Afrog 是一款性能卓越、快速稳定、PoC 可定制的漏洞扫描工具,PoC 包含 CVE、CNVD、默认口令、信息泄露、指纹识别、未授权访问、任意文件读取、命令执行等多种漏洞类型,可以帮助网络安全从业者快速验证并及时修复漏洞。
目前最新版本新增了 ecology-filedownloadforoutdoc-sqli.yaml
优化:将反链存活检查改为并发执行
PoCs 数量增加到: 1041
┌──(root㉿kali)-[~/PTE/afrog_2.5.6_linux_amd64]└─# ./afrog -hafrogUsage:./afrog [flags]Flags:TARGET:-t, -target string[] target URLs/hosts to scan-T, -target-file string list of target URLs/hosts to scan (one per line)POCS:-P, -poc-file string PoC file or directory to scan-pd, -poc-detail string show a afrog-pocs detail-pl, -poc-list show afrog-pocs listOUTPUT:-o, -output string write to the HTML file, including all vulnerability results-j, -json string write to the JSON file, but it will not include the request and response content-ja, -json-all string write to the JSON file, including all vulnerability results-doh, -disable-output-html disable the automatic generation of HTML reports (higher priority than the -o command)FILTER:-s, -search string search PoC by keyword , eg: -s tomcat,phpinfo-S, -severity string pocs to run based on severity. support: info, low, medium, high, critical, unknownRATE-LIMIT:-rl, -rate-limit int maximum number of requests to send per second (default 150)-c, -concurrency int maximum number of afrog-pocs to be executed in parallel (default 25)OPTIMIZATION:-retries int number of times to retry a failed request (default 1) (default 1)-timeout int time to wait in seconds before timeout (default 10) (default 10)-mt enable the monitor-target feature during scanning.-mhe int max errors for a host before skipping from scan (default 3)-mrbs int max of http response body size (default 2m) (default 2)-silent only results onlyUPDATE:-un, -update update afrog engine to the latest released version-duc, -disable-update-check disable automatic afrog-pocs update checkDEBUG:-proxy string list of http/socks5 proxy to use (comma separated or file input)
下载链接:https://github.com/zan8in/afrog/releases/tag/v2.7.2
原文始发于微信公众号(贝雷帽SEC):【红队】afrog v2.7.2 新版本发布
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论