Light

POC问题 about vscan HOT 7 CLOSED

veo commented on May 20, 2024

POC问题

from vscan.

Comments (7)

veo commented on May 20, 2024

您好
fscan 采用的是xray v1版本的POC，vscan采用的是v2版本，所以有些不同，可在xray官方对比一下。

至于xray v2为啥抛弃了heapdump这个poc，我也不清楚，可能是觉得局限于敏感信息泄露，危害不大。

抛开POC不一样的问题，vscan有敏感文件扫描功能是能扫描到heapdump的

from vscan.

TerickJojo commented on May 20, 2024

您好 fscan 采用的是xray v1版本的POC，vscan采用的是v2版本，所以有些不同，可在xray官方对比一下。

至于xray v2为啥抛弃了heapdump这个poc，我也不清楚，可能是觉得局限于敏感信息泄露，危害不大。

抛开POC不一样的问题，vscan有敏感文件扫描功能是能扫描到heapdump的

您好
这是spring的扫描对比，上面vscan没扫出heapdump，下面fscan扫出来了

所以才会有这样的顾虑

from vscan.

veo commented on May 20, 2024

我这边扫没啥问题。这个POC我觉得作用不大，不添加了，遵循xray v2版本

from vscan.

TerickJojo commented on May 20, 2024

好的，谢谢大佬

from vscan.

TerickJojo commented on May 20, 2024

您好，
发现替换了自己的字典重新编译运行之后，不会再进行相关爆破功能，比如说FUZZ路径和账号密码爆破。
能否考虑加个参数来自定义导入呢
谢谢

from vscan.

veo commented on May 20, 2024

下个版本加入自定义字典功能和参数

from vscan.

TerickJojo commented on May 20, 2024

或者多加一个禁用爆破功能
谢谢大佬

from vscan.

Related Issues (20)

指纹识别小优化 HOT 1
Go Compilation Error HOT 1
build command-line-arguments: cannot load embed: malformed module path "embed": missing dot in first path element HOT 6
批量扫描url那个命令
扫描结果不显示其他端口 HOT 7
编译时遇到http请求错误 HOT 2
POC扫描 HOT 8
windows上不能运行，即使管理员权限，开启的cmd HOT 5
POC 会自动更新吗？ HOT 1
报错 HOT 2
tp<=5.2.3 rce 检测 and thinkphp指纹识别问题 HOT 2
-proxy参数无法使用 HOT 1
test HOT 1
我想知道原因 or 误报 HOT 3
vscan 扫描tomcat 默认口令不扫不出来后，更改了用户名密码。 HOT 2
Nuclei/Xray POC Update HOT 3
扫描了大量ip段 HOT 2
未知指纹的POC添加 HOT 2
求更 HOT 2

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.