w-digital-scanner / w9scan Goto Github PK
View Code? Open in Web Editor NEWPlug-in type web vulnerability scanner
License: GNU General Public License v2.0
Plug-in type web vulnerability scanner
License: GNU General Public License v2.0
如题,1718.py少了time模块,运行会报错
1.是否加入exploit模块,即便捷验证漏洞的功能;
2.之后应该会写的是waf识别吧,CMS的指纹还好说,waf的指纹还真是不多,我建议可以去参考下wafw00f
3.还有一个就是分布式了。我也看了您之前写的w8,也实现了分布式,w9应该也会吧,不知道您的任务是否加入此项
4.不知道此项目和w8是否一样,有webui呢
漏洞测试用的脚本是 http://www.yxlink.com/nvs_test.txt 是作者黑掉这个站挂的? 这样真的好吗?
[-] Running plugin error:expected a string or other character buffer object service:www filename:whatcms.py
Traceback (most recent call last):
File "............../w9scan/lib/core/exploit.py", line 178, in _work
pluginObj.audit(threadConf["agrs"])
File "", line 112, in audit
File "", line 51, in isMatching
TypeError: expected a string or other character buffer object
w9scan里的1500+的插件,并不是通用的漏洞类型测试代码(A插件用来测试是否存在SQL注入,B插件用来测试是否存在XSS),这里面的插件都是一些厂商特有的漏洞,比如acsno这个插件是适用于该公司,并不适用其他公司。不知道我理解的对不对。
对软404没有检测,很多情况下会出现大量误报,建议根据页面大小增加过滤
向导模式启动,会让选择插件,请问这边选择插件的意义是什么,是不是选择这四个插件,其他的插件就不会加载?
大佬能不能尽快加上这个使用指南,等我们跑起来了我们没准能够加入一起做做开发。
[-] Running plugin error:push() takes exactly 2 arguments (3 given) service:mysql filename:w9_mysql_usereme.py
首先向大佬问好Y(^_^)Y
第一个问题是对网站的错误页面识别能力不太好,很多网站跑起来一大串漏洞提示,size都一样的( ̄~ ̄)
其次是w9scan跑起来后貌似会运行update.py
./w9scan.py -u "@web_list_dedecms.txt" --debug -p dedecms
这样扫描出来的结果在哪里看?
最后扫描完成以后会生成一个文件 地址_时间.html
如果扫描带有端口的 也会生成一个这样的文件,但是 冒号 : 在文件名中不能存在
报了几个错误之后就卡死了**
只要一跑 python就崩溃 不知道为什么
看完源码后,有个疑问,开启爬虫后首先加载了spider_file下面的插件,然后根据指定的URL爬取链接,我想问的是,在干完这两件事后,爬取到的所有链接有去跑插件吗?可能我代码看得不太懂,求指导。
感觉还是这个用起来顺手啊 [手动狗头]
好像 批量扫描某个文本的时候是不行的
有些站开了泛域名,这样扫描器就会按照字典逐个输出,能否设定个阈值,超过则不继续扫描剩余域名。
老兄这个不指定插件无法批量扫描URL么?是怕并发太大?
如何指定多个插件
choose all plugins
but it stop at 400 code...
[*] 80 => [www]; Ver => [('Server', 'Tengine')]
81 => [www]; Ver => [('Server', 'Microsoft-HTTPAPI/2.0')]
443 => [ssl]; Ver => [('Server', 'Tengine')]
Error: HTTP Error 400: Bad Request
^C
^C^C^C^C^C^C
...
批量扫描,经常扫描出错,余下的站基本只进行指纹扫描检测。
扫描时选择的all
readme.md 信息收集 有介绍Emails, E-mail。这看起来是同一个描述。
检测状态码只能判断返回状态是否正常 如果是404页面也是会报200 误报概率有点高
[-] Running plugin error:push() takes exactly 2 arguments (3 given) service:mysql filename:w9_mysql_usereme.py
Traceback (most recent call last):
File "/home/skel/Downloads/w9scan/lib/core/exploit.py", line 178, in _work
pluginObj.audit(threadConf["agrs"])
File "", line 42, in audit
TypeError: push() takes exactly 2 arguments (3 given)
-u参数指定url后脚本仍然需要input url,如果直接回车会退出脚本....这个-u参数和没用一样,还有--guide参数也是好像和python w9scan.py一样效果
Traceback (most recent call last):
File "w9scan.py", line 117, in
main()
File "w9scan.py", line 87, in main
configFileParser("config.conf")
File "/opt/w9scan/lib/utils/configfile.py", line 142, in configFileParser
checkFile(configFile)
File "/opt/w9scan/lib/utils/configfile.py", line 97, in checkFile
raise ToolkitSystemException("unable to read file '%s'" % filename)
lib.core.exception.ToolkitSystemException: unable to read file 'config.conf'
使用
python w9scan.py -u "@1.txt"
这种方式批量扫描网站提示:
[-] Running plugin error:[Errno -2] Name or service not known service:www filename:waf_identify.py Traceback (most recent call last): File "/root/scanner/w9scan/lib/core/exploit.py", line 178, in _work pluginObj.audit(threadConf["agrs"]) File "<string>", line 76, in audit File "/root/scanner/w9scan/thirdparty/hackhttp.py", line 362, in http location=location, locationcount=0) File "/root/scanner/w9scan/thirdparty/hackhttp.py", line 381, in _http con = self.conpool._get_connect(urlinfo, proxy) File "/root/scanner/w9scan/thirdparty/hackhttp.py", line 130, in _get_connect con = self._make_connect(https, host, port, proxy) File "/root/scanner/w9scan/thirdparty/hackhttp.py", line 97, in _make_connect con.connect() File "/usr/lib/python2.7/httplib.py", line 821, in connect self.timeout, self.source_address) File "/usr/lib/python2.7/socket.py", line 557, in create_connection for res in getaddrinfo(host, port, 0, SOCK_STREAM): gaierror: [Errno -2] Name or service not known
code_eval_2.x.py这个插件代码有个bug。
code, head, html, redirect_url, log = hackhttp.http(payload,headers = headers) code, head, html, redirect_url, log = hackhttp.http(arg + "/1.php")
payload是通过sql注入写入的,所以这两个请求中可能会存在未写入完直接判断,如果不通过延时来给写入时间的话 ,那么第二个requests已经在写入前就执行了。。所以判断会存在误差
很多扫描器都有基本的设置代理功能,希望增加上
批量扫描时候报了错
[!] error:<type 'exceptions.Exception'> can't start new thread
[!] It seems like you reached a unhandled exception, please report it to author's mail:[email protected] or raise a issue via:https://github.com/boy-hacl/w9scan/issues/new.����������������������������������������������������������
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.