Vxscan – Comprehensive Scanning Tool

Python3 comprehensive scanning tool, mainly used for sensitive file detection (directory scanning and js leak interface), WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CDN, check the next station.Update2019.6.18Fixed the problem of fingerprint recognition iis website error, modified apps.jsonRemoved some third-party libraries and scripts that are prone to errorsScanning is completed if it flashes, it is because the program first detects dns parsing and ping operation.The first time you use Vxscan, fake_useragent will load the ua list of https://fake-useragent.herokuapp.com/browsers/0.1.11 here, and a load timeout error may occur.RequirementsPython version > 3.6requeststqdmpyfigletfake-useragentbeautifulsoup4geoip2tldextractpython-nmapgeoip2tldextractlxmlpymongovirustotal_pythonapt install libpq-dev nmapwget https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gzAfter decompressing, put GeoLite2-City.mmdb inside to vxscan/db/GeoLite2-City.mmdbwget https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gzAfter decompressing, put the GeoLite2-ASN.mmdb inside to vxscan/db/GeoLite2-ASN.mmdbpip3 install -r requirements.txtFeaturesGenerate a dictionary list using Cartesian product method, support custom dictionary listRandom UserAgent, XFF, X-Real-IPCustomize 404 page recognition, access random pages and then compare the similarities through difflib to identify custom 302 jumpsWhen scanning the directory, first detect the http port and add multiple http ports of one host to the scan target.Filter invalid Content-Type, invalid status?WAF/CDN detectionUse the socket to send packets to detect common ports and send different payload detection port service fingerprints.Hosts that encounter full port open (portspoof) automatically skipCall wappalyzer.json and WebEye to determine the website fingerprintIt is detected that the CDN or WAF website automatically skipsCall nmap to identify the operating system fingerprintCall weak password detection script based on port open (FTP/SSH/TELNET/Mysql/MSSQL…)Call POC scan based on fingerprint identification or port, or click on the open WEB port of IPAnalyze sensitive asset information (domain name, mailbox, apikey, password, etc.) in the js fileGrab website connections, test SQL injection, LFI, etc.Call some online interfaces to obtain information such as VT, www.yougetsignal.com and other websites, determine the real IP through VT pdns, and query the website by www.yougetsignal.com and api.hackertarget.com.Usagepython3 Vxscan.py -hoptional arguments: -h, –help show this help message and exit -u URL, –url URL Start scanning this url -u xxx.com -i INET, –inet INET cidr eg. 1.1.1.1 or 1.1.1.0/24 -f FILE, –file FILE read the url from the file -t THREADS, –threads THREADS Set scan thread, default 150 -e EXT, –ext EXT Set scan suffix, -e php,asp -w WORD, –word WORD Read the dict from the file 1. Scan a websitepython3 vxscan.py -u http://www.xxx.com/ 2. Scan a website from a file listpython3 vxscan.py -f hosts.txt3. cidr eg. 1.1.1.1 or 1.1.1.0/24python3 vxscan.py -i 127.0.0.0/244. Set thread 100, combine only php suffix, use custom dictionarypython3 vxscan.py -u http://www.xxx.com -e php -t 100 -w ../dict.txtStructure/├─Vxscan.py main file├─db│ ├─apps.json Web fingerprint information│ ├─apps.txt Web fingerprint information (WEBEYE)│ ├─password.txt password├─report Report directory├─lib │ ├─common.py Determine CDN, port scan, POC scan, etc.│ ├─color.py Terminal color output│ ├─active.py Judge dns parsing and ping ip survival│ ├─save_html.py Generate html report│ ├─waf.py waf rules│ ├─osdetect.py Operating system version identification│ ├─random_header.py random header│ ├─scan_port.py PortScan│ ├─jsparse.py Grab the website js connection, analyze ip address, link, email, etc.│ &#9500 ;─settings.py Setting│ ├─pyh.py Generate html│ ├─wappalyzer.py Fingerprint recognition script│ ├─sql_injection.py Grab the website connection and test the SQL injection script├─script │ ├─Poc.py Poc script│ ├─……├─requirements.txt├─logo.jpg├─error.logWaf/CDN list360360wzwsAnquanbaoArmorBaiduYunjiasuAWS WAFAdNovumAiree CDNArt of Defence HyperGuardArvanCloudBarracuda NGBeluga CDNBinarySECBlockDoSBluedon ISTCacheFly CDNChinaCache CDNCisco ACE XML GatewayCloudFlare CDNCloudfront CDNComodoCompStateDenyALL WAFDenyAllDistil FirewallDoSArrest Internet SecurityF5 BIG-IP APMF5 BIG-IP ASMF5-TrafficShieldFastly CDNFortiWebFortiWeb FirewallGoDaddyGreyWizard FirewallHuaweiCloudWAFHyperGuard FirewallIBM DataPowerISAServerImmunify360Imperva SecureSphereIncapsula CDNJiasuleKONAKeyCDNModSecurityNGENIX CDNNSFOCUSNaxsiNetContinuumNetContinuum WAFNeusoft SEnginxNewdefendPalo Alto FirewallPerimeterX FirewallPowerCDNProfenseQiniu CDNReblaze FirewallSDWAFSafe3SafedogSiteLock TrueShieldSonicWALLSonicWallSophos UTM FirewallStingraySucuriTeros WAFUsp-SecVarnishWallarmWatchGuardWebKnightWest263CDNYundunYunsuoZenEdge Firewallaesecurealiyunazion CDNcloudflare CDNdotDefenderlimelight CDNmaxcdn CDNmod_securityyunsuoOutputThe following is the AWVS scanner test website results[ { “testphp.vulnweb.com": { "WAF": "NoWAF", "Webinfo": { "apps": [ "Nginx", "PHP", "DreamWeaver", "php" ], "title": "Home of Acunetix Art", "server": "nginx/1.4.1", "pdns": [ "176.28.50.165 : 2019-06-09 02:05:52" ], "reverseip": [ "176.28.50.165", "rs202995.rs.hosteurope.de", "testhtml5.vulnweb.com", "testphp.ingensec.ch", "testphp.ingensec.com", "testphp.ingensec.fr", "testphp.vulnweb.com", "vulnweb.com", "www.vulnweb.com" ] }, "Ports": [ "IMAPS:993", "ssh:22", "imap:143", "http:80", "Unknown:8880", "pop:110", "POP3:995", "smtp:25", "Unknown:8443", "SMTPS:465", "DNS:53", "ftp:21" ], "Ipaddr": "176.28.50.165", "Address": "德国 ", "Vuln": [ "http://testphp.vulnweb.com | Home of Acunetix Art", "MySQL SQLi:http://testphp.vulnweb.com/search.php?test=query", "MySQL SQLi:http://testphp.vulnweb.com/artists.php?artist=1", "MySQL SQLi:http://testphp.vulnweb.com/listproducts.php?cat=2" ], "URLS": [ { "rsp_code": 200, "rsp_len": 12473, "title": "None", "contype": "xml", "url": "/.idea/workspace.xml" }, { "rsp_code": 200, "rsp_len": 1, "title": "None", "contype": "plain", "url": "/CVS/Root" }, { "rsp_code": 200, "rsp_len": 4732, "title": "search", "contype": "html", "url": "/search.php" }, { "rsp_code": 200, "rsp_len": 1, "title": "None", "contype": "plain", "url": "/CVS/Entries" }, { "rsp_code": 200, "rsp_len": 3265, "title": "Home of WASP Art", "contype": "plain", "url": "/index.bak" }, { "rsp_code": 200, "rsp_len": 143, "title": "None", "contype": "xml", "url": "/.idea/scopes/scope_settings.xml" }, { "rsp_code": 200, "rsp_len": 3265, "title": "Home of WASP Art", "contype": "zip", "url": "/index.zip" }, { "rsp_code": 200, "rsp_len": 275, " title": "None", "contype": "xml", "url": "/.idea/modules.xml" }, { "rsp_code": 200, "rsp_len": 5523, "title": "login page", "contype": "html", "url": "/login.php" }, { "rsp_code": 200, "rsp_len": 278, "title": "Index of /admin/", "contype": "html", "url": "/admin/" }, { "rsp_code": 200, "rsp_len": 224, "title": "None", "contype": "xml", "url": "/crossdomain.xml" }, { "rsp_code": 302, "rsp_len": 14, "title": "None", "contype": "html", "url": "/userinfo.php" }, { "rsp_code": 200, "rsp_len": 6, "title": "None", "contype": "plain", "url": "/.idea/.name" }, { "rsp_code": 200, "rsp_len": 4958, "title": "Home of Acunetix Art", "contype": "html", "url": "/index.php" } ] } }]NoteReference cnnetarmy Srchunter design ideasRefer to the weak password module of brut3k1t:Https://github.com/ex0dus-0x/brut3k1tFingerprint recognition mainly calls Wappalyzer and WebEye:https://github.com/b4ubles/python3-Wappalyzerhttps://github.com/zerokeeper/WebEyePoc referenced:BBscan scanner https://github.com/lijiejie/BBScanPOC-T https://github.com/Xyntax/POC-T/tree/2.0/scriptPerun https://github.com/WyAtu/PerunRefer to the anthx port scan, service judgment:https://raw.githubusercontent.com/AnthraX1/InsightScan/master/scanner.pyInjecting the crawler reference:DSSS https://github.com/stamparm/DSSSJs sensitive information regular extraction reference:https://github.com/nsonaniya2010/SubDomainizerWAF judges the use of waf00f and whatwaf judgment rules:https://github.com/EnableSecurity/wafw00fhttps://github.com/Ekultek/WhatWafDownload Vxscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/0ZDcFApPJl8/vxscan-comprehensive-scanning-tool.html