0x00 Missed scan introduction
Introduction Aiming at web-level vulnerability scanning, and the linkage use of some tools to improve efficiency, because different objects need to use different types of scanning. For example, awvs may not be so efficient in scanning domestic cms frameworks. Compared with awvs, foreign maintenance updates, So in this case, it is not a missed scan that can solve all the problems. This is also a problem that novice Xiaobai is prone to appear in the test.
0x01 Burpsuite linkage xray missed scan app
0x02 AWVS linkage Xray simultaneous missed scan detection
0x03 awvs linkage bp linkage xray
0x04 afrog missed scan
0x05 vulmap, pocassist missed scan
0x06 Goby linkage awvs&xray&fofa
0x07 single point tool
0x01 Burpsuite linkage xray missing scan app
Traffic direction:
emulator app data (192.168.181.1:8888) –> Burpsuite (monitoring 192.168.181.1:8888, forwarding traffic 127.0.0.1:8888) –>Xray (monitoring 127.0.0.1:8888)
Project address:
xray: https://github.com/chaitin/xray/releases
Use:
Burpsuite monitors app traffic:
Burpsuite forwards traffic:
xray detects traffic packets:
.\xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output mniqi.html
0x02 AWVS linked with Xray simultaneous missing scan detection
Traffic direction: awvs detects the object (and sends the traffic to IP1) –> Xray listens to any traffic (0.0.0.0 test traffic is missed)
Project address:
awvs: https://www.ddosi.org/awvs14-6-log4j-rce/
Use:
awvs sets the scan object and forwards traffic to 127.0.0.1:1111:
xray listens to 127.0.0.1:1111 traffic and scans:
.\xray_windows_amd64.exe webscan --listen 127.0.0.1:1111 --html-output cg.html
Linkage scanning:
0x03 awvs linkage bp linkage xray
Traffic direction: awvs traffic –> Burpsuite –> Xray test traffic
The thinking is the same as above, and the effect is similar, but the traffic is forwarded several layers.
0x04 afrog missed scan
afrog is an excellent performance, fast and stable PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. Vulnerability types, helping network security practitioners quickly verify and fix vulnerabilities in a timely manner.
项目使用:
扫描单个目标:
afrog -t http://127.0.0.1 -o result.html
扫描多个目标:
afrog -T urls.txt -o result.html
例如:urls.txt
http://192.168.139.129:8080
http://127.0.0.1
测试单个 PoC 文件:
afrog -t http://127.0.0.1 -P ./testing/poc-test.yaml -o result.html
测试多个 PoC 文件:
afrog -t http://127.0.0.1 -P ./testing/ -o result.html
After scanning, the html report is output, and the existing vulnerabilities can be seen intuitively, and then detected and exploited:
0x05 vulmap, pocassist missed scanning
The missed scan is in an unupdated state. The project is given, so you can experiment without a demonstration.
Project address:
vulmap: https://github.com/zhzyker/vulmap/releases
pocassist: https://github.com/jweny /pocassist/releases
0x06 Goby linkage awvs&xray&fofa
Goby is a next-generation cybersecurity tool based on cyberspace mapping technology. It generates emergency responses to cybersecurity incidents and breaches by building a comprehensive asset knowledge base for the target network.
Goby provides the most comprehensive asset identification. Goby presets more than 100,000 rule identification engines, which can automatically identify and classify hardware devices and software business systems, and comprehensively analyze business systems existing in the network.
Project address: https://github.com/gobysec/Goby/releases
Plug-in linkage: If there are too many, I won’t make a demonstration. Goby can play a good role in asset sorting. It is highly recommended. I have the opportunity to write a variety of goby use
0x07 Single point tool
In general detection, the missed scan is to detect the entire target, but when individual weapons are often used, they can have a very ineffective effect when infiltrating. Here are some common individual weapons:
Graphical penetration weapon arsenal: GUI_TOOLS_V6.1_by The Little Prince of Security Circle – bugfixed
CMS漏洞扫描器名称 支持的CMS平台:
Droopescan WordPress,Joomla,Drupal,Moodle,SilverStripe
CMSmap WordPress,Joomla,Drupal,Moodle
CMSeeK WordPress,Joomla,Drupal等
WPXF WordPress
WPScan WordPress
WPSeku WordPress
WPForce WordPress
JoomScan Joomla
JoomlaVS Joomla
JScanner Joomla
Drupwn Drupal
Typo3Scan Typo3
Zhiyuan OA Comprehensive Utilization Tool https://github.com/Summer177/seeyon_exp
Tongda OA Comprehensive Utilization Tool https://github.com/xinyu2428/TDOA_RCE TDOA_RCE
Lanling OA Vulnerability Exploitation Tool/Foreground Unconditional RCE/File Write https:/ /github.com/yuanhaiGreg/LandrayExploit pan
-micro OA vulnerability comprehensive exploitation script https://github.com/z1un/weaver_exp weaver_exp
Ruijie Networks EG Easy Gateway RCE batch security detection https://github.com/Tas9er/EgGateWayGetShell EgGateWayGetShell
CMSmap for A security scanning tool for popular CMS https://github.com/Dionach/CMSmap CMSmap
uses Go to develop a WordPress vulnerability scanning tool https://github.com/blackbinn/wprecon wprecon
is a Ruby framework designed to help WordPress systems Penetration Testing https://github.com/rastating/wordpress-exploit-framework
WPScan WordPress Security Scanner https://github.com/wpscanteam/wpscan wpscan
WPForce Wordpress Attack Kit https://github.com/n00py/WPForce WPForce