xray1.9.4windows高级版
2023-1-11 08:32:28 Author: 棉花糖网络安全圈(查看原文) 阅读量:73 收藏

01

前言

微信交流群开放中

通过公众号下方菜单栏联系我进群哦

文末获取下载链接(自行查验是否有毒)

棉花糖的论坛网站开设啦!

论坛链接:https://www.mianhuatang.tk/

02

更新介绍
更新内容插件更新添加XStream扫描插件,支持列表如下(该插件需开启反连平台)CVE-2021-21344CVE-2021-21345CVE-2021-39141CVE-2021-39144...(共29个插件)fastjson插件支持cve-2022-25845的检测POC编写/执行更新新增警告信息,师傅们可以根据警告信息删除检测插件创建的文件等支持在GET,HEAD,OPTION时添加body添加compare version函数,可以对匹配出的版本进行对比添加html实体编码/解码函数添加java反序列化函数添加hex/hexDecode函数优化内容优化了反连平台漏洞捕获逻辑,提高了命中率优化了 poc lint 变得更人性化yaml脚本支持获取rmi反连平台的链接,具体使用请参考官方文档优化了Struts2检测模块,添加反连确认,减少误报漏报修复POC规则优化,规则弱poc-yaml-drawio-cve-2022-1713-ssrfpoc-yaml-h3c-cvm-upload-file-uploadpoc-yaml-iis-cve-2017-7269poc-yaml-74cms-sqli-cve-2020-22209poc-yaml-reporter-file-readpoc-yaml-wanhu-ezoffice-documentedit-sqlipoc-yaml-joomla-cve-2017-8917-sqlipoc-yaml-iis-cve-2017-7269poc-yaml-emerge-e3-cve-2019-7256poc-yaml-alibaba-nacos-v1-auth-bypasspoc-yaml-wanhu-ezoffice-documentedit-sqlipoc-yaml-magicflow-gateway-main-xp-file-readpoc-yaml-gitblit-cve-2022-31268poc-yaml-phpstudy-nginx-wrong-resolvepoc-yaml-confluence-cve-2022-26138poc-yaml-metinfo-lfi-cnvd-2018-13393poc-yaml-zabbix-cve-2019-17382poc-yaml-wordpress-paypal-pro-cve-2020-14092-sqlipoc-yaml-vite-cnvd-2022-44615poc-yaml-phpmyadmin-cve-2018-12613-file-inclusionpoc-yaml-zabbix-cve-2022-23134poc-yaml-ametys-cms-cve-2022-26159优化删除(功能与xray的通用插件重复)poc-yaml-nexusdb-cve-2020-24571-path-traversalpoc-yaml-specoweb-cve-2021-32572-filereadpoc-yaml-tvt-nvms-1000-file-read-cve-2019-20085poc-yaml-zyxel-vmg1312-b10d-cve-2018-19326-path-traversal新增无害化处理poc-yaml-fanruan-v9-file-uploadpoc-yaml-h3c-cvm-upload-file-uploadpoc-yaml-seeyon-unauthorized-fileuploadpoc-yaml-thinkcmf-write-shellpoc-yaml-wanhu-oa-officeserver-file-uploadpoc-yaml-weaver-oa-workrelate-file-uploadpoc-yaml-yonyou-grp-u8-file-uploadpoc-yaml-yonyou-nc-file-accept-uploadpoc-yaml-yonyou-u8c-file-uploadpoc-yaml-zhiyuan-oa-wpsassistservlet-file-upload新增POC 96poc-yaml-ruijie-fileupload-fileupload-rcepoc-yaml-eweaver-oa-mecadminaction-sqlexecpoc-yaml-xxl-job-default-passwordpoc-yaml-wordpress-plugin-superstorefinder-ssf-social-action-php-sqlipoc-yaml-magento-config-disclosure-info-leakpoc-yaml-ukefu-cnvd-2021-18305-file-readpoc-yaml-ukefu-cnvd-2021-18303-ssrfpoc-yaml-eweaver-eoffice-mainselect-info-leakpoc-yaml-linksys-cnvd-2014-01260poc-yaml-wordpress-welcart-ecommerce-cve-2022-41840-path-traversalpoc-yaml-jeesite-userfiles-path-traversalpoc-yaml-yongyou-nc-iupdateservice-xxepoc-yaml-v-sol-olt-platform-unauth-config-downloadpoc-yaml-ibm-websphere-portal-hcl-cve-2021-27748-ssrfpoc-yaml-yonyou-nc-uapws-db-info-leakpoc-yaml-yonyou-nc-service-info-leakpoc-yaml-yongyou-nc-cloud-fs-sqlipoc-yaml-finecms-filedownloadpoc-yaml-weaver-eoffice-userselect-unauthpoc-yaml-fortinet-cve-2022-40684-auth-bypasspoc-yaml-dapr-dashboard-cve-2022-38817-unauthpoc-yaml-wordpress-zephyr-project-manager-cve-2022-2840-sqlipoc-yaml-jira-cve-2022-39960-unauthpoc-yaml-qnap-cve-2022-27593-fileuploadpoc-yaml-wordpress-all-in-one-video-gallery-cve-2022-2633-lfipoc-yaml-atlassian-bitbucket-archive-cve-2022-36804-remote-command-execpoc-yaml-wordpress-simply-schedule-appointments-cve-2022-2373-unauthpoc-yaml-zoho-manageengine-opmanager-cve-2022-36923poc-yaml-red-hat-freeipa-cve-2022-2414-xxepoc-yaml-wavlink-cve-2022-2488-rcepoc-yaml-wavlink-cve-2022-34045-info-leakpoc-yaml-wordpress-shareaholic-cve-2022-0594-info-leakpoc-yaml-wordpress-wp-stats-manager-cve-2022-33965-sqlipoc-yaml-opencart-newsletter-custom-popup-sqlipoc-yaml-wordpress-events-made-easy-cve-2022-1905-sqlipoc-yaml-wordpress-kivicare-cve-2022-0786-sqlipoc-yaml-wordpress-cve-2022-1609-rcepoc-yaml-solarview-compact-cve-2022-29303-rcepoc-yaml-wordpress-arprice-lite-cve-2022-0867-sqlipoc-yaml-wordpress-fusion-cve-2022-1386-ssrfpoc-yaml-wordpress-nirweb-cve-2022-0781-sqlipoc-yaml-wordpress-metform-cve-2022-1442-info-leakpoc-yaml-wordpress-mapsvg-cve-2022-0592-sqlipoc-yaml-wordpress-badgeos-cve-2022-0817-sqlipoc-yaml-wordpress-daily-prayer-time-cve-2022-0785-sqlipoc-yaml-wordpress-woo-product-table-cve-2022-1020-rcepoc-yaml-wordpress-documentor-cve-2022-0773-sqlipoc-yaml-wordpress-multiple-shipping-address-woocommerce-cve-2022-0783-sqlipoc-yaml-gitlab-cve-2022-1162-hardcoded-passwordpoc-yaml-thinkphp-cve-2022-25481-info-leakpoc-yaml-wordpress-cve-2022-0591-ssrfpoc-yaml-wordpress-simple-link-directory-cve-2022-0760-sqlipoc-yaml-wordpress-ti-woocommerce-wishlist-cve-2022-0412-sqlipoc-yaml-wordpress-notificationx-cve-2022-0349-sqlipoc-yaml-wordpress-page-views-count-cve-2022-0434-sqlipoc-yaml-wordpress-masterstudy-lms-cve-2022-0441-unauthpoc-yaml-wordpress-seo-cve-2021-25118-info-leakpoc-yaml-wordpress-perfect-survey-cve-2021-24762-sqlipoc-yaml-wordpress-asgaros-forum-cve-2021-24827-sqlipoc-yaml-tcexam-cve-2021-20114-info-leakpoc-yaml-wordpress-woocommerce-cve-2021-32789-sqlipoc-yaml-wordpress-profilepress-cve-2021-34621-unauthpoc-yaml-wordpress-wp-statistics-cve-2021-24340-sqlipoc-yaml-voipmonitor-cve-2021-30461-rcepoc-yaml-rocket-chat-cve-2021-22911-nosqlipoc-yaml-pega-infinity-cve-2021-27651-unauthpoc-yaml-wordpress-modern-events-calendar-lite-cve-2021-24146-info-leakpoc-yaml-afterlogic-webmail-cve-2021-26294-path-traversalpoc-yaml-wavlink-cve-2020-13117-rcepoc-yaml-prestashop-cve-2021-3110-sqlipoc-yaml-cockpit-cve-2020-35847-nosqlipoc-yaml-cockpit-cve-2020-35848-nosqlipoc-yaml-keycloak-cve-2020-10770-ssrfpoc-yaml-prestashop-cve-2020-26248-sqlipoc-yaml-wordpress-paypal-pro-cve-2020-14092-sqlipoc-yaml-microstrategy-cve-2020-11450-info-leakpoc-yaml-adobe-experience-manager-cve-2019-8086-xxepoc-yaml-blogengine-net-cve-2019-10717-path-traversalpoc-yaml-dotcms-cve-2018-17422-url-redirectionpoc-yaml-php-proxy-cve-2018-19458-filereadpoc-yaml-circarlife-scada-cve-2018-16671-info-leakpoc-yaml-circarlife-scada-cve-2018-16670-info-leakpoc-yaml-circarlife-scada-cve-2018-16668-info-leakpoc-yaml-dotnetnuke-cve-2017-0929-ssrfpoc-yaml-orchid-core-vms-cve-2018-10956-path-traversalpoc-yaml-circarlife-scada-cve-2018-12634-info-leakpoc-yaml-nuuo-nvrmini2-cve-2018-11523-uploadpoc-yaml-jolokia-cve-2018-1000130-code-injectionpoc-yaml-fiberhome-cve-2017-15647-path-traversalpoc-yaml-opendreambox-cve-2017-14135-rcepoc-yaml-sap-cve-2017-12637-filereadpoc-yaml-glassfish-cve-2017-1000029-lfipoc-yaml-boa-cve-2017-9833-filereadpoc-yaml-mantisbt-cve-2017-7615-unauthpoc-yaml-wordpress-cve-2017-5487-info-leakpoc-yaml-thinkcmf-cve-2018-19898-sqli

03

使用方法
此软件来源于网络,请自行查验是否有后门
被动代理扫描:cmd执行
./xray.exe webscan --listen 127.0.0.1:7777 --html-output xwxy.html  

04

付费圈子

除夕前加入可参加内部新年抽奖

(代码审计+免杀教程+内网教程+安卓逆向)教程+各种资料文档+付费工具

更有工作内推+hw机会

内含资源总价值已达9k¥

http://01zykk.com/http://www.52download.cn/wpcourse/https://shikey.com/https://www.javaxxz.com/https://www.itjc8.com/https://666java.com/https://www.qwzy8.com/https://www.itdjs.com/https://www.ohltk.com/https://www.itspxx.com/https://www.wpfx8.com/https://bbs.fuyuan6.com/forum.phphttps://www.fjha.net/https://fishc.com.cn/https://www.ruike1.com/
由于已满200人,由原来的50/年涨价到70/年
续费永久八折
目前仅需70RMB一年,满1000人涨到99一年(目前进度347/1000)

扫码付款即可进入,加我微信备注纷传进成员内部群

圈子历程请后台回复知识星球或点击菜单栏“付费圈子”

05

下载地址

下载链接后台回复:20230111

另外有兄弟反映需要封面图?

后台回复文章推送日期加”封面“即可获取(十月五日前的文章没有)

例如今天为:20230111封面

06

往期文章

fortify_sca_22.2-Windows-linux破解版

漏扫哒哒哒哒!AWVS_15.2windows版本破解附脚本

BurpSuite_pro_v2022.12.5专业版汉化破解

漏扫更新——Invicti-Professional-v22-12

Ladon10.0_20221208

CS4.7汉化+修改指纹+加密流量+最新ladon9.2.5教程内附成品

windows10渗透虚拟机更新!帮助渗透新手快速搭建工作环境,工欲善其事,必先利其器。

BurpSuite_Pro_2022.12破解更新内附详细步骤

一款开源命令行漏洞扫描器——简易添加poc

AppScan_Standard_10.1.0中文永久破解版

招聘!主场研判 长期,工资10K-12K

github-cve-monitor——一款cve、大佬仓库、工具监控工具(文末成品直接使用)

xray1.9.3高级版破解___windows_关于昨晚的星球

03

免责声明

本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。

为避免被恶意使用,本项目所有收录的poc均为漏洞的理论判断,不存在漏洞利用过程,不会对目标发起真实攻击和漏洞利用。

在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。

本工具来源于网络,请在24小时内删除,请勿用于商业行为,自行查验是否具有后门,切勿相信软件内的广告!

在安装并使用本工具前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。


文章来源: http://mp.weixin.qq.com/s?__biz=Mzg5NTYwMDIyOA==&mid=2247489712&idx=1&sn=72745524be1824acb6567fceed0e1acd&chksm=c00c8bbbf77b02ad93522ae4948ea13a248dafd2650ec9aa5ee850db113d6a0c3ed415f7d43a#rd
如有侵权请联系:admin#unsafe.sh