset/dtos/snapshot/endpoint_snapshot_dto.py
@@ -13,6 +13,7 @@ class EndpointSnapshotDTO:
    快照只属于 scan。
    """
    scan_id: int
+    target_id: int  # 必填，用于同步到资产表
    url: str
    host: str = ''  # 主机名（域名或IP地址）
    title: str = ''
@@ -22,10 +23,10 @@ class EndpointSnapshotDTO:
    webserver: str = ''
    content_type: str = ''
    tech: List[str] = None
-    body_preview: str = ''
+    response_body: str = ''
    vhost: Optional[bool] = None
    matched_gf_patterns: List[str] = None
-    target_id: Optional[int] = None  # 冗余字段，用于同步到资产表
+    response_headers: str = ''
    
    def __post_init__(self):
        if self.tech is None:
@@ -42,9 +43,6 @@ class EndpointSnapshotDTO:
        """
        from apps.asset.dtos.asset import EndpointDTO
        
-        if self.target_id is None:
-            raise ValueError("target_id 不能为 None，无法同步到资产表")
-        
        return EndpointDTO(
            target_id=self.target_id,
            url=self.url,
@@ -53,10 +51,11 @@ class EndpointSnapshotDTO:
            status_code=self.status_code,
            content_length=self.content_length,
            webserver=self.webserver,
-            body_preview=self.body_preview,
+            response_body=self.response_body,
            content_type=self.content_type,
            tech=self.tech if self.tech else [],
            vhost=self.vhost,
            location=self.location,
-            matched_gf_patterns=self.matched_gf_patterns if self.matched_gf_patterns else []
+            matched_gf_patterns=self.matched_gf_patterns if self.matched_gf_patterns else [],
+            response_headers=self.response_headers,
        )
--- a/backend/apps/asset/dtos/snapshot/website_snapshot_dto.py
+++ b/backend/apps/asset/dtos/snapshot/website_snapshot_dto.py
@@ -13,18 +13,19 @@ class WebsiteSnapshotDTO:
    快照只属于 scan，target 信息通过 scan.target 获取。
    """
    scan_id: int
-    target_id: int  # 仅用于传递数据，不保存到数据库
+    target_id: int  # 必填，用于同步到资产表
    url: str
    host: str
    title: str = ''
-    status: Optional[int] = None
+    status_code: Optional[int] = None  # 统一命名：status -> status_code
    content_length: Optional[int] = None
    location: str = ''
-    web_server: str = ''
+    webserver: str = ''  # 统一命名：web_server -> webserver
    content_type: str = ''
    tech: List[str] = None
-    body_preview: str = ''
+    response_body: str = ''
    vhost: Optional[bool] = None
+    response_headers: str = ''
    
    def __post_init__(self):
        if self.tech is None:
@@ -44,12 +45,13 @@ class WebsiteSnapshotDTO:
            url=self.url,
            host=self.host,
            title=self.title,
-            status_code=self.status,
+            status_code=self.status_code,
            content_length=self.content_length,
            location=self.location,
-            webserver=self.web_server,
+            webserver=self.webserver,
            content_type=self.content_type,
            tech=self.tech if self.tech else [],
-            body_preview=self.body_preview,
-            vhost=self.vhost
+            response_body=self.response_body,
+            vhost=self.vhost,
+            response_headers=self.response_headers,
        )
--- a/backend/apps/asset/migrations/0001_initial.py
+++ b/backend/apps/asset/migrations/0001_initial.py
@@ -0,0 +1,345 @@
+# Generated by Django 5.2.7 on 2026-01-02 04:45
+
+import django.contrib.postgres.fields
+import django.contrib.postgres.indexes
+import django.core.validators
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('scan', '0001_initial'),
+        ('targets', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AssetStatistics',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('total_targets', models.IntegerField(default=0, help_text='目标总数')),
+                ('total_subdomains', models.IntegerField(default=0, help_text='子域名总数')),
+                ('total_ips', models.IntegerField(default=0, help_text='IP地址总数')),
+                ('total_endpoints', models.IntegerField(default=0, help_text='端点总数')),
+                ('total_websites', models.IntegerField(default=0, help_text='网站总数')),
+                ('total_vulns', models.IntegerField(default=0, help_text='漏洞总数')),
+                ('total_assets', models.IntegerField(default=0, help_text='总资产数（子域名+IP+端点+网站）')),
+                ('prev_targets', models.IntegerField(default=0, help_text='上次目标总数')),
+                ('prev_subdomains', models.IntegerField(default=0, help_text='上次子域名总数')),
+                ('prev_ips', models.IntegerField(default=0, help_text='上次IP地址总数')),
+                ('prev_endpoints', models.IntegerField(default=0, help_text='上次端点总数')),
+                ('prev_websites', models.IntegerField(default=0, help_text='上次网站总数')),
+                ('prev_vulns', models.IntegerField(default=0, help_text='上次漏洞总数')),
+                ('prev_assets', models.IntegerField(default=0, help_text='上次总资产数')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='最后更新时间')),
+            ],
+            options={
+                'verbose_name': '资产统计',
+                'verbose_name_plural': '资产统计',
+                'db_table': 'asset_statistics',
+            },
+        ),
+        migrations.CreateModel(
+            name='StatisticsHistory',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('date', models.DateField(help_text='统计日期', unique=True)),
+                ('total_targets', models.IntegerField(default=0, help_text='目标总数')),
+                ('total_subdomains', models.IntegerField(default=0, help_text='子域名总数')),
+                ('total_ips', models.IntegerField(default=0, help_text='IP地址总数')),
+                ('total_endpoints', models.IntegerField(default=0, help_text='端点总数')),
+                ('total_websites', models.IntegerField(default=0, help_text='网站总数')),
+                ('total_vulns', models.IntegerField(default=0, help_text='漏洞总数')),
+                ('total_assets', models.IntegerField(default=0, help_text='总资产数')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='更新时间')),
+            ],
+            options={
+                'verbose_name': '统计历史',
+                'verbose_name_plural': '统计历史',
+                'db_table': 'statistics_history',
+                'ordering': ['-date'],
+                'indexes': [models.Index(fields=['date'], name='statistics__date_1d29cd_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='Directory',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.CharField(help_text='完整请求 URL', max_length=2000)),
+                ('status', models.IntegerField(blank=True, help_text='HTTP 响应状态码', null=True)),
+                ('content_length', models.BigIntegerField(blank=True, help_text='响应体字节大小（Content-Length 或实际长度）', null=True)),
+                ('words', models.IntegerField(blank=True, help_text='响应体中单词数量（按空格分割）', null=True)),
+                ('lines', models.IntegerField(blank=True, help_text='响应体行数（按换行符分割）', null=True)),
+                ('content_type', models.CharField(blank=True, default='', help_text='响应头 Content-Type 值', max_length=200)),
+                ('duration', models.BigIntegerField(blank=True, help_text='请求耗时（单位：纳秒）', null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('target', models.ForeignKey(help_text='所属的扫描目标', on_delete=django.db.models.deletion.CASCADE, related_name='directories', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '目录',
+                'verbose_name_plural': '目录',
+                'db_table': 'directory',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='directory_created_2cef03_idx'), models.Index(fields=['target'], name='directory_target__e310c8_idx'), models.Index(fields=['url'], name='directory_url_ba40cd_idx'), models.Index(fields=['status'], name='directory_status_40bbe6_idx'), django.contrib.postgres.indexes.GinIndex(fields=['url'], name='directory_url_trgm_idx', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('target', 'url'), name='unique_directory_url_target')],
+            },
+        ),
+        migrations.CreateModel(
+            name='DirectorySnapshot',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.CharField(help_text='目录URL', max_length=2000)),
+                ('status', models.IntegerField(blank=True, help_text='HTTP状态码', null=True)),
+                ('content_length', models.BigIntegerField(blank=True, help_text='内容长度', null=True)),
+                ('words', models.IntegerField(blank=True, help_text='响应体中单词数量（按空格分割）', null=True)),
+                ('lines', models.IntegerField(blank=True, help_text='响应体行数（按换行符分割）', null=True)),
+                ('content_type', models.CharField(blank=True, default='', help_text='响应头 Content-Type 值', max_length=200)),
+                ('duration', models.BigIntegerField(blank=True, help_text='请求耗时（单位：纳秒）', null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('scan', models.ForeignKey(help_text='所属的扫描任务', on_delete=django.db.models.deletion.CASCADE, related_name='directory_snapshots', to='scan.scan')),
+            ],
+            options={
+                'verbose_name': '目录快照',
+                'verbose_name_plural': '目录快照',
+                'db_table': 'directory_snapshot',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['scan'], name='directory_s_scan_id_c45900_idx'), models.Index(fields=['url'], name='directory_s_url_b4b72b_idx'), models.Index(fields=['status'], name='directory_s_status_e9f57e_idx'), models.Index(fields=['content_type'], name='directory_s_content_45e864_idx'), models.Index(fields=['-created_at'], name='directory_s_created_eb9d27_idx'), django.contrib.postgres.indexes.GinIndex(fields=['url'], name='dir_snap_url_trgm', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('scan', 'url'), name='unique_directory_per_scan_snapshot')],
+            },
+        ),
+        migrations.CreateModel(
+            name='Endpoint',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.TextField(help_text='最终访问的完整URL')),
+                ('host', models.CharField(blank=True, default='', help_text='主机名（域名或IP地址）', max_length=253)),
+                ('location', models.TextField(blank=True, default='', help_text='重定向地址（HTTP 3xx 响应头 Location）')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('title', models.TextField(blank=True, default='', help_text='网页标题（HTML <title> 标签内容）')),
+                ('webserver', models.TextField(blank=True, default='', help_text='服务器类型（HTTP 响应头 Server 值）')),
+                ('response_body', models.TextField(blank=True, default='', help_text='HTTP响应体')),
+                ('content_type', models.TextField(blank=True, default='', help_text='响应类型（HTTP Content-Type 响应头）')),
+                ('tech', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=100), blank=True, default=list, help_text='技术栈（服务器/框架/语言等）', size=None)),
+                ('status_code', models.IntegerField(blank=True, help_text='HTTP状态码', null=True)),
+                ('content_length', models.IntegerField(blank=True, help_text='响应体大小（单位字节）', null=True)),
+                ('vhost', models.BooleanField(blank=True, help_text='是否支持虚拟主机', null=True)),
+                ('matched_gf_patterns', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=100), blank=True, default=list, help_text='匹配的GF模式列表，用于识别敏感端点（如api, debug, config等）', size=None)),
+                ('response_headers', models.TextField(blank=True, default='', help_text='原始HTTP响应头')),
+                ('target', models.ForeignKey(help_text='所属的扫描目标（主关联字段，表示所属关系，不能为空）', on_delete=django.db.models.deletion.CASCADE, related_name='endpoints', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '端点',
+                'verbose_name_plural': '端点',
+                'db_table': 'endpoint',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='endpoint_created_44fe9c_idx'), models.Index(fields=['target'], name='endpoint_target__7f9065_idx'), models.Index(fields=['url'], name='endpoint_url_30f66e_idx'), models.Index(fields=['host'], name='endpoint_host_5b4cc8_idx'), models.Index(fields=['status_code'], name='endpoint_status__5d4fdd_idx'), models.Index(fields=['title'], name='endpoint_title_29e26c_idx'), django.contrib.postgres.indexes.GinIndex(fields=['tech'], name='endpoint_tech_2bfa7c_gin'), django.contrib.postgres.indexes.GinIndex(fields=['response_headers'], name='endpoint_resp_headers_trgm_idx', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['url'], name='endpoint_url_trgm_idx', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['title'], name='endpoint_title_trgm_idx', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('url', 'target'), name='unique_endpoint_url_target')],
+            },
+        ),
+        migrations.CreateModel(
+            name='EndpointSnapshot',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.TextField(help_text='端点URL')),
+                ('host', models.CharField(blank=True, default='', help_text='主机名（域名或IP地址）', max_length=253)),
+                ('title', models.TextField(blank=True, default='', help_text='页面标题')),
+                ('status_code', models.IntegerField(blank=True, help_text='HTTP状态码', null=True)),
+                ('content_length', models.IntegerField(blank=True, help_text='内容长度', null=True)),
+                ('location', models.TextField(blank=True, default='', help_text='重定向位置')),
+                ('webserver', models.TextField(blank=True, default='', help_text='Web服务器')),
+                ('content_type', models.TextField(blank=True, default='', help_text='内容类型')),
+                ('tech', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=100), blank=True, default=list, help_text='技术栈', size=None)),
+                ('response_body', models.TextField(blank=True, default='', help_text='HTTP响应体')),
+                ('vhost', models.BooleanField(blank=True, help_text='虚拟主机标志', null=True)),
+                ('matched_gf_patterns', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=100), blank=True, default=list, help_text='匹配的GF模式列表', size=None)),
+                ('response_headers', models.TextField(blank=True, default='', help_text='原始HTTP响应头')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('scan', models.ForeignKey(help_text='所属的扫描任务', on_delete=django.db.models.deletion.CASCADE, related_name='endpoint_snapshots', to='scan.scan')),
+            ],
+            options={
+                'verbose_name': '端点快照',
+                'verbose_name_plural': '端点快照',
+                'db_table': 'endpoint_snapshot',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['scan'], name='endpoint_sn_scan_id_6ac9a7_idx'), models.Index(fields=['url'], name='endpoint_sn_url_205160_idx'), models.Index(fields=['host'], name='endpoint_sn_host_577bfd_idx'), models.Index(fields=['title'], name='endpoint_sn_title_516a05_idx'), models.Index(fields=['status_code'], name='endpoint_sn_status__83efb0_idx'), models.Index(fields=['webserver'], name='endpoint_sn_webserv_66be83_idx'), models.Index(fields=['-created_at'], name='endpoint_sn_created_21fb5b_idx'), django.contrib.postgres.indexes.GinIndex(fields=['tech'], name='endpoint_sn_tech_0d0752_gin'), django.contrib.postgres.indexes.GinIndex(fields=['response_headers'], name='ep_snap_resp_hdr_trgm', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['url'], name='ep_snap_url_trgm', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['title'], name='ep_snap_title_trgm', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('scan', 'url'), name='unique_endpoint_per_scan_snapshot')],
+            },
+        ),
+        migrations.CreateModel(
+            name='HostPortMapping',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('host', models.CharField(help_text='主机名（域名或IP）', max_length=1000)),
+                ('ip', models.GenericIPAddressField(help_text='IP地址')),
+                ('port', models.IntegerField(help_text='端口号（1-65535）', validators=[django.core.validators.MinValueValidator(1, message='端口号必须大于等于1'), django.core.validators.MaxValueValidator(65535, message='端口号必须小于等于65535')])),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('target', models.ForeignKey(help_text='所属的扫描目标', on_delete=django.db.models.deletion.CASCADE, related_name='host_port_mappings', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '主机端口映射',
+                'verbose_name_plural': '主机端口映射',
+                'db_table': 'host_port_mapping',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['target'], name='host_port_m_target__943e9b_idx'), models.Index(fields=['host'], name='host_port_m_host_f78363_idx'), models.Index(fields=['ip'], name='host_port_m_ip_2e6f02_idx'), models.Index(fields=['port'], name='host_port_m_port_9fb9ff_idx'), models.Index(fields=['host', 'ip'], name='host_port_m_host_3ce245_idx'), models.Index(fields=['-created_at'], name='host_port_m_created_11cd22_idx')],
+                'constraints': [models.UniqueConstraint(fields=('target', 'host', 'ip', 'port'), name='unique_target_host_ip_port')],
+            },
+        ),
+        migrations.CreateModel(
+            name='HostPortMappingSnapshot',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('host', models.CharField(help_text='主机名（域名或IP）', max_length=1000)),
+                ('ip', models.GenericIPAddressField(help_text='IP地址')),
+                ('port', models.IntegerField(help_text='端口号（1-65535）', validators=[django.core.validators.MinValueValidator(1, message='端口号必须大于等于1'), django.core.validators.MaxValueValidator(65535, message='端口号必须小于等于65535')])),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('scan', models.ForeignKey(help_text='所属的扫描任务（主关联）', on_delete=django.db.models.deletion.CASCADE, related_name='host_port_mapping_snapshots', to='scan.scan')),
+            ],
+            options={
+                'verbose_name': '主机端口映射快照',
+                'verbose_name_plural': '主机端口映射快照',
+                'db_table': 'host_port_mapping_snapshot',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['scan'], name='host_port_m_scan_id_50ba0b_idx'), models.Index(fields=['host'], name='host_port_m_host_e99054_idx'), models.Index(fields=['ip'], name='host_port_m_ip_54818c_idx'), models.Index(fields=['port'], name='host_port_m_port_ed7b48_idx'), models.Index(fields=['host', 'ip'], name='host_port_m_host_8a463a_idx'), models.Index(fields=['scan', 'host'], name='host_port_m_scan_id_426fdb_idx'), models.Index(fields=['-created_at'], name='host_port_m_created_fb28b8_idx')],
+                'constraints': [models.UniqueConstraint(fields=('scan', 'host', 'ip', 'port'), name='unique_scan_host_ip_port_snapshot')],
+            },
+        ),
+        migrations.CreateModel(
+            name='Subdomain',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('name', models.CharField(help_text='子域名名称', max_length=1000)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('target', models.ForeignKey(help_text='所属的扫描目标（主关联字段，表示所属关系，不能为空）', on_delete=django.db.models.deletion.CASCADE, related_name='subdomains', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '子域名',
+                'verbose_name_plural': '子域名',
+                'db_table': 'subdomain',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='subdomain_created_e187a8_idx'), models.Index(fields=['name', 'target'], name='subdomain_name_60e1d0_idx'), models.Index(fields=['target'], name='subdomain_target__e409f0_idx'), models.Index(fields=['name'], name='subdomain_name_d40ba7_idx'), django.contrib.postgres.indexes.GinIndex(fields=['name'], name='subdomain_name_trgm_idx', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('name', 'target'), name='unique_subdomain_name_target')],
+            },
+        ),
+        migrations.CreateModel(
+            name='SubdomainSnapshot',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('name', models.CharField(help_text='子域名名称', max_length=1000)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('scan', models.ForeignKey(help_text='所属的扫描任务', on_delete=django.db.models.deletion.CASCADE, related_name='subdomain_snapshots', to='scan.scan')),
+            ],
+            options={
+                'verbose_name': '子域名快照',
+                'verbose_name_plural': '子域名快照',
+                'db_table': 'subdomain_snapshot',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['scan'], name='subdomain_s_scan_id_68c253_idx'), models.Index(fields=['name'], name='subdomain_s_name_2da42b_idx'), models.Index(fields=['-created_at'], name='subdomain_s_created_d2b48e_idx'), django.contrib.postgres.indexes.GinIndex(fields=['name'], name='subdomain_snap_name_trgm', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('scan', 'name'), name='unique_subdomain_per_scan_snapshot')],
+            },
+        ),
+        migrations.CreateModel(
+            name='Vulnerability',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.CharField(help_text='漏洞所在的URL', max_length=2000)),
+                ('vuln_type', models.CharField(help_text='漏洞类型（如 xss, sqli）', max_length=100)),
+                ('severity', models.CharField(choices=[('unknown', '未知'), ('info', '信息'), ('low', '低'), ('medium', '中'), ('high', '高'), ('critical', '危急')], default='unknown', help_text='严重性（未知/信息/低/中/高/危急）', max_length=20)),
+                ('source', models.CharField(blank=True, default='', help_text='来源工具（如 dalfox, nuclei, crlfuzz）', max_length=50)),
+                ('cvss_score', models.DecimalField(blank=True, decimal_places=1, help_text='CVSS 评分（0.0-10.0）', max_digits=3, null=True)),
+                ('description', models.TextField(blank=True, default='', help_text='漏洞描述')),
+                ('raw_output', models.JSONField(blank=True, default=dict, help_text='工具原始输出')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('target', models.ForeignKey(help_text='所属的扫描目标', on_delete=django.db.models.deletion.CASCADE, related_name='vulnerabilities', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '漏洞',
+                'verbose_name_plural': '漏洞',
+                'db_table': 'vulnerability',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['target'], name='vulnerabili_target__755a02_idx'), models.Index(fields=['vuln_type'], name='vulnerabili_vuln_ty_3010cd_idx'), models.Index(fields=['severity'], name='vulnerabili_severit_1a798b_idx'), models.Index(fields=['source'], name='vulnerabili_source_7c7552_idx'), models.Index(fields=['url'], name='vulnerabili_url_4dcc4d_idx'), models.Index(fields=['-created_at'], name='vulnerabili_created_e25ff7_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='VulnerabilitySnapshot',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.CharField(help_text='漏洞所在的URL', max_length=2000)),
+                ('vuln_type', models.CharField(help_text='漏洞类型（如 xss, sqli）', max_length=100)),
+                ('severity', models.CharField(choices=[('unknown', '未知'), ('info', '信息'), ('low', '低'), ('medium', '中'), ('high', '高'), ('critical', '危急')], default='unknown', help_text='严重性（未知/信息/低/中/高/危急）', max_length=20)),
+                ('source', models.CharField(blank=True, default='', help_text='来源工具（如 dalfox, nuclei, crlfuzz）', max_length=50)),
+                ('cvss_score', models.DecimalField(blank=True, decimal_places=1, help_text='CVSS 评分（0.0-10.0）', max_digits=3, null=True)),
+                ('description', models.TextField(blank=True, default='', help_text='漏洞描述')),
+                ('raw_output', models.JSONField(blank=True, default=dict, help_text='工具原始输出')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('scan', models.ForeignKey(help_text='所属的扫描任务', on_delete=django.db.models.deletion.CASCADE, related_name='vulnerability_snapshots', to='scan.scan')),
+            ],
+            options={
+                'verbose_name': '漏洞快照',
+                'verbose_name_plural': '漏洞快照',
+                'db_table': 'vulnerability_snapshot',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['scan'], name='vulnerabili_scan_id_7b81c9_idx'), models.Index(fields=['url'], name='vulnerabili_url_11a707_idx'), models.Index(fields=['vuln_type'], name='vulnerabili_vuln_ty_6b90ee_idx'), models.Index(fields=['severity'], name='vulnerabili_severit_4eae0d_idx'), models.Index(fields=['source'], name='vulnerabili_source_968b1f_idx'), models.Index(fields=['-created_at'], name='vulnerabili_created_53a12e_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='WebSite',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.TextField(help_text='最终访问的完整URL')),
+                ('host', models.CharField(blank=True, default='', help_text='主机名（域名或IP地址）', max_length=253)),
+                ('location', models.TextField(blank=True, default='', help_text='重定向地址（HTTP 3xx 响应头 Location）')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('title', models.TextField(blank=True, default='', help_text='网页标题（HTML <title> 标签内容）')),
+                ('webserver', models.TextField(blank=True, default='', help_text='服务器类型（HTTP 响应头 Server 值）')),
+                ('response_body', models.TextField(blank=True, default='', help_text='HTTP响应体')),
+                ('content_type', models.TextField(blank=True, default='', help_text='响应类型（HTTP Content-Type 响应头）')),
+                ('tech', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=100), blank=True, default=list, help_text='技术栈（服务器/框架/语言等）', size=None)),
+                ('status_code', models.IntegerField(blank=True, help_text='HTTP状态码', null=True)),
+                ('content_length', models.IntegerField(blank=True, help_text='响应体大小（单位字节）', null=True)),
+                ('vhost', models.BooleanField(blank=True, help_text='是否支持虚拟主机', null=True)),
+                ('response_headers', models.TextField(blank=True, default='', help_text='原始HTTP响应头')),
+                ('target', models.ForeignKey(help_text='所属的扫描目标（主关联字段，表示所属关系，不能为空）', on_delete=django.db.models.deletion.CASCADE, related_name='websites', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '站点',
+                'verbose_name_plural': '站点',
+                'db_table': 'website',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='website_created_c9cfd2_idx'), models.Index(fields=['url'], name='website_url_b18883_idx'), models.Index(fields=['host'], name='website_host_996b50_idx'), models.Index(fields=['target'], name='website_target__2a353b_idx'), models.Index(fields=['title'], name='website_title_c2775b_idx'), models.Index(fields=['status_code'], name='website_status__51663d_idx'), django.contrib.postgres.indexes.GinIndex(fields=['tech'], name='website_tech_e3f0cb_gin'), django.contrib.postgres.indexes.GinIndex(fields=['response_headers'], name='website_resp_headers_trgm_idx', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['url'], name='website_url_trgm_idx', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['title'], name='website_title_trgm_idx', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('url', 'target'), name='unique_website_url_target')],
+            },
+        ),
+        migrations.CreateModel(
+            name='WebsiteSnapshot',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.TextField(help_text='站点URL')),
+                ('host', models.CharField(blank=True, default='', help_text='主机名（域名或IP地址）', max_length=253)),
+                ('title', models.TextField(blank=True, default='', help_text='页面标题')),
+                ('status_code', models.IntegerField(blank=True, help_text='HTTP状态码', null=True)),
+                ('content_length', models.BigIntegerField(blank=True, help_text='内容长度', null=True)),
+                ('location', models.TextField(blank=True, default='', help_text='重定向位置')),
+                ('webserver', models.TextField(blank=True, default='', help_text='Web服务器')),
+                ('content_type', models.TextField(blank=True, default='', help_text='内容类型')),
+                ('tech', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=100), blank=True, default=list, help_text='技术栈', size=None)),
+                ('response_body', models.TextField(blank=True, default='', help_text='HTTP响应体')),
+                ('vhost', models.BooleanField(blank=True, help_text='虚拟主机标志', null=True)),
+                ('response_headers', models.TextField(blank=True, default='', help_text='原始HTTP响应头')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('scan', models.ForeignKey(help_text='所属的扫描任务', on_delete=django.db.models.deletion.CASCADE, related_name='website_snapshots', to='scan.scan')),
+            ],
+            options={
+                'verbose_name': '网站快照',
+                'verbose_name_plural': '网站快照',
+                'db_table': 'website_snapshot',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['scan'], name='website_sna_scan_id_26b6dc_idx'), models.Index(fields=['url'], name='website_sna_url_801a70_idx'), models.Index(fields=['host'], name='website_sna_host_348fe1_idx'), models.Index(fields=['title'], name='website_sna_title_b1a5ee_idx'), models.Index(fields=['-created_at'], name='website_sna_created_2c149a_idx'), django.contrib.postgres.indexes.GinIndex(fields=['tech'], name='website_sna_tech_3d6d2f_gin'), django.contrib.postgres.indexes.GinIndex(fields=['response_headers'], name='ws_snap_resp_hdr_trgm', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['url'], name='ws_snap_url_trgm', opclasses=['gin_trgm_ops']), django.contrib.postgres.indexes.GinIndex(fields=['title'], name='ws_snap_title_trgm', opclasses=['gin_trgm_ops'])],
+                'constraints': [models.UniqueConstraint(fields=('scan', 'url'), name='unique_website_per_scan_snapshot')],
+            },
+        ),
+    ]
--- a/backend/apps/asset/migrations/0002_create_search_materialized_view.py
+++ b/backend/apps/asset/migrations/0002_create_search_materialized_view.py
@@ -0,0 +1,187 @@
+"""
+创建资产搜索 IMMV（增量维护物化视图）
+
+使用 pg_ivm 扩展创建 IMMV，数据变更时自动增量更新，无需手动刷新。
+
+包含：
+1. asset_search_view - Website 搜索视图
+2. endpoint_search_view - Endpoint 搜索视图
+"""
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('asset', '0001_initial'),
+    ]
+
+    operations = [
+        # 1. 确保 pg_ivm 扩展已启用
+        migrations.RunSQL(
+            sql="CREATE EXTENSION IF NOT EXISTS pg_ivm;",
+            reverse_sql="-- pg_ivm extension kept for other uses"
+        ),
+        
+        # ==================== Website IMMV ====================
+        
+        # 2. 创建 asset_search_view IMMV
+        migrations.RunSQL(
+            sql="""
+                SELECT pgivm.create_immv('asset_search_view', $$
+                    SELECT 
+                        w.id,
+                        w.url,
+                        w.host,
+                        w.title,
+                        w.tech,
+                        w.status_code,
+                        w.response_headers,
+                        w.response_body,
+                        w.content_type,
+                        w.content_length,
+                        w.webserver,
+                        w.location,
+                        w.vhost,
+                        w.created_at,
+                        w.target_id
+                    FROM website w
+                $$);
+            """,
+            reverse_sql="SELECT pgivm.drop_immv('asset_search_view');"
+        ),
+        
+        # 3. 创建 asset_search_view 索引
+        migrations.RunSQL(
+            sql="""
+                -- 唯一索引
+                CREATE UNIQUE INDEX IF NOT EXISTS asset_search_view_id_idx 
+                ON asset_search_view (id);
+                
+                -- host 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_host_trgm_idx 
+                ON asset_search_view USING gin (host gin_trgm_ops);
+                
+                -- title 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_title_trgm_idx 
+                ON asset_search_view USING gin (title gin_trgm_ops);
+                
+                -- url 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_url_trgm_idx 
+                ON asset_search_view USING gin (url gin_trgm_ops);
+                
+                -- response_headers 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_headers_trgm_idx 
+                ON asset_search_view USING gin (response_headers gin_trgm_ops);
+                
+                -- response_body 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_body_trgm_idx 
+                ON asset_search_view USING gin (response_body gin_trgm_ops);
+                
+                -- tech 数组索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_tech_idx 
+                ON asset_search_view USING gin (tech);
+                
+                -- status_code 索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_status_idx 
+                ON asset_search_view (status_code);
+                
+                -- created_at 排序索引
+                CREATE INDEX IF NOT EXISTS asset_search_view_created_idx 
+                ON asset_search_view (created_at DESC);
+            """,
+            reverse_sql="""
+                DROP INDEX IF EXISTS asset_search_view_id_idx;
+                DROP INDEX IF EXISTS asset_search_view_host_trgm_idx;
+                DROP INDEX IF EXISTS asset_search_view_title_trgm_idx;
+                DROP INDEX IF EXISTS asset_search_view_url_trgm_idx;
+                DROP INDEX IF EXISTS asset_search_view_headers_trgm_idx;
+                DROP INDEX IF EXISTS asset_search_view_body_trgm_idx;
+                DROP INDEX IF EXISTS asset_search_view_tech_idx;
+                DROP INDEX IF EXISTS asset_search_view_status_idx;
+                DROP INDEX IF EXISTS asset_search_view_created_idx;
+            """
+        ),
+
+        # ==================== Endpoint IMMV ====================
+        
+        # 4. 创建 endpoint_search_view IMMV
+        migrations.RunSQL(
+            sql="""
+                SELECT pgivm.create_immv('endpoint_search_view', $$
+                    SELECT 
+                        e.id,
+                        e.url,
+                        e.host,
+                        e.title,
+                        e.tech,
+                        e.status_code,
+                        e.response_headers,
+                        e.response_body,
+                        e.content_type,
+                        e.content_length,
+                        e.webserver,
+                        e.location,
+                        e.vhost,
+                        e.matched_gf_patterns,
+                        e.created_at,
+                        e.target_id
+                    FROM endpoint e
+                $$);
+            """,
+            reverse_sql="SELECT pgivm.drop_immv('endpoint_search_view');"
+        ),
+        
+        # 5. 创建 endpoint_search_view 索引
+        migrations.RunSQL(
+            sql="""
+                -- 唯一索引
+                CREATE UNIQUE INDEX IF NOT EXISTS endpoint_search_view_id_idx 
+                ON endpoint_search_view (id);
+                
+                -- host 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_host_trgm_idx 
+                ON endpoint_search_view USING gin (host gin_trgm_ops);
+                
+                -- title 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_title_trgm_idx 
+                ON endpoint_search_view USING gin (title gin_trgm_ops);
+                
+                -- url 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_url_trgm_idx 
+                ON endpoint_search_view USING gin (url gin_trgm_ops);
+                
+                -- response_headers 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_headers_trgm_idx 
+                ON endpoint_search_view USING gin (response_headers gin_trgm_ops);
+                
+                -- response_body 模糊搜索索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_body_trgm_idx 
+                ON endpoint_search_view USING gin (response_body gin_trgm_ops);
+                
+                -- tech 数组索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_tech_idx 
+                ON endpoint_search_view USING gin (tech);
+                
+                -- status_code 索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_status_idx 
+                ON endpoint_search_view (status_code);
+                
+                -- created_at 排序索引
+                CREATE INDEX IF NOT EXISTS endpoint_search_view_created_idx 
+                ON endpoint_search_view (created_at DESC);
+            """,
+            reverse_sql="""
+                DROP INDEX IF EXISTS endpoint_search_view_id_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_host_trgm_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_title_trgm_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_url_trgm_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_headers_trgm_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_body_trgm_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_tech_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_status_idx;
+                DROP INDEX IF EXISTS endpoint_search_view_created_idx;
+            """
+        ),
+    ]
--- a/backend/apps/asset/models/asset_models.py
+++ b/backend/apps/asset/models/asset_models.py
@@ -1,6 +1,7 @@

 from django.db import models
 from django.contrib.postgres.fields import ArrayField
+from django.contrib.postgres.indexes import GinIndex
 from django.core.validators import MinValueValidator, MaxValueValidator


@@ -34,6 +35,12 @@ class Subdomain(models.Model):
            models.Index(fields=['name', 'target']),  # 复合索引，优化 get_by_names_and_target_id 批量查询
            models.Index(fields=['target']),     # 优化从target_id快速查找下面的子域名
            models.Index(fields=['name']),            # 优化从name快速查找子域名，搜索场景
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='subdomain_name_trgm_idx',
+                fields=['name'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 普通唯一约束：name + target 组合唯一
@@ -58,40 +65,35 @@ class Endpoint(models.Model):
        help_text='所属的扫描目标（主关联字段，表示所属关系，不能为空）'
    )
    
-    url = models.CharField(max_length=2000, help_text='最终访问的完整URL')
+    url = models.TextField(help_text='最终访问的完整URL')
    host = models.CharField(
        max_length=253,
        blank=True,
        default='',
        help_text='主机名（域名或IP地址）'
    )
-    location = models.CharField(
-        max_length=1000,
+    location = models.TextField(
        blank=True,
        default='',
        help_text='重定向地址（HTTP 3xx 响应头 Location）'
    )
    created_at = models.DateTimeField(auto_now_add=True, help_text='创建时间')
-    title = models.CharField(
-        max_length=1000,
+    title = models.TextField(
        blank=True,
        default='',
        help_text='网页标题（HTML <title> 标签内容）'
    )
-    webserver = models.CharField(
-        max_length=200,
+    webserver = models.TextField(
        blank=True,
        default='',
        help_text='服务器类型（HTTP 响应头 Server 值）'
    )
-    body_preview = models.CharField(
-        max_length=1000,
+    response_body = models.TextField(
        blank=True,
        default='',
-        help_text='响应正文前N个字符（默认100个字符）'
+        help_text='HTTP响应体'
    )
-    content_type = models.CharField(
-        max_length=200,
+    content_type = models.TextField(
        blank=True,
        default='',
        help_text='响应类型（HTTP Content-Type 响应头）'
@@ -123,6 +125,11 @@ class Endpoint(models.Model):
        default=list,
        help_text='匹配的GF模式列表，用于识别敏感端点（如api, debug, config等）'
    )
+    response_headers = models.TextField(
+        blank=True,
+        default='',
+        help_text='原始HTTP响应头'
+    )

    class Meta:
        db_table = 'endpoint'
@@ -131,11 +138,28 @@ class Endpoint(models.Model):
        ordering = ['-created_at']
        indexes = [
            models.Index(fields=['-created_at']),
-            models.Index(fields=['target']),       # 优化从target_id快速查找下面的端点（主关联字段）
+            models.Index(fields=['target']),       # 优化从 target_id快速查找下面的端点（主关联字段）
            models.Index(fields=['url']),          # URL索引，优化查询性能
            models.Index(fields=['host']),         # host索引，优化根据主机名查询
            models.Index(fields=['status_code']),  # 状态码索引，优化筛选
            models.Index(fields=['title']),        # title索引，优化智能过滤搜索
+            GinIndex(fields=['tech']),             # GIN索引，优化 tech 数组字段的 __contains 查询
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='endpoint_resp_headers_trgm_idx',
+                fields=['response_headers'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='endpoint_url_trgm_idx',
+                fields=['url'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='endpoint_title_trgm_idx',
+                fields=['title'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 普通唯一约束：url + target 组合唯一
@@ -160,40 +184,35 @@ class WebSite(models.Model):
        help_text='所属的扫描目标（主关联字段，表示所属关系，不能为空）'
    )

-    url = models.CharField(max_length=2000, help_text='最终访问的完整URL')
+    url = models.TextField(help_text='最终访问的完整URL')
    host = models.CharField(
        max_length=253,
        blank=True,
        default='',
        help_text='主机名（域名或IP地址）'
    )
-    location = models.CharField(
-        max_length=1000,
+    location = models.TextField(
        blank=True,
        default='',
        help_text='重定向地址（HTTP 3xx 响应头 Location）'
    )
    created_at = models.DateTimeField(auto_now_add=True, help_text='创建时间')
-    title = models.CharField(
-        max_length=1000,
+    title = models.TextField(
        blank=True,
        default='',
        help_text='网页标题（HTML <title> 标签内容）'
    )
-    webserver = models.CharField(
-        max_length=200,
+    webserver = models.TextField(
        blank=True,
        default='',
        help_text='服务器类型（HTTP 响应头 Server 值）'
    )
-    body_preview = models.CharField(
-        max_length=1000,
+    response_body = models.TextField(
        blank=True,
        default='',
-        help_text='响应正文前N个字符（默认100个字符）'
+        help_text='HTTP响应体'
    )
-    content_type = models.CharField(
-        max_length=200,
+    content_type = models.TextField(
        blank=True,
        default='',
        help_text='响应类型（HTTP Content-Type 响应头）'
@@ -219,6 +238,11 @@ class WebSite(models.Model):
        blank=True,
        help_text='是否支持虚拟主机'
    )
+    response_headers = models.TextField(
+        blank=True,
+        default='',
+        help_text='原始HTTP响应头'
+    )

    class Meta:
        db_table = 'website'
@@ -229,9 +253,26 @@ class WebSite(models.Model):
            models.Index(fields=['-created_at']),
            models.Index(fields=['url']),  # URL索引，优化查询性能
            models.Index(fields=['host']),  # host索引，优化根据主机名查询
-            models.Index(fields=['target']),     # 优化从target_id快速查找下面的站点
+            models.Index(fields=['target']),     # 优化从 target_id快速查找下面的站点
            models.Index(fields=['title']),      # title索引，优化智能过滤搜索
            models.Index(fields=['status_code']),  # 状态码索引，优化智能过滤搜索
+            GinIndex(fields=['tech']),  # GIN索引，优化 tech 数组字段的 __contains 查询
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='website_resp_headers_trgm_idx',
+                fields=['response_headers'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='website_url_trgm_idx',
+                fields=['url'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='website_title_trgm_idx',
+                fields=['title'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 普通唯一约束：url + target 组合唯一
@@ -308,6 +349,12 @@ class Directory(models.Model):
            models.Index(fields=['target']),     # 优化从target_id快速查找下面的目录
            models.Index(fields=['url']),        # URL索引，优化搜索和唯一约束
            models.Index(fields=['status']),     # 状态码索引，优化筛选
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='directory_url_trgm_idx',
+                fields=['url'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 普通唯一约束：target + url 组合唯一
--- a/backend/apps/asset/models/snapshot_models.py
+++ b/backend/apps/asset/models/snapshot_models.py
@@ -1,5 +1,6 @@
 from django.db import models
 from django.contrib.postgres.fields import ArrayField
+from django.contrib.postgres.indexes import GinIndex
 from django.core.validators import MinValueValidator, MaxValueValidator


@@ -26,6 +27,12 @@ class SubdomainSnapshot(models.Model):
            models.Index(fields=['scan']),
            models.Index(fields=['name']),
            models.Index(fields=['-created_at']),
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='subdomain_snap_name_trgm',
+                fields=['name'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 唯一约束：同一次扫描中，同一个子域名只能记录一次
@@ -54,22 +61,27 @@ class WebsiteSnapshot(models.Model):
    )
    
    # 扫描结果数据
-    url = models.CharField(max_length=2000, help_text='站点URL')
+    url = models.TextField(help_text='站点URL')
    host = models.CharField(max_length=253, blank=True, default='', help_text='主机名（域名或IP地址）')
-    title = models.CharField(max_length=500, blank=True, default='', help_text='页面标题')
-    status = models.IntegerField(null=True, blank=True, help_text='HTTP状态码')
+    title = models.TextField(blank=True, default='', help_text='页面标题')
+    status_code = models.IntegerField(null=True, blank=True, help_text='HTTP状态码')
    content_length = models.BigIntegerField(null=True, blank=True, help_text='内容长度')
-    location = models.CharField(max_length=1000, blank=True, default='', help_text='重定向位置')
-    web_server = models.CharField(max_length=200, blank=True, default='', help_text='Web服务器')
-    content_type = models.CharField(max_length=200, blank=True, default='', help_text='内容类型')
+    location = models.TextField(blank=True, default='', help_text='重定向位置')
+    webserver = models.TextField(blank=True, default='', help_text='Web服务器')
+    content_type = models.TextField(blank=True, default='', help_text='内容类型')
    tech = ArrayField(
        models.CharField(max_length=100),
        blank=True,
        default=list,
        help_text='技术栈'
    )
-    body_preview = models.TextField(blank=True, default='', help_text='响应体预览')
+    response_body = models.TextField(blank=True, default='', help_text='HTTP响应体')
    vhost = models.BooleanField(null=True, blank=True, help_text='虚拟主机标志')
+    response_headers = models.TextField(
+        blank=True,
+        default='',
+        help_text='原始HTTP响应头'
+    )
    created_at = models.DateTimeField(auto_now_add=True, help_text='创建时间')

    class Meta:
@@ -83,6 +95,23 @@ class WebsiteSnapshot(models.Model):
            models.Index(fields=['host']),  # host索引，优化根据主机名查询
            models.Index(fields=['title']),  # title索引，优化标题搜索
            models.Index(fields=['-created_at']),
+            GinIndex(fields=['tech']),  # GIN索引，优化数组字段查询
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='ws_snap_resp_hdr_trgm',
+                fields=['response_headers'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='ws_snap_url_trgm',
+                fields=['url'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='ws_snap_title_trgm',
+                fields=['title'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 唯一约束：同一次扫描中，同一个URL只能记录一次
@@ -132,6 +161,12 @@ class DirectorySnapshot(models.Model):
            models.Index(fields=['status']),  # 状态码索引，优化筛选
            models.Index(fields=['content_type']),  # content_type索引，优化内容类型搜索
            models.Index(fields=['-created_at']),
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='dir_snap_url_trgm',
+                fields=['url'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 唯一约束：同一次扫描中，同一个目录URL只能记录一次
@@ -232,26 +267,26 @@ class EndpointSnapshot(models.Model):
    )
    
    # 扫描结果数据
-    url = models.CharField(max_length=2000, help_text='端点URL')
+    url = models.TextField(help_text='端点URL')
    host = models.CharField(
        max_length=253,
        blank=True,
        default='',
        help_text='主机名（域名或IP地址）'
    )
-    title = models.CharField(max_length=1000, blank=True, default='', help_text='页面标题')
+    title = models.TextField(blank=True, default='', help_text='页面标题')
    status_code = models.IntegerField(null=True, blank=True, help_text='HTTP状态码')
    content_length = models.IntegerField(null=True, blank=True, help_text='内容长度')
-    location = models.CharField(max_length=1000, blank=True, default='', help_text='重定向位置')
-    webserver = models.CharField(max_length=200, blank=True, default='', help_text='Web服务器')
-    content_type = models.CharField(max_length=200, blank=True, default='', help_text='内容类型')
+    location = models.TextField(blank=True, default='', help_text='重定向位置')
+    webserver = models.TextField(blank=True, default='', help_text='Web服务器')
+    content_type = models.TextField(blank=True, default='', help_text='内容类型')
    tech = ArrayField(
        models.CharField(max_length=100),
        blank=True,
        default=list,
        help_text='技术栈'
    )
-    body_preview = models.CharField(max_length=1000, blank=True, default='', help_text='响应体预览')
+    response_body = models.TextField(blank=True, default='', help_text='HTTP响应体')
    vhost = models.BooleanField(null=True, blank=True, help_text='虚拟主机标志')
    matched_gf_patterns = ArrayField(
        models.CharField(max_length=100),
@@ -259,6 +294,11 @@ class EndpointSnapshot(models.Model):
        default=list,
        help_text='匹配的GF模式列表'
    )
+    response_headers = models.TextField(
+        blank=True,
+        default='',
+        help_text='原始HTTP响应头'
+    )
    created_at = models.DateTimeField(auto_now_add=True, help_text='创建时间')

    class Meta:
@@ -274,6 +314,23 @@ class EndpointSnapshot(models.Model):
            models.Index(fields=['status_code']),  # 状态码索引，优化筛选
            models.Index(fields=['webserver']),  # webserver索引，优化服务器搜索
            models.Index(fields=['-created_at']),
+            GinIndex(fields=['tech']),  # GIN索引，优化数组字段查询
+            # pg_trgm GIN 索引，支持 LIKE '%keyword%' 模糊搜索
+            GinIndex(
+                name='ep_snap_resp_hdr_trgm',
+                fields=['response_headers'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='ep_snap_url_trgm',
+                fields=['url'],
+                opclasses=['gin_trgm_ops']
+            ),
+            GinIndex(
+                name='ep_snap_title_trgm',
+                fields=['title'],
+                opclasses=['gin_trgm_ops']
+            ),
        ]
        constraints = [
            # 唯一约束：同一次扫描中，同一个URL只能记录一次
--- a/backend/apps/asset/repositories/asset/endpoint_repository.py
+++ b/backend/apps/asset/repositories/asset/endpoint_repository.py
@@ -48,12 +48,13 @@ class DjangoEndpointRepository:
                    status_code=item.status_code,
                    content_length=item.content_length,
                    webserver=item.webserver or '',
-                    body_preview=item.body_preview or '',
+                    response_body=item.response_body or '',
                    content_type=item.content_type or '',
                    tech=item.tech if item.tech else [],
                    vhost=item.vhost,
                    location=item.location or '',
-                    matched_gf_patterns=item.matched_gf_patterns if item.matched_gf_patterns else []
+                    matched_gf_patterns=item.matched_gf_patterns if item.matched_gf_patterns else [],
+                    response_headers=item.response_headers if item.response_headers else ''
                )
                for item in unique_items
            ]
@@ -65,8 +66,8 @@ class DjangoEndpointRepository:
                    unique_fields=['url', 'target'],
                    update_fields=[
                        'host', 'title', 'status_code', 'content_length',
-                        'webserver', 'body_preview', 'content_type', 'tech',
-                        'vhost', 'location', 'matched_gf_patterns'
+                        'webserver', 'response_body', 'content_type', 'tech',
+                        'vhost', 'location', 'matched_gf_patterns', 'response_headers'
                    ],
                    batch_size=1000
                )
@@ -138,12 +139,13 @@ class DjangoEndpointRepository:
                    status_code=item.status_code,
                    content_length=item.content_length,
                    webserver=item.webserver or '',
-                    body_preview=item.body_preview or '',
+                    response_body=item.response_body or '',
                    content_type=item.content_type or '',
                    tech=item.tech if item.tech else [],
                    vhost=item.vhost,
                    location=item.location or '',
-                    matched_gf_patterns=item.matched_gf_patterns if item.matched_gf_patterns else []
+                    matched_gf_patterns=item.matched_gf_patterns if item.matched_gf_patterns else [],
+                    response_headers=item.response_headers if item.response_headers else ''
                )
                for item in unique_items
            ]
@@ -183,7 +185,7 @@ class DjangoEndpointRepository:
            .values(
                'url', 'host', 'location', 'title', 'status_code',
                'content_length', 'content_type', 'webserver', 'tech',
-                'body_preview', 'vhost', 'matched_gf_patterns', 'created_at'
+                'response_body', 'response_headers', 'vhost', 'matched_gf_patterns', 'created_at'
            )
            .order_by('url')
        )
--- a/backend/apps/asset/repositories/asset/website_repository.py
+++ b/backend/apps/asset/repositories/asset/website_repository.py
@@ -49,12 +49,13 @@ class DjangoWebSiteRepository:
                    location=item.location or '',
                    title=item.title or '',
                    webserver=item.webserver or '',
-                    body_preview=item.body_preview or '',
+                    response_body=item.response_body or '',
                    content_type=item.content_type or '',
                    tech=item.tech if item.tech else [],
                    status_code=item.status_code,
                    content_length=item.content_length,
-                    vhost=item.vhost
+                    vhost=item.vhost,
+                    response_headers=item.response_headers if item.response_headers else ''
                )
                for item in unique_items
            ]
@@ -66,8 +67,8 @@ class DjangoWebSiteRepository:
                    unique_fields=['url', 'target'],
                    update_fields=[
                        'host', 'location', 'title', 'webserver',
-                        'body_preview', 'content_type', 'tech',
-                        'status_code', 'content_length', 'vhost'
+                        'response_body', 'content_type', 'tech',
+                        'status_code', 'content_length', 'vhost', 'response_headers'
                    ],
                    batch_size=1000
                )
@@ -132,12 +133,13 @@ class DjangoWebSiteRepository:
                    location=item.location or '',
                    title=item.title or '',
                    webserver=item.webserver or '',
-                    body_preview=item.body_preview or '',
+                    response_body=item.response_body or '',
                    content_type=item.content_type or '',
                    tech=item.tech if item.tech else [],
                    status_code=item.status_code,
                    content_length=item.content_length,
-                    vhost=item.vhost
+                    vhost=item.vhost,
+                    response_headers=item.response_headers if item.response_headers else ''
                )
                for item in unique_items
            ]
@@ -177,7 +179,7 @@ class DjangoWebSiteRepository:
            .values(
                'url', 'host', 'location', 'title', 'status_code',
                'content_length', 'content_type', 'webserver', 'tech',
-                'body_preview', 'vhost', 'created_at'
+                'response_body', 'response_headers', 'vhost', 'created_at'
            )
            .order_by('url')
        )
--- a/backend/apps/asset/repositories/snapshot/endpoint_snapshot_repository.py
+++ b/backend/apps/asset/repositories/snapshot/endpoint_snapshot_repository.py
@@ -44,6 +44,7 @@ class DjangoEndpointSnapshotRepository:
                snapshots.append(EndpointSnapshot(
                    scan_id=item.scan_id,
                    url=item.url,
+                    host=item.host if item.host else '',
                    title=item.title,
                    status_code=item.status_code,
                    content_length=item.content_length,
@@ -51,9 +52,10 @@ class DjangoEndpointSnapshotRepository:
                    webserver=item.webserver,
                    content_type=item.content_type,
                    tech=item.tech if item.tech else [],
-                    body_preview=item.body_preview,
+                    response_body=item.response_body,
                    vhost=item.vhost,
-                    matched_gf_patterns=item.matched_gf_patterns if item.matched_gf_patterns else []
+                    matched_gf_patterns=item.matched_gf_patterns if item.matched_gf_patterns else [],
+                    response_headers=item.response_headers if item.response_headers else ''
                ))
            
            # 批量创建（忽略冲突，基于唯一约束去重）
@@ -100,7 +102,7 @@ class DjangoEndpointSnapshotRepository:
            .values(
                'url', 'host', 'location', 'title', 'status_code',
                'content_length', 'content_type', 'webserver', 'tech',
-                'body_preview', 'vhost', 'matched_gf_patterns', 'created_at'
+                'response_body', 'response_headers', 'vhost', 'matched_gf_patterns', 'created_at'
            )
            .order_by('url')
        )
--- a/backend/apps/asset/repositories/snapshot/website_snapshot_repository.py
+++ b/backend/apps/asset/repositories/snapshot/website_snapshot_repository.py
@@ -46,14 +46,15 @@ class DjangoWebsiteSnapshotRepository:
                    url=item.url,
                    host=item.host,
                    title=item.title,
-                    status=item.status,
+                    status_code=item.status_code,
                    content_length=item.content_length,
                    location=item.location,
-                    web_server=item.web_server,
+                    webserver=item.webserver,
                    content_type=item.content_type,
                    tech=item.tech if item.tech else [],
-                    body_preview=item.body_preview,
-                    vhost=item.vhost
+                    response_body=item.response_body,
+                    vhost=item.vhost,
+                    response_headers=item.response_headers if item.response_headers else ''
                ))
            
            # 批量创建（忽略冲突，基于唯一约束去重）
@@ -98,26 +99,12 @@ class DjangoWebsiteSnapshotRepository:
            WebsiteSnapshot.objects
            .filter(scan_id=scan_id)
            .values(
-                'url', 'host', 'location', 'title', 'status',
-                'content_length', 'content_type', 'web_server', 'tech',
-                'body_preview', 'vhost', 'created_at'
+                'url', 'host', 'location', 'title', 'status_code',
+                'content_length', 'content_type', 'webserver', 'tech',
+                'response_body', 'response_headers', 'vhost', 'created_at'
            )
            .order_by('url')
        )
        
        for row in qs.iterator(chunk_size=batch_size):
-            # 重命名字段以匹配 CSV 表头
-            yield {
-                'url': row['url'],
-                'host': row['host'],
-                'location': row['location'],
-                'title': row['title'],
-                'status_code': row['status'],
-                'content_length': row['content_length'],
-                'content_type': row['content_type'],
-                'webserver': row['web_server'],
-                'tech': row['tech'],
-                'body_preview': row['body_preview'],
-                'vhost': row['vhost'],
-                'created_at': row['created_at'],
-            }
+            yield row
--- a/backend/apps/asset/serializers.py
+++ b/backend/apps/asset/serializers.py
@@ -67,9 +67,10 @@ class SubdomainListSerializer(serializers.ModelSerializer):


 class WebSiteSerializer(serializers.ModelSerializer):
-    """站点序列化器"""
+    """站点序列化器（目标详情页）"""
    
    subdomain = serializers.CharField(source='subdomain.name', allow_blank=True, default='')
+    responseHeaders = serializers.CharField(source='response_headers', read_only=True)  # 原始HTTP响应头
    
    class Meta:
        model = WebSite
@@ -83,9 +84,10 @@ class WebSiteSerializer(serializers.ModelSerializer):
            'content_type',
            'status_code',
            'content_length',
-            'body_preview',
+            'response_body',
            'tech',
            'vhost',
+            'responseHeaders',  # HTTP响应头
            'subdomain',
            'created_at',
        ]
@@ -140,6 +142,7 @@ class EndpointListSerializer(serializers.ModelSerializer):
        source='matched_gf_patterns',
        read_only=True,
    )
+    responseHeaders = serializers.CharField(source='response_headers', read_only=True)  # 原始HTTP响应头

    class Meta:
        model = Endpoint
@@ -152,9 +155,10 @@ class EndpointListSerializer(serializers.ModelSerializer):
            'content_length',
            'content_type',
            'webserver',
-            'body_preview',
+            'response_body',
            'tech',
            'vhost',
+            'responseHeaders',  # HTTP响应头
            'gfPatterns',
            'created_at',
        ]
@@ -213,8 +217,7 @@ class WebsiteSnapshotSerializer(serializers.ModelSerializer):
    """网站快照序列化器（用于扫描历史）"""
    
    subdomain_name = serializers.CharField(source='subdomain.name', read_only=True)
-    webserver = serializers.CharField(source='web_server', read_only=True)  # 映射字段名
-    status_code = serializers.IntegerField(source='status', read_only=True)  # 映射字段名
+    responseHeaders = serializers.CharField(source='response_headers', read_only=True)  # 原始HTTP响应头
    
    class Meta:
        model = WebsiteSnapshot
@@ -223,13 +226,14 @@ class WebsiteSnapshotSerializer(serializers.ModelSerializer):
            'url',
            'location',
            'title',
-            'webserver',  # 使用映射后的字段名
+            'webserver',
            'content_type',
-            'status_code',  # 使用映射后的字段名
+            'status_code',
            'content_length',
-            'body_preview',
+            'response_body',
            'tech',
            'vhost',
+            'responseHeaders',  # HTTP响应头
            'subdomain_name',
            'created_at',
        ]
@@ -264,6 +268,7 @@ class EndpointSnapshotSerializer(serializers.ModelSerializer):
        source='matched_gf_patterns',
        read_only=True,
    )
+    responseHeaders = serializers.CharField(source='response_headers', read_only=True)  # 原始HTTP响应头

    class Meta:
        model = EndpointSnapshot
@@ -277,9 +282,10 @@ class EndpointSnapshotSerializer(serializers.ModelSerializer):
            'content_type',
            'status_code',
            'content_length',
-            'body_preview',
+            'response_body',
            'tech',
            'vhost',
+            'responseHeaders',  # HTTP响应头
            'gfPatterns',
            'created_at',
        ]
--- a/backend/apps/asset/services/asset/endpoint_service.py
+++ b/backend/apps/asset/services/asset/endpoint_service.py
@@ -27,7 +27,8 @@ class EndpointService:
        'url': 'url',
        'host': 'host',
        'title': 'title',
-        'status': 'status_code',
+        'status_code': 'status_code',
+        'tech': 'tech',
    }
    
    def __init__(self):
@@ -115,7 +116,7 @@ class EndpointService:
        """获取目标下的所有端点"""
        queryset = self.repo.get_by_target(target_id)
        if filter_query:
-            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING)
+            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING, json_array_fields=['tech'])
        return queryset
    
    def count_endpoints_by_target(self, target_id: int) -> int:
@@ -134,7 +135,7 @@ class EndpointService:
        """获取所有端点（全局查询）"""
        queryset = self.repo.get_all()
        if filter_query:
-            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING)
+            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING, json_array_fields=['tech'])
        return queryset
    
    def iter_endpoint_urls_by_target(self, target_id: int, chunk_size: int = 1000) -> Iterator[str]:
--- a/backend/apps/asset/services/asset/website_service.py
+++ b/backend/apps/asset/services/asset/website_service.py
@@ -19,7 +19,8 @@ class WebSiteService:
        'url': 'url',
        'host': 'host',
        'title': 'title',
-        'status': 'status_code',
+        'status_code': 'status_code',
+        'tech': 'tech',
    }
    
    def __init__(self, repository=None):
@@ -107,14 +108,14 @@ class WebSiteService:
        """获取目标下的所有网站"""
        queryset = self.repo.get_by_target(target_id)
        if filter_query:
-            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING)
+            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING, json_array_fields=['tech'])
        return queryset
    
    def get_all(self, filter_query: Optional[str] = None):
        """获取所有网站"""
        queryset = self.repo.get_all()
        if filter_query:
-            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING)
+            queryset = apply_filters(queryset, filter_query, self.FILTER_FIELD_MAPPING, json_array_fields=['tech'])
        return queryset
    
    def get_by_url(self, url: str, target_id: int) -> int:
--- a/backend/apps/asset/services/search_service.py
+++ b/backend/apps/asset/services/search_service.py
@@ -0,0 +1,439 @@
+"""
+资产搜索服务
+
+提供资产搜索的核心业务逻辑：
+- 从物化视图查询数据
+- 支持表达式语法解析
+- 支持 =（模糊）、==（精确）、!=（不等于）操作符
+- 支持 && (AND) 和 || (OR) 逻辑组合
+- 支持 Website 和 Endpoint 两种资产类型
+"""
+
+import logging
+import re
+from typing import Optional, List, Dict, Any, Tuple, Literal
+
+from django.db import connection
+
+logger = logging.getLogger(__name__)
+
+# 支持的字段映射（前端字段名 -> 数据库字段名）
+FIELD_MAPPING = {
+    'host': 'host',
+    'url': 'url',
+    'title': 'title',
+    'tech': 'tech',
+    'status': 'status_code',
+    'body': 'response_body',
+    'header': 'response_headers',
+}
+
+# 数组类型字段
+ARRAY_FIELDS = {'tech'}
+
+# 资产类型到视图名的映射
+VIEW_MAPPING = {
+    'website': 'asset_search_view',
+    'endpoint': 'endpoint_search_view',
+}
+
+# 有效的资产类型
+VALID_ASSET_TYPES = {'website', 'endpoint'}
+
+# Website 查询字段
+WEBSITE_SELECT_FIELDS = """
+    id,
+    url,
+    host,
+    title,
+    tech,
+    status_code,
+    response_headers,
+    response_body,
+    content_type,
+    content_length,
+    webserver,
+    location,
+    vhost,
+    created_at,
+    target_id
+"""
+
+# Endpoint 查询字段（包含 matched_gf_patterns）
+ENDPOINT_SELECT_FIELDS = """
+    id,
+    url,
+    host,
+    title,
+    tech,
+    status_code,
+    response_headers,
+    response_body,
+    content_type,
+    content_length,
+    webserver,
+    location,
+    vhost,
+    matched_gf_patterns,
+    created_at,
+    target_id
+"""
+
+
+class SearchQueryParser:
+    """
+    搜索查询解析器
+    
+    支持语法：
+    - field="value"     模糊匹配（ILIKE %value%）
+    - field=="value"    精确匹配
+    - field!="value"    不等于
+    - &&                AND 连接
+    - ||                OR 连接
+    - ()                分组（暂不支持嵌套）
+    
+    示例：
+    - host="api" && tech="nginx"
+    - tech="vue" || tech="react"
+    - status=="200" && host!="test"
+    """
+    
+    # 匹配单个条件: field="value" 或 field=="value" 或 field!="value"
+    CONDITION_PATTERN = re.compile(r'(\w+)\s*(==|!=|=)\s*"([^"]*)"')
+    
+    @classmethod
+    def parse(cls, query: str) -> Tuple[str, List[Any]]:
+        """
+        解析查询字符串，返回 SQL WHERE 子句和参数
+        
+        Args:
+            query: 搜索查询字符串
+        
+        Returns:
+            (where_clause, params) 元组
+        """
+        if not query or not query.strip():
+            return "1=1", []
+        
+        query = query.strip()
+        
+        # 检查是否包含操作符语法，如果不包含则作为 host 模糊搜索
+        if not cls.CONDITION_PATTERN.search(query):
+            # 裸文本，默认作为 host 模糊搜索
+            return "host ILIKE %s", [f"%{query}%"]
+        
+        # 按 || 分割为 OR 组
+        or_groups = cls._split_by_or(query)
+        
+        if len(or_groups) == 1:
+            # 没有 OR，直接解析 AND 条件
+            return cls._parse_and_group(or_groups[0])
+        
+        # 多个 OR 组
+        or_clauses = []
+        all_params = []
+        
+        for group in or_groups:
+            clause, params = cls._parse_and_group(group)
+            if clause and clause != "1=1":
+                or_clauses.append(f"({clause})")
+                all_params.extend(params)
+        
+        if not or_clauses:
+            return "1=1", []
+        
+        return " OR ".join(or_clauses), all_params
+    
+    @classmethod
+    def _split_by_or(cls, query: str) -> List[str]:
+        """按 || 分割查询，但忽略引号内的 ||"""
+        parts = []
+        current = ""
+        in_quotes = False
+        i = 0
+        
+        while i < len(query):
+            char = query[i]
+            
+            if char == '"':
+                in_quotes = not in_quotes
+                current += char
+            elif not in_quotes and i + 1 < len(query) and query[i:i+2] == '||':
+                if current.strip():
+                    parts.append(current.strip())
+                current = ""
+                i += 1  # 跳过第二个 |
+            else:
+                current += char
+            
+            i += 1
+        
+        if current.strip():
+            parts.append(current.strip())
+        
+        return parts if parts else [query]
+    
+    @classmethod
+    def _parse_and_group(cls, group: str) -> Tuple[str, List[Any]]:
+        """解析 AND 组（用 && 连接的条件）"""
+        # 移除外层括号
+        group = group.strip()
+        if group.startswith('(') and group.endswith(')'):
+            group = group[1:-1].strip()
+        
+        # 按 && 分割
+        parts = cls._split_by_and(group)
+        
+        and_clauses = []
+        all_params = []
+        
+        for part in parts:
+            clause, params = cls._parse_condition(part.strip())
+            if clause:
+                and_clauses.append(clause)
+                all_params.extend(params)
+        
+        if not and_clauses:
+            return "1=1", []
+        
+        return " AND ".join(and_clauses), all_params
+    
+    @classmethod
+    def _split_by_and(cls, query: str) -> List[str]:
+        """按 && 分割查询，但忽略引号内的 &&"""
+        parts = []
+        current = ""
+        in_quotes = False
+        i = 0
+        
+        while i < len(query):
+            char = query[i]
+            
+            if char == '"':
+                in_quotes = not in_quotes
+                current += char
+            elif not in_quotes and i + 1 < len(query) and query[i:i+2] == '&&':
+                if current.strip():
+                    parts.append(current.strip())
+                current = ""
+                i += 1  # 跳过第二个 &
+            else:
+                current += char
+            
+            i += 1
+        
+        if current.strip():
+            parts.append(current.strip())
+        
+        return parts if parts else [query]
+    
+    @classmethod
+    def _parse_condition(cls, condition: str) -> Tuple[Optional[str], List[Any]]:
+        """
+        解析单个条件
+        
+        Returns:
+            (sql_clause, params) 或 (None, []) 如果解析失败
+        """
+        # 移除括号
+        condition = condition.strip()
+        if condition.startswith('(') and condition.endswith(')'):
+            condition = condition[1:-1].strip()
+        
+        match = cls.CONDITION_PATTERN.match(condition)
+        if not match:
+            logger.warning(f"无法解析条件: {condition}")
+            return None, []
+        
+        field, operator, value = match.groups()
+        field = field.lower()
+        
+        # 验证字段
+        if field not in FIELD_MAPPING:
+            logger.warning(f"未知字段: {field}")
+            return None, []
+        
+        db_field = FIELD_MAPPING[field]
+        is_array = field in ARRAY_FIELDS
+        
+        # 根据操作符生成 SQL
+        if operator == '=':
+            # 模糊匹配
+            return cls._build_like_condition(db_field, value, is_array)
+        elif operator == '==':
+            # 精确匹配
+            return cls._build_exact_condition(db_field, value, is_array)
+        elif operator == '!=':
+            # 不等于
+            return cls._build_not_equal_condition(db_field, value, is_array)
+        
+        return None, []
+    
+    @classmethod
+    def _build_like_condition(cls, field: str, value: str, is_array: bool) -> Tuple[str, List[Any]]:
+        """构建模糊匹配条件"""
+        if is_array:
+            # 数组字段：检查数组中是否有元素包含该值
+            return f"EXISTS (SELECT 1 FROM unnest({field}) AS t WHERE t ILIKE %s)", [f"%{value}%"]
+        elif field == 'status_code':
+            # 状态码是整数，模糊匹配转为精确匹配
+            try:
+                return f"{field} = %s", [int(value)]
+            except ValueError:
+                return f"{field}::text ILIKE %s", [f"%{value}%"]
+        else:
+            return f"{field} ILIKE %s", [f"%{value}%"]
+    
+    @classmethod
+    def _build_exact_condition(cls, field: str, value: str, is_array: bool) -> Tuple[str, List[Any]]:
+        """构建精确匹配条件"""
+        if is_array:
+            # 数组字段：检查数组中是否包含该精确值
+            return f"%s = ANY({field})", [value]
+        elif field == 'status_code':
+            # 状态码是整数
+            try:
+                return f"{field} = %s", [int(value)]
+            except ValueError:
+                return f"{field}::text = %s", [value]
+        else:
+            return f"{field} = %s", [value]
+    
+    @classmethod
+    def _build_not_equal_condition(cls, field: str, value: str, is_array: bool) -> Tuple[str, List[Any]]:
+        """构建不等于条件"""
+        if is_array:
+            # 数组字段：检查数组中不包含该值
+            return f"NOT (%s = ANY({field}))", [value]
+        elif field == 'status_code':
+            try:
+                return f"({field} IS NULL OR {field} != %s)", [int(value)]
+            except ValueError:
+                return f"({field} IS NULL OR {field}::text != %s)", [value]
+        else:
+            return f"({field} IS NULL OR {field} != %s)", [value]
+
+
+AssetType = Literal['website', 'endpoint']
+
+
+class AssetSearchService:
+    """资产搜索服务"""
+    
+    def search(
+        self, 
+        query: str, 
+        asset_type: AssetType = 'website',
+        limit: Optional[int] = None
+    ) -> List[Dict[str, Any]]:
+        """
+        搜索资产
+        
+        Args:
+            query: 搜索查询字符串
+            asset_type: 资产类型 ('website' 或 'endpoint')
+            limit: 最大返回数量（可选）
+        
+        Returns:
+            List[Dict]: 搜索结果列表
+        """
+        where_clause, params = SearchQueryParser.parse(query)
+        
+        # 根据资产类型选择视图和字段
+        view_name = VIEW_MAPPING.get(asset_type, 'asset_search_view')
+        select_fields = ENDPOINT_SELECT_FIELDS if asset_type == 'endpoint' else WEBSITE_SELECT_FIELDS
+        
+        sql = f"""
+            SELECT {select_fields}
+            FROM {view_name}
+            WHERE {where_clause}
+            ORDER BY created_at DESC
+        """
+        
+        # 添加 LIMIT
+        if limit is not None and limit > 0:
+            sql += f" LIMIT {int(limit)}"
+        
+        try:
+            with connection.cursor() as cursor:
+                cursor.execute(sql, params)
+                columns = [col[0] for col in cursor.description]
+                results = []
+                
+                for row in cursor.fetchall():
+                    result = dict(zip(columns, row))
+                    results.append(result)
+                
+                return results
+        except Exception as e:
+            logger.error(f"搜索查询失败: {e}, SQL: {sql}, params: {params}")
+            raise
+    
+    def count(self, query: str, asset_type: AssetType = 'website') -> int:
+        """
+        统计搜索结果数量
+        
+        Args:
+            query: 搜索查询字符串
+            asset_type: 资产类型 ('website' 或 'endpoint')
+        
+        Returns:
+            int: 结果总数
+        """
+        where_clause, params = SearchQueryParser.parse(query)
+        
+        # 根据资产类型选择视图
+        view_name = VIEW_MAPPING.get(asset_type, 'asset_search_view')
+        
+        sql = f"SELECT COUNT(*) FROM {view_name} WHERE {where_clause}"
+        
+        try:
+            with connection.cursor() as cursor:
+                cursor.execute(sql, params)
+                return cursor.fetchone()[0]
+        except Exception as e:
+            logger.error(f"统计查询失败: {e}")
+            raise
+    
+    def search_iter(
+        self, 
+        query: str, 
+        asset_type: AssetType = 'website',
+        batch_size: int = 1000
+    ):
+        """
+        流式搜索资产（使用服务端游标，内存友好）
+        
+        Args:
+            query: 搜索查询字符串
+            asset_type: 资产类型 ('website' 或 'endpoint')
+            batch_size: 每批获取的数量
+        
+        Yields:
+            Dict: 单条搜索结果
+        """
+        where_clause, params = SearchQueryParser.parse(query)
+        
+        # 根据资产类型选择视图和字段
+        view_name = VIEW_MAPPING.get(asset_type, 'asset_search_view')
+        select_fields = ENDPOINT_SELECT_FIELDS if asset_type == 'endpoint' else WEBSITE_SELECT_FIELDS
+        
+        sql = f"""
+            SELECT {select_fields}
+            FROM {view_name}
+            WHERE {where_clause}
+            ORDER BY created_at DESC
+        """
+        
+        try:
+            # 使用服务端游标，避免一次性加载所有数据到内存
+            with connection.cursor(name='export_cursor') as cursor:
+                cursor.itersize = batch_size
+                cursor.execute(sql, params)
+                columns = [col[0] for col in cursor.description]
+                
+                for row in cursor:
+                    yield dict(zip(columns, row))
+        except Exception as e:
+            logger.error(f"流式搜索查询失败: {e}, SQL: {sql}, params: {params}")
+            raise
--- a/backend/apps/asset/services/snapshot/endpoint_snapshots_service.py
+++ b/backend/apps/asset/services/snapshot/endpoint_snapshots_service.py
@@ -72,7 +72,7 @@ class EndpointSnapshotsService:
        'url': 'url',
        'host': 'host',
        'title': 'title',
-        'status': 'status_code',
+        'status_code': 'status_code',
        'webserver': 'webserver',
        'tech': 'tech',
    }
--- a/backend/apps/asset/services/snapshot/website_snapshots_service.py
+++ b/backend/apps/asset/services/snapshot/website_snapshots_service.py
@@ -73,8 +73,8 @@ class WebsiteSnapshotsService:
        'url': 'url',
        'host': 'host',
        'title': 'title',
-        'status': 'status',
-        'webserver': 'web_server',
+        'status_code': 'status_code',
+        'webserver': 'webserver',
        'tech': 'tech',
    }
    
--- a/backend/apps/asset/tasks/init.py
+++ b/backend/apps/asset/tasks/init.py
@@ -0,0 +1,7 @@
+"""
+Asset 应用的任务模块
+
+注意：物化视图刷新已移至 APScheduler 定时任务（apps.engine.scheduler）
+"""
+
+__all__ = []
--- a/backend/apps/asset/urls.py
+++ b/backend/apps/asset/urls.py
@@ -10,6 +10,8 @@ from .views import (
    DirectoryViewSet,
    VulnerabilityViewSet,
    AssetStatisticsViewSet,
+    AssetSearchView,
+    AssetSearchExportView,
 )

 # 创建 DRF 路由器
@@ -25,4 +27,6 @@ router.register(r'statistics', AssetStatisticsViewSet, basename='asset-statistic

 urlpatterns = [
    path('assets/', include(router.urls)),
+    path('assets/search/', AssetSearchView.as_view(), name='asset-search'),
+    path('assets/search/export/', AssetSearchExportView.as_view(), name='asset-search-export'),
 ]
--- a/backend/apps/asset/views/init.py
+++ b/backend/apps/asset/views/init.py
@@ -0,0 +1,40 @@
+"""
+Asset 应用视图模块
+
+重新导出所有视图类以保持向后兼容
+"""
+
+from .asset_views import (
+    AssetStatisticsViewSet,
+    SubdomainViewSet,
+    WebSiteViewSet,
+    DirectoryViewSet,
+    EndpointViewSet,
+    HostPortMappingViewSet,
+    VulnerabilityViewSet,
+    SubdomainSnapshotViewSet,
+    WebsiteSnapshotViewSet,
+    DirectorySnapshotViewSet,
+    EndpointSnapshotViewSet,
+    HostPortMappingSnapshotViewSet,
+    VulnerabilitySnapshotViewSet,
+)
+from .search_views import AssetSearchView, AssetSearchExportView
+
+__all__ = [
+    'AssetStatisticsViewSet',
+    'SubdomainViewSet',
+    'WebSiteViewSet',
+    'DirectoryViewSet',
+    'EndpointViewSet',
+    'HostPortMappingViewSet',
+    'VulnerabilityViewSet',
+    'SubdomainSnapshotViewSet',
+    'WebsiteSnapshotViewSet',
+    'DirectorySnapshotViewSet',
+    'EndpointSnapshotViewSet',
+    'HostPortMappingSnapshotViewSet',
+    'VulnerabilitySnapshotViewSet',
+    'AssetSearchView',
+    'AssetSearchExportView',
+]
--- a/backend/apps/asset/views/asset_views.py
+++ b/backend/apps/asset/views/asset_views.py
@@ -2,23 +2,25 @@ import logging
 from rest_framework import viewsets, status, filters
 from rest_framework.decorators import action
 from rest_framework.response import Response
+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
 from rest_framework.request import Request
 from rest_framework.exceptions import NotFound, ValidationError as DRFValidationError
 from django.core.exceptions import ValidationError, ObjectDoesNotExist
 from django.db import DatabaseError, IntegrityError, OperationalError
 from django.http import StreamingHttpResponse

-from .serializers import (
+from ..serializers import (
    SubdomainListSerializer, WebSiteSerializer, DirectorySerializer, 
    VulnerabilitySerializer, EndpointListSerializer, IPAddressAggregatedSerializer,
    SubdomainSnapshotSerializer, WebsiteSnapshotSerializer, DirectorySnapshotSerializer,
    EndpointSnapshotSerializer, VulnerabilitySnapshotSerializer
 )
-from .services import (
+from ..services import (
    SubdomainService, WebSiteService, DirectoryService, 
    VulnerabilityService, AssetStatisticsService, EndpointService, HostPortMappingService
 )
-from .services.snapshot import (
+from ..services.snapshot import (
    SubdomainSnapshotsService, WebsiteSnapshotsService, DirectorySnapshotsService,
    EndpointSnapshotsService, HostPortMappingSnapshotsService, VulnerabilitySnapshotsService
 )
@@ -57,7 +59,7 @@ class AssetStatisticsViewSet(viewsets.ViewSet):
        """
        try:
            stats = self.service.get_statistics()
-            return Response({
+            return success_response(data={
                'totalTargets': stats['total_targets'],
                'totalSubdomains': stats['total_subdomains'],
                'totalIps': stats['total_ips'],
@@ -80,9 +82,10 @@ class AssetStatisticsViewSet(viewsets.ViewSet):
            })
        except (DatabaseError, OperationalError) as e:
            logger.exception("获取资产统计数据失败")
-            return Response(
-                {'error': '获取统计数据失败'},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Failed to get statistics',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
            )

    @action(detail=False, methods=['get'], url_path='history')
@@ -107,12 +110,13 @@ class AssetStatisticsViewSet(viewsets.ViewSet):
            days = min(max(days, 1), 90)  # 限制在 1-90 天
            
            history = self.service.get_statistics_history(days=days)
-            return Response(history)
+            return success_response(data=history)
        except (DatabaseError, OperationalError) as e:
            logger.exception("获取统计历史数据失败")
-            return Response(
-                {'error': '获取历史数据失败'},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Failed to get history data',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
            )


@@ -164,45 +168,50 @@ class SubdomainViewSet(viewsets.ModelViewSet):
        
        响应:
        {
-            "message": "批量创建完成",
-            "createdCount": 10,
-            "skippedCount": 2,
-            "invalidCount": 1,
-            "mismatchedCount": 1,
-            "totalReceived": 14
+            "data": {
+                "createdCount": 10,
+                "skippedCount": 2,
+                "invalidCount": 1,
+                "mismatchedCount": 1,
+                "totalReceived": 14
+            }
        }
        """
        from apps.targets.models import Target
        
        target_pk = self.kwargs.get('target_pk')
        if not target_pk:
-            return Response(
-                {'error': '必须在目标下批量创建子域名'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Must create subdomains under a target',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 获取目标
        try:
            target = Target.objects.get(pk=target_pk)
        except Target.DoesNotExist:
-            return Response(
-                {'error': '目标不存在'},
-                status=status.HTTP_404_NOT_FOUND
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='Target not found',
+                status_code=status.HTTP_404_NOT_FOUND
            )
        
        # 验证目标类型必须为域名
        if target.type != Target.TargetType.DOMAIN:
-            return Response(
-                {'error': '只有域名类型的目标支持导入子域名'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Only domain type targets support subdomain import',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 获取请求体中的子域名列表
        subdomains = request.data.get('subdomains', [])
        if not subdomains or not isinstance(subdomains, list):
-            return Response(
-                {'error': '请求体不能为空或格式错误'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Request body cannot be empty or invalid format',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 调用 service 层处理
@@ -214,19 +223,19 @@ class SubdomainViewSet(viewsets.ModelViewSet):
            )
        except Exception as e:
            logger.exception("批量创建子域名失败")
-            return Response(
-                {'error': '服务器内部错误'},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Server internal error',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
            )
        
-        return Response({
-            'message': '批量创建完成',
+        return success_response(data={
            'createdCount': result.created_count,
            'skippedCount': result.skipped_count,
            'invalidCount': result.invalid_count,
            'mismatchedCount': result.mismatched_count,
            'totalReceived': result.total_received,
-        }, status=status.HTTP_200_OK)
+        })

    @action(detail=False, methods=['get'], url_path='export')
    def export(self, request, **kwargs):
@@ -265,6 +274,7 @@ class WebSiteViewSet(viewsets.ModelViewSet):
    - host="example"     主机名模糊匹配
    - title="login"      标题模糊匹配
    - status="200,301"   状态码多值匹配
+    - tech="nginx"       技术栈匹配（数组字段）
    - 多条件空格分隔     AND 关系
    """
    
@@ -299,35 +309,38 @@ class WebSiteViewSet(viewsets.ModelViewSet):
        
        响应:
        {
-            "message": "批量创建完成",
-            "createdCount": 10,
-            "mismatchedCount": 2
+            "data": {
+                "createdCount": 10
+            }
        }
        """
        from apps.targets.models import Target
        
        target_pk = self.kwargs.get('target_pk')
        if not target_pk:
-            return Response(
-                {'error': '必须在目标下批量创建网站'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Must create websites under a target',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 获取目标
        try:
            target = Target.objects.get(pk=target_pk)
        except Target.DoesNotExist:
-            return Response(
-                {'error': '目标不存在'},
-                status=status.HTTP_404_NOT_FOUND
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='Target not found',
+                status_code=status.HTTP_404_NOT_FOUND
            )
        
        # 获取请求体中的 URL 列表
        urls = request.data.get('urls', [])
        if not urls or not isinstance(urls, list):
-            return Response(
-                {'error': '请求体不能为空或格式错误'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Request body cannot be empty or invalid format',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 调用 service 层处理
@@ -340,21 +353,21 @@ class WebSiteViewSet(viewsets.ModelViewSet):
            )
        except Exception as e:
            logger.exception("批量创建网站失败")
-            return Response(
-                {'error': '服务器内部错误'},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Server internal error',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
            )
        
-        return Response({
-            'message': '批量创建完成',
+        return success_response(data={
            'createdCount': created_count,
-        }, status=status.HTTP_200_OK)
+        })

    @action(detail=False, methods=['get'], url_path='export')
    def export(self, request, **kwargs):
        """导出网站为 CSV 格式
        
-        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, body_preview, vhost, created_at
+        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, response_body, response_headers, vhost, created_at
        """
        from apps.common.utils import generate_csv_rows, format_datetime, format_list_field
        
@@ -367,7 +380,7 @@ class WebSiteViewSet(viewsets.ModelViewSet):
        headers = [
            'url', 'host', 'location', 'title', 'status_code',
            'content_length', 'content_type', 'webserver', 'tech',
-            'body_preview', 'vhost', 'created_at'
+            'response_body', 'response_headers', 'vhost', 'created_at'
        ]
        formatters = {
            'created_at': format_datetime,
@@ -426,35 +439,38 @@ class DirectoryViewSet(viewsets.ModelViewSet):
        
        响应:
        {
-            "message": "批量创建完成",
-            "createdCount": 10,
-            "mismatchedCount": 2
+            "data": {
+                "createdCount": 10
+            }
        }
        """
        from apps.targets.models import Target
        
        target_pk = self.kwargs.get('target_pk')
        if not target_pk:
-            return Response(
-                {'error': '必须在目标下批量创建目录'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Must create directories under a target',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 获取目标
        try:
            target = Target.objects.get(pk=target_pk)
        except Target.DoesNotExist:
-            return Response(
-                {'error': '目标不存在'},
-                status=status.HTTP_404_NOT_FOUND
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='Target not found',
+                status_code=status.HTTP_404_NOT_FOUND
            )
        
        # 获取请求体中的 URL 列表
        urls = request.data.get('urls', [])
        if not urls or not isinstance(urls, list):
-            return Response(
-                {'error': '请求体不能为空或格式错误'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Request body cannot be empty or invalid format',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 调用 service 层处理
@@ -467,15 +483,15 @@ class DirectoryViewSet(viewsets.ModelViewSet):
            )
        except Exception as e:
            logger.exception("批量创建目录失败")
-            return Response(
-                {'error': '服务器内部错误'},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Server internal error',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
            )
        
-        return Response({
-            'message': '批量创建完成',
+        return success_response(data={
            'createdCount': created_count,
-        }, status=status.HTTP_200_OK)
+        })

    @action(detail=False, methods=['get'], url_path='export')
    def export(self, request, **kwargs):
@@ -519,6 +535,7 @@ class EndpointViewSet(viewsets.ModelViewSet):
    - host="example"     主机名模糊匹配
    - title="login"      标题模糊匹配
    - status="200,301"   状态码多值匹配
+    - tech="nginx"       技术栈匹配（数组字段）
    - 多条件空格分隔     AND 关系
    """
    
@@ -553,35 +570,38 @@ class EndpointViewSet(viewsets.ModelViewSet):
        
        响应:
        {
-            "message": "批量创建完成",
-            "createdCount": 10,
-            "mismatchedCount": 2
+            "data": {
+                "createdCount": 10
+            }
        }
        """
        from apps.targets.models import Target
        
        target_pk = self.kwargs.get('target_pk')
        if not target_pk:
-            return Response(
-                {'error': '必须在目标下批量创建端点'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Must create endpoints under a target',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 获取目标
        try:
            target = Target.objects.get(pk=target_pk)
        except Target.DoesNotExist:
-            return Response(
-                {'error': '目标不存在'},
-                status=status.HTTP_404_NOT_FOUND
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='Target not found',
+                status_code=status.HTTP_404_NOT_FOUND
            )
        
        # 获取请求体中的 URL 列表
        urls = request.data.get('urls', [])
        if not urls or not isinstance(urls, list):
-            return Response(
-                {'error': '请求体不能为空或格式错误'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Request body cannot be empty or invalid format',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        # 调用 service 层处理
@@ -594,21 +614,21 @@ class EndpointViewSet(viewsets.ModelViewSet):
            )
        except Exception as e:
            logger.exception("批量创建端点失败")
-            return Response(
-                {'error': '服务器内部错误'},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Server internal error',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
            )
        
-        return Response({
-            'message': '批量创建完成',
+        return success_response(data={
            'createdCount': created_count,
-        }, status=status.HTTP_200_OK)
+        })

    @action(detail=False, methods=['get'], url_path='export')
    def export(self, request, **kwargs):
        """导出端点为 CSV 格式
        
-        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, body_preview, vhost, matched_gf_patterns, created_at
+        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, response_body, response_headers, vhost, matched_gf_patterns, created_at
        """
        from apps.common.utils import generate_csv_rows, format_datetime, format_list_field
        
@@ -621,7 +641,7 @@ class EndpointViewSet(viewsets.ModelViewSet):
        headers = [
            'url', 'host', 'location', 'title', 'status_code',
            'content_length', 'content_type', 'webserver', 'tech',
-            'body_preview', 'vhost', 'matched_gf_patterns', 'created_at'
+            'response_body', 'response_headers', 'vhost', 'matched_gf_patterns', 'created_at'
        ]
        formatters = {
            'created_at': format_datetime,
@@ -833,7 +853,7 @@ class WebsiteSnapshotViewSet(viewsets.ModelViewSet):
    def export(self, request, **kwargs):
        """导出网站快照为 CSV 格式
        
-        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, body_preview, vhost, created_at
+        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, response_body, response_headers, vhost, created_at
        """
        from apps.common.utils import generate_csv_rows, format_datetime, format_list_field
        
@@ -846,7 +866,7 @@ class WebsiteSnapshotViewSet(viewsets.ModelViewSet):
        headers = [
            'url', 'host', 'location', 'title', 'status_code',
            'content_length', 'content_type', 'webserver', 'tech',
-            'body_preview', 'vhost', 'created_at'
+            'response_body', 'response_headers', 'vhost', 'created_at'
        ]
        formatters = {
            'created_at': format_datetime,
@@ -950,7 +970,7 @@ class EndpointSnapshotViewSet(viewsets.ModelViewSet):
    def export(self, request, **kwargs):
        """导出端点快照为 CSV 格式
        
-        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, body_preview, vhost, matched_gf_patterns, created_at
+        CSV 列：url, host, location, title, status_code, content_length, content_type, webserver, tech, response_body, response_headers, vhost, matched_gf_patterns, created_at
        """
        from apps.common.utils import generate_csv_rows, format_datetime, format_list_field
        
@@ -963,7 +983,7 @@ class EndpointSnapshotViewSet(viewsets.ModelViewSet):
        headers = [
            'url', 'host', 'location', 'title', 'status_code',
            'content_length', 'content_type', 'webserver', 'tech',
-            'body_preview', 'vhost', 'matched_gf_patterns', 'created_at'
+            'response_body', 'response_headers', 'vhost', 'matched_gf_patterns', 'created_at'
        ]
        formatters = {
            'created_at': format_datetime,
--- a/backend/apps/asset/views/search_views.py
+++ b/backend/apps/asset/views/search_views.py
@@ -0,0 +1,364 @@
+"""
+资产搜索 API 视图
+
+提供资产搜索的 REST API 接口：
+- GET /api/assets/search/ - 搜索资产
+- GET /api/assets/search/export/ - 导出搜索结果为 CSV
+
+搜索语法：
+- field="value"     模糊匹配（ILIKE %value%）
+- field=="value"    精确匹配
+- field!="value"    不等于
+- &&                AND 连接
+- ||                OR 连接
+
+支持的字段：
+- host: 主机名
+- url: URL
+- title: 标题
+- tech: 技术栈
+- status: 状态码
+- body: 响应体
+- header: 响应头
+
+支持的资产类型：
+- website: 站点（默认）
+- endpoint: 端点
+"""
+
+import logging
+import json
+from datetime import datetime
+from urllib.parse import urlparse, urlunparse
+from rest_framework import status
+from rest_framework.views import APIView
+from rest_framework.request import Request
+from django.http import StreamingHttpResponse
+from django.db import connection
+
+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
+from apps.asset.services.search_service import AssetSearchService, VALID_ASSET_TYPES
+
+logger = logging.getLogger(__name__)
+
+
+class AssetSearchView(APIView):
+    """
+    资产搜索 API
+    
+    GET /api/assets/search/
+    
+    Query Parameters:
+        q: 搜索查询表达式
+        asset_type: 资产类型 ('website' 或 'endpoint'，默认 'website')
+        page: 页码（从 1 开始，默认 1）
+        pageSize: 每页数量（默认 10，最大 100）
+    
+    示例查询：
+        ?q=host="api" && tech="nginx"
+        ?q=tech="vue" || tech="react"&asset_type=endpoint
+        ?q=status=="200" && host!="test"
+    
+    Response:
+        {
+            "results": [...],
+            "total": 100,
+            "page": 1,
+            "pageSize": 10,
+            "totalPages": 10,
+            "assetType": "website"
+        }
+    """
+    
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+        self.service = AssetSearchService()
+    
+    def _parse_headers(self, headers_data) -> dict:
+        """解析响应头为字典"""
+        if not headers_data:
+            return {}
+        try:
+            return json.loads(headers_data)
+        except (json.JSONDecodeError, TypeError):
+            result = {}
+            for line in str(headers_data).split('\n'):
+                if ':' in line:
+                    key, value = line.split(':', 1)
+                    result[key.strip()] = value.strip()
+            return result
+    
+    def _format_result(self, result: dict, vulnerabilities_by_url: dict, asset_type: str) -> dict:
+        """格式化单个搜索结果"""
+        url = result.get('url', '')
+        vulns = vulnerabilities_by_url.get(url, [])
+        
+        # 基础字段（Website 和 Endpoint 共有）
+        formatted = {
+            'id': result.get('id'),
+            'url': url,
+            'host': result.get('host', ''),
+            'title': result.get('title', ''),
+            'technologies': result.get('tech', []) or [],
+            'statusCode': result.get('status_code'),
+            'contentLength': result.get('content_length'),
+            'contentType': result.get('content_type', ''),
+            'webserver': result.get('webserver', ''),
+            'location': result.get('location', ''),
+            'vhost': result.get('vhost'),
+            'responseHeaders': self._parse_headers(result.get('response_headers')),
+            'responseBody': result.get('response_body', ''),
+            'createdAt': result.get('created_at').isoformat() if result.get('created_at') else None,
+            'targetId': result.get('target_id'),
+        }
+        
+        # Website 特有字段：漏洞关联
+        if asset_type == 'website':
+            formatted['vulnerabilities'] = [
+                {
+                    'id': v.get('id'),
+                    'name': v.get('vuln_type', ''),
+                    'vulnType': v.get('vuln_type', ''),
+                    'severity': v.get('severity', 'info'),
+                }
+                for v in vulns
+            ]
+        
+        # Endpoint 特有字段
+        if asset_type == 'endpoint':
+            formatted['matchedGfPatterns'] = result.get('matched_gf_patterns', []) or []
+        
+        return formatted
+    
+    def _get_vulnerabilities_by_url_prefix(self, website_urls: list) -> dict:
+        """
+        根据 URL 前缀批量查询漏洞数据
+        
+        漏洞 URL 是 website URL 的子路径，使用前缀匹配：
+        - website.url: https://example.com/path?query=1
+        - vulnerability.url: https://example.com/path/api/users
+        
+        Args:
+            website_urls: website URL 列表，格式为 [(url, target_id), ...]
+        
+        Returns:
+            dict: {website_url: [vulnerability_list]}
+        """
+        if not website_urls:
+            return {}
+        
+        try:
+            with connection.cursor() as cursor:
+                # 构建 OR 条件：每个 website URL（去掉查询参数）作为前缀匹配
+                conditions = []
+                params = []
+                url_mapping = {}  # base_url -> original_url
+                
+                for url, target_id in website_urls:
+                    if not url or target_id is None:
+                        continue
+                    # 使用 urlparse 去掉查询参数和片段，只保留 scheme://netloc/path
+                    parsed = urlparse(url)
+                    base_url = urlunparse((parsed.scheme, parsed.netloc, parsed.path, '', '', ''))
+                    url_mapping[base_url] = url
+                    conditions.append("(v.url LIKE %s AND v.target_id = %s)")
+                    params.extend([base_url + '%', target_id])
+                
+                if not conditions:
+                    return {}
+                
+                where_clause = " OR ".join(conditions)
+                
+                sql = f"""
+                    SELECT v.id, v.vuln_type, v.severity, v.url, v.target_id
+                    FROM vulnerability v
+                    WHERE {where_clause}
+                    ORDER BY 
+                        CASE v.severity 
+                            WHEN 'critical' THEN 1 
+                            WHEN 'high' THEN 2 
+                            WHEN 'medium' THEN 3 
+                            WHEN 'low' THEN 4 
+                            ELSE 5 
+                        END
+                """
+                cursor.execute(sql, params)
+                
+                # 获取所有漏洞
+                all_vulns = []
+                for row in cursor.fetchall():
+                    all_vulns.append({
+                        'id': row[0],
+                        'vuln_type': row[1],
+                        'name': row[1],
+                        'severity': row[2],
+                        'url': row[3],
+                        'target_id': row[4],
+                    })
+                
+                # 按原始 website URL 分组（用于返回结果）
+                result = {url: [] for url, _ in website_urls}
+                for vuln in all_vulns:
+                    vuln_url = vuln['url']
+                    # 找到匹配的 website URL（最长前缀匹配）
+                    for website_url, target_id in website_urls:
+                        parsed = urlparse(website_url)
+                        base_url = urlunparse((parsed.scheme, parsed.netloc, parsed.path, '', '', ''))
+                        if vuln_url.startswith(base_url) and vuln['target_id'] == target_id:
+                            result[website_url].append(vuln)
+                            break
+                
+                return result
+        except Exception as e:
+            logger.error(f"批量查询漏洞失败: {e}")
+            return {}
+    
+    def get(self, request: Request):
+        """搜索资产"""
+        # 获取搜索查询
+        query = request.query_params.get('q', '').strip()
+        
+        if not query:
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Search query (q) is required',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
+        
+        # 获取并验证资产类型
+        asset_type = request.query_params.get('asset_type', 'website').strip().lower()
+        if asset_type not in VALID_ASSET_TYPES:
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=f'Invalid asset_type. Must be one of: {", ".join(VALID_ASSET_TYPES)}',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
+        
+        # 获取分页参数
+        try:
+            page = int(request.query_params.get('page', 1))
+            page_size = int(request.query_params.get('pageSize', 10))
+        except (ValueError, TypeError):
+            page = 1
+            page_size = 10
+        
+        # 限制分页参数
+        page = max(1, page)
+        page_size = min(max(1, page_size), 100)
+        
+        # 获取总数和搜索结果
+        total = self.service.count(query, asset_type)
+        total_pages = (total + page_size - 1) // page_size if total > 0 else 1
+        offset = (page - 1) * page_size
+        
+        all_results = self.service.search(query, asset_type)
+        results = all_results[offset:offset + page_size]
+        
+        # 批量查询漏洞数据（仅 Website 类型需要）
+        vulnerabilities_by_url = {}
+        if asset_type == 'website':
+            website_urls = [(r.get('url'), r.get('target_id')) for r in results if r.get('url') and r.get('target_id')]
+            vulnerabilities_by_url = self._get_vulnerabilities_by_url_prefix(website_urls) if website_urls else {}
+        
+        # 格式化结果
+        formatted_results = [self._format_result(r, vulnerabilities_by_url, asset_type) for r in results]
+        
+        return success_response(data={
+            'results': formatted_results,
+            'total': total,
+            'page': page,
+            'pageSize': page_size,
+            'totalPages': total_pages,
+            'assetType': asset_type,
+        })
+
+
+class AssetSearchExportView(APIView):
+    """
+    资产搜索导出 API
+    
+    GET /api/assets/search/export/
+    
+    Query Parameters:
+        q: 搜索查询表达式
+        asset_type: 资产类型 ('website' 或 'endpoint'，默认 'website')
+    
+    Response:
+        CSV 文件流（使用服务端游标，支持大数据量导出）
+    """
+    
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+        self.service = AssetSearchService()
+    
+    def _get_headers_and_formatters(self, asset_type: str):
+        """获取 CSV 表头和格式化器"""
+        from apps.common.utils import format_datetime, format_list_field
+        
+        if asset_type == 'website':
+            headers = ['url', 'host', 'title', 'status_code', 'content_type', 'content_length', 
+                      'webserver', 'location', 'tech', 'vhost', 'created_at']
+        else:
+            headers = ['url', 'host', 'title', 'status_code', 'content_type', 'content_length',
+                      'webserver', 'location', 'tech', 'matched_gf_patterns', 'vhost', 'created_at']
+        
+        formatters = {
+            'created_at': format_datetime,
+            'tech': lambda x: format_list_field(x, separator='; '),
+            'matched_gf_patterns': lambda x: format_list_field(x, separator='; '),
+            'vhost': lambda x: 'true' if x else ('false' if x is False else ''),
+        }
+        
+        return headers, formatters
+    
+    def get(self, request: Request):
+        """导出搜索结果为 CSV（流式导出，无数量限制）"""
+        from apps.common.utils import generate_csv_rows
+        
+        # 获取搜索查询
+        query = request.query_params.get('q', '').strip()
+        
+        if not query:
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Search query (q) is required',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
+        
+        # 获取并验证资产类型
+        asset_type = request.query_params.get('asset_type', 'website').strip().lower()
+        if asset_type not in VALID_ASSET_TYPES:
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=f'Invalid asset_type. Must be one of: {", ".join(VALID_ASSET_TYPES)}',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
+        
+        # 检查是否有结果（快速检查，避免空导出）
+        total = self.service.count(query, asset_type)
+        if total == 0:
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='No results to export',
+                status_code=status.HTTP_404_NOT_FOUND
+            )
+        
+        # 获取表头和格式化器
+        headers, formatters = self._get_headers_and_formatters(asset_type)
+        
+        # 获取流式数据迭代器
+        data_iterator = self.service.search_iter(query, asset_type)
+        
+        # 生成文件名
+        timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
+        filename = f'search_{asset_type}_{timestamp}.csv'
+        
+        # 返回流式响应
+        response = StreamingHttpResponse(
+            generate_csv_rows(data_iterator, headers, formatters),
+            content_type='text/csv; charset=utf-8'
+        )
+        response['Content-Disposition'] = f'attachment; filename="{filename}"'
+        
+        return response
--- a/backend/apps/common/container_bootstrap.py
+++ b/backend/apps/common/container_bootstrap.py
@@ -40,8 +40,14 @@ def fetch_config_and_setup_django():
    print(f"[CONFIG] 正在从配置中心获取配置: {config_url}")
    print(f"[CONFIG] IS_LOCAL={is_local}")
    try:
+        # 构建请求头（包含 Worker API Key）
+        headers = {}
+        worker_api_key = os.environ.get("WORKER_API_KEY", "")
+        if worker_api_key:
+            headers["X-Worker-API-Key"] = worker_api_key
+        
        # verify=False: 远程 Worker 通过 HTTPS 访问时可能使用自签名证书
-        resp = requests.get(config_url, timeout=10, verify=False)
+        resp = requests.get(config_url, headers=headers, timeout=10, verify=False)
        resp.raise_for_status()
        config = resp.json()
        
@@ -57,28 +63,17 @@ def fetch_config_and_setup_django():
        os.environ.setdefault("DB_USER", db_user)
        os.environ.setdefault("DB_PASSWORD", config['db']['password'])
        
-        # Redis 配置
-        os.environ.setdefault("REDIS_URL", config['redisUrl'])
-        
        # 日志配置
        os.environ.setdefault("LOG_DIR", config['paths']['logs'])
        os.environ.setdefault("LOG_LEVEL", config['logging']['level'])
        os.environ.setdefault("ENABLE_COMMAND_LOGGING", str(config['logging']['enableCommandLogging']).lower())
        os.environ.setdefault("DEBUG", str(config['debug']))
        
-        # Git 加速配置（用于 Git clone 加速）
-        git_mirror = config.get('gitMirror', '')
-        if git_mirror:
-            os.environ.setdefault("GIT_MIRROR", git_mirror)
-        
        print(f"[CONFIG] ✓ 配置获取成功")
        print(f"[CONFIG]   DB_HOST: {db_host}")
        print(f"[CONFIG]   DB_PORT: {db_port}")
        print(f"[CONFIG]   DB_NAME: {db_name}")
        print(f"[CONFIG]   DB_USER: {db_user}")
-        print(f"[CONFIG]   REDIS_URL: {config['redisUrl']}")
-        if git_mirror:
-            print(f"[CONFIG]   GIT_MIRROR: {git_mirror}")
        
    except Exception as e:
        print(f"[ERROR] 获取配置失败: {config_url} - {e}", file=sys.stderr)
--- a/backend/apps/common/error_codes.py
+++ b/backend/apps/common/error_codes.py
@@ -0,0 +1,31 @@
+"""
+标准化错误码定义
+
+采用简化方案（参考 Stripe、GitHub 等大厂做法）：
+- 只定义 5-10 个通用错误码
+- 未知错误使用通用错误码
+- 错误码格式：大写字母和下划线组成
+"""
+
+
+class ErrorCodes:
+    """标准化错误码
+    
+    只定义通用错误码，其他错误使用通用消息。
+    这是 Stripe、GitHub 等大厂的标准做法。
+    
+    错误码格式规范：
+    - 使用大写字母和下划线
+    - 简洁明了，易于理解
+    - 前端通过错误码映射到 i18n 键
+    """
+    
+    # 通用错误码（8 个）
+    VALIDATION_ERROR = 'VALIDATION_ERROR'      # 输入验证失败
+    NOT_FOUND = 'NOT_FOUND'                    # 资源未找到
+    PERMISSION_DENIED = 'PERMISSION_DENIED'    # 权限不足
+    SERVER_ERROR = 'SERVER_ERROR'              # 服务器内部错误
+    BAD_REQUEST = 'BAD_REQUEST'                # 请求格式错误
+    CONFLICT = 'CONFLICT'                      # 资源冲突（如重复创建）
+    UNAUTHORIZED = 'UNAUTHORIZED'              # 未认证
+    RATE_LIMITED = 'RATE_LIMITED'              # 请求过于频繁
--- a/backend/apps/common/exception_handlers.py
+++ b/backend/apps/common/exception_handlers.py
@@ -0,0 +1,49 @@
+"""
+自定义异常处理器
+
+统一处理 DRF 异常，确保错误响应格式一致
+"""
+
+from rest_framework.views import exception_handler
+from rest_framework import status
+from rest_framework.exceptions import AuthenticationFailed, NotAuthenticated
+
+from apps.common.response_helpers import error_response
+from apps.common.error_codes import ErrorCodes
+
+
+def custom_exception_handler(exc, context):
+    """
+    自定义异常处理器
+    
+    处理认证相关异常，返回统一格式的错误响应
+    """
+    # 先调用 DRF 默认的异常处理器
+    response = exception_handler(exc, context)
+    
+    if response is not None:
+        # 处理 401 未认证错误
+        if response.status_code == status.HTTP_401_UNAUTHORIZED:
+            return error_response(
+                code=ErrorCodes.UNAUTHORIZED,
+                message='Authentication required',
+                status_code=status.HTTP_401_UNAUTHORIZED
+            )
+        
+        # 处理 403 权限不足错误
+        if response.status_code == status.HTTP_403_FORBIDDEN:
+            return error_response(
+                code=ErrorCodes.PERMISSION_DENIED,
+                message='Permission denied',
+                status_code=status.HTTP_403_FORBIDDEN
+            )
+    
+    # 处理 NotAuthenticated 和 AuthenticationFailed 异常
+    if isinstance(exc, (NotAuthenticated, AuthenticationFailed)):
+        return error_response(
+            code=ErrorCodes.UNAUTHORIZED,
+            message='Authentication required',
+            status_code=status.HTTP_401_UNAUTHORIZED
+        )
+    
+    return response
--- a/backend/apps/common/permissions.py
+++ b/backend/apps/common/permissions.py
@@ -0,0 +1,80 @@
+"""
+集中式权限管理
+
+实现三类端点的认证逻辑：
+1. 公开端点（无需认证）：登录、登出、获取当前用户状态
+2. Worker 端点（API Key 认证）：注册、配置、心跳、回调、资源同步
+3. 业务端点（Session 认证）：其他所有 API
+"""
+
+import re
+import logging
+from django.conf import settings
+from rest_framework.permissions import BasePermission
+
+logger = logging.getLogger(__name__)
+
+# 公开端点白名单（无需任何认证）
+PUBLIC_ENDPOINTS = [
+    r'^/api/auth/login/$',
+    r'^/api/auth/logout/$',
+    r'^/api/auth/me/$',
+]
+
+# Worker API 端点（需要 API Key 认证）
+# 包括：注册、配置、心跳、回调、资源同步（字典下载）
+WORKER_ENDPOINTS = [
+    r'^/api/workers/register/$',
+    r'^/api/workers/config/$',
+    r'^/api/workers/\d+/heartbeat/$',
+    r'^/api/callbacks/',
+    # 资源同步端点（Worker 需要下载字典文件）
+    r'^/api/wordlists/download/$',
+    # 注意：指纹导出 API 使用 Session 认证（前端用户导出用）
+    # Worker 通过数据库直接获取指纹数据，不需要 HTTP API
+]
+
+
+class IsAuthenticatedOrPublic(BasePermission):
+    """
+    自定义权限类：
+    - 白名单内的端点公开访问
+    - Worker 端点需要 API Key 认证
+    - 其他端点需要 Session 认证
+    """
+    
+    def has_permission(self, request, view):
+        path = request.path
+        
+        # 检查是否在公开白名单内
+        for pattern in PUBLIC_ENDPOINTS:
+            if re.match(pattern, path):
+                return True
+        
+        # 检查是否是 Worker 端点
+        for pattern in WORKER_ENDPOINTS:
+            if re.match(pattern, path):
+                return self._check_worker_api_key(request)
+        
+        # 其他路径需要 Session 认证
+        return request.user and request.user.is_authenticated
+    
+    def _check_worker_api_key(self, request):
+        """验证 Worker API Key"""
+        api_key = request.headers.get('X-Worker-API-Key')
+        expected_key = getattr(settings, 'WORKER_API_KEY', None)
+        
+        if not expected_key:
+            # 未配置 API Key 时，拒绝所有 Worker 请求
+            logger.warning("WORKER_API_KEY 未配置，拒绝 Worker 请求")
+            return False
+        
+        if not api_key:
+            logger.warning(f"Worker 请求缺少 X-Worker-API-Key Header: {request.path}")
+            return False
+        
+        if api_key != expected_key:
+            logger.warning(f"Worker API Key 无效: {request.path}")
+            return False
+        
+        return True
--- a/backend/apps/common/response_helpers.py
+++ b/backend/apps/common/response_helpers.py
@@ -0,0 +1,88 @@
+"""
+标准化 API 响应辅助函数
+
+遵循行业标准（RFC 9457 Problem Details）和大厂实践（Google、Stripe、GitHub）：
+- 成功响应只包含数据，不包含 message 字段
+- 错误响应使用机器可读的错误码，前端映射到 i18n 消息
+"""
+from typing import Any, Dict, List, Optional, Union
+
+from rest_framework import status
+from rest_framework.response import Response
+
+
+def success_response(
+    data: Optional[Union[Dict[str, Any], List[Any]]] = None,
+    status_code: int = status.HTTP_200_OK
+) -> Response:
+    """
+    标准化成功响应
+    
+    直接返回数据，不做包装，符合 Stripe/GitHub 等大厂标准。
+    
+    Args:
+        data: 响应数据（dict 或 list）
+        status_code: HTTP 状态码，默认 200
+    
+    Returns:
+        Response: DRF Response 对象
+    
+    Examples:
+        # 单个资源
+        >>> success_response(data={'id': 1, 'name': 'Test'})
+        {'id': 1, 'name': 'Test'}
+        
+        # 操作结果
+        >>> success_response(data={'count': 3, 'scans': [...]})
+        {'count': 3, 'scans': [...]}
+        
+        # 创建资源
+        >>> success_response(data={'id': 1}, status_code=201)
+    """
+    # 注意：不能使用 data or {}，因为空列表 [] 会被转换为 {}
+    if data is None:
+        data = {}
+    return Response(data, status=status_code)
+
+
+def error_response(
+    code: str,
+    message: Optional[str] = None,
+    details: Optional[List[Dict[str, Any]]] = None,
+    status_code: int = status.HTTP_400_BAD_REQUEST
+) -> Response:
+    """
+    标准化错误响应
+    
+    Args:
+        code: 错误码（如 'VALIDATION_ERROR', 'NOT_FOUND'）
+              格式：大写字母和下划线组成
+        message: 开发者调试信息（非用户显示）
+        details: 详细错误信息（如字段级验证错误）
+        status_code: HTTP 状态码，默认 400
+    
+    Returns:
+        Response: DRF Response 对象
+    
+    Examples:
+        # 简单错误
+        >>> error_response(code='NOT_FOUND', status_code=404)
+        {'error': {'code': 'NOT_FOUND'}}
+        
+        # 带调试信息
+        >>> error_response(
+        ...     code='VALIDATION_ERROR',
+        ...     message='Invalid input data',
+        ...     details=[{'field': 'name', 'message': 'Required'}]
+        ... )
+        {'error': {'code': 'VALIDATION_ERROR', 'message': '...', 'details': [...]}}
+    """
+    error_body: Dict[str, Any] = {'code': code}
+    
+    if message:
+        error_body['message'] = message
+    
+    if details:
+        error_body['details'] = details
+    
+    return Response({'error': error_body}, status=status_code)
--- a/backend/apps/common/services/system_log_service.py
+++ b/backend/apps/common/services/system_log_service.py
@@ -4,15 +4,28 @@
 提供系统日志的读取功能，支持：
 - 从日志目录读取日志文件
 - 限制返回行数，防止内存溢出
+- 列出可用的日志文件
 """

+import fnmatch
 import logging
+import os
 import subprocess
+from datetime import datetime, timezone
+from typing import TypedDict


 logger = logging.getLogger(__name__)


+class LogFileInfo(TypedDict):
+    """日志文件信息"""
+    filename: str
+    category: str  # 'system' | 'error' | 'performance' | 'container'
+    size: int
+    modifiedAt: str  # ISO 8601 格式
+
+
 class SystemLogService:
    """
    系统日志服务类
@@ -20,23 +33,131 @@ class SystemLogService:
    负责读取系统日志文件，支持从容器内路径或宿主机挂载路径读取日志。
    """
    
+    # 日志文件分类规则
+    CATEGORY_RULES = [
+        ('xingrin.log', 'system'),
+        ('xingrin_error.log', 'error'),
+        ('performance.log', 'performance'),
+        ('container_*.log', 'container'),
+    ]
+    
    def __init__(self):
-        # 日志文件路径（统一使用 /opt/xingrin/logs）
-        self.log_file = "/opt/xingrin/logs/xingrin.log"
-        self.default_lines = 200        # 默认返回行数
-        self.max_lines = 10000          # 最大返回行数限制
-        self.timeout_seconds = 3        # tail 命令超时时间
+        # 日志目录路径
+        self.log_dir = "/opt/xingrin/logs"
+        self.default_file = "xingrin.log"  # 默认日志文件
+        self.default_lines = 200           # 默认返回行数
+        self.max_lines = 10000             # 最大返回行数限制
+        self.timeout_seconds = 3           # tail 命令超时时间

-    def get_logs_content(self, lines: int | None = None) -> str:
+    def _categorize_file(self, filename: str) -> str | None:
+        """
+        根据文件名判断日志分类
+        
+        Returns:
+            分类名称，如果不是日志文件则返回 None
+        """
+        for pattern, category in self.CATEGORY_RULES:
+            if fnmatch.fnmatch(filename, pattern):
+                return category
+        return None
+
+    def _validate_filename(self, filename: str) -> bool:
+        """
+        验证文件名是否合法（防止路径遍历攻击）
+        
+        Args:
+            filename: 要验证的文件名
+            
+        Returns:
+            bool: 文件名是否合法
+        """
+        # 不允许包含路径分隔符
+        if '/' in filename or '\\' in filename:
+            return False
+        # 不允许 .. 路径遍历
+        if '..' in filename:
+            return False
+        # 必须是已知的日志文件类型
+        return self._categorize_file(filename) is not None
+
+    def get_log_files(self) -> list[LogFileInfo]:
+        """
+        获取所有可用的日志文件列表
+        
+        Returns:
+            日志文件信息列表，按分类和文件名排序
+        """
+        files: list[LogFileInfo] = []
+        
+        if not os.path.isdir(self.log_dir):
+            logger.warning("日志目录不存在: %s", self.log_dir)
+            return files
+        
+        for filename in os.listdir(self.log_dir):
+            filepath = os.path.join(self.log_dir, filename)
+            
+            # 只处理文件，跳过目录
+            if not os.path.isfile(filepath):
+                continue
+            
+            # 判断分类
+            category = self._categorize_file(filename)
+            if category is None:
+                continue
+            
+            # 获取文件信息
+            try:
+                stat = os.stat(filepath)
+                modified_at = datetime.fromtimestamp(
+                    stat.st_mtime, tz=timezone.utc
+                ).isoformat()
+                
+                files.append({
+                    'filename': filename,
+                    'category': category,
+                    'size': stat.st_size,
+                    'modifiedAt': modified_at,
+                })
+            except OSError as e:
+                logger.warning("获取文件信息失败 %s: %s", filepath, e)
+                continue
+        
+        # 排序：按分类优先级（system > error > performance > container），然后按文件名
+        category_order = {'system': 0, 'error': 1, 'performance': 2, 'container': 3}
+        files.sort(key=lambda f: (category_order.get(f['category'], 99), f['filename']))
+        
+        return files
+
+    def get_logs_content(self, filename: str | None = None, lines: int | None = None) -> str:
        """
        获取系统日志内容
        
        Args:
+            filename: 日志文件名，默认为 xingrin.log
            lines: 返回的日志行数，默认 200 行，最大 10000 行
            
        Returns:
            str: 日志内容，每行以换行符分隔，保持原始顺序
+            
+        Raises:
+            ValueError: 文件名不合法
+            FileNotFoundError: 日志文件不存在
        """
+        # 文件名处理
+        if filename is None:
+            filename = self.default_file
+        
+        # 验证文件名
+        if not self._validate_filename(filename):
+            raise ValueError(f"无效的文件名: {filename}")
+        
+        # 构建完整路径
+        log_file = os.path.join(self.log_dir, filename)
+        
+        # 检查文件是否存在
+        if not os.path.isfile(log_file):
+            raise FileNotFoundError(f"日志文件不存在: {filename}")
+        
        # 参数校验和默认值处理
        if lines is None:
            lines = self.default_lines
@@ -48,7 +169,7 @@ class SystemLogService:
            lines = self.max_lines

        # 使用 tail 命令读取日志文件末尾内容
-        cmd = ["tail", "-n", str(lines), self.log_file]
+        cmd = ["tail", "-n", str(lines), log_file]

        result = subprocess.run(
            cmd,
--- a/backend/apps/common/urls.py
+++ b/backend/apps/common/urls.py
@@ -2,14 +2,18 @@
 通用模块 URL 配置

 路由说明：
+- /api/health/    健康检查接口（无需认证）
 - /api/auth/*     认证相关接口（登录、登出、用户信息）
 - /api/system/*   系统管理接口（日志查看等）
 """

 from django.urls import path
-from .views import LoginView, LogoutView, MeView, ChangePasswordView, SystemLogsView
+from .views import LoginView, LogoutView, MeView, ChangePasswordView, SystemLogsView, SystemLogFilesView, HealthCheckView

 urlpatterns = [
+    # 健康检查（无需认证）
+    path('health/', HealthCheckView.as_view(), name='health-check'),
+    
    # 认证相关
    path('auth/login/', LoginView.as_view(), name='auth-login'),
    path('auth/logout/', LogoutView.as_view(), name='auth-logout'),
@@ -18,4 +22,5 @@ urlpatterns = [
    
    # 系统管理
    path('system/logs/', SystemLogsView.as_view(), name='system-logs'),
+    path('system/logs/files/', SystemLogFilesView.as_view(), name='system-log-files'),
 ]
--- a/backend/apps/common/utils/init.py
+++ b/backend/apps/common/utils/init.py
@@ -13,7 +13,6 @@ from .csv_utils import (
    format_datetime,
    UTF8_BOM,
 )
-from .git_proxy import get_git_proxy_url

 __all__ = [
    'deduplicate_for_bulk',
@@ -26,5 +25,4 @@ __all__ = [
    'format_list_field',
    'format_datetime',
    'UTF8_BOM',
-    'get_git_proxy_url',
 ]
--- a/backend/apps/common/utils/filter_utils.py
+++ b/backend/apps/common/utils/filter_utils.py
@@ -29,11 +29,19 @@ from dataclasses import dataclass
 from typing import List, Dict, Optional, Union
 from enum import Enum

-from django.db.models import QuerySet, Q
+from django.db.models import QuerySet, Q, F, Func, CharField
+from django.db.models.functions import Cast

 logger = logging.getLogger(__name__)


+class ArrayToString(Func):
+    """PostgreSQL array_to_string 函数"""
+    function = 'array_to_string'
+    template = "%(function)s(%(expressions)s, ',')"
+    output_field = CharField()
+
+
 class LogicalOp(Enum):
    """逻辑运算符"""
    AND = 'AND'
@@ -86,9 +94,21 @@ class QueryParser:
        if not query_string or not query_string.strip():
            return []
        
+        # 第一步：提取所有过滤条件并用占位符替换，保护引号内的空格
+        filters_found = []
+        placeholder_pattern = '__FILTER_{}__'
+        
+        def replace_filter(match):
+            idx = len(filters_found)
+            filters_found.append(match.group(0))
+            return placeholder_pattern.format(idx)
+        
+        # 先用正则提取所有 field="value" 形式的条件
+        protected = cls.FILTER_PATTERN.sub(replace_filter, query_string)
+        
        # 标准化逻辑运算符
        # 先处理 || 和 or -> __OR__
-        normalized = cls.OR_PATTERN.sub(' __OR__ ', query_string)
+        normalized = cls.OR_PATTERN.sub(' __OR__ ', protected)
        # 再处理 && 和 and -> __AND__
        normalized = cls.AND_PATTERN.sub(' __AND__ ', normalized)
        
@@ -103,20 +123,26 @@ class QueryParser:
                pending_op = LogicalOp.OR
            elif token == '__AND__':
                pending_op = LogicalOp.AND
-            else:
-                # 尝试解析为过滤条件
-                match = cls.FILTER_PATTERN.match(token)
-                if match:
-                    field, operator, value = match.groups()
-                    groups.append(FilterGroup(
-                        filter=ParsedFilter(
-                            field=field.lower(),
-                            operator=operator,
-                            value=value
-                        ),
-                        logical_op=pending_op if groups else LogicalOp.AND  # 第一个条件默认 AND
-                    ))
-                    pending_op = LogicalOp.AND  # 重置为默认 AND
+            elif token.startswith('__FILTER_') and token.endswith('__'):
+                # 还原占位符为原始过滤条件
+                try:
+                    idx = int(token[9:-2])  # 提取索引
+                    original_filter = filters_found[idx]
+                    match = cls.FILTER_PATTERN.match(original_filter)
+                    if match:
+                        field, operator, value = match.groups()
+                        groups.append(FilterGroup(
+                            filter=ParsedFilter(
+                                field=field.lower(),
+                                operator=operator,
+                                value=value
+                            ),
+                            logical_op=pending_op if groups else LogicalOp.AND
+                        ))
+                        pending_op = LogicalOp.AND  # 重置为默认 AND
+                except (ValueError, IndexError):
+                    pass
+            # 其他 token 忽略（无效输入）
        
        return groups

@@ -151,6 +177,21 @@ class QueryBuilder:
        
        json_array_fields = json_array_fields or []
        
+        # 收集需要 annotate 的数组模糊搜索字段
+        array_fuzzy_fields = set()
+        
+        # 第一遍：检查是否有数组模糊匹配
+        for group in filter_groups:
+            f = group.filter
+            db_field = field_mapping.get(f.field)
+            if db_field and db_field in json_array_fields and f.operator == '=':
+                array_fuzzy_fields.add(db_field)
+        
+        # 对数组模糊搜索字段做 annotate
+        for field in array_fuzzy_fields:
+            annotate_name = f'{field}_text'
+            queryset = queryset.annotate(**{annotate_name: ArrayToString(F(field))})
+        
        # 构建 Q 对象
        combined_q = None
        
@@ -187,8 +228,17 @@ class QueryBuilder:
    def _build_single_q(cls, field: str, operator: str, value: str, is_json_array: bool = False) -> Optional[Q]:
        """构建单个条件的 Q 对象"""
        if is_json_array:
-            # JSON 数组字段使用 __contains 查询
-            return Q(**{f'{field}__contains': [value]})
+            if operator == '==':
+                # 精确匹配：数组中包含完全等于 value 的元素
+                return Q(**{f'{field}__contains': [value]})
+            elif operator == '!=':
+                # 不包含：数组中不包含完全等于 value 的元素
+                return ~Q(**{f'{field}__contains': [value]})
+            else:  # '=' 模糊匹配
+                # 使用 annotate 后的字段进行模糊搜索
+                # 字段已在 build_query 中通过 ArrayToString 转换为文本
+                annotate_name = f'{field}_text'
+                return Q(**{f'{annotate_name}__icontains': value})
        
        if operator == '!=':
            return cls._build_not_equal_q(field, value)
--- a/backend/apps/common/utils/git_proxy.py
+++ b/backend/apps/common/utils/git_proxy.py
@@ -1,39 +0,0 @@
-"""Git proxy utilities for URL acceleration."""
-
-import os
-from urllib.parse import urlparse
-
-
-def get_git_proxy_url(original_url: str) -> str:
-    """
-    Convert Git repository URL to proxy format for acceleration.
-    
-    Supports multiple mirror services (standard format):
-    - gh-proxy.org: https://gh-proxy.org/https://github.com/user/repo.git
-    - ghproxy.com: https://ghproxy.com/https://github.com/user/repo.git
-    - mirror.ghproxy.com: https://mirror.ghproxy.com/https://github.com/user/repo.git
-    - ghps.cc: https://ghps.cc/https://github.com/user/repo.git
-    
-    Args:
-        original_url: Original repository URL, e.g., https://github.com/user/repo.git
-        
-    Returns:
-        Converted URL based on GIT_MIRROR setting.
-        If GIT_MIRROR is not set, returns the original URL unchanged.
-    """
-    git_mirror = os.getenv("GIT_MIRROR", "").strip()
-    if not git_mirror:
-        return original_url
-    
-    # Remove trailing slash from mirror URL if present
-    git_mirror = git_mirror.rstrip("/")
-    
-    parsed = urlparse(original_url)
-    host = parsed.netloc.lower()
-    
-    # Only support GitHub for now
-    if "github.com" not in host:
-        return original_url
-    
-    # Standard format: https://mirror.example.com/https://github.com/user/repo.git
-    return f"{git_mirror}/{original_url}"
--- a/backend/apps/common/views/init.py
+++ b/backend/apps/common/views/init.py
@@ -2,11 +2,17 @@
 通用模块视图导出

 包含：
+- 健康检查视图：Docker 健康检查
 - 认证相关视图：登录、登出、用户信息、修改密码
 - 系统日志视图：实时日志查看
 """

+from .health_views import HealthCheckView
 from .auth_views import LoginView, LogoutView, MeView, ChangePasswordView
-from .system_log_views import SystemLogsView
+from .system_log_views import SystemLogsView, SystemLogFilesView

-__all__ = ['LoginView', 'LogoutView', 'MeView', 'ChangePasswordView', 'SystemLogsView']
+__all__ = [
+    'HealthCheckView',
+    'LoginView', 'LogoutView', 'MeView', 'ChangePasswordView',
+    'SystemLogsView', 'SystemLogFilesView',
+]
--- a/backend/apps/common/views/auth_views.py
+++ b/backend/apps/common/views/auth_views.py
@@ -9,7 +9,10 @@ from django.utils.decorators import method_decorator
 from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.response import Response
-from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.permissions import AllowAny
+
+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes

 logger = logging.getLogger(__name__)

@@ -28,9 +31,10 @@ class LoginView(APIView):
        password = request.data.get('password')
        
        if not username or not password:
-            return Response(
-                {'error': '请提供用户名和密码'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Username and password are required',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        user = authenticate(request, username=username, password=password)
@@ -38,20 +42,22 @@ class LoginView(APIView):
        if user is not None:
            login(request, user)
            logger.info(f"用户 {username} 登录成功")
-            return Response({
-                'message': '登录成功',
-                'user': {
-                    'id': user.id,
-                    'username': user.username,
-                    'isStaff': user.is_staff,
-                    'isSuperuser': user.is_superuser,
+            return success_response(
+                data={
+                    'user': {
+                        'id': user.id,
+                        'username': user.username,
+                        'isStaff': user.is_staff,
+                        'isSuperuser': user.is_superuser,
+                    }
                }
-            })
+            )
        else:
            logger.warning(f"用户 {username} 登录失败：用户名或密码错误")
-            return Response(
-                {'error': '用户名或密码错误'},
-                status=status.HTTP_401_UNAUTHORIZED
+            return error_response(
+                code=ErrorCodes.UNAUTHORIZED,
+                message='Invalid username or password',
+                status_code=status.HTTP_401_UNAUTHORIZED
            )


@@ -79,7 +85,7 @@ class LogoutView(APIView):
                logout(request)
        else:
            logout(request)
-        return Response({'message': '已登出'})
+        return success_response()


@method_decorator(csrf_exempt, name='dispatch')
@@ -100,22 +106,26 @@ class MeView(APIView):
        if user_id:
            try:
                user = User.objects.get(pk=user_id)
-                return Response({
-                    'authenticated': True,
-                    'user': {
-                        'id': user.id,
-                        'username': user.username,
-                        'isStaff': user.is_staff,
-                        'isSuperuser': user.is_superuser,
+                return success_response(
+                    data={
+                        'authenticated': True,
+                        'user': {
+                            'id': user.id,
+                            'username': user.username,
+                            'isStaff': user.is_staff,
+                            'isSuperuser': user.is_superuser,
+                        }
                    }
-                })
+                )
            except User.DoesNotExist:
                pass
        
-        return Response({
-            'authenticated': False,
-            'user': None
-        })
+        return success_response(
+            data={
+                'authenticated': False,
+                'user': None
+            }
+        )


@method_decorator(csrf_exempt, name='dispatch')
@@ -124,43 +134,27 @@ class ChangePasswordView(APIView):
    修改密码
    POST /api/auth/change-password/
    """
-    authentication_classes = []  # 禁用认证（绕过 CSRF）
-    permission_classes = [AllowAny]  # 手动检查登录状态
    
    def post(self, request):
-        # 手动检查登录状态（从 session 获取用户）
-        from django.contrib.auth import get_user_model
-        User = get_user_model()
-        
-        user_id = request.session.get('_auth_user_id')
-        if not user_id:
-            return Response(
-                {'error': '请先登录'},
-                status=status.HTTP_401_UNAUTHORIZED
-            )
-        
-        try:
-            user = User.objects.get(pk=user_id)
-        except User.DoesNotExist:
-            return Response(
-                {'error': '用户不存在'},
-                status=status.HTTP_401_UNAUTHORIZED
-            )
+        # 使用全局权限类验证，request.user 已经是认证用户
+        user = request.user
        
        # CamelCaseParser 将 oldPassword -> old_password
        old_password = request.data.get('old_password')
        new_password = request.data.get('new_password')
        
        if not old_password or not new_password:
-            return Response(
-                {'error': '请提供旧密码和新密码'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Old password and new password are required',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        if not user.check_password(old_password):
-            return Response(
-                {'error': '旧密码错误'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Old password is incorrect',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        user.set_password(new_password)
@@ -170,4 +164,4 @@ class ChangePasswordView(APIView):
        update_session_auth_hash(request, user)
        
        logger.info(f"用户 {user.username} 已修改密码")
-        return Response({'message': '密码修改成功'})
+        return success_response()
--- a/backend/apps/common/views/health_views.py
+++ b/backend/apps/common/views/health_views.py
@@ -0,0 +1,24 @@
+"""
+健康检查视图
+
+提供 Docker 健康检查端点，无需认证。
+"""
+
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework.permissions import AllowAny
+
+
+class HealthCheckView(APIView):
+    """
+    健康检查端点
+    
+    GET /api/health/
+    
+    返回服务状态，用于 Docker 健康检查。
+    此端点无需认证。
+    """
+    permission_classes = [AllowAny]
+    
+    def get(self, request):
+        return Response({'status': 'ok'})
--- a/backend/apps/common/views/system_log_views.py
+++ b/backend/apps/common/views/system_log_views.py
@@ -9,16 +9,57 @@ import logging
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from rest_framework import status
-from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView

+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
 from apps.common.services.system_log_service import SystemLogService


 logger = logging.getLogger(__name__)


+@method_decorator(csrf_exempt, name="dispatch")
+class SystemLogFilesView(APIView):
+    """
+    日志文件列表 API 视图
+    
+    GET /api/system/logs/files/
+        获取所有可用的日志文件列表
+        
+    Response:
+        {
+            "files": [
+                {
+                    "filename": "xingrin.log",
+                    "category": "system",
+                    "size": 1048576,
+                    "modifiedAt": "2025-01-15T10:30:00+00:00"
+                },
+                ...
+            ]
+        }
+    """
+
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+        self.service = SystemLogService()
+
+    def get(self, request):
+        """获取日志文件列表"""
+        try:
+            files = self.service.get_log_files()
+            return success_response(data={"files": files})
+        except Exception:
+            logger.exception("获取日志文件列表失败")
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Failed to get log files',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )
+
+
@method_decorator(csrf_exempt, name="dispatch")
 class SystemLogsView(APIView):
    """
@@ -28,21 +69,14 @@ class SystemLogsView(APIView):
        获取系统日志内容
        
    Query Parameters:
+        file (str, optional): 日志文件名，默认 xingrin.log
        lines (int, optional): 返回的日志行数，默认 200，最大 10000
        
    Response:
        {
            "content": "日志内容字符串..."
        }
-        
-    Note:
-        - 当前为开发阶段，暂时允许匿名访问
-        - 生产环境应添加管理员权限验证
    """
-    
-    # TODO: 生产环境应改为 IsAdminUser 权限
-    authentication_classes = []
-    permission_classes = [AllowAny]

    def __init__(self, **kwargs):
        super().__init__(**kwargs)
@@ -52,18 +86,33 @@ class SystemLogsView(APIView):
        """
        获取系统日志
        
-        支持通过 lines 参数控制返回行数，用于前端分页或实时刷新场景。
+        支持通过 file 和 lines 参数控制返回内容。
        """
        try:
-            # 解析 lines 参数
+            # 解析参数
+            filename = request.query_params.get("file")
            lines_raw = request.query_params.get("lines")
            lines = int(lines_raw) if lines_raw is not None else None

            # 调用服务获取日志内容
-            content = self.service.get_logs_content(lines=lines)
-            return Response({"content": content})
-        except ValueError:
-            return Response({"error": "lines 参数必须是整数"}, status=status.HTTP_400_BAD_REQUEST)
+            content = self.service.get_logs_content(filename=filename, lines=lines)
+            return success_response(data={"content": content})
+        except ValueError as e:
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(e) if 'file' in str(e).lower() else 'lines must be an integer',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
+        except FileNotFoundError as e:
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message=str(e),
+                status_code=status.HTTP_404_NOT_FOUND
+            )
        except Exception:
            logger.exception("获取系统日志失败")
-            return Response({"error": "获取系统日志失败"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Failed to get system logs',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )
--- a/backend/apps/common/websocket_auth.py
+++ b/backend/apps/common/websocket_auth.py
@@ -0,0 +1,44 @@
+"""
+WebSocket 认证基类
+
+提供需要认证的 WebSocket Consumer 基类
+"""
+
+import logging
+from channels.generic.websocket import AsyncWebsocketConsumer
+
+logger = logging.getLogger(__name__)
+
+
+class AuthenticatedWebsocketConsumer(AsyncWebsocketConsumer):
+    """
+    需要认证的 WebSocket Consumer 基类
+    
+    子类应该重写 on_connect() 方法实现具体的连接逻辑
+    """
+    
+    async def connect(self):
+        """
+        连接时验证用户认证状态
+        
+        未认证时使用 close(code=4001) 拒绝连接
+        """
+        user = self.scope.get('user')
+        
+        if not user or not user.is_authenticated:
+            logger.warning(
+                f"WebSocket 连接被拒绝：用户未认证 - Path: {self.scope.get('path')}"
+            )
+            await self.close(code=4001)
+            return
+        
+        # 调用子类的连接逻辑
+        await self.on_connect()
+    
+    async def on_connect(self):
+        """
+        子类实现具体的连接逻辑
+        
+        默认实现：接受连接
+        """
+        await self.accept()
--- a/backend/apps/engine/consumers/worker_deploy_consumer.py
+++ b/backend/apps/engine/consumers/worker_deploy_consumer.py
@@ -6,17 +6,17 @@ import json
 import logging
 import asyncio
 import os
-from channels.generic.websocket import AsyncWebsocketConsumer
 from asgiref.sync import sync_to_async

 from django.conf import settings

+from apps.common.websocket_auth import AuthenticatedWebsocketConsumer
 from apps.engine.services import WorkerService

 logger = logging.getLogger(__name__)


-class WorkerDeployConsumer(AsyncWebsocketConsumer):
+class WorkerDeployConsumer(AuthenticatedWebsocketConsumer):
    """
    Worker 交互式终端 WebSocket Consumer
    
@@ -31,8 +31,8 @@ class WorkerDeployConsumer(AsyncWebsocketConsumer):
        self.read_task = None
        self.worker_service = WorkerService()
    
-    async def connect(self):
-        """连接时加入对应 Worker 的组并自动建立 SSH 连接"""
+    async def on_connect(self):
+        """连接时加入对应 Worker 的组并自动建立 SSH 连接（已通过认证）"""
        self.worker_id = self.scope['url_route']['kwargs']['worker_id']
        self.group_name = f'worker_deploy_{self.worker_id}'
        
--- a/backend/apps/engine/management/commands/init_default_engine.py
+++ b/backend/apps/engine/management/commands/init_default_engine.py
@@ -15,9 +15,10 @@
 """

 from django.core.management.base import BaseCommand
+from io import StringIO
 from pathlib import Path

-import yaml
+from ruamel.yaml import YAML

 from apps.engine.models import ScanEngine

@@ -44,10 +45,12 @@ class Command(BaseCommand):
        with open(config_path, 'r', encoding='utf-8') as f:
            default_config = f.read()

-        # 解析 YAML 为字典，后续用于生成子引擎配置
+        # 使用 ruamel.yaml 解析，保留注释
+        yaml_parser = YAML()
+        yaml_parser.preserve_quotes = True
        try:
-            config_dict = yaml.safe_load(default_config) or {}
-        except yaml.YAMLError as e:
+            config_dict = yaml_parser.load(default_config) or {}
+        except Exception as e:
            self.stdout.write(self.style.ERROR(f'引擎配置 YAML 解析失败: {e}'))
            return

@@ -83,15 +86,13 @@ class Command(BaseCommand):
            if scan_type != 'subdomain_discovery' and 'tools' not in scan_cfg:
                continue

-            # 构造只包含当前扫描类型配置的 YAML
+            # 构造只包含当前扫描类型配置的 YAML（保留注释）
            single_config = {scan_type: scan_cfg}
            try:
-                single_yaml = yaml.safe_dump(
-                    single_config,
-                    sort_keys=False,
-                    allow_unicode=True,
-                )
-            except yaml.YAMLError as e:
+                stream = StringIO()
+                yaml_parser.dump(single_config, stream)
+                single_yaml = stream.getvalue()
+            except Exception as e:
                self.stdout.write(self.style.ERROR(f'生成子引擎 {scan_type} 配置失败: {e}'))
                continue

--- a/backend/apps/engine/management/commands/init_fingerprints.py
+++ b/backend/apps/engine/management/commands/init_fingerprints.py
@@ -3,6 +3,9 @@
 - EHole 指纹: ehole.json -> 导入到数据库
 - Goby 指纹: goby.json -> 导入到数据库
 - Wappalyzer 指纹: wappalyzer.json -> 导入到数据库
+- Fingers 指纹: fingers_http.json -> 导入到数据库
+- FingerPrintHub 指纹: fingerprinthub_web.json -> 导入到数据库
+- ARL 指纹: ARL.yaml -> 导入到数据库

 可重复执行：如果数据库已有数据则跳过，只在空库时导入。
 """
@@ -11,14 +14,25 @@ import json
 import logging
 from pathlib import Path

+import yaml
 from django.conf import settings
 from django.core.management.base import BaseCommand

-from apps.engine.models import EholeFingerprint, GobyFingerprint, WappalyzerFingerprint
+from apps.engine.models import (
+    EholeFingerprint,
+    GobyFingerprint,
+    WappalyzerFingerprint,
+    FingersFingerprint,
+    FingerPrintHubFingerprint,
+    ARLFingerprint,
+)
 from apps.engine.services.fingerprints import (
    EholeFingerprintService,
    GobyFingerprintService,
    WappalyzerFingerprintService,
+    FingersFingerprintService,
+    FingerPrintHubFingerprintService,
+    ARLFingerprintService,
 )


@@ -33,6 +47,7 @@ DEFAULT_FINGERPRINTS = [
        "model": EholeFingerprint,
        "service": EholeFingerprintService,
        "data_key": "fingerprint",  # JSON 中指纹数组的 key
+        "file_format": "json",
    },
    {
        "type": "goby",
@@ -40,6 +55,7 @@ DEFAULT_FINGERPRINTS = [
        "model": GobyFingerprint,
        "service": GobyFingerprintService,
        "data_key": None,  # Goby 是数组格式，直接使用整个 JSON
+        "file_format": "json",
    },
    {
        "type": "wappalyzer",
@@ -47,6 +63,31 @@ DEFAULT_FINGERPRINTS = [
        "model": WappalyzerFingerprint,
        "service": WappalyzerFingerprintService,
        "data_key": "apps",  # Wappalyzer 使用 apps 对象
+        "file_format": "json",
+    },
+    {
+        "type": "fingers",
+        "filename": "fingers_http.json",
+        "model": FingersFingerprint,
+        "service": FingersFingerprintService,
+        "data_key": None,  # Fingers 是数组格式
+        "file_format": "json",
+    },
+    {
+        "type": "fingerprinthub",
+        "filename": "fingerprinthub_web.json",
+        "model": FingerPrintHubFingerprint,
+        "service": FingerPrintHubFingerprintService,
+        "data_key": None,  # FingerPrintHub 是数组格式
+        "file_format": "json",
+    },
+    {
+        "type": "arl",
+        "filename": "ARL.yaml",
+        "model": ARLFingerprint,
+        "service": ARLFingerprintService,
+        "data_key": None,  # ARL 是 YAML 数组格式
+        "file_format": "yaml",
    },
 ]

@@ -68,6 +109,7 @@ class Command(BaseCommand):
            model = item["model"]
            service_class = item["service"]
            data_key = item["data_key"]
+            file_format = item.get("file_format", "json")

            # 检查数据库是否已有数据
            existing_count = model.objects.count()
@@ -87,11 +129,14 @@ class Command(BaseCommand):
                failed += 1
                continue

-            # 读取并解析 JSON
+            # 读取并解析文件（支持 JSON 和 YAML）
            try:
                with open(src_path, "r", encoding="utf-8") as f:
-                    json_data = json.load(f)
-            except (json.JSONDecodeError, OSError) as exc:
+                    if file_format == "yaml":
+                        file_data = yaml.safe_load(f)
+                    else:
+                        file_data = json.load(f)
+            except (json.JSONDecodeError, yaml.YAMLError, OSError) as exc:
                self.stdout.write(self.style.ERROR(
                    f"[{fp_type}] 读取指纹文件失败: {exc}"
                ))
@@ -99,7 +144,7 @@ class Command(BaseCommand):
                continue

            # 提取指纹数据（根据不同格式处理）
-            fingerprints = self._extract_fingerprints(json_data, data_key, fp_type)
+            fingerprints = self._extract_fingerprints(file_data, data_key, fp_type)
            if not fingerprints:
                self.stdout.write(self.style.WARNING(
                    f"[{fp_type}] 指纹文件中没有有效数据，跳过"
--- a/backend/apps/engine/migrations/0001_initial.py
+++ b/backend/apps/engine/migrations/0001_initial.py
@@ -0,0 +1,213 @@
+# Generated by Django 5.2.7 on 2026-01-02 04:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='NucleiTemplateRepo',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='仓库名称，用于前端展示和配置引用', max_length=200, unique=True)),
+                ('repo_url', models.CharField(help_text='Git 仓库地址', max_length=500)),
+                ('local_path', models.CharField(blank=True, default='', help_text='本地工作目录绝对路径', max_length=500)),
+                ('commit_hash', models.CharField(blank=True, default='', help_text='最后同步的 Git commit hash，用于 Worker 版本校验', max_length=40)),
+                ('last_synced_at', models.DateTimeField(blank=True, help_text='最后一次成功同步时间', null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='更新时间')),
+            ],
+            options={
+                'verbose_name': 'Nuclei 模板仓库',
+                'verbose_name_plural': 'Nuclei 模板仓库',
+                'db_table': 'nuclei_template_repo',
+            },
+        ),
+        migrations.CreateModel(
+            name='ARLFingerprint',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='指纹名称', max_length=300, unique=True)),
+                ('rule', models.TextField(help_text='匹配规则表达式')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+            options={
+                'verbose_name': 'ARL 指纹',
+                'verbose_name_plural': 'ARL 指纹',
+                'db_table': 'arl_fingerprint',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['name'], name='arl_fingerp_name_c3a305_idx'), models.Index(fields=['-created_at'], name='arl_fingerp_created_ed1060_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='EholeFingerprint',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('cms', models.CharField(help_text='产品/CMS名称', max_length=200)),
+                ('method', models.CharField(default='keyword', help_text='匹配方式', max_length=200)),
+                ('location', models.CharField(default='body', help_text='匹配位置', max_length=200)),
+                ('keyword', models.JSONField(default=list, help_text='关键词列表')),
+                ('is_important', models.BooleanField(default=False, help_text='是否重点资产')),
+                ('type', models.CharField(blank=True, default='-', help_text='分类', max_length=100)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+            options={
+                'verbose_name': 'EHole 指纹',
+                'verbose_name_plural': 'EHole 指纹',
+                'db_table': 'ehole_fingerprint',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['cms'], name='ehole_finge_cms_72ca2c_idx'), models.Index(fields=['method'], name='ehole_finge_method_17f0db_idx'), models.Index(fields=['location'], name='ehole_finge_locatio_7bb82b_idx'), models.Index(fields=['type'], name='ehole_finge_type_ca2bce_idx'), models.Index(fields=['is_important'], name='ehole_finge_is_impo_d56e64_idx'), models.Index(fields=['-created_at'], name='ehole_finge_created_d862b0_idx')],
+                'constraints': [models.UniqueConstraint(fields=('cms', 'method', 'location'), name='unique_ehole_fingerprint')],
+            },
+        ),
+        migrations.CreateModel(
+            name='FingerPrintHubFingerprint',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('fp_id', models.CharField(help_text='指纹ID', max_length=200, unique=True)),
+                ('name', models.CharField(help_text='指纹名称', max_length=300)),
+                ('author', models.CharField(blank=True, default='', help_text='作者', max_length=200)),
+                ('tags', models.CharField(blank=True, default='', help_text='标签', max_length=500)),
+                ('severity', models.CharField(blank=True, default='info', help_text='严重程度', max_length=50)),
+                ('metadata', models.JSONField(blank=True, default=dict, help_text='元数据')),
+                ('http', models.JSONField(default=list, help_text='HTTP 匹配规则')),
+                ('source_file', models.CharField(blank=True, default='', help_text='来源文件', max_length=500)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+            options={
+                'verbose_name': 'FingerPrintHub 指纹',
+                'verbose_name_plural': 'FingerPrintHub 指纹',
+                'db_table': 'fingerprinthub_fingerprint',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['fp_id'], name='fingerprint_fp_id_df467f_idx'), models.Index(fields=['name'], name='fingerprint_name_95b6fb_idx'), models.Index(fields=['author'], name='fingerprint_author_80f54b_idx'), models.Index(fields=['severity'], name='fingerprint_severit_f70422_idx'), models.Index(fields=['-created_at'], name='fingerprint_created_bec16c_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='FingersFingerprint',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='指纹名称', max_length=300, unique=True)),
+                ('link', models.URLField(blank=True, default='', help_text='相关链接', max_length=500)),
+                ('rule', models.JSONField(default=list, help_text='匹配规则数组')),
+                ('tag', models.JSONField(default=list, help_text='标签数组')),
+                ('focus', models.BooleanField(default=False, help_text='是否重点关注')),
+                ('default_port', models.JSONField(blank=True, default=list, help_text='默认端口数组')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+            options={
+                'verbose_name': 'Fingers 指纹',
+                'verbose_name_plural': 'Fingers 指纹',
+                'db_table': 'fingers_fingerprint',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['name'], name='fingers_fin_name_952de0_idx'), models.Index(fields=['link'], name='fingers_fin_link_4c6b7f_idx'), models.Index(fields=['focus'], name='fingers_fin_focus_568c7f_idx'), models.Index(fields=['-created_at'], name='fingers_fin_created_46fc91_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='GobyFingerprint',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='产品名称', max_length=300, unique=True)),
+                ('logic', models.CharField(help_text='逻辑表达式', max_length=500)),
+                ('rule', models.JSONField(default=list, help_text='规则数组')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+            options={
+                'verbose_name': 'Goby 指纹',
+                'verbose_name_plural': 'Goby 指纹',
+                'db_table': 'goby_fingerprint',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['name'], name='goby_finger_name_82084c_idx'), models.Index(fields=['logic'], name='goby_finger_logic_a63226_idx'), models.Index(fields=['-created_at'], name='goby_finger_created_50e000_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='ScanEngine',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('name', models.CharField(help_text='引擎名称', max_length=200, unique=True)),
+                ('configuration', models.CharField(blank=True, default='', help_text='引擎配置，yaml 格式', max_length=10000)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='更新时间')),
+            ],
+            options={
+                'verbose_name': '扫描引擎',
+                'verbose_name_plural': '扫描引擎',
+                'db_table': 'scan_engine',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='scan_engine_created_da4870_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='WappalyzerFingerprint',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='应用名称', max_length=300, unique=True)),
+                ('cats', models.JSONField(default=list, help_text='分类 ID 数组')),
+                ('cookies', models.JSONField(blank=True, default=dict, help_text='Cookie 检测规则')),
+                ('headers', models.JSONField(blank=True, default=dict, help_text='HTTP Header 检测规则')),
+                ('script_src', models.JSONField(blank=True, default=list, help_text='脚本 URL 正则数组')),
+                ('js', models.JSONField(blank=True, default=list, help_text='JavaScript 变量检测规则')),
+                ('implies', models.JSONField(blank=True, default=list, help_text='依赖关系数组')),
+                ('meta', models.JSONField(blank=True, default=dict, help_text='HTML meta 标签检测规则')),
+                ('html', models.JSONField(blank=True, default=list, help_text='HTML 内容正则数组')),
+                ('description', models.TextField(blank=True, default='', help_text='应用描述')),
+                ('website', models.URLField(blank=True, default='', help_text='官网链接', max_length=500)),
+                ('cpe', models.CharField(blank=True, default='', help_text='CPE 标识符', max_length=300)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+            options={
+                'verbose_name': 'Wappalyzer 指纹',
+                'verbose_name_plural': 'Wappalyzer 指纹',
+                'db_table': 'wappalyzer_fingerprint',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['name'], name='wappalyzer__name_63c669_idx'), models.Index(fields=['website'], name='wappalyzer__website_88de1c_idx'), models.Index(fields=['cpe'], name='wappalyzer__cpe_30c761_idx'), models.Index(fields=['-created_at'], name='wappalyzer__created_8e6c21_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='Wordlist',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('name', models.CharField(help_text='字典名称，唯一', max_length=200, unique=True)),
+                ('description', models.CharField(blank=True, default='', help_text='字典描述', max_length=200)),
+                ('file_path', models.CharField(help_text='后端保存的字典文件绝对路径', max_length=500)),
+                ('file_size', models.BigIntegerField(default=0, help_text='文件大小（字节）')),
+                ('line_count', models.IntegerField(default=0, help_text='字典行数')),
+                ('file_hash', models.CharField(blank=True, default='', help_text='文件 SHA-256 哈希，用于缓存校验', max_length=64)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='更新时间')),
+            ],
+            options={
+                'verbose_name': '字典文件',
+                'verbose_name_plural': '字典文件',
+                'db_table': 'wordlist',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='wordlist_created_4afb02_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='WorkerNode',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(help_text='节点名称', max_length=100)),
+                ('ip_address', models.GenericIPAddressField(help_text='IP 地址（本地节点为 127.0.0.1）')),
+                ('ssh_port', models.IntegerField(default=22, help_text='SSH 端口')),
+                ('username', models.CharField(default='root', help_text='SSH 用户名', max_length=50)),
+                ('password', models.CharField(blank=True, default='', help_text='SSH 密码', max_length=200)),
+                ('is_local', models.BooleanField(default=False, help_text='是否为本地节点（Docker 容器内）')),
+                ('status', models.CharField(choices=[('pending', '待部署'), ('deploying', '部署中'), ('online', '在线'), ('offline', '离线'), ('updating', '更新中'), ('outdated', '版本过低')], default='pending', help_text='状态: pending/deploying/online/offline', max_length=20)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+            options={
+                'verbose_name': 'Worker 节点',
+                'db_table': 'worker_node',
+                'ordering': ['-created_at'],
+                'constraints': [models.UniqueConstraint(condition=models.Q(('is_local', False)), fields=('ip_address',), name='unique_remote_worker_ip'), models.UniqueConstraint(fields=('name',), name='unique_worker_name')],
+            },
+        ),
+    ]
--- a/backend/apps/engine/models/init.py
+++ b/backend/apps/engine/models/init.py
@@ -4,7 +4,14 @@
 """

 from .engine import WorkerNode, ScanEngine, Wordlist, NucleiTemplateRepo
-from .fingerprints import EholeFingerprint, GobyFingerprint, WappalyzerFingerprint
+from .fingerprints import (
+    EholeFingerprint,
+    GobyFingerprint,
+    WappalyzerFingerprint,
+    FingersFingerprint,
+    FingerPrintHubFingerprint,
+    ARLFingerprint,
+)

 __all__ = [
    # 核心 Models
@@ -16,4 +23,7 @@ __all__ = [
    "EholeFingerprint",
    "GobyFingerprint",
    "WappalyzerFingerprint",
+    "FingersFingerprint",
+    "FingerPrintHubFingerprint",
+    "ARLFingerprint",
 ]
--- a/backend/apps/engine/models/fingerprints.py
+++ b/backend/apps/engine/models/fingerprints.py
@@ -106,3 +106,90 @@ class WappalyzerFingerprint(models.Model):
    
    def __str__(self) -> str:
        return f"{self.name}"
+
+
+class FingersFingerprint(models.Model):
+    """Fingers 格式指纹规则 (fingers_http.json)
+    
+    使用正则表达式和标签进行匹配，支持 favicon hash、header、body 等多种检测方式
+    """
+    
+    name = models.CharField(max_length=300, unique=True, help_text='指纹名称')
+    link = models.URLField(max_length=500, blank=True, default='', help_text='相关链接')
+    rule = models.JSONField(default=list, help_text='匹配规则数组')
+    tag = models.JSONField(default=list, help_text='标签数组')
+    focus = models.BooleanField(default=False, help_text='是否重点关注')
+    default_port = models.JSONField(default=list, blank=True, help_text='默认端口数组')
+    created_at = models.DateTimeField(auto_now_add=True)
+    
+    class Meta:
+        db_table = 'fingers_fingerprint'
+        verbose_name = 'Fingers 指纹'
+        verbose_name_plural = 'Fingers 指纹'
+        ordering = ['-created_at']
+        indexes = [
+            models.Index(fields=['name']),
+            models.Index(fields=['link']),
+            models.Index(fields=['focus']),
+            models.Index(fields=['-created_at']),
+        ]
+    
+    def __str__(self) -> str:
+        return f"{self.name}"
+
+
+class FingerPrintHubFingerprint(models.Model):
+    """FingerPrintHub 格式指纹规则 (fingerprinthub_web.json)
+    
+    基于 nuclei 模板格式，使用 HTTP 请求和响应特征进行匹配
+    """
+    
+    fp_id = models.CharField(max_length=200, unique=True, help_text='指纹ID')
+    name = models.CharField(max_length=300, help_text='指纹名称')
+    author = models.CharField(max_length=200, blank=True, default='', help_text='作者')
+    tags = models.CharField(max_length=500, blank=True, default='', help_text='标签')
+    severity = models.CharField(max_length=50, blank=True, default='info', help_text='严重程度')
+    metadata = models.JSONField(default=dict, blank=True, help_text='元数据')
+    http = models.JSONField(default=list, help_text='HTTP 匹配规则')
+    source_file = models.CharField(max_length=500, blank=True, default='', help_text='来源文件')
+    created_at = models.DateTimeField(auto_now_add=True)
+    
+    class Meta:
+        db_table = 'fingerprinthub_fingerprint'
+        verbose_name = 'FingerPrintHub 指纹'
+        verbose_name_plural = 'FingerPrintHub 指纹'
+        ordering = ['-created_at']
+        indexes = [
+            models.Index(fields=['fp_id']),
+            models.Index(fields=['name']),
+            models.Index(fields=['author']),
+            models.Index(fields=['severity']),
+            models.Index(fields=['-created_at']),
+        ]
+    
+    def __str__(self) -> str:
+        return f"{self.name} ({self.fp_id})"
+
+
+class ARLFingerprint(models.Model):
+    """ARL 格式指纹规则 (ARL.yaml)
+    
+    使用简单的 name + rule 表达式格式
+    """
+    
+    name = models.CharField(max_length=300, unique=True, help_text='指纹名称')
+    rule = models.TextField(help_text='匹配规则表达式')
+    created_at = models.DateTimeField(auto_now_add=True)
+    
+    class Meta:
+        db_table = 'arl_fingerprint'
+        verbose_name = 'ARL 指纹'
+        verbose_name_plural = 'ARL 指纹'
+        ordering = ['-created_at']
+        indexes = [
+            models.Index(fields=['name']),
+            models.Index(fields=['-created_at']),
+        ]
+    
+    def __str__(self) -> str:
+        return f"{self.name}"
--- a/backend/apps/engine/scheduler.py
+++ b/backend/apps/engine/scheduler.py
@@ -88,6 +88,8 @@ def _register_scheduled_jobs(scheduler: BackgroundScheduler):
        replace_existing=True,
    )
    logger.info("  - 已注册: 扫描结果清理（每天 03:00）")
+    
+    # 注意：搜索物化视图刷新已迁移到 pg_ivm 增量维护，无需定时任务


 def _trigger_scheduled_scans():
--- a/backend/apps/engine/serializers/fingerprints/init.py
+++ b/backend/apps/engine/serializers/fingerprints/init.py
@@ -6,9 +6,15 @@
 from .ehole import EholeFingerprintSerializer
 from .goby import GobyFingerprintSerializer
 from .wappalyzer import WappalyzerFingerprintSerializer
+from .fingers import FingersFingerprintSerializer
+from .fingerprinthub import FingerPrintHubFingerprintSerializer
+from .arl import ARLFingerprintSerializer

 __all__ = [
    "EholeFingerprintSerializer",
    "GobyFingerprintSerializer",
    "WappalyzerFingerprintSerializer",
+    "FingersFingerprintSerializer",
+    "FingerPrintHubFingerprintSerializer",
+    "ARLFingerprintSerializer",
 ]
--- a/backend/apps/engine/serializers/fingerprints/arl.py
+++ b/backend/apps/engine/serializers/fingerprints/arl.py
@@ -0,0 +1,31 @@
+"""ARL 指纹 Serializer"""
+
+from rest_framework import serializers
+
+from apps.engine.models import ARLFingerprint
+
+
+class ARLFingerprintSerializer(serializers.ModelSerializer):
+    """ARL 指纹序列化器
+    
+    字段映射:
+    - name: 指纹名称 (必填, 唯一)
+    - rule: 匹配规则表达式 (必填)
+    """
+    
+    class Meta:
+        model = ARLFingerprint
+        fields = ['id', 'name', 'rule', 'created_at']
+        read_only_fields = ['id', 'created_at']
+    
+    def validate_name(self, value):
+        """校验 name 字段"""
+        if not value or not value.strip():
+            raise serializers.ValidationError("name 字段不能为空")
+        return value.strip()
+    
+    def validate_rule(self, value):
+        """校验 rule 字段"""
+        if not value or not value.strip():
+            raise serializers.ValidationError("rule 字段不能为空")
+        return value.strip()
--- a/backend/apps/engine/serializers/fingerprints/fingerprinthub.py
+++ b/backend/apps/engine/serializers/fingerprints/fingerprinthub.py
@@ -0,0 +1,50 @@
+"""FingerPrintHub 指纹 Serializer"""
+
+from rest_framework import serializers
+
+from apps.engine.models import FingerPrintHubFingerprint
+
+
+class FingerPrintHubFingerprintSerializer(serializers.ModelSerializer):
+    """FingerPrintHub 指纹序列化器
+    
+    字段映射:
+    - fp_id: 指纹ID (必填, 唯一)
+    - name: 指纹名称 (必填)
+    - author: 作者 (可选)
+    - tags: 标签字符串 (可选)
+    - severity: 严重程度 (可选, 默认 'info')
+    - metadata: 元数据 JSON (可选)
+    - http: HTTP 匹配规则数组 (必填)
+    - source_file: 来源文件 (可选)
+    """
+    
+    class Meta:
+        model = FingerPrintHubFingerprint
+        fields = ['id', 'fp_id', 'name', 'author', 'tags', 'severity',
+                  'metadata', 'http', 'source_file', 'created_at']
+        read_only_fields = ['id', 'created_at']
+    
+    def validate_fp_id(self, value):
+        """校验 fp_id 字段"""
+        if not value or not value.strip():
+            raise serializers.ValidationError("fp_id 字段不能为空")
+        return value.strip()
+    
+    def validate_name(self, value):
+        """校验 name 字段"""
+        if not value or not value.strip():
+            raise serializers.ValidationError("name 字段不能为空")
+        return value.strip()
+    
+    def validate_http(self, value):
+        """校验 http 字段"""
+        if not isinstance(value, list):
+            raise serializers.ValidationError("http 必须是数组")
+        return value
+    
+    def validate_metadata(self, value):
+        """校验 metadata 字段"""
+        if not isinstance(value, dict):
+            raise serializers.ValidationError("metadata 必须是对象")
+        return value
--- a/backend/apps/engine/serializers/fingerprints/fingers.py
+++ b/backend/apps/engine/serializers/fingerprints/fingers.py
@@ -0,0 +1,48 @@
+"""Fingers 指纹 Serializer"""
+
+from rest_framework import serializers
+
+from apps.engine.models import FingersFingerprint
+
+
+class FingersFingerprintSerializer(serializers.ModelSerializer):
+    """Fingers 指纹序列化器
+    
+    字段映射:
+    - name: 指纹名称 (必填, 唯一)
+    - link: 相关链接 (可选)
+    - rule: 匹配规则数组 (必填)
+    - tag: 标签数组 (可选)
+    - focus: 是否重点关注 (可选, 默认 False)
+    - default_port: 默认端口数组 (可选)
+    """
+    
+    class Meta:
+        model = FingersFingerprint
+        fields = ['id', 'name', 'link', 'rule', 'tag', 'focus', 
+                  'default_port', 'created_at']
+        read_only_fields = ['id', 'created_at']
+    
+    def validate_name(self, value):
+        """校验 name 字段"""
+        if not value or not value.strip():
+            raise serializers.ValidationError("name 字段不能为空")
+        return value.strip()
+    
+    def validate_rule(self, value):
+        """校验 rule 字段"""
+        if not isinstance(value, list):
+            raise serializers.ValidationError("rule 必须是数组")
+        return value
+    
+    def validate_tag(self, value):
+        """校验 tag 字段"""
+        if not isinstance(value, list):
+            raise serializers.ValidationError("tag 必须是数组")
+        return value
+    
+    def validate_default_port(self, value):
+        """校验 default_port 字段"""
+        if not isinstance(value, list):
+            raise serializers.ValidationError("default_port 必须是数组")
+        return value
--- a/backend/apps/engine/services/deploy_service.py
+++ b/backend/apps/engine/services/deploy_service.py
@@ -66,6 +66,7 @@ def get_start_agent_script(
    # 替换变量
    script = script.replace("{{HEARTBEAT_API_URL}}", heartbeat_api_url or '')
    script = script.replace("{{WORKER_ID}}", str(worker_id) if worker_id else '')
+    script = script.replace("{{WORKER_API_KEY}}", getattr(settings, 'WORKER_API_KEY', ''))
    
    # 注入镜像版本配置（确保远程节点使用相同版本）
    docker_user = getattr(settings, 'DOCKER_USER', 'yyhuni')
--- a/backend/apps/engine/services/fingerprints/init.py
+++ b/backend/apps/engine/services/fingerprints/init.py
@@ -7,10 +7,16 @@ from .base import BaseFingerprintService
 from .ehole import EholeFingerprintService
 from .goby import GobyFingerprintService
 from .wappalyzer import WappalyzerFingerprintService
+from .fingers_service import FingersFingerprintService
+from .fingerprinthub_service import FingerPrintHubFingerprintService
+from .arl_service import ARLFingerprintService

 __all__ = [
    "BaseFingerprintService",
    "EholeFingerprintService",
    "GobyFingerprintService",
    "WappalyzerFingerprintService",
+    "FingersFingerprintService",
+    "FingerPrintHubFingerprintService",
+    "ARLFingerprintService",
 ]
--- a/backend/apps/engine/services/fingerprints/arl_service.py
+++ b/backend/apps/engine/services/fingerprints/arl_service.py
@@ -0,0 +1,110 @@
+"""ARL 指纹管理 Service
+
+实现 ARL 格式指纹的校验、转换和导出逻辑
+支持 YAML 格式的导入导出
+"""
+
+import logging
+import yaml
+
+from apps.engine.models import ARLFingerprint
+from .base import BaseFingerprintService
+
+logger = logging.getLogger(__name__)
+
+
+class ARLFingerprintService(BaseFingerprintService):
+    """ARL 指纹管理服务（继承基类，实现 ARL 特定逻辑）"""
+    
+    model = ARLFingerprint
+    
+    def validate_fingerprint(self, item: dict) -> bool:
+        """
+        校验单条 ARL 指纹
+        
+        校验规则：
+        - name 字段必须存在且非空
+        - rule 字段必须存在且非空
+        
+        Args:
+            item: 单条指纹数据
+            
+        Returns:
+            bool: 是否有效
+        """
+        name = item.get('name', '')
+        rule = item.get('rule', '')
+        return bool(name and str(name).strip()) and bool(rule and str(rule).strip())
+    
+    def to_model_data(self, item: dict) -> dict:
+        """
+        转换 ARL YAML 格式为 Model 字段
+        
+        Args:
+            item: 原始 ARL YAML 数据
+            
+        Returns:
+            dict: Model 字段数据
+        """
+        return {
+            'name': str(item.get('name', '')).strip(),
+            'rule': str(item.get('rule', '')).strip(),
+        }
+    
+    def get_export_data(self) -> list:
+        """
+        获取导出数据（ARL 格式 - 数组，用于 YAML 导出）
+        
+        Returns:
+            list: ARL 格式的数据（数组格式）
+            [
+                {"name": "...", "rule": "..."},
+                ...
+            ]
+        """
+        fingerprints = self.model.objects.all()
+        return [
+            {
+                'name': fp.name,
+                'rule': fp.rule,
+            }
+            for fp in fingerprints
+        ]
+    
+    def export_to_yaml(self, output_path: str) -> int:
+        """
+        导出所有指纹到 YAML 文件
+        
+        Args:
+            output_path: 输出文件路径
+            
+        Returns:
+            int: 导出的指纹数量
+        """
+        data = self.get_export_data()
+        with open(output_path, 'w', encoding='utf-8') as f:
+            yaml.dump(data, f, allow_unicode=True, default_flow_style=False, sort_keys=False)
+        count = len(data)
+        logger.info("导出 ARL 指纹文件: %s, 数量: %d", output_path, count)
+        return count
+    
+    def parse_yaml_import(self, yaml_content: str) -> list:
+        """
+        解析 YAML 格式的导入内容
+        
+        Args:
+            yaml_content: YAML 格式的字符串内容
+            
+        Returns:
+            list: 解析后的指纹数据列表
+            
+        Raises:
+            ValueError: 当 YAML 格式无效时
+        """
+        try:
+            data = yaml.safe_load(yaml_content)
+            if not isinstance(data, list):
+                raise ValueError("ARL YAML 文件必须是数组格式")
+            return data
+        except yaml.YAMLError as e:
+            raise ValueError(f"无效的 YAML 格式: {e}")
--- a/backend/apps/engine/services/fingerprints/fingerprinthub_service.py
+++ b/backend/apps/engine/services/fingerprints/fingerprinthub_service.py
@@ -0,0 +1,110 @@
+"""FingerPrintHub 指纹管理 Service
+
+实现 FingerPrintHub 格式指纹的校验、转换和导出逻辑
+"""
+
+from apps.engine.models import FingerPrintHubFingerprint
+from .base import BaseFingerprintService
+
+
+class FingerPrintHubFingerprintService(BaseFingerprintService):
+    """FingerPrintHub 指纹管理服务（继承基类，实现 FingerPrintHub 特定逻辑）"""
+    
+    model = FingerPrintHubFingerprint
+    
+    def validate_fingerprint(self, item: dict) -> bool:
+        """
+        校验单条 FingerPrintHub 指纹
+        
+        校验规则：
+        - id 字段必须存在且非空
+        - info 字段必须存在且包含 name
+        - http 字段必须是数组
+        
+        Args:
+            item: 单条指纹数据
+            
+        Returns:
+            bool: 是否有效
+        """
+        fp_id = item.get('id', '')
+        info = item.get('info', {})
+        http = item.get('http')
+        
+        if not fp_id or not str(fp_id).strip():
+            return False
+        if not isinstance(info, dict) or not info.get('name'):
+            return False
+        if not isinstance(http, list):
+            return False
+        
+        return True
+    
+    def to_model_data(self, item: dict) -> dict:
+        """
+        转换 FingerPrintHub JSON 格式为 Model 字段
+        
+        字段映射（嵌套结构转扁平）：
+        - id (JSON) → fp_id (Model)
+        - info.name (JSON) → name (Model)
+        - info.author (JSON) → author (Model)
+        - info.tags (JSON) → tags (Model)
+        - info.severity (JSON) → severity (Model)
+        - info.metadata (JSON) → metadata (Model)
+        - http (JSON) → http (Model)
+        - _source_file (JSON) → source_file (Model)
+        
+        Args:
+            item: 原始 FingerPrintHub JSON 数据
+            
+        Returns:
+            dict: Model 字段数据
+        """
+        info = item.get('info', {})
+        return {
+            'fp_id': str(item.get('id', '')).strip(),
+            'name': str(info.get('name', '')).strip(),
+            'author': info.get('author', ''),
+            'tags': info.get('tags', ''),
+            'severity': info.get('severity', 'info'),
+            'metadata': info.get('metadata', {}),
+            'http': item.get('http', []),
+            'source_file': item.get('_source_file', ''),
+        }
+    
+    def get_export_data(self) -> list:
+        """
+        获取导出数据（FingerPrintHub JSON 格式 - 数组）
+        
+        Returns:
+            list: FingerPrintHub 格式的 JSON 数据（数组格式）
+            [
+                {
+                    "id": "...",
+                    "info": {"name": "...", "author": "...", "tags": "...", 
+                             "severity": "...", "metadata": {...}},
+                    "http": [...],
+                    "_source_file": "..."
+                },
+                ...
+            ]
+        """
+        fingerprints = self.model.objects.all()
+        data = []
+        for fp in fingerprints:
+            item = {
+                'id': fp.fp_id,
+                'info': {
+                    'name': fp.name,
+                    'author': fp.author,
+                    'tags': fp.tags,
+                    'severity': fp.severity,
+                    'metadata': fp.metadata,
+                },
+                'http': fp.http,
+            }
+            # 只有当 source_file 非空时才添加该字段
+            if fp.source_file:
+                item['_source_file'] = fp.source_file
+            data.append(item)
+        return data
--- a/backend/apps/engine/services/fingerprints/fingers_service.py
+++ b/backend/apps/engine/services/fingerprints/fingers_service.py
@@ -0,0 +1,83 @@
+"""Fingers 指纹管理 Service
+
+实现 Fingers 格式指纹的校验、转换和导出逻辑
+"""
+
+from apps.engine.models import FingersFingerprint
+from .base import BaseFingerprintService
+
+
+class FingersFingerprintService(BaseFingerprintService):
+    """Fingers 指纹管理服务（继承基类，实现 Fingers 特定逻辑）"""
+    
+    model = FingersFingerprint
+    
+    def validate_fingerprint(self, item: dict) -> bool:
+        """
+        校验单条 Fingers 指纹
+        
+        校验规则：
+        - name 字段必须存在且非空
+        - rule 字段必须是数组
+        
+        Args:
+            item: 单条指纹数据
+            
+        Returns:
+            bool: 是否有效
+        """
+        name = item.get('name', '')
+        rule = item.get('rule')
+        return bool(name and str(name).strip()) and isinstance(rule, list)
+    
+    def to_model_data(self, item: dict) -> dict:
+        """
+        转换 Fingers JSON 格式为 Model 字段
+        
+        字段映射：
+        - default_port (JSON) → default_port (Model)
+        
+        Args:
+            item: 原始 Fingers JSON 数据
+            
+        Returns:
+            dict: Model 字段数据
+        """
+        return {
+            'name': str(item.get('name', '')).strip(),
+            'link': item.get('link', ''),
+            'rule': item.get('rule', []),
+            'tag': item.get('tag', []),
+            'focus': item.get('focus', False),
+            'default_port': item.get('default_port', []),
+        }
+    
+    def get_export_data(self) -> list:
+        """
+        获取导出数据（Fingers JSON 格式 - 数组）
+        
+        Returns:
+            list: Fingers 格式的 JSON 数据（数组格式）
+            [
+                {"name": "...", "link": "...", "rule": [...], "tag": [...], 
+                 "focus": false, "default_port": [...]},
+                ...
+            ]
+        """
+        fingerprints = self.model.objects.all()
+        data = []
+        for fp in fingerprints:
+            item = {
+                'name': fp.name,
+                'link': fp.link,
+                'rule': fp.rule,
+                'tag': fp.tag,
+            }
+            # 只有当 focus 为 True 时才添加该字段（保持与原始格式一致）
+            if fp.focus:
+                item['focus'] = fp.focus
+            # 只有当 default_port 非空时才添加该字段
+            if fp.default_port:
+                item['default_port'] = fp.default_port
+            data.append(item)
+        return data
--- a/backend/apps/engine/services/nuclei_template_repo_service.py
+++ b/backend/apps/engine/services/nuclei_template_repo_service.py
@@ -186,7 +186,6 @@ class NucleiTemplateRepoService:
            RuntimeError: Git 命令执行失败
        """
        import subprocess
-        from apps.common.utils.git_proxy import get_git_proxy_url

        obj = self._get_repo_obj(repo_id)

@@ -197,14 +196,12 @@ class NucleiTemplateRepoService:
        cmd: List[str]
        action: str

-        # 获取代理后的 URL（如果启用了 Git 加速）
-        proxied_url = get_git_proxy_url(obj.repo_url)
-        if proxied_url != obj.repo_url:
-            logger.info("使用 Git 加速: %s -> %s", obj.repo_url, proxied_url)
+        # 直接使用原始 URL（不再使用 Git 加速）
+        repo_url = obj.repo_url

        # 判断是 clone 还是 pull
        if git_dir.is_dir():
-            # 检查远程地址是否变化（比较原始 URL，不是代理 URL）
+            # 检查远程地址是否变化
            current_remote = subprocess.run(
                ["git", "-C", str(local_path), "remote", "get-url", "origin"],
                check=False,
@@ -214,13 +211,13 @@ class NucleiTemplateRepoService:
            )
            current_url = current_remote.stdout.strip() if current_remote.returncode == 0 else ""
            
-            # 检查是否需要重新 clone（原始 URL 或代理 URL 变化都需要）
-            if current_url not in [obj.repo_url, proxied_url]:
+            # 检查是否需要重新 clone
+            if current_url != repo_url:
                # 远程地址变化，删除旧目录重新 clone
-                logger.info("nuclei 模板仓库 %s 远程地址变化，重新 clone: %s -> %s", obj.id, current_url, obj.repo_url)
+                logger.info("nuclei 模板仓库 %s 远程地址变化，重新 clone: %s -> %s", obj.id, current_url, repo_url)
                shutil.rmtree(local_path)
                local_path.mkdir(parents=True, exist_ok=True)
-                cmd = ["git", "clone", "--depth", "1", proxied_url, str(local_path)]
+                cmd = ["git", "clone", "--depth", "1", repo_url, str(local_path)]
                action = "clone"
            else:
                # 已有仓库且地址未变，执行 pull
@@ -231,7 +228,7 @@ class NucleiTemplateRepoService:
            if local_path.exists() and not local_path.is_dir():
                raise RuntimeError(f"本地路径已存在且不是目录: {local_path}")
            # --depth 1 浅克隆，只获取最新提交，节省空间和时间
-            cmd = ["git", "clone", "--depth", "1", proxied_url, str(local_path)]
+            cmd = ["git", "clone", "--depth", "1", repo_url, str(local_path)]
            action = "clone"

        # 执行 Git 命令
--- a/backend/apps/engine/services/task_distributor.py
+++ b/backend/apps/engine/services/task_distributor.py
@@ -274,7 +274,7 @@ class TaskDistributor:
            network_arg = ""
            server_url = f"https://{settings.PUBLIC_HOST}:{settings.PUBLIC_PORT}"
        
-        # 挂载路径（统一挂载 /opt/xingrin）
+        # 挂载路径（统一挂载 /opt/xingrin，扫描工具在 /opt/xingrin-tools/bin 不受影响）
        host_xingrin_dir = "/opt/xingrin"
        
        # 环境变量：SERVER_URL + IS_LOCAL，其他配置容器启动时从配置中心获取
@@ -284,6 +284,7 @@ class TaskDistributor:
        env_vars = [
            f"-e SERVER_URL={shlex.quote(server_url)}",
            f"-e IS_LOCAL={is_local_str}",
+            f"-e WORKER_API_KEY={shlex.quote(settings.WORKER_API_KEY)}",  # Worker API 认证密钥
            "-e PREFECT_HOME=/tmp/.prefect",  # 设置 Prefect 数据目录到可写位置
            "-e PREFECT_SERVER_EPHEMERAL_ENABLED=true",  # 启用 ephemeral server（本地临时服务器）
            "-e PREFECT_SERVER_EPHEMERAL_STARTUP_TIMEOUT_SECONDS=120",  # 增加启动超时时间
@@ -311,11 +312,10 @@ class TaskDistributor:
        # - 本地 Worker：install.sh 已预拉取镜像，直接使用本地版本
        # - 远程 Worker：deploy 时已预拉取镜像，直接使用本地版本
        # - 避免每次任务都检查 Docker Hub，提升性能和稳定性
-        # 使用双引号包裹 sh -c 命令，内部 shlex.quote 生成的单引号参数可正确解析
-        cmd = f'''docker run --rm -d --pull=missing {network_arg} \
-            {' '.join(env_vars)} \
-            {' '.join(volumes)} \
-            {self.docker_image} \
+        cmd = f'''docker run --rm -d --pull=missing {network_arg} \\
+            {' '.join(env_vars)} \\
+            {' '.join(volumes)} \\
+            {self.docker_image} \\
            sh -c "{inner_cmd}"'''
        
        return cmd
--- a/backend/apps/engine/urls.py
+++ b/backend/apps/engine/urls.py
@@ -11,6 +11,9 @@ from .views.fingerprints import (
    EholeFingerprintViewSet,
    GobyFingerprintViewSet,
    WappalyzerFingerprintViewSet,
+    FingersFingerprintViewSet,
+    FingerPrintHubFingerprintViewSet,
+    ARLFingerprintViewSet,
 )


@@ -24,6 +27,9 @@ router.register(r"nuclei/repos", NucleiTemplateRepoViewSet, basename="nuclei-rep
 router.register(r"fingerprints/ehole", EholeFingerprintViewSet, basename="ehole-fingerprint")
 router.register(r"fingerprints/goby", GobyFingerprintViewSet, basename="goby-fingerprint")
 router.register(r"fingerprints/wappalyzer", WappalyzerFingerprintViewSet, basename="wappalyzer-fingerprint")
+router.register(r"fingerprints/fingers", FingersFingerprintViewSet, basename="fingers-fingerprint")
+router.register(r"fingerprints/fingerprinthub", FingerPrintHubFingerprintViewSet, basename="fingerprinthub-fingerprint")
+router.register(r"fingerprints/arl", ARLFingerprintViewSet, basename="arl-fingerprint")

 urlpatterns = [
    path("", include(router.urls)),
--- a/backend/apps/engine/views/fingerprints/init.py
+++ b/backend/apps/engine/views/fingerprints/init.py
@@ -7,10 +7,16 @@ from .base import BaseFingerprintViewSet
 from .ehole import EholeFingerprintViewSet
 from .goby import GobyFingerprintViewSet
 from .wappalyzer import WappalyzerFingerprintViewSet
+from .fingers import FingersFingerprintViewSet
+from .fingerprinthub import FingerPrintHubFingerprintViewSet
+from .arl import ARLFingerprintViewSet

 __all__ = [
    "BaseFingerprintViewSet",
    "EholeFingerprintViewSet",
    "GobyFingerprintViewSet",
    "WappalyzerFingerprintViewSet",
+    "FingersFingerprintViewSet",
+    "FingerPrintHubFingerprintViewSet",
+    "ARLFingerprintViewSet",
 ]
--- a/backend/apps/engine/views/fingerprints/arl.py
+++ b/backend/apps/engine/views/fingerprints/arl.py
@@ -0,0 +1,122 @@
+"""ARL 指纹管理 ViewSet"""
+
+import yaml
+from django.http import HttpResponse
+from rest_framework.decorators import action
+from rest_framework.exceptions import ValidationError
+
+from apps.common.pagination import BasePagination
+from apps.common.response_helpers import success_response
+from apps.engine.models import ARLFingerprint
+from apps.engine.serializers.fingerprints import ARLFingerprintSerializer
+from apps.engine.services.fingerprints import ARLFingerprintService
+
+from .base import BaseFingerprintViewSet
+
+
+class ARLFingerprintViewSet(BaseFingerprintViewSet):
+    """ARL 指纹管理 ViewSet
+    
+    继承自 BaseFingerprintViewSet，提供以下 API：
+    
+    标准 CRUD（ModelViewSet）：
+    - GET    /                  列表查询（分页）
+    - POST   /                  创建单条
+    - GET    /{id}/             获取详情
+    - PUT    /{id}/             更新
+    - DELETE /{id}/             删除
+    
+    批量操作（继承自基类）：
+    - POST   /batch_create/     批量创建（JSON body）
+    - POST   /import_file/      文件导入（multipart/form-data，支持 YAML）
+    - POST   /bulk-delete/      批量删除
+    - POST   /delete-all/       删除所有
+    - GET    /export/           导出下载（YAML 格式）
+    
+    智能过滤语法（filter 参数）：
+    - name="word"        模糊匹配 name 字段
+    - name=="WordPress"  精确匹配
+    - rule="body="       按规则内容筛选
+    """
+    
+    queryset = ARLFingerprint.objects.all()
+    serializer_class = ARLFingerprintSerializer
+    pagination_class = BasePagination
+    service_class = ARLFingerprintService
+    
+    # 排序配置
+    ordering_fields = ['created_at', 'name']
+    ordering = ['-created_at']
+    
+    # ARL 过滤字段映射
+    FILTER_FIELD_MAPPING = {
+        'name': 'name',
+        'rule': 'rule',
+    }
+    
+    def parse_import_data(self, json_data) -> list:
+        """
+        解析 ARL 格式的导入数据（JSON 格式）
+        
+        输入格式：[{...}, {...}] 数组格式
+        返回：指纹列表
+        """
+        if isinstance(json_data, list):
+            return json_data
+        return []
+    
+    def get_export_filename(self) -> str:
+        """导出文件名"""
+        return 'ARL.yaml'
+    
+    @action(detail=False, methods=['post'])
+    def import_file(self, request):
+        """
+        文件导入（支持 YAML 和 JSON 格式）
+        POST /api/engine/fingerprints/arl/import_file/
+        
+        请求格式：multipart/form-data
+        - file: YAML 或 JSON 文件
+        
+        返回：同 batch_create
+        """
+        file = request.FILES.get('file')
+        if not file:
+            raise ValidationError('缺少文件')
+        
+        filename = file.name.lower()
+        content = file.read().decode('utf-8')
+        
+        try:
+            if filename.endswith('.yaml') or filename.endswith('.yml'):
+                # YAML 格式
+                fingerprints = yaml.safe_load(content)
+            else:
+                # JSON 格式
+                import json
+                fingerprints = json.loads(content)
+        except (yaml.YAMLError, json.JSONDecodeError) as e:
+            raise ValidationError(f'无效的文件格式: {e}')
+        
+        if not isinstance(fingerprints, list):
+            raise ValidationError('文件内容必须是数组格式')
+        
+        if not fingerprints:
+            raise ValidationError('文件中没有有效的指纹数据')
+        
+        result = self.get_service().batch_create_fingerprints(fingerprints)
+        return success_response(data=result)
+    
+    @action(detail=False, methods=['get'])
+    def export(self, request):
+        """
+        导出指纹（YAML 格式）
+        GET /api/engine/fingerprints/arl/export/
+        
+        返回：YAML 文件下载
+        """
+        data = self.get_service().get_export_data()
+        content = yaml.dump(data, allow_unicode=True, default_flow_style=False, sort_keys=False)
+        response = HttpResponse(content, content_type='application/x-yaml')
+        response['Content-Disposition'] = f'attachment; filename="{self.get_export_filename()}"'
+        return response
--- a/backend/apps/engine/views/fingerprints/base.py
+++ b/backend/apps/engine/views/fingerprints/base.py
@@ -13,6 +13,7 @@ from rest_framework.response import Response
 from rest_framework.exceptions import ValidationError

 from apps.common.pagination import BasePagination
+from apps.common.response_helpers import success_response
 from apps.common.utils.filter_utils import apply_filters

 logger = logging.getLogger(__name__)
@@ -129,7 +130,7 @@ class BaseFingerprintViewSet(viewsets.ModelViewSet):
            raise ValidationError('fingerprints 必须是数组')
        
        result = self.get_service().batch_create_fingerprints(fingerprints)
-        return Response(result, status=status.HTTP_201_CREATED)
+        return success_response(data=result, status_code=status.HTTP_201_CREATED)
    
    @action(detail=False, methods=['post'])
    def import_file(self, request):
@@ -156,7 +157,7 @@ class BaseFingerprintViewSet(viewsets.ModelViewSet):
            raise ValidationError('文件中没有有效的指纹数据')
        
        result = self.get_service().batch_create_fingerprints(fingerprints)
-        return Response(result, status=status.HTTP_201_CREATED)
+        return success_response(data=result, status_code=status.HTTP_201_CREATED)
    
    @action(detail=False, methods=['post'], url_path='bulk-delete')
    def bulk_delete(self, request):
@@ -174,7 +175,7 @@ class BaseFingerprintViewSet(viewsets.ModelViewSet):
            raise ValidationError('ids 必须是数组')
        
        deleted_count = self.queryset.model.objects.filter(id__in=ids).delete()[0]
-        return Response({'deleted': deleted_count})
+        return success_response(data={'deleted': deleted_count})
    
    @action(detail=False, methods=['post'], url_path='delete-all')
    def delete_all(self, request):
@@ -185,7 +186,7 @@ class BaseFingerprintViewSet(viewsets.ModelViewSet):
        返回：{"deleted": 1000}
        """
        deleted_count = self.queryset.model.objects.all().delete()[0]
-        return Response({'deleted': deleted_count})
+        return success_response(data={'deleted': deleted_count})
    
    @action(detail=False, methods=['get'])
    def export(self, request):
--- a/backend/apps/engine/views/fingerprints/fingerprinthub.py
+++ b/backend/apps/engine/views/fingerprints/fingerprinthub.py
@@ -0,0 +1,73 @@
+"""FingerPrintHub 指纹管理 ViewSet"""
+
+from apps.common.pagination import BasePagination
+from apps.engine.models import FingerPrintHubFingerprint
+from apps.engine.serializers.fingerprints import FingerPrintHubFingerprintSerializer
+from apps.engine.services.fingerprints import FingerPrintHubFingerprintService
+
+from .base import BaseFingerprintViewSet
+
+
+class FingerPrintHubFingerprintViewSet(BaseFingerprintViewSet):
+    """FingerPrintHub 指纹管理 ViewSet
+    
+    继承自 BaseFingerprintViewSet，提供以下 API：
+    
+    标准 CRUD（ModelViewSet）：
+    - GET    /                  列表查询（分页）
+    - POST   /                  创建单条
+    - GET    /{id}/             获取详情
+    - PUT    /{id}/             更新
+    - DELETE /{id}/             删除
+    
+    批量操作（继承自基类）：
+    - POST   /batch_create/     批量创建（JSON body）
+    - POST   /import_file/      文件导入（multipart/form-data）
+    - POST   /bulk-delete/      批量删除
+    - POST   /delete-all/       删除所有
+    - GET    /export/           导出下载
+    
+    智能过滤语法（filter 参数）：
+    - name="word"        模糊匹配 name 字段
+    - fp_id=="xxx"       精确匹配指纹ID
+    - author="xxx"       按作者筛选
+    - severity="info"    按严重程度筛选
+    - tags="cms"         按标签筛选
+    """
+    
+    queryset = FingerPrintHubFingerprint.objects.all()
+    serializer_class = FingerPrintHubFingerprintSerializer
+    pagination_class = BasePagination
+    service_class = FingerPrintHubFingerprintService
+    
+    # 排序配置
+    ordering_fields = ['created_at', 'name', 'severity']
+    ordering = ['-created_at']
+    
+    # FingerPrintHub 过滤字段映射
+    FILTER_FIELD_MAPPING = {
+        'fp_id': 'fp_id',
+        'name': 'name',
+        'author': 'author',
+        'tags': 'tags',
+        'severity': 'severity',
+        'source_file': 'source_file',
+    }
+    
+    # JSON 数组字段（使用 __contains 查询）
+    JSON_ARRAY_FIELDS = ['http']
+    
+    def parse_import_data(self, json_data) -> list:
+        """
+        解析 FingerPrintHub JSON 格式的导入数据
+        
+        输入格式：[{...}, {...}] 数组格式
+        返回：指纹列表
+        """
+        if isinstance(json_data, list):
+            return json_data
+        return []
+    
+    def get_export_filename(self) -> str:
+        """导出文件名"""
+        return 'fingerprinthub_web.json'
--- a/backend/apps/engine/views/fingerprints/fingers.py
+++ b/backend/apps/engine/views/fingerprints/fingers.py
@@ -0,0 +1,69 @@
+"""Fingers 指纹管理 ViewSet"""
+
+from apps.common.pagination import BasePagination
+from apps.engine.models import FingersFingerprint
+from apps.engine.serializers.fingerprints import FingersFingerprintSerializer
+from apps.engine.services.fingerprints import FingersFingerprintService
+
+from .base import BaseFingerprintViewSet
+
+
+class FingersFingerprintViewSet(BaseFingerprintViewSet):
+    """Fingers 指纹管理 ViewSet
+    
+    继承自 BaseFingerprintViewSet，提供以下 API：
+    
+    标准 CRUD（ModelViewSet）：
+    - GET    /                  列表查询（分页）
+    - POST   /                  创建单条
+    - GET    /{id}/             获取详情
+    - PUT    /{id}/             更新
+    - DELETE /{id}/             删除
+    
+    批量操作（继承自基类）：
+    - POST   /batch_create/     批量创建（JSON body）
+    - POST   /import_file/      文件导入（multipart/form-data）
+    - POST   /bulk-delete/      批量删除
+    - POST   /delete-all/       删除所有
+    - GET    /export/           导出下载
+    
+    智能过滤语法（filter 参数）：
+    - name="word"        模糊匹配 name 字段
+    - name=="WordPress"  精确匹配
+    - tag="cms"          按标签筛选
+    - focus="true"       按重点关注筛选
+    """
+    
+    queryset = FingersFingerprint.objects.all()
+    serializer_class = FingersFingerprintSerializer
+    pagination_class = BasePagination
+    service_class = FingersFingerprintService
+    
+    # 排序配置
+    ordering_fields = ['created_at', 'name']
+    ordering = ['-created_at']
+    
+    # Fingers 过滤字段映射
+    FILTER_FIELD_MAPPING = {
+        'name': 'name',
+        'link': 'link',
+        'focus': 'focus',
+    }
+    
+    # JSON 数组字段（使用 __contains 查询）
+    JSON_ARRAY_FIELDS = ['tag', 'rule', 'default_port']
+    
+    def parse_import_data(self, json_data) -> list:
+        """
+        解析 Fingers JSON 格式的导入数据
+        
+        输入格式：[{...}, {...}] 数组格式
+        返回：指纹列表
+        """
+        if isinstance(json_data, list):
+            return json_data
+        return []
+    
+    def get_export_filename(self) -> str:
+        """导出文件名"""
+        return 'fingers_http.json'
--- a/backend/apps/engine/views/nuclei_template_repo_views.py
+++ b/backend/apps/engine/views/nuclei_template_repo_views.py
@@ -31,6 +31,8 @@ from rest_framework.decorators import action
 from rest_framework.request import Request
 from rest_framework.response import Response

+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
 from apps.engine.models import NucleiTemplateRepo
 from apps.engine.serializers import NucleiTemplateRepoSerializer
 from apps.engine.services import NucleiTemplateRepoService
@@ -107,18 +109,30 @@ class NucleiTemplateRepoViewSet(viewsets.ModelViewSet):
        try:
            repo_id = int(pk) if pk is not None else None
        except (TypeError, ValueError):
-            return Response({"message": "无效的仓库 ID"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Invalid repository ID',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        # 调用 Service 层
        try:
            result = self.service.refresh_repo(repo_id)
        except ValidationError as exc:
-            return Response({"message": str(exc)}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(exc),
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
        except Exception as exc:  # noqa: BLE001
            logger.error("刷新 Nuclei 模板仓库失败: %s", exc, exc_info=True)
-            return Response({"message": f"刷新仓库失败: {exc}"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message=f'Refresh failed: {exc}',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )

-        return Response({"message": "刷新成功", "result": result}, status=status.HTTP_200_OK)
+        return success_response(data={'result': result})

    # ==================== 自定义 Action: 模板只读浏览 ====================

@@ -142,18 +156,30 @@ class NucleiTemplateRepoViewSet(viewsets.ModelViewSet):
        try:
            repo_id = int(pk) if pk is not None else None
        except (TypeError, ValueError):
-            return Response({"message": "无效的仓库 ID"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Invalid repository ID',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        # 调用 Service 层，仅从当前本地目录读取目录树
        try:
            roots = self.service.get_template_tree(repo_id)
        except ValidationError as exc:
-            return Response({"message": str(exc)}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(exc),
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
        except Exception as exc:  # noqa: BLE001
            logger.error("获取 Nuclei 模板目录树失败: %s", exc, exc_info=True)
-            return Response({"message": "获取模板目录树失败"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Failed to get template tree',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )

-        return Response({"roots": roots})
+        return success_response(data={'roots': roots})

    @action(detail=True, methods=["get"], url_path="templates/content")
    def templates_content(self, request: Request, pk: str | None = None) -> Response:
@@ -174,23 +200,43 @@ class NucleiTemplateRepoViewSet(viewsets.ModelViewSet):
        try:
            repo_id = int(pk) if pk is not None else None
        except (TypeError, ValueError):
-            return Response({"message": "无效的仓库 ID"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Invalid repository ID',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        # 解析 path 参数
        rel_path = (request.query_params.get("path", "") or "").strip()
        if not rel_path:
-            return Response({"message": "缺少 path 参数"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Missing path parameter',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        # 调用 Service 层
        try:
            result = self.service.get_template_content(repo_id, rel_path)
        except ValidationError as exc:
-            return Response({"message": str(exc)}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(exc),
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
        except Exception as exc:  # noqa: BLE001
            logger.error("获取 Nuclei 模板内容失败: %s", exc, exc_info=True)
-            return Response({"message": "获取模板内容失败"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Failed to get template content',
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )

        # 文件不存在
        if result is None:
-            return Response({"message": "模板不存在或无法读取"}, status=status.HTTP_404_NOT_FOUND)
-        return Response(result)
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='Template not found or unreadable',
+                status_code=status.HTTP_404_NOT_FOUND
+            )
+        return success_response(data=result)
--- a/backend/apps/engine/views/wordlist_views.py
+++ b/backend/apps/engine/views/wordlist_views.py
@@ -9,6 +9,8 @@ from rest_framework.decorators import action
 from rest_framework.response import Response

 from apps.common.pagination import BasePagination
+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
 from apps.engine.serializers.wordlist_serializer import WordlistSerializer
 from apps.engine.services.wordlist_service import WordlistService

@@ -46,7 +48,11 @@ class WordlistViewSet(viewsets.ViewSet):
        uploaded_file = request.FILES.get("file")

        if not uploaded_file:
-            return Response({"error": "缺少字典文件"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Missing wordlist file',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        try:
            wordlist = self.service.create_wordlist(
@@ -55,21 +61,32 @@ class WordlistViewSet(viewsets.ViewSet):
                uploaded_file=uploaded_file,
            )
        except ValidationError as exc:
-            return Response({"error": str(exc)}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(exc),
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        serializer = WordlistSerializer(wordlist)
-        return Response(serializer.data, status=status.HTTP_201_CREATED)
+        return success_response(data=serializer.data, status_code=status.HTTP_201_CREATED)

    def destroy(self, request, pk=None):
        """删除字典记录"""
        try:
            wordlist_id = int(pk)
        except (TypeError, ValueError):
-            return Response({"error": "无效的 ID"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Invalid ID',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        success = self.service.delete_wordlist(wordlist_id)
        if not success:
-            return Response({"error": "字典不存在"}, status=status.HTTP_404_NOT_FOUND)
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                status_code=status.HTTP_404_NOT_FOUND
+            )

        return Response(status=status.HTTP_204_NO_CONTENT)

@@ -82,15 +99,27 @@ class WordlistViewSet(viewsets.ViewSet):
        """
        name = (request.query_params.get("wordlist", "") or "").strip()
        if not name:
-            return Response({"error": "缺少参数 wordlist"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Missing parameter: wordlist',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        wordlist = self.service.get_wordlist_by_name(name)
        if not wordlist:
-            return Response({"error": "字典不存在"}, status=status.HTTP_404_NOT_FOUND)
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='Wordlist not found',
+                status_code=status.HTTP_404_NOT_FOUND
+            )

        file_path = wordlist.file_path
        if not file_path or not os.path.exists(file_path):
-            return Response({"error": "字典文件不存在"}, status=status.HTTP_404_NOT_FOUND)
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message='Wordlist file not found',
+                status_code=status.HTTP_404_NOT_FOUND
+            )

        filename = os.path.basename(file_path)
        response = FileResponse(open(file_path, "rb"), as_attachment=True, filename=filename)
@@ -106,22 +135,38 @@ class WordlistViewSet(viewsets.ViewSet):
        try:
            wordlist_id = int(pk)
        except (TypeError, ValueError):
-            return Response({"error": "无效的 ID"}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Invalid ID',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )

        if request.method == "GET":
            content = self.service.get_wordlist_content(wordlist_id)
            if content is None:
-                return Response({"error": "字典不存在或文件无法读取"}, status=status.HTTP_404_NOT_FOUND)
-            return Response({"content": content})
+                return error_response(
+                    code=ErrorCodes.NOT_FOUND,
+                    message='Wordlist not found or file unreadable',
+                    status_code=status.HTTP_404_NOT_FOUND
+                )
+            return success_response(data={"content": content})

        elif request.method == "PUT":
            content = request.data.get("content")
            if content is None:
-                return Response({"error": "缺少 content 参数"}, status=status.HTTP_400_BAD_REQUEST)
+                return error_response(
+                    code=ErrorCodes.VALIDATION_ERROR,
+                    message='Missing content parameter',
+                    status_code=status.HTTP_400_BAD_REQUEST
+                )

            wordlist = self.service.update_wordlist_content(wordlist_id, content)
            if not wordlist:
-                return Response({"error": "字典不存在或更新失败"}, status=status.HTTP_404_NOT_FOUND)
+                return error_response(
+                    code=ErrorCodes.NOT_FOUND,
+                    message='Wordlist not found or update failed',
+                    status_code=status.HTTP_404_NOT_FOUND
+                )

            serializer = WordlistSerializer(wordlist)
-            return Response(serializer.data)
+            return success_response(data=serializer.data)
--- a/backend/apps/engine/views/worker_views.py
+++ b/backend/apps/engine/views/worker_views.py
@@ -9,6 +9,8 @@ from rest_framework import viewsets, status
 from rest_framework.decorators import action
 from rest_framework.response import Response

+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
 from apps.engine.serializers import WorkerNodeSerializer
 from apps.engine.services import WorkerService
 from apps.common.signals import worker_delete_failed
@@ -111,9 +113,8 @@ class WorkerNodeViewSet(viewsets.ModelViewSet):
        threading.Thread(target=_async_remote_uninstall, daemon=True).start()
        
        # 3. 立即返回成功
-        return Response(
-            {"message": f"节点 {worker_name} 已删除"},
-            status=status.HTTP_200_OK
+        return success_response(
+            data={'name': worker_name}
        )
    
    @action(detail=True, methods=['post'])
@@ -190,11 +191,13 @@ class WorkerNodeViewSet(viewsets.ModelViewSet):
                    worker.status = 'online'
                    worker.save(update_fields=['status'])
        
-        return Response({
-            'status': 'ok',
-            'need_update': need_update,
-            'server_version': server_version
-        })
+        return success_response(
+            data={
+                'status': 'ok',
+                'needUpdate': need_update,
+                'serverVersion': server_version
+            }
+        )
    
    def _trigger_remote_agent_update(self, worker, target_version: str):
        """
@@ -304,9 +307,10 @@ class WorkerNodeViewSet(viewsets.ModelViewSet):
        is_local = request.data.get('is_local', True)
        
        if not name:
-            return Response(
-                {'error': '缺少 name 参数'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Missing name parameter',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        worker, created = self.worker_service.register_worker(
@@ -314,11 +318,13 @@ class WorkerNodeViewSet(viewsets.ModelViewSet):
            is_local=is_local
        )
        
-        return Response({
-            'worker_id': worker.id,
-            'name': worker.name,
-            'created': created
-        })
+        return success_response(
+            data={
+                'workerId': worker.id,
+                'name': worker.name,
+                'created': created
+            }
+        )
    
    @action(detail=False, methods=['get'])
    def config(self, request):
@@ -334,13 +340,12 @@ class WorkerNodeViewSet(viewsets.ModelViewSet):
        返回:
        {
            "db": {"host": "...", "port": "...", ...},
-            "redisUrl": "...",
            "paths": {"results": "...", "logs": "..."}
        }
        
        配置逻辑:
-            - 本地 Worker (is_local=true): db_host=postgres, redis=redis:6379
-            - 远程 Worker (is_local=false): db_host=PUBLIC_HOST, redis=PUBLIC_HOST:6379
+            - 本地 Worker (is_local=true): db_host=postgres
+            - 远程 Worker (is_local=false): db_host=PUBLIC_HOST
        """
        from django.conf import settings
        import logging
@@ -365,39 +370,35 @@ class WorkerNodeViewSet(viewsets.ModelViewSet):
            if is_local_worker:
                # 本地 Worker：直接用 Docker 内部服务名
                worker_db_host = 'postgres'
-                worker_redis_url = 'redis://redis:6379/0'
            else:
                # 远程 Worker：通过公网 IP 访问
                public_host = settings.PUBLIC_HOST
                if public_host in ('server', 'localhost', '127.0.0.1'):
                    logger.warning("远程 Worker 请求配置，但 PUBLIC_HOST=%s 不是有效的公网地址", public_host)
                worker_db_host = public_host
-                worker_redis_url = f'redis://{public_host}:6379/0'
        else:
            # 远程数据库场景：所有 Worker 都用 DB_HOST
            worker_db_host = db_host
-            worker_redis_url = getattr(settings, 'WORKER_REDIS_URL', 'redis://redis:6379/0')
        
-        logger.info("返回 Worker 配置 - db_host: %s, redis_url: %s", worker_db_host, worker_redis_url)
+        logger.info("返回 Worker 配置 - db_host: %s", worker_db_host)
        
-        return Response({
-            'db': {
-                'host': worker_db_host,
-                'port': str(settings.DATABASES['default']['PORT']),
-                'name': settings.DATABASES['default']['NAME'],
-                'user': settings.DATABASES['default']['USER'],
-                'password': settings.DATABASES['default']['PASSWORD'],
-            },
-            'redisUrl': worker_redis_url,
-            'paths': {
-                'results': getattr(settings, 'CONTAINER_RESULTS_MOUNT', '/opt/xingrin/results'),
-                'logs': getattr(settings, 'CONTAINER_LOGS_MOUNT', '/opt/xingrin/logs'),
-            },
-            'logging': {
-                'level': os.getenv('LOG_LEVEL', 'INFO'),
-                'enableCommandLogging': os.getenv('ENABLE_COMMAND_LOGGING', 'true').lower() == 'true',
-            },
-            'debug': settings.DEBUG,
-            # Git 加速配置（用于 Git clone 加速，如 Nuclei 模板仓库）
-            'gitMirror': os.getenv('GIT_MIRROR', ''),
-        })
+        return success_response(
+            data={
+                'db': {
+                    'host': worker_db_host,
+                    'port': str(settings.DATABASES['default']['PORT']),
+                    'name': settings.DATABASES['default']['NAME'],
+                    'user': settings.DATABASES['default']['USER'],
+                    'password': settings.DATABASES['default']['PASSWORD'],
+                },
+                'paths': {
+                    'results': getattr(settings, 'CONTAINER_RESULTS_MOUNT', '/opt/xingrin/results'),
+                    'logs': getattr(settings, 'CONTAINER_LOGS_MOUNT', '/opt/xingrin/logs'),
+                },
+                'logging': {
+                    'level': os.getenv('LOG_LEVEL', 'INFO'),
+                    'enableCommandLogging': os.getenv('ENABLE_COMMAND_LOGGING', 'true').lower() == 'true',
+                },
+                'debug': settings.DEBUG,
+            }
+        )
--- a/backend/apps/scan/configs/command_templates.py
+++ b/backend/apps/scan/configs/command_templates.py
@@ -7,7 +7,7 @@
 from django.conf import settings

 # ==================== 路径配置 ====================
-SCAN_TOOLS_BASE_PATH = getattr(settings, 'SCAN_TOOLS_BASE_PATH', '/opt/xingrin/tools')
+SCAN_TOOLS_BASE_PATH = getattr(settings, 'SCAN_TOOLS_BASE_PATH', '/usr/local/bin')

 # ==================== 子域名发现 ====================

@@ -35,7 +35,7 @@ SUBDOMAIN_DISCOVERY_COMMANDS = {
    },
    
    'sublist3r': {
-        'base': "python3 '{scan_tools_base}/Sublist3r/sublist3r.py' -d {domain} -o '{output_file}'",
+        'base': "python3 '/usr/local/share/Sublist3r/sublist3r.py' -d {domain} -o '{output_file}'",
        'optional': {
            'threads': '-t {threads}'
        }
@@ -97,9 +97,11 @@ SITE_SCAN_COMMANDS = {
        'base': (
            "'{scan_tools_base}/httpx' -l '{url_file}' "
            '-status-code -content-type -content-length '
-            '-location -title -server -body-preview '
+            '-location -title -server '
            '-tech-detect -cdn -vhost '
-            '-random-agent -no-color -json'
+            '-include-response '
+            '-rstr 2000 '
+            '-random-agent -no-color -json -silent'
        ),
        'optional': {
            'threads': '-threads {threads}',
@@ -115,7 +117,7 @@ SITE_SCAN_COMMANDS = {

 DIRECTORY_SCAN_COMMANDS = {
    'ffuf': {
-        'base': "ffuf -u '{url}FUZZ' -se -ac -sf -json -w '{wordlist}'",  
+        'base': "'{scan_tools_base}/ffuf' -u '{url}FUZZ' -se -ac -sf -json -w '{wordlist}'",  
        'optional': {
            'delay': '-p {delay}',
            'threads': '-t {threads}',
@@ -169,9 +171,11 @@ URL_FETCH_COMMANDS = {
        'base': (
            "'{scan_tools_base}/httpx' -l '{url_file}' "
            '-status-code -content-type -content-length '
-            '-location -title -server -body-preview '
+            '-location -title -server '
            '-tech-detect -cdn -vhost '
-            '-random-agent -no-color -json'
+            '-include-response '
+            '-rstr 2000 '
+            '-random-agent -no-color -json -silent'
        ),
        'optional': {
            'threads': '-threads {threads}',
@@ -239,6 +243,9 @@ FINGERPRINT_DETECT_COMMANDS = {
            'ehole': '--ehole {ehole}',
            'goby': '--goby {goby}',
            'wappalyzer': '--wappalyzer {wappalyzer}',
+            'fingers': '--fingers {fingers}',
+            'fingerprinthub': '--fingerprint {fingerprinthub}',
+            'arl': '--arl {arl}',
        }
    },
 }
--- a/backend/apps/scan/configs/engine_config_example.yaml
+++ b/backend/apps/scan/configs/engine_config_example.yaml
@@ -4,14 +4,12 @@
 # 必需参数：enabled（是否启用）
 # 可选参数：timeout（超时秒数，默认 auto 自动计算）

-# ==================== 子域名发现 ====================
-# 
-# Stage 1: 被动收集（并行） - 必选，至少启用一个工具
-# Stage 2: 字典爆破（可选） - 使用字典暴力枚举子域名
-# Stage 3: 变异生成 + 验证（可选） - 基于已发现域名生成变异，流式验证存活
-# Stage 4: DNS 存活验证（可选） - 验证所有候选域名是否能解析
-#
 subdomain_discovery:
+  # ==================== 子域名发现 ====================
+  # Stage 1: 被动收集（并行） - 必选，至少启用一个工具
+  # Stage 2: 字典爆破（可选） - 使用字典暴力枚举子域名
+  # Stage 3: 变异生成 + 验证（可选） - 基于已发现域名生成变异，流式验证存活
+  # Stage 4: DNS 存活验证（可选） - 验证所有候选域名是否能解析
  # === Stage 1: 被动收集工具（并行执行）===
  passive_tools:
    subfinder:
@@ -53,10 +51,10 @@ subdomain_discovery:
  resolve:
    enabled: true
    subdomain_resolve:
-      # timeout: auto    # 自动根据候选子域数量计算
+      timeout: auto    # 自动根据候选子域数量计算

-# ==================== 端口扫描 ====================
 port_scan:
+  # ==================== 端口扫描 ====================
  tools:
    naabu_active:
      enabled: true
@@ -70,8 +68,8 @@ port_scan:
      enabled: true
      # timeout: auto    # 被动扫描通常较快

-# ==================== 站点扫描 ====================
 site_scan:
+  # ==================== 站点扫描 ====================
  tools:
    httpx:
      enabled: true
@@ -81,16 +79,16 @@ site_scan:
      # request-timeout: 10  # 单个请求超时秒数（默认 10）
      # retries: 2           # 请求失败重试次数

-# ==================== 指纹识别 ====================
-# 在 site_scan 后串行执行，识别 WebSite 的技术栈
 fingerprint_detect:
+  # ==================== 指纹识别 ====================
+  # 在 站点扫描 后串行执行，识别 WebSite 的技术栈
  tools:
    xingfinger:
      enabled: true
-      fingerprint-libs: [ehole, goby, wappalyzer]  # 启用的指纹库：ehole, goby, wappalyzer, fingers, fingerprinthub
+      fingerprint-libs: [ehole, goby, wappalyzer, fingers, fingerprinthub, arl]  # 默认启动全部指纹库

-# ==================== 目录扫描 ====================
 directory_scan:
+  # ==================== 目录扫描 ====================
  tools:
    ffuf:
      enabled: true
@@ -103,8 +101,8 @@ directory_scan:
      match-codes: 200,201,301,302,401,403  # 匹配的 HTTP 状态码
      # rate: 0                           # 每秒请求数（默认 0 不限制）

-# ==================== URL 获取 ====================
 url_fetch:
+  # ==================== URL 获取 ====================
  tools:
    waymore:
      enabled: true
@@ -142,8 +140,8 @@ url_fetch:
      # request-timeout: 10  # 单个请求超时秒数（默认 10）
      # retries: 2           # 请求失败重试次数

-# ==================== 漏洞扫描 ====================
 vuln_scan:
+  # ==================== 漏洞扫描 ====================
  tools:
    dalfox_xss:
      enabled: true
--- a/backend/apps/scan/flows/fingerprint_detect_flow.py
+++ b/backend/apps/scan/flows/fingerprint_detect_flow.py
@@ -37,28 +37,24 @@ logger = logging.getLogger(__name__)

 def calculate_fingerprint_detect_timeout(
    url_count: int,
-    base_per_url: float = 3.0,
-    min_timeout: int = 60
+    base_per_url: float = 10.0,
+    min_timeout: int = 300
 ) -> int:
    """
    根据 URL 数量计算超时时间
    
    公式：超时时间 = URL 数量 × 每 URL 基础时间
-    最小值：60秒
+    最小值：300秒
    无上限
    
    Args:
        url_count: URL 数量
-        base_per_url: 每 URL 基础时间（秒），默认 3秒
-        min_timeout: 最小超时时间（秒），默认 60秒
+        base_per_url: 每 URL 基础时间（秒），默认 10秒
+        min_timeout: 最小超时时间（秒），默认 300秒
        
    Returns:
        int: 计算出的超时时间（秒）
        
-    示例：
-        100 URL × 3秒 = 300秒
-        1000 URL × 3秒 = 3000秒（50分钟）
-        10000 URL × 3秒 = 30000秒（8.3小时）
    """
    timeout = int(url_count * base_per_url)
    return max(min_timeout, timeout)
@@ -260,7 +256,8 @@ def fingerprint_detect_flow(
            'url_count': int,
            'processed_records': int,
            'updated_count': int,
-            'not_found_count': int,
+            'created_count': int,
+            'snapshot_count': int,
            'executed_tasks': list,
            'tool_stats': dict
        }
@@ -307,6 +304,7 @@ def fingerprint_detect_flow(
                'processed_records': 0,
                'updated_count': 0,
                'created_count': 0,
+                'snapshot_count': 0,
                'executed_tasks': ['export_urls_for_fingerprint'],
                'tool_stats': {
                    'total': 0,
@@ -344,6 +342,7 @@ def fingerprint_detect_flow(
        total_processed = sum(stats['result'].get('processed_records', 0) for stats in tool_stats.values())
        total_updated = sum(stats['result'].get('updated_count', 0) for stats in tool_stats.values())
        total_created = sum(stats['result'].get('created_count', 0) for stats in tool_stats.values())
+        total_snapshots = sum(stats['result'].get('snapshot_count', 0) for stats in tool_stats.values())
        
        successful_tools = [name for name in enabled_tools.keys() 
                           if name not in [f['tool'] for f in failed_tools]]
@@ -358,6 +357,7 @@ def fingerprint_detect_flow(
            'processed_records': total_processed,
            'updated_count': total_updated,
            'created_count': total_created,
+            'snapshot_count': total_snapshots,
            'executed_tasks': executed_tasks,
            'tool_stats': {
                'total': len(enabled_tools),
--- a/backend/apps/scan/flows/initiate_scan_flow.py
+++ b/backend/apps/scan/flows/initiate_scan_flow.py
@@ -114,8 +114,11 @@ def initiate_scan_flow(
        
        # ==================== Task 2: 获取引擎配置 ====================
        from apps.scan.models import Scan
-        scan = Scan.objects.select_related('engine').get(id=scan_id)
-        engine_config = scan.engine.configuration
+        scan = Scan.objects.get(id=scan_id)
+        engine_config = scan.merged_configuration
+        
+        # 使用 engine_names 进行显示
+        display_engine_name = ', '.join(scan.engine_names) if scan.engine_names else engine_name
        
        # ==================== Task 3: 解析配置，生成执行计划 ====================
        orchestrator = FlowOrchestrator(engine_config)
--- a/backend/apps/scan/flows/site_scan_flow.py
+++ b/backend/apps/scan/flows/site_scan_flow.py
@@ -204,14 +204,13 @@ def _run_scans_sequentially(
            # 流式执行扫描并实时保存结果
            result = run_and_stream_save_websites_task(
                cmd=command,
-                tool_name=tool_name,  # 新增：工具名称
+                tool_name=tool_name,
                scan_id=scan_id,
                target_id=target_id,
                cwd=str(site_scan_dir),
                shell=True,
-                batch_size=1000,
                timeout=timeout,
-                log_file=str(log_file)  # 新增：日志文件路径
+                log_file=str(log_file)
            )
            
            tool_stats[tool_name] = {
--- a/backend/apps/scan/flows/url_fetch/main_flow.py
+++ b/backend/apps/scan/flows/url_fetch/main_flow.py
@@ -212,7 +212,6 @@ def _validate_and_stream_save_urls(
            target_id=target_id,
            cwd=str(url_fetch_dir),
            shell=True,
-            batch_size=500,
            timeout=timeout,
            log_file=str(log_file)
        )
--- a/backend/apps/scan/handlers/initiate_scan_flow_handlers.py
+++ b/backend/apps/scan/handlers/initiate_scan_flow_handlers.py
@@ -162,6 +162,8 @@ def on_initiate_scan_flow_completed(flow: Flow, flow_run: FlowRun, state: State)
    # 执行状态更新并获取统计数据
    stats = _update_completed_status()
    
+    # 注意：物化视图刷新已迁移到 pg_ivm 增量维护，无需手动标记刷新
+    
    # 发送通知（包含统计摘要）
    logger.info("准备发送扫描完成通知 - Scan ID: %s, Target: %s", scan_id, target_name)
    try:
--- a/backend/apps/scan/migrations/0001_initial.py
+++ b/backend/apps/scan/migrations/0001_initial.py
@@ -0,0 +1,119 @@
+# Generated by Django 5.2.7 on 2026-01-02 04:45
+
+import django.contrib.postgres.fields
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('engine', '0001_initial'),
+        ('targets', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='NotificationSettings',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('discord_enabled', models.BooleanField(default=False, help_text='是否启用 Discord 通知')),
+                ('discord_webhook_url', models.URLField(blank=True, default='', help_text='Discord Webhook URL')),
+                ('categories', models.JSONField(default=dict, help_text='各分类通知开关，如 {"scan": true, "vulnerability": true, "asset": true, "system": false}')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+            options={
+                'verbose_name': '通知设置',
+                'verbose_name_plural': '通知设置',
+                'db_table': 'notification_settings',
+            },
+        ),
+        migrations.CreateModel(
+            name='Notification',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('category', models.CharField(choices=[('scan', '扫描任务'), ('vulnerability', '漏洞发现'), ('asset', '资产发现'), ('system', '系统消息')], db_index=True, default='system', help_text='通知分类', max_length=20)),
+                ('level', models.CharField(choices=[('low', '低'), ('medium', '中'), ('high', '高'), ('critical', '严重')], db_index=True, default='low', help_text='通知级别', max_length=20)),
+                ('title', models.CharField(help_text='通知标题', max_length=200)),
+                ('message', models.CharField(help_text='通知内容', max_length=2000)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('is_read', models.BooleanField(default=False, help_text='是否已读')),
+                ('read_at', models.DateTimeField(blank=True, help_text='阅读时间', null=True)),
+            ],
+            options={
+                'verbose_name': '通知',
+                'verbose_name_plural': '通知',
+                'db_table': 'notification',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='notificatio_created_c430f0_idx'), models.Index(fields=['category', '-created_at'], name='notificatio_categor_df0584_idx'), models.Index(fields=['level', '-created_at'], name='notificatio_level_0e5d12_idx'), models.Index(fields=['is_read', '-created_at'], name='notificatio_is_read_518ce0_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='Scan',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('engine_ids', django.contrib.postgres.fields.ArrayField(base_field=models.IntegerField(), default=list, help_text='引擎 ID 列表', size=None)),
+                ('engine_names', models.JSONField(default=list, help_text='引擎名称列表，如 ["引擎A", "引擎B"]')),
+                ('merged_configuration', models.TextField(default='', help_text='合并后的 YAML 配置')),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='任务创建时间')),
+                ('stopped_at', models.DateTimeField(blank=True, help_text='扫描结束时间', null=True)),
+                ('status', models.CharField(choices=[('cancelled', '已取消'), ('completed', '已完成'), ('failed', '失败'), ('initiated', '初始化'), ('running', '运行中')], db_index=True, default='initiated', help_text='任务状态', max_length=20)),
+                ('results_dir', models.CharField(blank=True, default='', help_text='结果存储目录', max_length=100)),
+                ('container_ids', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=100), blank=True, default=list, help_text='容器 ID 列表（Docker Container ID）', size=None)),
+                ('error_message', models.CharField(blank=True, default='', help_text='错误信息', max_length=2000)),
+                ('deleted_at', models.DateTimeField(blank=True, db_index=True, help_text='删除时间（NULL表示未删除）', null=True)),
+                ('progress', models.IntegerField(default=0, help_text='扫描进度 0-100')),
+                ('current_stage', models.CharField(blank=True, default='', help_text='当前扫描阶段', max_length=50)),
+                ('stage_progress', models.JSONField(default=dict, help_text='各阶段进度详情')),
+                ('cached_subdomains_count', models.IntegerField(default=0, help_text='缓存的子域名数量')),
+                ('cached_websites_count', models.IntegerField(default=0, help_text='缓存的网站数量')),
+                ('cached_endpoints_count', models.IntegerField(default=0, help_text='缓存的端点数量')),
+                ('cached_ips_count', models.IntegerField(default=0, help_text='缓存的IP地址数量')),
+                ('cached_directories_count', models.IntegerField(default=0, help_text='缓存的目录数量')),
+                ('cached_vulns_total', models.IntegerField(default=0, help_text='缓存的漏洞总数')),
+                ('cached_vulns_critical', models.IntegerField(default=0, help_text='缓存的严重漏洞数量')),
+                ('cached_vulns_high', models.IntegerField(default=0, help_text='缓存的高危漏洞数量')),
+                ('cached_vulns_medium', models.IntegerField(default=0, help_text='缓存的中危漏洞数量')),
+                ('cached_vulns_low', models.IntegerField(default=0, help_text='缓存的低危漏洞数量')),
+                ('stats_updated_at', models.DateTimeField(blank=True, help_text='统计数据最后更新时间', null=True)),
+                ('target', models.ForeignKey(help_text='扫描目标', on_delete=django.db.models.deletion.CASCADE, related_name='scans', to='targets.target')),
+                ('worker', models.ForeignKey(blank=True, help_text='执行扫描的 Worker 节点', null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='scans', to='engine.workernode')),
+            ],
+            options={
+                'verbose_name': '扫描任务',
+                'verbose_name_plural': '扫描任务',
+                'db_table': 'scan',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='scan_created_0bb6c7_idx'), models.Index(fields=['target'], name='scan_target__718b9d_idx'), models.Index(fields=['deleted_at', '-created_at'], name='scan_deleted_eb17e8_idx')],
+            },
+        ),
+        migrations.CreateModel(
+            name='ScheduledScan',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('name', models.CharField(help_text='任务名称', max_length=200)),
+                ('engine_ids', django.contrib.postgres.fields.ArrayField(base_field=models.IntegerField(), default=list, help_text='引擎 ID 列表', size=None)),
+                ('engine_names', models.JSONField(default=list, help_text='引擎名称列表，如 ["引擎A", "引擎B"]')),
+                ('merged_configuration', models.TextField(default='', help_text='合并后的 YAML 配置')),
+                ('cron_expression', models.CharField(default='0 2 * * *', help_text='Cron 表达式，格式：分 时 日 月 周', max_length=100)),
+                ('is_enabled', models.BooleanField(db_index=True, default=True, help_text='是否启用')),
+                ('run_count', models.IntegerField(default=0, help_text='已执行次数')),
+                ('last_run_time', models.DateTimeField(blank=True, help_text='上次执行时间', null=True)),
+                ('next_run_time', models.DateTimeField(blank=True, help_text='下次执行时间', null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('updated_at', models.DateTimeField(auto_now=True, help_text='更新时间')),
+                ('organization', models.ForeignKey(blank=True, help_text='扫描组织（设置后执行时动态获取组织下所有目标）', null=True, on_delete=django.db.models.deletion.CASCADE, related_name='scheduled_scans', to='targets.organization')),
+                ('target', models.ForeignKey(blank=True, help_text='扫描单个目标（与 organization 二选一）', null=True, on_delete=django.db.models.deletion.CASCADE, related_name='scheduled_scans', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '定时扫描任务',
+                'verbose_name_plural': '定时扫描任务',
+                'db_table': 'scheduled_scan',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='scheduled_s_created_9b9c2e_idx'), models.Index(fields=['is_enabled', '-created_at'], name='scheduled_s_is_enab_23d660_idx'), models.Index(fields=['name'], name='scheduled_s_name_bf332d_idx')],
+            },
+        ),
+    ]
--- a/backend/apps/scan/models.py
+++ b/backend/apps/scan/models.py
@@ -20,11 +20,19 @@ class Scan(models.Model):

    target = models.ForeignKey('targets.Target', on_delete=models.CASCADE, related_name='scans', help_text='扫描目标')

-    engine = models.ForeignKey(
-        'engine.ScanEngine',
-        on_delete=models.CASCADE,
-        related_name='scans',
-        help_text='使用的扫描引擎'
+    # 多引擎支持字段
+    engine_ids = ArrayField(
+        models.IntegerField(),
+        default=list,
+        help_text='引擎 ID 列表'
+    )
+    engine_names = models.JSONField(
+        default=list,
+        help_text='引擎名称列表，如 ["引擎A", "引擎B"]'
+    )
+    merged_configuration = models.TextField(
+        default='',
+        help_text='合并后的 YAML 配置'
    )

    created_at = models.DateTimeField(auto_now_add=True, help_text='任务创建时间')
@@ -118,12 +126,19 @@ class ScheduledScan(models.Model):
    # 基本信息
    name = models.CharField(max_length=200, help_text='任务名称')
    
-    # 关联的扫描引擎
-    engine = models.ForeignKey(
-        'engine.ScanEngine',
-        on_delete=models.CASCADE,
-        related_name='scheduled_scans',
-        help_text='使用的扫描引擎'
+    # 多引擎支持字段
+    engine_ids = ArrayField(
+        models.IntegerField(),
+        default=list,
+        help_text='引擎 ID 列表'
+    )
+    engine_names = models.JSONField(
+        default=list,
+        help_text='引擎名称列表，如 ["引擎A", "引擎B"]'
+    )
+    merged_configuration = models.TextField(
+        default='',
+        help_text='合并后的 YAML 配置'
    )
    
    # 关联的组织（组织扫描模式：执行时动态获取组织下所有目标）
--- a/backend/apps/scan/notifications/consumers.py
+++ b/backend/apps/scan/notifications/consumers.py
@@ -5,12 +5,13 @@ WebSocket Consumer - 通知实时推送
 import json
 import logging
 import asyncio
-from channels.generic.websocket import AsyncWebsocketConsumer
+
+from apps.common.websocket_auth import AuthenticatedWebsocketConsumer

 logger = logging.getLogger(__name__)


-class NotificationConsumer(AsyncWebsocketConsumer):
+class NotificationConsumer(AuthenticatedWebsocketConsumer):
    """
    通知 WebSocket Consumer
    
@@ -23,9 +24,9 @@ class NotificationConsumer(AsyncWebsocketConsumer):
        super().__init__(*args, **kwargs)
        self.heartbeat_task = None  # 心跳任务
    
-    async def connect(self):
+    async def on_connect(self):
        """
-        客户端连接时调用
+        客户端连接时调用（已通过认证）
        加入通知广播组
        """
        # 通知组名（所有客户端共享）
--- a/backend/apps/scan/notifications/services.py
+++ b/backend/apps/scan/notifications/services.py
@@ -305,6 +305,7 @@ def _push_via_api_callback(notification: Notification, server_url: str) -> None:
    通过 HTTP 请求 Server 容器的 /api/callbacks/notification/ 接口。
    Worker 无法直接访问 Redis，需要由 Server 代为推送 WebSocket。
    """
+    import os
    import requests
    
    try:
@@ -318,8 +319,14 @@ def _push_via_api_callback(notification: Notification, server_url: str) -> None:
            'created_at': notification.created_at.isoformat()
        }
        
+        # 构建请求头（包含 Worker API Key）
+        headers = {'Content-Type': 'application/json'}
+        worker_api_key = os.environ.get("WORKER_API_KEY", "")
+        if worker_api_key:
+            headers["X-Worker-API-Key"] = worker_api_key
+        
        # verify=False: 远程 Worker 回调 Server 时可能使用自签名证书
-        resp = requests.post(callback_url, json=data, timeout=5, verify=False)
+        resp = requests.post(callback_url, json=data, headers=headers, timeout=5, verify=False)
        resp.raise_for_status()
        
        logger.debug(f"通知回调推送成功 - ID: {notification.id}")
--- a/backend/apps/scan/notifications/views.py
+++ b/backend/apps/scan/notifications/views.py
@@ -7,13 +7,14 @@ from typing import Any
 from django.http import JsonResponse
 from django.utils import timezone
 from rest_framework import status
-from rest_framework.decorators import api_view, permission_classes
-from rest_framework.permissions import AllowAny
+from rest_framework.decorators import api_view
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.views import APIView

 from apps.common.pagination import BasePagination
+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
 from .models import Notification
 from .serializers import NotificationSerializer
 from .types import NotificationLevel
@@ -60,34 +61,7 @@ def notifications_test(request):
        }, status=500)


-def build_api_response(
-    data: Any = None,
-    *,
-    message: str = '操作成功',
-    code: str = '200',
-    state: str = 'success',
-    status_code: int = status.HTTP_200_OK
-) -> Response:
-    """构建统一的 API 响应格式
-    
-    Args:
-        data: 响应数据体（可选）
-        message: 响应消息
-        code: 响应代码
-        state: 响应状态（success/error）
-        status_code: HTTP 状态码
-        
-    Returns:
-        DRF Response 对象
-    """
-    payload = {
-        'code': code,
-        'state': state,
-        'message': message,
-    }
-    if data is not None:
-        payload['data'] = data
-    return Response(payload, status=status_code)
+# build_api_response 已废弃，请使用 success_response/error_response


 def _parse_bool(value: str | None) -> bool | None:
@@ -172,7 +146,7 @@ class NotificationUnreadCountView(APIView):
        """获取未读通知数量"""
        service = NotificationService()
        count = service.get_unread_count()
-        return build_api_response({'count': count}, message='获取未读数量成功')
+        return success_response(data={'count': count})


 class NotificationMarkAllAsReadView(APIView):
@@ -192,7 +166,7 @@ class NotificationMarkAllAsReadView(APIView):
        """标记全部通知为已读"""
        service = NotificationService()
        updated = service.mark_all_as_read()
-        return build_api_response({'updated': updated}, message='全部标记已读成功')
+        return success_response(data={'updated': updated})


 class NotificationSettingsView(APIView):
@@ -209,13 +183,13 @@ class NotificationSettingsView(APIView):
        """获取通知设置"""
        service = NotificationSettingsService()
        settings = service.get_settings()
-        return Response(settings)
+        return success_response(data=settings)
    
    def put(self, request: Request) -> Response:
        """更新通知设置"""
        service = NotificationSettingsService()
        settings = service.update_settings(request.data)
-        return Response({'message': '已保存通知设置', **settings})
+        return success_response(data=settings)


 # ============================================
@@ -223,12 +197,13 @@ class NotificationSettingsView(APIView):
 # ============================================

@api_view(['POST'])
-@permission_classes([AllowAny])  # Worker 容器无认证，可考虑添加 Token 验证
+# 权限由全局 IsAuthenticatedOrPublic 处理，/api/callbacks/* 需要 Worker API Key 认证
 def notification_callback(request):
    """
    接收 Worker 的通知推送请求
    
    Worker 容器无法直接访问 Redis，通过此 API 回调让 Server 推送 WebSocket。
+    需要 Worker API Key 认证（X-Worker-API-Key Header）。
    
    POST /api/callbacks/notification/
    {
@@ -247,22 +222,24 @@ def notification_callback(request):
        required_fields = ['id', 'category', 'title', 'message', 'level', 'created_at']
        for field in required_fields:
            if field not in data:
-                return Response(
-                    {'error': f'缺少字段: {field}'},
-                    status=status.HTTP_400_BAD_REQUEST
+                return error_response(
+                    code=ErrorCodes.VALIDATION_ERROR,
+                    message=f'Missing field: {field}',
+                    status_code=status.HTTP_400_BAD_REQUEST
                )
        
        # 推送到 WebSocket
        _push_notification_to_websocket(data)
        
        logger.debug(f"回调通知推送成功 - ID: {data['id']}, Title: {data['title']}")
-        return Response({'status': 'ok'})
+        return success_response(data={'status': 'ok'})
        
    except Exception as e:
        logger.error(f"回调通知处理失败: {e}", exc_info=True)
-        return Response(
-            {'error': str(e)},
-            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        return error_response(
+            code=ErrorCodes.SERVER_ERROR,
+            message=str(e),
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
        )


--- a/backend/apps/scan/repositories/django_scan_repository.py
+++ b/backend/apps/scan/repositories/django_scan_repository.py
@@ -16,7 +16,6 @@ from django.utils import timezone

 from apps.scan.models import Scan
 from apps.targets.models import Target
-from apps.engine.models import ScanEngine
 from apps.common.definitions import ScanStatus
 from apps.common.decorators import auto_ensure_db_connection

@@ -40,7 +39,7 @@ class DjangoScanRepository:
        
        Args:
            scan_id: 扫描任务 ID
-            prefetch_relations: 是否预加载关联对象（engine, target）
+            prefetch_relations: 是否预加载关联对象（target, worker）
                              默认 False，只在需要展示关联信息时设为 True
            for_update: 是否加锁（用于更新场景）
        
@@ -56,7 +55,7 @@ class DjangoScanRepository:
            
            # 预加载关联对象（性能优化：默认不加载）
            if prefetch_relations:
-                queryset = queryset.select_related('engine', 'target')
+                queryset = queryset.select_related('target', 'worker')
            
            return queryset.get(id=scan_id)
        except Scan.DoesNotExist:  # type: ignore  # pylint: disable=no-member
@@ -79,7 +78,7 @@ class DjangoScanRepository:
        
        Note:
            - 使用默认的阻塞模式（等待锁释放）
-            - 不包含关联对象（engine, target），如需关联对象请使用 get_by_id()
+            - 不包含关联对象（target, worker），如需关联对象请使用 get_by_id()
        """
        try:
            return Scan.objects.select_for_update().get(id=scan_id)  # type: ignore  # pylint: disable=no-member
@@ -103,7 +102,9 @@ class DjangoScanRepository:
    
    def create(self,
        target: Target,
-        engine: ScanEngine,
+        engine_ids: List[int],
+        engine_names: List[str],
+        merged_configuration: str,
        results_dir: str,
        status: ScanStatus = ScanStatus.INITIATED
    ) -> Scan:
@@ -112,7 +113,9 @@ class DjangoScanRepository:
        
        Args:
            target: 扫描目标
-            engine: 扫描引擎
+            engine_ids: 引擎 ID 列表
+            engine_names: 引擎名称列表
+            merged_configuration: 合并后的 YAML 配置
            results_dir: 结果目录
            status: 初始状态
        
@@ -121,7 +124,9 @@ class DjangoScanRepository:
        """
        scan = Scan(
            target=target,
-            engine=engine,
+            engine_ids=engine_ids,
+            engine_names=engine_names,
+            merged_configuration=merged_configuration,
            results_dir=results_dir,
            status=status,
            container_ids=[]
@@ -231,14 +236,14 @@ class DjangoScanRepository:
        获取所有扫描任务
        
        Args:
-            prefetch_relations: 是否预加载关联对象（engine, target）
+            prefetch_relations: 是否预加载关联对象（target, worker）
        
        Returns:
            Scan QuerySet
        """
        queryset = Scan.objects.all()  # type: ignore  # pylint: disable=no-member
        if prefetch_relations:
-            queryset = queryset.select_related('engine', 'target')
+            queryset = queryset.select_related('target', 'worker')
        return queryset.order_by('-created_at')
    
    
--- a/backend/apps/scan/repositories/scheduled_scan_repository.py
+++ b/backend/apps/scan/repositories/scheduled_scan_repository.py
@@ -29,7 +29,9 @@ class ScheduledScanDTO:
    """
    id: Optional[int] = None
    name: str = ''
-    engine_id: int = 0
+    engine_ids: List[int] = None  # 多引擎支持
+    engine_names: List[str] = None  # 引擎名称列表
+    merged_configuration: str = ''  # 合并后的配置
    organization_id: Optional[int] = None  # 组织扫描模式
    target_id: Optional[int] = None  # 目标扫描模式
    cron_expression: Optional[str] = None
@@ -40,6 +42,11 @@ class ScheduledScanDTO:
    created_at: Optional[datetime] = None
    updated_at: Optional[datetime] = None
    
+    def __post_init__(self):
+        if self.engine_ids is None:
+            self.engine_ids = []
+        if self.engine_names is None:
+            self.engine_names = []


@auto_ensure_db_connection
@@ -56,7 +63,7 @@ class DjangoScheduledScanRepository:
    def get_by_id(self, scheduled_scan_id: int) -> Optional[ScheduledScan]:
        """根据 ID 查询定时扫描任务"""
        try:
-            return ScheduledScan.objects.select_related('engine', 'organization', 'target').get(id=scheduled_scan_id)
+            return ScheduledScan.objects.select_related('organization', 'target').get(id=scheduled_scan_id)
        except ScheduledScan.DoesNotExist:
            return None
    
@@ -67,7 +74,7 @@ class DjangoScheduledScanRepository:
        Returns:
            QuerySet
        """
-        return ScheduledScan.objects.select_related('engine', 'organization', 'target').order_by('-created_at')
+        return ScheduledScan.objects.select_related('organization', 'target').order_by('-created_at')

    def get_all(self, page: int = 1, page_size: int = 10) -> Tuple[List[ScheduledScan], int]:
        """
@@ -87,7 +94,7 @@ class DjangoScheduledScanRepository:
    def get_enabled(self) -> List[ScheduledScan]:
        """获取所有启用的定时扫描任务"""
        return list(
-            ScheduledScan.objects.select_related('engine', 'target')
+            ScheduledScan.objects.select_related('target')
            .filter(is_enabled=True)
            .order_by('-created_at')
        )
@@ -105,7 +112,9 @@ class DjangoScheduledScanRepository:
        with transaction.atomic():
            scheduled_scan = ScheduledScan.objects.create(
                name=dto.name,
-                engine_id=dto.engine_id,
+                engine_ids=dto.engine_ids,
+                engine_names=dto.engine_names,
+                merged_configuration=dto.merged_configuration,
                organization_id=dto.organization_id,  # 组织扫描模式
                target_id=dto.target_id if not dto.organization_id else None,  # 目标扫描模式
                cron_expression=dto.cron_expression,
@@ -134,8 +143,12 @@ class DjangoScheduledScanRepository:
                # 更新基本字段
                if dto.name:
                    scheduled_scan.name = dto.name
-                if dto.engine_id:
-                    scheduled_scan.engine_id = dto.engine_id
+                if dto.engine_ids is not None:
+                    scheduled_scan.engine_ids = dto.engine_ids
+                if dto.engine_names is not None:
+                    scheduled_scan.engine_names = dto.engine_names
+                if dto.merged_configuration is not None:
+                    scheduled_scan.merged_configuration = dto.merged_configuration
                if dto.cron_expression is not None:
                    scheduled_scan.cron_expression = dto.cron_expression
                if dto.is_enabled is not None:
--- a/backend/apps/scan/serializers.py
+++ b/backend/apps/scan/serializers.py
@@ -7,12 +7,11 @@ from .models import Scan, ScheduledScan
 class ScanSerializer(serializers.ModelSerializer):
    """扫描任务序列化器"""
    target_name = serializers.SerializerMethodField()
-    engine_name = serializers.SerializerMethodField()
    
    class Meta:
        model = Scan
        fields = [
-            'id', 'target', 'target_name', 'engine', 'engine_name',
+            'id', 'target', 'target_name', 'engine_ids', 'engine_names',
            'created_at', 'stopped_at', 'status', 'results_dir',
            'container_ids', 'error_message'
        ]
@@ -24,10 +23,6 @@ class ScanSerializer(serializers.ModelSerializer):
    def get_target_name(self, obj):
        """获取目标名称"""
        return obj.target.name if obj.target else None
-    
-    def get_engine_name(self, obj):
-        """获取引擎名称"""
-        return obj.engine.name if obj.engine else None


 class ScanHistorySerializer(serializers.ModelSerializer):
@@ -36,11 +31,12 @@ class ScanHistorySerializer(serializers.ModelSerializer):
    为前端扫描历史页面提供优化的数据格式，包括：
    - 扫描汇总统计（子域名、端点、漏洞数量）
    - 进度百分比和当前阶段
+    - 执行节点信息
    """
    
    # 字段映射
    target_name = serializers.CharField(source='target.name', read_only=True)
-    engine_name = serializers.CharField(source='engine.name', read_only=True)
+    worker_name = serializers.CharField(source='worker.name', read_only=True, allow_null=True)
    
    # 计算字段
    summary = serializers.SerializerMethodField()
@@ -53,9 +49,9 @@ class ScanHistorySerializer(serializers.ModelSerializer):
    class Meta:
        model = Scan
        fields = [
-            'id', 'target', 'target_name', 'engine', 'engine_name', 
-            'created_at', 'status', 'error_message', 'summary', 'progress',
-            'current_stage', 'stage_progress'
+            'id', 'target', 'target_name', 'engine_ids', 'engine_names', 
+            'worker_name', 'created_at', 'status', 'error_message', 'summary', 
+            'progress', 'current_stage', 'stage_progress'
        ]
    
    def get_summary(self, obj):
@@ -105,10 +101,11 @@ class QuickScanSerializer(serializers.Serializer):
        help_text='目标列表，每个目标包含 name 字段'
    )
    
-    # 扫描引擎 ID
-    engine_id = serializers.IntegerField(
+    # 扫描引擎 ID 列表
+    engine_ids = serializers.ListField(
+        child=serializers.IntegerField(),
        required=True,
-        help_text='使用的扫描引擎 ID (必填)'
+        help_text='使用的扫描引擎 ID 列表 (必填)'
    )
    
    def validate_targets(self, value):
@@ -130,6 +127,12 @@ class QuickScanSerializer(serializers.Serializer):
                raise serializers.ValidationError(f"第 {idx + 1} 个目标的 name 不能为空")
        
        return value
+    
+    def validate_engine_ids(self, value):
+        """验证引擎 ID 列表"""
+        if not value:
+            raise serializers.ValidationError("engine_ids 不能为空")
+        return value


 # ==================== 定时扫描序列化器 ====================
@@ -138,7 +141,6 @@ class ScheduledScanSerializer(serializers.ModelSerializer):
    """定时扫描任务序列化器（用于列表和详情）"""
    
    # 关联字段
-    engine_name = serializers.CharField(source='engine.name', read_only=True)
    organization_id = serializers.IntegerField(source='organization.id', read_only=True, allow_null=True)
    organization_name = serializers.CharField(source='organization.name', read_only=True, allow_null=True)
    target_id = serializers.IntegerField(source='target.id', read_only=True, allow_null=True)
@@ -149,7 +151,7 @@ class ScheduledScanSerializer(serializers.ModelSerializer):
        model = ScheduledScan
        fields = [
            'id', 'name',
-            'engine', 'engine_name',
+            'engine_ids', 'engine_names',
            'organization_id', 'organization_name',
            'target_id', 'target_name',
            'scan_mode',
@@ -178,7 +180,10 @@ class CreateScheduledScanSerializer(serializers.Serializer):
    """
    
    name = serializers.CharField(max_length=200, help_text='任务名称')
-    engine_id = serializers.IntegerField(help_text='扫描引擎 ID')
+    engine_ids = serializers.ListField(
+        child=serializers.IntegerField(),
+        help_text='扫描引擎 ID 列表'
+    )
    
    # 组织扫描模式
    organization_id = serializers.IntegerField(
@@ -201,6 +206,12 @@ class CreateScheduledScanSerializer(serializers.Serializer):
    )
    is_enabled = serializers.BooleanField(default=True, help_text='是否立即启用')
    
+    def validate_engine_ids(self, value):
+        """验证引擎 ID 列表"""
+        if not value:
+            raise serializers.ValidationError("engine_ids 不能为空")
+        return value
+    
    def validate(self, data):
        """验证 organization_id 和 target_id 互斥"""
        organization_id = data.get('organization_id')
@@ -219,7 +230,11 @@ class UpdateScheduledScanSerializer(serializers.Serializer):
    """更新定时扫描任务序列化器"""
    
    name = serializers.CharField(max_length=200, required=False, help_text='任务名称')
-    engine_id = serializers.IntegerField(required=False, help_text='扫描引擎 ID')
+    engine_ids = serializers.ListField(
+        child=serializers.IntegerField(),
+        required=False,
+        help_text='扫描引擎 ID 列表'
+    )
    
    # 组织扫描模式
    organization_id = serializers.IntegerField(
@@ -237,6 +252,12 @@ class UpdateScheduledScanSerializer(serializers.Serializer):
    
    cron_expression = serializers.CharField(max_length=100, required=False, help_text='Cron 表达式')
    is_enabled = serializers.BooleanField(required=False, help_text='是否启用')
+    
+    def validate_engine_ids(self, value):
+        """验证引擎 ID 列表"""
+        if value is not None and not value:
+            raise serializers.ValidationError("engine_ids 不能为空")
+        return value


 class ToggleScheduledScanSerializer(serializers.Serializer):
--- a/backend/apps/scan/services/blacklist_service.py
+++ b/backend/apps/scan/services/blacklist_service.py
@@ -27,9 +27,6 @@ class BlacklistService:
    DEFAULT_PATTERNS = [
        r'\.gov$',           # .gov 结尾
        r'\.gov\.[a-z]{2}$', # .gov.cn, .gov.uk 等
-        r'\.edu$',           # .edu 结尾
-        r'\.edu\.[a-z]{2}$', # .edu.cn 等
-        r'\.mil$',           # .mil 结尾
    ]
    
    def __init__(self, patterns: Optional[List[str]] = None):
--- a/backend/apps/scan/services/scan_creation_service.py
+++ b/backend/apps/scan/services/scan_creation_service.py
@@ -10,7 +10,7 @@
 import uuid
 import logging
 import threading
-from typing import List
+from typing import List, Tuple
 from datetime import datetime
 from pathlib import Path
 from django.conf import settings
@@ -20,6 +20,7 @@ from django.core.exceptions import ValidationError, ObjectDoesNotExist

 from apps.scan.models import Scan
 from apps.scan.repositories import DjangoScanRepository
+from apps.scan.utils.config_merger import merge_engine_configs, ConfigConflictError
 from apps.targets.repositories import DjangoTargetRepository, DjangoOrganizationRepository
 from apps.engine.repositories import DjangoEngineRepository
 from apps.targets.models import Target
@@ -142,6 +143,106 @@ class ScanCreationService:
        
        return targets, engine
    
+    def prepare_initiate_scan_multi_engine(
+        self,
+        organization_id: int | None = None,
+        target_id: int | None = None,
+        engine_ids: List[int] | None = None
+    ) -> Tuple[List[Target], str, List[str], List[int]]:
+        """
+        准备多引擎扫描任务所需的数据
+        
+        职责：
+            1. 参数验证（必填项、互斥参数）
+            2. 资源查询（Engines、Organization、Target）
+            3. 合并引擎配置（检测冲突）
+            4. 返回准备好的目标列表、合并配置和引擎信息
+        
+        Args:
+            organization_id: 组织ID（可选）
+            target_id: 目标ID（可选）
+            engine_ids: 扫描引擎ID列表（必填）
+        
+        Returns:
+            (目标列表, 合并配置, 引擎名称列表, 引擎ID列表) - 供 create_scans 方法使用
+        
+        Raises:
+            ValidationError: 参数验证失败或业务规则不满足
+            ObjectDoesNotExist: 资源不存在（Organization/Target/ScanEngine）
+            ConfigConflictError: 引擎配置存在冲突
+        
+        Note:
+            - organization_id 和 target_id 必须二选一
+            - 如果提供 organization_id，返回该组织下所有目标
+            - 如果提供 target_id，返回单个目标列表
+        """
+        # 1. 参数验证
+        if not engine_ids:
+            raise ValidationError('缺少必填参数: engine_ids')
+        
+        if not organization_id and not target_id:
+            raise ValidationError('必须提供 organization_id 或 target_id 其中之一')
+        
+        if organization_id and target_id:
+            raise ValidationError('organization_id 和 target_id 只能提供其中之一')
+        
+        # 2. 查询所有扫描引擎
+        engines = []
+        for engine_id in engine_ids:
+            engine = self.engine_repo.get_by_id(engine_id)
+            if not engine:
+                logger.error("扫描引擎不存在 - Engine ID: %s", engine_id)
+                raise ObjectDoesNotExist(f'ScanEngine ID {engine_id} 不存在')
+            engines.append(engine)
+        
+        # 3. 合并引擎配置（可能抛出 ConfigConflictError）
+        engine_configs = [(e.name, e.configuration or '') for e in engines]
+        merged_configuration = merge_engine_configs(engine_configs)
+        engine_names = [e.name for e in engines]
+        
+        logger.debug(
+            "引擎配置合并成功 - 引擎: %s",
+            ', '.join(engine_names)
+        )
+        
+        # 4. 根据参数获取目标列表
+        targets = []
+        
+        if organization_id:
+            # 根据组织ID获取所有目标
+            organization = self.organization_repo.get_by_id(organization_id)
+            if not organization:
+                logger.error("组织不存在 - Organization ID: %s", organization_id)
+                raise ObjectDoesNotExist(f'Organization ID {organization_id} 不存在')
+            
+            targets = self.organization_repo.get_targets(organization_id)
+            
+            if not targets:
+                raise ValidationError(f'组织 ID {organization_id} 下没有目标')
+            
+            logger.debug(
+                "准备发起扫描 - 组织: %s, 目标数量: %d, 引擎: %s",
+                organization.name,
+                len(targets),
+                ', '.join(engine_names)
+            )
+        else:
+            # 根据目标ID获取单个目标
+            target = self.target_repo.get_by_id(target_id)
+            if not target:
+                logger.error("目标不存在 - Target ID: %s", target_id)
+                raise ObjectDoesNotExist(f'Target ID {target_id} 不存在')
+            
+            targets = [target]
+            
+            logger.debug(
+                "准备发起扫描 - 目标: %s, 引擎: %s",
+                target.name,
+                ', '.join(engine_names)
+            )
+        
+        return targets, merged_configuration, engine_names, engine_ids
+    
    def _generate_scan_workspace_dir(self) -> str:
        """
        生成 Scan 工作空间目录路径
@@ -179,7 +280,9 @@ class ScanCreationService:
    def create_scans(
        self,
        targets: List[Target],
-        engine: ScanEngine,
+        engine_ids: List[int],
+        engine_names: List[str],
+        merged_configuration: str,
        scheduled_scan_name: str | None = None
    ) -> List[Scan]:
        """
@@ -187,7 +290,9 @@ class ScanCreationService:
        
        Args:
            targets: 目标列表
-            engine: 扫描引擎对象
+            engine_ids: 引擎 ID 列表
+            engine_names: 引擎名称列表
+            merged_configuration: 合并后的 YAML 配置
            scheduled_scan_name: 定时扫描任务名称（可选，用于通知显示）
        
        Returns:
@@ -205,7 +310,9 @@ class ScanCreationService:
                scan_workspace_dir = self._generate_scan_workspace_dir()
                scan = Scan(
                    target=target,
-                    engine=engine,
+                    engine_ids=engine_ids,
+                    engine_names=engine_names,
+                    merged_configuration=merged_configuration,
                    results_dir=scan_workspace_dir,
                    status=ScanStatus.INITIATED,
                    container_ids=[],
@@ -236,13 +343,15 @@ class ScanCreationService:
            return []
        
        # 第三步：分发任务到 Workers
+        # 使用第一个引擎名称作为显示名称，或者合并显示
+        display_engine_name = ', '.join(engine_names) if engine_names else ''
        scan_data = [
            {
                'scan_id': scan.id,
                'target_name': scan.target.name,
                'target_id': scan.target.id,
                'results_dir': scan.results_dir,
-                'engine_name': scan.engine.name,
+                'engine_name': display_engine_name,
                'scheduled_scan_name': scheduled_scan_name,
            }
            for scan in created_scans
--- a/backend/apps/scan/services/scan_service.py
+++ b/backend/apps/scan/services/scan_service.py
@@ -96,14 +96,34 @@ class ScanService:
            organization_id, target_id, engine_id
        )
    
+    def prepare_initiate_scan_multi_engine(
+        self,
+        organization_id: int | None = None,
+        target_id: int | None = None,
+        engine_ids: List[int] | None = None
+    ) -> tuple[List[Target], str, List[str], List[int]]:
+        """
+        为创建多引擎扫描任务做准备
+        
+        Returns:
+            (目标列表, 合并配置, 引擎名称列表, 引擎ID列表)
+        """
+        return self.creation_service.prepare_initiate_scan_multi_engine(
+            organization_id, target_id, engine_ids
+        )
+    
    def create_scans(
        self,
        targets: List[Target],
-        engine: ScanEngine,
+        engine_ids: List[int],
+        engine_names: List[str],
+        merged_configuration: str,
        scheduled_scan_name: str | None = None
    ) -> List[Scan]:
        """批量创建扫描任务（委托给 ScanCreationService）"""
-        return self.creation_service.create_scans(targets, engine, scheduled_scan_name)
+        return self.creation_service.create_scans(
+            targets, engine_ids, engine_names, merged_configuration, scheduled_scan_name
+        )
    
    # ==================== 状态管理方法（委托给 ScanStateService） ====================
    
--- a/backend/apps/scan/services/scheduled_scan_service.py
+++ b/backend/apps/scan/services/scheduled_scan_service.py
@@ -14,6 +14,7 @@ from django.core.exceptions import ValidationError

 from apps.scan.models import ScheduledScan
 from apps.scan.repositories import DjangoScheduledScanRepository, ScheduledScanDTO
+from apps.scan.utils.config_merger import merge_engine_configs, ConfigConflictError
 from apps.engine.repositories import DjangoEngineRepository
 from apps.targets.services import TargetService

@@ -57,8 +58,9 @@ class ScheduledScanService:
        
        流程：
        1. 验证参数
-        2. 创建数据库记录
-        3. 计算并设置 next_run_time
+        2. 合并引擎配置
+        3. 创建数据库记录
+        4. 计算并设置 next_run_time
        
        Args:
            dto: 定时扫描 DTO
@@ -68,14 +70,30 @@ class ScheduledScanService:
        
        Raises:
            ValidationError: 参数验证失败
+            ConfigConflictError: 引擎配置冲突
        """
        # 1. 验证参数
        self._validate_create_dto(dto)
        
-        # 2. 创建数据库记录
+        # 2. 合并引擎配置
+        engines = []
+        engine_names = []
+        for engine_id in dto.engine_ids:
+            engine = self.engine_repo.get_by_id(engine_id)
+            if engine:
+                engines.append((engine.name, engine.configuration or ''))
+                engine_names.append(engine.name)
+        
+        merged_configuration = merge_engine_configs(engines)
+        
+        # 设置 DTO 的合并配置和引擎名称
+        dto.engine_names = engine_names
+        dto.merged_configuration = merged_configuration
+        
+        # 3. 创建数据库记录
        scheduled_scan = self.repo.create(dto)
        
-        # 3. 如果有 cron 表达式且已启用，计算下次执行时间
+        # 4. 如果有 cron 表达式且已启用，计算下次执行时间
        if scheduled_scan.cron_expression and scheduled_scan.is_enabled:
            next_run_time = self._calculate_next_run_time(scheduled_scan)
            if next_run_time:
@@ -96,11 +114,13 @@ class ScheduledScanService:
        if not dto.name:
            raise ValidationError('任务名称不能为空')
        
-        if not dto.engine_id:
+        if not dto.engine_ids:
            raise ValidationError('必须选择扫描引擎')
        
-        if not self.engine_repo.get_by_id(dto.engine_id):
-            raise ValidationError(f'扫描引擎 ID {dto.engine_id} 不存在')
+        # 验证所有引擎是否存在
+        for engine_id in dto.engine_ids:
+            if not self.engine_repo.get_by_id(engine_id):
+                raise ValidationError(f'扫描引擎 ID {engine_id} 不存在')
        
        # 验证扫描模式（organization_id 和 target_id 互斥）
        if not dto.organization_id and not dto.target_id:
@@ -138,11 +158,28 @@ class ScheduledScanService:
        
        Returns:
            更新后的 ScheduledScan 对象
+        
+        Raises:
+            ConfigConflictError: 引擎配置冲突
        """
        existing = self.repo.get_by_id(scheduled_scan_id)
        if not existing:
            return None
        
+        # 如果引擎变更，重新合并配置
+        if dto.engine_ids is not None:
+            engines = []
+            engine_names = []
+            for engine_id in dto.engine_ids:
+                engine = self.engine_repo.get_by_id(engine_id)
+                if engine:
+                    engines.append((engine.name, engine.configuration or ''))
+                    engine_names.append(engine.name)
+            
+            merged_configuration = merge_engine_configs(engines)
+            dto.engine_names = engine_names
+            dto.merged_configuration = merged_configuration
+        
        # 更新数据库记录
        scheduled_scan = self.repo.update(scheduled_scan_id, dto)
        if not scheduled_scan:
@@ -292,21 +329,25 @@ class ScheduledScanService:
        立即触发扫描（支持组织扫描和目标扫描两种模式）
        
        复用 ScanService 的逻辑，与 API 调用保持一致。
+        使用存储的 merged_configuration 而不是重新合并。
        """
        from apps.scan.services.scan_service import ScanService
        
        scan_service = ScanService()
        
-        # 1. 准备扫描所需数据（复用 API 的逻辑）
-        targets, engine = scan_service.prepare_initiate_scan(
+        # 1. 准备扫描所需数据（使用存储的多引擎配置）
+        targets, _, _, _ = scan_service.prepare_initiate_scan_multi_engine(
            organization_id=scheduled_scan.organization_id,
            target_id=scheduled_scan.target_id,
-            engine_id=scheduled_scan.engine_id
+            engine_ids=scheduled_scan.engine_ids
        )
        
-        # 2. 创建扫描任务，传递定时扫描名称用于通知显示
+        # 2. 创建扫描任务，使用存储的合并配置
        created_scans = scan_service.create_scans(
-            targets, engine,
+            targets=targets,
+            engine_ids=scheduled_scan.engine_ids,
+            engine_names=scheduled_scan.engine_names,
+            merged_configuration=scheduled_scan.merged_configuration,
            scheduled_scan_name=scheduled_scan.name
        )
        
--- a/backend/apps/scan/tasks/fingerprint_detect/run_xingfinger_task.py
+++ b/backend/apps/scan/tasks/fingerprint_detect/run_xingfinger_task.py
@@ -4,7 +4,6 @@ xingfinger 执行任务
 流式执行 xingfinger 命令并实时更新 tech 字段
 """

-import importlib
 import json
 import logging
 import subprocess
@@ -15,93 +14,97 @@ from django.db import connection
 from prefect import task

 from apps.scan.utils import execute_stream
+from apps.asset.dtos.snapshot import WebsiteSnapshotDTO
+from apps.asset.repositories.snapshot import DjangoWebsiteSnapshotRepository

 logger = logging.getLogger(__name__)


-# 数据源映射：source → (module_path, model_name, url_field)
-SOURCE_MODEL_MAP = {
-    'website': ('apps.asset.models', 'WebSite', 'url'),
-    # 以后扩展：
-    # 'endpoint': ('apps.asset.models', 'Endpoint', 'url'),
-    # 'directory': ('apps.asset.models', 'Directory', 'url'),
-}
-
-
-def _get_model_class(source: str):
-    """根据数据源类型获取 Model 类"""
-    if source not in SOURCE_MODEL_MAP:
-        raise ValueError(f"不支持的数据源: {source}")
-    
-    module_path, model_name, _ = SOURCE_MODEL_MAP[source]
-    module = importlib.import_module(module_path)
-    return getattr(module, model_name)
-
-
-def parse_xingfinger_line(line: str) -> tuple[str, list[str]] | None:
+def parse_xingfinger_line(line: str) -> dict | None:
    """
    解析 xingfinger 单行 JSON 输出
    
-    xingfinger 静默模式输出格式：
-    {"url": "https://example.com", "cms": "WordPress,PHP,nginx", ...}
+    xingfinger 输出格式：
+    {"url": "...", "cms": "...", "server": "BWS/1.1", "status_code": 200, "length": 642831, "title": "..."}
    
    Returns:
-        tuple: (url, tech_list) 或 None（解析失败时）
+        dict: 包含 url, techs, server, title, status_code, content_length 的字典
+        None: 解析失败或 URL 为空时
    """
    try:
        item = json.loads(line)
        url = item.get('url', '').strip()
-        cms = item.get('cms', '')
        
-        if not url or not cms:
+        if not url:
            return None
        
        # cms 字段按逗号分割，去除空白
-        techs = [t.strip() for t in cms.split(',') if t.strip()]
+        cms = item.get('cms', '')
+        techs = [t.strip() for t in cms.split(',') if t.strip()] if cms else []
        
-        return (url, techs) if techs else None
+        return {
+            'url': url,
+            'techs': techs,
+            'server': item.get('server', ''),
+            'title': item.get('title', ''),
+            'status_code': item.get('status_code'),
+            'content_length': item.get('length'),
+        }
        
    except json.JSONDecodeError:
        return None


-def bulk_merge_tech_field(
-    source: str,
-    url_techs_map: dict[str, list[str]],
+def bulk_merge_website_fields(
+    records: list[dict],
    target_id: int
 ) -> dict:
    """
-    批量合并 tech 数组字段（PostgreSQL 原生 SQL）
+    批量合并更新 WebSite 字段（PostgreSQL 原生 SQL）
+    
+    合并策略：
+    - tech：数组合并去重
+    - title, webserver, status_code, content_length：只在原值为空/NULL 时更新
    
-    使用 PostgreSQL 原生 SQL 实现高效的数组合并去重操作。
    如果 URL 对应的记录不存在，会自动创建新记录。
    
+    Args:
+        records: 解析后的记录列表，每个包含 {url, techs, server, title, status_code, content_length}
+        target_id: 目标 ID
+    
    Returns:
        dict: {'updated_count': int, 'created_count': int}
    """
-    Model = _get_model_class(source)
-    table_name = Model._meta.db_table
+    from apps.asset.models import WebSite
+    table_name = WebSite._meta.db_table
    
    updated_count = 0
    created_count = 0
    
    with connection.cursor() as cursor:
-        for url, techs in url_techs_map.items():
-            if not techs:
-                continue
+        for record in records:
+            url = record['url']
+            techs = record.get('techs', [])
+            server = record.get('server', '') or ''
+            title = record.get('title', '') or ''
+            status_code = record.get('status_code')
+            content_length = record.get('content_length')
            
-            # 先尝试更新（PostgreSQL 数组合并去重）
-            sql = f"""
+            # 先尝试更新（合并策略）
+            update_sql = f"""
                UPDATE {table_name}
-                SET tech = (
-                    SELECT ARRAY(SELECT DISTINCT unnest(
+                SET 
+                    tech = (SELECT ARRAY(SELECT DISTINCT unnest(
                        COALESCE(tech, ARRAY[]::varchar[]) || %s::varchar[]
-                    ))
-                )
+                    ))),
+                    title = CASE WHEN title = '' OR title IS NULL THEN %s ELSE title END,
+                    webserver = CASE WHEN webserver = '' OR webserver IS NULL THEN %s ELSE webserver END,
+                    status_code = CASE WHEN status_code IS NULL THEN %s ELSE status_code END,
+                    content_length = CASE WHEN content_length IS NULL THEN %s ELSE content_length END
                WHERE url = %s AND target_id = %s
            """
            
-            cursor.execute(sql, [techs, url, target_id])
+            cursor.execute(update_sql, [techs, title, server, status_code, content_length, url, target_id])
            
            if cursor.rowcount > 0:
                updated_count += cursor.rowcount
@@ -114,20 +117,26 @@ def bulk_merge_tech_field(
                    
                    # 插入新记录（带冲突处理）
                    insert_sql = f"""
-                        INSERT INTO {table_name} (target_id, url, host, tech, created_at)
-                        VALUES (%s, %s, %s, %s::varchar[], NOW())
+                        INSERT INTO {table_name} (
+                            target_id, url, host, location, title, webserver, 
+                            response_body, content_type, tech, status_code, content_length,
+                            response_headers, created_at
+                        )
+                        VALUES (%s, %s, %s, '', %s, %s, '', '', %s::varchar[], %s, %s, '', NOW())
                        ON CONFLICT (target_id, url) DO UPDATE SET
-                            tech = (
-                                SELECT ARRAY(SELECT DISTINCT unnest(
-                                    COALESCE({table_name}.tech, ARRAY[]::varchar[]) || EXCLUDED.tech
-                                ))
-                            )
+                            tech = (SELECT ARRAY(SELECT DISTINCT unnest(
+                                COALESCE({table_name}.tech, ARRAY[]::varchar[]) || EXCLUDED.tech
+                            ))),
+                            title = CASE WHEN {table_name}.title = '' OR {table_name}.title IS NULL THEN EXCLUDED.title ELSE {table_name}.title END,
+                            webserver = CASE WHEN {table_name}.webserver = '' OR {table_name}.webserver IS NULL THEN EXCLUDED.webserver ELSE {table_name}.webserver END,
+                            status_code = CASE WHEN {table_name}.status_code IS NULL THEN EXCLUDED.status_code ELSE {table_name}.status_code END,
+                            content_length = CASE WHEN {table_name}.content_length IS NULL THEN EXCLUDED.content_length ELSE {table_name}.content_length END
                    """
-                    cursor.execute(insert_sql, [target_id, url, host, techs])
+                    cursor.execute(insert_sql, [target_id, url, host, title, server, techs, status_code, content_length])
                    created_count += 1
                    
                except Exception as e:
-                    logger.warning("创建 %s 记录失败 (url=%s): %s", source, url, e)
+                    logger.warning("创建 WebSite 记录失败 (url=%s): %s", url, e)
    
    return {
        'updated_count': updated_count,
@@ -141,12 +150,12 @@ def _parse_xingfinger_stream_output(
    cwd: Optional[str] = None,
    timeout: Optional[int] = None,
    log_file: Optional[str] = None
-) -> Generator[tuple[str, list[str]], None, None]:
+) -> Generator[dict, None, None]:
    """
    流式解析 xingfinger 命令输出
    
    基于 execute_stream 实时处理 xingfinger 命令的 stdout，将每行 JSON 输出
-    转换为 (url, tech_list) 格式
+    转换为完整字段字典
    """
    logger.info("开始流式解析 xingfinger 命令输出 - 命令: %s", cmd)
    
@@ -193,43 +202,46 @@ def run_xingfinger_and_stream_update_tech_task(
    batch_size: int = 100
 ) -> dict:
    """
-    流式执行 xingfinger 命令并实时更新 tech 字段
-    
-    根据 source 参数更新对应表的 tech 字段：
-    - website → WebSite.tech
-    - endpoint → Endpoint.tech（以后扩展）
+    流式执行 xingfinger 命令，保存快照并合并更新资产表
    
    处理流程：
    1. 流式执行 xingfinger 命令
-    2. 实时解析 JSON 输出
-    3. 累积到 batch_size 条后批量更新数据库
-    4. 使用 PostgreSQL 原生 SQL 进行数组合并去重
-    5. 如果记录不存在，自动创建
+    2. 实时解析 JSON 输出（完整字段）
+    3. 累积到 batch_size 条后批量处理：
+       - 保存快照（WebsiteSnapshot）
+       - 合并更新资产表（WebSite）
+    
+    合并策略：
+    - tech：数组合并去重
+    - title, webserver, status_code, content_length：只在原值为空时更新
    
    Returns:
        dict: {
            'processed_records': int,
            'updated_count': int,
            'created_count': int,
+            'snapshot_count': int,
            'batch_count': int
        }
    """
    logger.info(
-        "开始执行 xingfinger 并更新 tech - target_id=%s, source=%s, timeout=%s秒",
-        target_id, source, timeout
+        "开始执行 xingfinger - scan_id=%s, target_id=%s, timeout=%s秒",
+        scan_id, target_id, timeout
    )
    
    data_generator = None
+    snapshot_repo = DjangoWebsiteSnapshotRepository()
    
    try:
        # 初始化统计
        processed_records = 0
        updated_count = 0
        created_count = 0
+        snapshot_count = 0
        batch_count = 0
        
-        # 当前批次的 URL -> techs 映射
-        url_techs_map = {}
+        # 当前批次的记录列表
+        batch_records = []
        
        # 流式处理
        data_generator = _parse_xingfinger_stream_output(
@@ -240,47 +252,43 @@ def run_xingfinger_and_stream_update_tech_task(
            log_file=log_file
        )
        
-        for url, techs in data_generator:
+        for record in data_generator:
            processed_records += 1
+            batch_records.append(record)
            
-            # 累积到 url_techs_map
-            if url in url_techs_map:
-                # 合并同一 URL 的多次识别结果
-                url_techs_map[url].extend(techs)
-            else:
-                url_techs_map[url] = techs
-            
-            # 达到批次大小，执行批量更新
-            if len(url_techs_map) >= batch_size:
+            # 达到批次大小，执行批量处理
+            if len(batch_records) >= batch_size:
                batch_count += 1
-                result = bulk_merge_tech_field(source, url_techs_map, target_id)
-                updated_count += result['updated_count']
-                created_count += result.get('created_count', 0)
-                
-                logger.debug(
-                    "批次 %d 完成 - 更新: %d, 创建: %d",
-                    batch_count, result['updated_count'], result.get('created_count', 0)
+                result = _process_batch(
+                    batch_records, scan_id, target_id, batch_count, snapshot_repo
                )
+                updated_count += result['updated_count']
+                created_count += result['created_count']
+                snapshot_count += result['snapshot_count']
                
                # 清空批次
-                url_techs_map = {}
+                batch_records = []
        
        # 处理最后一批
-        if url_techs_map:
+        if batch_records:
            batch_count += 1
-            result = bulk_merge_tech_field(source, url_techs_map, target_id)
+            result = _process_batch(
+                batch_records, scan_id, target_id, batch_count, snapshot_repo
+            )
            updated_count += result['updated_count']
-            created_count += result.get('created_count', 0)
+            created_count += result['created_count']
+            snapshot_count += result['snapshot_count']
        
        logger.info(
-            "✓ xingfinger 执行完成 - 处理记录: %d, 更新: %d, 创建: %d, 批次: %d",
-            processed_records, updated_count, created_count, batch_count
+            "✓ xingfinger 执行完成 - 处理: %d, 更新: %d, 创建: %d, 快照: %d, 批次: %d",
+            processed_records, updated_count, created_count, snapshot_count, batch_count
        )
        
        return {
            'processed_records': processed_records,
            'updated_count': updated_count,
            'created_count': created_count,
+            'snapshot_count': snapshot_count,
            'batch_count': batch_count
        }
        
@@ -298,3 +306,67 @@ def run_xingfinger_and_stream_update_tech_task(
                data_generator.close()
            except Exception as e:
                logger.debug("关闭生成器时出错: %s", e)
+
+
+def _process_batch(
+    records: list[dict],
+    scan_id: int,
+    target_id: int,
+    batch_num: int,
+    snapshot_repo: DjangoWebsiteSnapshotRepository
+) -> dict:
+    """
+    处理一个批次的数据：保存快照 + 合并更新资产表
+    
+    Args:
+        records: 解析后的记录列表
+        scan_id: 扫描任务 ID
+        target_id: 目标 ID
+        batch_num: 批次编号
+        snapshot_repo: 快照仓库
+    
+    Returns:
+        dict: {'updated_count': int, 'created_count': int, 'snapshot_count': int}
+    """
+    # 1. 构建快照 DTO 列表
+    snapshot_dtos = []
+    for record in records:
+        # 从 URL 提取 host
+        parsed = urlparse(record['url'])
+        host = parsed.hostname or ''
+        
+        dto = WebsiteSnapshotDTO(
+            scan_id=scan_id,
+            target_id=target_id,
+            url=record['url'],
+            host=host,
+            title=record.get('title', '') or '',
+            status_code=record.get('status_code'),
+            content_length=record.get('content_length'),
+            webserver=record.get('server', '') or '',
+            tech=record.get('techs', []),
+        )
+        snapshot_dtos.append(dto)
+    
+    # 2. 保存快照
+    snapshot_count = 0
+    if snapshot_dtos:
+        try:
+            snapshot_repo.save_snapshots(snapshot_dtos)
+            snapshot_count = len(snapshot_dtos)
+        except Exception as e:
+            logger.warning("批次 %d 保存快照失败: %s", batch_num, e)
+    
+    # 3. 合并更新资产表
+    merge_result = bulk_merge_website_fields(records, target_id)
+    
+    logger.debug(
+        "批次 %d 完成 - 更新: %d, 创建: %d, 快照: %d",
+        batch_num, merge_result['updated_count'], merge_result['created_count'], snapshot_count
+    )
+    
+    return {
+        'updated_count': merge_result['updated_count'],
+        'created_count': merge_result['created_count'],
+        'snapshot_count': snapshot_count
+    }
--- a/backend/apps/scan/tasks/site_scan/run_and_stream_save_websites_task.py
+++ b/backend/apps/scan/tasks/site_scan/run_and_stream_save_websites_task.py
@@ -30,7 +30,6 @@ from typing import Generator, Optional, Dict, Any, TYPE_CHECKING
 from django.db import IntegrityError, OperationalError, DatabaseError
 from dataclasses import dataclass
 from urllib.parse import urlparse, urlunparse
-from dateutil.parser import parse as parse_datetime
 from psycopg2 import InterfaceError

 from apps.asset.dtos.snapshot import WebsiteSnapshotDTO
@@ -62,6 +61,18 @@ class ServiceSet:
        )


+def _sanitize_string(value: str) -> str:
+    """
+    清理字符串中的 NUL 字符和其他不可打印字符
+    
+    PostgreSQL 不允许字符串字段包含 NUL (0x00) 字符
+    """
+    if not value:
+        return value
+    # 移除 NUL 字符
+    return value.replace('\x00', '')
+
+
 def normalize_url(url: str) -> str:
    """
    标准化 URL，移除默认端口号
@@ -117,69 +128,50 @@ def normalize_url(url: str) -> str:
        return url


+def _extract_hostname(url: str) -> str:
+    """
+    从 URL 提取主机名
+    
+    Args:
+        url: URL 字符串
+    
+    Returns:
+        str: 提取的主机名（小写）
+    """
+    try:
+        if url:
+            parsed = urlparse(url)
+            if parsed.hostname:
+                return parsed.hostname
+            # 降级方案：手动提取
+            return url.replace('http://', '').replace('https://', '').split('/')[0].split(':')[0]
+        return ''
+    except Exception as e:
+        logger.debug("提取主机名失败: %s", e)
+        return ''
+
+
 class HttpxRecord:
    """httpx 扫描记录数据类"""
    
    def __init__(self, data: Dict[str, Any]):
-        self.url = data.get('url', '')
-        self.input = data.get('input', '')
-        self.title = data.get('title', '')
-        self.status_code = data.get('status_code')
-        self.content_length = data.get('content_length')
-        self.content_type = data.get('content_type', '')
-        self.location = data.get('location', '')
-        self.webserver = data.get('webserver', '')
-        self.body_preview = data.get('body_preview', '')
-        self.tech = data.get('tech', [])
-        self.vhost = data.get('vhost')
-        self.failed = data.get('failed', False)
-        self.timestamp = data.get('timestamp')
+        self.url = _sanitize_string(data.get('url', ''))
+        self.input = _sanitize_string(data.get('input', ''))
+        self.title = _sanitize_string(data.get('title', ''))
+        self.status_code = data.get('status_code')  # int，不需要清理
+        self.content_length = data.get('content_length')  # int，不需要清理
+        self.content_type = _sanitize_string(data.get('content_type', ''))
+        self.location = _sanitize_string(data.get('location', ''))
+        self.webserver = _sanitize_string(data.get('webserver', ''))
+        self.response_body = _sanitize_string(data.get('body', ''))
+        self.tech = [_sanitize_string(t) for t in data.get('tech', []) if isinstance(t, str)]  # 列表中的字符串也需要清理
+        self.vhost = data.get('vhost')  # bool，不需要清理
+        self.failed = data.get('failed', False)  # bool，不需要清理
+        self.response_headers = _sanitize_string(data.get('raw_header', ''))
        
-        # 从 URL 中提取主机名
-        self.host = self._extract_hostname()
-    
-    def _extract_hostname(self) -> str:
-        """
-        从 URL 或 input 字段提取主机名
-        
-        优先级：
-        1. 使用 urlparse 解析 URL 获取 hostname
-        2. 从 input 字段提取（处理可能包含协议的情况）
-        3. 从 URL 字段手动提取（降级方案）
-        
-        Returns:
-            str: 提取的主机名（小写）
-        """
-        try:
-            # 方法 1: 使用 urlparse 解析 URL
-            if self.url:
-                parsed = urlparse(self.url)
-                if parsed.hostname:
-                    return parsed.hostname
-            
-            # 方法 2: 从 input 字段提取
-            if self.input:
-                host = self.input.strip().lower()
-                # 移除协议前缀
-                if host.startswith(('http://', 'https://')):
-                    host = host.split('//', 1)[1].split('/')[0]
-                return host
-            
-            # 方法 3: 从 URL 手动提取（降级方案）
-            if self.url:
-                return self.url.replace('http://', '').replace('https://', '').split('/')[0]
-            
-            # 兜底：返回空字符串
-            return ''
-            
-        except Exception as e:
-            # 异常处理：尽力从 input 或 URL 提取
-            logger.debug("提取主机名失败: %s，使用降级方案", e)
-            if self.input:
-                return self.input.strip().lower()
-            if self.url:
-                return self.url.replace('http://', '').replace('https://', '').split('/')[0]
-            return ''
+        # 从 URL 中提取主机名（优先使用 httpx 返回的 host，否则自动提取）
+        httpx_host = _sanitize_string(data.get('host', ''))
+        self.host = httpx_host if httpx_host else _extract_hostname(self.url)


 def _save_batch_with_retry(
@@ -227,39 +219,31 @@ def _save_batch_with_retry(
            }
        
        except (OperationalError, DatabaseError, InterfaceError) as e:
-            # 数据库连接/操作错误，可重试
+            # 数据库级错误（连接中断、表结构不匹配等）：按指数退避重试，最终失败时抛出异常让 Flow 失败
            if attempt < max_retries - 1:
-                wait_time = 2 ** attempt  # 指数退避: 1s, 2s, 4s
+                wait_time = 2 ** attempt
                logger.warning(
                    "批次 %d 保存失败（第 %d 次尝试），%d秒后重试: %s",
                    batch_num, attempt + 1, wait_time, str(e)[:100]
                )
                time.sleep(wait_time)
            else:
-                logger.error("批次 %d 保存失败（已重试 %d 次）: %s", batch_num, max_retries, e)
-                return {
-                    'success': False,
-                    'created_websites': 0,
-                    'skipped_failed': 0
-                }
-        
-        except Exception as e:
-            # 其他未知错误 - 检查是否为连接问题
-            error_str = str(e).lower()
-            if 'connection' in error_str and attempt < max_retries - 1:
-                logger.warning(
-                    "批次 %d 连接相关错误（尝试 %d/%d）: %s，Repository 装饰器会自动重连",
-                    batch_num, attempt + 1, max_retries, str(e)
+                logger.error(
+                    "批次 %d 保存失败（已重试 %d 次），将终止任务: %s",
+                    batch_num,
+                    max_retries,
+                    e,
+                    exc_info=True,
                )
-                time.sleep(2)
-            else:
-                logger.error("批次 %d 未知错误: %s", batch_num, e, exc_info=True)
-                return {
-                    'success': False,
-                    'created_websites': 0,
-                    'skipped_failed': 0
-                }
-    
+                # 让上层 Task 感知失败，从而标记整个扫描为失败
+                raise
+
+        except Exception as e:
+            # 其他未知异常也不再吞掉，直接抛出以便 Flow 标记为失败
+            logger.error("批次 %d 未知错误: %s", batch_num, e, exc_info=True)
+            raise
+
+    # 理论上不会走到这里，保留兜底返回值以满足类型约束
    return {
        'success': False,
        'created_websites': 0,
@@ -327,42 +311,39 @@ def _save_batch(
            skipped_failed += 1
            continue
        
-        # 解析时间戳
-        created_at = None
-        if hasattr(record, 'timestamp') and record.timestamp:
-            try:
-                created_at = parse_datetime(record.timestamp)
-            except (ValueError, TypeError) as e:
-                logger.warning(f"无法解析时间戳 {record.timestamp}: {e}")
-        
-        # 使用 input 字段（原始扫描的 URL）而不是 url 字段（重定向后的 URL）
-        # 原因：避免多个不同的输入 URL 重定向到同一个 URL 时产生唯一约束冲突
-        # 例如：http://example.com 和 https://example.com 都重定向到 https://example.com
-        # 如果使用 record.url，两条记录会有相同的 url，导致数据库冲突
-        # 如果使用 record.input，两条记录保留原始输入，不会冲突
-        normalized_url = normalize_url(record.input)
-        
-        # 提取 host 字段（域名或IP地址）
-        host = record.host if record.host else ''
-        
-        # 创建 WebsiteSnapshot DTO
-        snapshot_dto = WebsiteSnapshotDTO(
-            scan_id=scan_id,
-            target_id=target_id,  # 主关联字段
-            url=normalized_url,  # 保存原始输入 URL（归一化后）
-            host=host,  # 主机名（域名或IP地址）
-            location=record.location,  # location 字段保存重定向信息
-            title=record.title[:1000] if record.title else '',
-            web_server=record.webserver[:200] if record.webserver else '',
-            body_preview=record.body_preview[:1000] if record.body_preview else '',
-            content_type=record.content_type[:200] if record.content_type else '',
-            tech=record.tech if isinstance(record.tech, list) else [],
-            status=record.status_code,
-            content_length=record.content_length,
-            vhost=record.vhost
-        )
-        
-        snapshot_items.append(snapshot_dto)
+        try:
+            # 使用 input 字段（原始扫描的 URL）而不是 url 字段（重定向后的 URL）
+            # 原因：避免多个不同的输入 URL 重定向到同一个 URL 时产生唯一约束冲突
+            # 例如：http://example.com 和 https://example.com 都重定向到 https://example.com
+            # 如果使用 record.url，两条记录会有相同的 url，导致数据库冲突
+            # 如果使用 record.input，两条记录保留原始输入，不会冲突
+            normalized_url = normalize_url(record.input) if record.input else normalize_url(record.url)
+            
+            # 提取 host 字段（域名或IP地址）
+            host = record.host if record.host else ''
+            
+            # 创建 WebsiteSnapshot DTO
+            snapshot_dto = WebsiteSnapshotDTO(
+                scan_id=scan_id,
+                target_id=target_id,  # 主关联字段
+                url=normalized_url,  # 保存原始输入 URL（归一化后）
+                host=host,  # 主机名（域名或IP地址）
+                location=record.location if record.location else '',
+                title=record.title if record.title else '',
+                webserver=record.webserver if record.webserver else '',
+                response_body=record.response_body if record.response_body else '',
+                content_type=record.content_type if record.content_type else '',
+                tech=record.tech if isinstance(record.tech, list) else [],
+                status_code=record.status_code,
+                content_length=record.content_length,
+                vhost=record.vhost,
+                response_headers=record.response_headers if record.response_headers else '',
+            )
+            
+            snapshot_items.append(snapshot_dto)
+        except Exception as e:
+            logger.error("处理记录失败: %s，错误: %s", record.url, e)
+            continue
    
    # ========== Step 3: 保存快照并同步到资产表（通过快照 Service）==========
    if snapshot_items:
@@ -384,28 +365,31 @@ def _parse_and_validate_line(line: str) -> Optional[HttpxRecord]:
        Optional[HttpxRecord]: 有效的 httpx 扫描记录，或 None 如果验证失败
    
    验证步骤：
-        1. 解析 JSON 格式
-        2. 验证数据类型为字典
-        3. 创建 HttpxRecord 对象
-        4. 验证必要字段（url）
+        1. 清理 NUL 字符
+        2. 解析 JSON 格式
+        3. 验证数据类型为字典
+        4. 创建 HttpxRecord 对象
+        5. 验证必要字段（url）
    """
    try:
-        # 步骤 1: 解析 JSON
+        # 步骤 1: 清理 NUL 字符后再解析 JSON
+        line = _sanitize_string(line)
+        
+        # 步骤 2: 解析 JSON
        try:
            line_data = json.loads(line, strict=False)
        except json.JSONDecodeError:
-            # logger.info("跳过非 JSON 行: %s", line)
            return None
        
-        # 步骤 2: 验证数据类型
+        # 步骤 3: 验证数据类型
        if not isinstance(line_data, dict):
            logger.info("跳过非字典数据")
            return None
        
-        # 步骤 3: 创建记录
+        # 步骤 4: 创建记录
        record = HttpxRecord(line_data)
        
-        # 步骤 4: 验证必要字段
+        # 步骤 5: 验证必要字段
        if not record.url:
            logger.info("URL 为空，跳过 - 数据: %s", str(line_data)[:200])
            return None
@@ -414,7 +398,7 @@ def _parse_and_validate_line(line: str) -> Optional[HttpxRecord]:
        return record
    
    except Exception:
-        logger.info("跳过无法解析的行: %s", line[:100])
+        logger.info("跳过无法解析的行: %s", line[:100] if line else 'empty')
        return None


@@ -462,8 +446,8 @@ def _parse_httpx_stream_output(
            # yield 一条有效记录
            yield record
            
-            # 每处理 1000 条记录输出一次进度
-            if valid_records % 1000 == 0:
+            # 每处理 5 条记录输出一次进度
+            if valid_records % 5 == 0:
                logger.info("已解析 %d 条有效记录...", valid_records)
                
    except subprocess.TimeoutExpired as e:
@@ -602,8 +586,8 @@ def _process_records_in_batches(
            _process_batch(batch, scan_id, target_id, batch_num, total_stats, failed_batches, services)
            batch = []  # 清空批次
            
-            # 每20个批次输出进度
-            if batch_num % 20 == 0:
+            # 每 2 个批次输出进度
+            if batch_num % 2 == 0:
                logger.info("进度: 已处理 %d 批次，%d 条记录", batch_num, total_records)
    
    # 保存最后一批
@@ -674,11 +658,7 @@ def _cleanup_resources(data_generator) -> None:
            logger.error("关闭生成器时出错: %s", gen_close_error)


-@task(
-    name='run_and_stream_save_websites',
-    retries=0,
-    log_prints=True
-)
+@task(name='run_and_stream_save_websites', retries=0)
 def run_and_stream_save_websites_task(
    cmd: str,
    tool_name: str,
@@ -686,7 +666,7 @@ def run_and_stream_save_websites_task(
    target_id: int,
    cwd: Optional[str] = None,
    shell: bool = False,
-    batch_size: int = 1000,
+    batch_size: int = 10,
    timeout: Optional[int] = None,
    log_file: Optional[str] = None
 ) -> dict:
--- a/backend/apps/scan/tasks/url_fetch/run_and_stream_save_urls_task.py
+++ b/backend/apps/scan/tasks/url_fetch/run_and_stream_save_urls_task.py
@@ -2,8 +2,8 @@
 基于 execute_stream 的流式 URL 验证任务

 主要功能：
-    1. 实时执行 httpx 命令验证 URL 存活
-    2. 流式处理命令输出，解析存活的 URL
+    1. 实时执行 httpx 命令验证 URL
+    2. 流式处理命令输出，解析 URL 信息
    3. 批量保存到数据库（Endpoint 表）
    4. 避免一次性加载所有 URL 到内存

@@ -14,7 +14,7 @@
    - 使用 execute_stream 实时处理输出
    - 流式处理避免内存溢出
    - 批量操作减少数据库交互
-    - 只保存存活的 URL（status 2xx/3xx）
+    - 保存所有有效 URL（包括 4xx/5xx，便于安全分析）
 """

 import logging
@@ -23,10 +23,11 @@ import subprocess
 import time
 from pathlib import Path
 from prefect import task
-from typing import Generator, Optional
+from typing import Generator, Optional, Dict, Any
 from django.db import IntegrityError, OperationalError, DatabaseError
 from psycopg2 import InterfaceError
 from dataclasses import dataclass
+from urllib.parse import urlparse

 from apps.asset.services.snapshot import EndpointSnapshotsService
 from apps.scan.utils import execute_stream
@@ -63,7 +64,53 @@ def _sanitize_string(value: str) -> str:
    return value.replace('\x00', '')


-def _parse_and_validate_line(line: str) -> Optional[dict]:
+def _extract_hostname(url: str) -> str:
+    """
+    从 URL 提取主机名
+    
+    Args:
+        url: URL 字符串
+    
+    Returns:
+        str: 提取的主机名（小写）
+    """
+    try:
+        if url:
+            parsed = urlparse(url)
+            if parsed.hostname:
+                return parsed.hostname
+            # 降级方案：手动提取
+            return url.replace('http://', '').replace('https://', '').split('/')[0].split(':')[0]
+        return ''
+    except Exception as e:
+        logger.debug("提取主机名失败: %s", e)
+        return ''
+
+
+class HttpxRecord:
+    """httpx 扫描记录数据类"""
+    
+    def __init__(self, data: Dict[str, Any]):
+        self.url = _sanitize_string(data.get('url', ''))
+        self.input = _sanitize_string(data.get('input', ''))
+        self.title = _sanitize_string(data.get('title', ''))
+        self.status_code = data.get('status_code')  # int，不需要清理
+        self.content_length = data.get('content_length')  # int，不需要清理
+        self.content_type = _sanitize_string(data.get('content_type', ''))
+        self.location = _sanitize_string(data.get('location', ''))
+        self.webserver = _sanitize_string(data.get('webserver', ''))
+        self.response_body = _sanitize_string(data.get('body', ''))
+        self.tech = [_sanitize_string(t) for t in data.get('tech', []) if isinstance(t, str)]  # 列表中的字符串也需要清理
+        self.vhost = data.get('vhost')  # bool，不需要清理
+        self.failed = data.get('failed', False)  # bool，不需要清理
+        self.response_headers = _sanitize_string(data.get('raw_header', ''))
+        
+        # 从 URL 中提取主机名（优先使用 httpx 返回的 host，否则自动提取）
+        httpx_host = _sanitize_string(data.get('host', ''))
+        self.host = httpx_host if httpx_host else _extract_hostname(self.url)
+
+
+def _parse_and_validate_line(line: str) -> Optional[HttpxRecord]:
    """
    解析并验证单行 httpx JSON 输出
    
@@ -71,9 +118,7 @@ def _parse_and_validate_line(line: str) -> Optional[dict]:
        line: 单行输出数据
    
    Returns:
-        Optional[dict]: 有效的 httpx 记录，或 None 如果验证失败
-        
-    只返回存活的 URL（2xx/3xx 状态码）
+        Optional[HttpxRecord]: 有效的 httpx 记录，或 None 如果验证失败
    """
    try:
        # 清理 NUL 字符后再解析 JSON
@@ -83,7 +128,6 @@ def _parse_and_validate_line(line: str) -> Optional[dict]:
        try:
            line_data = json.loads(line, strict=False)
        except json.JSONDecodeError:
-            # logger.info("跳过非 JSON 行: %s", line)
            return None
        
        # 验证数据类型
@@ -91,32 +135,15 @@ def _parse_and_validate_line(line: str) -> Optional[dict]:
            logger.info("跳过非字典数据")
            return None
        
-        # 获取必要字段
-        url = line_data.get('url', '').strip()
-        status_code = line_data.get('status_code')
+        # 创建记录
+        record = HttpxRecord(line_data)
        
-        if not url:
+        # 验证必要字段
+        if not record.url:
            logger.info("URL 为空，跳过 - 数据: %s", str(line_data)[:200])
            return None
        
-        # 只保存存活的 URL（2xx 或 3xx）
-        if status_code and (200 <= status_code < 400):
-            return {
-                'url': _sanitize_string(url),
-                'host': _sanitize_string(line_data.get('host', '')),
-                'status_code': status_code,
-                'title': _sanitize_string(line_data.get('title', '')),
-                'content_length': line_data.get('content_length', 0),
-                'content_type': _sanitize_string(line_data.get('content_type', '')),
-                'webserver': _sanitize_string(line_data.get('webserver', '')),
-                'location': _sanitize_string(line_data.get('location', '')),
-                'tech': line_data.get('tech', []),
-                'body_preview': _sanitize_string(line_data.get('body_preview', '')),
-                'vhost': line_data.get('vhost', False),
-            }
-        else:
-            logger.debug("URL 不存活（状态码: %s），跳过: %s", status_code, url)
-            return None
+        return record
    
    except Exception:
        logger.info("跳过无法解析的行: %s", line[:100] if line else 'empty')
@@ -130,7 +157,7 @@ def _parse_httpx_stream_output(
    shell: bool = False,
    timeout: Optional[int] = None,
    log_file: Optional[str] = None
-) -> Generator[dict, None, None]:
+) -> Generator[HttpxRecord, None, None]:
    """
    流式解析 httpx 命令输出
    
@@ -143,7 +170,7 @@ def _parse_httpx_stream_output(
        log_file: 日志文件路径
    
    Yields:
-        dict: 每次 yield 一条存活的 URL 记录
+        HttpxRecord: 每次 yield 一条存活的 URL 记录
    """
    logger.info("开始流式解析 httpx 输出 - 命令: %s", cmd)
    
@@ -173,8 +200,8 @@ def _parse_httpx_stream_output(
            # yield 一条有效记录（存活的 URL）
            yield record
            
-            # 每处理 500 条记录输出一次进度
-            if valid_records % 500 == 0:
+            # 每处理 100 条记录输出一次进度
+            if valid_records % 100 == 0:
                logger.info("已解析 %d 条存活的 URL...", valid_records)
                
    except subprocess.TimeoutExpired as e:
@@ -191,6 +218,78 @@ def _parse_httpx_stream_output(
    )


+def _validate_task_parameters(cmd: str, target_id: int, scan_id: int, cwd: Optional[str]) -> None:
+    """
+    验证任务参数的有效性
+    
+    Args:
+        cmd: 扫描命令
+        target_id: 目标ID
+        scan_id: 扫描ID
+        cwd: 工作目录
+        
+    Raises:
+        ValueError: 参数验证失败
+    """
+    if not cmd or not cmd.strip():
+        raise ValueError("扫描命令不能为空")
+    
+    if target_id is None:
+        raise ValueError("target_id 不能为 None，必须指定目标ID")
+        
+    if scan_id is None:
+        raise ValueError("scan_id 不能为 None，必须指定扫描ID")
+    
+    # 验证工作目录（如果指定）
+    if cwd and not Path(cwd).exists():
+        raise ValueError(f"工作目录不存在: {cwd}")
+
+
+def _build_final_result(stats: dict) -> dict:
+    """
+    构建最终结果并输出日志
+    
+    Args:
+        stats: 处理统计信息
+        
+    Returns:
+        dict: 最终结果
+    """
+    logger.info(
+        "✓ URL 验证任务完成 - 处理记录: %d（%d 批次），创建端点: %d，跳过（失败）: %d",
+        stats['processed_records'], stats['batch_count'], stats['created_endpoints'],
+        stats['skipped_failed']
+    )
+    
+    # 如果没有创建任何记录，给出明确提示
+    if stats['created_endpoints'] == 0:
+        logger.warning(
+            "⚠️  没有创建任何端点记录！可能原因：1) 命令输出格式问题 2) 重复数据被忽略 3) 所有请求都失败"
+        )
+    
+    return {
+        'processed_records': stats['processed_records'],
+        'created_endpoints': stats['created_endpoints'],
+        'skipped_failed': stats['skipped_failed']
+    }
+
+
+def _cleanup_resources(data_generator) -> None:
+    """
+    清理任务资源
+    
+    Args:
+        data_generator: 数据生成器
+    """
+    # 确保生成器被正确关闭
+    if data_generator is not None:
+        try:
+            data_generator.close()
+            logger.debug("已关闭数据生成器")
+        except Exception as gen_close_error:
+            logger.error("关闭生成器时出错: %s", gen_close_error)
+
+
 def _save_batch_with_retry(
    batch: list,
    scan_id: int,
@@ -211,14 +310,19 @@ def _save_batch_with_retry(
        max_retries: 最大重试次数
    
    Returns:
-        dict: {'success': bool, 'saved_count': int}
+        dict: {
+            'success': bool,
+            'created_endpoints': int,
+            'skipped_failed': int
+        }
    """
    for attempt in range(max_retries):
        try:
-            count = _save_batch(batch, scan_id, target_id, batch_num, services)
+            stats = _save_batch(batch, scan_id, target_id, batch_num, services)
            return {
                'success': True,
-                'saved_count': count
+                'created_endpoints': stats.get('created_endpoints', 0),
+                'skipped_failed': stats.get('skipped_failed', 0)
            }

        except IntegrityError as e:
@@ -226,7 +330,8 @@ def _save_batch_with_retry(
            logger.error("批次 %d 数据完整性错误，跳过: %s", batch_num, str(e)[:100])
            return {
                'success': False,
-                'saved_count': 0
+                'created_endpoints': 0,
+                'skipped_failed': 0
            }

        except (OperationalError, DatabaseError, InterfaceError) as e:
@@ -257,7 +362,8 @@ def _save_batch_with_retry(
    # 理论上不会走到这里，保留兜底返回值以满足类型约束
    return {
        'success': False,
-        'saved_count': 0
+        'created_endpoints': 0,
+        'skipped_failed': 0
    }


@@ -267,49 +373,72 @@ def _save_batch(
    target_id: int,
    batch_num: int,
    services: ServiceSet
-) -> int:
+) -> dict:
    """
    保存一个批次的数据到数据库
    
    Args:
-        batch: 数据批次，list of dict
+        batch: 数据批次，list of HttpxRecord
        scan_id: 扫描任务 ID
        target_id: 目标 ID
        batch_num: 批次编号
        services: Service 集合
    
    Returns:
-        int: 创建的记录数
+        dict: 包含创建和跳过记录的统计信息
    """
+    # 参数验证
+    if not isinstance(batch, list):
+        raise TypeError(f"batch 必须是 list 类型，实际: {type(batch).__name__}")
+    
    if not batch:
        logger.debug("批次 %d 为空，跳过处理", batch_num)
-        return 0
+        return {
+            'created_endpoints': 0,
+            'skipped_failed': 0
+        }
+    
+    # 统计变量
+    skipped_failed = 0
    
    # 批量构造 Endpoint 快照 DTO
    from apps.asset.dtos.snapshot import EndpointSnapshotDTO
    
    snapshots = []
    for record in batch:
+        # 跳过失败的请求
+        if record.failed:
+            skipped_failed += 1
+            continue
+        
        try:
+            # Endpoint URL 直接使用原始值，不做标准化
+            # 原因：Endpoint URL 来自 waymore/katana，包含路径和参数，标准化可能改变含义
+            url = record.input if record.input else record.url
+            
+            # 提取 host 字段（域名或IP地址）
+            host = record.host if record.host else ''
+            
            dto = EndpointSnapshotDTO(
                scan_id=scan_id,
-                url=record['url'],
-                host=record.get('host', ''),
-                title=record.get('title', ''),
-                status_code=record.get('status_code'),
-                content_length=record.get('content_length', 0),
-                location=record.get('location', ''),
-                webserver=record.get('webserver', ''),
-                content_type=record.get('content_type', ''),
-                tech=record.get('tech', []),
-                body_preview=record.get('body_preview', ''),
-                vhost=record.get('vhost', False),
-                matched_gf_patterns=[],
                target_id=target_id,
+                url=url,
+                host=host,
+                title=record.title if record.title else '',
+                status_code=record.status_code,
+                content_length=record.content_length,
+                location=record.location if record.location else '',
+                webserver=record.webserver if record.webserver else '',
+                content_type=record.content_type if record.content_type else '',
+                tech=record.tech if isinstance(record.tech, list) else [],
+                response_body=record.response_body if record.response_body else '',
+                vhost=record.vhost if record.vhost else False,
+                matched_gf_patterns=[],
+                response_headers=record.response_headers if record.response_headers else '',
            )
            snapshots.append(dto)
        except Exception as e:
-            logger.error("处理记录失败: %s，错误: %s", record.get('url', 'Unknown'), e)
+            logger.error("处理记录失败: %s，错误: %s", record.url, e)
            continue
    
    if snapshots:
@@ -318,15 +447,69 @@ def _save_batch(
            services.snapshot.save_and_sync(snapshots)
            count = len(snapshots)
            logger.info(
-                "批次 %d: 保存了 %d 个存活的 URL（共 %d 个）",
-                batch_num, count, len(batch)
+                "批次 %d: 保存了 %d 个存活的 URL（共 %d 个，跳过失败: %d）",
+                batch_num, count, len(batch), skipped_failed
            )
-            return count
+            return {
+                'created_endpoints': count,
+                'skipped_failed': skipped_failed
+            }
        except Exception as e:
            logger.error("批次 %d 批量保存失败: %s", batch_num, e)
            raise
    
-    return 0
+    return {
+        'created_endpoints': 0,
+        'skipped_failed': skipped_failed
+    }
+
+
+def _accumulate_batch_stats(total_stats: dict, batch_result: dict) -> None:
+    """
+    累加批次统计信息
+    
+    Args:
+        total_stats: 总统计信息字典
+        batch_result: 批次结果字典
+    """
+    total_stats['created_endpoints'] += batch_result.get('created_endpoints', 0)
+    total_stats['skipped_failed'] += batch_result.get('skipped_failed', 0)
+
+
+def _process_batch(
+    batch: list,
+    scan_id: int,
+    target_id: int,
+    batch_num: int,
+    total_stats: dict,
+    failed_batches: list,
+    services: ServiceSet
+) -> None:
+    """
+    处理单个批次
+    
+    Args:
+        batch: 数据批次
+        scan_id: 扫描ID
+        target_id: 目标ID
+        batch_num: 批次编号
+        total_stats: 总统计信息
+        failed_batches: 失败批次列表
+        services: Service 集合（必须，依赖注入）
+    """
+    result = _save_batch_with_retry(
+        batch, scan_id, target_id, batch_num, services
+    )
+    
+    # 累计统计信息（失败时可能有部分数据已保存）
+    _accumulate_batch_stats(total_stats, result)
+    
+    if not result['success']:
+        failed_batches.append(batch_num)
+        logger.warning(
+            "批次 %d 保存失败，但已累计统计信息：创建端点=%d",
+            batch_num, result.get('created_endpoints', 0)
+        )


 def _process_records_in_batches(
@@ -337,7 +520,7 @@ def _process_records_in_batches(
    services: ServiceSet
 ) -> dict:
    """
-    分批处理记录并保存到数据库
+    流式处理记录并分批保存
    
    Args:
        data_generator: 数据生成器
@@ -347,14 +530,23 @@ def _process_records_in_batches(
        services: Service 集合
        
    Returns:
-        dict: 处理统计结果
+        dict: 处理统计信息
+        
+    Raises:
+        RuntimeError: 存在失败批次时抛出
    """
-    batch = []
-    batch_num = 0
    total_records = 0
-    total_saved = 0
+    batch_num = 0
    failed_batches = []
+    batch = []
    
+    # 统计信息
+    total_stats = {
+        'created_endpoints': 0,
+        'skipped_failed': 0
+    }
+    
+    # 流式读取生成器并分批保存
    for record in data_generator:
        batch.append(record)
        total_records += 1
@@ -362,46 +554,35 @@ def _process_records_in_batches(
        # 达到批次大小，执行保存
        if len(batch) >= batch_size:
            batch_num += 1
-            result = _save_batch_with_retry(
-                batch, scan_id, target_id, batch_num, services
-            )
-            
-            if result['success']:
-                total_saved += result['saved_count']
-            else:
-                failed_batches.append(batch_num)
-            
+            _process_batch(batch, scan_id, target_id, batch_num, total_stats, failed_batches, services)
            batch = []  # 清空批次
            
            # 每 10 个批次输出进度
            if batch_num % 10 == 0:
-                logger.info(
-                    "进度: 已处理 %d 批次，%d 条记录，保存 %d 条",
-                    batch_num, total_records, total_saved
-                )
+                logger.info("进度: 已处理 %d 批次，%d 条记录", batch_num, total_records)
    
    # 保存最后一批
    if batch:
        batch_num += 1
-        result = _save_batch_with_retry(
-            batch, scan_id, target_id, batch_num, services
+        _process_batch(batch, scan_id, target_id, batch_num, total_stats, failed_batches, services)
+    
+    # 检查失败批次
+    if failed_batches:
+        error_msg = (
+            f"流式保存 URL 验证结果时出现失败批次，处理记录: {total_records}，"
+            f"失败批次: {failed_batches}"
        )
-        
-        if result['success']:
-            total_saved += result['saved_count']
-        else:
-            failed_batches.append(batch_num)
+        logger.warning(error_msg)
+        raise RuntimeError(error_msg)
    
    return {
        'processed_records': total_records,
-        'saved_urls': total_saved,
-        'failed_urls': total_records - total_saved,
        'batch_count': batch_num,
-        'failed_batches': failed_batches
+        **total_stats
    }


-@task(name="run_and_stream_save_urls", retries=3, retry_delay_seconds=10)
+@task(name="run_and_stream_save_urls", retries=0)
 def run_and_stream_save_urls_task(
    cmd: str,
    tool_name: str,
@@ -409,7 +590,7 @@ def run_and_stream_save_urls_task(
    target_id: int,
    cwd: Optional[str] = None,
    shell: bool = False,
-    batch_size: int = 500,
+    batch_size: int = 100,
    timeout: Optional[int] = None,
    log_file: Optional[str] = None
 ) -> dict:
@@ -417,17 +598,18 @@ def run_and_stream_save_urls_task(
    执行 httpx 验证并流式保存存活的 URL
    
    该任务将：
-    1. 执行 httpx 命令验证 URL 存活
-    2. 流式处理输出，实时解析
-    3. 批量保存存活的 URL 到 Endpoint 表
+    1. 验证输入参数
+    2. 初始化资源（缓存、生成器）
+    3. 流式处理记录并分批保存
+    4. 构建并返回结果统计
    
    Args:
        cmd: httpx 命令
        tool_name: 工具名称（'httpx'）
        scan_id: 扫描任务 ID
        target_id: 目标 ID
-        cwd: 工作目录
-        shell: 是否使用 shell 执行
+        cwd: 工作目录（可选）
+        shell: 是否使用 shell 执行（默认 False）
        batch_size: 批次大小（默认 500）
        timeout: 超时时间（秒）
        log_file: 日志文件路径
@@ -435,11 +617,14 @@ def run_and_stream_save_urls_task(
    Returns:
        dict: {
            'processed_records': int,  # 处理的记录总数
-            'saved_urls': int,         # 保存的存活 URL 数
-            'failed_urls': int,        # 失败/死链数
-            'batch_count': int,        # 批次数
-            'failed_batches': list     # 失败的批次号
+            'created_endpoints': int,  # 创建的端点记录数
+            'skipped_failed': int,     # 因请求失败跳过的记录数
        }
+    
+    Raises:
+        ValueError: 参数验证失败
+        RuntimeError: 命令执行或数据库操作失败
+        subprocess.TimeoutExpired: 命令执行超时
    """
    logger.info(
        "开始执行流式 URL 验证任务 - target_id=%s, 超时=%s秒, 命令: %s",
@@ -449,33 +634,30 @@ def run_and_stream_save_urls_task(
    data_generator = None
    
    try:
-        # 1. 初始化资源
+        # 1. 验证参数
+        _validate_task_parameters(cmd, target_id, scan_id, cwd)
+        
+        # 2. 初始化资源
        data_generator = _parse_httpx_stream_output(
            cmd, tool_name, cwd, shell, timeout, log_file
        )
        services = ServiceSet.create_default()
        
-        # 2. 流式处理记录并分批保存
+        # 3. 流式处理记录并分批保存
        stats = _process_records_in_batches(
            data_generator, scan_id, target_id, batch_size, services
        )
        
-        # 3. 输出最终统计
-        logger.info(
-            "✓ URL 验证任务完成 - 处理: %d, 存活: %d, 失败: %d",
-            stats['processed_records'],
-            stats['saved_urls'],
-            stats['failed_urls']
-        )
-        
-        return stats
+        # 4. 构建最终结果
+        return _build_final_result(stats)
        
    except subprocess.TimeoutExpired:
+        # 超时异常直接向上传播，保留异常类型
        logger.warning(
            "⚠️ URL 验证任务超时 - target_id=%s, 超时=%s秒",
            target_id, timeout
        )
-        raise
+        raise  # 直接重新抛出，不包装
    
    except Exception as e:
        error_msg = f"流式执行 URL 验证任务失败: {e}"
@@ -483,12 +665,5 @@ def run_and_stream_save_urls_task(
        raise RuntimeError(error_msg) from e
    
    finally:
-        # 清理资源
-        if data_generator is not None:
-            try:
-                # 确保生成器被正确关闭
-                data_generator.close()
-            except (GeneratorExit, StopIteration):
-                pass
-            except Exception as e:
-                logger.warning("关闭数据生成器时出错: %s", e)
+        # 5. 清理资源
+        _cleanup_resources(data_generator)
--- a/backend/apps/scan/utils/config_merger.py
+++ b/backend/apps/scan/utils/config_merger.py
@@ -0,0 +1,80 @@
+"""
+配置合并工具模块
+
+提供多引擎 YAML 配置的冲突检测和合并功能。
+"""
+
+from typing import List, Tuple
+
+import yaml
+
+
+class ConfigConflictError(Exception):
+    """配置冲突异常
+    
+    当两个或多个引擎定义相同的顶层扫描类型键时抛出。
+    """
+    
+    def __init__(self, conflicts: List[Tuple[str, str, str]]):
+        """
+        参数:
+            conflicts: (键, 引擎1名称, 引擎2名称) 元组列表
+        """
+        self.conflicts = conflicts
+        msg = "; ".join([f"{k} 同时存在于「{e1}」和「{e2}」" for k, e1, e2 in conflicts])
+        super().__init__(f"扫描类型冲突: {msg}")
+
+
+def merge_engine_configs(engines: List[Tuple[str, str]]) -> str:
+    """
+    合并多个引擎的 YAML 配置。
+    
+    参数:
+        engines: (引擎名称, 配置YAML) 元组列表
+    
+    返回:
+        合并后的 YAML 字符串
+    
+    异常:
+        ConfigConflictError: 当顶层键冲突时
+    """
+    if not engines:
+        return ""
+    
+    if len(engines) == 1:
+        return engines[0][1]
+    
+    # 追踪每个顶层键属于哪个引擎
+    key_to_engine: dict[str, str] = {}
+    conflicts: List[Tuple[str, str, str]] = []
+    
+    for engine_name, config_yaml in engines:
+        if not config_yaml or not config_yaml.strip():
+            continue
+            
+        try:
+            parsed = yaml.safe_load(config_yaml)
+        except yaml.YAMLError:
+            # 无效 YAML 跳过
+            continue
+            
+        if not isinstance(parsed, dict):
+            continue
+            
+        # 检查顶层键冲突
+        for key in parsed.keys():
+            if key in key_to_engine:
+                conflicts.append((key, key_to_engine[key], engine_name))
+            else:
+                key_to_engine[key] = engine_name
+    
+    if conflicts:
+        raise ConfigConflictError(conflicts)
+    
+    # 无冲突，用双换行符连接配置
+    configs = []
+    for _, config_yaml in engines:
+        if config_yaml and config_yaml.strip():
+            configs.append(config_yaml.strip())
+    
+    return "\n\n".join(configs)
--- a/backend/apps/scan/utils/config_parser.py
+++ b/backend/apps/scan/utils/config_parser.py
@@ -36,7 +36,14 @@ def _normalize_config_keys(config: Dict[str, Any]) -> Dict[str, Any]:
        
    Returns:
        key 已转换的新字典
+        
+    Raises:
+        ValueError: 配置为 None 或非字典类型时抛出
    """
+    if config is None:
+        raise ValueError("配置不能为空（None），请检查 YAML 格式，确保冒号后有配置内容或使用 {} 表示空配置")
+    if not isinstance(config, dict):
+        raise ValueError(f"配置格式错误：期望 dict，实际 {type(config).__name__}")
    return {
        k.replace('-', '_') if isinstance(k, str) else k: v
        for k, v in config.items()
--- a/backend/apps/scan/utils/fingerprint_helpers.py
+++ b/backend/apps/scan/utils/fingerprint_helpers.py
@@ -18,6 +18,9 @@ FINGERPRINT_LIB_MAP = {
    'ehole': 'ensure_ehole_fingerprint_local',
    'goby': 'ensure_goby_fingerprint_local',
    'wappalyzer': 'ensure_wappalyzer_fingerprint_local',
+    'fingers': 'ensure_fingers_fingerprint_local',
+    'fingerprinthub': 'ensure_fingerprinthub_fingerprint_local',
+    'arl': 'ensure_arl_fingerprint_local',
 }


@@ -221,10 +224,170 @@ def get_fingerprint_paths(lib_names: list) -> dict:
    return paths


+def ensure_fingers_fingerprint_local() -> str:
+    """
+    确保本地存在最新的 Fingers 指纹文件（带缓存）
+    
+    Returns:
+        str: 本地指纹文件路径
+    """
+    from apps.engine.services.fingerprints import FingersFingerprintService
+    
+    service = FingersFingerprintService()
+    current_version = service.get_fingerprint_version()
+    
+    # 缓存目录和文件
+    base_dir = getattr(settings, 'FINGERPRINTS_BASE_PATH', '/opt/xingrin/fingerprints')
+    os.makedirs(base_dir, exist_ok=True)
+    cache_file = os.path.join(base_dir, 'fingers.json')
+    version_file = os.path.join(base_dir, 'fingers.version')
+    
+    # 检查缓存版本
+    cached_version = None
+    if os.path.exists(version_file):
+        try:
+            with open(version_file, 'r') as f:
+                cached_version = f.read().strip()
+        except OSError as e:
+            logger.warning("读取 Fingers 版本文件失败: %s", e)
+    
+    # 版本匹配，直接返回缓存
+    if cached_version == current_version and os.path.exists(cache_file):
+        logger.info("Fingers 指纹文件缓存有效（版本匹配）: %s", cache_file)
+        return cache_file
+    
+    # 版本不匹配，重新导出
+    logger.info(
+        "Fingers 指纹文件需要更新: cached=%s, current=%s",
+        cached_version, current_version
+    )
+    data = service.get_export_data()
+    with open(cache_file, 'w', encoding='utf-8') as f:
+        json.dump(data, f, ensure_ascii=False)
+    
+    # 写入版本文件
+    try:
+        with open(version_file, 'w') as f:
+            f.write(current_version)
+    except OSError as e:
+        logger.warning("写入 Fingers 版本文件失败: %s", e)
+    
+    logger.info("Fingers 指纹文件已更新: %s", cache_file)
+    return cache_file
+
+
+def ensure_fingerprinthub_fingerprint_local() -> str:
+    """
+    确保本地存在最新的 FingerPrintHub 指纹文件（带缓存）
+    
+    Returns:
+        str: 本地指纹文件路径
+    """
+    from apps.engine.services.fingerprints import FingerPrintHubFingerprintService
+    
+    service = FingerPrintHubFingerprintService()
+    current_version = service.get_fingerprint_version()
+    
+    # 缓存目录和文件
+    base_dir = getattr(settings, 'FINGERPRINTS_BASE_PATH', '/opt/xingrin/fingerprints')
+    os.makedirs(base_dir, exist_ok=True)
+    cache_file = os.path.join(base_dir, 'fingerprinthub.json')
+    version_file = os.path.join(base_dir, 'fingerprinthub.version')
+    
+    # 检查缓存版本
+    cached_version = None
+    if os.path.exists(version_file):
+        try:
+            with open(version_file, 'r') as f:
+                cached_version = f.read().strip()
+        except OSError as e:
+            logger.warning("读取 FingerPrintHub 版本文件失败: %s", e)
+    
+    # 版本匹配，直接返回缓存
+    if cached_version == current_version and os.path.exists(cache_file):
+        logger.info("FingerPrintHub 指纹文件缓存有效（版本匹配）: %s", cache_file)
+        return cache_file
+    
+    # 版本不匹配，重新导出
+    logger.info(
+        "FingerPrintHub 指纹文件需要更新: cached=%s, current=%s",
+        cached_version, current_version
+    )
+    data = service.get_export_data()
+    with open(cache_file, 'w', encoding='utf-8') as f:
+        json.dump(data, f, ensure_ascii=False)
+    
+    # 写入版本文件
+    try:
+        with open(version_file, 'w') as f:
+            f.write(current_version)
+    except OSError as e:
+        logger.warning("写入 FingerPrintHub 版本文件失败: %s", e)
+    
+    logger.info("FingerPrintHub 指纹文件已更新: %s", cache_file)
+    return cache_file
+
+
+def ensure_arl_fingerprint_local() -> str:
+    """
+    确保本地存在最新的 ARL 指纹文件（带缓存）
+    
+    Returns:
+        str: 本地指纹文件路径（YAML 格式）
+    """
+    import yaml
+    from apps.engine.services.fingerprints import ARLFingerprintService
+    
+    service = ARLFingerprintService()
+    current_version = service.get_fingerprint_version()
+    
+    # 缓存目录和文件
+    base_dir = getattr(settings, 'FINGERPRINTS_BASE_PATH', '/opt/xingrin/fingerprints')
+    os.makedirs(base_dir, exist_ok=True)
+    cache_file = os.path.join(base_dir, 'arl.yaml')
+    version_file = os.path.join(base_dir, 'arl.version')
+    
+    # 检查缓存版本
+    cached_version = None
+    if os.path.exists(version_file):
+        try:
+            with open(version_file, 'r') as f:
+                cached_version = f.read().strip()
+        except OSError as e:
+            logger.warning("读取 ARL 版本文件失败: %s", e)
+    
+    # 版本匹配，直接返回缓存
+    if cached_version == current_version and os.path.exists(cache_file):
+        logger.info("ARL 指纹文件缓存有效（版本匹配）: %s", cache_file)
+        return cache_file
+    
+    # 版本不匹配，重新导出
+    logger.info(
+        "ARL 指纹文件需要更新: cached=%s, current=%s",
+        cached_version, current_version
+    )
+    data = service.get_export_data()
+    with open(cache_file, 'w', encoding='utf-8') as f:
+        yaml.dump(data, f, allow_unicode=True, default_flow_style=False)
+    
+    # 写入版本文件
+    try:
+        with open(version_file, 'w') as f:
+            f.write(current_version)
+    except OSError as e:
+        logger.warning("写入 ARL 版本文件失败: %s", e)
+    
+    logger.info("ARL 指纹文件已更新: %s", cache_file)
+    return cache_file
+
+
 __all__ = [
    "ensure_ehole_fingerprint_local",
    "ensure_goby_fingerprint_local",
    "ensure_wappalyzer_fingerprint_local",
+    "ensure_fingers_fingerprint_local",
+    "ensure_fingerprinthub_fingerprint_local",
+    "ensure_arl_fingerprint_local",
    "get_fingerprint_paths",
    "FINGERPRINT_LIB_MAP",
 ]
--- a/backend/apps/scan/utils/nuclei_helpers.py
+++ b/backend/apps/scan/utils/nuclei_helpers.py
@@ -19,7 +19,6 @@ from typing import Optional

 from django.conf import settings

-from apps.common.utils.git_proxy import get_git_proxy_url
 from apps.engine.models import NucleiTemplateRepo

 logger = logging.getLogger(__name__)
@@ -50,7 +49,7 @@ def get_local_commit_hash(local_path: Path) -> Optional[str]:


 def git_clone(repo_url: str, local_path: Path) -> bool:
-    """Git clone 仓库（支持 Git 加速）
+    """Git clone 仓库

    Args:
        repo_url: 仓库 URL
@@ -59,15 +58,9 @@ def git_clone(repo_url: str, local_path: Path) -> bool:
    Returns:
        是否成功
    """
-    # Transform URL for Git acceleration if enabled
-    proxied_url = get_git_proxy_url(repo_url)
-    
-    if proxied_url != repo_url:
-        logger.info("Using Git acceleration: %s -> %s", repo_url, proxied_url)
-    
    logger.info("正在 clone 模板仓库: %s -> %s", repo_url, local_path)
    result = subprocess.run(
-        ["git", "clone", "--depth", "1", proxied_url, str(local_path)],
+        ["git", "clone", "--depth", "1", repo_url, str(local_path)],
        check=False,
        stdout=subprocess.PIPE,
        stderr=subprocess.PIPE,
--- a/backend/apps/scan/utils/wordlist_helpers.py
+++ b/backend/apps/scan/utils/wordlist_helpers.py
@@ -96,7 +96,13 @@ def ensure_wordlist_local(wordlist_name: str) -> str:
        ssl_context.check_hostname = False
        ssl_context.verify_mode = ssl.CERT_NONE
        
-        with urllib_request.urlopen(download_url, context=ssl_context) as resp:
+        # 创建带 API Key 的请求
+        req = urllib_request.Request(download_url)
+        worker_api_key = os.getenv('WORKER_API_KEY', '')
+        if worker_api_key:
+            req.add_header('X-Worker-API-Key', worker_api_key)
+        
+        with urllib_request.urlopen(req, context=ssl_context) as resp:
            if resp.status != 200:
                raise RuntimeError(f"下载字典失败，HTTP {resp.status}")
            data = resp.read()
--- a/backend/apps/scan/views/scan_views.py
+++ b/backend/apps/scan/views/scan_views.py
@@ -7,6 +7,10 @@ from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.db.utils import DatabaseError, IntegrityError, OperationalError
 import logging

+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes
+from apps.scan.utils.config_merger import ConfigConflictError
+
 logger = logging.getLogger(__name__)

 from ..models import Scan, ScheduledScan
@@ -75,20 +79,31 @@ class ScanViewSet(viewsets.ModelViewSet):
            scan_service = ScanService()
            result = scan_service.delete_scans_two_phase([scan.id])
            
-            return Response({
-                'message': f'已删除扫描任务: Scan #{scan.id}',
-                'scanId': scan.id,
-                'deletedCount': result['soft_deleted_count'],
-                'deletedScans': result['scan_names']
-            }, status=status.HTTP_200_OK)
+            return success_response(
+                data={
+                    'scanId': scan.id,
+                    'deletedCount': result['soft_deleted_count'],
+                    'deletedScans': result['scan_names']
+                }
+            )
            
        except Scan.DoesNotExist:
-            raise NotFound('扫描任务不存在')
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                status_code=status.HTTP_404_NOT_FOUND
+            )
        except ValueError as e:
-            raise NotFound(str(e))
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message=str(e),
+                status_code=status.HTTP_404_NOT_FOUND
+            )
        except Exception as e:
            logger.exception("删除扫描任务时发生错误")
-            raise APIException('服务器错误，请稍后重试')
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )
    
    @action(detail=False, methods=['post'])
    def quick(self, request):
@@ -104,7 +119,7 @@ class ScanViewSet(viewsets.ModelViewSet):
        请求参数：
        {
            "targets": [{"name": "example.com"}, {"name": "https://example.com/api"}],
-            "engine_id": 1
+            "engine_ids": [1, 2]
        }
        
        支持的输入格式：
@@ -119,7 +134,7 @@ class ScanViewSet(viewsets.ModelViewSet):
        serializer.is_valid(raise_exception=True)
        
        targets_data = serializer.validated_data['targets']
-        engine_id = serializer.validated_data.get('engine_id')
+        engine_ids = serializer.validated_data.get('engine_ids')
        
        try:
            # 提取输入字符串列表
@@ -127,47 +142,82 @@ class ScanViewSet(viewsets.ModelViewSet):
            
            # 1. 使用 QuickScanService 解析输入并创建资产
            quick_scan_service = QuickScanService()
-            result = quick_scan_service.process_quick_scan(inputs, engine_id)
+            result = quick_scan_service.process_quick_scan(inputs, engine_ids[0] if engine_ids else None)
            
            targets = result['targets']
            
            if not targets:
-                return Response({
-                    'error': '没有有效的目标可供扫描',
-                    'errors': result.get('errors', [])
-                }, status=status.HTTP_400_BAD_REQUEST)
+                return error_response(
+                    code=ErrorCodes.VALIDATION_ERROR,
+                    message='No valid targets for scanning',
+                    details=result.get('errors', []),
+                    status_code=status.HTTP_400_BAD_REQUEST
+                )
            
-            # 2. 获取扫描引擎
-            engine_service = EngineService()
-            engine = engine_service.get_engine(engine_id)
-            if not engine:
-                raise ValidationError(f'扫描引擎 ID {engine_id} 不存在')
+            # 2. 准备多引擎扫描
+            scan_service = ScanService()
+            _, merged_configuration, engine_names, engine_ids = scan_service.prepare_initiate_scan_multi_engine(
+                target_id=targets[0].id,  # 使用第一个目标来验证引擎
+                engine_ids=engine_ids
+            )
            
            # 3. 批量发起扫描
-            scan_service = ScanService()
            created_scans = scan_service.create_scans(
                targets=targets,
-                engine=engine
+                engine_ids=engine_ids,
+                engine_names=engine_names,
+                merged_configuration=merged_configuration
            )
            
+            # 检查是否成功创建扫描任务
+            if not created_scans:
+                return error_response(
+                    code=ErrorCodes.VALIDATION_ERROR,
+                    message='No scan tasks were created. All targets may already have active scans.',
+                    details={
+                        'targetStats': result['target_stats'],
+                        'assetStats': result['asset_stats'],
+                        'errors': result.get('errors', [])
+                    },
+                    status_code=status.HTTP_422_UNPROCESSABLE_ENTITY
+                )
+            
            # 序列化返回结果
            scan_serializer = ScanSerializer(created_scans, many=True)
            
-            return Response({
-                'message': f'快速扫描已启动：{len(created_scans)} 个任务',
-                'target_stats': result['target_stats'],
-                'asset_stats': result['asset_stats'],
-                'errors': result.get('errors', []),
-                'scans': scan_serializer.data
-            }, status=status.HTTP_201_CREATED)
+            return success_response(
+                data={
+                    'count': len(created_scans),
+                    'targetStats': result['target_stats'],
+                    'assetStats': result['asset_stats'],
+                    'errors': result.get('errors', []),
+                    'scans': scan_serializer.data
+                },
+                status_code=status.HTTP_201_CREATED
+            )
+        
+        except ConfigConflictError as e:
+            return error_response(
+                code='CONFIG_CONFLICT',
+                message=str(e),
+                details=[
+                    {'key': k, 'engines': [e1, e2]} 
+                    for k, e1, e2 in e.conflicts
+                ],
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
            
        except ValidationError as e:
-            return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(e),
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
        except Exception as e:
            logger.exception("快速扫描启动失败")
-            return Response(
-                {'error': '服务器内部错误，请稍后重试'},
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
            )

    @action(detail=False, methods=['post'])
@@ -178,7 +228,7 @@ class ScanViewSet(viewsets.ModelViewSet):
        请求参数:
        - organization_id: 组织ID (int, 可选)
        - target_id: 目标ID (int, 可选)
-        - engine_id: 扫描引擎ID (int, 必填)
+        - engine_ids: 扫描引擎ID列表 (list[int], 必填)
        
        注意: organization_id 和 target_id 二选一
        
@@ -188,55 +238,92 @@ class ScanViewSet(viewsets.ModelViewSet):
        # 获取请求数据
        organization_id = request.data.get('organization_id')
        target_id = request.data.get('target_id')
-        engine_id = request.data.get('engine_id')
+        engine_ids = request.data.get('engine_ids')
+        
+        # 验证 engine_ids
+        if not engine_ids:
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='缺少必填参数: engine_ids',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
+        
+        if not isinstance(engine_ids, list):
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='engine_ids 必须是数组',
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
        
        try:
-            # 步骤1：准备扫描所需的数据（验证参数、查询资源、返回目标列表和引擎）
+            # 步骤1：准备多引擎扫描所需的数据
            scan_service = ScanService()
-            targets, engine = scan_service.prepare_initiate_scan(
+            targets, merged_configuration, engine_names, engine_ids = scan_service.prepare_initiate_scan_multi_engine(
                organization_id=organization_id,
                target_id=target_id,
-                engine_id=engine_id
+                engine_ids=engine_ids
            )
            
            # 步骤2：批量创建扫描记录并分发扫描任务
            created_scans = scan_service.create_scans(
                targets=targets,
-                engine=engine
+                engine_ids=engine_ids,
+                engine_names=engine_names,
+                merged_configuration=merged_configuration
            )
            
+            # 检查是否成功创建扫描任务
+            if not created_scans:
+                return error_response(
+                    code=ErrorCodes.VALIDATION_ERROR,
+                    message='No scan tasks were created. All targets may already have active scans.',
+                    status_code=status.HTTP_422_UNPROCESSABLE_ENTITY
+                )
+            
            # 序列化返回结果
            scan_serializer = ScanSerializer(created_scans, many=True)
            
-            return Response(
-                {
-                    'message': f'已成功发起 {len(created_scans)} 个扫描任务',
+            return success_response(
+                data={
                    'count': len(created_scans),
                    'scans': scan_serializer.data
                },
-                status=status.HTTP_201_CREATED
+                status_code=status.HTTP_201_CREATED
+            )
+        
+        except ConfigConflictError as e:
+            return error_response(
+                code='CONFIG_CONFLICT',
+                message=str(e),
+                details=[
+                    {'key': k, 'engines': [e1, e2]} 
+                    for k, e1, e2 in e.conflicts
+                ],
+                status_code=status.HTTP_400_BAD_REQUEST
            )
            
        except ObjectDoesNotExist as e:
            # 资源不存在错误（由 service 层抛出）
-            error_msg = str(e)
-            return Response(
-                {'error': error_msg},
-                status=status.HTTP_404_NOT_FOUND
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message=str(e),
+                status_code=status.HTTP_404_NOT_FOUND
            )
        
        except ValidationError as e:
            # 参数验证错误（由 service 层抛出）
-            return Response(
-                {'error': str(e)},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(e),
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        except (DatabaseError, IntegrityError, OperationalError):
            # 数据库错误
-            return Response(
-                {'error': '数据库错误，请稍后重试'},
-                status=status.HTTP_503_SERVICE_UNAVAILABLE
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Database error',
+                status_code=status.HTTP_503_SERVICE_UNAVAILABLE
            )

    # 所有快照相关的 action 和 export 已迁移到 asset/views.py 中的快照 ViewSet
@@ -278,21 +365,24 @@ class ScanViewSet(viewsets.ModelViewSet):
        
        # 参数验证
        if not ids:
-            return Response(
-                {'error': '缺少必填参数: ids'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='Missing required parameter: ids',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        if not isinstance(ids, list):
-            return Response(
-                {'error': 'ids 必须是数组'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='ids must be an array',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        if not all(isinstance(i, int) for i in ids):
-            return Response(
-                {'error': 'ids 数组中的所有元素必须是整数'},
-                status=status.HTTP_400_BAD_REQUEST
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message='All elements in ids array must be integers',
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        
        try:
@@ -300,19 +390,27 @@ class ScanViewSet(viewsets.ModelViewSet):
            scan_service = ScanService()
            result = scan_service.delete_scans_two_phase(ids)
            
-            return Response({
-                'message': f"已删除 {result['soft_deleted_count']} 个扫描任务",
-                'deletedCount': result['soft_deleted_count'],
-                'deletedScans': result['scan_names']
-            }, status=status.HTTP_200_OK)
+            return success_response(
+                data={
+                    'deletedCount': result['soft_deleted_count'],
+                    'deletedScans': result['scan_names']
+                }
+            )
            
        except ValueError as e:
            # 未找到记录
-            raise NotFound(str(e))
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message=str(e),
+                status_code=status.HTTP_404_NOT_FOUND
+            )
            
        except Exception as e:
            logger.exception("批量删除扫描任务时发生错误")
-            raise APIException('服务器错误，请稍后重试')
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )
    
    @action(detail=False, methods=['get'])
    def statistics(self, request):
@@ -337,22 +435,25 @@ class ScanViewSet(viewsets.ModelViewSet):
            scan_service = ScanService()
            stats = scan_service.get_statistics()
            
-            return Response({
-                'total': stats['total'],
-                'running': stats['running'],
-                'completed': stats['completed'],
-                'failed': stats['failed'],
-                'totalVulns': stats['total_vulns'],
-                'totalSubdomains': stats['total_subdomains'],
-                'totalEndpoints': stats['total_endpoints'],
-                'totalWebsites': stats['total_websites'],
-                'totalAssets': stats['total_assets'],
-            })
+            return success_response(
+                data={
+                    'total': stats['total'],
+                    'running': stats['running'],
+                    'completed': stats['completed'],
+                    'failed': stats['failed'],
+                    'totalVulns': stats['total_vulns'],
+                    'totalSubdomains': stats['total_subdomains'],
+                    'totalEndpoints': stats['total_endpoints'],
+                    'totalWebsites': stats['total_websites'],
+                    'totalAssets': stats['total_assets'],
+                }
+            )
        
        except (DatabaseError, OperationalError):
-            return Response(
-                {'error': '数据库错误，请稍后重试'},
-                status=status.HTTP_503_SERVICE_UNAVAILABLE
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Database error',
+                status_code=status.HTTP_503_SERVICE_UNAVAILABLE
            )
    
    @action(detail=True, methods=['post'])
@@ -383,35 +484,31 @@ class ScanViewSet(viewsets.ModelViewSet):
                # 检查是否是状态不允许的问题
                scan = scan_service.get_scan(scan_id=pk, prefetch_relations=False)
                if scan and scan.status not in [ScanStatus.RUNNING, ScanStatus.INITIATED]:
-                    return Response(
-                        {
-                            'error': f'无法停止扫描：当前状态为 {ScanStatus(scan.status).label}',
-                            'detail': '只能停止运行中或初始化状态的扫描'
-                        },
-                        status=status.HTTP_400_BAD_REQUEST
+                    return error_response(
+                        code=ErrorCodes.BAD_REQUEST,
+                        message=f'Cannot stop scan: current status is {ScanStatus(scan.status).label}',
+                        status_code=status.HTTP_400_BAD_REQUEST
                    )
                # 其他失败原因
-                return Response(
-                    {'error': '停止扫描失败'},
-                    status=status.HTTP_500_INTERNAL_SERVER_ERROR
+                return error_response(
+                    code=ErrorCodes.SERVER_ERROR,
+                    status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
                )
            
-            return Response(
-                {
-                    'message': f'扫描已停止，已撤销 {revoked_count} 个任务',
-                    'revokedTaskCount': revoked_count
-                },
-                status=status.HTTP_200_OK
+            return success_response(
+                data={'revokedTaskCount': revoked_count}
            )
        
        except ObjectDoesNotExist:
-            return Response(
-                {'error': f'扫描 ID {pk} 不存在'},
-                status=status.HTTP_404_NOT_FOUND
+            return error_response(
+                code=ErrorCodes.NOT_FOUND,
+                message=f'Scan ID {pk} not found',
+                status_code=status.HTTP_404_NOT_FOUND
            )
        
        except (DatabaseError, IntegrityError, OperationalError):
-            return Response(
-                {'error': '数据库错误，请稍后重试'},
-                status=status.HTTP_503_SERVICE_UNAVAILABLE
+            return error_response(
+                code=ErrorCodes.SERVER_ERROR,
+                message='Database error',
+                status_code=status.HTTP_503_SERVICE_UNAVAILABLE
            )
--- a/backend/apps/scan/views/scheduled_scan_views.py
+++ b/backend/apps/scan/views/scheduled_scan_views.py
@@ -17,7 +17,10 @@ from ..serializers import (
 )
 from ..services.scheduled_scan_service import ScheduledScanService
 from ..repositories import ScheduledScanDTO
+from ..utils.config_merger import ConfigConflictError
 from apps.common.pagination import BasePagination
+from apps.common.response_helpers import success_response, error_response
+from apps.common.error_codes import ErrorCodes


 logger = logging.getLogger(__name__)
@@ -65,7 +68,7 @@ class ScheduledScanViewSet(viewsets.ModelViewSet):
            data = serializer.validated_data
            dto = ScheduledScanDTO(
                name=data['name'],
-                engine_id=data['engine_id'],
+                engine_ids=data['engine_ids'],
                organization_id=data.get('organization_id'),
                target_id=data.get('target_id'),
                cron_expression=data.get('cron_expression', '0 2 * * *'),
@@ -75,15 +78,26 @@ class ScheduledScanViewSet(viewsets.ModelViewSet):
            scheduled_scan = self.service.create(dto)
            response_serializer = ScheduledScanSerializer(scheduled_scan)
            
-            return Response(
-                {
-                    'message': f'创建定时扫描任务成功: {scheduled_scan.name}',
-                    'scheduled_scan': response_serializer.data
-                },
-                status=status.HTTP_201_CREATED
+            return success_response(
+                data=response_serializer.data,
+                status_code=status.HTTP_201_CREATED
+            )
+        except ConfigConflictError as e:
+            return error_response(
+                code='CONFIG_CONFLICT',
+                message=str(e),
+                details=[
+                    {'key': k, 'engines': [e1, e2]} 
+                    for k, e1, e2 in e.conflicts
+                ],
+                status_code=status.HTTP_400_BAD_REQUEST
            )
        except ValidationError as e:
-            return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(e),
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
    
    def update(self, request, *args, **kwargs):
        """更新定时扫描任务"""
@@ -95,7 +109,7 @@ class ScheduledScanViewSet(viewsets.ModelViewSet):
            data = serializer.validated_data
            dto = ScheduledScanDTO(
                name=data.get('name'),
-                engine_id=data.get('engine_id'),
+                engine_ids=data.get('engine_ids'),
                organization_id=data.get('organization_id'),
                target_id=data.get('target_id'),
                cron_expression=data.get('cron_expression'),
@@ -105,24 +119,37 @@ class ScheduledScanViewSet(viewsets.ModelViewSet):
            scheduled_scan = self.service.update(instance.id, dto)
            response_serializer = ScheduledScanSerializer(scheduled_scan)
            
-            return Response({
-                'message': f'更新定时扫描任务成功: {scheduled_scan.name}',
-                'scheduled_scan': response_serializer.data
-            })
+            return success_response(data=response_serializer.data)
+        except ConfigConflictError as e:
+            return error_response(
+                code='CONFIG_CONFLICT',
+                message=str(e),
+                details=[
+                    {'key': k, 'engines': [e1, e2]} 
+                    for k, e1, e2 in e.conflicts
+                ],
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
        except ValidationError as e:
-            return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            return error_response(
+                code=ErrorCodes.VALIDATION_ERROR,
+                message=str(e),
+                status_code=status.HTTP_400_BAD_REQUEST
+            )
    
    def destroy(self, request, *args, **kwargs):
        """删除定时扫描任务"""
        instance = self.get_object()
+        scan_id = instance.id
        name = instance.name
        
-        if self.service.delete(instance.id):
-            return Response({
-                'message': f'删除定时扫描任务成功: {name}',
-                'id': instance.id
-            })
-        return Response({'error': '删除失败'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+        if self.service.delete(scan_id):
+            return success_response(data={'id': scan_id, 'name': name})
+        return error_response(
+            code=ErrorCodes.SERVER_ERROR,
+            message='Failed to delete scheduled scan',
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
    
    @action(detail=True, methods=['post'])
    def toggle(self, request, pk=None):
@@ -136,14 +163,11 @@ class ScheduledScanViewSet(viewsets.ModelViewSet):
            scheduled_scan = self.get_object()
            response_serializer = ScheduledScanSerializer(scheduled_scan)
            
-            status_text = '启用' if is_enabled else '禁用'
-            return Response({
-                'message': f'已{status_text}定时扫描任务',
-                'scheduled_scan': response_serializer.data
-            })
+            return success_response(data=response_serializer.data)
        
-        return Response(
-            {'error': f'定时扫描任务 ID {pk} 不存在或操作失败'},
-            status=status.HTTP_404_NOT_FOUND
+        return error_response(
+            code=ErrorCodes.NOT_FOUND,
+            message=f'Scheduled scan with ID {pk} not found or operation failed',
+            status_code=status.HTTP_404_NOT_FOUND
        )
    
--- a/backend/apps/targets/migrations/0001_initial.py
+++ b/backend/apps/targets/migrations/0001_initial.py
@@ -0,0 +1,52 @@
+# Generated by Django 5.2.7 on 2026-01-02 04:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Target',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('name', models.CharField(blank=True, default='', help_text='目标标识（域名/IP/CIDR）', max_length=300)),
+                ('type', models.CharField(choices=[('domain', '域名'), ('ip', 'IP地址'), ('cidr', 'CIDR范围')], db_index=True, default='domain', help_text='目标类型', max_length=20)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('last_scanned_at', models.DateTimeField(blank=True, help_text='最后扫描时间', null=True)),
+                ('deleted_at', models.DateTimeField(blank=True, db_index=True, help_text='删除时间（NULL表示未删除）', null=True)),
+            ],
+            options={
+                'verbose_name': '扫描目标',
+                'verbose_name_plural': '扫描目标',
+                'db_table': 'target',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['type'], name='target_type_36a73c_idx'), models.Index(fields=['-created_at'], name='target_created_67f489_idx'), models.Index(fields=['deleted_at', '-created_at'], name='target_deleted_9fc9da_idx'), models.Index(fields=['deleted_at', 'type'], name='target_deleted_306a89_idx'), models.Index(fields=['name'], name='target_name_f1c641_idx')],
+                'constraints': [models.UniqueConstraint(condition=models.Q(('deleted_at__isnull', True)), fields=('name',), name='unique_target_name_active')],
+            },
+        ),
+        migrations.CreateModel(
+            name='Organization',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('name', models.CharField(blank=True, default='', help_text='组织名称', max_length=300)),
+                ('description', models.CharField(blank=True, default='', help_text='组织描述', max_length=1000)),
+                ('created_at', models.DateTimeField(auto_now_add=True, help_text='创建时间')),
+                ('deleted_at', models.DateTimeField(blank=True, db_index=True, help_text='删除时间（NULL表示未删除）', null=True)),
+                ('targets', models.ManyToManyField(blank=True, help_text='所属目标列表', related_name='organizations', to='targets.target')),
+            ],
+            options={
+                'verbose_name': '组织',
+                'verbose_name_plural': '组织',
+                'db_table': 'organization',
+                'ordering': ['-created_at'],
+                'indexes': [models.Index(fields=['-created_at'], name='organizatio_created_012eac_idx'), models.Index(fields=['deleted_at', '-created_at'], name='organizatio_deleted_2c604f_idx'), models.Index(fields=['name'], name='organizatio_name_bcc2ee_idx')],
+                'constraints': [models.UniqueConstraint(condition=models.Q(('deleted_at__isnull', True)), fields=('name',), name='unique_organization_name_active')],
+            },
+        ),
+    ]
--- a/backend/apps/targets/views.py
+++ b/backend/apps/targets/views.py
@@ -10,6 +10,7 @@ from .serializers import OrganizationSerializer, TargetSerializer, TargetDetailS
 from .services.target_service import TargetService
 from .services.organization_service import OrganizationService
 from apps.common.pagination import BasePagination
+from apps.common.response_helpers import success_response

 logger = logging.getLogger(__name__)

@@ -94,9 +95,8 @@ class OrganizationViewSet(viewsets.ModelViewSet):
            # 批量解除关联（直接使用 ID，避免查询对象）
            organization.targets.remove(*existing_target_ids)
        
-        return Response({
-            'unlinked_count': existing_count,
-            'message': f'成功解除 {existing_count} 个目标的关联'
+        return success_response(data={
+            'unlinkedCount': existing_count
        })
    
    def destroy(self, request, *args, **kwargs):
@@ -124,13 +124,12 @@ class OrganizationViewSet(viewsets.ModelViewSet):
            # 直接调用 Service 层的业务方法（软删除 + 分发硬删除任务）
            result = self.org_service.delete_organizations_two_phase([organization.id])
            
-            return Response({
-                'message': f'已删除组织: {organization.name}',
+            return success_response(data={
                'organizationId': organization.id,
                'organizationName': organization.name,
                'deletedCount': result['soft_deleted_count'],
                'deletedOrganizations': result['organization_names']
-            }, status=200)
+            })
        
        except Organization.DoesNotExist:
            raise NotFound('组织不存在')
@@ -181,11 +180,10 @@ class OrganizationViewSet(viewsets.ModelViewSet):
            # 调用 Service 层的业务方法（软删除 + 分发硬删除任务）
            result = self.org_service.delete_organizations_two_phase(ids)
            
-            return Response({
-                'message': f"已删除 {result['soft_deleted_count']} 个组织",
+            return success_response(data={
                'deletedCount': result['soft_deleted_count'],
                'deletedOrganizations': result['organization_names']
-            }, status=200)
+            })
        
        except ValueError as e:
            raise NotFound(str(e))
@@ -271,12 +269,11 @@ class TargetViewSet(viewsets.ModelViewSet):
            # 直接调用 Service 层的业务方法（软删除 + 分发硬删除任务）
            result = self.target_service.delete_targets_two_phase([target.id])
            
-            return Response({
-                'message': f'已删除目标: {target.name}',
+            return success_response(data={
                'targetId': target.id,
                'targetName': target.name,
                'deletedCount': result['soft_deleted_count']
-            }, status=200)
+            })
        
        except Target.DoesNotExist:
            raise NotFound('目标不存在')
@@ -330,11 +327,10 @@ class TargetViewSet(viewsets.ModelViewSet):
            # 调用 Service 层的业务方法（软删除 + 分发硬删除任务）
            result = self.target_service.delete_targets_two_phase(ids)
            
-            return Response({
-                'message': f"已删除 {result['soft_deleted_count']} 个目标",
+            return success_response(data={
                'deletedCount': result['soft_deleted_count'],
                'deletedTargets': result['target_names']
-            }, status=200)
+            })
        
        except ValueError as e:
            raise NotFound(str(e))
@@ -389,7 +385,7 @@ class TargetViewSet(viewsets.ModelViewSet):
            raise ValidationError(str(e))
        
        # 3. 返回响应
-        return Response(result, status=status.HTTP_201_CREATED)
+        return success_response(data=result, status_code=status.HTTP_201_CREATED)
    
    # subdomains action 已迁移到 SubdomainViewSet 嵌套路由
    # GET /api/targets/{id}/subdomains/ -> SubdomainViewSet
--- a/Show More
+++ b/Show More