chushuai / wscan Goto Github PK

View Code? Open in Web Editor NEW

488.0 14.0 61.0 92.87 MB

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

License: Other

Go 98.36% HTML 1.64%

crawler passive-vulnerability-scanner poc sql-injection vulnerability-scanner webscan chromedp headless cel-go martian

wscan's People

Contributors

Stargazers

Watchers

Forkers

ciyfly foo233 nidemingzizj cedric1314 kenuoseclab jusk9527 phuong39 securitybob sec-fork dixiu-aqq istoliving tz0385 viplation darkkid0 explangcn zhuanyedecainiao startagain2016 alchu4n runningoutoftimeu taojiaxing a099 bjliyanliang andy-wai awesomegolang rassec xiaobai313 harry1080 wangdeyi only-sunny msr00t anqisec mrquiet danzee1 thinksec marclsummer quantww xiaozes wastematerial gitgcccreate 4ga1n tardc cnucky jeffyds zt-hunter yin-zt hughink zhangkaibin0921 darcychen2010 idk7777777 trevor3000 lblwb songjianwori halipot tollytu linameq

wscan's Issues

疑问和建议

一，建议
针对参数fuzz 个人觉得需要尽快支持反连或者dnslog 因为log4j漏洞还是有一定存量的，而且fuzz本身就是模糊测试，以往的fuzz出来的漏洞均需配合dnslog

二，针对参数fuzz 或者现有的功能，如sql注入xss等对参数的解析是怎么样的
如
POST /sys/customer/list HTTP/1.1
Host: www.baidu.com
Content-Length: 23
Content-Type: application/json;charset=UTF-8

{"key1":"value1","key2":"eyJpbm5lcmtleTEiOiJpbm5lcnZhbHVlMSJ9","id":1,"isLogin":false,"key3":{"innerkey2":"{"k3":"v3"}"}}
污染 key1 的值然后分别发包

污染 key2 的值然后分别发包

尝试自动解码 key2 ，并污染子 JSON 的 innerkey1 的值然后分别发包

污染 key3 的值然后分别发包。

污染 key3 的子 JSON 的 innerkey2 的值，然后分别发包。

尝试解析 innerkey2 ，并污染子JSON的 k3 的值然后分别发包

理论上总的请求量是 3*6=18 次

或者 a=123&b={"innerkey2":"{"k3":"v3"}"}
{"key1":"value1","key2":["aa","bb"]

发包量较大的话，是否还需要增加参数便利深度配置

很感谢师傅能开源这么棒的项目，向你们致敬！

'doc/plugins/info_disclosure.py '这个python文件名的最后多了个空格

error: invalid path 'doc/plugins/info_disclosure.py '
fatal: unable to checkout working tree
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry with 'git restore --source=HEAD :/'

'doc/plugins/info_disclosure.py '
这个python文件名的最后多了个空格，导致windows上clone不下来

Browser crawl not working

Hi, i have a problem when i use max_depth param in my config.

I use owasp benchmark to test this scanner.
i run this command wscan --config /requirements/wscan-config.yaml ws --browser https://bench:8443/benchmark
Crawler found this page and pages on it without problems.

But cannot go to this pages

I use this config flags

browser-crawler:
    exec_path: "/usr/sbin/chromium"
    disable_headless: false
    force_sandbox: true
    enable_image: true
    parent_path_detect: true
    proxy: ""
    user_agent: "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/124.0.6344.218 Chrome/124.0.6344.218 Safari/537.36"
    domain_headers: []
    max_depth: 100
    navigate_timeout_second: 100
    load_timeout_second: 100
    retry: 3
    page_analyze_timeout_second: 100
    max_interactive: 100
    max_interactive_depth: 100
    max_page_concurrent: 10
    max_page_visit: 100000
    max_page_visit_per_site: 100000
    element_filter_strength: 0
    restriction:
        hostname_allowed: []
        hostname_disallowed:
            - '*google*'
            - '*github*'
            - '*.gov.cn'
            - '*.edu.cn'
        port_allowed: []
        port_disallowed: []
        path_allowed: []
        path_disallowed: []
        query_key_allowed: []
        query_key_disallowed: []
        fragment_allowed: []
        fragment_disallowed: []
        post_key_allowed: []
        post_key_disallowed: []

U can see my console log here: wscan.log

友情征文

在公众号上搜索Wscan相关的文章，我发现了许多令人振奋的作品。虽然Wscan作为一个非盈利项目，无法提供有奖征文的福利，但这并不会减弱我们对这个项目的热情。

诚邀大家踊跃分享自己关于Wscan的原创文章，让我们共同见证这个开源项目的成长与价值。

有资源、有流量的同学可以帮忙在各种社区平台分享《Wscan最佳实践》
https://github.com/chushuai/wscan/blob/main/doc/最佳实践.md

✨✨发现伟大项目✨✨

大佬加油！这个项目还要多久才能完善呀，或者有什么能帮助的嘛

编译命令是什么

core/subdomain/datasource/alienvault.go:9:2: package wscan/core/fastdomain/geodb is not in GOROOT (/usr/local/go/src/wscan/core/fastdomain/geodb)
core/subdomain/datasource/alienvault.go:10:2: package wscan/core/fastdomain/utils is not in GOROOT (/usr/local/go/src/wscan/core/fastdomain/utils)
core/output/htmlfile.go:27:12: pattern html_template.html: no matching files found
core/plugins/plugins.go:9:2: package wscan/core/plugins/crlf_injection is not in GOROOT (/usr/local/go/src/wscan/core/plugins/crlf_injection)
core/plugins/plugins.go:15:2: package wscan/core/plugins/sql_injection is not in GOROOT (/usr/local/go/src/wscan/core/plugins/sql_injection)

编译报错了

plugins/plugins.go:12:2: package wscan/core/plugins/crlf_injection is not in std (/usr/lib/go-1.22/src/wscan/core/plugins/crlf_injection)
plugins/custom/yaml_finger.go:14:2: package wscan/core/plugins/helper is not in std (/usr/lib/go-1.22/src/wscan/core/plugins/helper)
plugins/plugins.go:19:2: package wscan/core/plugins/redirect is not in std (/usr/lib/go-1.22/src/wscan/core/plugins/redirect)
plugins/plugins.go:21:2: package wscan/core/plugins/sql_injection is not in std (/usr/lib/go-1.22/src/wscan/core/plugins/sql_injection)
plugins/plugins.go:22:2: package wscan/core/plugins/ssrf is not in std (/usr/lib/go-1.22/src/wscan/core/plugins/ssrf)
output/htmlfile.go:27:12: pattern html_template.html: no matching files found
subdomain/datasource/alienvault.go:9:2: package wscan/core/fastdomain/geodb is not in std (/usr/lib/go-1.22/src/wscan/core/fastdomain/geodb)
subdomain/datasource/alienvault.go:10:2: package wscan/core/fastdomain/utils is not in std (/usr/lib/go-1.22/src/wscan/core/fastdomain/utils)

plugins目录下查看缺少文件。

client:
    remote_server: true
    http_base_url: "http://1.1.1.1:1111"
    dns_server_ip: "1.1.1.1"

并且服务端访问并不需要登录就可进行操作

提议

是否可以类似BP被扫插件一样,使用反连平台的key进行操作?