VscanPlus

VscanPlus is a second development version of Vscan, an open-source, lightweight, fast, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.

中文文档 • Compilation/Installation/Running • Parameter Description • Usage •

Features

Updates

• Updated ehole fingerprint
• Updated nuclei detection scripts
• Updated xray detection scripts
• Fixed missing field error when reading nuclei templates
• Standardized fingerprint names, nuclei, xray detection script naming format

Commits

• According to the original vscan development documentation, users can customize fingerprints and pocs. The calling relationship between the two is: first detect the fingerprint, then call the corresponding poc, similar to the recently updated -ac command line detection feature in nuclei, both based on fingerprints to detect vulnerabilities

• According to the original vscan development documentation, the xray poc naming format corresponding to the fingerprint is: fingerprint-xxxx-yml, so the format of the newly added pocs has been standardized, including: Weaver-OA Yonyou-OA Tongda-OA Jinhe-OA ThinPHP Spring-Boot Spring-Blade Apache-Tomcat Drupal Microsoft-Exchange Sangfor

• Nuclei loads pocs through tags

• Based on the xray rule detection of the original vscan, the logic of loading multiple rules in yml v2 similar to nuclei templates has been rewritten, which can achieve multi-expression detection functionality

• The fuzzy detection feature for subdomain name takeover vulnerabilities is added Based on the detection rules in the https://github.com/EdOverflow/can-i-take-over-xyz project, the corresponding domain name is determined to have a subdomain name takeover vulnerability by comparing the domain name CNAME resolution and the request return information. After the detection is complete, a matched_domains.txt file is generated in the current directory.

Todo

• Fix bugs related to some detection scripts failing to load

AI Decision Layer (Multi-Provider)

An optional AI decision assistant is available. It generates a Markdown report after scanning with asset profiling, risk priority, validation checklist, and risk control notes, plus a built-in heuristic High/Medium/Low risk summary with confidence.

Supported OpenAI-compatible providers: kimi / openai / deepseek / qwen / glm / openrouter / custom

• One-flag AI mode (recommended): -ai (same as -ai-enable -ai-poc-select)
• Enable AI: -ai-enable
• AI-only mode: -ai-only
• Enable AI POC selection (xray+nuclei): -ai-poc-select
• Use external latest nuclei engine: -nuclei-external -nuclei-templates /path/to/nuclei-templates
• Select provider: -ai-provider kimi
• API key: -ai-api-key or provider env key
• Extra context: -ai-prompt "focus on auth/payment attack surface"
• Output file: -ai-output ai-decision.md

Environment variable mapping:

• kimi: KIMI_API_KEY / MOONSHOT_API_KEY
• openai: OPENAI_API_KEY
• deepseek: DEEPSEEK_API_KEY
• qwen: DASHSCOPE_API_KEY
• glm: ZHIPUAI_API_KEY
• openrouter: OPENROUTER_API_KEY

Example (Kimi, one-flag AI decision):

export KIMI_API_KEY="your_kimi_key"
./VscanPlus -host https://example.com -p 80,443,8080 -o result.txt -ai

Example (OpenAI):

export OPENAI_API_KEY="your_openai_key"
./VscanPlus -host https://example.com -o result.txt -ai-enable -ai-provider openai -ai-output ai-decision.md

AI-only with existing result file:

export KIMI_API_KEY="your_kimi_key"
./VscanPlus -ai-enable -ai-only -ai-provider kimi -o result.txt -ai-output ai-decision.md

Warning

• To compile and generate executable files, please download the vcsanplus-main-code.zip file from the releases

本工具由C4安全团队二次开发和维护

Reference

https://github.com/veo/vscan

Star History