crash.software
Projects
Pull Requests
Issues
Builds
afrog
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY afrog Commits dad42555
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    afrog-pocs/test/javamelody-detect.yaml
     1 +id: javamelody-detect
     2 + 
     3 +info:
     4 + name: JavaMelody Monitoring Exposed
     5 + author: zan8in
     6 + severity: high
     7 + information: |
     8 + JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to "View http sessions".
     9 + This can be used by an attacker to steal a user's session.
     10 + reference:
     11 + - https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
     12 + - https://github.com/javamelody/javamelody/wiki/UserGuide#16-security
     13 + - https://mp.weixin.qq.com/s/ye9qWPm0wcn90zoKQpExGg
     14 + - https://paper.seebug.org/705/
     15 + 
     16 +rules:
     17 + r0:
     18 + request:
     19 + method: GET
     20 + path: /monitoring
     21 + expression: response.status == 200 && response.body.bcontains(b'Monitoring JavaMelody on')
     22 + r1:
     23 + request:
     24 + method: GET
     25 + path: /..%3B/monitoring
     26 + expression: response.status == 200 && response.body.bcontains(b'Monitoring JavaMelody on')
     27 +expression: r0() || r1()
  • ■ ■ ■ ■ ■ ■
    cmd/title/main.go
    skipped 10 lines
    11 11   "github.com/remeh/sizedwaitgroup"
    12 12   "github.com/zan8in/afrog/pkg/config"
    13 13   http2 "github.com/zan8in/afrog/pkg/protocols/http"
     14 + "github.com/zan8in/afrog/pkg/scan"
    14 15   "github.com/zan8in/afrog/pkg/utils"
    15 16  )
    16 17   
    skipped 3 lines
    20 21  )
    21 22   
    22 23  func main() {
    23  - // for i := 1; i < 255; i++ {
    24  - // ip1 := "192.168.66." + strconv.Itoa(i)
    25  - // fmt.Println(ip1)
    26  - // }
    27  - 
    28  - // return
    29  - urls, err := utils.ReadFileLineByLine("./test2.txt")
     24 + urls, err := utils.ReadFileLineByLine("./urls.txt")
    30 25   if err != nil {
    31 26   fmt.Println("urls is empty.")
    32 27   return
    33 28   }
     29 + 
     30 + for _, u := range urls {
     31 + ip, err := scan.Target2ip(u)
     32 + if err != nil {
     33 + fmt.Println(err.Error(), u)
     34 + continue
     35 + }
     36 + fmt.Println(u, ip)
     37 + }
     38 + 
     39 + return
    34 40   config, err := config.New()
    35 41   if err != nil {
    36 42   fmt.Println("config is empty.")
    skipped 74 lines
  • ■ ■ ■ ■ ■ ■
    internal/runner/runner.go
    skipped 96 lines
    97 97   fmt.Println(ShowTips())
    98 98   }
    99 99   
     100 + // fmt.Println("port scan before : ", len(options.Targets))
     101 + 
     102 + // if !options.NoPortScan {
     103 + // if scan, err := scan.New(options); err == nil {
     104 + // scan.Execute()
     105 + // }
     106 + // }
     107 + 
     108 + // fmt.Println("port scan after : ", len(options.Targets))
     109 + 
    100 110   // fingerprint
    101 111   if !options.NoFinger {
    102 112   s, _ := fingerprint.New(options)
    skipped 20 lines
  • ■ ■ ■ ■ ■ ■
    pkg/config/options.go
    skipped 39 lines
    40 40   // disable output fingerprint in the console
    41 41   NoFinger bool
    42 42   
     43 + // ports to scan eg: 80,443,8000-9000
     44 + Port string
     45 + 
     46 + // disable port scan
     47 + NoPortScan bool
     48 + 
    43 49   // disable show tips
    44 50   NoTips bool
    45 51   
    skipped 42 lines
Please wait...
Page is in error, reload to recover