Light

kenuoseclab / vaynescan Goto Github PK

View Code? Open in Web Editor NEW

This project forked from je2se/vaynescan

0.0 1.0 0.0 359 KB

常用漏洞一键化自动扫描，解决平时渗透测试中的重复工作~

Python 100.00%

vaynescan's Introduction

README

简介：

平时的测试总是千篇一律，对于很多的小检测项还要一项一项的检测，正好学习python，写写工具练练手，持续更新~

说明

脚本使用Python3编写

使用方法

安装依赖

python3 -m pip install -r requirements.txt

用法

python3 VayneScan.py -h 获取使用方法

本脚本目前集成了以下poc

IP地址探测
.GIT信息泄露
.SVN信息泄露
.DS_Store信息泄露
Weblogic漏洞扫描
ThinkPHP漏洞
不安全的HTTP请求
RIDES未授权访问
CORS跨域资源共享
HTTP.sys远程命令执行漏洞
Apache样例文件泄露
敏感目录/文件爆破
风险端口探测
主机头攻击
Host头注入
ElasticSearch漏洞
Struts漏洞
Jenkins未授权访问漏洞
Docker未授权访问漏洞
Apache Solr 未授权访问漏洞
Rsync未授权访问漏洞

扩展性

可自行进行扩充，在主文件VayneScan.py进行导入执行函数。

说明

脚本内小部分漏洞的poc使用了其他大佬现成的脚本
weblogic利用，大佬们写的非常好，向大佬学习
引用地址：https://github.com/rabbitmask/WeblogicScan

问题

依赖不知道都写全了没，提示的再手动安装
ssl协议问题有的没处理，会报错异常，没时间弄，后期修改

创建时间

2019-08-04 01:27:41

##更新日志

第一次更新：

2019-08-04 01:27:41 版本第一次编写 VayneScan 1.0

第二次更新

2-19-08-19 13:58:21 版本第二次更新 VayneScan 1.1

1.添加了部分场景下的处理，感谢EvilSi1ent反馈的bug，在存在WAF直接拦断请求时程序异常。
2.更新了weblogic的优化。首先会探测开放7001端口，若开放进行扫描。不开放便过滤

vaynescan's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.