xray1.9.3社区版_720个poc
2022-10-14 16:59:54 Author: 棉花糖网络安全圈(查看原文) 阅读量:372 收藏

01

前言

   社区版,三端版本,下载链接文末获取

02

更新内容
    1.做了一些优化优化扫描效率增强子域名收集功能增加了一些功能格式化时间戳函数进制转换函数sha,hmacsha函数url全字符编码函数rev 字符串反向函数添加 upper 字符串大写函数dir()basename()body_stringtitle_string添加burp的history导出文件转yml脚本的功能log4j2-rce的检测为自定义脚本(gamma)添加扫描时,可以指定POC的危害等级,分为low,medium,high,critical,通过--level参数指定为shiro插件添加文件加载功能,可以直接加载指定文件中的key可在配置文件中配置每个poc的标签,通过--tags来指定标签扫描更新了--list功能,可查看相关标签对应poc为 response 添加 icon_url 属性修复了一些问题修复cve-2021-29490误报严重问题修复报告只显示参考链接,不显示提交者的问题修复cache可能出现的请求不发送问题过滤部分冗余的错误日志修复一些意外导致panic的问题新增x命令支持对发现的web站点进行漏洞探测支持带宽控制与智能速率调节,最优化扫描效率支持多目标多端口随机探测,基于有限元的随机化方案支持ICMP/TCP/UDP主机存活探测支持SYN/CONNECT端口扫描支持URL/IP/域名/IP范围/CIDR等多种输入方式支持指纹识别该命令实际上是xray内置的、启用了printerservice-scantarget-parse这三个内置的插件的命令。其中service-scan提供 主机存活探测、服务指纹识别、web指纹识别 的功能可以查看 plugin-config.xray.yaml,module-config.xray.yaml获得详细配置信息,执行xray x --help 获取命令行参数与试用方法。示例:xray x -t example.comxray x -t http://example.comxray x -t example.com/24xray x -t 192.168.1.1/24xray x -t 192.168.1.1-192.168.1.254xray x -t 192.168.1.1-254xray x -t 192.168.1.1-254 -p 22,80,443-445新增385个poc,感谢师傅们的提交,更新后即可自动加载vmware-vcenter-cve-2021-21985-rce.yml74cms-cnvd-2021-45280.ymladobe-coldfusion-cve-2018-15961.ymlametys-cms-cve-2022-26159.ymlanmei-rce.ymlapache-airflow-cve-2020-13927-unauthorized.ymlapache-apisix-dashboard-api-unauth-rce.ymlatlassian-jira-unauth-user-enumeration.ymlauerswald-cve-2021-40859.ymlclickhouse-http-unauth.ymlcve-2022-24990-terramaster-fileupload.ymldedecms-cve-2017-17731-sqli.ymldedecms-mysql-error-trace.ymldedecms-search-php-sqli.ymldoccms-sqli.ymlearcms-download-php-exec.ymlearcms-index-uplog-php-file-upload.ymlemlog-cve-2021-3293.ymlewebs-fileread.ymleyoucms-cve-2021-39501.ymlezoffice-smartupload-jsp-upload.ymlfinecms-getshell.ymlfull-read-ssrf-in-spring-cloud-netflix.ymlgrafana-snapshot-cve-2021-39226.ymlhadoop-yarn-rpc-rce.ymlhikvision-readfile.ymlhongfan-oa-readfile.ymlinterlib-read-file.ymlivanti-endpoint-manager-cve-2021-44529-rce.ymljinhe-oa-readfile.ymljoomla-jck-cve-2018-17254-sqli.ymlkingdee-oa-apusic-readfile.ymllandray-oa-rce.ymllionfish-cms-image-upload-php-upload.ymllionfish-cms-wxapp-php-upload.ymlmastodon-cve-2022-0432.ymlmetersphere-plugincontroller-rce.ymlmetinfo-x-rewrite-url-sqli.ymlmovabletype-cve-2021-20837-rce.ymlnetpower-readfile.ymlnette-framework-cve-2020-15227-rce.ymlnginx-path-traversal.ymloa8000-workflowservice-sqli.ymlonethink-sqli.ymlphp-chat-live-uploadimg-html-upload.ymlphpcms-960-sqli.ymlphpweb-appplus-php-upload.ymlpigcms-file-upload.ymlprestashop-smartblog-cve-2021-37538.ymlqibocms-readfile.ymlrudloff-alltube-cve-2022-0692.ymlseeyon-oa-a6-information-disclosure.ymlspring-cloud-gateway-cve-2022-22947-rce.ymlsupesite-sqli.ymlsysaid-itil-cve-2021-43972.ymltongda-oa-action-upload-php-upload.ymltongda-oa-report-bi-func-php-sqli.ymlvoipmonitor-cve-2022-24260.ymlwanhuoa-upload-rce.ymlweaver-e-office-lazyuploadify-upload.ymlweaver-oa-eoffice-information-disclosure.ymlweijiaoyi-post-curl-ssrf.ymlwestern-digital-mycloud-ftp-download-exec.ymlwestern-digital-mycloud-jqueryfiletree-exec.ymlwestern-digital-mycloud-multi-uploadify-file-upload.ymlwestern-digital-mycloud-raid-cgi-exec.ymlwestern-digital-mycloud-sendlogtosupport-php-exec.ymlwestern-digital-mycloud-upload-php-exec.ymlwestern-digital-mycloud-upload-php-upload.ymlyonyou-erp-nc-readfile.ymlzhixiang-oa-sqli.ymlzoho-cve-2022-23779-info-leak.ymladobe-coldfusion-cve-2021-21087.ymlalibaba-anyproxy-fetchbody-fileread.ymlapache-apisix-cve-2020-13945-rce.ymlapache-guacamole-default-password.ymlatlassian-jira-cve-2019-3403.ymlbsphp-unauthorized-access.ymlcve-2017-16894-sensitive-documents.ymldelta-entelitouch-cookie-user-password-disclosure.ymldomoticz-cve-2019-10664.ymldruid-cve-2021-25646.ymldynamicweb-cve-2022-25369.ymlegroupware-spellchecker-rce.ymlelfinder-cve-2021-32682-rce.ymlemerge-e3-cve-2019-7256.ymlessl-dataapp-unauth-db-leak.ymlfinecms-cve-2018-6893.ymlfranklinfueling-cve-2021-46417-lfi.ymlfuelcms-cve-2018-16763-rce.ymlgenixcms-register-cve-2015-3933-sqli.ymlgetsimple-cve-2019-11231.ymlghostscript-cve-2018-19475-rce.ymljetty-servlets-concatservlet-information-disclosure-cve-2021-28169.ymljetty-web-inf-information-disclosure-cve-2021-34429.ymljira-cve-2021-26086.ymljoomla-history-cve-2015-7857-sqli.ymljquery-picture-cut-upload-php-fileupload-cve-2018-9208.ymljsrog-artifactory-cve-2019-9733.ymlkibana-cve-2019-7609-rce.ymlkodexplorer-directory-traversal.ymlmaccms-cve-2017-17733-rce.ymlmetabase-cve-2021-41277.ymlnostromo-cve-2011-0751-directory-traversal.ymlnuxeo-cve-2018-16341-rce.ymlodoo-cve-2019-14322.ymlphp-imap-cve-2018-19518-rce.ymlphpmoadmin-cve-2015-2208-rce.ymlpiwigo-cve-2022-26266-sqli.ymlrconfig-ajaxserversettingschk-cve-2019-16662-rce.ymlrconfig-commands-inc-cve-2020-10220-sqli.ymlresin-directory-traversal-cve-2021-44138.ymlruanhong-jvm-lfi.ymlruanhong-oa-xxe.ymlruckus-default-password.ymlseeyon-oa-a8-m-information-disclosure.ymlshowdoc-cnvd-2020-26585.ymlsocomec-cve-2019-15859.ymlspring-data-rest-cve-2017-8046-rce.ymlsubrions-search-cve-2017-11444-sqli.ymlteclib-glpl-cve-2019-10232.ymlterramaster-tos-cve-2022-24989.ymltibco-jasperreports-cve-2018-18809-directory-traversal.ymltongda-oa-login-code-php-login-bypass.ymltwonkyserver-cve-2018-7171-fileread.ymlvmware-workspace-cve-2021-22054-ssrf.ymlvmware-workspace-cve-2022-22954-rce.ymlvtigercrm-cve-2020-19363.ymlweaver-ecology-getsqldata-sqli-rce.ymlwordpress-site-editor-cve-2018-7422-lfi.ymlwso2-cve-2022-29464-fileupload.ymlwuzhicms-cve-2018-11528.ymlzabbix-cve-2019-17382.ymlzimbra-collaboration-server-cve-2013-7091-lfi.ymlzoneminder-cve-2016-10140-unauth-access.ymlapollo-default-password.ymlecology-oa-eoffice-officeserver-php-file-read.ymldptech-vpn-fileread.ymlezoffice-filupload-controller-getshell.ymlyachtcontrol-webapplication-cve-2019-17270.ymlatlassian-jira-cve-2019-3401.ymlemerge-e3-cve-2019-7254.ymlvbulletin-cve-2020-12720.ymlnetsweeper-webadmin-cve-2020-13167.ymlsearchblox-cve-2020-35580.ymlopensis-cve-2020-6637.ymlhd-network-real-time-monitoring-system-cve-2021-45043.ymlvisual-tools-dvr-vx16-cve-2021-42071.ymljsrog-artifactory-cve-2019-17444.ymlreolink-RLC-410W-CVE-2022-21236.ymltlr-2005ksh-cve-2021-45428.ymlzoho-manageengine-access-manager-plus-cve-2022-29081.ymlselea-ocr-anpr-arbitrary-get-file-read.ymleasyappointments-cve-2022-0482.ymlnetgear-ssl-vpn-20211222-cve-2022-29383.ymlhitachi-vantara-pentaho-business-analytics-cve-2021-34684.ymlmanageengine-opmanager-cve-2020-11946.ymlintelbras-wireless-cve-2021-3017.ymlsapido-router-unauthenticated-rce.ymlchina-telecom-zte-f460-rce.ymlchina-mobile-yu-router-information-disclosure.ymltlr-2855ks6-arbitrary-file-creation-cve-2021-46418.ymluniview-isc-rce.ymlfeiyuxing-route-wifi-password-leak.ymlchangjie-crm-sqli.ymlfhem-file-read-cve-2020-19360.ymlhikvision-ip-camera-backdoor.ymlkyocera-file-read.ymlniushop-cms-sqli.ymldlink-dap-1620-firmware-cve-2021-46381.ymlemby-mediaserver-cve-2020-26948.ymlzoho-manageengine-opmanager-cve-2020-12116.ymlzabbix-cve-2022-23134.ymltieline-ip-audio-gateway-cve-2021-35336.ymlselea-ocr-anpr-arbitrary-seleacamera-file-read.ymlmicroweber-cve-2022-0378.ymlatlassian-jira-cve-2022-0540.ymlsophosfirewall-bypass.ymlzoho-manageengine-desktop-central-cve-2021-44515.ymltenda-11n-ultra-vires.ymltenda-w15e-passsword-leak.ymlziguang-sqli-cnvd-2021-41638.ymlkemai-ras-ultra-vires.ymlcerebro-request-ssrf.ymlmotioneye-info-leak-cve-2022-25568.ymlyinda-get-file-read.ymljupyter-notebook-rce.ymle-message-unauth.ymlkkfileview-cve-2021-43734.ymldlink-dsl-28881a-ultra-vires.ymlkunshi-vos3000-fileread.ymlreolink-nvr-configuration-disclosure-cve-2021-40150.ymld-Link-dir-825-cve-2021-46442.ymlvite-cnvd-2022-44615.ymlgitblit-cve-2022-31268.ymlbigant-server-cve-2022-23347-lfi.ymlwordpress-page-builder-kingcomposer-cve-2022-0165-url-redirect.ymlhuayu-reporter-rce.ymld-link-dap-2020-cve-2021-27250.yml74cms-se-cve-2022-29720.yml74cms-se-cve-2022-33095.ymlpbootcms-rce-cve-2022-32417.ymle-office-v10-sqli.ymlyonyou-nc-file-upload.ymlxiaomi-cve-2019-18371.ymlyonyou-erp-u8-fil...

03

下载链接

后台回复:1014

    如何获取封面?老粉都知道方法,新粉请看历史文章末尾

04

历史文章

cobaltstrike_4.7内附一堆插件----你的主机已上线

burpsuite_pro_v2022.9.2破解版

cobaltstrike_4.6.1汉化内附一堆插件----你的主机已上线

再搞一个漏洞扫描工具,684个poc,支持mac,linux,win


文章来源: http://mp.weixin.qq.com/s?__biz=Mzg5NTYwMDIyOA==&mid=2247489236&idx=1&sn=8f2f02a43c4dd029b8c3a8071e2d950f&chksm=c00c85dff77b0cc93bc602212662fcb5aae058b1a38abadec5aab76214c0b33df3310a1220a6#rd
如有侵权请联系:admin#unsafe.sh