Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
License: MIT License
🌱 JOIN : SINCE 2021
🧠 GOLANG/PYTHON/Rust PROGRAMMER
💼 DarkArmor Lab
🌊 ACM ICPC PLAYER
A WEB CTFER, JUST ROOKIE
RED TEAM
Security Dev Engineer
⚡️ TODO : VULN MINING ON WEB
VULN WEAPONIZED
Native Cloud Security
🎵 EDM
我们终将是历史的执笔人,站在巨人的肩膀上去探知唯一真相
We'll be the dancers on the stage, don't be afraid of trying.
dnslog.go 58行
if string(body) == "[]"{
return ""
从历史更改记录上看,之前这里直接返回[],后来改为返回"",但是其他位置判断逻辑未修改导致部分判断逻辑存在问题,例如detect.go 155行
if record == "[]" || record == Utils.NETWORK_NOT_ACCESS{
fmt.Println("["+url+"] :"+"[-] 目标没有开启 AutoType")
autoTypeStatus = false
}else{
fmt.Println("["+url+"] :"+"[*] 目标开启了 AutoType ")
autoTypeStatus = true
}
与dns平台网络不可达,请检查网络
与dns平台网络不可达,请检查网络
客户端与dnslog平台网络不可达
测试了三个环境的靶场没有检查出来 不知道是不是我环境的问题
感觉检测逻辑还是有待优化。
师傅,可以提供编译好的 macos arm 架构的可执行文件吗,或者在 readme 中写一下编译方法
[http://xxx] :[*] 目标可出网
[http://xxx] :[+] 正在进行 AutoType状态 探测
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x40 pc=0x112f64e]
goroutine 5068 [running]:
FastjsonScan/Detect.ErrDetectDependency({0xc0001d7660, 0x1e}, 0xc05672f260)
/Users/a1phaboy/项目研发/FastjsonScan/Detect/detect.go:249 +0x2ce
FastjsonScan/Detect.DetectDependency({0xc0001d7660, 0x1e})
/Users/a1phaboy/项目研发/FastjsonScan/Detect/detect.go:125 +0x153
FastjsonScan/Detect.DetectVersion({0xc0001d7660, 0x1e})
/Users/a1phaboy/项目研发/FastjsonScan/Detect/detect.go:59 +0x3c6
FastjsonScan/console.Start.func1(0x1282, {0xc0001d7660?, 0x0?}, 0x0?)
/Users/a1phaboy/项目研发/FastjsonScan/console/console.go:45 +0x5c
created by FastjsonScan/console.Start
/Users/a1phaboy/项目研发/FastjsonScan/console/console.go:44 +0x2b7
希望增加其他的dnslog
1、为方便内网扫描;
2、常见dnslog平台地址基本都已被安全设备封堵;
是否考虑可以自定义dnslog平台?谢谢
请问下对AutoType是否开启探测的原理是什么呀?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.