集成crawlergo、xray、dirsearch、nmap等工具的src漏洞挖掘工具,使用docker封装运行;

Overview

tools下有几个工具,所以项目文件比较大,如果下载总是中断的话建议拆开下载各个项目然后直接拷贝dockefile和recon.py即可

0x01 hscan介绍

hscan是什么

hscan是一款旨在使用一条命令替代渗透前的多条扫描命令,通过集成crawlergo扫描和xray扫描、dirsearch、nmap、jsfinder、nikto等工具,并使用-u \ -f \ -d 等参数进行扫描目标方式的管理,最后利用docker安装完相关依赖进行封装,形成一款docker参数化扫描的工具。
使用-d参数时输入域名,脚本自动使用oneforall遍历子域名并传入扫描

hscan做了哪些

  • 使用docker封装,使用参数运行
  • 使用crawlergo爬取网接,传给xray扫描
  • 使用dirsearch遍历目录及文件,传给xray扫描
  • 集成jsfinder、nmap、nikto等工具,可拓展
  • 增加xray扫描结束判断,避免实测中流量多大引起xray漏洞报告数量严重缺失
  • 增加-u url扫描/ -f 文件/ -d 域名的扫描入口方式
  • 集成crawlergo所需的浏览器 / chrome
  • 集成所有脚本所需的依赖包
  • 根据域名及扫描时间命名xray扫描报告
  • ...

本来意欲所有工具多线程并发走,但是后来发现多线程流量大了xray扫描出的漏洞结果严重缺失,所以又控制了扫描频度

hscan流程图

image

0x02 hscan使用

1 拉取代码并build镜像

git clone https://github.com/zongdeiqianxing/hscan.git
docker build -t hscan .

2 在目录下执行命令,或直接执行docker_run.sh

docker run -ti --rm -v `pwd`/:/root/ hscan:latest -u testphp.vulnweb.com

其中:

Usage:
    python3 recon.py -u url 
    python3 recon.py -f filename        #-f参数使用时,为每行正则匹配域名,已测试的可适配OneforAll、subDoaminBrute的outut文件;手写域名进入也可;
    python3 recon.py -d domain          #-d参数使用时,输入主域名,自动使用OneForAll工具查找所有子域名,后自动使用Scan模块扫描。

3 扫描完毕后后即可在目录下看到html文件和url文件,其中html文件为xray扫描输出,url文件为其他工具的扫描输出

image image image image

Windows Virus who destroy some impotants files on C:\windows\system32\

psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We

H-Tech-Dev36 1 Jan 06, 2022
S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

CVE-2021-31805 Remote code execution S2-062 (CVE-2021-31805) Due to Apache Struts2's incomplete fix for S2-061 (CVE-2020-17530), some tag attributes c

warin9 31 Nov 22, 2022
Internationalized Domain Names for Python (IDNA 2008 and UTS #46)

Internationalized Domain Names in Applications (IDNA) Support for the Internationalised Domain Names in Applications (IDNA) protocol as specified in R

Kim Davies 204 Dec 13, 2022
Tools for converting Nintendo DS binaries to an ELF file for Ghidra/IDA

nds2elf Requirements nds2elf.py uses LIEF and template.elf to form a new binary. LIEF is available via pip: pip3 install lief Usage DSi and DSi-enhan

Max Thomas 17 Aug 14, 2022
Microsoft Exchange Server SSRF漏洞(CVE-2021-26855)

Microsoft_Exchange_Server_SSRF_CVE-2021-26855 zoomeye dork:app:"Microsoft Exchange Server" 使用Seebug工具箱及pocsuite3编写的脚本Microsoft_Exchange_Server_SSRF_CV

conjojo 37 Nov 12, 2022
hackinsta: a program to hack instagram

hackinsta a program to hack instagram Yokoback_(instahack) is the file to open, you need libraries write on import. You run that file in the same fold

1 Dec 04, 2021
Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains.

Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains. File Structure core/ colors.py db/ wordlist.txt REA

whoami security 4 Jul 02, 2022
Privilege escalation with polkit - CVE-2021-3560

Polkit-exploit - CVE-2021-3560 Privilege escalation with polkit - CVE-2021-3560 Summary CVE-2021-3560 is an authentication bypass on polkit, which all

Ahmad Almorabea 95 Dec 27, 2022
Tool To generate Stable Undetected Payload

windowsPayload Tool To generate Stable Undetected Payload Don t Upload to Virus Total :) Follow on Social Media Platforms ScreenShots How to install +

youhacker55 117 Dec 30, 2022
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Syam 12 Nov 22, 2022
Implementation of an attack on a tropical algebra discrete logarithm based protocol

Implementation of an attack on a tropical algebra discrete logarithm based protocol This code implements the attack detailed in the paper: On the trop

3 Dec 30, 2021
The probability of having the password you want in the PassMaker is +90%!!

PasswordMaker Strong listing password Introduction The probability of having the password you want in the tool is +90%!! How to Install Open the termi

MasterBurnt 4 Sep 05, 2021
A black hole for Internet advertisements

Network-wide ad blocking via your own Linux hardware The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installi

Pi-hole 40.3k Jan 09, 2023
Simple Dos-Attacker.

dos-attacker ❕ Atenção Não ataque sites privados. isto é illegal. 🖥️ Pré-requisitos Ultima versão do Python3. para verificar isto, é bem simples. Bas

Dio brando 10 Apr 15, 2022
CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

CVE-2021-21985 CVE-2021-21985 EXP 本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。 0x01 利用Tomcat RMI RCE 1. VPS启动JNDI监听 1099 端口 rmi需要bypass高版本jdk java -jar JNDIIn

r0cky 355 Aug 03, 2022
Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

Anukul Pandey 6 Jan 30, 2022
A piece of software that shows a traceroute of a URL redirect path

Tracing URL redirects has never been easier! Usage • Download 🚩 Use Cases To see where an affiliate link ends up To see what affiliate network is bei

41 Nov 22, 2022
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
A Safer PoC for CVE-2022-22965 (Spring4Shell)

Safer_PoC_CVE-2022-22965 A Safer PoC for CVE-2022-22965 (Spring4Shell) Functionality Creates a file called CVE_2022-22965_exploited.txt in the tomcat

Colin Cowie 46 Nov 12, 2022
Tor Relay availability checker, for using it as a bridge in countries with censorship

Tor Relay Availability Checker This small script downloads all Tor Relay IP addresses from onionoo.torproject.org and checks whether random Relays are

ValdikSS 161 Dec 30, 2022