Super Java Vulnerability Scanner

Overview

XiuScan

不完善,正在开发中

介绍

一个纯Golang编写基于命令行的Java框架漏洞扫描工具

致力于参考xray打造一款高效方便的漏扫神器

计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架

PS: 取名为XiuScan因为带我入安全的大哥是修君

特点

  • 类似xray,直接提供一个可执行文件(例如exe)无需配置环境或下载依赖

  • 使用ceye.io平台做无回显漏洞验证,提供api和token即可自动化检测

  • 参考xray完成RMI反连平台,用于检测Fastjson等无回显漏洞

  • 动态生成Payload不依赖ysoserial和java环境,参考:https://github.com/EmYiQing/Gososerial

Start

Shiro

Shiro一把梭检测,无害化命令,使用命令shiro

使用ceye.io:./xiuscan shiro -ci xxxxxx.ceye.io -ct your_ceye_token -t http://www.xxx.com

不借助ceye,直接检测密钥并进行TomcatEcho回显检测:./xiuscan shiro -t http://www.xxx.com

Fastjson

Fastjson扫描支持dnslog和反连平台,使用命令fastjson

使用ceye.io:./xiuscan fastjson -ci xxxxxx.ceye.io -ct your_ceye_token -t http://www.xxx.com

使用反连平台:./xiuscan fastjson -rh 192.168.222.1 -rp 60006 -t http://192.168.222.132:8090

说明:

  • 靶机是虚拟机,ip为192.168.222.132,本机是192.168.222.1,不能写127.0.0.1或0.0.0.0
  • 如果靶机跑在本地,ip为127.0.0.1,那么rh参数可以是127.0.0.1
  • 如果XiuScan跑在公网,那么rh参数应该设置为公网ip,并且rp参数对应的端口应开放安全组

Struts2

Struts2系列漏洞扫描,无害化命令检测,使用命令struts2

查看已支持模块:./xiuscan struts2 --list

目前还不能扫描,只完成了所有测试用例,预计下月完善扫描逻辑

免责申明

未经授权许可使用XiuScan攻击目标是非法的

本程序应仅用于授权的安全测试与研究目的

You might also like...
A small server for verifing if a given java program is succeptibel to CVE-2021-44228

CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

A fast tool to scan CRLF vulnerability written in Go
A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

The Go Vulnerability Database

The Go Vulnerability Database golang.org/x/vulndb This repository is a prototype of the Go Vulnerability Database. Read the Draft Design. Neither the

Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint

🔎 Help find Trojan Source vulnerability in code 👀 . Useful for code review in project with multiple collaborators

TrojanSourceFinder TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an atta

Grafana Arbitrary File Reading Vulnerability

GrafanaArbitraryFileRead Usage 1. show info ❯ go run main.go -s [INF] VulnInfo: { "Name": "Grafana Ar

Owner
4ra1n
Web Security Researcher / Student of NCEPU
4ra1n
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.

jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2

Rakuten Group, Inc. 10 Oct 3, 2022
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e

Future Corp 9.7k Nov 29, 2022
A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems

Anchore, Inc. 4.8k Nov 28, 2022
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

null 0 Dec 13, 2021
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)

scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4

Frank Hübner 12 Sep 17, 2022
log4jshell vulnerability scanner for bug bounty

log4shell-looker a log4jshell vulnerability scanner for bug bounty (Written in G

Ravro 20 Sep 30, 2022
Yet another log4j vulnerability scanner

k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav

Athanasios Kostopoulos 3 Oct 12, 2022
A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems. Easily install the

null 0 Dec 24, 2021
Gbu-scanner - Go Blog Updates (Scanner service)

Go Blog Updates - Scanner This service scans go blog (go.dev) and publishes new posts to message broker (rabbitmq). It uses mongodb as a storage for a

null 1 Jan 10, 2022
GONET-Scanner - Golang network scanner with arp discovery and own parser

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

Luis Javier 61 Nov 18, 2022