afrog https://github.com/zan8in/afrog
What is afrog
afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. It helps network security practitioners quickly verify and fix vulnerabilities in a timely manner.
Features
- Open Source
- Fast, stable, low false positives
- Detailed html vulnerability report
- PoC can be customized and updated stably
- Active community exchange group
Example
Basic usage
# Scan a target
afrog -t http://127.0.0.1
# Scan multiple targets
afrog -T urls.txt
# Specify a scan report file
afrog -t http://127.0.0.1 -o result.html
Advanced usage
# Test PoC
afrog -t http://127.0.0.1 -P ./test/
afrog -t http://127.0.0.1 -P ./test/demo.yaml
# Scan by PoC Keywords
afrog -t http://127.0.0.1 -s tomcat,springboot,shiro
# Scan by PoC Vulnerability Severity Level
afrog -t http://127.0.0.1 -S high,critical
# Online update afrog-pocs
afrog -up
# Disable fingerprint recognition
afrog -t http://127.0.0.1 -nf
Screenshot
项目相关
最近更新
[v2.2.0] - 2023-01-07
更新
- 新增仅指纹扫描选项
-onlyfinger - 新增 CEL 函数,如 year/shortyear 等
- 新增 PoC 验证属性,默认为 false
- 新增规则属性表达式
[v2.1.1] - 2022-12-22
更新
- 修复了指纹中误报率高的bug
- 添加 -json 选项,用于 json 格式输出
[v2.1.0] - 2022-12-12
更新
- 新增 -update 将 afrog 引擎更新到最新发布的版本
- 新增 -proxy 使用 http/socks5 代理列表(逗号分隔或文件输入)
- 新增 -rate-limit、concurrency、fingerprint-concurrency、max-host-error、retries、timeout 等参数
- 修复 html 报告(返回多个请求记录)URL 不准确的 BUG
- 优化 banner 展示界面(模仿 nuclei)
- 屏蔽 GoPoc 功能(暂时)
[v2.0.1] - 2022-11-30
更新
- 紧急发布修复 BUG 的小版本
- 解决 afrog 线程池经常卡死 BUG
[v2.0.0] - 2022-11-10
更新
- 修复 afrog 后台执行命令失败 BUG
- 优化 afrog 稳定性,完善 URL 存活验证和扫描进度检查
- 优化 afrog 用户体验,控制台进度显示新增 hosts、closed、time
- 修复 target 黑名单逻辑判断不严谨导致的严重漏洞