code-scan / dzscan Goto Github PK

Dzscan

Python 100.00%

dzscan's Introduction

Hi there 👋

dzscan's People

Contributors

Stargazers

Watchers

Forkers

adra1n cyjaysun findlakes zhangweiwei0326 360sec key20 traceur lubyruffy gh0st7 ccccccccccc anhilo shellb0y binarygu ccavxx fu2k hongxs r00tak superman1982 yocruzer baiyunping333 jamalmo dongdongbo wifido uppentest 404soul i0t hi-kk zhangqin cann0n hxp2k6 sevck 0sec go-spider vf3ng newbiethetest z0x010 wangjun hacker-one uncia phzenb melodyzx stevenxue janepeak520 q999qa1 hiw0rld kernux ledudu kingsunlin qq1136188158 ch0ck catcherman mozcrash fengssq ning1022 losiry gnginx thomposer nx4dm1n tuuunya yeshuibo 0x24bin olbb bryant1410 kai2008 zjxzjx ganglongguni penrightpen missxq131 tomylver walkinreeds stevenchen0x01 chennqqi pd1r diertianmowang yogistudio naozibuhao dm2333 nlcoin zxser arongmh lokinglz 5665750 d0ef quekie leo4617 xiaoyuge16 sry309 winter3un demonyaksa xiaoyecent gayhubuser marshell88 zimaoxy 243627152 5up3rc kyhvedn m4cr0-storm cherryblow shadow-horse xiaonibakeji

dzscan's Issues

关于输出

先输出html中提取的
然后输出扫描进度
扫描完成后，才把暴力扫描的结果一次性输出，不用一边扫一边输出找到的

1.计算机专业
2.熟悉渗透测试步骤、方法、流程，熟练使用一定量的渗透测试工具；
3.熟悉攻击的各类技术及方法，对各类操作系统、应用平台的弱点有较深入的理解；
4.熟悉常见脚本语言，能够进行WEB渗透测试，恶意代码检测和分析；
5.有一定代码编写能力，至少掌握三种以上常见编程语言；
6.主动性强，具有良好的沟通、协调和组织能力、文档编写能力，逻辑性强。
联系人：吴丹
电子邮箱： [email protected]
QQ/MSN： 3185336376
公司网址： http://
公司介绍：启明星辰公司成立于1996年，是由留美博士严望佳女士创建的拥有完全自主知识产权的网络安全高科技企业，是国内最具实力的网络安全产品、可信安全管理平台、专业安全服务与解决方案的综合提供商。公司总部位于北京市中关村软件园启明星辰大厦，在全国各省、市、自治区设立分、子公司及办事处三十多个，拥有覆盖全国的渠道体系和技术支持中心。2010年6月23日，启明星辰在深交所中小板挂牌上市。
卓识远见领航安全
作为国内信息安全市场的领航者与先行者，启明星辰始终坚持“诚信为本、技术领先、服务本地化、用户第一”的宗旨，连续多年稳居国内入侵检测、漏洞扫描市场第一，近年来更是成为国内统一威胁管理（UTM）、安全合规性审计、安全专业服务和安全管理平台（SOC）的市场领导者，并推出了系列行业解决方案，帮助客户建立完善的安全保障体系。
到目前为止，启明星辰公司用户已经覆盖政府、军队、金融、电信、能源、交通、教育、制造、中小企业等各行业，已经逐步成长为信息安全领域用户最值得信赖的首选品牌。
与时俱进志存高远
雄厚的研发实力让启明星辰成为国内安全领域最具技术创新和产品开发实力的企业之一。国际一流的黑客攻防技术研究团队——积极防御实验室（ADLAB）、国际一流的安全运营服务团队——安全运营中心（M2S）、国内一流的安全体系设计及咨询团队——前线技术专家团（VF）、国内一流的安全系统集成团队和国内首家企业网络安全博士后工作站。雄厚的技术研发实力使得启明星辰成为国内信息安全领域承担国家级重点项目最多的企业，拥有国家级网络安全技术研发基地，获得百余项自主知识产权，遥遥领先于业界。

插件扫描优化

可以先抓取首页
提取
/plugin?id=(.*)的值输出，然后再进行fuzz

MAC下的问题

Traceback (most recent call last):
File "dzscan.py", line 286, in
base.fetch_version()
File "dzscan.py", line 62, in fetch_version
req = requests.get(robots_path, headers=HEADERS)
File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 53, in request

13285109

README-english.md

README.md
dzscan
Has just released a new version there may be some bug, is being repaired, if there questions, please submit issue is the best band diagram spicy

Attention to, ah, to be concerned about is not the purpose to contribute code or feedback to bug oh (● '◡' ●) Techno ♥

Vulnerability scan path as follows:

deafult admin & uc_server login page
develop.php
X3
X3 tools / tools.php ~ Deafult password 188281MWWxjk
X3.1 utility / convert / index.php ~ Remote code execute
6.x
6.x my.php ~ SQL
7.x
7.2 faq.php ~ SQL
7.2 manyou / userapp.php ~ SQL
7.2 admincp.php ~ XSS
Installation and Usage
Vulnerability Database Home Dzscan

windows

windows need to install VCForPython2.7

download link

http://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi
Then cut open cmd, perform, which requires the path to change the path where you installed python

c:
cd C: \ Python27 \ Scripts
easy_install pip
pip install gevent
linux

linux is very simple, only need to perform

easy_install pip
pip install gevent
Instructions
python dzscan.py --update // update the plug-in list (now without the latest updates)
python dzscan.py -u http://bbs.dzscan.org/ --gevent 20 // 20 is the number of threads, can be customized
I want to do this project when about six months ago or so, then wrote the first version of the scanner bug a lot, although still six months later still have not too many changes, known bug that thread suspended animation, custom error pages will exist forecasts, etc., and indeed program sucks, barely able to run ...

The original intention was waiting for me a hundred loopholes stock enough loopholes to open the project, but see already been issued a similar gadgets I feel no need to conceal it, as we maintain together out comments.

The first is the vulnerability pants Home http://dzscan.org/ , because there are all the loopholes team members or their own independent discovery, so now really did not have much vulnerability, as they have not much time to concentrate on digging holes, I hope you know what vulnerabilities can tell me a copy, thank you. [email protected] together if friends are interested in the long-term to do so you can contact me.

Dzscan here to thank the team members supportsinrange @ ra0mb1er @ ca1nb here also welcome more friends to join us.

hi 一直关注中

怎么没有更新了？期待更新。。

stdout输出的内容

现在是输出

[*] Scan addon 'mowii_oldthread' for exisitance...

改为

    def stdout(self, name):
#self.count 存储插件总数

        scanow ='[*] Scan %d of %d and found %d , Please wait..'%(self.reqs,self.count,len(self.outs))
        sys.stdout.write(str(scanow)+" "*20+"\b\b\r")
        sys.stdout.flush()

这样输出不会导致缓冲区不能刷新然后换行，也直观一些