一款快速稳定 PoC可定制化的漏洞扫描器

admin 2022年9月23日14:36:32评论1,224 views字数 38998阅读129分59秒阅读模式

afrog简介

afrog 是一款性能卓越、快速稳定、PoC 可定制的漏洞扫描工具,PoC 包含 CVE、CNVD、默认口令、信息泄露、指纹识别、未授权访问、任意文件读取、命令执行等多种漏洞类型,帮助网络安全从业者快速验证并及时修复漏洞。

特点

  • 开源
  • 快速、稳定、误报低
  • 详细的 html 漏洞报告
  • PoC 可定制化、稳定更新
  • 活跃的社区 交流群
  • 长期维护

示例

基本用法

# 扫描一个目标
afrog -t http://127.0.0.1

# 扫描多个目标
afrog -T urls.txt

# 指定漏扫报告文件
afrog -t http://127.0.0.1-o result.html

高级用法

# 测试 PoC 
afrog -t http://127.0.0.1 -P ./test/ 
afrog -t http://127.0.0.1 -P ./test/demo.yaml 

# 按 PoC 关键字扫描 
afrog -t http://127.0.0.1 -s tomcat,springboot,shiro 

# 按 Poc 漏洞等级扫描 
afrog -t http://127.0.0.1 -S high,critical 

# 在线更新 afrog-pocs 
afrog --up 

# 禁用指纹识别,直接漏扫 
afrog -t http://127.0.0.1 --nf

截图

控制台

一款快速稳定 PoC可定制化的漏洞扫描器


html 报告

一款快速稳定 PoC可定制化的漏洞扫描器

选项参数

版本:
   1.3.5

命令:
   help, h  显示命令列表或某个命令的帮助.

全局选项:
   --target value, -t value          要扫描的目标url/主机
   --targets value, -T value         包含要扫描的目标url /主机列表的文件路径(每行一个)
   --pocs afrog-pocs, -P afrog-pocs  扫描指定的漏洞时使用的poc.Yaml或poc目录路径(没有默认的afrog-pocs目录)
   --output value, -o value          输出HTML报告,例如:-o result.html
   --search keyword, -s keyword      通过关键字搜索PoC,例如:-s tomcat,phpinfo
   --severity value, -S value        基于严重性运行Pocs,取值为:info、low、medium、high、critical、unknown
   --silent                          没有进度,只有结果(默认值:false)
   --nofinger, --nf                  禁用指纹识别(默认:false)
   --notips, --nt                    禁用显示提示(默认为false)
   --updatepocs, --up                更新afrog-pocs(默认值:false)
   --help, -h                        显示帮助(默认值:false)
   --version, -v                     输出版本信息(默认为false)

扫描测试:

一款快速稳定 PoC可定制化的漏洞扫描器

下载地址

①GitHub:

  • afrog_darwin_amd64.tar.gz9.91 MB
  • afrog_linux_amd64.tar.gz10 MB
  • afrog_linux_arm64.tar.gz9.2 MB
  • afrog_windows_amd64.zip10.3 MB

②云中转网盘:

yunzhongzhuan.com/#sharefile=hmcKPMeG_61456解压密码:www.ddosi.org

工具中包含的文件(poc)列表:

----afrog-main
    |   .gitignore
    |   go.mod
    |   go.sum
    |   LICENSE
    |   paused.conf
    |   README.md
    |
    +---afrog-pocs
    |   |   README.md
    |   |   version
    |   |
    |   +---CVE
    |   |   ---2021
    |   |           CVE-2021-27250.yaml
    |   |
    |   ---vulnerability
    |           gitlab-api-user-enum.yaml
    |           gitlab-public-repos.yaml
    |           gitlab-public-snippets.yaml
    |           gitlab-uninitialized-password.yaml
    |           gitlab-user-enum.yaml
    |           landray-oa-treexml-rce.yaml
    |           thinkphp-30-rce.yaml
    |           thinkphp-50-rce.yaml
    |           thinkphp-5010-rce.yaml
    |
    +---cmd
    |   +---afrog
    |   |       main.go
    |   |
    |   +---api
    |   |       main.go
    |   |
    |   +---celgo
    |   |       main.go
    |   |
    |   +---download
    |   |       main.go
    |   |
    |   +---fingerprint
    |   |   |   main.go
    |   |   |
    |   |   ---struts
    |   |           structs.go
    |   |
    |   +---flag
    |   |       main.go
    |   |
    |   +---html
    |   |       main.go
    |   |
    |   +---poc
    |   |       main.go
    |   |
    |   +---rules
    |   |       main.go
    |   |
    |   +---socket
    |   |       main.go
    |   |
    |   +---title
    |   |       main.go
    |   |
    |   +---workgroup
    |   |       main.go
    |   |
    |   ---xray
    |       |   main.go
    |       |
    |       ---gopoc
    |               a.go
    |               b.go
    |               c.go
    |               p.go
    |               test.go
    |
    +---docs
    |       CONTRIBUTION.md
    |       CONTRIBUTION_en.md
    |       GUIDE.md
    |       GUIDE_en.md
    |       POCLIST.md
    |       README_en.md
    |
    +---images
    |       2.png
    |       3.png
    |       afrog.jpg
    |       afrog.png
    |       con-1.png
    |       con-2.png
    |       con-3.png
    |       con-5.png
    |       con-6.png
    |       fourscan.png
    |       onescan.png
    |       report-new.png
    |       scan-new.png
    |       starlink.png
    |       threescan.png
    |       twoscan.png
    |
    +---internal
    |   ---runner
    |           banner.go
    |           runner.go
    |
    +---pkg
    |   +---catalog
    |   |       catalog.go
    |   |       find.go
    |   |       folder.go
    |   |       path.go
    |   |
    |   +---config
    |   |       config.go
    |   |       options.go
    |   |
    |   +---core
    |   |       cel.go
    |   |       celcompile.go
    |   |       celprogram.go
    |   |       checker.go
    |   |       engine.go
    |   |       excute.go
    |   |       result.go
    |   |       workpool.go
    |   |
    |   +---errors
    |   |       errors.go
    |   |
    |   +---fingerprint
    |   |       fingerprint.go
    |   |       web_fingerprint_v3.json
    |   |
    |   +---gopoc
    |   |       gopoc.go
    |   |       memcache.go
    |   |       mongodb.go
    |   |       ms17010.go
    |   |       redis.go
    |   |       rsync.go
    |   |       tomcat.go
    |   |       zookeeper.go
    |   |
    |   +---html
    |   |       html.go
    |   |
    |   +---log
    |   |       color.go
    |   |       zap.go
    |   |
    |   +---poc
    |   |       poc.go
    |   |
    |   +---proto
    |   |       http.pb.go
    |   |       http.proto
    |   |
    |   +---protocols
    |   |   +---http
    |   |   |       http.go
    |   |   |
    |   |   ---raw
    |   |           http.go
    |   |           raw.go
    |   |
    |   +---scan
    |   |       cdn.go
    |   |       ips.go
    |   |       ports.go
    |   |       scan.go
    |   |
    |   +---upgrade
    |   |       upgrade.go
    |   |
    |   ---utils
    |           file.go
    |           iconhash.go
    |           rand.go
    |           severity.go
    |           stringslice.go
    |           syncfile.go
    |           tcp.go
    |           tips.go
    |           unzip.go
    |           utils.go
    |           version.go
    |
    ---pocs
        |   d-link-router-command-injection.yaml
        |   poc.go
        |
        +---afrog-pocs
        |   |   README.md
        |   |   version
        |   |
        |   +---a-fingerprinting
        |   |       activemq-panel.yaml
        |   |       adminer-panel.yaml
        |   |       apisix-panel.yaml
        |   |       appex-lotwan-login-panel.yaml
        |   |       avtech-avn801-camera-panel.yaml
        |   |       azure-kubernetes-service.yaml
        |   |       directadmin-login-panel.yaml
        |   |       django-admin-panel.yaml
        |   |       dlink-panel.yaml
        |   |       dubbo-detect.yaml
        |   |       emessage-panel.yaml
        |   |       fanruanoa-detect.yaml
        |   |       fckeditor.yaml
        |   |       gitlab-panel.yaml
        |   |       grafana-detect.yaml
        |   |       huawei-hg532e-panel.yaml
        |   |       javamelody-detect.yaml
        |   |       jenkins-api-panel.yaml
        |   |       jenkins-login.yaml
        |   |       jira-panel.yaml
        |   |       jupyter-notebook-tech.yaml
        |   |       kubernetes-dashboard.yaml
        |   |       kubernetes-enterprise-manager.yaml
        |   |       kubernetes-metrics.yaml
        |   |       kubernetes-mirantis.yaml
        |   |       kubernetes-resource-report.yaml
        |   |       kubernetes-version.yaml
        |   |       landrayoa-panel.yaml
        |   |       microsoft-exchange-panel.yaml
        |   |       minio-browser.yaml
        |   |       minio-console.yaml
        |   |       mongodb-ops-manager.yaml
        |   |       openerp-database.yaml
        |   |       phpmyadmin-panel.yaml
        |   |       rabbitmq-dashboard.yaml
        |   |       rocketmq-console-exposur.yaml
        |   |       shiro-detect.yaml
        |   |       solarwinds-orion-panel.yaml
        |   |       sonicwall-management-panel.yaml
        |   |       sonicwall-sslvpn-panel.yaml
        |   |       swagger-api-disclosure.yaml
        |   |       terramaster-panel.yaml
        |   |       thinkphp-detect.yaml
        |   |       tomcat-detect.yaml
        |   |       upupw-panel.yaml
        |   |       utt-panel.yaml
        |   |       wayos-panel.yaml
        |   |       weblogic-panel.yaml
        |   |       wordpress-login.yaml
        |   |       zabbix-panel.yaml
        |   |       zentao-detect.yaml
        |   |
        |   +---b-disclosure
        |   |       alibaba-canal-info-leak.yaml
        |   |       aspcms-backend-leak.yaml
        |   |       avtech-dvr-exposure.yaml
        |   |       avtech-password-disclosure.yaml
        |   |       dlink-850l-info-leak.yaml
        |   |       e-office-mysql-config-leak.yaml
        |   |       hadoop-disclosure.yaml
        |   |       hikvision-info-leak.yaml
        |   |       hjtcloud-directory-file-leak.yaml
        |   |       huawei-dg8045-home-gateway-exposures.yaml
        |   |       hue-login-panel.yaml
        |   |       kyan-network-monitoring-account-password-leakage.yaml
        |   |       laravel-debug-info-leak.yaml
        |   |       nsfocus-uts-password-leak.yaml
        |   |       openvpn-monitor-disclosure.yaml
        |   |       phpinfo-disclosure.yaml
        |   |       ruijie-eg-info-leak.yaml
        |   |       ruijie-nbr1300g-cli-password-leak.yaml
        |   |       ruijie-smartweb-password-disclosure.yaml
        |   |       seeyon-a6-employee-info-leak.yaml
        |   |       seeyon-oa-cookie-leak.yaml
        |   |       seeyon-session-leak.yaml
        |   |       thinkphp-509-information-disclosure.yaml
        |   |       tianqing-info-leak.yaml
        |   |
        |   +---c-unauthorized
        |   |       airflow-unauth.yaml
        |   |       bt742-pma-unauthorized-access.yaml
        |   |       couchdb-unauthorized.yaml
        |   |       druid-monitor-unauth.yaml
        |   |       elasticsearch-unauth.yaml
        |   |       etcd-unauth.yaml
        |   |       frp-dashboard-unauth.yaml
        |   |       h2-database-web-console-unauthorized-access.yaml
        |   |       hadoop-yarn-unauth.yaml
        |   |       hp-officepro-printer-unauthorized.yaml
        |   |       influxdb-unauth.yaml
        |   |       jboss-unauth.yaml
        |   |       jeecg-boot.yaml
        |   |       jenkins-unauthorized-access.yaml
        |   |       jira-service-desk-signup.yaml
        |   |       jira-unauthenticated-adminprojects.yaml
        |   |       jira-unauthenticated-dashboards.yaml
        |   |       jira-unauthenticated-installed-gadgets.yaml
        |   |       jira-unauthenticated-projectcategories.yaml
        |   |       jira-unauthenticated-projects.yaml
        |   |       jira-unauthenticated-resolutions.yaml
        |   |       jira-unauthenticated-screens.yaml
        |   |       jira-unauthenticated-user-picker.yaml
        |   |       jupyter-notebook-unauthorized-access.yaml
        |   |       kafka-manager-unauth.yaml
        |   |       kibana-unauth.yaml
        |   |       kubernetes-unauth.yaml
        |   |       nacos-v1-auth-bypass.yaml
        |   |       nifi-api-unauthorized-access.yaml
        |   |       pyspider-unauthorized-access.yaml
        |   |       qizhi-fortressaircraft-unauthorized.yaml
        |   |       ruoyi-cms-unauth.yaml
        |   |       spark-api-unauth.yaml
        |   |       spark-webui-unauth.yaml
        |   |       springboot-actuator-unauth.yaml
        |   |       storm-unauthorized-access.yaml
        |   |       tensorboard-unauth.yaml
        |   |       tongda-meeting-unauth.yaml
        |   |       zabbix-authentication-bypass.yaml
        |   |       zabbix-dashboards-access.yaml
        |   |
        |   +---d-default-pwd
        |   |       activemq-default-password.yaml
        |   |       alibaba-canal-default-password.yaml
        |   |       ambari-default-password.yaml
        |   |       aolynk-br304-default-password.yaml
        |   |       arl-default-password.yaml
        |   |       axis2-default-password.yaml
        |   |       azkaban-default-password.yaml
        |   |       chinaunicom-default-login.yaml
        |   |       datang-ac-default-password-cnvd-2021-04128.yaml
        |   |       dell-idrac9-default-password.yaml
        |   |       dlink-default-password.yaml
        |   |       dubbo-admin-default-password.yaml
        |   |       exacqvision-default-password.yaml
        |   |       gitlab-weak-login.yaml
        |   |       grafana-default-password.yaml
        |   |       hikvision-intercom-service-default-password.yaml
        |   |       ibm-storage-default-password.yaml
        |   |       jenkins-default-pwd.yaml
        |   |       jinher-oa-c6-default-password.yaml
        |   |       jmx-default-password.yaml
        |   |       kafka-center-default-password.yaml
        |   |       kingsoft-v8-default-password.yaml
        |   |       minio-default-password.yaml
        |   |       mofi4500-default-password.yaml
        |   |       netentsec-icg-default-password.yaml
        |   |       nexus-default-password.yaml
        |   |       nps-default-password.yaml
        |   |       nsicg-default-password.yaml
        |   |       ofbiz-default-password.yaml
        |   |       openerp-default-password.yaml
        |   |       oracle-business-intelligence-password.yaml
        |   |       panabit-gateway-default-password.yaml
        |   |       panabit-ixcache-default-password.yaml
        |   |       rabbitmq-default-password.yaml
        |   |       rancher-default-password.yaml
        |   |       ricoh-weak-password.yaml
        |   |       rockmongo-default-password.yaml
        |   |       rseenet-default-password.yaml
        |   |       secnet-ac-default-password.yaml
        |   |       seeddms-default-password.yaml
        |   |       showdoc-default-password.yaml
        |   |       spectracom-default-password.yaml
        |   |       telecom-gateway-default-password.yaml
        |   |       tomcat-default-login.yaml
        |   |       trilithic-viewpoint-default-password.yaml
        |   |       utt-default-password.yaml
        |   |       versa-default-password.yaml
        |   |       wayos-default-password.yaml
        |   |       weblogic-weak-login.yaml
        |   |       xerox7-default-password.yaml
        |   |       zabbix-default-password.yaml
        |   |
        |   +---e-vulnerability
        |   |       acti-video-read-file.yaml
        |   |       alibaba-canal-config-leak.yaml
        |   |       amtt-hiboss-server-ping-rce.yaml
        |   |       anyproxy-directory-traversal.yaml
        |   |       bohuangwanglong-cmd-php-rce.yaml
        |   |       bohuawanglong-users-xml-password-leak.yaml
        |   |       byzoro-smart-importhtml-rce.yaml
        |   |       cacti-weathermap-file-write.yaml
        |   |       clickhouse-api-unauth.yaml
        |   |       consul-rexec-rce.yaml
        |   |       consul-service-rce.yaml
        |   |       couchdb-adminparty.yaml
        |   |       dahua-dss-file-read.yaml
        |   |       dedecms-carbuyaction-fileinclude.yaml
        |   |       dedecms-guestbook-sqli.yaml
        |   |       dedecms-membergroup-sqli.yaml
        |   |       dedecms-url-redirection.yaml
        |   |       discuz-v72-sqli.yaml
        |   |       discuz-wechat-plugins-unauth.yaml
        |   |       dlink-dsl-2888a-rce.yaml
        |   |       dlink-sharecenter-dns-320-rce.yaml
        |   |       docker-registry.yaml
        |   |       docker-remote-api-unauth.yaml
        |   |       docker-remote-api.yaml
        |   |       dockercfg-config.yaml
        |   |       dotnetcms-sqli.yaml
        |   |       duomicms-sqli.yaml
        |   |       e-bridge-saveyzjfile-file-read.yaml
        |   |       e-cology-arbitrary-file-upload.yaml
        |   |       e-cology-e-office-officeserver-file-read.yaml
        |   |       e-cology-filedownload-directory-traversal.yaml
        |   |       e-cology-getsqldata-sql-inject.yaml
        |   |       e-cology-springframework-directory-traversal.yaml
        |   |       e-cology-syncuserinfo-sqli.yaml
        |   |       e-cology-v8-sqli.yaml
        |   |       e-cology-validate-sqli.yaml
        |   |       e-cology-workflowcentertreedata-sqli.yaml
        |   |       e-office-v10-sql-inject.yaml
        |   |       ecshop-collection-list-sqli.yaml
        |   |       ecshop-rce.yaml
        |   |       egroupware-rce.yaml
        |   |       etouch-v2-sqli.yaml
        |   |       eyou-mail-moni-detail-rce.yaml
        |   |       fangweicms-sqli.yaml
        |   |       fanruan-oa-v9-designsavevg-upload-file.yaml
        |   |       fastjson-1-2-24-rce.yaml
        |   |       fastjson-1-2-41-rce.yaml
        |   |       fastjson-1-2-42-rce.yaml
        |   |       fastjson-1-2-43-rce.yaml
        |   |       fastjson-1-2-47-rce.yaml
        |   |       fastjson-1-2-62-rce.yaml
        |   |       fastjson-1-2-67-rce.yaml
        |   |       fastjson-1-2-68-rce.yaml
        |   |       feifeicms-lfr.yaml
        |   |       feiyuxing-info-leak.yaml
        |   |       finecms-sqli.yaml
        |   |       finereport-directory-traversal.yaml
        |   |       flink-upload-rce.yaml
        |   |       flix-ax8-download-read-file.yaml
        |   |       generic-windows-lfi.yaml
        |   |       git-leak.yaml
        |   |       grafana-file-read.yaml
        |   |       h3c-imc-rce.yaml
        |   |       h3c-mpsec-isg1000-file-read.yaml
        |   |       h3c-secparh-any-user-login.yaml
        |   |       h3c-secpath-firewall-file-read.yaml
        |   |       hanming-video-conferencing-file-read.yaml
        |   |       haofeng-firewall-setdomain-unauth.yaml
        |   |       hikvision-gateway-data-file-read.yaml
        |   |       hikvision-showfile-file-read.yaml
        |   |       hjtcloud-arbitrary-fileread.yaml
        |   |       huawei-home-gateway-hg659-fileread.yaml
        |   |       huijietong-cloud-fileread.yaml
        |   |       huiwen-book-config-properties-info-leak.yaml
        |   |       iis-put-getshell.yaml
        |   |       ikuai-login-panel.yaml
        |   |       ioffice-oa-iofileexport-read-file.yaml
        |   |       jeewms-showordownbyurl-fileread.yaml
        |   |       jinher-oa-c6-download-file-read.yaml
        |   |       joomla-component-vreview-sql.yaml
        |   |       jumpserver-unauth-rce.yaml
        |   |       kedacom-gateway-file-read.yaml
        |   |       kedacom-mts-file-read.yaml
        |   |       kingdee-eas-directory-traversal.yaml
        |   |       kingsoft-v8-file-read.yaml
        |   |       kingsoft-v8-get-file-content-file-read.yaml
        |   |       kingsoft-v8-rce.yaml
        |   |       kyan-network-license-php-rce.yaml
        |   |       kyan-network-module-php-rce.yaml
        |   |       kyan-network-time-php-rce.yaml
        |   |       landray-oa-admin-do-jndi-rce.yaml
        |   |       landray-oa-custom-jsp-fileread.yaml
        |   |       landray-oa-syssearchmain-rce.yaml
        |   |       laravel-improper-webdir.yaml
        |   |       maccms-rce.yaml
        |   |       maccmsv10-backdoor.yaml
        |   |       magicflow-main-xp-file-read.yaml
        |   |       maike-ras-cookie-bypass.yaml
        |   |       metinfo-file-read.yaml
        |   |       msa-gateway-read-file.yaml
        |   |       msvod-sqli.yaml
        |   |       myucms-lfr.yaml
        |   |       natshell-arbitrary-file-read.yaml
        |   |       netentsec-ngfw-rce.yaml
        |   |       netmizer-log-management-cmd-php-rce.yaml
        |   |       netmizer-log-management-data-directory-traversal.yaml
        |   |       netpower-download-php-file-read.yaml
        |   |       ns-asg-file-read.yaml
        |   |       nuuo-file-inclusion.yaml
        |   |       oa8000-workflowservice-sql-inject.yaml
        |   |       odoo-file-read.yaml
        |   |       pbootcms-database-file-download.yaml
        |   |       php-zerodium-backdoor.yaml
        |   |       phpmyadmin-misconfiguration.yaml
        |   |       phpmyadmin-server-import.yaml
        |   |       phpmyadmin-setup-deserialization.yaml
        |   |       phpmyadmin-setup.yaml
        |   |       phpok-sqli.yaml
        |   |       phpshe-sqli.yaml
        |   |       phpstudy-backdoor-rce.yaml
        |   |       phpstudy-nginx-wrong-resolve.yaml
        |   |       powercreator-arbitrary-file-upload.yaml
        |   |       qibocms-sqli.yaml
        |   |       qilin-bastion-host-rce.yaml
        |   |       resin-inputfile-fileread.yaml
        |   |       resin-viewfile-fileread.yaml
        |   |       ruijie-eg-cli-rce.yaml
        |   |       ruijie-eg-file-read.yaml
        |   |       ruoyi-management-fileread.yaml
        |   |       samsung-wea453e-default-pwd.yaml
        |   |       samsung-wea453e-rce.yaml
        |   |       samsung-wlan-ap-wea453e-rce.yaml
        |   |       sangfor-ba-rce.yaml
        |   |       sangfor-edr-arbitrary-admin-login.yaml
        |   |       sangfor-edr-cssp-rce.yaml
        |   |       sangfor-edr-tool-rce.yaml
        |   |       sapido-router-rce.yaml
        |   |       seacms-before-v992-rce.yaml
        |   |       seacms-rce.yaml
        |   |       seacms-sqli.yaml
        |   |       seacms-v654-rce.yaml
        |   |       seacmsv645-command-exec.yaml
        |   |       seeyon-a6-config-disclosure.yaml
        |   |       seeyon-a6-createmysql-disclosure.yaml
        |   |       seeyon-a6-setextno-sql-inject.yaml
        |   |       seeyon-a8-htmlofficeservlet-upload.yaml
        |   |       seeyon-a8-status-disclosure.yaml
        |   |       seeyon-wooyun-2015-0108235-sqli.yaml
        |   |       seeyon-wooyun-2015-148227.yaml
        |   |       selea-targa-camera-lfi.yaml
        |   |       selea-targa-camera-read-file.yaml
        |   |       shiziyu-cms-apicontroller-sqli.yaml
        |   |       showdoc-uploadfile.yaml
        |   |       smartoa-emaildownload-file-read.yaml
        |   |       solr-admin-query.yaml
        |   |       solr-file-read.yaml
        |   |       solr-log4j-rce.yaml
        |   |       sonicwall-ssl-vpn-rce.yaml
        |   |       spon-ip-intercom-file-read.yaml
        |   |       spon-ip-intercom-ping-rce.yaml
        |   |       springboot-h2-db-rce.yaml
        |   |       svn-leak.yaml
        |   |       tamronos-iptv-rce.yaml
        |   |       tenda-11n-cookie-unauth-access.yaml
        |   |       tenda-w15e-routercfm-cfg-config-leak.yaml
        |   |       thinkadmin-v6-readfile.yaml
        |   |       thinkcmf-lfi.yaml
        |   |       thinkcmf-write-shell.yaml
        |   |       thinkphp-2-rce.yaml
        |   |       thinkphp-5022-5129-rce.yaml
        |   |       thinkphp-5023-rce.yaml
        |   |       thinkphp-5024-5130-rce.yaml
        |   |       thinkphp-v6-file-write.yaml
        |   |       tongda-insert-sql-inject.yaml
        |   |       tongda-logincheck-code-getcookie.yaml
        |   |       tongda-path-traversal.yaml
        |   |       tongda-report_bi-func-sql-inject.yaml
        |   |       tongda-swfupload-new-sql-inject.yaml
        |   |       tongda-user-session-disclosure.yaml
        |   |       tongda-v2014-disclosure.yaml
        |   |       tongda-v2017-uploadfile.yaml
        |   |       tpshop-directory-traversal.yaml
        |   |       tpshop-sqli.yaml
        |   |       typecho-rce.yaml
        |   |       unifi-network-log4j-rce.yaml
        |   |       vesystem-upload-file.yaml
        |   |       vmware-vcenter-arbitrary-file-read.yaml
        |   |       vrealize-operations-log4j-rce.yaml
        |   |       wanhu-oa-download-ftp-file-read.yaml
        |   |       wanhu-oa-download-old-file-read.yaml
        |   |       wanhu-oa-downloadhttp-file-read.yaml
        |   |       wanhu-oa-fileupload-controller-upload.yaml
        |   |       wanhu-oa-smartupload-upload-file.yaml
        |   |       web-config.yaml
        |   |       weblogic-ssrf.yaml
        |   |       weiphp-path-traversal.yaml
        |   |       weiphp-sql.yaml
        |   |       wholeton-vpn-info-leak.yaml
        |   |       wisegiga-nas-down-data-php-file-read.yaml
        |   |       wisegiga-nas-group-php-rce.yaml
        |   |       WOOYUN-2010-080723.yaml
        |   |       wordpress-ext-adaptive-images-lfi.yaml
        |   |       wordpress-ext-mailpress-rce.yaml
        |   |       wuzhicms-v410-sqli.yaml
        |   |       xdcms-sql.yaml
        |   |       yapi-rce.yaml
        |   |       yccms-rce.yaml
        |   |       yimi-oa-getfile-file-read.yaml
        |   |       yongyou-fe-templateoftaohong-manager-path-traversal.yaml
        |   |       yongyou-u8-oa-sqli.yaml
        |   |       yonyou-grp-u8-sqli-to-rce.yaml
        |   |       yonyou-grp-u8-sqli.yaml
        |   |       yonyou-nc-arbitrary-file-upload.yaml
        |   |       yonyou-nc-bsh-servlet-bshservlet-rce.yaml
        |   |       yungoucms-sqli.yaml
        |   |       zcms-v3-sqli.yaml
        |   |       zzcms-zsmanage-sqli.yaml
        |   |
        |   +---f-CNVD
        |   |   +---2007
        |   |   |       CNVD-200705-315.yaml
        |   |   |
        |   |   +---2016
        |   |   |       CNNVD-201610-923.yaml
        |   |   |
        |   |   +---2017
        |   |   |       CNVD-2017-20077.yaml
        |   |   |
        |   |   +---2018
        |   |   |       CNVD-2018-04757.yaml
        |   |   |       CNVD-2018-13393.yaml
        |   |   |
        |   |   +---2019
        |   |   |       CNVD-2019-01348.yaml
        |   |   |       CNVD-2019-16798.yaml
        |   |   |       CNVD-2019-22239.yaml
        |   |   |       CNVD-2019-32204.yaml
        |   |   |       CNVD-2019-34135.yaml
        |   |   |
        |   |   +---2020
        |   |   |       CNVD-2020-23735.yaml
        |   |   |       CNVD-2020-57264.yaml
        |   |   |       CNVD-2020-58823.yaml
        |   |   |       CNVD-2020-62422.yaml
        |   |   |       CNVD-2020-62853.yaml
        |   |   |       CNVD-2020-67113.yaml
        |   |   |       CNVD-2020-73282.yaml
        |   |   |
        |   |   ---2021
        |   |           CNVD-2021-01627.yaml
        |   |           CNVD-2021-04128.yaml
        |   |           CNVD-2021-09650.yaml
        |   |           CNVD-2021-10543.yaml
        |   |           CNVD-2021-14536.yaml
        |   |           CNVD-2021-15822.yaml
        |   |           CNVD-2021-15824.yaml
        |   |           CNVD-2021-32799.yaml
        |   |           CNVD-2021-33202.yaml
        |   |           CNVD-2021-39012.yaml
        |   |           CNVD-2021-39067.yaml
        |   |           CNVD-2021-42372.yaml
        |   |           CNVD-2021-49104.yaml
        |   |
        |   +---g-CVE
        |   |   +---2007
        |   |   |       CVE-2007-4556.yaml
        |   |   |
        |   |   +---2010
        |   |   |       CVE-2010-1871.yaml
        |   |   |       CVE-2010-2861.yaml
        |   |   |
        |   |   +---2012
        |   |   |       CVE-2012-0392.yaml
        |   |   |       CVE-2012-1823.yaml
        |   |   |
        |   |   +---2013
        |   |   |       CVE-2013-1965.yaml
        |   |   |       CVE-2013-2251.yaml
        |   |   |
        |   |   +---2014
        |   |   |       CVE-2014-3120.yaml
        |   |   |       CVE-2014-3704.yaml
        |   |   |       CVE-2014-6271.yaml
        |   |   |
        |   |   +---2015
        |   |   |       CVE-2015-1427.yaml
        |   |   |       CVE-2015-3337.yaml
        |   |   |       CVE-2015-5531.yaml
        |   |   |       CVE-2015-7297.yaml
        |   |   |       CVE-2015-8399.yaml
        |   |   |
        |   |   +---2016
        |   |   |       CVE-2016-10134.yaml
        |   |   |       CVE-2016-3081.yaml
        |   |   |       CVE-2016-3088.yaml
        |   |   |       CVE-2016-4977.yaml
        |   |   |
        |   |   +---2017
        |   |   |       CVE-2017-1000028.yaml
        |   |   |       CVE-2017-10271.yaml
        |   |   |       CVE-2017-11610.yaml
        |   |   |       CVE-2017-12149.yaml
        |   |   |       CVE-2017-12611.yaml
        |   |   |       CVE-2017-12615.yaml
        |   |   |       CVE-2017-12629.yaml
        |   |   |       CVE-2017-12635.yaml
        |   |   |       CVE-2017-16877.yaml
        |   |   |       CVE-2017-16894.yaml
        |   |   |       CVE-2017-5521.yaml
        |   |   |       CVE-2017-5638.yaml
        |   |   |       CVE-2017-7504.yaml
        |   |   |       CVE-2017-7921.yaml
        |   |   |       CVE-2017-8229.yaml
        |   |   |       CVE-2017-8917.yaml
        |   |   |       CVE-2017-9791.yaml
        |   |   |       CVE-2017-9841.yaml
        |   |   |
        |   |   +---2018
        |   |   |       CVE-2018-1000533.yaml
        |   |   |       CVE-2018-1000600.yaml
        |   |   |       CVE-2018-1000861.yaml
        |   |   |       CVE-2018-10735.yaml
        |   |   |       CVE-2018-10736.yaml
        |   |   |       CVE-2018-10737.yaml
        |   |   |       CVE-2018-10738.yaml
        |   |   |       CVE-2018-11686.yaml
        |   |   |       CVE-2018-11759.yaml
        |   |   |       CVE-2018-11776.yaml
        |   |   |       CVE-2018-12613.yaml
        |   |   |       CVE-2018-1273.yaml
        |   |   |       CVE-2018-13379.yaml
        |   |   |       CVE-2018-17246.yaml
        |   |   |       CVE-2018-19127.yaml
        |   |   |       CVE-2018-3760.yaml
        |   |   |       CVE-2018-6605.yaml
        |   |   |       CVE-2018-6910.yaml
        |   |   |       CVE-2018-7314.yaml
        |   |   |       CVE-2018-7490.yaml
        |   |   |       CVE-2018-7600.yaml
        |   |   |       CVE-2018-7662.yaml
        |   |   |       CVE-2018-7700.yaml
        |   |   |       CVE-2018-8033.yaml
        |   |   |       CVE-2018-8715.yaml
        |   |   |       CVE-2018-8770.yaml
        |   |   |       CVE-2018-9995.yaml
        |   |   |
        |   |   +---2019
        |   |   |       CVE-2019-0193.yaml
        |   |   |       CVE-2019-0230.yaml
        |   |   |       CVE-2019-10758.yaml
        |   |   |       CVE-2019-11248.yaml
        |   |   |       CVE-2019-11510.yaml
        |   |   |       CVE-2019-11581.yaml
        |   |   |       CVE-2019-12725.yaml
        |   |   |       CVE-2019-15107.yaml
        |   |   |       CVE-2019-16097.yaml
        |   |   |       CVE-2019-16278.yaml
        |   |   |       CVE-2019-16313.yaml
        |   |   |       CVE-2019-16663.yaml
        |   |   |       CVE-2019-16759.yaml
        |   |   |       CVE-2019-16920.yaml
        |   |   |       CVE-2019-16996.yaml
        |   |   |       CVE-2019-16997.yaml
        |   |   |       CVE-2019-17418.yaml
        |   |   |       CVE-2019-17506.yaml
        |   |   |       CVE-2019-17558.yaml
        |   |   |       CVE-2019-18394.yaml
        |   |   |       CVE-2019-19781.yaml
        |   |   |       CVE-2019-19985.yaml
        |   |   |       CVE-2019-20085.yaml
        |   |   |       CVE-2019-20224.yaml
        |   |   |       CVE-2019-2725.yaml
        |   |   |       CVE-2019-2729.yaml
        |   |   |       CVE-2019-3396.yaml
        |   |   |       CVE-2019-3799.yaml
        |   |   |       CVE-2019-5127.yaml
        |   |   |       CVE-2019-5418.yaml
        |   |   |       CVE-2019-6340.yaml
        |   |   |       CVE-2019-7192.yaml
        |   |   |       CVE-2019-7238.yaml
        |   |   |       CVE-2019-8442.yaml
        |   |   |       CVE-2019-8449.yaml
        |   |   |       CVE-2019-8451.yaml
        |   |   |       CVE-2019-9670.yaml
        |   |   |
        |   |   +---2020
        |   |   |       CVE-2020-10148.yaml
        |   |   |       CVE-2020-10199.yaml
        |   |   |       CVE-2020-10204.yaml
        |   |   |       CVE-2020-11455.yaml
        |   |   |       CVE-2020-11710.yaml
        |   |   |       CVE-2020-11738.yaml
        |   |   |       CVE-2020-11991.yaml
        |   |   |       CVE-2020-13937.yaml
        |   |   |       CVE-2020-13945.yaml
        |   |   |       CVE-2020-14179.yaml
        |   |   |       CVE-2020-14181.yaml
        |   |   |       CVE-2020-14750.yaml
        |   |   |       CVE-2020-15568.yaml
        |   |   |       CVE-2020-16846.yaml
        |   |   |       CVE-2020-17519.yaml
        |   |   |       CVE-2020-17530.yaml
        |   |   |       CVE-2020-21224.yaml
        |   |   |       CVE-2020-24571.yaml
        |   |   |       CVE-2020-25078.yaml
        |   |   |       CVE-2020-26413.yaml
        |   |   |       CVE-2020-27986.yaml
        |   |   |       CVE-2020-28185.yaml
        |   |   |       CVE-2020-28187.yaml
        |   |   |       CVE-2020-28188.yaml
        |   |   |       CVE-2020-3452.yaml
        |   |   |       CVE-2020-35476.yaml
        |   |   |       CVE-2020-35736.yaml
        |   |   |       CVE-2020-5284.yaml
        |   |   |       CVE-2020-5405.yaml
        |   |   |       CVE-2020-5410.yaml
        |   |   |       CVE-2020-5515.yaml
        |   |   |       CVE-2020-5902.yaml
        |   |   |       CVE-2020-7980.yaml
        |   |   |       CVE-2020-8191.yaml
        |   |   |       CVE-2020-8193.yaml
        |   |   |       CVE-2020-8209.yaml
        |   |   |       CVE-2020-8515.yaml
        |   |   |       CVE-2020-9376.yaml
        |   |   |       CVE-2020-9483.yaml
        |   |   |       CVE-2020-9496.yaml
        |   |   |       CVE-2020-9757.yaml
        |   |   |
        |   |   +---2021
        |   |   |       CVE-2021-1497.yaml
        |   |   |       CVE-2021-1499.yaml
        |   |   |       CVE-2021-21234.yaml
        |   |   |       CVE-2021-21402.yaml
        |   |   |       CVE-2021-21972.yaml
        |   |   |       CVE-2021-21975.yaml
        |   |   |       CVE-2021-21985.yaml
        |   |   |       CVE-2021-22145.yaml
        |   |   |       CVE-2021-22205.yaml
        |   |   |       CVE-2021-22214.yaml
        |   |   |       CVE-2021-22986.yaml
        |   |   |       CVE-2021-25282.yaml
        |   |   |       CVE-2021-26084.yaml
        |   |   |       CVE-2021-26085.yaml
        |   |   |       CVE-2021-26855.yaml
        |   |   |       CVE-2021-27905.yaml
        |   |   |       CVE-2021-28164.yaml
        |   |   |       CVE-2021-29622.yaml
        |   |   |       CVE-2021-3019.yaml
        |   |   |       CVE-2021-30461.yaml
        |   |   |       CVE-2021-3129.yaml
        |   |   |       CVE-2021-31602.yaml
        |   |   |       CVE-2021-31805.yaml
        |   |   |       CVE-2021-3223.yaml
        |   |   |       CVE-2021-3297.yaml
        |   |   |       CVE-2021-33044.yaml
        |   |   |       CVE-2021-36260.yaml
        |   |   |       CVE-2021-3654.yaml
        |   |   |       CVE-2021-36749.yaml
        |   |   |       CVE-2021-37580.yaml
        |   |   |       CVE-2021-40438.yaml
        |   |   |       CVE-2021-41349.yaml
        |   |   |       CVE-2021-41381.yaml
        |   |   |       CVE-2021-41773.yaml
        |   |   |       CVE-2021-42013.yaml
        |   |   |       CVE-2021-43287.yaml
        |   |   |       CVE-2021-43734.yaml
        |   |   |       CVE-2021-44451.yaml
        |   |   |       CVE-2021-46422.yaml
        |   |   |
        |   |   ---2022
        |   |           CVE-2022-0540.yaml
        |   |           CVE-2022-1388.yaml
        |   |           CVE-2022-21371.yaml
        |   |           CVE-2022-22947.yaml
        |   |           CVE-2022-22954.yaml
        |   |           CVE-2022-22963.yaml
        |   |           CVE-2022-22965.yaml
        |   |           CVE-2022-23131.yaml
        |   |           CVE-2022-23134.yaml
        |   |           CVE-2022-23178.yaml
        |   |           CVE-2022-23944.yaml
        |   |           CVE-2022-24112.yaml
        |   |           CVE-2022-24124.yaml
        |   |           CVE-2022-24260.yaml
        |   |           CVE-2022-24990.yaml
        |   |           CVE-2022-25084.yaml
        |   |           CVE-2022-25369.yaml
        |   |           CVE-2022-25568.yaml
        |   |           CVE-2022-26134.yaml
        |   |           CVE-2022-26148.yaml
        |   |           CVE-2022-26352.yaml
        |   |           CVE-2022-29303.yaml
        |   |           CVE-2022-29464.yaml
        |   |           CVE-2022-30525.yaml
        |   |
        |   ---h-unreviewed
        |           apache-ofbiz-log4j-rce.yaml
        |           mobileiron-log4j-jndi-rce.yaml
        |           springboot-log4j-rce.yaml
        |
        +---deleted
        |       alphaweb-default-password.yaml
        |       CVE-2015-7450.yaml
        |       CVE-2020-13925.yaml
        |       CVE-2021-44228.yaml
        |       h2-console-panel.yaml
        |       pbootcms-rce.yaml
        |       robots-txt.yaml
        |
        +---peiqi
        |   |   README.md
        |   |
        |   ---img
        |           afrog.ico
        |
        ---test
                demo.yaml
                poc.yaml
                stop_if_match_test.yaml

自定义poc:

POC,全称 Proof of Concept,指一段漏洞证明的说明或攻击样例

文件名

后缀 .yaml

CVE-2022-0202.yaml

id

[公司]产品-漏洞名称|CVE/CNVD-2021-XXXX
id: CVE-2022-0202  // good
id: seeyon-ajax-unauth  // good
id: zhiyuan-oa-unauth   // bad

info

包含 nameauthorseveritydescriptionreference

id: CVE-2022-22947
info:
  name: Spring Cloud Gateway Code Injection
  author: alex
  severity: critical
  description: |
    Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)发生在Spring Cloud Gateway...
    影响版本:Spring Cloud Gateway 3.1.x < 3.1.1 、Spring Cloud Gateway < 3.0.7
    官方已发布安全版本,请及时下载更新,下载地址:https://github.com/spring-cloud/spring-cloud-gateway
    FOFA:app="vmware-SpringBoot-framework"
  reference:
    - https://mp.weixin.qq.com/s/qIAcycsO_L9JKisG5Bgg_w  // 必须是列表(数组)形式

name:漏洞名称,尽量英文且官方用语

author:大佬名称

severity: 漏洞等级,分为criticalhighmideumlowinfo,请参考 [National Vulnerability Database]

description: (可选填)包含 漏洞描述漏洞影响网络测绘修复建议

reference: (可选填)参考链接,必须数组形式,否则 poc 无法验证

rules

示例

rules:
  r0:
    request:
      method: GET
      path: /phpinfo.php
    exppression: response.status == 200 && response.body.bcontains(b'PHP Version')
    stop_if_match: true
  r1:
    before_sleep: 6
    request:
      method: GET
      path: /info.php
    expresssion: response.status == 200 && response.body.bcontains(b'PHP Version')
    stop_if_mismatch: true
expression: r0() || r1()

rules:定义规则组

r0 / r1 : 子规则,自定义名称,不能重复

request: 表示 http request 请求

method: 表示 http request method 方法

path: 表示 http request URL 请求的 PATH

expresssion:子规则的验证表达式,用于验证 r0 或 r1 是否匹配规则。比如:response.status == 200 && response.body.bcontains(b'PHP Version')表示 request 请求返回状态码必须是 200 且 源码必须含有 PHP Version 关键字

stop_if_match: 如果匹配就停止

stop_if_mismatch:如果不匹配就停止

before_sleep: 顾名思义,http 请求前 sleep 6 秒钟

expression: 最外面的 expressionrules 的验证表达式,r0() || r1() 表示 r0r1 两个规则,匹配一个表达式就为 true,代表漏洞存在。

如果 rules 表达式都是 ||关系,比如:r0() || r1() || r2() … ,默认执行 stop_if_match 动作。同理,如果表达式都是 && 关系,默认执行 stop_if_mismatch 动作。

raw http

set:
  hostnamerequest.url.host
rules:
  r0:
    request:
      raw: |
        GET .//WEB-INF/web.xml HTTP/1.1
        Host: {{hostname}}
        User-AgentMozilla/5.0 (Windows NT 10.0Win64x64rv:99.0) Gecko/20100101 Firefox/99.0
    expressionresponse.status == 200 && response.body.bcontains(b'<web-app') && response.body.bcontains(b'</web-app>') && (response.raw_header.bcontains(b'application/xml') || response.raw_header.bcontains(b'text/xml'))
  r1:
    request:
      raw: |
        GET .//WEB-INF/weblogic.xml HTTP/1.1
        Host: {{hostname}}
        User-AgentMozilla/5.0 (Windows NT 10.0Win64x64rv:99.0) Gecko/20100101 Firefox/99.0
    expressionresponse.status == 200 && response.body.bcontains(b'<weblogic-web-app') && response.body.bcontains(b'</weblogic-web-app>') && (response.raw_header.bcontains(b'application/xml') || response.raw_header.bcontains(b'text/xml'))
expressionr0() || r1()

raw: 顾名思义,支持原生 http 请求

免责声明

本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。

为避免被恶意使用,本项目所有收录的poc均为漏洞的理论判断,不存在漏洞利用过程,不会对目标发起真实攻击和漏洞利用。

在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。

在安装并使用本工具前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。

项目地址:

GitHub: https://github.com/zan8in/afrog


本文转载自网络
作者:雨苁
原文链接:
https://www.ddosi.org/afrog/
如侵权请私信我们删文

--- EOF ---


推荐↓↓↓



原文始发于微信公众号(网络安全与黑客技术):一款快速稳定 PoC可定制化的漏洞扫描器

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年9月23日14:36:32
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   一款快速稳定 PoC可定制化的漏洞扫描器http://cn-sec.com/archives/1310893.html

发表评论

匿名网友 填写信息