README
¶
VscanPlus
VscanPlus is a second development version of Vscan, an open-source, lightweight, fast, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.
中文文档 • Compilation/Installation/Running • Parameter Description • Usage •
Features
Updates
- Updated ehole fingerprint
- Updated nuclei detection scripts
- Updated xray detection scripts
- Fixed missing field error when reading nuclei templates
- Standardized fingerprint names, nuclei, xray detection script naming format
Commits
- According to the original vscan development documentation, users can customize fingerprints and pocs. The calling relationship between the two is: first detect the fingerprint, then call the corresponding poc, similar to the recently updated -ac command line detection feature in nuclei, both based on fingerprints to detect vulnerabilities
-
According to the original vscan development documentation, the xray poc naming format corresponding to the fingerprint is: fingerprint-xxxx-yml, so the format of the newly added pocs has been standardized, including:
Weaver-OA Yonyou-OA Tongda-OA Jinhe-OA ThinPHP Spring-Boot Spring-Blade Apache-Tomcat Drupal Microsoft-Exchange Sangfor -
Nuclei loads pocs through tags
-
Based on the xray rule detection of the original vscan, the logic of loading multiple rules in yml v2 similar to nuclei templates has been rewritten, which can achieve multi-expression detection functionality -
The fuzzy detection feature for subdomain name takeover vulnerabilities is added
Based on the detection rules in the https://github.com/EdOverflow/can-i-take-over-xyz project, the corresponding domain name is determined to have a subdomain name takeover vulnerability by comparing the domain name CNAME resolution and the request return information. After the detection is complete, a matched_domains.txt file is generated in the current directory.
Todo
- Fix bugs related to some detection scripts failing to load
Warning
- To compile and generate executable files, please download the vcsanplus-main-code.zip file from the releases
本工具由C4安全团队二次开发和维护
Reference
Star History
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
httpx/common/customheader
Package customheader contains all the funcionality to deal with Custom Global Headers
|
Package customheader contains all the funcionality to deal with Custom Global Headers |
|
httpx/common/customlist
Package customlist contains all the funcionality to deal with Custom Target List
|
Package customlist contains all the funcionality to deal with Custom Target List |
|
httpx/common/customports
Package customport contains all the funcionality to deal with HTTP ports
|
Package customport contains all the funcionality to deal with HTTP ports |
|
httpx/common/fileutil
Package fileutil contains all the funcionality related to deal with files
|
Package fileutil contains all the funcionality related to deal with files |
|
httpx/common/httputilz
Package httputilz contains all the funcionality related to common HTTP operations, dump, define methods...
|
Package httputilz contains all the funcionality related to common HTTP operations, dump, define methods... |
|
httpx/common/httpx
Package httpx containst the httpx common funcionality
|
Package httpx containst the httpx common funcionality |
|
httpx/common/slice
Package slice contains a set of utilities to deal with slices
|
Package slice contains a set of utilities to deal with slices |
|
httpx/common/stringz
Package stringz contains a set of utilities to deal with strings
|
Package stringz contains a set of utilities to deal with strings |
|
httpx/runner
Package runner executes the enumeration process.
|
Package runner executes the enumeration process. |