Code Monkey home page Code Monkey logo

aakian-facai's Introduction

Aakian-FaCai

专门针对前端vue框架的JavaFx图形化GUI漏洞扫描工具,支持一键扫描vue-manage-system系统前端泄露的未授权目录接口漏洞,并且对扫描的暴露目录进行逐一测试和验证,方便渗透人员快速确定未授权接口。还添加了出口IP地址信息本地DNS信息等的查询,方便清楚自身出口IP。

很多人不清楚不了解这个漏洞,所以特地更新了一篇教学文章,https://blog.csdn.net/weixin_43847838/article/details/125841581?spm=1001.2014.3001.5501 欢迎指点。

2023年8月10日-> FaCai_V1.0.0_jdk8_zangcc深情版

启动/运行命令:java -javaagent:FaCai_V1.0.0_jdk8_zangcc深情版.jar -jar FaCai_V1.0.0_jdk8_zangcc深情版.jar

(jar的文件名可以随意更改,命令格式不变,仅支持java8)

更换界面GUI

新增功能: 1、可以自查JS文件。 2、可以自定义URL进行所有接口的拼接测试。

详情可以看教程文章第四大点-(四、2023年8月10日更新内容):https://blog.csdn.net/weixin_43847838/article/details/125841581?spm=1001.2014.3001.5501

2022年6月21日-> Aakian-v1.0

初始版本,功能比较简单,但是也能满足vue的常规扫描。 基于jdk1.8开发,也就是java8,其他版本的jdk可能会无法运行,建议切换到开发版本。

工具运行方法:

把xjar.exe文件和Aakian.jar文件放在同一目录下,用下面的命令运行即可。(jdk1.8)

xjar.exe java -jar Aakian.jar

输入上述命令后即可运行工具,如图所示:

正常扫描的结果:

功能介绍:

扫描vue框架(vue-manage-system)前台泄露的未授权目录接口。 支持所有的接口,并且对接口进行逐一的测试访问。 为了方便验证,返回的是响应包的大小,如果大小类似,说明不存在未授权,接口访问过去返回的还是原来的前台登录界面。 所以也增加了返回包的内容,通过内容,大小,更直观的判断是否页面成功跳转。

工具的功能图片&展示:

aakian-facai's People

Contributors

zangcc avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

klinklinklin kenuoseclab p1ach01 poketjomon shakenetwork nanaao 5l1v3r1 hhhhelix xiju2003 shimxx ptr-ptr zzhsec superneilcn dogadmin john404nf lg996 bowman03 wiki-hub-2023

aakian-facai's Issues

可以使用纯jar版本吗

具体如题,如果限于exe的话,只能windows使用,有的时候可能是在kali上或者mac上使用,exe无法使用

这个报错是java版本问题吗

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by io.xjar.reflection.XReflection (file:/D:/Aakian-v1.0-main/Aakian.jar) to field java.net.URLClassLoader.ucp
WARNING: Please consider reporting this to the maintainers of io.xjar.reflection.XReflection
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Exception in thread "main" java.lang.reflect.InaccessibleObjectException: Unable to make public jdk.internal.loader.Resource jdk.internal.loader.URLClassPath.getResource(java.lang.String) accessible: module java.base does not "exports jdk.internal.loader" to unnamed module @43814d18
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:340)
at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:280)
at java.base/java.lang.reflect.Method.checkCanSetAccessible(Method.java:198)
at java.base/java.lang.reflect.Method.setAccessible(Method.java:192)
at io.xjar.reflection.XReflection.method(XReflection.java:35)
at io.xjar.jar.XJarClassLoader.(XJarClassLoader.java:41)
at io.xjar.jar.XJarLauncher.launch(XJarLauncher.java:51)
at io.xjar.jar.XJarLauncher.main(XJarLauncher.java:31)
panic: exit status 1

goroutine 1 [running]:
main.main()
C:/Users/wang/Desktop/xjar.go:73 +0x670

输入url后执行直接闪退,显示已被github.com/zangcc保护

这是报错内容,java版本1.8,mac m1,求指点
2023-10-12 09:25:43.289 java[10329:334371] TSM AdjustCapsLockLEDForKeyTransitionHandling - _ISSetPhysicalKeyboardCapsLockLED Inhibit

ERROR !!!!!!!!!!! Jar(or War) has been protected by github.com/zangcc. Please use javaagent re-start project. !!!!!!!!!!!

Located in Main.MySceneController
At 2023-08-10 11:52:08.476 Random-Character vJb=yfLTIYh-d9jBmRg(HCt*r+S_XZ)7

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.