Each vulnerability after the outbreak, many people are in a hurry to find a batch, thinking to brush a few holes in the submission of the clouds. In fact, some of the vulnerabilities of the detection step time can be unified extraction do into the framework. Today I'll share to make your writing a vulnerability in the batch using the framework, using this framework, you can easily carry out some vulnerability of the batch scan.
0x01 framework of principles
Vulnerability scans are generally URL links to mount a POC or someone more ruthless directly on the exp to try to access, if the server returns the page in the presence of some characteristic of the string, then it is determined that the site the presence of vulnerabilities. For chestnuts, such as ecshop one injection vulnerability, submit the payload after the website returns the following page:
We in the automated scan, it will according to this page appears in such as”Duplicate entry”words to determine that the string is due to submit the payload in the MYSQL error injection caused. Then you need a determination to scan the result of regular scan_rule it.
At the same time, it was not satisfied with just scanning for vulnerabilities that they want to be from the page to obtain some information, such as the above screenshot appears in the admin and the password hash, scan out the vulnerability of the site, we want to extract this string, then it is necessary to have a crawl regular res_rule it.
In addition, the present Framework does not provide to be scanning the IP list or Domain Name list, these things need to do batch buddy own with some of the URL acquisition to acquisition. The framework itself only provides the loading, scanning, result of fetch function. And support for multi-threaded probe.
0x02 framework of the use
This framework only need to be ready to be scanned IP or domain name in the list, as well as a reliable exp or poc. Finally you only need to configure the framework's configuration file, and then execute the script can be ran.
The configuration file the various options are as follows:
For details about how to use the information, you can access to read the README. md.
Note that the ip or domain name in the list to bring http://Protocol header, as follows:
For s2-0 1 6 scan, configuration files, and above the same, as is the URL pattern, so the configuration items in raw_file do not fill in directly running the Python cli.py -m url to run the script:
The result set files will be recorded:
In addition, the framework also supports the POST method to submit the vulnerability detection data packet and the use of native http request packet will be detected.
Since the frame yesterday to finish, so there will be a rough place no treatment, if there is a bug, please private message me.