Vulnerability scanning

Vulnerability scanning is based on vulnerability database , Scan the specified remote or local computer system The security vulnerability of , A security test to detect exploitable vulnerabilities （ Penetration attack ） Behavior .
For certain types of vulnerabilities ：sql Inject （sqlmap）weblogic（weblogicscan）
For a class CMS Of ：wordpress（wpscan）、dedecms（dedecmsscan）
For system application layer ：nessus
For a certain kind of framework ： Struts2（Struts2 Vulnerability checking tools ）、springboot（SBActuator）
in the light of web Service ：burpsuite、xray、awvs

AWVS

AWVS brief introduction

Acunetix Web Vulnerability Scanner （ abbreviation AWVS） Is a well-known network vulnerability scanning Tools , It tests your website security through web crawlers , Detect popular security vulnerabilities . from 11.0 Version start , AWVS It becomes the form of using the browser to open , Use the customized port during installation to access .

AWVS install

Docker install

1. Search mirroring

docker search awvs

2. Pull the mirror image ( Recommend the third one )

docker pull secfa/awvs

I've installed it here .

3. Start the container .

docker run -dit -p 13443:3443 secfa/awvs

4. Sign in AWVS

URL Address ：https://ip:13443
 user name ：[email protected]
 password ：Admin123

AWVS Use

Add target

Set parameters

XRAY

xray brief introduction

xray Is a powerful security assessment tool , It is made up of many experienced front-line safety practitioners , The main features are :
Fast detection speed ： Fast contract awarding ; The vulnerability detection algorithm is efficient .
Support a wide range of ： Big to OWASP Top 10 General vulnerability detection , As small as all kinds of CMS frame POC, Can support .
High code quality ： The quality of the people who write the code is high , adopt Code Review、 unit testing 、 Multi layer verification such as integration testing to improve code reliability .
High quality can be customized ： Various parameters of the engine are exposed through the configuration file , By modifying the configuration file, you can greatly customize the function .
There is no threat to safety ：xray Positioning as a safety assessment tool , Instead of attacking tools , All built in payload and poc All are harmless tests .

xray install

Download address ：

https://github.com/chaitin/xray

xray Crack

Use binary editor （ Recommended winhex） open xray Program , Just change the following values .

43 4F 4D 4D 55 4E 49 54 59
COMMUNITY
41 4F 4D 4D 55 4E 49 54 59
AOMMUNITY
41 44 56 41 4E 43 45 44 44
ADVANCEDD

1. open winhex, Drag in xray.exe.

2. Click the top search , Search for hexadecimal values . Input 434F4D 4D554E495459. take 43 Change it to 41. Save to exit .

xray Use

Reptile mode

xray.exe webscan --basic-crawler http://xxx.com/ --html-output xray-xxx.html
xray.exe ws --basic http://xxx.com/ --ho xray-xxx.html

Passive scanning

1. Generate ca certificate .（ I've generated it here ）

xray.exe genca

2. Turn on monitoring .

 complete ：xray.exe webscan --listen 127.0.0.1:7777 --html-output testphp.html
 simplify ：xray.exe ws --listen 127.0.0.1:7777 --ho testphp.html

3. Browser proxy settings .
It is recommended to use SwitchyOmega plug-in unit . Convenient and quick .

4 The browser accesses the site to be tested , Open the scanning

AWVS linkage XRAY

1.vps start-up Xray
2.AWVS Add scan target
After adding the scanning target, configure the proxy server as VPS On Xray Listening port of

BurpSuite linkage XRAY

1.User options -> Upstream Proxy Servers -> Add
2. start-up xray monitor .

xray.exe ws --listen burpsuite Set up IP Address :7777 --ho test.html)
![ Insert picture description here ](https://img-blog.csdnimg.cn/2e9935e2bb2847dd9b4c2d7f0b3aafd7.png)
# Rad linkage XRAY
1.  download Rad.

```markup
https://github.com/chaitin/rad/releases

2.Rad Basic use
· Basic use ：

rad -t https://www.baidu.com/

· Log in manually ：

rad -t https://www.baidu.com/ -wait-login

Executing the above command will automatically disable headless browsing mode , Open a browser for manual login .
After logging in, click enter on the command line interface to continue crawling .

· Export the basic crawling results to a file

rad -t https://www.baidu.com/ -text-output result.txt

3.Rad And Xray linkage

xray.exe ws --listen 127.0.0.1:7777 --ho proxy.html

rad -t http://IP Address  -http-proxy 127.0.0.1:7777

4. premium Xray Integrated Rad Reptiles

xray ws --browser-crawler http://IP Address  --ho vuln.html

XRAY scripting

Xray POC Write auxiliary tools

https://phith0n.github.io/xray-poc-generation/

Vulnerability detection

xray ws -p mypocs/poc-nacos-unauth.yml -uf url.txt --ho nacos.html![ Insert picture description here ](https://img-blog.csdnimg.cn/1cd3f8939203435ca9c71d7e01c766a2.png)