You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
404StarLink/detail/afrog.md

3.1 KiB

afrog https://github.com/zan8in/afrog

Language Author GitHub stars Version Time

What is afrog

afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. It helps network security practitioners quickly verify and fix vulnerabilities in a timely manner.

Features

  • Open Source
  • Fast, stable, low false positives
  • Detailed html vulnerability report
  • PoC can be customized and updated stably
  • Active community exchange group

Example

Basic usage

# Scan a target
afrog -t http://127.0.0.1

# Scan multiple targets
afrog -T urls.txt

# Specify a scan report file
afrog -t http://127.0.0.1 -o result.html

Advanced usage

# Test PoC 
afrog -t http://127.0.0.1 -P ./test/ 
afrog -t http://127.0.0.1 -P ./test/demo.yaml 

# Scan by PoC Keywords 
afrog -t http://127.0.0.1 -s tomcat,springboot,shiro 

# Scan by PoC Vulnerability Severity Level 
afrog -t http://127.0.0.1 -S high,critical 

# Online update afrog-pocs 
afrog -up 

# Disable fingerprint recognition 
afrog -t http://127.0.0.1 -nf

Screenshot

项目相关

最近更新

[v2.2.0] - 2023-01-07

更新

  • 新增仅指纹扫描选项 -onlyfinger
  • 新增 CEL 函数,如 year/shortyear 等
  • 新增 PoC 验证属性,默认为 false
  • 新增规则属性表达式

[v2.1.1] - 2022-12-22

更新

  • 修复了指纹中误报率高的bug
  • 添加 -json 选项,用于 json 格式输出

[v2.1.0] - 2022-12-12

更新

  • 新增 -update 将 afrog 引擎更新到最新发布的版本
  • 新增 -proxy 使用 http/socks5 代理列表(逗号分隔或文件输入)
  • 新增 -rate-limit、concurrency、fingerprint-concurrency、max-host-error、retries、timeout 等参数
  • 修复 html 报告(返回多个请求记录)URL 不准确的 BUG
  • 优化 banner 展示界面(模仿 nuclei)
  • 屏蔽 GoPoc 功能(暂时)

[v2.0.1] - 2022-11-30

更新

  • 紧急发布修复 BUG 的小版本
  • 解决 afrog 线程池经常卡死 BUG

[v2.0.0] - 2022-11-10

更新

  • 修复 afrog 后台执行命令失败 BUG
  • 优化 afrog 稳定性,完善 URL 存活验证和扫描进度检查
  • 优化 afrog 用户体验,控制台进度显示新增 hosts、closed、time
  • 修复 target 黑名单逻辑判断不严谨导致的严重漏洞