lucifer1993 / angelsword Goto Github PK

View Code? Open in Web Editor NEW

1.4K 1.4K 518.0 916 KB

Python3编写的CMS漏洞检测框架

Python 100.00%

cms poc vulnerability-scanners

angelsword's Introduction

Hi there 👋

🌱 I’m currently learning blueteam backtracking

Visitor Count

angelsword's People

Contributors

Stargazers

Watchers

Forkers

v1cker tyekrgk pengtao007 thearicer cash2one ring007c wilsonleeee hktalent 0x24bin lubyruffy i0t chushuai bmhxbai gotric helloexp lw1988 pghook liggle123 cyl0ng tuian xingkong123600 webvul kk98kk0 lengyun123456 choutofu jijicanyu xunnun allenla test123test111 cartonsta 5up3rc fig1810 xinyuweb firecatzkj bingbingsyr chaigon georgeskywang kyodule 0ldm0s njzy anwzx sauren-daxia binihao5bei luwikes xisafe nnewkin jamalmo samueltt sie504 tkcharlotte unclejim cn-leowong peibibing qiuyazhong lhcoro spr1ngbr0ther taylorwin yyxxzz clhaaaa ze4lfrog 1sn0m4d yizhimanpadewoniu linxi0428 wantiger 9max9 303donatello zuoshouzz k2vin akpotter haoirui mosuan qingche46 kenanat lance621 tsyj wifido galaxylove bbat8 longfeide2008 andyhao567 maskertui qsdj caterqiu zxm163 freeman983 harkie burncode ssdtfarm llhl001 s-ex1t a099 jerusalemsbell littlehann trackscorer bentleyz bugmeout aerfa21 pygain11 wnddan zminjiao

angelsword's Issues

小建议

两个小建议

是否支持自动扫描应用的cms类型，然后自动匹配呢，就是合并-s和-r
是否支持文件列表扫描

看不到.so文件，windows运行can not import spawn

请问哪些插件用了spawn模块？我试试改一下

【建议】把requirements.txt里面的模块版本号补全

把requirements.txt里面的模块版本号补全，使用pip3 install -r requirements.txt 容易报版本号未知错误

python AngelSword.py
AngelSword.py:248: SyntaxWarning: "is not" with a literal. Did you mean "!="? if line.find(keywords) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:277: SyntaxWarning: "is not" with a literal. Did you mean "!="? if keyword.__str__().find(sys.argv[2].strip()) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:314: SyntaxWarning: "is not" with a literal. Did you mean "!="? if keyword.__str__().find(sys.argv[2].strip()) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:348: SyntaxWarning: "is not" with a literal. Did you mean "!="? if keyword.__str__().find(pocfuck) is not -1: E:\tongzhuopy\play\AngelSword\AngelSword.py:419: SyntaxWarning: "is not" with a literal. Did you mean "!="? if line.find("BaseVerify") is not -1: a bytes-like object is required, not 'str'

[-]不存在seacms_order_code_exec漏洞 list index out of range >>>>>>>>>超时

[-]不存在phpcms_v96_sqli漏洞
[-]不存在xuezi_ceping_unauth漏洞
[-]不存在cmseasy_header_detail_sqli漏洞
[-] /home/AngelSword/cms/zfsoft/zfsoft_service_stryhm_sqli.py====>可能不存在漏洞
[-]不存在shadowsit_selector_lfi漏洞
[-]不存在phpmyadmin_setup_lfi漏洞
[-]不存在shop360_do_filedownload漏洞
[-]不存在opensns_index_arearank漏洞
[-] /home/AngelSword/cms/zfsoft/zfsoft_database_control.py====>可能不存在漏洞
[-] /home/AngelSword/cms/others/haohan_FileDown_filedownload.py====>可能不存在漏洞
[-] /home/AngelSword/cms/opensns/opensns_index_getshell.py====>可能不存在漏洞
[-] /home/AngelSword/cms/phpcms/phpcms_v961_fileread.py====>可能不存在漏洞
[-]不存在phpcms_digg_add_sqli漏洞
[-]不存在ecshop_uc_code_sqli漏洞
[-] /home/AngelSword/cms/phpcms/phpcms_v9_flash_xss.py====>可能不存在漏洞
[-]不存在phpcms_authkey_disclosure漏洞
[-]不存在zfsoft_default3_bruteforce漏洞
[-]不存在seacms_search_code_exec漏洞
[-]不存在jxt1039_unauth漏洞
[-]不存在seacms_order_code_exec漏洞
list index out of range
>>>>>>>>>超时

When I run it on a website it is showing this error.
How to fix it?

Please provide english support as well lot of things are written in chinese every time i have to google

关于一键执行-s -r -t/-f

git主可以试试这种写法，毕竟每次先搜索cms类型，再读.history比较麻烦，需要vps静默执行命令会更方便。

python3 AngelSword.py -s joomla -r all -t url