1c3z / arl-npoc Goto Github PK
View Code? Open in Web Editor NEW集漏洞验证和任务运行的一个框架
集漏洞验证和任务运行的一个框架
为了对通用应用漏洞进行扫描,灯塔中使用了个名为NPoC的框架
框架存放的PoC目录为 xing/plugins, 框架会动态加载该目录下的文件
可以按照自己的需求在目录中添加相应的PoC代码文件, 注意不同子目录下的文件名不要出现重复情况。
由于运行环境为docker, 可以将写好的PoC代码文件放置到docker/poc目录下面,将会映射到docker 中的路径 /opt/ARL-NPoC/xing/plugins/upload_poc
问下自定义添加poc时,poc支持什么格式和要求,譬如pocsuite的漏洞py脚本可以直接用?
https://blog.csdn.net/u010559460/article/details/108746820
访问 nacos 后端控制台
地址: http://localhost:8848/nacos/index.html
登录账号(默认): nacos
登录密码(默认): nacos
我不知道参数到底咋用
xing exploit -t https://test.com --plugin-name Ueditor_Store_XSS --cmd XSS
还是怎么说,我不会用
命令:brute -t 127.0.0.1 -n MysqlBrute
报错:
[2024-02-06 18:59:26] [WARNING] [MainThread] [BasePlugin.py:167] [MysqlBrute] mysql://127.0.0.1 an integer is required (got type NoneType)
[2024-02-06 18:59:26] [ERROR] [MainThread] [BasePlugin.py:172] an integer is required (got type NoneType)
Traceback (most recent call last):
File "/Users/leisure/Documents/py-code/vue-admin-template/api/xing/core/BasePlugin.py", line 157, in run
return do_action()
File "/Users/leisure/Documents/py-code/vue-admin-template/api/xing/core/BasePlugin.py", line 74, in do_brute
if not self.check_app(target=self.target):
File "/Users/leisure/Documents/py-code/vue-admin-template/api/xing/plugins/brute/MysqlBrute.py", line 43, in check_app
client = self.conn_target()
File "/Users/leisure/Documents/py-code/vue-admin-template/api/xing/core/BasePlugin.py", line 203, in conn_target
client.connect((host, port))
TypeError: an integer is required (got type NoneType)
通过调试定位到函数:
def conn_target(self, timeout=4):
"""
连接到目标, 请调用后一定要手动close
"""
host = self.target_info["host"]
port = self.target_info["port"]
client = socket.socket()
client.settimeout(timeout)
client.connect((host, port))
return client
程序走到port = self.target_info["port"]时,返回的是None
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.