Springboot directory scanning

Overview

springboot_scan

Springboot directory scanning

项目由来

项目过程中发现现有的工具对springboot路径扫描大多存在误报和遗漏现象。

往往是存在以下几个现象:

1、请求频率过高时,服务器对于返回503等出错结果,此时无法准确判断访问页面是否为正常页面。

2、heapdump等大文件路径如果存在时,会使得扫描工具产生卡顿,从而无法继续扫描。

3、使用浏览器访问时,延迟加载页面成功,使用工具扫描时无法获取所有响应页面,导致漏报。

4、对于200的扫描结果无法判断,产生极大的误报。

尝试试用了大部分公开springboot目录扫描工具,发现都不可避免的产生以上问题,

[Go]springScan
[PY]SB-Actuator
[PY]springboot-check
[PY]SpringBootScan

在此种情况下,重新编写了一个适用于springboot的目录扫描工具。

目前支持以下功能:

1、使用多种方法【get、post、head】自动重试访问503页面和无结果页面。

2、使用多种关键数据【长度、大小、头部比特】用于自动过滤和辅助手动过滤非404的非正常页面。

3、支持多种方式代理【socks5、https】请求页面代理用于调试和绕过请求限制。

4、使用多个文件记录不同情景下过滤的URL,便于追踪产生的错误和漏报。

过程及结果文件 默认输出在当前【result-时间戳】目录下,
其中 scan_waive.txt 存放基于404、403、500状态码 过滤的URL。   (waive 放弃)
其中 scan_filter.txt  存放基于【长度、大小、头部比特】过滤的URL。(filter 过滤
其中 scan_retry.txt  存放根据请求结果自动重试的URL和对应重试次数。(retry 重试)


其中 scan_result.txt 存放状态码为200,并且不被过滤的URL,此文件为实际结果文件。     (result 结果)
其中 scan_manual.txt 存放当重试多次依然无法判断为正常请求时的URL,此文件结果需用户进行手动重试。(manual 手动)

5、通过fofa批量采集了2000站点的mapping路径加入字典文件。

快速使用

1、将目标URL填写在springboot_target.txt,并运行 ython springboot_scan.py

TODO:

1、对可能存在咯都的请求URL进行提示。(极小概率)

2、对敏感的响应内容进行提示。(极小概率,建议使用HAE插件替代)

Owner
WINEZERO
WINEZERO
Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

Novy 7 Jan 07, 2022
CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

Duarte Duarte 20 Aug 25, 2022
This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections.

Log4J-Huntress-Automate-Script This python script will automate the testing for the Log4J vulnerability for HTTP and HTTPS connections. Pre-Requisits

1 Dec 16, 2021
Exploit-CVE-2021-21086

CVE-2021-21086 Exploit This exploit allows to execute a shellcode in the context of the rendering process of Adobe Acrobat Reader DC 2020.013.20074 an

Faraday 23 Nov 09, 2022
WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

CVE-2020-14756 WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar README project base on https://github.com/Y4er/CVE-2020-2555 and weblo

Y4er 77 Dec 06, 2022
Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负

15 Nov 09, 2022
Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

Dapunta ID 10 Oct 19, 2022
A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask.

PWInput A cross-platform Python module that displays **** for password input. Works on Windows, unlike getpass. Formerly called stdiomask. Installatio

Al Sweigart 26 Sep 04, 2022
Lazarus analysis tools and research report

Lazarus Research This repository publishes analysis reports and analysis tools for Operation Dream Job and Operation JTrack for Lazarus. Tools Python

JPCERT Coordination Center 50 Sep 13, 2022
Acc-Data-Gen - Allows you to generate a password, e-mail & token for your Minecraft Account

Acc-Data-Gen Allows you to generate a password, e-mail & token for your Minecraft Account How to use the generator: Move all the files in a single dir

KarmaBait 2 May 16, 2022
A brute force tool for password-protected zip file

Bzip A brute force tool for password-protected zip file/folder(s). Note that this tool can only crack .zip files. Please DO not misuse. Installation g

3 Nov 13, 2021
Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO

wtf-CTF_Writeups Table of Contents Table of Contents Crypto Misc Reverse Pwn Web Crypto wtf_Bot Author: Madjelly Join the discord server!You know how

6 Jun 07, 2021
Sample exploits for Zephyr CVE-2021-3625

CVE-2021-3625 This repository contains a few example exploits for CVE-2021-3625. All Zephyr-based usb devices up to (and including) version 2.5.0 suff

7 Nov 10, 2022
This tool allows to automatically test for Content Security Policy bypass payloads.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

Ruulian 30 Nov 22, 2022
Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

Dasith Vidanage 7 Mar 08, 2022
The ultimate Metasploit apk binder with legit apk written in python3

Infector is a python3 based script which is officially made for linux based distro . It binds metasploit payload with original apk with avast antivirus bypassed .

27 Dec 25, 2022
com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

KIEN HOANG 67 Nov 09, 2022
PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

1 Sep 25, 2022
Small Python library that adds password hashing methods to ORM objects

Password Mixin Mixin that adds some useful methods to ORM objects Compatible with Python 3.5 = 3.9 Install pip install password-mixin Setup first cre

Joe Gasewicz 5 Nov 22, 2022