Skip to content

Commit c0ce066

Browse files
committed
添加poc 小工具tools/cve/main.go 2023-01-13
1 parent 0520752 commit c0ce066

File tree

760 files changed

+43546
-155723
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

760 files changed

+43546
-155723
lines changed

360.net.json

Whitespace-only changes.

3ee8307c128be7296b2fa2ad5453341a3d37c2b6.xml

Lines changed: 0 additions & 27 deletions
This file was deleted.

README.md

Lines changed: 26 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
1+
[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
22
<p align="center">
33
<a href="/README_CN.md">README_中文</a> •
44
<a href="/static/Installation.md">Compile/Install/Run</a> •
@@ -64,6 +64,26 @@ noScan=true ./scan4all -l list.txt -v
6464

6565
<img src="/static/nmap.gif" width="400">
6666

67+
### --top-ports
68+
values for reaching various effectiveness levels
69+
https://nmap.org/book/performance-port-selection.html
70+
71+
|Effectiveness|TCP portsrequired|UDP ports required|
72+
| ----------- | ----------- | ----------- |
73+
|10%|1|5|
74+
|20%|2|12|
75+
|30%|4|27|
76+
|40%|6|135|
77+
|50%|10|1,075|
78+
|60%|18|2,618|
79+
|70%|44|5,157|
80+
|80%|122|7,981|
81+
|85%|236|9,623|
82+
|90%|576|11,307|
83+
|95%|1,558|13,035|
84+
|99%|3,328|15,094|
85+
|100%|65,536|65,536|
86+
6787
- Fast 15000+ POC detection capabilities, PoCs include:
6888
* nuclei POC
6989
## Nuclei Templates Top 10 statistics
@@ -129,7 +149,7 @@ mkdir ~/MyWork/;cd ~/MyWork/;git clone https://github.com/hktalent/log4j-scan
129149
download from
130150
<a href=https://github.com/hktalent/ProScan4all/releases>Releases</a>
131151
```bash
132-
go install github.com/hktalent/[email protected]
152+
go install github.com/hktalent/scan4all@latest
133153
scan4all -h
134154
````
135155
# how to use
@@ -191,14 +211,13 @@ more see: <a href=https://github.com/hktalent/ProScan4all/discussions>discussion
191211
- 2022-06-07 增加http url列表精准扫描参数,根据环境变量UrlPrecise=true开启
192212
193213
# Communication group (WeChat, QQ,Tg)
194-
| Wechat | Or | QQchat | Or | Tg |
195-
| --- |--- |--- |--- |--- |
196-
197-
|<img width=166 src=https://github.com/hktalent/ProScan4all/blob/main/static/wcq.JPG>||<img width=166 src=https://github.com/hktalent/ProScan4all/blob/main/static/qqc.jpg>||<img width=166 src=https://github.com/hktalent/ProScan4all/blob/main/static/tg.jpg>|
214+
| Wechat | Or | QQchat | Or | Tg |
215+
|---|---|---|--- |--- |
216+
| <img width=166 src=https://github.com/hktalent/scan4all/blob/main/static/wcq.JPG> || <img width=166 src=https://github.com/hktalent/scan4all/blob/main/static/qqc.jpg> || <img width=166 src=https://github.com/hktalent/sall/blob/main/static/tg.jpg> |
198217
199218
200219
## 💖Star
201-
[![Stargazers over time](https://starchart.cc/hktalent/ProScan4all.svg)](https://starchart.cc/hktalent/ProScan4all)
220+
[![Stargazers over time](https://starchart.cc/hktalent/scan4all.svg)](https://starchart.cc/hktalent/scan4all)
202221
203222
# Donation
204223
| Wechat Pay | AliPay | Paypal | BTC Pay |BCH Pay |

README_CN.md

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
[![Tweet](https://img.shields.io/twitter/szUrl/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
1+
[![Tweet](https://img.shields.io/twitter/url/http/Hktalent3135773.svg?style=social)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![Follow on Twitter](https://img.shields.io/twitter/follow/Hktalent3135773.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=Hktalent3135773) [![GitHub Followers](https://img.shields.io/github/followers/hktalent.svg?style=social&label=Follow)](https://github.com/hktalent/)
22
<p align="center">
33
<a href="/README.md">README_EN</a> •
44
<a href="/static/Installation.md">编译/安装/运行</a> •
@@ -64,6 +64,25 @@ noScan=true ./scan4all -l list.txt -v
6464

6565
<img src="/static/nmap.gif" width="400">
6666

67+
### --top-ports
68+
values for reaching various effectiveness levels
69+
https://nmap.org/book/performance-port-selection.html
70+
|Effectiveness|TCP portsrequired|UDP ports required|
71+
| --- | --- | --- |
72+
|10%|1|5|
73+
|20%|2|12|
74+
|30%|4|27|
75+
|40%|6|135|
76+
|50%|10|1,075|
77+
|60%|18|2,618|
78+
|70%|44|5,157|
79+
|80%|122|7,981|
80+
|85%|236|9,623|
81+
|90%|576|11,307|
82+
|95%|1,558|13,035|
83+
|99%|3,328|15,094|
84+
|100%|65,536|65,536|
85+
6786
- 快速 15000+ POC 检测功能,PoCs包含:
6887
* nuclei POC
6988
## Nuclei Templates Top 10 statistics
@@ -130,7 +149,7 @@ mkdir ~/MyWork/;cd ~/MyWork/;git clone https://github.com/hktalent/log4j-scan
130149
download from
131150
<a href=https://github.com/hktalent/ProScan4all/releases>Releases</a>
132151
```bash
133-
go install github.com/hktalent/[email protected]
152+
go install github.com/hktalent/scan4all@latest
134153
scan4all -h
135154
```
136155
# 如何使用
@@ -243,12 +262,12 @@ more see: <a href=https://github.com/hktalent/ProScan4all/discussions>discussion
243262

244263

245264
## 💖Star
246-
[![Stargazers over time](https://starchart.cc/hktalent/ProScan4all.svg)](https://starchart.cc/hktalent/ProScan4all)
265+
[![Stargazers over time](https://starchart.cc/hktalent/scan4all.svg)](https://starchart.cc/hktalent/scan4all)
247266

248267
# Donation
249268
| Wechat Pay | AliPay | Paypal | BTC Pay |BCH Pay |
250269
| --- | --- | --- | --- | --- |
251-
|<img src=https://github.com/hktalent/myhktools/blob/master/md/wc.png>|<img width=166 src=https://github.com/hktalent/myhktools/blob/master/md/zfb.png>|[paypal](https://www.paypal.me/pwned2019) **[email protected]**|<img width=166 src=https://github.com/hktalent/myhktools/blob/master/md/BTC.png>|<img width=166 src=https://github.com/hktalent/myhktools/blob/master/md/BCH.jpg>|
270+
|<img src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/wc.png>|<img width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/zfb.png>|[paypal](https://www.paypal.me/pwned2019) **[email protected]**|<img width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/BTC.png>|<img width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/BCH.jpg>|
252271

253272

254273
<!--

brute/dicts/httpass.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
000000
22

33
000000a
4+
minioadmin
45
abcabc
56
qwerty123
67
100200

brute/dicts/httpuser.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,4 +14,5 @@ root
1414
server_admin
1515
test
1616
tomcat
17-
xampp
17+
xampp
18+
minioadmin

brute/filefuzz.go

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,9 @@ import (
55
_ "embed"
66
"fmt"
77
"github.com/antlabs/strsim"
8-
"github.com/hktalent/51pwnPlatform/lib/scan/Const"
9-
"github.com/hktalent/51pwnPlatform/pkg/models"
108
"github.com/hktalent/ProScan4all/lib/util"
119
"github.com/hktalent/ProScan4all/pkg/fingerprint"
10+
Const "github.com/hktalent/go-utils"
1211
"io/ioutil"
1312
"log"
1413
"mime"
@@ -157,9 +156,12 @@ func init() {
157156
}
158157
//regs = append(regs, ret...)
159158
// 基于工厂方法构建
160-
util.EngineFuncFactory(Const.ScanType_WebDirScan, func(evt *models.EventData, args ...interface{}) {
161-
filePaths, fileFuzzTechnologies := FileFuzz(evt.Task.ScanWeb, 200, 100, "")
162-
util.SendEngineLog(evt, Const.ScanType_WebDirScan, filePaths, fileFuzzTechnologies)
159+
util.EngineFuncFactory(Const.ScanType_WebDirScan, func(evt *Const.EventData, args ...interface{}) {
160+
for _, x := range evt.EventData {
161+
szT := fmt.Sprintf("%v", x)
162+
filePaths, fileFuzzTechnologies := FileFuzz(szT, 200, 100, "")
163+
util.SendEngineLog(evt, Const.ScanType_WebDirScan, filePaths, fileFuzzTechnologies)
164+
}
163165
})
164166

165167
// 注册一个
@@ -185,8 +187,9 @@ var r001 = regexp.MustCompile(`\.(aac)|(abw)|(arc)|(avif)|(avi)|(azw)|(bin)|(bmp
185187

186188
// 重写了fuzz:优化流程、优化算法、修复线程安全bug、增加智能功能
187189
//
188-
// 两次 ioutil.ReadAll(resp.Body),第二次就会 Read返回EOF error
189-
// 去除指纹请求的路径,避免重复
190+
// 两次 ioutil.ReadAll(resp.Body),第二次就会 Read返回EOF error
191+
// 去除指纹请求的路径,避免重复
192+
// 当前域名ip <- x -> 域名,互相转换后,确认避免重复执行
190193
func FileFuzz(u string, indexStatusCode int, indexContentLength int, indexbody string) ([]string, []string) {
191194
DoInitMap()
192195
u01, err := url.Parse(strings.TrimSpace(u))

burp.json

Lines changed: 0 additions & 1 deletion
This file was deleted.

config/config.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,8 +156,9 @@
156156
],
157157
"naabu":[
158158
"-l", "",
159-
"-top-ports", "http",
159+
"-top-ports", "full",
160160
"-iv", "4,6",
161+
"-exclude-cdn",
161162
"-scan-type", "s",
162163
"-sa","-silent","-nc",
163164
"-c", "64",

config/doNmapScan.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ function doMasScan {
55
# -F --top-ports=65535
66
# -p 80,443
77
# -sV 得到的指纹信息更准,但是更慢
8-
echo $PPSSWWDD|sudo -S nmap -F --top-ports=65535 -n --unique --resolve-all -Pn -sU -sS --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate ${XRate} -T4 -iL $1 -oX $2
8+
echo $PPSSWWDD|sudo -S nmap -F --top-ports=65535 -n --unique --resolve-all -Pn -sU -sS --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate ${XRate} -T4 -iL $1 -oX $2
99
else
1010
echo $PPSSWWDD|sudo -S nmap -F --top-ports=65535 -n --unique --resolve-all -Pn -sU -sS --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m --version-intensity 9 --min-rate ${XRate} -T4 $1 -oX $2
1111
fi

0 commit comments

Comments
 (0)