Vulnerability Bulk Utilization Scan framework

 0x00 Preface

After each loophole, many people are anxious to find the batch, thinking that can brush a few holes to submit the cloud. In fact, some of the loopholes of the detection step is a lot of time can be uniformly extracted into the framework. Today, I'm going to share some of the vulnerabilities I wrote. The framework of bulk use, the use of this framework, you can easily do some of the vulnerability of batch scanning.

The principle of the 0x01 framework

Vulnerability scanning is generally a URL link to mount a POC or someone more ruthless directly on exp to try to access, if the server returns a page with some characteristics of the string, Then the site is judged to be vulnerable. To give a chestnut, such as An injection of ecshop, after submitting payload , the website returns to the following page:

When we are automating the scan, we will be based on this page, such as " duplicate entry " payload mysql error injection caused. A regular scan_rule

At the same time, someone is not satisfied just scan whether there are loopholes, they want to be able to get some information from the page, such as the above in the admin and password hash, scan out the vulnerability site, we want to extract this string, Then it is also necessary to have a crawl of the regular res_rule.

In addition, the framework does not provide a list of IP to be scanned or a list of domain names, these things need to do batch of buddies themselves with some URL collector to collect. The framework itself only provides loading, scanning, result fetching and other functions. and support multi-threaded probing.

use of the 0x02 framework

This framework only needs to be ready to scan the IP or domain Name list, as well as a reliable exp or POC . Finally you just need to configure the configuration file for this framework and then execute the script to run.

The various options for the configuration file are as follows:

For detailed usage information, you can access the reading readme.md.

Https://github.com/OneSourceCat/scan-framework

It is important to note that theIP or domain Name list should be taken with the http:// protocol header as follows:

0x03 Use cases

For s2-016 Scanning, the configuration file is consistent with the above, because it is the URL pattern, so the raw_file in the configuration item does not need to fill in, runs directly Python cli.py-m URL To run the script:

The result set file is logged:

In addition, the framework supports POST - submission of vulnerability detection packets and probes using native http request packets.

Because the framework was written yesterday, so there will be more rough place not to deal with, if there is a bug, please private messages me.

Project address:https://github.com/OneSourceCat/scan-framework

Vulnerability Bulk Utilization Scan framework