Git Product home page Git Product logo

dscan's Introduction

Dscan

特点

  • 基于规则的目录扫描工具,实现精准扫描
  • 适用于漏洞自动化巡检场景

安装

go get -u github.com/aboutbo/Dscan

使用

Usage:
  Dscan [command]

Available Commands:
  help        Help about any command
  scan        Use accurate model or fuzz model to scan

Flags:
      --accurate      Whether to use accurate mode
  -f, --file string   target file to scan
  -h, --help          help for Dscan
      --rule string   rule file (default "rules/rules.yaml")

Use "Dscan [command] --help" for more information about a command.

./Dscan scan --accurate -f your_target_urls_file --rule your_rules_file

规则编写

规则支持函数如下:

  • response.body.bcontains(b'your strings') : 判断HTTP响应body是否包含某字符串
  • response.status_code :response.status_code==200
  • response.headers['your header key'].contains('your header value') :判断HTTP响应headers某key是否包含某value
  • response.headers.contains_key('your header key') :判断HTTP响应headers是否存在某key

example:

  # the number of this rule
  rule5: 
    # rule description
    description: kibana
    # rule path
    path: /app/kibana
    # rule expression
    expression: response.status_code == 200 && response.body.bcontains(b'kibanaWelcomeLogo')

TODO

  • 并发扫描
  • fuzz模式
  • 结果输出
  • 更丰富的规则库

dscan's People

Contributors

aboutbo avatar

Stargazers

@WishJam avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.