Coder Social home page Coder Social logo

dyboy2017 / wtf_scan Goto Github PK

View Code? Open in Web Editor NEW
256.0 7.0 70.0 1.69 MB

一款WEB端的在线敏感资产扫描器,扫描网站中的指纹、漏洞及相关敏感信息,针对已经识别的CMS指纹,进行二次0day扫描利用,一键GetShell也不是不可能!!!

PHP 8.48% CSS 16.20% Hack 33.15% Python 42.16% Batchfile 0.01%

wtf_scan's Introduction

WTF_Scan

一款WEB端的在线敏感资产扫描器,扫描网站中的指纹、漏洞及相关敏感信息,针对已经识别的CMS指纹,进行二次0day扫描利用,一键GetShell也不是不可能!!! image

预览界面

image

运行环境

  • 1.PHP > 5.3
  • 2.allow_url_fopen = On

使用说明

  • 1.克隆下载本源码
  • 2.上传到网站空间,直接访问对应目录即可使用

功能特别说明

  • 1.支持基本网站基本信息搜集
  • 2.支持获取DNS解析信息
  • 3.支持获取子域名信息
  • 4.支持获取网站CMS指纹信息
  • 5.支持逆向穿透国内CDN获取网站源IP及物理定位地址
  • 6.支持探测爆破常见端口以及全部65535个端口
  • 7.支持网站敏感目录、文件扫描爆破,字典6000+匹配
  • 8.支持IIS短文件名漏洞扫描
  • 9.支持根据扫描结果CMS定向0day扫描利用(未完成)
  • 10.支持插件无限扩展

Tips:

最近真的好忙啊有比赛还有考试复习,大家可以关注我的博客:https://blog.dyboy.cn ,日常更新哦

更新历史:

  • 2018-12-21 开源后端代码

wtf_scan's People

Contributors

dyboy2017 avatar

Stargazers

avatar avatar avatar WhaleFall avatar avatar avatar avatar avatar avatar avatar avatar avatar Guts avatar avatar avatar avatar avatar netveil avatar avatar avatar avatar Kevin avatar avatar ZhangSan avatar Unknown404-bot avatar asdasd avatar avatar QimuDecode avatar 5l1v3r1 avatar avatar 哈哈哈 avatar 41r7ed avatar jack avatar ayame avatar JONE avatar yanm1e avatar avatar avatar avatar shine_clown avatar 其实 avatar Ayaf avatar LionKing avatar avatar M4rtin Hsu avatar <svg onload=alert(1)> avatar Antares avatar Xeldax avatar kingpp avatar gooooo avatar Miles Routson avatar 暮阔 avatar SurKi1i avatar avatar avatar avatar 小晨曦 avatar LANVNAL avatar avatar Komomon avatar avatar 星冉 avatar tao avatar Hideheart avatar Quinn Yan avatar toutou_o avatar avatar 删库到跑璐璐 avatar Jay avatar avatar avatar avatar avatar avatar Wendel avatar MuQi avatar Cinabr0 avatar fuzzsec avatar leavky avatar lcarea avatar otuki avatar test avatar avatar Chen-star avatar avatar EatMans avatar avatar PacMan avatar kenuosec avatar Leo avatar 絢辻詞 avatar avatar Amang avatar avatar avatar avatar nero avatar jack avatar pickbig avatar avatar

Watchers

James Cloos avatar avatar Nazicc avatar avatar j@ckzh0u avatar Wasabi山葵酱 avatar avatar

Forkers

zxser chtq mrdoulestar dongjun2046 gobiggo haochuang sgdream f1vet ma1tobiose xuacker aisnnu qsdj tr33-he11 j4ckzh0u whantt pikaqi wolfwhoami xiaoyaodashao p4sschen yeweit6 aviraonepiece kenanat ph34n6x chepangzhi fzpixzj90h7baqieoop5hg cream-sec zhuozuozhang hades7777 akunwin limuitech amyppp lizhongnian bitallin netkey sry309 zidunet zkaq-mss jinlongdesigner qq431169079 02bx 773701766 alice-and-bob byte4sec candy-kk chased9166 lovehack01 ziqi521 startagain2016 heartsleep 0xm0 zengminghui fork4bak pingjingzhiyuan kenuoseclab beyondcy polosec popmedd fadinglr ssccffyy wenxuefeng3930 5l1v3r1 xinxiemy mxm-tools shawce elijahahianyo ctfer-researcher whoiszzr whalefell

wtf_scan's Issues

所有地方都一直在转菊花圈,没有结果

我把它直接放在/var/www/html/下了,打开是没有问题,但是输入域名以后。一直在转菊花圈,没有任何输出。请问这是啥情况?

还有,我在wtf下,试着用python manage.py,也是不行,直接就是打不开web页面。

Fix and optimize, wait for merge! 修复和优化! 等待作者合并, 如果等不及了使用 https://github.com/WhaleFell/WTF_Scan_Fix

如果等不及了使用 https://github.com/WhaleFell/WTF_Scan_Fix

This is a fixed version of the original project, mainly fixing the following issues:

  1. Update the runtime environment to Python3
  2. Fix cms recognition
  3. Fix port scanning
  4. Fix the original author's shitty code

Why fix it? Because I received a graduation design from a 985 University Cybersecurity student on an slavery platform. He gave me money, so I fixed it.
I didn't expect a college student to help a top university with his graduation project!

这是个修复版本, 主要修复了以下问题:

  1. 更新运行环境为 Python3
  2. 修复 cms 识别
  3. 修复 端口扫描
  4. 修复源作者屎山代码

为什么要修复呢? 因为我在外包平台接到一个 酒吧舞网络安全学生 的毕业设计. 他给钱, 我就修复了. 没想到一个文盲大专生也配帮顶级大学做毕设.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.