Comments (7)
您好
fscan 采用的是xray v1版本的POC,vscan采用的是v2版本,所以有些不同,可在xray官方对比一下。
至于xray v2为啥抛弃了heapdump这个poc,我也不清楚,可能是觉得局限于敏感信息泄露,危害不大。
抛开POC不一样的问题,vscan有敏感文件扫描功能是能扫描到heapdump的
from vscan.
您好 fscan 采用的是xray v1版本的POC,vscan采用的是v2版本,所以有些不同,可在xray官方对比一下。
至于xray v2为啥抛弃了heapdump这个poc,我也不清楚,可能是觉得局限于敏感信息泄露,危害不大。
抛开POC不一样的问题,vscan有敏感文件扫描功能是能扫描到heapdump的
您好
这是spring的扫描对比,上面vscan没扫出heapdump,下面fscan扫出来了
所以才会有这样的顾虑
from vscan.
我这边扫没啥问题。这个POC我觉得作用不大,不添加了,遵循xray v2版本
from vscan.
好的,谢谢大佬
from vscan.
您好,
发现替换了自己的字典重新编译运行之后,不会再进行相关爆破功能,比如说FUZZ路径和账号密码爆破。
能否考虑加个参数来自定义导入呢
谢谢
from vscan.
下个版本加入自定义字典功能和参数
from vscan.
或者多加一个禁用爆破功能
谢谢大佬
from vscan.
Related Issues (20)
- 指纹识别小优化 HOT 1
- Go Compilation Error HOT 1
- build command-line-arguments: cannot load embed: malformed module path "embed": missing dot in first path element HOT 6
- 批量扫描url那个命令
- 扫描结果不显示其他端口 HOT 7
- 编译时遇到http请求错误 HOT 2
- POC扫描 HOT 8
- windows上不能运行,即使管理员权限,开启的cmd HOT 5
- POC 会自动更新吗? HOT 1
- 报错 HOT 2
- tp<=5.2.3 rce 检测 and thinkphp指纹识别问题 HOT 2
- -proxy参数无法使用 HOT 1
- test HOT 1
- 我想知道原因 or 误报 HOT 3
- vscan 扫描tomcat 默认口令不扫不出来后,更改了用户名密码。 HOT 2
- Nuclei/Xray POC Update HOT 3
- 扫描了大量ip段 HOT 2
- 未知指纹的POC添加 HOT 2
- 求更 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vscan.