Giter Site home page Giter Site logo

sepia's Introduction

Sepia-乌贼

Python 2.7 License

Sepia(乌贼)是一款集PoC批量验证和漏洞攻击的渗透测试工具,能满足漏洞爆发时快速对资产状况进行查证的需求。

一些说明

Sepia是在POC-T的基础上做了精简、改进而成的,因此首先要感谢@cdxy的POC-T项目:POC-T

与POC-T相比,Sepia有以下一些变化:

1. 数据搜集方式的变化

去掉了Google dork、Shodan dork,只保留了Zoomeye dork,增加了Baidu dork(URL爬虫)。

2. 增加了URL正则抓取定制功能

一些Web应用程序的漏洞其对应的URL可能千变万化,仅利用@cdxy批量规范URL的方法会降低验证效率,因此Sepia在toolkit文件中增加了正则定制项urlfilter,通过配合百度URL爬虫,能大大提升抓取和验证的效率。

3. 改变了一些输出显示

Sepia去掉了POC-T导出到文件的功能,引入prettytable直接将结果做成表格显示在终端。

4. 脚本编写要求的变化

由于Sepia含有漏洞的攻击功能,但各种漏洞的攻击方式会有很大差异,目前已经基本确定了Sepia的脚本编写规则和标准,这应该是和POC-T有比较大区别的地方。

总之,POC-T专注的是并发批量处理任务,而Sepia只专注高效批量PoC验证并能对单个目标实施攻击。

Wiki

后话

Sepia还处于开发版本阶段,有任何问题烦请发邮件至:[email protected]

2017年10月29日更新:由于ZoomEye方面一直处于升级更新状态,近期本来想完善Sepia的ZoomEye Dork代码,但ZoomEye的API迟迟未开放导致不能继续完善。暂时我先慢慢扩充脚本库吧。

2018年7月18日更新: 离开了大半年,发生了很多事,近期回归。

sepia's People

Contributors

s4kur4 avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.