al0ne / vxscan Goto Github PK
View Code? Open in Web Editor NEWpython3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
License: Apache License 2.0
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
License: Apache License 2.0
大神,这个工具怎么测试sql注入
Hi,
i need make an scan but after the port scan i get an error with "Access is denied due to invalid credentials" so i need to know how can i put credentials for the scan.
regards
it is not working. it started but stops while pinging.
there is also no db folder, i had to create one. still not working
Fresh install, uninstall and installing again, still have the same error.
Traceback (most recent call last):
File "Vxscan.py", line 30, in
from lib.common import start, bcolors
File "/opt/Vxscan/lib/common.py", line 13, in
from virustotal_python import Virustotal
File "/usr/local/lib/python3.5/dist-packages/virustotal_python/init.py", line 1, in
from virustotal_python.virustotal import Virustotal
File "/usr/local/lib/python3.5/dist-packages/virustotal_python/virustotal.py", line 27
print(f"Failed to import required modules: {err}")
root@qA-year:~/Vxscan# python3 Vxscan.py -f hosts.txt
\ \ / /_ _____ ___ __ _ _ __
\ \ / /\ / / |/ / ` | ' \
\ V / > <_ \ (| (| | | | |
_/ /_/__/___,|| ||
PortScan:
[+] http:8080
[+] http:80
[+] http:443
Vuln:
[+] django url jump : http://XgXXX:8080
[+] http://XXX.XXX.com:8080 |XXX
[+] https://XXX.XXX.com |XXX
OS:
[+] Linux 3.2 - 3.8
running 162.181 seconds...
有几个域名是禁ping的,所以扫描开始后直接就
1.1.1.1 is not alive
这种情况,有没有办法忽略这步检测啊。 还有就是我想用代理来扫,有没有对应的参数啊,还是自己用proxychains来实现 。
Di tea to our big brother
202.101.164.75 is not alive
124.160.116.204 is not alive
PortScan:
[+] http:80
[+] http:443
Vuln:
[+] https://tj.dianping.com | 页面不存在 | 美团点评
OS:
[+] None
running 82.314 seconds...
root@qiang-year:/Vxscan# ls/Vxscan# tail -500f error.log
db error.log hosts.txt lib LICENSE logo2.jpg logo.jpg README.md README.zh-CN.md report requirements.txt script Vxscan.py
root@qiang-year:
2019-07-01 13:01:00,873 - /usr/lib/python3/dist-packages/urllib3/connection.py[line:360] - ERROR: Certificate did not match expected hostname: tj.dianping.com. Certificate: {'subject': ((('organizationalUnitName', 'Domain Control Validated'),), (('commonName', '.sankuai.com'),)), 'issuer': ((('countryName', 'US'),), (('stateOrProvinceName', 'Arizona'),), (('localityName', 'Scottsdale'),), (('organizationName', 'GoDaddy.com, Inc.'),), (('organizationalUnitName', 'http://certs.godaddy.com/repository/'),), (('commonName', 'Go Daddy Secure Certificate Authority - G2'),)), 'version': 3, 'serialNumber': '9292B75E6D7D9B3A', 'notBefore': 'Jun 18 03:12:13 2019 GMT', 'notAfter': 'Jul 11 02:56:01 2020 GMT', 'subjectAltName': (('DNS', '.sankuai.com'), ('DNS', 'sankuai.com')), 'OCSP': ('http://ocsp.godaddy.com/',), 'caIssuers': ('http://certificates.godaddy.com/repository/gdig2.crt',), 'crlDistributionPoints': ('http://crl.godaddy.com/gdig2s1-1180.crl',)}
2019-07-01 13:01:00,975 - /usr/lib/python3/dist-packages/urllib3/connection.py[line:360] - ERROR: Certificate did not match expected hostname: tj.dianping.com. Certificate: {'subject': ((('organizationalUnitName', 'Domain Control Validated'),), (('commonName', '.sankuai.com'),)), 'issuer': ((('countryName', 'US'),), (('stateOrProvinceName', 'Arizona'),), (('localityName', 'Scottsdale'),), (('organizationName', 'GoDaddy.com, Inc.'),), (('organizationalUnitName', 'http://certs.godaddy.com/repository/'),), (('commonName', 'Go Daddy Secure Certificate Authority - G2'),)), 'version': 3, 'serialNumber': '9292B75E6D7D9B3A', 'notBefore': 'Jun 18 03:12:13 2019 GMT', 'notAfter': 'Jul 11 02:56:01 2020 GMT', 'subjectAltName': (('DNS', '.sankuai.com'), ('DNS', 'sankuai.com')), 'OCSP': ('http://ocsp.godaddy.com/',), 'caIssuers': ('http://certificates.godaddy.com/repository/gdig2.crt',), 'crlDistributionPoints': ('http://crl.godaddy.com/gdig2s1-1180.crl',)}
2019-07-01 13:01:00,978 - /usr/lib/python3/dist-packages/urllib3/connection.py[line:360] - ERROR: Certificate did not match expected hostname: tj.dianping.com. Certificate: {'subject': ((('organizationalUnitName', 'Domain Control Validated'),), (('commonName', '.sankuai.com'),)), 'issuer': ((('countryName', 'US'),), (('stateOrProvinceName', 'Arizona'),), (('localityName', 'Scottsdale'),), (('organizationName', 'GoDaddy.com, Inc.'),), (('organizationalUnitName', 'http://certs.godaddy.com/repository/'),), (('commonName', 'Go Daddy Secure Certificate Authority - G2'),)), 'version': 3, 'serialNumber': '9292B75E6D7D9B3A', 'notBefore': 'Jun 18 03:12:13 2019 GMT', 'notAfter': 'Jul 11 02:56:01 2020 GMT', 'subjectAltName': (('DNS', '.sankuai.com'), ('DNS', 'sankuai.com')), 'OCSP': ('http://ocsp.godaddy.com/',), 'caIssuers': ('http://certificates.godaddy.com/repository/gdig2.crt',), 'crlDistributionPoints': ('http://crl.godaddy.com/gdig2s1-1180.crl',)}
2019-07-01 13:01:01,213 - /usr/lib/python3/dist-packages/urllib3/connection.py[line:360] - ERROR: Certificate did not match expected hostname: tj.dianping.com. Certificate: {'subject': ((('organizationalUnitName', 'Domain Control Validated'),), (('commonName', '.sankuai.com'),)), 'issuer': ((('countryName', 'US'),), (('stateOrProvinceName', 'Arizona'),), (('localityName', 'Scottsdale'),), (('organizationName', 'GoDaddy.com, Inc.'),), (('organizationalUnitName', 'http://certs.godaddy.com/repository/'),), (('commonName', 'Go Daddy Secure Certificate Authority - G2'),)), 'version': 3, 'serialNumber': '9292B75E6D7D9B3A', 'notBefore': 'Jun 18 03:12:13 2019 GMT', 'notAfter': 'Jul 11 02:56:01 2020 GMT', 'subjectAltName': (('DNS', '.sankuai.com'), ('DNS', 'sankuai.com')), 'OCSP': ('http://ocsp.godaddy.com/',), 'caIssuers': ('http://certificates.godaddy.com/repository/gdig2.crt',), 'crlDistributionPoints': ('http://crl.godaddy.com/gdig2s1-1180.crl',)}
2019-07-01 13:01:02,768 - /usr/lib/python3/dist-packages/urllib3/connection.py[line:360] - ERROR: Certificate did not match expected hostname: tj.dianping.com. Certificate: {'subject': ((('organizationalUnitName', 'Domain Control Validated'),), (('commonName', '.sankuai.com'),)), 'issuer': ((('countryName', 'US'),), (('stateOrProvinceName', 'Arizona'),), (('localityName', 'Scottsdale'),), (('organizationName', 'GoDaddy.com, Inc.'),), (('organizationalUnitName', 'http://certs.godaddy.com/repository/'),), (('commonName', 'Go Daddy Secure Certificate Authority - G2'),)), 'version': 3, 'serialNumber': '9292B75E6D7D9B3A', 'notBefore': 'Jun 18 03:12:13 2019 GMT', 'notAfter': 'Jul 11 02:56:01 2020 GMT', 'subjectAltName': (('DNS', '.sankuai.com'), ('DNS', 'sankuai.com')), 'OCSP': ('http://ocsp.godaddy.com/',), 'caIssuers': ('http://certificates.godaddy.com/repository/gdig2.crt',), 'crlDistributionPoints': ('http://crl.godaddy.com/gdig2s1-1180.crl',)}
2019-07-01 13:01:29,696 - Vxscan.py[line:338] - ERROR: local variable 'address' referenced before assignment
Traceback (most recent call last):
File "Vxscan.py", line 324, in pool
name, wafresult = start(host)
File "/root/Vxscan/lib/common.py", line 213, in start
'Address': address,
UnboundLocalError: local variable 'address' referenced before assignment
Traceback (most recent call last):
File "Vxscan.py", line 11, in
from lib.options import options
File "/media/root/KALI2/Vxscan/lib/options.py", line 8, in
from lib.common import start
File "/media/root/KALI2/Vxscan/lib/common.py", line 12, in
from lib.web_info import web_info
File "/media/root/KALI2/Vxscan/lib/web_info.py", line 10, in
from plugins.ActiveReconnaissance.check_waf import checkwaf
ModuleNotFoundError: No module named 'plugins.ActiveReconnaissance'
even the folders are in proper order the script cannot find its import locations
flake8 testing of https://github.com/al0ne/Vxscan on Python 3.7.1
$ flake8 . --count --select=E9,F63,F72,F82 --show-source --statistics
./lib/pyh.py:143:11: F821 undefined name 'a'
out = a(img(src='http://www.w3.org/Icons/valid-xhtml10',
^
./lib/pyh.py:143:13: F821 undefined name 'img'
out = a(img(src='http://www.w3.org/Icons/valid-xhtml10',
^
./lib/pyh.py:152:17: F821 undefined name 'head'
self += head()
^
./lib/pyh.py:153:17: F821 undefined name 'body'
self += body()
^
./lib/pyh.py:155:22: F821 undefined name 'title'
self.head += title(name)
^
./lib/pyh.py:158:28: F821 undefined name 'head'
if isinstance(obj, head) or isinstance(obj, body):
^
./lib/pyh.py:158:53: F821 undefined name 'body'
if isinstance(obj, head) or isinstance(obj, body):
^
./lib/pyh.py:160:30: F821 undefined name 'meta'
elif isinstance(obj, meta) or isinstance(obj, link):
^
./lib/pyh.py:160:55: F821 undefined name 'link'
elif isinstance(obj, meta) or isinstance(obj, link):
^
./lib/pyh.py:170:26: F821 undefined name 'script'
self.head += script(type='text/javascript', src=f)
^
./lib/pyh.py:174:26: F821 undefined name 'link'
self.head += link(rel='stylesheet', type='text/css', href=f)
^
./lib/pyh.py:181:26: F821 undefined name 'style'
self.head += style(txt, type="text/css")
^
./lib/pyh.py:187:26: F821 undefined name 'script'
self.head += script(txt, type="text/javascript")
^
./script/solr_unauthorized_access.py:28:16: F632 use ==/!= to compare str, bytes, and int literals
if g.status_code is 200 and 'Solr Admin' in g.content and 'Dashboard' in g.content:
^
1 F632 use ==/!= to compare str, bytes, and int literals
13 F821 undefined name 'a'
14
E901,E999,F821,F822,F823 are the "showstopper" flake8 issues that can halt the runtime with a SyntaxError, NameError, etc. These 5 are different from most other flake8 issues which are merely "style violations" -- useful for readability but they do not effect runtime safety.
name
name
in __all__
python3 /Users/admin/Documents/hack/SRC/src/lib/Vxscan/Vxscan.py -u darkless.cn -s vxscan
ERROR:root:[Errno 2] No such file or directory: 'data/apps.json'
Traceback (most recent call last):
File "/Users/admin/Documents/hack/SRC/src/lib/Vxscan/lib/web_info.py", line 28, in web_info
webinfo = WebPage(r.url, r.text, r.headers).info()
File "/Users/admin/Documents/hack/SRC/src/lib/Vxscan/plugins/PassiveReconnaissance/wappalyzer.py", line 53, in __init__
wappalyzer = Wappalyzer()
File "/Users/admin/Documents/hack/SRC/src/lib/Vxscan/plugins/PassiveReconnaissance/wappalyzer.py", line 130, in __init__
with open("data/apps.json", 'rb') as fd:
FileNotFoundError: [Errno 2] No such file or directory: 'data/apps.json'
ERROR:root:[Errno 2] No such file or directory: 'report/report.htm'
Traceback (most recent call last):
File "/Users/admin/Documents/hack/SRC/src/lib/Vxscan/Vxscan.py", line 28, in <module>
options()
File "/Users/admin/Documents/hack/SRC/src/lib/Vxscan/lib/options.py", line 65, in options
gener()
File "/Users/admin/Documents/hack/SRC/src/lib/Vxscan/report.py", line 353, in gener
with open('report/report.htm', 'r', encoding='utf-8') as f, open(name, 'w') as f1:
FileNotFoundError: [Errno 2] No such file or directory: 'report/report.htm'
为什么扫描生产的HTML报告用浏览器打开是空白的
你好,我想问下,dict.txt 这个字典是有什么作用?是常见的web路径么?
还有script文件下,可以自己添加自己写的poc么?如果自己写好,扫描的时候怎么调用?
Hi @al0ne ,
Hope you are all well !
Would it be complicated to create a web-service mode for Vxscan with a celery queue ?
Thanks for any insights or inputs about that.
Cheers,
Luc Michalski
扫多个ip的时候,直接就
[] https://github.com/al0ne/Vxscan
[] Scanning POC: True
[] Threads: 100
[] Target quantity: 201
[] Scanning Dir: True
[] Ping: True
[] CHECK_DB: False
[] Socks5 Proxy: ()
running 0.022 seconds...
就不继续扫描了啊?
之前说的问题还是存在哦
└─# wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
--2023-01-31 02:17:17-- https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
Resolving geolite.maxmind.com (geolite.maxmind.com)... failed: Name or service not known.
wget: unable to resolve host address ‘geolite.maxmind.com’
大佬们,这个问题怎么解决呢
测试发现报错:ModuleNotFoundError: No module named 'lib.cli_output'
解决的方法:在目录lib下创建空文件__init__.py
分析:每一个包目录下面都会有一个__init__.py的文件,这个文件是必须存在的,否则,Python就把这个目录当成普通目录(文件夹),而不是一个包。init.py可以是空文件,也可以有Python代码,因为__init__.py本身就是一个模块,而它的模块名就是对应包的名字。调用包就是执行包下的__init__.py文件。
=====补充====
树莓派2B+ (单纯的Arm版的Linux系统,基于Debian)+Python 3.7.3
可能我是个例吧,-_-||
每次扫描到的敏感文件都不一样
我下载了 https://sourceforge.net/projects/socksipy/?source=typ_redirect 官方 sock.py,放在python3.6 的Lib 文件夹下
运行 python Vxcan.py -u http://127.0.0.1:808/upload-labs-master
运行时报错
File "E:\software\python3.6\lib\socks.py", line 199
raise Socks5AuthError,((3,_socks5autherrors[3]))
Hi, my system using Ubuntu 16.04 LTS, and i'm getting this problem when i'm running this command > "python3 Vxscan.py -h"
can u guide me please how to solve this issue? Thanks.
Traceback (most recent call last):
File "Vxscan.py", line 31, in
from lib.common import start, bcolors
File "/home/xxx/vxscan/Vxscan/lib/common.py", line 13, in
from virustotal_python import Virustotal
File "/home/xxx/.local/lib/python3.5/site-packages/virustotal_python/init.py", line 1, in
from virustotal_python.virustotal import Virustotal
File "/home/xxx/.local/lib/python3.5/site-packages/virustotal_python/virustotal.py", line 27
print(f"Failed to import required modules: {err}")
^
win 10,python3.7,报错如题,请问有遇到的吗?如何解决的
Traceback (most recent call last):
File "Vxscan.py", line 11, in
from lib.options import options
File "/var/ios/Vxscan-master/lib/options.py", line 8, in
from lib.common import start
File "/var/ios/Vxscan-master/lib/common.py", line 10, in
from lib.verify import verify_https
File "/var/ios/Vxscan-master/lib/verify.py", line 9, in
from lib.Requests import Requests
File "/var/ios/Vxscan-master/lib/Requests.py", line 10, in
import OpenSSL
File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import crypto, SSL
File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 12, in
from cryptography import x509
File "/usr/lib/python3/dist-packages/cryptography/x509/init.py", line 8, in
from cryptography.x509.base import (
File "/usr/lib/python3/dist-packages/cryptography/x509/base.py", line 16, in
from cryptography.x509.extensions import Extension, ExtensionType
File "/usr/lib/python3/dist-packages/cryptography/x509/extensions.py", line 18, in
from cryptography.hazmat.primitives import constant_time, serialization
File "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/constant_time.py", line 9, in
from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named '_cffi_backend'
报错如上
已经禁止ping了,还是不行。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.