CVS consists of three parts: **CVS scanner**, **PoC IDE**, and **OOB server**. CVS scanner is used to read the scaned target information generated by Senluo and load PoC for vulnerability scanning. PoC IDE is used to write and debug vulnerability scripts and generate PoC files. OOB server is used for reverse connection platforms such as some vulnerabilities without echo to confirm the existence of vulnerabilities.VDSL syntax can be referenced https://github.com/Safe3/CVS/blob/main/VDSL.md
52
+
CVS consists of three parts: **CVS scanner**, **PoC IDE**, and **OOB server**. CVS scanner is used to read the scaned target information generated by Senluo and load PoC for vulnerability scanning. PoC IDE is used to write and debug vulnerability scripts and generate PoC files. OOB server is used for reverse connection platforms such as some vulnerabilities without echo to confirm the existence of vulnerabilities.VDSL syntax can be referto[VDSL](https://github.com/Safe3/CVS/blob/main/VDSL.md)
53
53
54
54
### Write PoC
55
55
skipped 15 lines
71
71
72
72
This picture shows the writing process of the CVE-2022-46169 no echo vulnerability test script. CVS IDE provides the **debug function** for printing debugging information, which is compatible with **fmt.Printf** in the go language The usage is shown in the text box below. For vulnerabilities with echoes, the existence of the vulnerability can be confirmed directly by returning true. For scenarios that require some information to be returned, such as password cracking, a string can be returned to save the result, which is located in the info field of the result.json generated by the CVS scanner.
73
73
74
-
The functions in the PoC script are compatible with the help functions of Nuclei, please refer to them for details https://docs.projectdiscovery.io/templates/reference/helper-functions .In addition, CVS also provides a network library, please refer to https://github.com/Safe3/CVS/blob/main/library.md for details,so it is very convenient to convert Nuclei's vulnerability template into CVS's PoC. For more PoC examples, please refer to the yaml file in the poc directory of the CVS scanner.
74
+
The functions in the PoC script are compatible with the help functions of Nuclei, please refer to them for details [helper-functions](https://docs.projectdiscovery.io/templates/reference/helper-functions) .In addition, CVS also provides a network library, please refer to [library](https://github.com/Safe3/CVS/blob/main/library.md) for details,so it is very convenient to convert Nuclei's vulnerability template into CVS's PoC. For more PoC examples, please refer to the yaml file in the poc directory of the CVS scanner.
75
75
76
76
### Setting up an OOB server
77
77
skipped 13 lines
91
91
log_level: info
92
92
```
93
93
94
-
4.Open ports 80, 53, and 33333 on the server, and set the OOB server as the NS resolution server. For example, domain names on Alibaba Cloud can be referenced https://help.aliyun.com/zh/dws/user-guide/custom-dns-host toperform configuration
94
+
4.Open ports 80, 53, and 33333 on the server, and set the OOB server as the NS resolution server. For example, domain names on Alibaba Cloud can be referto[Link](https://help.aliyun.com/zh/dws/user-guide/custom-dns-host)performing configuration