weekly update at 2022-06-17

pull/95/head
xx 2 years ago
parent 42e11c6d02
commit 62ef57dfc5
  1. 8
      README.md
  2. 22
      allprojects.md
  3. 124
      detail/BinAbsInspector.md
  4. 87
      detail/afrog.md
  5. 19
      others.md
  6. 13
      vulnerability_assessment.md

@ -17,6 +17,8 @@
| 时间 | 项目名称 | 项目动态 | | 时间 | 项目名称 | 项目动态 |
|----|-----------|--------------------------| |----|-----------|--------------------------|
|2022-06-15|[**afrog**](detail/afrog.md)|afrog加入星链计划|
|2022-06-15|[**BinAbsInspector**](detail/BinAbsInspector.md)|BinAbsInspector加入星链计划|
|2022-06-08|[**DNSlog-GO**](detail/DNSlog-GO.md)|更新 [v1.5.2](detail/DNSlog-GO.md#最近更新) 版本| |2022-06-08|[**DNSlog-GO**](detail/DNSlog-GO.md)|更新 [v1.5.2](detail/DNSlog-GO.md#最近更新) 版本|
|2022-06-07|[**pocsuite3**](detail/pocsuite3.md)|更新 [v1.9.4](detail/pocsuite3.md#最近更新) 版本| |2022-06-07|[**pocsuite3**](detail/pocsuite3.md)|更新 [v1.9.4](detail/pocsuite3.md#最近更新) 版本|
|2022-06-06|[**f8x**](detail/f8x.md)|更新 [v1.6.1](detail/f8x.md#最近更新) 版本| |2022-06-06|[**f8x**](detail/f8x.md)|更新 [v1.6.1](detail/f8x.md#最近更新) 版本|
@ -25,8 +27,6 @@
|2022-05-27|[**HaE**](detail/HaE.md)|更新 [v2.3](detail/HaE.md#最近更新) 版本| |2022-05-27|[**HaE**](detail/HaE.md)|更新 [v2.3](detail/HaE.md#最近更新) 版本|
|2022-05-24|[**MDUT**](detail/MDUT.md)|更新 [v2.1.0](detail/MDUT.md#最近更新) 版本| |2022-05-24|[**MDUT**](detail/MDUT.md)|更新 [v2.1.0](detail/MDUT.md#最近更新) 版本|
|2022-05-21|[**GShark**](detail/gshark.md)|更新 [v0.9.7](detail/gshark.md#最近更新) 版本| |2022-05-21|[**GShark**](detail/gshark.md)|更新 [v0.9.7](detail/gshark.md#最近更新) 版本|
|2022-05-21|[**Viper**](detail/Viper.md)|更新 [v1.5.21](detail/Viper.md#最近更新) 版本|
|2022-05-06|[**veinmind-tools**](detail/veinmind-tools.md)|更新 [v1.3.0](detail/veinmind-tools.md#最近更新) 版本|
**2.StarRank** **2.StarRank**
@ -62,6 +62,8 @@
| 时间 | 项目名称 | 项目简介 | | 时间 | 项目名称 | 项目简介 |
|----|-----------|--------------------------| |----|-----------|--------------------------|
|2022-06-15|[**afrog**](detail/afrog.md)|afrog 是一款性能卓越、快速稳定、PoC 可定制的漏洞扫描工具,PoC 包含 CVE、CNVD、默认口令、信息泄露、指纹识别、未授权访问、任意文件读取、命令执行等多种漏洞类型,帮助网络安全从业者快速验证并及时修复漏洞。|
|2022-06-15|[**BinAbsInspector**](detail/BinAbsInspector.md)|BinAbsInspector(Binary Abstract Inspector)是一款用于自动化逆向工程和扫描二进制文件漏洞的静态分析器,是 Keenlab 孵化的长期研究项目。基于 Ghidra 的支持下的抽象解释,适用于 Ghidra 的 Pcode 而非汇编。目前支持 x86、x64、armv7 和 aarch64 的二进制文件。|
|2022-03-16|[**veinmind-tools**](detail/veinmind-tools.md)|veinmind-tools 是基于 veinmind-sdk 打造的一个容器安全工具集,目前已支持镜像 恶意文件/后门/敏感信息/弱口令 的扫描,更多功能正在逐步开发中。| |2022-03-16|[**veinmind-tools**](detail/veinmind-tools.md)|veinmind-tools 是基于 veinmind-sdk 打造的一个容器安全工具集,目前已支持镜像 恶意文件/后门/敏感信息/弱口令 的扫描,更多功能正在逐步开发中。|
|2022-03-16|[**DNSlog-GO**](detail/DNSlog-GO.md)|DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面。单文件运行,无依赖。部署方便快捷。| |2022-03-16|[**DNSlog-GO**](detail/DNSlog-GO.md)|DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面。单文件运行,无依赖。部署方便快捷。|
|2022-03-16|[**scaninfo**](detail/scaninfo.md)|scaninfo 是一款开源、轻量、快速、跨平台的红队内外网打点扫描器。比较同类工具,其能够在 nmap 的扫描速度和 masscan 的准确度之间寻找一个较好的平衡点,能够快速进行端口扫描和服务识别,内置指纹识别用于 web 探测,可以用报告的方式整理扫描结果。| |2022-03-16|[**scaninfo**](detail/scaninfo.md)|scaninfo 是一款开源、轻量、快速、跨平台的红队内外网打点扫描器。比较同类工具,其能够在 nmap 的扫描速度和 masscan 的准确度之间寻找一个较好的平衡点,能够快速进行端口扫描和服务识别,内置指纹识别用于 web 探测,可以用报告的方式整理扫描结果。|
@ -70,8 +72,6 @@
|2021-11-22|[**BurpCrypto**](detail/BurpCrypto.md)|支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件。| |2021-11-22|[**BurpCrypto**](detail/BurpCrypto.md)|支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件。|
|2021-11-22|[**ysomap**](detail/ysomap.md)|Ysomap是一款适配于各类实际复杂环境的Java反序列化利用框架,可动态配置具备不同执行效果的Java反序列化利用链payload,以应对不同场景下的反序列化利用。| |2021-11-22|[**ysomap**](detail/ysomap.md)|Ysomap是一款适配于各类实际复杂环境的Java反序列化利用框架,可动态配置具备不同执行效果的Java反序列化利用链payload,以应对不同场景下的反序列化利用。|
|2021-11-22|[**Kunyu**](detail/Kunyu.md)|Kunyu(坤舆),是一款基于ZoomEye API开发的信息收集工具,旨在让企业资产收集更高效,使更多安全相关从业者了解、使用网络空间测绘技术。| |2021-11-22|[**Kunyu**](detail/Kunyu.md)|Kunyu(坤舆),是一款基于ZoomEye API开发的信息收集工具,旨在让企业资产收集更高效,使更多安全相关从业者了解、使用网络空间测绘技术。|
|2021-07-02|[**Pocassist**](detail/Pocassist.md)|Pocassist 是一个 Golang 编写的全新开源漏洞测试框架,帮助安全人员专注于漏洞验证的逻辑的实现。Pocassist 提供了简洁的 Web 图形化界面,用户可以在线编辑漏洞验证程序即可进行批量的测试;规则完全兼容 xray,可以直接使用现有开源的 PoC 库,同时也支持添加自定义规则。|
|2021-07-02|[**MDUT**](detail/MDUT.md)|MDUT 全称 Multiple Database Utilization Tools,旨在将常见的数据库利用手段集合在一个程序中,打破各种数据库利用工具需要各种环境导致使用相当不便的隔阂;MDUT 使用 Java 开发,支持跨平台使用。|
**5.[分类:甲方工具](party_a.md)** **5.[分类:甲方工具](party_a.md)**

@ -25,6 +25,7 @@
* [Kunpeng](#kunpeng) * [Kunpeng](#kunpeng)
* [Pocassist](#pocassist) * [Pocassist](#pocassist)
* [myscan](#myscan) * [myscan](#myscan)
* [afrog](#afrog)
* [LSpider](#lspider) * [LSpider](#lspider)
* [攻击与利用/penetration_test](#攻击与利用penetration_test) * [攻击与利用/penetration_test](#攻击与利用penetration_test)
@ -58,6 +59,7 @@
* [PortForward](#portforward) * [PortForward](#portforward)
* [其他/others](#其他others) * [其他/others](#其他others)
* [BinAbsInspector](#binabsinspector)
* [f8x](#f8x) * [f8x](#f8x)
* [passive-scan-client](#passive-scan-client) * [passive-scan-client](#passive-scan-client)
* [wam](#wam) * [wam](#wam)
@ -272,6 +274,16 @@ Pocassist 是一个 Golang 编写的全新开源漏洞测试框架,帮助安
myscan是参考awvs的poc目录架构,pocsuite3、sqlmap等代码框架,以及搜集互联网上大量的poc,由python3开发而成的被动扫描工具。 myscan是参考awvs的poc目录架构,pocsuite3、sqlmap等代码框架,以及搜集互联网上大量的poc,由python3开发而成的被动扫描工具。
### [afrog](detail/afrog.md)
![Author](https://img.shields.io/badge/Author-zan8in-orange)
![Language](https://img.shields.io/badge/Language-Golang-blue)
![GitHub stars](https://img.shields.io/github/stars/zan8in/afrog.svg?style=flat&logo=github)
![Version](https://img.shields.io/badge/Version-V1.3.4-red)
<https://github.com/zan8in/afrog>
afrog 是一款性能卓越、快速稳定、PoC 可定制的漏洞扫描工具,PoC 包含 CVE、CNVD、默认口令、信息泄露、指纹识别、未授权访问、任意文件读取、命令执行等多种漏洞类型,帮助网络安全从业者快速验证并及时修复漏洞。
### [LSpider](detail/LSpider.md) ### [LSpider](detail/LSpider.md)
![Author](https://img.shields.io/badge/Author-LoRexxar-orange) ![Author](https://img.shields.io/badge/Author-LoRexxar-orange)
![Language](https://img.shields.io/badge/Language-Python-blue) ![Language](https://img.shields.io/badge/Language-Python-blue)
@ -534,6 +546,16 @@ PortForward 是使用 Golang 进行开发的端口转发工具,解决在某些
## 其他/others ## 其他/others
### [BinAbsInspector](detail/BinAbsInspector.md)
![Author](https://img.shields.io/badge/Author-KeenSecurityLab-orange)
![Language](https://img.shields.io/badge/Language-Java-blue)
![GitHub stars](https://img.shields.io/github/stars/KeenSecurityLab/BinAbsInspector.svg?style=flat&logo=github)
![Version](https://img.shields.io/badge/Version-V0.1-red)
<https://github.com/KeenSecurityLab/BinAbsInspector>
BinAbsInspector(Binary Abstract Inspector)是一款用于自动化逆向工程和扫描二进制文件漏洞的静态分析器,是 Keenlab 孵化的长期研究项目。基于 Ghidra 的支持下的抽象解释,适用于 Ghidra 的 Pcode 而非汇编。目前支持 x86、x64、armv7 和 aarch64 的二进制文件。
### [f8x](detail/f8x.md) ### [f8x](detail/f8x.md)
![Author](https://img.shields.io/badge/Author-ffffffff0x-orange) ![Author](https://img.shields.io/badge/Author-ffffffff0x-orange)
![Language](https://img.shields.io/badge/Language-Bash-blue) ![Language](https://img.shields.io/badge/Language-Bash-blue)

@ -0,0 +1,124 @@
## BinAbsInspector <https://github.com/KeenSecurityLab/BinAbsInspector>
<!--auto_detail_badge_begin_0b490ffb61b26b45de3ea5d7dd8a582e-->
![Language](https://img.shields.io/badge/Language-Java-blue)
![Author](https://img.shields.io/badge/Author-KeenSecurityLab-orange)
![GitHub stars](https://img.shields.io/github/stars/KeenSecurityLab/BinAbsInspector.svg?style=flat&logo=github)
![Version](https://img.shields.io/badge/Version-V0.1-red)
![Time](https://img.shields.io/badge/Join-20220615-green)
<!--auto_detail_badge_end_fef74f2d7ea73fcc43ff78e05b1e7451-->
# What is BinAbsInspector?
BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at [Keenlab](https://keenlab.tencent.com/). It is based on abstract interpretation with the support from Ghidra. It works on Ghidra's Pcode instead of assembly. Currently it supports binaries on x86,x64, armv7 and aarch64.
# Installation
+ Install Ghidra according to [Ghidra's documentation](https://github.com/NationalSecurityAgency/ghidra#install)
+ Install [Z3](https://github.com/Z3Prover/z3) (tested version: 4.8.15)
+ Note that generally there are two parts for Z3 library: one is Java package, the other one is native library. The Java package is already included in "/lib" directory, but we suggest that you replace it with your own Java package for version compatibility.
+ For Windows, download a pre-built package from [here](https://github.com/Z3Prover/z3/releases), extract the zip file and add a PATH environment variable pointing to `z3-${version}-win/bin`
+ For Linux, install with package manager is NOT recommended, there are two options:
1. You can download suitable pre-build package from [here](https://github.com/Z3Prover/z3/releases), extract the zip file and copy `z3-${version}-win/bin/*.so` to `/usr/local/lib/`
2. or you can build and install z3 according to [Building Z3 using make and GCC/Clang](https://github.com/Z3Prover/z3#building-z3-using-make-and-gccclang)
+ For MacOS, it is similar to Linux.
+ Download the extension zip file from [release page](https://github.com/KeenSecurityLab/BinAbsInspector/releases)
+ Install the extension according to [Ghidra Extension Notes](https://ghidra-sre.org/InstallationGuide.html#GhidraExtensionNotes)
# Building
Build the extension by yourself, if you want to develop a new feature, please refer to [development guide](https://github.com/KeenSecurityLab/BinAbsInspector/wiki/Developer-Guide).
+ Install Ghidra and Z3
+ Install [Gradle 7.x](https://gradle.org/releases/) (tested version: 7.4)
+ Pull the repository
+ Run `gradle buildExtension` under repository root
+ The extension will be generated at `dist/${GhidraVersion}_${date}_BinAbsInspector.zip`
# Usage
You can run BinAbsInspector in headless mode, GUI mode, or with docker.
+ With Ghidra headless mode.
```
$GHIDRA_INSTALL_DIR/support/analyzeHeadless <projectPath> <projectName> -import <file> -postScript BinAbsInspector "@@<scriptParams>"
```
`<projectPath>` -- Ghidra project path.
`<projectName>` -- Ghidra project name.
`<scriptParams>` -- The argument for our analyzer, provides following options:
| Parameter | Description |
| ----------------------------------------- | --------------------------------------|
| `[-K <kElement>]` | KSet size limit [K](https://github.com/KeenSecurityLab/BinAbsInspector/wiki/Technical-Details#kset) |
| `[-callStringK <callStringMaxLen>]` | Call string maximum length [K](https://github.com/KeenSecurityLab/BinAbsInspector/wiki/Technical-Details#context)|
| `[-Z3Timeout <timeout>]` | Z3 timeout |
| `[-timeout <timeout>]` | Analysis timeout |
| `[-entry <address>]` | Entry address |
| `[-externalMap <file>]` | External function model config |
| `[-json]` | Output in json format |
| `[-disableZ3]` | Disable Z3 |
| `[-all]` | Enable all checkers |
| `[-debug]` | Enable debugging log output |
| `[-check "<cweNo1>[;<cweNo2>...]"]` | Enable specific checkers |
+ With Ghidra GUI
1. Run Ghidra and import the target binary into a project
2. Analyze the binary with default settings
3. When the analysis is done, open `Window -> Script Manager` and find `BinAbsInspector.java`
4. Double-click on `BinAbsInspector.java` entry, set the parameters in configuration window and click OK
5. When the analysis is done, you can see the CWE reports in console window, double-click the addresses from the report can jump to corresponding address
+ With Docker
```shell
git clone git@github.com:KeenSecurityLab/BinAbsInspector.git
cd BinAbsInspector
docker build . -t bai
docker run -v $(pwd):/data/workspace bai "@@<script parameters>" -import <file>
```
# Implemented Checkers
So far BinAbsInspector supports following checkers:
+ [CWE78](https://cwe.mitre.org/data/definitions/78.html) (OS Command Injection)
+ [CWE119](https://cwe.mitre.org/data/definitions/119.html) (Buffer Overflow (generic case))
+ [CWE125](https://cwe.mitre.org/data/definitions/125.html) (Buffer Overflow (Out-of-bounds Read))
+ [CWE134](https://cwe.mitre.org/data/definitions/134.html) (Use of Externally-Controlled Format string)
+ [CWE190](https://cwe.mitre.org/data/definitions/190.html) (Integer overflow or wraparound)
+ [CWE367](https://cwe.mitre.org/data/definitions/367.html) (Time-of-check Time-of-use (TOCTOU))
+ [CWE415](https://cwe.mitre.org/data/definitions/415.html) (Double free)
+ [CWE416](https://cwe.mitre.org/data/definitions/416.html) (Use After Free)
+ [CWE426](https://cwe.mitre.org/data/definitions/426.html) (Untrusted Search Path)
+ [CWE467](https://cwe.mitre.org/data/definitions/467.html) (Use of sizeof() on a pointer type)
+ [CWE476](https://cwe.mitre.org/data/definitions/476.htmll) (NULL Pointer Dereference)
+ [CWE676](https://cwe.mitre.org/data/definitions/676.html) (Use of Potentially Dangerous Function)
+ [CWE787](https://cwe.mitre.org/data/definitions/787.html) (Buffer Overflow (Out-of-bounds Write))
# Project Structure
The structure of this project is as follows, please refer to [technical details](https://github.com/KeenSecurityLab/BinAbsInspector/wiki/Technical-Details) for more details.
```
├── main
│ ├── java
│ │ └── com
│ │ └── bai
│ │ ├── checkers checker implementatiom
│ │ ├── env
│ │ │ ├── funcs function modeling
│ │ │ │ ├── externalfuncs external function modeling
│ │ │ │ └── stdfuncs cpp std modeling
│ │ │ └── region memory modeling
│ │ ├── solver analyze core and grpah module
│ │ └── util utilities
│ └── resources
└── test
```
You can also build the javadoc with `gradle javadoc`, the API documentation will be generated in `./build/docs/javadoc`.
# Acknowledgement
We employ [Ghidra](https://ghidra-sre.org/) as our foundation and frequently leverage [JImmutable Collections](http://brianburton.github.io/java-immutable-collections/) for better performance.
Here we would like to thank them for their great help!
<!--auto_detail_active_begin_e1c6fb434b6f0baf6912c7a1934f772b-->
## 项目相关
## 最近更新
<!--auto_detail_active_end_f9cf7911015e9913b7e691a7a5878527-->

@ -0,0 +1,87 @@
## afrog <https://github.com/zan8in/afrog>
<!--auto_detail_badge_begin_0b490ffb61b26b45de3ea5d7dd8a582e-->
![Language](https://img.shields.io/badge/Language-Golang-blue)
![Author](https://img.shields.io/badge/Author-zan8in-orange)
![GitHub stars](https://img.shields.io/github/stars/zan8in/afrog.svg?style=flat&logo=github)
![Version](https://img.shields.io/badge/Version-V1.3.4-red)
![Time](https://img.shields.io/badge/Join-20220615-green)
<!--auto_detail_badge_end_fef74f2d7ea73fcc43ff78e05b1e7451-->
## 什么是 afrog
afrog 是一款性能卓越、快速稳定、PoC 可定制的漏洞扫描工具,PoC 包含 CVE、CNVD、默认口令、信息泄露、指纹识别、未授权访问、任意文件读取、命令执行等多种漏洞类型,帮助网络安全从业者快速验证并及时修复漏洞。
## 特点
* [x] 基于 xray 内核,又不像 xray([**afrog 模板语法**](https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/README.md))
* [x] 性能卓越,快速稳定
* [x] 实时显示,扫描进度
* [x] 输出 html 报告,方便查看 `request``response`
* [x] 启动程序,自动更新本地 PoC 库
* [x] 长期维护、更新 PoC([**afrog-pocs**](https://github.com/zan8in/afrog/tree/main/pocs/afrog-pocs))
* [x] 二次开发,参考 `cmd/afrog/main.go` 或加入 **[交流群](https://github.com/zan8in/afrog#%E4%BA%A4%E6%B5%81%E7%BE%A4)**
## 下载
### [下载地址](https://github.com/zan8in/afrog/releases)
## 使用指南
### [查看指南](https://github.com/zan8in/afrog/blob/main/GUIDE.md)
## 例子
扫描单个目标
```
afrog -t http://127.0.0.1 -o result.html
```
![](https://github.com/zan8in/afrog/raw/main/images/onescan.png)
扫描多个目标
```
afrog -T urls.txt -o result.html
```
例如:`urls.txt`
```
http://192.168.139.129:8080
http://127.0.0.1
```
![](https://github.com/zan8in/afrog/raw/main/images/twoscan.png)
测试单个 PoC 文件
```
afrog -t http://127.0.0.1 -P ./testing/poc-test.yaml -o result.html
```
![](https://github.com/zan8in/afrog/raw/main/images/threescan.png)
测试多个 PoC 文件
```
afrog -t http://127.0.0.1 -P ./testing/ -o result.html
```
![](https://github.com/zan8in/afrog/raw/main/images/fourscan.png)
输出 html 报告
![](https://github.com/zan8in/afrog/raw/main/images/2.png)
![](https://github.com/zan8in/afrog/raw/main/images/3.png)
## 如何贡献 PoC?
### [查看教程](https://github.com/zan8in/afrog/blob/main/CONTRIBUTION.md)
## PoC 列表
### [查看 PoC 列表](https://github.com/zan8in/afrog/blob/main/POCLIST.md)
<!--auto_detail_active_begin_e1c6fb434b6f0baf6912c7a1934f772b-->
## 项目相关
## 最近更新
<!--auto_detail_active_end_f9cf7911015e9913b7e691a7a5878527-->

@ -1,12 +1,23 @@
## 其他 / others ## 其他 / others
1. [f8x](#f8x) 1. [BinAbsInspector](#binabsinspector)
2. [passive-scan-client](#passive-scan-client) 2. [f8x](#f8x)
3. [wam](#wam) 3. [passive-scan-client](#passive-scan-client)
4. [LBot](#lbot) 4. [wam](#wam)
5. [LBot](#lbot)
---------------------------------------- ----------------------------------------
### [BinAbsInspector](detail/BinAbsInspector.md)
![Author](https://img.shields.io/badge/Author-KeenSecurityLab-orange)
![Language](https://img.shields.io/badge/Language-Java-blue)
![GitHub stars](https://img.shields.io/github/stars/KeenSecurityLab/BinAbsInspector.svg?style=flat&logo=github)
![Version](https://img.shields.io/badge/Version-V0.1-red)
<https://github.com/KeenSecurityLab/BinAbsInspector>
BinAbsInspector(Binary Abstract Inspector)是一款用于自动化逆向工程和扫描二进制文件漏洞的静态分析器,是 Keenlab 孵化的长期研究项目。基于 Ghidra 的支持下的抽象解释,适用于 Ghidra 的 Pcode 而非汇编。目前支持 x86、x64、armv7 和 aarch64 的二进制文件。
### [f8x](detail/f8x.md) ### [f8x](detail/f8x.md)
![Author](https://img.shields.io/badge/Author-ffffffff0x-orange) ![Author](https://img.shields.io/badge/Author-ffffffff0x-orange)
![Language](https://img.shields.io/badge/Language-Bash-blue) ![Language](https://img.shields.io/badge/Language-Bash-blue)

@ -3,7 +3,8 @@
1. [Kunpeng](#kunpeng) 1. [Kunpeng](#kunpeng)
2. [Pocassist](#pocassist) 2. [Pocassist](#pocassist)
3. [myscan](#myscan) 3. [myscan](#myscan)
4. [LSpider](#lspider) 4. [afrog](#afrog)
5. [LSpider](#lspider)
---------------------------------------- ----------------------------------------
@ -37,6 +38,16 @@ Pocassist 是一个 Golang 编写的全新开源漏洞测试框架,帮助安
myscan是参考awvs的poc目录架构,pocsuite3、sqlmap等代码框架,以及搜集互联网上大量的poc,由python3开发而成的被动扫描工具。 myscan是参考awvs的poc目录架构,pocsuite3、sqlmap等代码框架,以及搜集互联网上大量的poc,由python3开发而成的被动扫描工具。
### [afrog](detail/afrog.md)
![Author](https://img.shields.io/badge/Author-zan8in-orange)
![Language](https://img.shields.io/badge/Language-Golang-blue)
![GitHub stars](https://img.shields.io/github/stars/zan8in/afrog.svg?style=flat&logo=github)
![Version](https://img.shields.io/badge/Version-V1.3.4-red)
<https://github.com/zan8in/afrog>
afrog 是一款性能卓越、快速稳定、PoC 可定制的漏洞扫描工具,PoC 包含 CVE、CNVD、默认口令、信息泄露、指纹识别、未授权访问、任意文件读取、命令执行等多种漏洞类型,帮助网络安全从业者快速验证并及时修复漏洞。
### [LSpider](detail/LSpider.md) ### [LSpider](detail/LSpider.md)
![Author](https://img.shields.io/badge/Author-LoRexxar-orange) ![Author](https://img.shields.io/badge/Author-LoRexxar-orange)
![Language](https://img.shields.io/badge/Language-Python-blue) ![Language](https://img.shields.io/badge/Language-Python-blue)

Loading…
Cancel
Save