当前位置:网站首页>Dry goods | summarize the linkage use of those vulnerability tools
Dry goods | summarize the linkage use of those vulnerability tools
2022-07-07 13:46:00 【Network security self-study room】
0x00 Introduction to missed scanning
Introduction for web Level vulnerability scanning , And the linkage use of some tools to improve efficiency , Because different objects need to use different types of scanning , for example awvs For domestic cms The framework may not scan so efficiently , Compare awvs It is a foreign maintenance update , So in this case, not a missed scan can solve all the problems , This is also an easy problem for novice Xiaobai to talk about in the test .
0x01 Burpsuite linkage xray Leakage and app 0x02 AWVS linkage Xray At the same time, missed scanning detection 0x03 awvs linkage bp linkage xray 0x04 afrog Leakage and 0x05 vulmap,pocassist Leakage and 0x06 Goby linkage awvs&xray&fofa 0x07 Single point tool
0x01 Burpsuite linkage xray Leakage and app
Flow trend : Simulator app data (192.168.181.1:8888)–>Burpsuite( monitor 192.168.181.1:8888, Forwarding traffic 127.0.0.1:8888)–>Xray( monitor 127.0.0.1:8888)
Project address :xray:https://github.com/chaitin/xray/releases
Use : Burpsuite monitor app Traffic : Burpsuite Forwarding traffic :
xray Detect traffic packets :
.\xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output mniqi.html

0x02 AWVS linkage Xray At the same time, missed scanning detection
Flow trend : awvs Test object ( And send the traffic to IP1)–>Xray Monitor any traffic (0.0.0.0 Test flow leakage scanning )
Project address : awvs:https://www.ddosi.org/awvs14-6-log4j-rce/ Use : awvs After setting the scanning object, forward the traffic to 127.0.0.1:1111: xray monitor 127.0.0.1:1111 Flow and scan :
.\xray_windows_amd64.exe webscan --listen 127.0.0.1:1111 --html-output cg.html
Linkage scanning :
0x03 awvs linkage bp linkage xray
Flow trend :awvs Traffic –>Burpsuite–>Xray Test flow
Same as above , The effect is almost the same , Just forward the traffic in several layers
0x04 afrog Leakage and
afrog It is a high-performance 、 Fast and steady 、PoC Customizable vulnerability scanning ( Dig a hole ) Tools ,PoC involve CVE、CNVD、 Default password 、 Information disclosure 、 fingerprint identification 、 Unauthorized access 、 Arbitrary file reading 、 Command execution and other vulnerability types , Help network security practitioners quickly verify and repair vulnerabilities in time .
Project use :
Scanning a single target :
afrog -t http://127.0.0.1 -o result.html
Scan multiple targets :
afrog -T urls.txt -o result.html
for example :urls.txt
http://192.168.139.129:8080
http://127.0.0.1
Test individual PoC file :
afrog -t http://127.0.0.1 -P ./testing/poc-test.yaml -o result.html
Test multiple PoC file :
afrog -t http://127.0.0.1 -P ./testing/ -o result.html
Output after scanning html The report , You can intuitively see the existing vulnerabilities , Then test and use :
0x05 vulmap,pocassist Leakage and
The missed scan is in an un updated state , The project gives , You can't do the experiment yourself Project address : vulmap:https://github.com/zhzyker/vulmap/releases pocassist:https://github.com/jweny/pocassist/releases
0x06 Goby linkage awvs&xray&fofa
Goby It is a next-generation network security tool based on cyberspace mapping technology . It generates emergency response to network security incidents and vulnerabilities by establishing a comprehensive asset knowledge base for the target network . Goby Provide the most comprehensive asset identification .Goby Preset 100,000 Multiple rule recognition engines , It can automatically identify and classify hardware equipment and software business systems , And comprehensively analyze the business systems existing in the network .
Project address :https://github.com/gobysec/Goby/releases
Plug in linkage : If there are too many, we won't make a demonstration ,goby It can play a good role in asset sorting , Very recommended
0x07 Single point tool
In general testing , Missed scan is to detect the whole target , But often when using a single weapon , It can have a very bad effect when penetrating , Here are some common individual weapons :
Graphical penetration Arsenal :GUI_TOOLS_V6.1_by Safety circle little prince –bugfixed
CMS Vulnerability scanner name Supported by CMS platform :
Droopescan WordPress,Joomla,Drupal,Moodle,SilverStripe
CMSmap WordPress,Joomla,Drupal,Moodle
CMSeeK WordPress,Joomla,Drupal etc.
WPXF WordPress
WPScan WordPress
WPSeku WordPress
WPForce WordPress
JoomScan Joomla
JoomlaVS Joomla
JScanner Joomla
Drupwn Drupal
Typo3Scan Typo3
Zhiyuan OA Comprehensive utilization tools https://github.com/Summer177/seeyon_exp
Accessible OA Comprehensive utilization tools https://github.com/xinyu2428/TDOA_RCE TDOA_RCE
Lan Ling OA Exploit tools / The front desk is unconditional RCE/ File is written to https://github.com/yuanhaiGreg/LandrayExploit
Pan Wei OA Vulnerability comprehensive utilization script https://github.com/z1un/weaver_exp weaver_exp
Ruijie network EG Easy gateway RCE Batch safety inspection https://github.com/Tas9er/EgGateWayGetShell EgGateWayGetShell
CMSmap For popular CMS Tools for security scanning https://github.com/Dionach/CMSmap CMSmap
Use Go Developed WordPress Vulnerability scanning tool https://github.com/blackbinn/wprecon wprecon
One Ruby frame , To help with WordPress Perform penetration test on the system https://github.com/rastating/wordpress-exploit-framework
WPScan WordPress Security scanners https://github.com/wpscanteam/wpscan wpscan
WPForce Wordpress Attack Suite https://github.com/n00py/WPForce WPForce
边栏推荐
- Cmake learning and use notes (1)
- Introduce six open source protocols in detail (instructions for programmers)
- Move base parameter analysis and experience summary
- Realbasicvsr test pictures and videos
- 数据库系统概论-第一章绪论【概念模型、层次模型和三级模式(外模式、模式、内模式)】
- Help tenants
- Centso7 OpenSSL error Verify return code: 20 (unable to get local issuer certificate)
- Some principles of mongodb optimization
- [daily training -- Tencent select 50] 231 Power of 2
- [1] Basic knowledge of ros2 - summary version of operation commands
猜你喜欢
Centso7 OpenSSL error Verify return code: 20 (unable to get local issuer certificate)
Talk about pseudo sharing
2022-7-6 Leetcode27.移除元素——太久没有做题了,为双指针如此狼狈的一天
存储过程的介绍与基本使用
如何让join跑得更快?
. Net core about redis pipeline and transactions
OSI seven layer model
Final review notes of single chip microcomputer principle
118. 杨辉三角
我那“不好惹”的00后下属:不差钱,怼领导,抵制加班
随机推荐
Realize the IP address home display function and number home query
Fast development board pinctrl and GPIO subsystem experiment for itop-imx6ull - modify the device tree file
xshell连接服务器把密钥登陆改为密码登陆
mysql 局域网内访问不到的问题
数字ic设计——SPI
Evolution of customer service hotline of dewu
JS slow motion animation principle teaching (super detail)
Use of polarscatter function in MATLAB
Ikvm of toolbox Net project new progress
Final review notes of single chip microcomputer principle
[learning notes] agc010
2022-7-6 beginner redis (I) download, install and run redis under Linux
Introduction and basic use of stored procedures
[Presto profile series] timeline use
华为镜像地址
High end for 8 years, how is Yadi now?
一文读懂数仓中的pg_stat
供应链供需预估-[时间序列]
Leecode3. Longest substring without repeated characters
MySQL error 28 and solution