crash.software
Projects
Pull Requests
Issues
Builds
404StarLink
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY 404StarLink Commits 4a1c99f5
🤬

  • weekly update at 2022-07-25

  • Loading...
  • xx committed 2 years ago
    4a1c99f5
    1 parent 62cb3cea
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 16 lines
    17 17   
    18 18  | 时间 | 项目名称 | 项目动态 |
    19 19  |----|-----------|--------------------------|
     20 +|2022-07-24|[**afrog**](detail/afrog.md)|更新 [v1.3.6](detail/afrog.md#最近更新) 版本|
    20 21  |2022-07-18|[**ct**](detail/ct.md)|更新 [v1.0.9](detail/ct.md#最近更新) 版本|
    21 22  |2022-07-18|[**antSword**](detail/antSword.md)|发布文章[《AntSword v2.1.15 更新汇总》](https://mp.weixin.qq.com/s/QzbREMp8JaQiP9qo48OyHg)|
    22 23  |2022-07-17|[**antSword**](detail/antSword.md)|更新 [v2.1.15](detail/antSword.md#最近更新) 版本|
    skipped 1 lines
    24 25  |2022-07-15|[**veinmind-tools**](detail/veinmind-tools.md)|更新 [v1.4.0](detail/veinmind-tools.md#最近更新) 版本|
    25 26  |2022-07-13|[**pocsuite3**](detail/pocsuite3.md)|发布文章[《Pocsuite3 入门教程》](https://paper.seebug.org/1931/)|
    26 27  |2022-07-10|[**CDK**](detail/CDK.md)|更新 [v1.3.0](detail/CDK.md#最近更新) 版本|
    27  -|2022-07-10|[**afrog**](detail/afrog.md)|更新 [v1.3.5](detail/afrog.md#最近更新) 版本|
    28 28  |2022-07-09|[**GShark**](detail/gshark.md)|更新 [v0.9.9](detail/gshark.md#最近更新) 版本|
    29 29  |2022-07-07|[**pocsuite3**](detail/pocsuite3.md)|更新 [v1.9.6](detail/pocsuite3.md#最近更新) 版本|
    30 30   
    skipped 1 lines
    32 32   
    33 33  | 序号 | 项目名称 | 项目简介 | Star |
    34 34  |----|-----------|--------------------------|----|
    35  -|1|[**HackBrowserData**](detail/HackBrowserData.md)|hack-browser-data 是一个解密浏览器数据(密码/历史记录/Cookies/书签)的导出工具,支持全平台主流浏览器的数据导出窃取。|4923|
    36  -|2|[**fscan**](detail/fscan.md)|一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写公钥、计划任务反弹shell、读取win网卡信息、web指纹识别、web漏洞扫描、netbios探测、域控识别等功能。|4053|
    37  -|3|[**pocsuite3**](detail/pocsuite3.md)|pocsuite3是由Knownsec 404团队开发的开源远程漏洞测试和概念验证开发框架。它带有强大的概念验证引擎,以及针对最终渗透测试人员和安全研究人员的许多强大功能。|2615|
    38  -|4|[**CDK**](detail/CDK.md)|CDK是一款为容器环境定制的渗透测试工具,在已攻陷的容器内部提供零依赖的常用命令及PoC/EXP。集成Docker/K8s场景特有的逃逸、横向移动、持久化利用方式,插件化管理。|2399|
    39  -|5|[**Viper**](detail/Viper.md)|VIPER是一款图形化内网渗透工具,将内网渗透过程中常用的战术及技术进行模块化及武器化。|2372|
    40  -|6|[**antSword**](detail/antSword.md)|中国蚁剑是一款开源的跨平台网站管理工具。|1796|
    41  -|7|[**KunLun-M**](detail/KunLun-M.md)|KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。|1539|
     35 +|1|[**HackBrowserData**](detail/HackBrowserData.md)|hack-browser-data 是一个解密浏览器数据(密码/历史记录/Cookies/书签)的导出工具,支持全平台主流浏览器的数据导出窃取。|4968|
     36 +|2|[**fscan**](detail/fscan.md)|一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。支持主机存活探测、端口扫描、常见服务的爆破、ms17010、redis批量写公钥、计划任务反弹shell、读取win网卡信息、web指纹识别、web漏洞扫描、netbios探测、域控识别等功能。|4134|
     37 +|3|[**pocsuite3**](detail/pocsuite3.md)|pocsuite3是由Knownsec 404团队开发的开源远程漏洞测试和概念验证开发框架。它带有强大的概念验证引擎,以及针对最终渗透测试人员和安全研究人员的许多强大功能。|2640|
     38 +|4|[**CDK**](detail/CDK.md)|CDK是一款为容器环境定制的渗透测试工具,在已攻陷的容器内部提供零依赖的常用命令及PoC/EXP。集成Docker/K8s场景特有的逃逸、横向移动、持久化利用方式,插件化管理。|2428|
     39 +|5|[**Viper**](detail/Viper.md)|VIPER是一款图形化内网渗透工具,将内网渗透过程中常用的战术及技术进行模块化及武器化。|2385|
     40 +|6|[**antSword**](detail/antSword.md)|中国蚁剑是一款开源的跨平台网站管理工具。|1831|
     41 +|7|[**KunLun-M**](detail/KunLun-M.md)|KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。|1549|
    42 42  |8|[**Kunpeng**](detail/Kunpeng.md)|Kunpeng是一个Golang编写的开源POC检测框架,集成了包括数据库、中间件、web组件、cms等等的漏洞POC,可检测弱口令、SQL注入、XSS、RCE等漏洞类型,以动态链接库的形式提供调用,通过此项目可快速开发漏洞检测类的系统,比攻击者快一步发现风险漏洞。|1490|
    43 43  |9|[**Stowaway**](detail/Stowaway.md)|Stowaway 是一款多级代理工具,可将外部流量通过多个节点代理至内网,突破内网访问限制。Stowaway 可以方便渗透测试人员通过多级跳跃,从外部dmz等一系列区域逐步深入核心网络;Stowaway 除了流量转发功能,还提供了端口复用、ssh隧道,流量伪装等专为渗透测试人员所用的功能。|1486|
    44  -|10|[**AppInfoScanner**](detail/AppInfoScanner.md)|一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。|1298|
     44 +|10|[**AppInfoScanner**](detail/AppInfoScanner.md)|一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。|1317|
    45 45   
    46 46  **3.项目更新**
    47 47   
    48 48  | 时间 | 项目迭代版本 |
    49 49  |----|-----------|
    50  -|第29周|[**ct**](detail/ct.md) 更新 [v1.0.9](detail/ct.md#最近更新)|
     50 +|第29周|[**afrog**](detail/afrog.md) [v1.3.6](detail/afrog.md#) / [**ct**](detail/ct.md) 更新 [v1.0.9](detail/ct.md#最近更新)|
    51 51  |第28周|[**antSword**](detail/antSword.md) 更新 [v2.1.15](detail/antSword.md#最近更新) / [**HaE**](detail/HaE.md) 更新 [v2.4.2](detail/HaE.md#最近更新) / [**veinmind-tools**](detail/veinmind-tools.md) 更新 [v1.4.0](detail/veinmind-tools.md#最近更新)|
    52 52  |第27周|[**CDK**](detail/CDK.md) 更新 [v1.3.0](detail/CDK.md#最近更新) / [**afrog**](detail/afrog.md) 更新 [v1.3.5](detail/afrog.md#最近更新) / [**GShark**](detail/gshark.md) 更新 [v0.9.9](detail/gshark.md#最近更新) / [**pocsuite3**](detail/pocsuite3.md) 更新 [v1.9.6](detail/pocsuite3.md#最近更新) / [**veinmind-tools**](detail/veinmind-tools.md) 更新 [v1.3.5](detail/veinmind-tools.md#最近更新) / [**fscan**](detail/fscan.md) 更新 [v1.8.1](detail/fscan.md#最近更新)|
    53 53  |第26周|[**GShark**](detail/gshark.md) 更新 [v0.9.8](detail/gshark.md#最近更新) / [**fscan**](detail/fscan.md) 更新 [v1.8.0](detail/fscan.md#最近更新) / [**HaE**](detail/HaE.md) 更新 [v2.4.1](detail/HaE.md#最近更新)|
    skipped 23 lines
    77 77   
    78 78  | 序号 | 项目名称 | 作者 | 项目简介 | Star |
    79 79  |------|----------|------|----------|------|
    80  -|1|[**linglong**](detail/linglong.md)|awake1t|linglong是一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示。|1197|
     80 +|1|[**linglong**](detail/linglong.md)|awake1t|linglong是一款甲方资产巡航扫描系统。系统定位是发现资产,进行端口爆破。帮助企业更快发现弱口令问题。主要功能包括: 资产探测、端口爆破、定时任务、管理后台识别、报表展示。|1210|
    81 81  |2|[**OpenStar**](detail/OpenStar.md)|starjun|OpenStar 是一个基于 OpenResty 的高性能 Web 应用防火墙,支持复杂规则编写。提供了常规的 HTTP 字段规则配置,还提供了 IP 黑白名单、访问频次等配置,对于 CC 防护更提供的特定的规则算法,并且支持搭建集群进行防护。|1084|
    82  -|3|[**veinmind-tools**](detail/veinmind-tools.md)|长亭科技|veinmind-tools 是基于 veinmind-sdk 打造的一个容器安全工具集,目前已支持镜像 恶意文件/后门/敏感信息/弱口令 的扫描,更多功能正在逐步开发中。|631|
     82 +|3|[**veinmind-tools**](detail/veinmind-tools.md)|长亭科技|veinmind-tools 是基于 veinmind-sdk 打造的一个容器安全工具集,目前已支持镜像 恶意文件/后门/敏感信息/弱口令 的扫描,更多功能正在逐步开发中。|659|
    83 83  |4|[**GShark**](detail/gshark.md)|madneal|一款开源敏感信息监测系统,可以监测包括 github、gitlab(目前不太稳定,由于gitlab对于免费用户不提供代码全文检索API)、searchcode 多平台的敏感信息监测。|535|
    84 84  |5|[**Juggler**](detail/Juggler.md)|C4o|一个也许能骗到黑客的系统,可以作为WAF等防护体系的一环。|401|
    85 85   
    skipped 1 lines
    87 87   
    88 88  | 序号 | 项目名称 | 作者 | 项目简介 | Star |
    89 89  |------|----------|------|----------|------|
    90  -|1|[**HaE**](detail/HaE.md)|gh0stkey|HaE是一款可以快速挖掘目标指纹和关键信息的Burp插件。|1214|
     90 +|1|[**HaE**](detail/HaE.md)|gh0stkey|HaE是一款可以快速挖掘目标指纹和关键信息的Burp插件。|1231|
    91 91  |2|[**Kunyu**](detail/Kunyu.md)|风起|Kunyu(坤舆),是一款基于ZoomEye API开发的信息收集工具,旨在让企业资产收集更高效,使更多安全相关从业者了解、使用网络空间测绘技术。|672|
    92 92  |3|[**Glass**](detail/Glass.md)|s7ckTeam|Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。|660|
    93 93  |4|[**scaninfo**](detail/scaninfo.md)|华东360安服团队|scaninfo 是一款开源、轻量、快速、跨平台的红队内外网打点扫描器。比较同类工具,其能够在 nmap 的扫描速度和 masscan 的准确度之间寻找一个较好的平衡点,能够快速进行端口扫描和服务识别,内置指纹识别用于 web 探测,可以用报告的方式整理扫描结果。|500|
    skipped 83 lines
  • ■ ■ ■ ■
    allprojects.md
    skipped 256 lines
    257 257  ![Author](https://img.shields.io/badge/Author-zan8in-orange)
    258 258  ![Language](https://img.shields.io/badge/Language-Golang-blue)
    259 259  ![GitHub stars](https://img.shields.io/github/stars/zan8in/afrog.svg?style=flat&logo=github)
    260  -![Version](https://img.shields.io/badge/Version-V1.3.5-red)
     260 +![Version](https://img.shields.io/badge/Version-V1.3.6-red)
    261 261   
    262 262  <https://github.com/zan8in/afrog>
    263 263   
    skipped 327 lines
  • ■ ■ ■ ■ ■ ■
    detail/CDK.md
    skipped 10 lines
    11 11   
    12 12  English | [简体中文](https://github.com/cdk-team/CDK/wiki/CDK-Home-CN)
    13 13   
    14  -![png](https://static.cdxy.me/20201203170308_NwzGiT_Screenshot.jpeg)
     14 +![png](https://user-images.githubusercontent.com/7868679/177925206-8d83dc95-0f2f-4d61-9a45-0d43b1b0468f.png)
    15 15   
    16 16  ## Legal Disclaimer
    17 17   
    skipped 4 lines
    22 22   
    23 23  CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily.
    24 24   
     25 +## Quick Start
     26 + 
     27 +Run **`cdk eva`** to get evaluate info and a recommend exploit, then run **`cdk run`** to start the attack.
     28 + 
     29 +```
     30 +> ./cdk eva --full
     31 + 
     32 +[*] Maybe you can exploit the *Capabilities* below:
     33 +[!] CAP_DAC_READ_SEARCH enabled. You can read files from host. Use 'cdk run cap-dac-read-search' ... for exploitation.
     34 +[!] CAP_SYS_MODULE enabled. You can escape the container via loading kernel module. More info at https://xcellerator.github.io/posts/docker_escape/.
     35 +Critical - SYS_ADMIN Capability Found. Try 'cdk run rewrite-cgroup-devices/mount-cgroup/...'.
     36 +Critical - Possible Privileged Container Found.
     37 + 
     38 +> ./cdk run cap-dac-read-search
     39 + 
     40 +Running with target: /etc/shadow, ref: /etc/hostname
     41 +ubuntu:$6$*******:19173:0:99999:7:::
     42 +root:*:18659:0:99999:7:::
     43 +daemon:*:18659:0:99999:7:::
     44 +bin:*:18659:0:99999:7:::
     45 +```
     46 + 
    25 47  ## Installation/Delivery
    26 48   
    27 49  Download latest release in https://github.com/cdk-team/CDK/releases/
    skipped 23 lines
    51 73  Usage:
    52 74   cdk evaluate [--full]
    53 75   cdk run (--list | <exploit> [<args>...])
    54  - cdk auto-escape <cmd>
    55 76   cdk <tool> [<args>...]
    56 77   
    57 78  Evaluate:
    skipped 13 lines
    71 92   nc [options] Create TCP tunnel.
    72 93   ifconfig Show network information.
    73 94   kcurl <path> (get|post) <uri> <data> Make request to K8s api-server.
     95 + ectl <endpoint> get <key> Unauthorized enumeration of ectd keys.
    74 96   ucurl (get|post) <socket> <uri> <data> Make request to docker unix socket.
    75 97   probe <ip> <port> <parallel> <timeout-ms> TCP port scan, example: cdk probe 10.0.1.0-255 80,8080-9443 50 1000
    76 98   
    skipped 29 lines
    106 128  |Information Gathering|Sensitive Process|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-Services)|
    107 129  |Information Gathering|Sensitive Local Files|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-Sensitive-Files)|
    108 130  |Information Gathering|Kube-proxy Route Localnet(CVE-2020-8558)|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-check-net.ipv4.conf.all.route_localnet)|
     131 +|Information Gathering|DNS-Based Service Discovery|✔|[link](https://github.com/kubernetes/dns/blob/master/docs/specification.md)|
    109 132  |Discovery|K8s Api-server Info|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-K8s-API-Server)|
    110 133  |Discovery|K8s Service-account Info|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-K8s-Service-Account)|
    111 134  |Discovery|Cloud Provider Metadata API|✔|[link](https://github.com/cdk-team/CDK/wiki/Evaluate:-Cloud-Provider-Metadata-API)|
    skipped 29 lines
    141 164  | Discovery | Dump Istio Sidecar Meta | istio-check | ✔ | ✔ | [link](https://github.com/cdk-team/CDK/wiki/Exploit:-check-istio) |
    142 165  | Discovery | Dump K8s Pod Security Policies | k8s-psp-dump | ✔ || [link](https://github.com/cdk-team/CDK/wiki/Exploit:-k8s-psp-dump) |
    143 166  | Remote Control | Reverse Shell | reverse-shell | ✔ | ✔ | [link](https://github.com/cdk-team/CDK/wiki/Exploit:-reverse-shell) |
     167 +| Remote Control | Kubelet Exec | kubelet-exec | ✔ | ✔ | |
    144 168  | Credential Access | Registry BruteForce | registry-brute | ✔ | ✔ | [link](https://github.com/cdk-team/CDK/wiki/Exploit:-Container-Image-Registry-Brute) |
    145 169  | Credential Access | Access Key Scanning | ak-leakage | ✔ | ✔ | [link](https://github.com/cdk-team/CDK/wiki/Exploit:-ak-leakage) |
     170 +| Credential Access | Etcd Get K8s Token | etcd-get-k8s-token | ✔ | ✔ | |
    146 171  | Credential Access | Dump K8s Secrets | k8s-secret-dump | ✔ | ✔ | [link](https://github.com/cdk-team/CDK/wiki/Exploit:-k8s-secret-dump) |
    147 172  | Credential Access | Dump K8s Config | k8s-configmap-dump | ✔ | ✔ | [link](https://github.com/cdk-team/CDK/wiki/Exploit:-k8s-configmap-dump) |
    148 173  | Privilege Escalation | K8s RBAC Bypass | k8s-get-sa-token | ✔ | ✔ | [link](https://github.com/cdk-team/CDK/wiki/Exploit:-k8s-get-sa-token) |
    skipped 19 lines
    168 193  |ps|Process Information|✔|[link](https://github.com/cdk-team/CDK/wiki/Tool:-ps)|
    169 194  |ifconfig|Network Information|✔|[link](https://github.com/cdk-team/CDK/wiki/Tool:-ifconfig)|
    170 195  |vi|Edit Files|✔|[link](https://github.com/cdk-team/CDK/wiki/Tool:-vi)|
     196 +|ectl|Unauthorized enumeration of ectd keys|✔||
    171 197  |kcurl|Request to K8s api-server|✔|[link](https://github.com/cdk-team/CDK/wiki/Tool:-kcurl)|
    172 198  |dcurl|Request to Docker HTTP API|✔|[link](https://github.com/cdk-team/CDK/wiki/Tool:-dcurl)|
    173 199  |ucurl|Request to Docker Unix Socket|✔|[link](https://github.com/cdk-team/CDK/wiki/Tool:-ucurl)|
    174 200  |rcurl|Request to Docker Registry API|||
    175 201  |probe|IP/Port Scanning|✔|[link](https://github.com/cdk-team/CDK/wiki/Tool:-probe)|
    176  - 
    177  -### Release Document
    178  - 
    179  -If you want to know how we released a new version, how thin is produced, why we provide upx versions, what the differences between different versions about all, normal, thin, upx are, and how to choose specific CDK exploits and tools to compile an own release for yourself, please check the [Release Document](https://github.com/cdk-team/CDK/wiki/Release).
    180  - 
    181  -## Developer Docs
    182  - 
    183  -* [run test in container.](https://github.com/cdk-team/CDK/wiki/Run-Test)
    184  - 
    185  -## Contributing to CDK
    186  - 
    187  -First off, thanks for taking the time to contribute!
    188  - 
    189  -By reporting any issue, ideas or PRs, your GitHub ID will be listed here.
    190  - 
    191  -* https://github.com/cdk-team/CDK/blob/main/thanks.md
    192  - 
    193  -#### Bug Reporting
    194  - 
    195  -Bugs are tracked as [GitHub Issues](https://github.com/cdk-team/CDK/issues). Create an issue with the current CDK version, error msg and the environment. Describe the exact steps which reproduce the problem.
    196  - 
    197  -#### Suggesting Enhancements
    198  - 
    199  -Enhancement suggestions are tracked as [GitHub Discussions](https://github.com/cdk-team/CDK/discussions). You can publish any thoughts here to discuss with developers directly.
    200  - 
    201  -#### Pull Requests
    202  - 
    203  -Fix problems or maintain CDK's quality:
    204  - 
    205  -* Describe the current CDK version, environment, problem and exact steps that reproduce the problem.
    206  -* Running screenshots or logs before and after you fix the problem.
    207  - 
    208  -New feature or exploits:
    209  - 
    210  -* Explain why this enhancement would be useful to other users.
    211  -* Please enable a sustainable environment for us to review contributions.
    212  -* Screenshots about how this new feature works.
    213  -* If you are committing a new evaluate/exploit scripts, please add a simple doc to your PR message, here is an [example](https://github.com/cdk-team/CDK/wiki/Exploit:-docker-sock-deploy).
    214  - 
    215 202   
    216 203  <!--auto_detail_active_begin_e1c6fb434b6f0baf6912c7a1934f772b-->
    217 204  ## 项目相关
    skipped 64 lines
  • ■ ■ ■ ■ ■ ■
    detail/afrog.md
    skipped 2 lines
    3 3  ![Language](https://img.shields.io/badge/Language-Golang-blue)
    4 4  ![Author](https://img.shields.io/badge/Author-zan8in-orange)
    5 5  ![GitHub stars](https://img.shields.io/github/stars/zan8in/afrog.svg?style=flat&logo=github)
    6  -![Version](https://img.shields.io/badge/Version-V1.3.5-red)
     6 +![Version](https://img.shields.io/badge/Version-V1.3.6-red)
    7 7  ![Time](https://img.shields.io/badge/Join-20220615-green)
    8 8  <!--auto_detail_badge_end_fef74f2d7ea73fcc43ff78e05b1e7451-->
    9 9   
    skipped 3 lines
    13 13   
    14 14  ## 特点
    15 15   
    16  -* [x] 基于 xray 内核,又不像 xray([**afrog 模板语法**](https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/README.md))
    17  -* [x] 快速稳定
    18  -* [x] 实时显示,扫描进度
    19  -* [x] 输出 html 报告,方便查看 `request` 和 `response`
    20  -* [x] 启动程序,自动更新本地 PoC 库
    21  -* [x] 长期维护、更新 PoC([**afrog-pocs**](https://github.com/zan8in/afrog/tree/main/pocs/afrog-pocs))
    22  -* [x] 二次开发,参考 `cmd/afrog/main.go` 或加入 **[交流群](https://github.com/zan8in/afrog#%E4%BA%A4%E6%B5%81%E7%BE%A4)**
     16 +* [x] 开源
     17 +* [x] 快速稳定
     18 +* [x] 详细的 html 漏洞报告
     19 +* [x] PoC 可定制化、稳定更新
     20 +* [x] 活跃的社区 [交流群](https://github.com/zan8in/afrog#%E4%BA%A4%E6%B5%81%E7%BE%A4)
     21 +* [x] 长期维护
    23 22   
    24  -##
     23 +##
    25 24   
    26  -### [下载地址](https://github.com/zan8in/afrog/releases)
     25 +基本用法
     26 +```
     27 +# 扫描一个目标
     28 +afrog -t http://127.0.0.1
    27 29   
    28  -## 使用指南
     30 +# 扫描多个目标
     31 +afrog -T urls.txt
    29 32   
    30  -### [查看指南](https://github.com/zan8in/afrog/blob/main/GUIDE.md)
    31  - 
    32  -## 例子
    33  - 
    34  -扫描单个目标
    35  -```
    36  -afrog -t http://127.0.0.1 -o result.html
     33 +# 指定漏扫报告文件
     34 +afrog -t http://127.0.0.1-o result.html
    37 35  ```
    38  -![](https://github.com/zan8in/afrog/raw/main/images/onescan.png)
    39 36   
    40  -扫描多个目标
     37 +高级用法
    41 38   
    42 39  ```
    43  -afrog -T urls.txt -o result.html
    44  -```
    45  -例如:`urls.txt`
    46  -```
    47  -http://192.168.139.129:8080
    48  -http://127.0.0.1
    49  -```
    50  -![](https://github.com/zan8in/afrog/raw/main/images/twoscan.png)
     40 +# 测试 PoC
     41 +afrog -t http://127.0.0.1 -P ./test/
     42 +afrog -t http://127.0.0.1 -P ./test/demo.yaml
    51 43   
    52  -测试单个 PoC 文件
     44 +# 按 PoC 关键字扫描
     45 +afrog -t http://127.0.0.1 -s tomcat,springboot,shiro
    53 46   
    54  -```
    55  -afrog -t http://127.0.0.1 -P ./testing/poc-test.yaml -o result.html
    56  -```
    57  -![](https://github.com/zan8in/afrog/raw/main/images/threescan.png)
     47 +# 按 Poc 漏洞等级扫描
     48 +afrog -t http://127.0.0.1 -S high,critical
    58 49   
    59  -测试多个 PoC 文件
     50 +# 在线更新 afrog-pocs
     51 +afrog --up
    60 52   
    61  -```
    62  -afrog -t http://127.0.0.1 -P ./testing/ -o result.html
     53 +# 禁用指纹识别,直接漏扫
     54 +afrog -t http://127.0.0.1 --nf
    63 55  ```
    64  -![](https://github.com/zan8in/afrog/raw/main/images/fourscan.png)
    65  - 
    66  -输出 html 报告
    67  - 
    68  -![](https://github.com/zan8in/afrog/raw/main/images/2.png)
    69  - 
    70  -![](https://github.com/zan8in/afrog/raw/main/images/3.png)
    71  - 
    72  -## 如何贡献 PoC?
    73 56   
    74  -### [查看教程](https://github.com/zan8in/afrog/blob/main/CONTRIBUTION.md)
    75  - 
    76  -## PoC 列表
    77  -### [查看 PoC 列表](https://github.com/zan8in/afrog/blob/main/POCLIST.md)
    78  - 
    79  - 
     57 +## 截图
     58 +控制台
     59 +![](https://github.com/zan8in/afrog/blob/main/images/scan-new.png)
     60 +html 报告
     61 +![](https://github.com/zan8in/afrog/blob/main/images/report-new.png)
    80 62   
    81 63  <!--auto_detail_active_begin_e1c6fb434b6f0baf6912c7a1934f772b-->
    82 64  ## 项目相关
    83 65   
    84 66   
    85 67  ## 最近更新
     68 + 
     69 +#### [v1.3.6] - 2022-07-24
     70 + 
     71 +**更新**
     72 +- add Gitee 更新 afrog-pocs
     73 +- add 自动识别 http(s)
     74 +- add target 存活验证
     75 +- add Console Print 实时显示指纹识别结果
     76 +- update 更新 fingerprint 指纹库
     77 +- fixed 解决 gbk 编码导致 PoC 漏报问题
     78 +- bug 修复 GoPoC Console Print 不显示 target
     79 +- delete tongda-insert-sql-inject poc
     80 +- poc 新增 PoC 33 个,共 656 个
    86 81   
    87 82  #### [v1.3.5] - 2022-07-10
    88 83   
    skipped 12 lines
  • ■ ■ ■ ■ ■ ■
    detail/ct.md
    skipped 25 lines
    26 26  从[releases](https://github.com/knownsec/ct/releases "releases")下载二进制文件。
    27 27   
    28 28  ```
    29  -ct 1.0.0
     29 +ct 1.0.9
    30 30  Autor: rungobier@knownsec 404 team <[email protected]>
    31 31  Collect information tools about the target domain.
    32 32   
    33 33  USAGE:
    34  - ct [FLAGS] [OPTIONS] [domain]
     34 + ct_win64.exe [FLAGS] [OPTIONS] [domain]
    35 35   
    36 36  FLAGS:
    37  - -T Network upload speed test.
    38  - -Z Do not use zoomeye data
    39  - -h, --help Prints help information
    40  - -i, --info Get ZoomEye account base info
    41  - -V, --version Prints version information
     37 + -E Extended analysis domain
     38 + -T Network upload speed test.
     39 + -Z Do not use zoomeye data
     40 + -C, --cidr Convert the IP related to the target domain name to cidr for extended search. Default is false.
     41 + -h, --help Prints help information
     42 + -i, --info Get ZoomEye account base info
     43 + -q, --query-ip Use zoomeye to query ip information
     44 + -V, --version Prints version information
    42 45   
    43 46  OPTIONS:
    44 47   --init <apikey> Initialize the ZoomEye api key
    skipped 8 lines
    53 56   mail
    54 57   dev
    55 58   ...
     59 + -F <filter-domains> Extended filter domain list.
     60 + Example of extended filtering domain name list:
     61 + knownsec.com,jiasule.com,365cyd.com...
     62 + --query-num <query-num> Maximum number of zoomeye query. Default query number 100
    56 63   -t, --threads <thread-num> Maximum number of threads. Default number $CPU_NUM
    57 64   -w, --work-dir <work-dir> Directory to save the results of tasks. Default
    58 65   [/tmp|$DESKTOP]/YYYYmmddHHMM_$DOMAIN
    skipped 8 lines
    67 74  ```
    68 75  ZoomEye apikey 初始化
    69 76  ct --init 62EC1239-xxxx-xxxxx-xxxx-e45291301ee
     77 + 
     78 +开启扩展搜索
     79 +ct -E
     80 + 
     81 +过滤域名,域名之间以,分隔
     82 +ct -F
    70 83   
    71 84  查看ZoomEye账号信息
    72 85  ct -i
    skipped 70 lines
  • ■ ■ ■ ■ ■ ■
    detail/pocsuite3.md
    skipped 6 lines
    7 7  ![Time](https://img.shields.io/badge/Join-20200821-green)
    8 8  <!--auto_detail_badge_end_fef74f2d7ea73fcc43ff78e05b1e7451-->
    9 9   
    10  - 
    11 10  ## Legal Disclaimer
    12 11  Usage of pocsuite3 for attacking targets without prior mutual consent is illegal.
    13 12  pocsuite3 is for security testing purposes only
    skipped 15 lines
    29 28  * Results can be easily exported
    30 29  * Dynamic patch and hook requests
    31 30  * Both command line tool and python package import to use
    32  -* IPV6 support
     31 +* IPv6 support
    33 32  * Global HTTP/HTTPS/SOCKS proxy support
    34 33  * Simple spider API for PoC script to use
    35 34  * Integrate with [Seebug](https://www.seebug.org) (for load PoC from Seebug website)
    36  -* Integrate with [ZoomEye](https://www.zoomeye.org) (for load target from ZoomEye `Dork`)
    37  -* Integrate with [Shodan](https://www.shodan.io) (for load target from Shodan `Dork`)
    38  -* Integrate with [Ceye](http://ceye.io/) (for verify blind DNS and HTTP request)
    39  -* Integrate with [Interactsh](https://github.com/projectdiscovery/interactsh) (for verify blind DNS and HTTP request)
    40  -* Integrate with Fofa (for load target from Fofa `Dork`)
     35 +* Integrate with [ZoomEye](https://www.zoomeye.org), [Shodan](https://www.shodan.io), etc. (for load target use `Dork`)
     36 +* Integrate with [Ceye](http://ceye.io/), [Interactsh](https://github.com/projectdiscovery/interactsh) (for verify blind DNS and HTTP request)
    41 37  * Friendly debug PoC scripts with IDEs
    42 38  * More ...
    43 39   
    skipped 16 lines
    60 56   
    61 57  ## Requirements
    62 58   
    63  -- Python 3.6+
     59 +- Python 3.7+
    64 60  - Works on Linux, Windows, Mac OSX, BSD, etc.
    65 61   
    66 62  ## Installation
    skipped 22 lines
    89 85  ``` bash
    90 86  sudo apt update
    91 87  sudo apt install pocsuite3
     88 +```
     89 + 
     90 +### Docker
     91 + 
     92 +```
     93 +docker run -it pocsuite3/pocsuite3
    92 94  ```
    93 95   
    94 96  ### ArchLinux
    skipped 7 lines
    102 104  Or click [here](https://github.com/knownsec/pocsuite3/archive/master.zip) to download the latest source zip package and extract
    103 105   
    104 106  ``` bash
    105  -$ wget https://github.com/knownsec/pocsuite3/archive/master.zip
    106  -$ unzip master.zip
    107  -$ cd pocsuite3-master
    108  -$ pip3 install -r requirements.txt
    109  -$ python3 setup.py install
     107 +wget https://github.com/knownsec/pocsuite3/archive/master.zip
     108 +unzip master.zip
     109 +cd pocsuite3-master
     110 +pip3 install -r requirements.txt
     111 +python3 setup.py install
    110 112  ```
    111 113   
    112 114   
    skipped 1 lines
    114 116   
    115 117  ## Documentation
    116 118   
    117  -Documentation is available in the [```docs```](https://github.com/knownsec/pocsuite3/blob/master/docs) directory.
     119 +Documentation is available at: https://pocsuite.org
    118 120   
    119 121  ## Usage
    120 122   
    skipped 6 lines
    127 129   # run poc with shell mode
    128 130   pocsuite -u http://example.com -r example.py -v 2 --shell
    129 131   
    130  - # search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The thread is set to 20
     132 + # search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The threads is set to 20
    131 133   pocsuite -r redis.py --dork service:redis --threads 20
    132 134   
    133 135   # load all poc in the poc directory and save the result as html
    skipped 3 lines
    137 139   pocsuite -f batch.txt --plugins poc_from_pocs,html_report
    138 140   
    139 141   # load CIDR target
    140  - pocsuite -u 10.0.0.0/24 -r example.py --plugins target_from_cidr
     142 + pocsuite -u 10.0.0.0/24 -r example.py
    141 143   
    142 144   # the custom parameters `command` is implemented in ecshop poc, which can be set from command line options
    143 145   pocsuite -u http://example.com -r ecshop_rce.py --attack --command "whoami"
    skipped 1 lines
    145 147  console mode
    146 148   poc-console
    147 149  ```
    148  - 
    149 150   
    150 151  <!--auto_detail_active_begin_e1c6fb434b6f0baf6912c7a1934f772b-->
    151 152  ## 项目相关
    skipped 49 lines
  • ■ ■ ■ ■
    vulnerability_assessment.md
    skipped 31 lines
    32 32  ![Author](https://img.shields.io/badge/Author-zan8in-orange)
    33 33  ![Language](https://img.shields.io/badge/Language-Golang-blue)
    34 34  ![GitHub stars](https://img.shields.io/github/stars/zan8in/afrog.svg?style=flat&logo=github)
    35  -![Version](https://img.shields.io/badge/Version-V1.3.5-red)
     35 +![Version](https://img.shields.io/badge/Version-V1.3.6-red)
    36 36   
    37 37  <https://github.com/zan8in/afrog>
    38 38   
    skipped 23 lines
Please wait...
Page is in error, reload to recover