fofax is a fofa query tool written in go, positioned as a command-line tool and characterized by simplicity and speed.

Overview

fofaX

Latest releaseGitHub Release DateGitHub All ReleasesGitHub issues

0x00 Introduction

fofax is a fofa query tool written in go, positioned as a command-line tool and characterized by simplicity and speed. The following features are currently available:

  • Basic FOFA syntax queries
  • Icon Hash local/online calculation query
  • Asset filtering
  • Opening in browser
  • Linking other security tools
  • More (waiting for your feedback after using) ......

In addition to this it is possible to customize fx syntax queries, and users can write their own specific fx query rules via a configuration file in yaml format.

0x01 Download

Click on the Release download link and choose the appropriate release for your system architecture.

0x02 Configuration

macOS/Linux

Unzip the downloaded fofax archive and recommend placing it in the /usr/local/bin/ directory, so that you can run fofax commands from any directory.

tar -zxvf ~/Downloads/fofax_v0.1.11_darwin_amd64.tar.gz -C /usr/local/bin/.

The first time you run the fofax command a configuration file is automatically generated, located at ~/.config/fofax/fofax.yaml.

fofax

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/23 21:21:28 [SUCC] create config file /Users/user/.config/fofax/fofax.yaml. please modify and use

The next step is to configure this configuration file. Generally you only need to configure email and key.

vim ~/.config/fofax/fofax.yaml
# fofa api email
fofa-email: ******@gmail.com

# fofa api key
fofakey: ***************

Windows

Unzip the archive and run fofax.exe for the first time to generate a fofax.yaml configuration file in the same level directory. Then open this configuration file and fill in email and key.

0x03 How to use

Usage tips

Without any parameters, in addition to the ASCII logo, a random usage hint will be output.

fofax

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

fofaX is a command line fofa query tool, simple is the best!

Tips:
Comment: 搜索 fx 中 google-reverse, 查询时使用扩展功能必须加 -fe 参数
Usage: fofax -q 'fx="google-reverse"' -fe

Help information

You can use fofax -h to display help information.

fofax -h

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

fofaX is a command line fofa query tool, simple is the best!

Usage:
  fofax [flags]

Flags:
CONFIGS:
   -email, -fofa-email string  Fofa API Email
   -key, -fofakey string       Fofa API Key
   -p, -proxy string           proxy for http like http://127.0.0.1:8080
   -fofa-url string            Fofa url (default "https://fofa.so")
   -debug                      Debug mode

FILTERS:
   -fs, -fetch-size int          The maximum number of query (default 100)
   -e, -exclude                  Exclude the honeypot.
   -ec, -exclude-country-cn      Exclude CN.
   -ffi, -fetch-fullHost-info    URL fetch, with scheme, hostname, port
   -fto, -fetch-titles-ofDomain  Fetch website title

SINGLE QUERY/ERT/ICON:
   -q, -query string              FoFa query statement
   -uc, -url-cert string          Enter the certificate of the https URL to query
   -iu, -url-to-icon-hash string  Enter the URL of an icon, calculate it and query it
   -if, -icon-file-path string    Calculate the hash of the local icon file, then query it

MULTIPLE QUERY/CERT/ICON:
   -qf, -query-file string           Load files, query multiple statements
   -ucf, -url-cert-file string       Read the URL from the file, calculate the cert and then query it
   -iuf, -icon-hash-url-file string  Retrieve the URL from the file, calculate the icon hash and query it

FX GRAMMER:
   -g, -gen string           Generate fx statement files eg: default_fx.yaml
   -fd, -fxdir string        fxdir directory (default "/Users/user/.config/fofax/fxrules")
   -l, -lists                List of fx statements
   -lt, -list-tags           List fx tags
   -s, -search string        Search for fx statements. Statements are separated by semicolons eg: id=fx-2021-01;query="jupyter Unauth"
   -tree                     Print syntax tree
   -fe, -fofa-ext            Using extended syntax(fx)
   -ss, -show-single string  Display a single fx message

OTHER OPTIONS:
   -config string  fofax configuration file.The file reading order(fofax.yaml,/Users/user/.config/fofax/fofax.yaml,/etc/fofa.yaml) (default "/Users/user/.config/fofax/fofax.yaml")
   -v, -version    Show fofaX version
   -use            Syntax queries
   -open           Open with your browser only support pipline/-q/-uc/-iu/-if
   -no-limit-open  No limit to the number of openings in your browser

FOFA Syntax Rules

Use the -use argument to display FOFA syntax query rules.

fofax -use

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

┌───────────────────────────────────────────┬──────────────────────────────────────────────────┐
│ Query                                     │ Explanation                                      │
├───────────────────────────────────────────┼──────────────────────────────────────────────────┤
│ title="beijing"                           │ 从标题中搜索"北京"                               	  │
│ header="elastic"                          │ 从http头中搜索"elastic"                          	 │
│ body="网络空间测绘"                         │ 从html正文中搜索"网络空间测绘"                       │
│ title="beijing"                           │ 从标题中搜索"北京"                              	  │
│ header="elastic"                          │ 从http头中搜索"elastic"                            │
│ body="网络空间测绘"                         │ 从html正文中搜索"网络空间测绘"                       │
│ fid="kIlUsGZ8pT6AtgKSKD63iw=="            │ 查找相同的网站指纹                               	  │
│ domain="google.com"                       │ 搜索根域名带有google.com的网站                   	  │
│ icp="京ICP证030173号"                      │ 查找备案号为"京ICP证030173号"的网站                  │
│ js_name="js/jquery.js"                    │ 查找网站正文中包含js/jquery.js的资产             	   │
│ js_md5="82ac3f14327a8b7ba49baa208d4eaa15" │ 查找js源码与之匹配的资产                         	   │
└───────────────────────────────────────────┴──────────────────────────────────────────────────┘

Basic queries

There are two ways to query app="APACHE-Solr", which will output 100 hosts by default without specifying the number, and will de-duplicate the data by default.

fofax -q 'app="APACHE-Solr"'

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/23 20:17:32 [SUCC] Fetch Data From FoFa: [100/30830]
54.114.20.168:8443
193.8.4.43:8983
208.37.227.95:8983
3.20.255.140:8983
3.114.85.178:8983
82.142.82.197:8983
159.39.10.212:8983
199.102.27.69:8983
…………
echo 'app="APACHE-Solr"' | fofax
2021/12/23 20:17:59 [SUCC] Fetch Data From FoFa: [100/30830]
54.114.20.168:8443
193.8.4.43:8983
208.37.227.95:8983
3.20.255.140:8983
3.114.85.178:8983
82.142.82.197:8983
159.39.10.212:8983
199.102.27.69:8983
…………
echo 'app="APACHE-Solr"' | fofax
2021/12/23 20:17:59 [SUCC] Fetch Data From FoFa: [100/30830]
54.114.20.168:8443
193.8.4.43:8983
208.37.227.95:8983
3.20.255.140:8983
3.114.85.178:8983
82.142.82.197:8983
159.39.10.212:8983
199.102.27.69:8983
............

Specify the number of queries

echo 'app="APACHE-Solr"' | fofax -fs 5
2021/12/23 20:19:00 [SUCC] Fetch Data From FoFa: [5/30830]
13.57.71.190:8443
165.22.215.32:8983
184.73.40.143:8443
3.20.255.140:8983

As above, only 4 data are output because fofax automatically de-duplicates the data.

Exclude queries

Add the -e argument to exclude honeypots.

echo 'app="APACHE-Solr"' | fofax -fs 10 -e
2021/12/23 22:56:14 [SUCC] Fetch Data From FoFa: [10/30849]
13.126.128.253:80
185.22.235.14:8983
151.248.126.4:8983
20.71.77.183:80
23.102.46.20:443
15.113.170.101:8443
52.58.201.109:80

Add the -ec parameter to exclude data from China.

echo 'app="APACHE-Solr"' | fofax -fs 10 -ec
2021/12/23 22:56:36 [SUCC] Fetch Data From FoFa: [10/26044]
15.113.170.101:8443
52.58.201.109:80
13.126.128.253:80
185.22.235.14:8983
151.248.126.4:8983
20.71.77.183:80
23.102.46.20:443

Get the URL

Add the -ffi parameter to get the corresponding URL directly based on the query statement ([scheme]://[host]:[port]).

echo 'app="APACHE-Solr"' | fofax -fs 5
2021/12/23 20:21:03 [SUCC] Fetch Data From FoFa: [5/30830]
https://184.73.40.143:8443
http://120.24.42.244:8983
https://13.57.71.190:8443
http://165.22.215.32:8983

Get Title

echo 'domain="baidu.com" && status_code="200"' | fofax -fs 10 -fto
2021/12/23 20:21:19 [SUCC] Fetch Data From FoFa: [10/1124]
https://home.baidu.com [关于百度]
http://research.baidu.com [Baidu Research]
http://fecs.baidu.com [FECS - Front End Code Style Suite]
http://yuntu.baidu.com [企业图谱]
https://ditu.baidu.com [百度地图]
https://sp2.baidu.com [百度一下,你就知道]
https://tushuo.baidu.com [图说]
https://ocpc.baidu.com [百度 oCPC 开发者中心]
https://naotu.baidu.com [百度脑图 - 便捷的思维工具]
http://usa.baidu.com [Baidu USA]

Debug mode

Add the -debug parameter to enable Debug detail mode.

echo 'app="APACHE-Solr"' | fofax -fs 5 -ffi -debug
2021/12/25 21:28:57 [DEBUG] FoFa Size : 5
2021/12/25 21:28:57 [DEBUG] FoFa Query of: app="APACHE-Solr"
2021/12/25 21:28:57 [DEBUG] https://fofa.so/api/v1/search/all?email=**********@gmail.com&key=**************************&qbase64=YXBwPSJBUEFDSEUtU29sciI=&size=5&page=1&fields=protocol,ip,port,host
2021/12/25 21:28:57 [DEBUG] Resp Time: 432/millis
2021/12/25 21:28:57 [SUCC] Fetch Data From FoFa: [5/30942]
http://35.183.115.103
http://3.17.203.145:8983
http://195.201.119.15:49154
https://18.169.23.120
http://174.138.127.51:8983

Open in browser

echo 'app="APACHE-Solr"' | fofax -open

openinbrowser.gif

Calculate icon hash and query

There are two ways to do this, the first is to query directly based on the URL that provided the icon.

fofax -iu https://www.baidu.com/favicon.ico -fs 5

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/23 20:21:59 [SUCC] Fetch Data From FoFa: [5/13284]
47.98.104.77:8088
154.39.217.22:80
xueshu.mrsb.tk:80
154.39.217.2:80
154.39.217.28:80

The second one is to calculate hash and query based on local icon file.

wget https://www.baidu.com/favicon.ico
fofax -if favicon.ico -fs 5

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/23 21:25:24 [SUCC] Fetch Data From FoFa: [5/13284]
47.98.104.77:8088
154.39.217.22:80
xueshu.mrsb.tk:80
154.39.217.2:80
154.39.217.28:80

Calculate the certificate and query

fofax -fs 5 -uc https://www.baidu.com/

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/23 21:29:54 [SUCC] Fetch Data From FoFa: [5/361619]
180.97.93.146:443
180.97.93.65:443
112.3.25.49:443
itv.leiqiang8.cn:80
owa2.leiqiang8.cn:80

0x04 fx syntax query

When using fofa to do information collection or other things, it is possible that the query statement will be very, very long and not easy to remember, so we can't just take a small book to remember the fofa query statement.

This time, you can use fofax's fx function. Currently fofax has dozens of built-in fx syntax query rules, users can directly use the corresponding parameters to query. You can also write your own specific fx syntax query rules via yaml format configuration file.

shows the built-in fx query statements

fofax -l

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

┌───────────────┬────────────────────────────────┬────────────────────────────────┬────────┬─────────────┬────────┐
│ Id            │ Query                          │ RuleName                       │ Author │ Tag         │ Type   │
├───────────────┼────────────────────────────────┼────────────────────────────────┼────────┼─────────────┼────────┤
│ fx-2021-1001  │ google-reverse                 │ Google反代服务器               │ fofa   │ google      │ 内置   │
│ fx-2021-1002  │ python-simplehttp              │ Python SimpleHTTP              │ fofa  │ python      │ 内置   │
│ fx-2021-1003  │ data-leak                      │ 社工库                         │ fofa   │ fun         │ 内置   │
│ fx-2021-1004  │ hfs-rce                        │ 存在命令执行的HFS服务          │ fofa   │ fun         │ 内置   │
│ fx-2021-1005  │ satellite-ftp                  │ 一键日卫星FTP?                │ fofa   │ fun         │ 内置   │
│ fx-2021-1006  │ mk-mining                      │ mk路由器全球挖矿感染            │ fofa   │ fun         │ 内置   │
│ fx-2021-1007  │ ss-manager-login               │ ss-Manager 登录               │ fofa   │ fun         │ 内置   │
│ fx-2021-1008  │ heating-monitor                │ 供暖监控系统                   │ fofa   │ fun         │ 内置   │
│ fx-2021-1009  │ free-proxy                     │ 免费代理池                     │ fofa   │ fun         │ 内置   │
│ fx-2021-1010  │ honeypot                       │ 蜜罐                           │ fofa   │ fun         │ 内置   │
│ fx-2021-1011  │ hacked-website                 │ 被挂黑的站点                    │ fofa   │ fun         │ 内置   │
│ fx-2021-1012  │ jupyter-unauth                 │ Jupyter 未授权                  │ xiecat │ unauth      │ 内置   │
│ fx-2021-11001 │ APACHE-ActiveMQ                │ APACHE ActiveMQ                │ fofa   │ log4j2,fofa │ 内置   │
│ fx-2021-11002 │ Apache_OFBiz                   │ Apache OFBiz                   │ fofa   │ log4j2,fofa │ 内置   │
│ fx-2021-11003 │ Jenkins                        │ Jenkins                        │ fofa   │ log4j2,fofa │ 内置   │
│ fx-2021-11004 │ RabbitMQ                       │ RabbitMQ                       │ fofa   │ log4j2,fofa │ 内置   │
│ fx-2021-11005 │ Apache-log4j2-Web              │ Apache log4j2 Web              │ fofa   │ log4j2,fofa │ 内置   │
│ fx-2021-11006 │ Jedis                          │ Jedis                          │ fofa   │ log4j2,fofa │ 内置   │
│ fx-2021-11007 │ APACHE-tika                    │ APACHE tika                    │ fofa   │ log4j2,fofa │ 内置   │
│ fx-2021-11009 │ 致远互联-FE                     │ 致远互联 FE                    │ fofa   │ log4j2,fofa │ 内置   │
└───────────────┴────────────────────────────────┴────────────────────────────────┴────────┴─────────────┴────────┘

List the details of the fx statement

fofax -ss fx-2021-1001

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

fx-2021-1001 fx-2021-1001
┌─────────────┬─────────────────────────────────────────────────────────────────────────────────────────────┐
│ Name        │ Value                                                                                       │
├─────────────┼─────────────────────────────────────────────────────────────────────────────────────────────┤
│ ID          │ fx-2021-1001                                                                                │
│ Query       │ google-reverse                                                                              │
│ RuleName    │ Google反代服务器                                                                            │
│ RuleEnglish │ Google Reverse proxy                                                                        │
│ Author      │ fofa                                                                                        │
│ FofaQuery   │ body="var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();" │
│ Tag         │ google                                                                                      │
│ Type        │ 内置                                                                                        │
│ Description │ 不用挂代理就可以访问的Google搜索,但搜索记录可能会被记录。                                  │
│ FileDir     │                                                                                             │
└─────────────┴─────────────────────────────────────────────────────────────────────────────────────────────┘

Add the -fe argument to query by fx syntax

[~] fofax -q 'fx="google-reverse"' -fe -fs 5

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/23 22:27:02 [SUCC] fx query id:google-reverse
2021/12/23 22:27:03 [SUCC] Fetch Data From FoFa: [5/5834]
54.76.26.205:10000
47.74.3.55:80
47.90.7.161:443
23.83.249.79:443
45.76.10.197:8081

Open directly in the browser

fofax -q 'fx="google-reverse"' -fe -open

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/23 22:22:21 [SUCC] fx query id:google-reverse
2021/12/23 22:22:21 [SUCC] the query body="var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();" will be opened with a browser

Writing custom fx syntax rules

An example of using fofa to collect information about a target is given below.

generates a template

A template file is generated by using -g and specifying the path to the generated file name.

fofax -g .config/fofax/fxrules/info-gathering.yaml

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/24 20:09:27 [INFO] Will Write Plugin file: .config/fofax/fxrules/info-gathering.yaml

Check this yaml file, its contents are as follows.

eg:(xiecat) fofa_query: fofa语句 eg:(body="ipython-main-app" && title="Home Page - Select or create a notebook")" tag: - 标签1 eg(unauthorized) - 标签2 source: 语句来源">
id: fx-2021-01
query: 查询的字符串用于fx="jupyter Unauth" eg:(jupyter Unauth)
rule_name: 规则名称 eg:(jupyter 未授权)
rule_english: jupyter unauthorized
description: 规则描述
author: 作者
   <邮箱>
    eg:(xiecat)
   
fofa_query: fofa语句 eg:(body="ipython-main-app" && title="Home Page - Select or create a notebook")"
tag:
- 标签1 eg(unauthorized)
- 标签2
source: 语句来源

Follow the above instructions and modify the corresponding content to bring in a new fx syntax rule, regarding the path of this file, please put it in the directory ~/.config/fofax/fxrules/ after it is written.

For easy reproduction, the details are as follows (note that the title is filled with your target name)

id: fx-2021-01
query: redteam-info-gathering
rule_name: 红队信息收集
rule_english: redteam-info-gathering
description: 使用fofa针对某个目标进行红队常见的高关注CMS/OA系统的信息收集
author: xiecat
fofa_query: title="Target" && (title="平台" || title="OA" || title="系统" || title="协同" || title="办公" || title="致远" || title="泛微" || title="用友" || title="管理" || title="后台" || title="登录" || title="login" || title="admin") && country="CN"
tag:
- redteam
source: 

The following can use this fx query rule, this query can not be said to be inconvenient.

fofax -q 'fx="redteam-info-gathering"' -fe -ffi

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|
                                    0.1.11
                         fofax.xiecat.fun

2021/12/25 21:31:01 [SUCC] fx query id:redteam-info-gathering
2021/12/25 21:31:01 [SUCC] Fetch Data From FoFa: [27/27]
http://60.205.169.36:9080
https://43.243.13.187
http://806f52.ylhskhgyn.com
https://119.28.47.98:8443
http://124.70.197.255:8088
https://223.72.236.165
http://192.144.212.92:8080
https://114.255.204.149
......

0x05 Linkage Use Case

Once the red team information is collected, the collected assets can be handed over to the live probing tool, fingerprinting tool and vulnerability scanning tool for live probing, fingerprinting and vulnerability detection.

fofax && httpx

CVE-2021-43798 Grafana Unauthorized Directory Traversal.

fofax_httpx.png

fofax && nuclei

Pass the data obtained by fofax to nuclei and then use the CVE-2021-43798 Template to vulnerability in batch.

fofax_nuclei.png

Stargazers

Stargazers over time

Comments
  • windows报错:

    windows报错:

    1、执行命令:fofax -q 'app="APACHE-Solr"' 2、报错如下 2022/03/05 21:25:53 [INFO] The currently used fofax is the latest version panic: runtime error: index out of range [0] with length 0

    goroutine 1 [running]: github.com/xiecat/fofax/internal/cli.updateFoFaXVersionToLatest() /home/runner/work/fofax/fofax/internal/cli/update.go:60 +0x45f github.com/xiecat/fofax/internal/cli.updateTips({0x11a2100, 0x14}) /home/runner/work/fofax/fofax/internal/cli/update.go:24 +0xc5 github.com/xiecat/fofax/internal/cli.checkUpdateInfo() /home/runner/work/fofax/fofax/internal/cli/parser.go:415 +0x1f9 github.com/xiecat/fofax/internal/cli.ParseOptions() /home/runner/work/fofax/fofax/internal/cli/parser.go:318 +0x33e main.main() /home/runner/work/fofax/fofax/cmd/fofax/fofax.go:11 +0x19

    这是啥问题啊?fofa的邮箱和key都添加了的

    opened by lishang520 5
  • bug

    bug

    查询10000条数据的时候,碰到一种协议无法解析应该是。 参数:-fto -fs 10000

    报错信息: url.Parse parse "mc_nmf://124.xxxxxx:10001": first path segment in URL cannot contain colon

    opened by Ironman778 4
  • 按时间段查询会报语法错误

    按时间段查询会报语法错误

    比如说: echo 'after="2017-01-01" && before="2017-10-01"' | fofax.exe --debug 结果: 2022/07/18 11:45:38 [DEBUG] FoFa Size : 100 2022/07/18 11:45:38 [DEBUG] FoFa input Query of: after="2017-01-01" && before="2017-10-01" 2022/07/18 11:45:38 [DEBUG] https://fofa.info/api/v1/search/all?email=***@*************&key=******************************&qbase64=YWZ0ZXI9IjIwMTctMDEtMDEiICYmIGJlZm9yZT0iMjAxNy0xMC0wMSI=&size=100&page=1&fields=host,port,ip,lastupdatetime 2022/07/18 11:45:38 [DEBUG] Resp Time: 343.00/millis 2022/07/18 11:45:38 [ERRO] FoFa Response ErrMsg: [820000] FOFA Query Syntax Incorrect

    opened by ifofor 2
  • refactor: move from io/ioutil to io and os packages

    refactor: move from io/ioutil to io and os packages

    This PR introduces two small changes:

    1. Run go mod tidy
    2. The io/ioutil package has been deprecated in Go 1.16 (See https://golang.org/doc/go1.16#ioutil). This PR replaces the existing io/ioutil functions with their new definitions in io and os packages.
    good first issue 
    opened by Juneezee 0
  • 关于fofax在Windows系统上的使用问题

    关于fofax在Windows系统上的使用问题

    通过管道查询

    Windows上通过管道进行查询,这种方式是优先推荐使用的,因为无需任何转义。

    CMD

    echo app="APACHE-Solr" | fofax.exe -fs 3
    

    PowerShell

    echo 'app="APACHE-Solr"' | fofax.exe -fs 5
    

    通过参数指定查询

    在 Windows 下使用一定要注意转义,Windows 终端中输入 " 不加转义会消失,所以这种查询方式稍显麻烦

    fofax.exe -q 'app="APACHE-Solr"' 		# 输入的内容
    FoFa input Query of: app=Grafana 		# 程序实际接收的内容
    

    解决这个问题需要转义,可以添加 -debug 开启详细调试模式。并且在 Windows 系统上,使用不同的终端软件,命令也是有所不同。

    在CMD终端上,-q 后面不可以添加单引号 '

    fofax.exe -q app=\"APACHE-Solr\" -fs 5
    

    而在 PowerShell 上,-q 后面不仅需要添加单引号,而且对于双引号也要进行转义。

    fofax.exe -q 'app=\"APACHE-Solr\"' -fs 5
    

    复杂的查询

    当查询语句中存在一些特殊符号(例如 & 或者 |),此时在原生 CMD 终端中无法完成正常的查询,但在 PowerShell 中可以通过管道正常查询。

    echo 'app="APACHE-Solr" && country="CN"' | .\fofax.exe -fs 5
    
    echo 'app="APACHE-Solr" && (country="FR" || country="CN")' | .\fofax.exe -fs 5
    

    除此之外,如果有更复杂的查询语句,可以考虑使用文本查询的方式。

    .\fofax.exe -qf .\query.txt -fs 5
    
    opened by 0xf4n9x 0
  • Xiecat & FOFA 活动投稿地址

    Xiecat & FOFA 活动投稿地址

    1.提交的内容:

    • 你觉得有意思的、不限于红队或者安全的FOFA查询语法

    2.提交模板:

    rule_name: 规则名称 description: 规则描述 author: 作者 <FOFA id> 可以不用填写邮箱 fofa_query: fofa语句

    举例:

    rule_name: jupyter 未授权 description: 可以未授权登录的 jupyter 设备 author: xiecat fofa_query: body="ipython-main-app" && title="Home Page - Select or create a notebook"

    注意:需认真填写自己正确的FOFA账号ID,可在fofa.so官网个人中心页面查看,否则会影响奖项的发放


    FOFA语法大比拼活动及奖品发放延期通知

    诸位表哥/表姐好:

    感谢大家参与我们的语法大比拼活动,目前我们已收到44条语法,最高个人贡献条数:8,其中一些未授权漏洞以及SRC挖洞搜索技巧的等查询方式让我们审核人员直呼“好家伙”“学到了”。因FOFA升级维护无法使用,为保证语法的有效性及活动的公平性,本次语法大比拼活动也顺应推迟,我们已记录并整理好收到的信息,已提交语法的表哥/表姐请放心~

    转发中奖的表哥请微信联系XiecatBot,发送收奖地址,我们将在春节开工后寄出。(可在“活动抽奖”小程序查看自己是否中奖)

    祝归途中的表哥/表姐一切顺利,虎年暴富!


    opened by V4ni11a 31
  • 联动案例

    联动案例

    1. xray
    echo 'login' | fofax -fs 100 -e -ec | httpx -o 123.txt && xray ws ss --uf 123.txt
    

    @荋丶 提供

    xray ws ss --uf <(echo 'login' | fofax -fs 100 -e -ec -ffi )
    
    opened by Becivells 1
  • 增加查询缓存

    增加查询缓存

    在限定时间内(3天)进行同一语法查询直接从缓存中读取 定期缓存清理(不会每次使用都进行清理) 增加 --no-cache 参数来手动忽略缓存(同时会替换缓存内容) 增加 -disable-cache-clean 参数关闭 思路1:查询时发送所有字段。获取结果的时候进行字段选择输出。可以排除因字段不同需要二次请求。同时对于请求数据的个数如果小于库中记录的个数则直接获取其中数据。暂时不对查询语句进行解析 思路2: 暴力缓存。不考虑其他直对 get参数进行hash 然后缓存结果。方便快捷代码少

    enhancement 
    opened by Becivells 0
Releases(v0.1.42)
Owner
null
An open-source GitLab command line tool bringing GitLab's cool features to your command line

GLab is an open source GitLab CLI tool bringing GitLab to your terminal next to where you are already working with git and your code without switching

Clement Sam 2.1k Nov 22, 2022
A command line tool to prompt for a value to be included in another command line.

readval is a command line tool which is designed for one specific purpose—to prompt for a value to be included in another command line. readval prints

Venky 0 Dec 22, 2021
Query, update and convert data structures from the command line. Comparable to jq/yq but supports JSON, TOML, YAML, XML and CSV with zero runtime dependencies.

dasel Dasel (short for data-selector) allows you to query and modify data structures using selector strings. Comparable to jq / yq, but supports JSON,

Tom Wright 3.8k Nov 21, 2022
Modern YouTube converter, that combines simplicity and effectiveness

Modern YouTube converter, that combines simplicity and effectiveness. How to use it? Go to TubeConv.com Paste a link to a video, or use the search bar

Qiu 3 Jul 25, 2022
A tiny Nano wallet, focused on ease of use through simplicity

atto is a tiny Nano wallet, which focuses on ease of use through simplicity. Disclaimer: I am no cryptographer and atto has not been audited. I cannot

Richard Ulmer 35 Nov 14, 2022
Money Cheat - Need For Speed Underground 2

nfsu2-money-cheat Money cheat for "Need For Speed Underground 2" -- allows you to edit/change money within your NFSU2 save file. Download EXE Link: ht

Ramon 5 Nov 3, 2022
Speedtest - Simple package to measure internet speed

Speedtest Simple package to measure internet speed Provides a simple API to meas

Georgiy Permyakov 1 Oct 12, 2022
git-xargs is a command-line tool (CLI) for making updates across multiple Github repositories with a single command.

Table of contents Introduction Reference Contributing Introduction Overview git-xargs is a command-line tool (CLI) for making updates across multiple

Gruntwork 685 Nov 21, 2022
git-xargs is a command-line tool (CLI) for making updates across multiple GitHub repositories with a single command

git-xargs is a command-line tool (CLI) for making updates across multiple GitHub repositories with a single command. You give git-xargs:

Maxar Infrastructure 1 Feb 5, 2022
A command line tool for simplified docker volume command built with go

dockervol A command line tool for simplified docker volume command built with go. Features: Remove anonymous volume (beta) Remove volume by matching n

Moh Achun Armando 0 Dec 18, 2021
Go package to make lightweight ASCII line graph ╭┈╯ in command line apps with no other dependencies.

asciigraph Go package to make lightweight ASCII line graphs ╭┈╯. Installation go get github.com/guptarohit/asciigraph Usage Basic graph package main

Rohit Gupta 2.1k Nov 28, 2022
F2 is a cross-platform command-line tool for batch renaming files and directories quickly and safely. Written in Go!

F2 is a cross-platform command-line tool for batch renaming files and directories quickly and safely.

Ayooluwa 574 Nov 25, 2022
Gofetch is a pretty command-line "Go and System information" tool written in Go

GoFetch Show off your Go information with this cool command-line tool! Report Bug || Request Feature Table of Contents About the Project Built With Ge

null 77 Nov 1, 2022
Watcher - A simple command line app to watch files in a directory for changes and run a command when files change!

Watcher - Develop your programs easily Watcher watches all the files present in the directory it is run from of the directory that is specified while

Geet Sethi 1 Mar 27, 2022
Command line tool for Google Cloud Datastore, written in Go

dsio dsio is a command line tool for Google Cloud Datastore. This tool is under development. Please use in your own risk. Features Bulk upsert entitie

Shinichi Nishimura 66 Feb 8, 2022
A tool to enumerate all the command-line arguments used to start a Linux process written in Go.

ranwith A tool to enumerate all the command-line arguments used to start a Linux process written in Go. ranwith uses the Linux /proc directory to obta

Alexis Rodriguez 3 Jun 30, 2022
🖼️ A command-line system information tool written in bash 3.2+

A command-line system information tool written in bash 3.2+ Neofetch is a command-line system information tool written in bash 3.2+. Neofetch displays

dylan 16.7k Nov 26, 2022
Package command provide simple API to create modern command-line interface

Package command Package command provide simple API to create modern command-line interface, mainly for lightweight usage, inspired by cobra Usage pack

chenen 0 Jan 16, 2022
Command Line Alias Manager and Plugin System - Written in Golang

aly - Command Line Alias Manager and Packager Aly offers the simplest way to manage, share, and obtain command line aliases! Warning: This project is

Max Bridgland 21 Jun 16, 2022