Afrog 是一款性能卓越、快速稳定、PoC 可定制的漏洞扫描工具,PoC 包含 CVE、CNVD、默认口令、信息泄露、指纹识别、未授权访问、任意文件读取、命令执行等多种漏洞类型,可以帮助网络安全从业者快速验证并及时修复漏洞。
目前最新版本新增了 ecology-filedownloadforoutdoc-sqli.yaml
优化:将反链存活检查改为并发执行
PoCs 数量增加到: 1041
┌──(root㉿kali)-[~/PTE/afrog_2.5.6_linux_amd64]
└─# ./afrog -h
afrog
Usage:
./afrog [flags]
Flags:
TARGET:
-t, -target string[] target URLs/hosts to scan
-T, -target-file string list of target URLs/hosts to scan (one per line)
POCS:
-P, -poc-file string PoC file or directory to scan
-pd, -poc-detail string show a afrog-pocs detail
-pl, -poc-list show afrog-pocs list
OUTPUT:
-o, -output string write to the HTML file, including all vulnerability results
-j, -json string write to the JSON file, but it will not include the request and response content
-ja, -json-all string write to the JSON file, including all vulnerability results
-doh, -disable-output-html disable the automatic generation of HTML reports (higher priority than the -o command)
FILTER:
-s, -search string search PoC by keyword , eg: -s tomcat,phpinfo
-S, -severity string pocs to run based on severity. support: info, low, medium, high, critical, unknown
RATE-LIMIT:
-rl, -rate-limit int maximum number of requests to send per second (default 150)
-c, -concurrency int maximum number of afrog-pocs to be executed in parallel (default 25)
OPTIMIZATION:
-retries int number of times to retry a failed request (default 1) (default 1)
-timeout int time to wait in seconds before timeout (default 10) (default 10)
-mt enable the monitor-target feature during scanning.
-mhe int max errors for a host before skipping from scan (default 3)
-mrbs int max of http response body size (default 2m) (default 2)
-silent only results only
UPDATE:
-un, -update update afrog engine to the latest released version
-duc, -disable-update-check disable automatic afrog-pocs update check
DEBUG:
-proxy string list of http/socks5 proxy to use (comma separated or file input)
下载链接:https://github.com/zan8in/afrog/releases/tag/v2.7.2
原文始发于微信公众号(贝雷帽SEC):【红队】afrog v2.7.2 新版本发布
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论