{"id":13845239,"url":"https://github.com/W01fh4cker/Serein","last_synced_at":"2025-07-12T01:32:20.743Z","repository":{"id":37383341,"uuid":"498236325","full_name":"W01fh4cker/Serein","owner":"W01fh4cker","description":"【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。","archived":true,"fork":false,"pushed_at":"2023-02-26T14:06:05.000Z","size":85440,"stargazers_count":1152,"open_issues_count":0,"forks_count":189,"subscribers_count":19,"default_branch":"main","last_synced_at":"2024-09-27T03:01:31.684Z","etag":null,"topics":["0day","batch","cve-2018-13379","cve-2019-5418","cve-2021-30461","cve-2021-34473","cve-2021-43734","cve-2022-1119","cve-2022-22954","cve-2022-22980","cve-2022-23337","cve-2022-25078","cve-2022-26134","cve-2022-29303","cve-2022-29464","cve-2022-30525","cve-2022-33891","cve-2022-8515","gui"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/W01fh4cker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-31T07:44:01.000Z","updated_at":"2024-09-24T09:34:20.000Z","dependencies_parsed_at":"2024-09-26T03:00:58.130Z","dependency_job_id":null,"html_url":"https://github.com/W01fh4cker/Serein","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/W01fh4cker%2FSerein","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/W01fh4cker%2FSerein/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/W01fh4cker%2FSerein/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/W01fh4cker%2FSerein/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/W01fh4cker","download_url":"https://codeload.github.com/W01fh4cker/Serein/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784318,"owners_count":17523621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0day","batch","cve-2018-13379","cve-2019-5418","cve-2021-30461","cve-2021-34473","cve-2021-43734","cve-2022-1119","cve-2022-22954","cve-2022-22980","cve-2022-23337","cve-2022-25078","cve-2022-26134","cve-2022-29303","cve-2022-29464","cve-2022-30525","cve-2022-33891","cve-2022-8515","gui"],"created_at":"2024-08-04T17:03:17.216Z","updated_at":"2024-11-21T18:30:57.114Z","avatar_url":"https://github.com/W01fh4cker.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eSerein | 身处落雨的黄昏 | 该项目暂停更新\u003c/h1\u003e  \n\u003cp align=\"center\"\u003e\u003cimg src=\"https://socialify.git.ci/W01fh4cker/Serein/image?description=1\u0026descriptionEditable=%E4%B8%80%E6%AC%BE%E5%9B%BE%E5%BD%A2%E5%8C%96%E3%80%81%E6%89%B9%E9%87%8F%E9%87%87%E9%9B%86url%E3%80%81%E6%89%B9%E9%87%8F%E5%AF%B9%E9%87%87%E9%9B%86%E7%9A%84url%E8%BF%9B%E8%A1%8C%E5%90%84%E7%A7%8Dnday%E6%A3%80%E6%B5%8B%E7%9A%84%E5%B7%A5%E5%85%B7%E3%80%82%E5%8F%AF%E7%94%A8%E4%BA%8Esrc%E6%8C%96%E6%8E%98%E3%80%81cnvd%E6%8C%96%E6%8E%98%E3%80%810day%E5%88%A9%E7%94%A8%E3%80%81%E6%89%93%E9%80%A0%E8%87%AA%E5%B7%B1%E7%9A%84%E6%AD%A6%E5%99%A8%E5%BA%93%E7%AD%89%E5%9C%BA%E6%99%AF%E3%80%82\u0026font=Bitter\u0026forks=1\u0026issues=1\u0026language=1\u0026logo=https%3A%2F%2Fs2.loli.net%2F2022%2F06%2F25%2FgUAh2V5CiD96y8G.jpg\u0026name=1\u0026owner=1\u0026pattern=Circuit%20Board\u0026pulls=1\u0026stargazers=1\u0026theme=Light\" /\u003e\u003c/p\u003e\n\n# Linux English version is online! | Linux英文版版本上线！ \n\u003e http://github.com/W01fh4cker/Serein_Linux\n\n\n# Declaration | 声明\n\n- 该项目仅供授权下使用，禁止使用该项目进行违法操作，否则自行承担后果，请各位遵守《中华人民共和国网络安全法》！！！\n\n- 由于是短时间熬夜所写，头脑昏昏，料想会有不少错误，欢迎指出，我的联系方式在下方已经贴出，不胜感激！  \n\n- **计划七月份每天增加一个漏洞利用模块，所以欢迎`star/fork`，您的每一个`star`和`fork`都是我前进的动力！**\n\n-  :hamster:欢迎进入我的交流群一起探讨学习，群二维码在最后。:hamster:\n\n# Version | 版本\n\n- [版本更新说明 | Version Update Instructions](https://github.com/W01fh4cker/Serein/blob/main/version.md)\n\n# Latest-Interface-Display | 最新版页面展示 \n![](https://s2.loli.net/2022/08/02/R3PXWHwYSnVBzTl.png)\n\n# Exploit-Example | 利用示例\n\n1. 我们想批量利用`向日葵RCE`漏洞，于是我们`base64加密`语句`body=\"Verification failure\"`，得到：`Ym9keT0iVmVyaWZpY2F0aW9uIGZhaWx1cmUi`。\n\n2. 我们选取获取前`2000`条（具体条数需要根据自己的会员情况来填写）：\n\n   ![0](https://s2.loli.net/2022/06/30/DBiq6jUYRTc2P34.png)\n\n   ![1](https://s2.loli.net/2022/06/30/9pLbKCzsEYPH4q8.png)\n\n   ![2](https://s2.loli.net/2022/06/30/JTnoXdUREchuOk7.png)\n\n3. 直接点击`向日葵RCE一把梭`：\n\n      ![4](https://s2.loli.net/2022/06/30/o5tUHMuXTvf7V8P.png)\n\n4. 可以看到软件开始批量检测了（可能会出现短时间的空白，请耐心等待程序运行）：\n\n      ![5](https://s2.loli.net/2022/06/30/WJlKyR2fVwd6XAx.png)\n\n      软件的线程数是`100`，可以自己对`exp`文件下的`xrk_rce.py`的第`58`行进行调整。（速度还是很快的）\n\n5. **删除文件夹下`urls.txt`、`修正后的url.txt`、`host.txt`这三个文件，准备使用其他一键梭哈模块：**\n\n   ![](https://s2.loli.net/2022/07/09/DJhz6XdWIbaw1Uq.png)\n\n   ![](https://s2.loli.net/2022/07/09/fiKHxwl73bkQd2m.png)\n\n# How-To-Use | 如何使用\n\n**我已经录制了使用视频，并且上传到了B站：https://www.bilibili.com/video/bv1Dv4y137Lu**\n\n1. **需要`python3.7~3.9`**\n   ```python\n   git clone https://github.com/W01fh4cker/Serein.git\n   cd Serein\n   pip3 install -r requirements.txt\n   python3 Serein.py\n   ```\n   \n2. 点击左上角的`软件配置`配置`fofa`的`email`和`key`（注意不是密码，而是`https://fofa.info/personalData`下方的`API KEY`），然后就可以愉快地使用`fofa搜索`啦。\n    **注意：必须是`fofa`普通/高级/企业账号，因为`fofa`注册会员调用`api`需要消耗`f`币，如果您是注册会员请确保您有`f`币，否则无法查询！**  \n4. 搜集完成之后，软件的同级目录下会生成`urls.txt`、`修正后的url.txt`、`host.txt`，分别保存`采集的原始url`、添加了`http/https头的url`、`仅网站IP`。\n5. 完成一次扫描任务后，若要开启下一次扫描，请删除文件夹下`urls.txt`、`修正后的url.txt`、`host.txt`这三个文件。\n6. 如果您在使用中遇到任何问题、有活泼的想法，您有三种途径与我反馈交流：\n\n```python\nmailto:sharecat2022@gmail.com\n\nhttps://github.com/W01fh4cker/Serein/issues\n\n添加微信：W01fh4cker\n```\n\n\n# To-Do List | 要做的事儿\n1. **完善权重查询模块。当我们一键梭哈完之后，想提交补天等漏洞平台的时候，由于平台有权重要求，所以要对含有漏洞的网站需要进行`ip--\u003edomain`，然后反查域名，利用多个查询接口进行权重查询，筛选出符合权重要求的网站，导出出来。**\n2. （优先）添加其他的搜索引擎，如：`Censys`、`Zoomeye`、`Quake`等。\n3. 增加代理模式。 \n4. 其他的暂时还没想到，如果小伙伴们有什么想法可以直接在`issues`里面提出。\n\n# My Community | W01fh4cker的兴趣交流社区  \n- `https://discord.gg/n2c5Eaw4Jx`\n\n![](https://w01fh4cker-img-bed.oss-cn-hangzhou.aliyuncs.com/20221106164340.png)\n## 加我微信W01fh4cker拉交流群\n![微信交流群二维码](https://w01fh4cker-img-bed.oss-cn-hangzhou.aliyuncs.com/f1f9168697afe32412c08e66f9373f8.jpg)\n# Star Growth Curve | Star增长曲线  \n[![Star History Chart](https://api.star-history.com/svg?repos=W01fh4cker/Serein\u0026type=Date)](https://star-history.com/#W01fh4cker/Serein\u0026Date)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FW01fh4cker%2FSerein","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FW01fh4cker%2FSerein","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FW01fh4cker%2FSerein/lists"}