象征性的收费是为了防止乱用乱采集。请理解!
Xray介绍
Xray是一款功能强大的安全评估工具,支持主动、被动多种扫描方式,支持常见web漏洞的自动化测试,可以灵活定义POC,功能丰富,调用简单,支持多种操作系统。
- 指定插件扫描
#仅加载一个指定插件--plugins xxe#加载多个插件--plugins xss,xxe,dirscan
- 指定POC扫描
# 只加载一个 POC, 精准匹配--plugins phantasm --poc poc-yaml-thinkphp5-controller-rce# 加载内置的所有带thinkphp的 POC--plugins phantasm --poc "*thinkphp*"# 加载本地/home/test/pocs/目录所有的 POC:--plugins phantasm --poc "/home/test/pocs/*"# 加载/home/test/pocs/下包含 thinkphp 的 POC--plugins phantasm --poc "/home/test/pocs/*thinkphp*"
基本使用方法
- 使用基本爬虫对爬虫爬取的链接进行爬取和扫描
xray.exe webscan --url http://example.com/?a=b --html-output single-url.html - 只扫描单个 URL,不使用爬虫
xray.exe webscan --url http://example.com/?a=b --html-output single-url.html
- 手动指定此运行的插件。默认情况下,将启用所有内置插件。您可以使用以下命令指定为此扫描启用哪些插件,如下命令注入和sql注入插件
xray.exe webscan --plugins cmd-injection,sqldet --url http://example.com --html-output 1.htmlxray.exe webscan --plugins cmd-injection,sqldet --listen 127.0.0.1:7777 --html-output 1.html
Xray新增内容
- 添加XStream扫描插件,支持列表如下(该插件需开启反连平台)
- CVE-2021-21344
- CVE-2021-21345
- CVE-2021-39141
- CVE-2021-39144
- …(共29个插件)
- fastjson插件支持cve-2022-25845的检测
- POC编写/执行更新
- 新增警告信息,师傅们可以根据警告信息删除检测插件创建的文件等
- 支持在GET,HEAD,OPTION时添加body
- 添加compare version函数,可以对匹配出的版本进行对比
- 添加html实体编码/解码函数
- 添加java反序列化函数
- 添加hex/hexDecode函数
- 优化内容
- 优化了反连平台漏洞捕获逻辑,提高了命中率
- 优化了 poc lint 变得更人性化
- yaml脚本支持获取rmi反连平台的链接,具体使用请参考官方文档
- 优化了Struts2检测模块,添加反连确认,减少误报漏报
Xray修复POC
- 规则优化,规则弱
- poc-yaml-drawio-cve-2022-1713-ssrf
- poc-yaml-h3c-cvm-upload-file-upload
- poc-yaml-iis-cve-2017-7269
- poc-yaml-74cms-sqli-cve-2020-22209
- poc-yaml-reporter-file-read
- poc-yaml-wanhu-ezoffice-documentedit-sqli
- poc-yaml-joomla-cve-2017-8917-sqli
- poc-yaml-iis-cve-2017-7269
- poc-yaml-emerge-e3-cve-2019-7256
- poc-yaml-alibaba-nacos-v1-auth-bypass
- poc-yaml-wanhu-ezoffice-documentedit-sqli
- poc-yaml-magicflow-gateway-main-xp-file-read
- poc-yaml-gitblit-cve-2022-31268
- poc-yaml-phpstudy-nginx-wrong-resolve
- poc-yaml-confluence-cve-2022-26138
- poc-yaml-metinfo-lfi-cnvd-2018-13393
- poc-yaml-zabbix-cve-2019-17382
- poc-yaml-wordpress-paypal-pro-cve-2020-14092-sqli
- poc-yaml-vite-cnvd-2022-44615
- poc-yaml-phpmyadmin-cve-2018-12613-file-inclusion
- poc-yaml-zabbix-cve-2022-23134
- poc-yaml-ametys-cms-cve-2022-26159
- 优化删除(功能与xray的通用插件重复)
- poc-yaml-nexusdb-cve-2020-24571–path-traversal
- poc-yaml-specoweb-cve-2021-32572-fileread
- poc-yaml-tvt-nvms-1000-file-read-cve-2019-20085
- poc-yaml-zyxel-vmg1312-b10d-cve-2018-19326–path-traversal
- 新增无害化处理
- poc-yaml-fanruan-v9-file-upload
- poc-yaml-h3c-cvm-upload-file-upload
- poc-yaml-seeyon-unauthorized-fileupload
- poc-yaml-thinkcmf-write-shell
- poc-yaml-wanhu-oa-officeserver-file-upload
- poc-yaml-weaver-oa-workrelate-file-upload
- poc-yaml-yonyou-grp-u8-file-upload
- poc-yaml-yonyou-nc-file-accept-upload
- poc-yaml-yonyou-u8c-file-upload
- poc-yaml-zhiyuan-oa-wpsassistservlet-file-upload
新增POC
- poc-yaml-ruijie-fileupload-fileupload-rce
- poc-yaml-eweaver-oa-mecadminaction-sqlexec
- poc-yaml-xxl-job-default-password
- poc-yaml-wordpress-plugin-superstorefinder-ssf-social-action-php-sqli
- poc-yaml-magento-config-disclosure-info-leak
- poc-yaml-ukefu-cnvd-2021–18305-file-read
- poc-yaml-ukefu-cnvd-2021–18303-ssrf
- poc-yaml-eweaver-eoffice-mainselect-info-leak
- poc-yaml-linksys-cnvd-2014–01260
- poc-yaml-wordpress-welcart-ecommerce-cve-2022–41840-path-traversal
- poc-yaml-jeesite-userfiles-path-traversal
- poc-yaml-yongyou-nc-iupdateservice-xxe
- poc-yaml-v-sol-olt-platform-unauth-config-download
- poc-yaml-ibm-websphere-portal-hcl-cve-2021–27748-ssrf
- poc-yaml-yonyou-nc-uapws-db-info-leak
- poc-yaml-yonyou-nc-service-info-leak
- poc-yaml-yongyou-nc-cloud-fs-sqli
- poc-yaml-finecms-filedownload
- poc-yaml-weaver-eoffice-userselect-unauth
- poc-yaml-fortinet-cve-2022–40684-auth-bypass
- poc-yaml-dapr-dashboard-cve-2022–38817-unauth
- poc-yaml-wordpress-zephyr-project-manager-cve-2022–2840-sqli
- 最新
- 最热
只看作者