It is convenient for red team personnel to conduct security detection on the target site and quickly obtain assets.

• Asset search detection using FOFA
• Asset search detection using 360 Quake
• Use Ksubdomain for domain fuzzing
• Use Httpx for domain name information detection
• Exploitation and detection using Nuclei
• Daily automatic update of vulnerability library

本工具仅面向合法授权的企业安全建设行为，如您需要测试本工具的可用性，请自行搭建靶机环境。 在使用本工具进行检测时，您应确保该行为符合当地的法律法规，并且已经取得了足够的授权。请勿对非授权目标进行扫描。 如果发现上述禁止行为，我们将保留追究您法律责任的权利。

如您在使用本工具的过程中存在任何非法行为，您需自行承担相应后果，我们将不承担任何法律及连带责任. 您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的，即视为您已阅读并同意本协议的约束。

• call FOFA service for asset detection

• Automatic vulnerability scanning for FOFA asset detection results

• Call Quake service for asset detection

Like the FOFA effect, Quake is currently being updated and upgraded, so let's not post the screenshot of the effect.

• Automatic vulnerability scanning for Quake asset detection results

Like the FOFA effect, Quake is currently being updated and upgraded, so let's not post the screenshot of the effect.

• Subdomain detection on target

• Automatic vulnerability scanning for subdomain detection results

• The program adapts to Windows, Macos, Linux systems

Configure system on the third line of the config/config.yaml file

• Interactive control usage

• Call HUNTER service for asset detection
• Vulnerability scan on HUNTER asset detection results
• Call ARL for asset detection
• Vulnerability scan on ARL asset results
• Develop WEB visual interface

git clone https://github.com/ExpLangcn/WanLi.git
cd WanLi & pip3 install -r requirements.txt
vim config/config.yaml # Configure FOFA information and Quake information

Help

python3 WanLi.py # Enter interactive mode and enter Help to view help information

2022.2.24:
- Adapt to Windows system
- Restore interactive control, remove parameter control
- Optimize the overall code to improve efficiency
2022.2.21:
    - config problem report error solution, more suitable for Windows system
    - Removed the Domain scan function of FOFA and Quake and merged it into the Domain parameter
    - Improve the vulnerability scanning function, the vulnerability database will be updated before each vulnerability scan
    - replace the pocscan parameter with the poc parameter
    - To perform vulnerability scanning on Domain results and asset detection results, just add -scan
2022.2.16:
    - Refactor to rewrite WanLiScan
    - Fixed FOFA asset search issue
    - Added FOFA domain name detection
    - Added 360 Quake asset search
    - Added 360 Quake domain name detection
    -Added comprehensive domain name fuzz detection
    - Added vulnerability library single target vulnerability scanning function
    - Added vulnerability library batch target vulnerability scanning function
2022.2.8:
    - Update Docker version

2022.2.x:
    - I forgot the time...

RedCodeTm

@ExpLang_Cn

[One-time payment, permanent free, you can join for free if you contact the operation when it expires]

Planet-oriented groups: mainly for information security researchers.

Update cycle: Update every two days at the latest.

Content direction: Original security tools | Security development | WEB security | Intranet penetration | Bypass | Code audit | CTF | Share ｜Latest Vulnerabilities｜Security Information

• ksubdomain

• httpx

• nuclei