{"id":13815213,"url":"https://github.com/YagamiiLight/Cerberus","last_synced_at":"2025-05-15T07:32:10.878Z","repository":{"id":43843841,"uuid":"229491909","full_name":"YagamiiLight/Cerberus","owner":"YagamiiLight","description":"一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能","archived":false,"fork":false,"pushed_at":"2020-01-05T21:46:25.000Z","size":1195,"stargazers_count":649,"open_issues_count":9,"forks_count":128,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-11-19T10:49:00.524Z","etag":null,"topics":["bypass","hacking-tool","middleware","penetration-testing","proxy","python","security-tools","sql-injection","ssrf","waf","websecurity","xss"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/YagamiiLight.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-12-21T22:45:55.000Z","updated_at":"2024-11-14T04:30:04.000Z","dependencies_parsed_at":"2022-07-12T21:50:34.104Z","dependency_job_id":null,"html_url":"https://github.com/YagamiiLight/Cerberus","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YagamiiLight%2FCerberus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YagamiiLight%2FCerberus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YagamiiLight%2FCerberus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/YagamiiLight%2FCerberus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/YagamiiLight","download_url":"https://codeload.github.com/YagamiiLight/Cerberus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254295968,"owners_count":22047179,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass","hacking-tool","middleware","penetration-testing","proxy","python","security-tools","sql-injection","ssrf","waf","websecurity","xss"],"created_at":"2024-08-04T04:03:08.662Z","updated_at":"2025-05-15T07:32:05.849Z","avatar_url":"https://github.com/YagamiiLight.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"# Cerberus\n\n一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能\n\n[![asciicast](https://asciinema.org/a/289717.svg)](https://asciinema.org/a/289717)\n\n\n## 主要功能\n\n- :smiling_imp:单url漏洞扫描\n\n  支持SQL注入, XSS, 命令执行,文件包含, ssrf\n\n  进行单站点漏洞扫描\n\n  `python3 cerberus.py -target www.qq.com`\n  \n  [![asciicast](https://asciinema.org/a/6fOJu4DkVhMGutLeIGmwE7Ppi.svg)](https://asciinema.org/a/6fOJu4DkVhMGutLeIGmwE7Ppi)\n  \n- :cherry_blossom: 线程设置\n\n  多线程，默认7线程\n  \n  `python3 cerberus.py -target www.qq.com -thread 7`\n\n\n- :imp:子域名异步批量扫描\n\n  使用aioDNS，asyncio异步，子域名爆破后，加入扫描队列，覆盖目标全方位资产进行批量漏洞扫描\n\n  `python3 cerberus.py -target www.qq.com -subdomain`\n  \n  [![asciicast](https://asciinema.org/a/n8zwz58eOkqH8JNZAi85opa61.svg)](https://asciinema.org/a/n8zwz58eOkqH8JNZAi85opa61)\n\n\n- :skull: 代理IP收集\n\n  爬取了9个站点的实时免费代理IP，但IP存活率较低，大概在20%左右，检测IP是否存活的过程中可能会阻塞扫描过程。\n\n  - www.data5u.com\n  - www.xicidaili.com\n  - www.goubanjia.com\n  - www.ip3366.net\n  - www.iphai.com\n  - cn-proxy.com\n  - ip.jiangxianli.com\n  - www.xiladaili.com\n  - ip.ihuan.me\n\n  `python3 cerberus.py -target www.qq.com -proxy`\n  \n  [![asciicast](https://asciinema.org/a/p4A6ZhN5kCKIzlXZbdApltgNe.svg)](https://asciinema.org/a/p4A6ZhN5kCKIzlXZbdApltgNe)\n  \n- :japanese_ogre:Waf信息收集\n\n  国内外100+款waf信息,强大的指纹库，包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案\n  \n  请务必提供带有参数的URL进行WAF测试！\n  \n  `python3 cerberus.py -target https://open.weixin.qq.com/frame?t=home/web_tmpl\u0026lang=zh_CN -waf`\n\n- :see_no_evil:中间件信息收集\n\n  信息收集完毕后，根据获取结果，自动进行中间件漏洞扫描\n\n  - WAF\n  \n  - CDN\n  \n  - CMS\n  \n  - Web Servers\n  \n  - Web Frameworks\n  \n  - Operating Systems\n  \n  `python3 cerberus.py -target -detectMid`\n  \n  [![asciicast](https://asciinema.org/a/mQ6qLc98J87Srpf7nGq8MakdP.svg)](https://asciinema.org/a/mQ6qLc98J87Srpf7nGq8MakdP)\n  \n- :panda_face: 指定中间件漏洞扫描\n\n  如果已知目标部分中间件信息，可以指定类型，直接进行扫描\n  \n  - Thinkphp CVE-2018-5955\n  \n  - Phpmyadmain CVE-2018-12613\n  \n  - Dedecms\n  \n  - Tomcat CVE-2018-11759\n  \n  - Weblogic\n  \n  - Wordpress\n  \n  `python3 cerberus.py -target www.qq.com -midlleware weblogic`\n  \n  \n  \n- :trollface: 输入文件批量扫描\n\n  - 文件路径需为绝对路径\n  \n  - 需为txt文本格式，确保每一行只有一个域名\n  \n  `python3 cerberus.py -file absolute path`\n\n- :cookie: 设置Cookie\n  \n  `python3 cerberus.py -cookie cookie`\n\n- :speak_no_evil: 输出漏洞扫描报告\n\n  `python3 cerberus.py -outfile`\n  \n  \n\n## :rabbit: Praise me!\n\n   - :kissing_cat: 如果您认为本项目对您有一定帮助，为了更好的开源安全工具！请赞赏我！感谢您的赞赏！\n\n   ![praise](https://github.com/YagamiiLight/Cerberus/blob/master/images/praise.jpg)\n\n## 声明\n\n本项目仅供学习交流，使用本工具所造成的任何违法后果，与本人无关！！\n\n\n  \n\n\n\n  \n  \n  \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FYagamiiLight%2FCerberus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FYagamiiLight%2FCerberus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FYagamiiLight%2FCerberus/lists"}