MyGit

youki992/VscanPlus

Fork: 20 Star: 229 (更新于 2025-01-14 16:39:30)

license: BSD-3-Clause

Language: Go .

[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本,端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具,批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.

最后发布版本: v1.0.5.1 ( 2024-11-14 15:13:12)

GitHub网址

VscanPlus

VscanPlus is a second development version of Vscan, an open-source, lightweight, fast, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.

Release

中文文档Compilation/Installation/RunningParameter DescriptionUsage

Features

image

image

Updates

  • Updated ehole fingerprint
  • Updated nuclei detection scripts
  • Updated xray detection scripts
  • Fixed missing field error when reading nuclei templates
  • Standardized fingerprint names, nuclei, xray detection script naming format

Commits

  • According to the original vscan development documentation, users can customize fingerprints and pocs. The calling relationship between the two is: first detect the fingerprint, then call the corresponding poc, similar to the recently updated -ac command line detection feature in nuclei, both based on fingerprints to detect vulnerabilities
vscan

  • According to the original vscan development documentation, the xray poc naming format corresponding to the fingerprint is: fingerprint-xxxx-yml, so the format of the newly added pocs has been standardized, including: Weaver-OA Yonyou-OA Tongda-OA Jinhe-OA ThinPHP Spring-Boot Spring-Blade Apache-Tomcat Drupal Microsoft-Exchange Sangfor

  • Nuclei loads pocs through tags

vscan

  • Based on the xray rule detection of the original vscan, the logic of loading multiple rules in yml v2 similar to nuclei templates has been rewritten, which can achieve multi-expression detection functionality

  • The fuzzy detection feature for subdomain name takeover vulnerabilities is added

Based on the detection rules in the https://github.com/EdOverflow/can-i-take-over-xyz project, the corresponding domain name is determined to have a subdomain name takeover vulnerability by comparing the domain name CNAME resolution and the request return information. After the detection is complete, a matched_domains.txt file is generated in the current directory.

image

Running effects

image

Todo

  • Fix bugs related to some detection scripts failing to load

Warning

  • To compile and generate executable files, please download the vcsanplus-main-code.zip file from the releases

本工具由Code4th安全团队二次开发和维护

image

团队公开群

  • QQ群一群(772375860)

Reference

https://github.com/veo/vscan

Star History

Star History Chart

最近版本更新:(数据更新于 2025-01-19 09:56:26)

2024-11-14 15:13:12 v1.0.5.1

2024-08-13 09:09:09 v1.0.5

2024-05-14 15:54:13 v1.0.4.2

2024-03-28 15:26:08 v1.0.4.1

2024-03-28 10:39:04 v1.0.4

2024-03-04 17:25:56 v1.0.3.2

2024-03-01 15:48:24 v1.0.3.1

2024-02-29 16:12:15 v1.0.3

2024-02-29 11:04:25 v1.0.2

2024-02-28 16:01:56 v1.0.1

主题(topics):

fingerprint, fuzzing, nuclei, portscan, security, sql-injection, xray

youki992/VscanPlus同语言 Go最近更新仓库

2025-01-18 08:14:21 dolthub/dolt

2025-01-18 02:57:03 Permify/permify

2025-01-17 03:33:21 SpecterOps/BloodHound

2025-01-16 23:36:33 hashicorp/terraform

2025-01-16 05:55:26 helm/helm

2025-01-16 04:37:27 kubernetes/kubernetes

微信小程序
MyGit:GitHub仓库更新&通知小工具