Git Product home page Git Product logo

fiora's Introduction

Fiora

项目简介:Fiora是LoL中的无双剑姬的名字,她善于发现对手防守弱点,实现精准打击。该项目为PoC框架nuclei提供图形界面,实现快速搜索、一键运行等功能,提升nuclei的使用体验。

项目地址:https://github.com/bit4woo/Fiora

项目作者:bit4woo

视频教程:https://www.bilibili.com/video/bv1Ha411z7T1

安装运行

一、作为burp插件运行

1、访问https://github.com/bit4woo/Fiora/releases

2、下载最新jar包

3、如下方法安装插件

image-20220101172629795

二、作为独立程序运行

该程序即可作为burp插件运行,也可以作为独立程序运行。命令行下通过java启动程序的命令:

java -jar Fiora-202100220-jar-with-dependencies.jar

image-20220101173315536

程序截图

image-20220101173647192

三、最新源码尝鲜

自行打包

当你遇到bug或者想使用最新的功能时,可以使用如下方法自行打包。

git clone https://github.com/bit4woo/Fiora
cd Fiora
mvn package

关于"burp-api-common"下载失败

如果没有使用过GitHub Packages,则需要创建或修改/Users/xxxxxx/.m2/setttings.xml 文件

https://github.com/settings/tokens

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                      http://maven.apache.org/xsd/settings-1.0.0.xsd">

  <activeProfiles>
    <activeProfile>github</activeProfile>
  </activeProfiles>

  <profiles>
    <profile>
      <id>github</id>
      <repositories>
        <repository>
          <id>central</id>
          <url>https://repo1.maven.org/maven2</url>
        </repository>
        <repository>
          <id>github</id>
          <url>https://maven.pkg.github.com/bit4woo/*</url>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
        </repository>
      </repositories>
    </profile>
  </profiles>

  <servers>
    <server>
      <id>github</id>
      <username>你的GitHub用户名</username>
      <password>你的GitHub access token 通过https://github.com/settings/tokens获取</password>
    </server>
  </servers>

    <properties>  
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>  
        <maven.compiler.encoding>UTF-8</maven.compiler.encoding>  
    </properties> 
</settings>

</repository><server> 中的内容是你需要配置的。 <repository>中的内容你可以直接复制粘贴。

       <repository>
          <id>github</id>
          <url>https://maven.pkg.github.com/bit4woo/*</url>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
        </repository>

<server> 中的内容就必须用自己的了。通过https://github.com/settings/tokens获取你的GitHub access token

    <server>
      <id>github</id>
      <username>你的GitHub用户名</username>
      <password>你的GitHub access token 通过https://github.com/settings/tokens获取</password>
    </server>

完成后再进行步骤一的操作即可。

注意说明

1、你需要自行安装nuclei到本地环境,并且将命令加入环境变量。安装方法可以参考官方文档

2、nuclei的模板文件存放的默认路径是当前用户路径下,即 YourUserHome/nuclei-templates。

使用方法

以grafana的PoC为例。

搜索PoC

程序会自动扫描nuclei-templates目录下的所有PoC文件,并加载进程序中,可以通过关键词搜索来找到想要的PoC。

image-20220101194244053

生成PoC命令

选中想要的PoC,右键选择“generate Command Of This PoC”即可。命令会写入剪切板,直接粘贴运行即可。优点是可以对命令行进行再次编辑,但是需要自行粘贴后运行。

image-20220101195315472

#生产的单个PoC 
nuclei -t C:\Users\P52\nuclei-templates\vulnerabilities\grafana\grafana-file-read.yaml -u http://example.com -proxy http://127.0.0.1

#生产workflow PoC
nuclei -w C:\Users\P52\nuclei-templates\workflows\grafana-workflow.yaml -u http://example.com -proxy http://127.0.0.1


nuclei -tags grafana -u http://example.com -proxy http://127.0.0.1

直接执行PoC

和生成PoC命令类似,但是它会直接执行生成的命令,不需要粘贴。优点是更便捷,但是无法编辑命令行。

image-20220101200920749

关于RobotInput

RobotInput选项会影响命令执行的方式。

当启用RobotInput时,会尝试先开启一个命令行终端,然后以模拟键盘输入的方式进行命令的执行。优点是:效果类似人为交互,会在命令行终端留下历史记录。缺点是:这个方式受程序响应速度、剪切板读写是否成功的影响,不是很稳定,某些情况会出现混乱错误。

当停用RobotInput时,会将所有命令先写入bat文件,然后运行bat文件,来实现系统命令的执行。优缺点刚好相反:功能稳定,但是不会留下命令行历史记录。

fiora's People

Contributors

bit4woo avatar dependabot[bot] avatar mr-xn avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

j5s laowang1026 clown1ay empty2081 jeromeyoung sec-fork explangcn cream-sec bingpo m4d3bug yeyingsec mgcfish go-time r1ghrfhd afwu isiaon msr00t jungerschwarz moryyi xyjl-ly sobinge fangjiuye w4tchd09 toddpod featue zzhsec swagxz tao1tao kaka77 key1624 cuojue6 hirak0 asoh42 slowmistio attacker-codeninja felixzwl rabbitsafe marsman1994 crazyn1nja gavz mr-xn m1anbao nanaao blackjack0 asura88 polarpeak tinker-li kenuosec hack404-007 kingking888 mxm-tools jjj124 shaonianl wang0098 rebootorz kk98kk0 dummykitty weifangpp flying0er z0edff0x3d exi1sh0w chentanghang lyrhy polling-repo-continua thinkberry simonlee-hello 1f3lse butong21 gamblingmaster2020 artqi jarzn amd6700k anquanzhu m3g4byt3 xvchengnuo thinks520 mingyue33 jeffry38 pygain11 482949203 edsaqw 5l1v3r1 yx2124538 sylviagaytaneh2021 navin-hacsociety fostane bawed ckevens madusec ronin001 obelia01 nidemingzizj startagain2016 ikpehlivan awdscan wouijvziqy lvyazhou gysf666 wwl012345 1trapbox

fiora's Issues

批量poc测试

可以根据批量poc对目标测试吗,比如搜索一个关键字grafana,出来的所有poc都想测试一下,支持批量吗

高版本burp加载时报错 "javax.swing.JTable.getModel()" is null

java.lang.NullPointerException: Cannot invoke "javax.swing.table.TableModel.addTableModelListener(javax.swing.event.TableModelListener)" because the return value of "javax.swing.JTable.getModel()" is null
at burp.theme.BurpTableUI.installListeners(Unknown Source)
at java.desktop/javax.swing.plaf.basic.BasicTableUI.installUI(BasicTableUI.java:1432)
at com.formdev.flatlaf.ui.FlatTableUI.installUI(FlatTableUI.java:129)
at burp.theme.BurpTableUI.installUI(Unknown Source)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:740)
at java.desktop/javax.swing.JTable.setUI(JTable.java:3661)
at java.desktop/javax.swing.JTable.updateUI(JTable.java:3710)
at java.desktop/javax.swing.JTable.(JTable.java:707)
at java.desktop/javax.swing.JTable.(JTable.java:632)
at PoC.LineTable.(LineTable.java:83)
at PoC.PoCPanel.(PoCPanel.java:88)
at GUI.MainGUI.(MainGUI.java:62)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:90)
at burp.Zuh0.Zw(Unknown Source)
at burp.Z_kv.Zb(Unknown Source)
at burp.Z_k3.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)

高版本burp加载时报错 "javax.swing.JTable.getModel()" is null

ava.lang.NullPointerException: Cannot invoke "javax.swing.table.TableModel.addTableModelListener(javax.swing.event.TableModelListener)" because the return value of "javax.swing.JTable.getModel()" is null
at burp.theme.BurpTableUI.installListeners(Unknown Source)
at java.desktop/javax.swing.plaf.basic.BasicTableUI.installUI(BasicTableUI.java:1432)
at com.formdev.flatlaf.ui.FlatTableUI.installUI(FlatTableUI.java:129)
at burp.theme.BurpTableUI.installUI(Unknown Source)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:740)
at java.desktop/javax.swing.JTable.setUI(JTable.java:3661)
at java.desktop/javax.swing.JTable.updateUI(JTable.java:3710)
at java.desktop/javax.swing.JTable.(JTable.java:707)
at java.desktop/javax.swing.JTable.(JTable.java:632)
at PoC.LineTable.(LineTable.java:83)
at PoC.PoCPanel.(PoCPanel.java:88)
at GUI.MainGUI.(MainGUI.java:62)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:90)
at burp.Zhyc.ZW(Unknown Source)
at burp.Zsxj.Zg(Unknown Source)
at burp.Zsxu.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)
请问一下这个该如何解决

bp 2024.1 报错

java.lang.NullPointerException: Cannot invoke "javax.swing.table.TableModel.addTableModelListener(javax.swing.event.TableModelListener)" because the return value of "javax.swing.JTable.getModel()" is null
at burp.theme.BurpTableUI.installListeners(Unknown Source)
at java.desktop/javax.swing.plaf.basic.BasicTableUI.installUI(BasicTableUI.java:1441)
at com.formdev.flatlaf.ui.FlatTableUI.installUI(FlatTableUI.java:129)
at burp.theme.BurpTableUI.installUI(Unknown Source)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:730)
at java.desktop/javax.swing.JTable.setUI(JTable.java:3655)
at java.desktop/javax.swing.JTable.updateUI(JTable.java:3704)
at java.desktop/javax.swing.JTable.(JTable.java:707)
at java.desktop/javax.swing.JTable.(JTable.java:632)
at PoC.LineTable.(LineTable.java:83)
at PoC.PoCPanel.(PoCPanel.java:88)
at GUI.MainGUI.(MainGUI.java:62)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:90)
at burp.Zdhy.Zz(Unknown Source)
at burp.Zdo_.Zz(Unknown Source)
at burp.Zdoz.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

bug

运行“Run poCs with Tags”时,不设置代理也会带上 -proxy 参数

eg:
nuclei -tags rce,cvnd -u http://192.168.18.11 -proxy
flag needs an argument: -proxy

无法新建poc文件

大佬你好,我将这个文件下载到本地后想新增poc的时候发现点击了Create poc输入文件名点击确认之后,窗口消失并无任何反应,期待回复,非常感谢

create poc 存在bug

创建poc的时候,代码的逻辑应该是复制的cves\2021\CVE-2021-1497.yaml文件,但是我的c盘默认的nuclei模板是没有这个的

image

还有个问题 路径能不能自定义

麻烦了师傅

高版本burp加载时报错 "javax.swing.JTable.getModel()" is null

java.lang.NullPointerException: Cannot invoke "javax.swing.table.TableModel.addTableModelListener(javax.swing.event.TableModelListener)" because the return value of "javax.swing.JTable.getModel()" is null
at burp.theme.BurpTableUI.installListeners(Unknown Source)
at java.desktop/javax.swing.plaf.basic.BasicTableUI.installUI(BasicTableUI.java:1441)
at com.formdev.flatlaf.ui.FlatTableUI.installUI(FlatTableUI.java:129)
at burp.theme.BurpTableUI.installUI(Unknown Source)
at java.desktop/javax.swing.JComponent.setUI(JComponent.java:730)
at java.desktop/javax.swing.JTable.setUI(JTable.java:3655)
at java.desktop/javax.swing.JTable.updateUI(JTable.java:3704)
at java.desktop/javax.swing.JTable.(JTable.java:707)
at java.desktop/javax.swing.JTable.(JTable.java:632)
at PoC.LineTable.(LineTable.java:83)
at PoC.PoCPanel.(PoCPanel.java:88)
at GUI.MainGUI.(MainGUI.java:62)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:90)
at burp.Zcp.Zi(Unknown Source)
at burp.Zu1y.ZY(Unknown Source)
at burp.Zu11.lambda$initialiseOnNewThread$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.