cl0udg0d / szhe_scan Goto Github PK
View Code? Open in Web Editor NEW碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC
碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC
有几个建议:
1.扫描不到那种需要登录的网站
2.不知道能不能提供扫描选项,我只想扫某个网站的SQL注入漏洞,和XSS
3.后期会加入扫描暗链和恶意关键字的功能吗
建议作者在docker pip源中用国内的源,https://pypi.tuna.tsinghua.edu.cn/simple/我试了很多次有些请求无法访问,可能导致安装出现其它错误。
还可以增加 漏洞及时通知反馈功能
结果发送给server酱
或者微信公众号,或者钉钉等等
这样感觉能及时知道结果
斗胆问大佬,docker版有戏了不?
您好师傅,成功在服务器上通过源码搭建了,但是只能本地访问,外网访问会直接拒绝请求(已经放行所有端口),请问怎么进行配置使得外网可以访问
用了一下感觉误报还是太多了,报出很多xss根本就没有参数输入的地方并且payload中还插着日期,emmmmmm,还有高危的洞是js文件后边跟了命令注入的payload,但是并没有办法传参,而且有的完全相同的漏洞会重复报很多次。
b53cfa67fd97 szhe_scan_web "flask run" 2 minutes ago Restarting (2) 50 seconds ago szhe_scan_web_1
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
Error: While importing "index", an ImportError was raised:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/flask/cli.py", line 240, in locate_app
import(module_name)
File "/code/index.py", line 6, in
from Init import app, redispool
ModuleNotFoundError: No module named 'Init'
安裝成功了,弄了一批域名进行扫描,扫描到第6个的时候卡住了,几个小时都是那个目标,没有地方查看当前进度及管理待扫描不目标,就有点难受,连取消都没地方取消,像我这样,卡住在某个域名不动了,就完全没有任何办法
您好,您方便留下联系方式吗
搭建成功了, 能够运行,还是很不错的。
windows下的docker 安装后,登录后在控制台输入域名点击“新建任务”没任何反应
docker版安装完成以后,运行起来。
登陆进去报500
服务器挂了,正在暴打开发人员中^_^你被丢到火星了,送只猫咪陪你以表慰问Go Home
报错如下:
sqlalchemy.exc.ProgrammingError: (pymysql.err.ProgrammingError) (1146, "Table 'SZheScan.log' doesn't exist")
[SQL: INSERT INTO log (ip, email, date) VALUES (%(ip)s, %(email)s, %(date)s)]
[parameters: {'ip': '1.1.2.100', 'email': '[email protected]', 'date': datetime.datetime(2020, 6, 15, 3, 34, 18, 154845)}]
(Background on this error at: http://sqlalche.me/e/f405)
1.能直接看高危危险的漏洞,而不是显示有漏洞,打开一看几千条
2.能取消任务,而不是每次扫一半就卡主了
3.扫出来的漏洞能单独存放
failed to solve: process "/bin/sh -c apt-get update -y && apt-get upgrade -y && apt-get install aptitude -y && mv /etc/apt/sources.list /etc/apt/sources.list.bak && echo "deb http://mirrors.aliyun.com/debian stretch main contrib non-free" >/etc/apt/sources.list && echo "deb-src http://mirrors.aliyun.com/debian stretch main contrib non-free" >>/etc/apt/sources.list && echo "deb http://mirrors.aliyun.com/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list && echo "deb-src http://mirrors.aliyun.com/debian stretch-updates main contrib non-free" >>/etc/apt/sources.list && echo "deb http://mirrors.aliyun.com/debian-security stretch/updates main contrib non-free" >>/etc/apt/sources.list && echo "deb-src http://mirrors.aliyun.com/debian-security stretch/updates main contrib non-free" >>/etc/apt/sources.list && echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" >>/etc/apt/sources.list && wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && aptitude update && aptitude install google-chrome-stable -y && wget --no-check-certificate --content-disposition https://github.com/Qianlitp/crawlergo/releases/download/v0.4.3/crawlergo_linux_amd64 -O crawlergo && chmod 777 crawlergo && pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple" did not complete successfully: exit code: 255
系统 : Ubuntu 22.04.1 LTS
架构 :aarch64
报错内容:
[szhe_scan_mysql internal] load metadata for docker.io/library/mysql:5.7:
failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to create LLB definition: no match for platform in manifest sha256:94176d0ad4ed85767fc0d74b8071387109a0390e7c1afd39788269c96d2dad74: not found
建议查看漏洞的时候,可以筛选,比如只看高危,或者低危这样的功能。
建议资产扫描做成分布式扫描,否则单机扫描目标的全端口在时间上就行不通.我的漏扫功能是可以全选插件扫描或指定插件扫描,好处就是新的漏洞出来先测试一遍.功能模块分开的同时也能关联起来.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.