{"id":13389823,"url":"https://github.com/al0ne/Vxscan","last_synced_at":"2025-03-13T14:32:04.217Z","repository":{"id":46591519,"uuid":"168183997","full_name":"al0ne/Vxscan","owner":"al0ne","description":"python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。","archived":false,"fork":false,"pushed_at":"2020-01-02T02:59:56.000Z","size":5037,"stargazers_count":1749,"open_issues_count":3,"forks_count":442,"subscribers_count":48,"default_branch":"master","last_synced_at":"2025-03-11T09:08:34.953Z","etag":null,"topics":["cdn","detection","directory-scanning","fingerprint","fingerprint-recognition-error","identification","pentest","poc-scanning","port-scanning","portscan","python","python3","scan-tool","security-tools","tools","waf","website-fingerprint"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/al0ne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-01-29T16:05:34.000Z","updated_at":"2025-03-10T18:01:24.000Z","dependencies_parsed_at":"2022-07-20T05:00:17.048Z","dependency_job_id":null,"html_url":"https://github.com/al0ne/Vxscan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al0ne%2FVxscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al0ne%2FVxscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al0ne%2FVxscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al0ne%2FVxscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/al0ne","download_url":"https://codeload.github.com/al0ne/Vxscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243422625,"owners_count":20288493,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cdn","detection","directory-scanning","fingerprint","fingerprint-recognition-error","identification","pentest","poc-scanning","port-scanning","portscan","python","python3","scan-tool","security-tools","tools","waf","website-fingerprint"],"created_at":"2024-07-30T13:01:34.480Z","updated_at":"2025-03-13T14:32:04.148Z","avatar_url":"https://github.com/al0ne.png","language":"Python","readme":"# Vxscan 2.0\n\n[![Build Status](https://api.travis-ci.org/al0ne/Vxscan.svg?branch=master)](https://travis-ci.org/al0ne/Vxscan)\n[![ISSUE](https://img.shields.io/github/issues/al0ne/Vxscan)](https://github.com/al0ne/Vxscan/issues)\n[![star](https://img.shields.io/github/stars/al0ne/Vxscan)](./)\n[![license](https://img.shields.io/github/license/al0ne/Vxscan)](https://github.com/al0ne/Vxscan/blob/master/LICENSE)\n[![python](https://img.shields.io/badge/python-3.6%20%7C%203.7%20%7C%203.8-blue)](./)\n\nEnglish | [简体中文](./README.zh-CN.md) \n\nPython3 comprehensive scanning tool, mainly used for sensitive file detection (directory scanning and js leak interface), WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CDN, check the next station\n\n# Update\n2019.8.19 \nAdded the prohibition to scan gov.cn and edu.cn domain names, the program detects that it will terminate immediately \nModified the program output interface to change to time + plugin + domain name + result style \nRemoved the original SQL injection plugin and added a weak password detection plugin (Mysql, Postgresql, SSH, etc.) \nCombine Fofa's fingerprint identification library with WEBEYE. Fingerprint rule 2000+ \n2019.7.19 \nAdded socks5 global proxy \nPackaged requests \nOptimized directory structure \nDeleted the original html report, using the html report extracted from Perun \nRemoved the json result output, adjusted to store in the sqllite3 database, deduplicate when warehousing, skip if the target host already exists in the db file during scanning \nAdded phpinfo, leaves common information leak scanning plugin \nPdns join the viewdns.info interface \n2019.7.1 \nDisplay the host whose ping detection failed. \nThe -u command can add multiple targets, separated by commas \nFix fingerprint recognition error \n2019.6.18 \nFixed the problem of fingerprint recognition iis website error, modified apps.json \nRemoved some third-party libraries and scripts that are prone to errors \nScanning is completed if it flashes, it is because the program first detects dns parsing and ping operation. \nThe first time you use Vxscan, fake_useragent will load the ua list of https://fake-useragent.herokuapp.com/browsers/0.1.11 here, and a load timeout error may occur. \n\nRequirements\n--------\n\nPython version \u003e 3.6 \nrequests \npyfiglet \nfake-useragent \nbeautifulsoup4 \ntldextract \npython-nmap \ngeoip2 \nlxml \npymongo \nvirustotal_python \ndnspython \npysocks \n\nwget https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz \nAfter decompressing, put GeoLite2-City.mmdb inside to vxscan/data/GeoLite2-City.mmdb \n\nwget https://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN.tar.gz \nAfter decompressing, put the GeoLite2-ASN.mmdb inside to vxscan/data/GeoLite2-ASN.mmdb \n\npip3 install -r requirements.txt \n\nFeatures\n--------\n - Webinfo\n + GeoIP\n + DNS resolution verification\n + Ping survival verification\n + HTTPS/HTTP authentication\n - WAF/CDN detection\n + WAF Rules\n + CDN IP segment\n + CDN ASN\n + HTTP header\n + HTTP Server\n + HTTP Headers\n - Fingerprint recognition\n + Wappalyzer (1100+)\n + WEBEYE (100+)\n + FOFA (2000+)\n - PDNS\n + virustotal\n + viewdns.info\n - Reverse domain\n + yougetsignal.com\n + api.hackertarget.com\n + Operating system version detection (nmap)\n - Ports\n + 400+ Ports\n + 140+ port fingerprint feature\n + Port Banner\n + Skip CDN IP\n + Full port open host (portspoof) automatically skips\n + Large file recognition, stream=True will be added when scanning the url, so that it will not be loaded when large files are encountered.\n - URLS\n + Parse robots.txt to add content to the scan list\n + Common backup, backdoor, directory, middleware, sensitive file address\n + Generate a dictionary list using Cartesian product\n + Random UserAgent, XFF, X-Real-IP, Referer\n + Custom 404 page recognition (page similarity, page keyword)\n + Identify custom 302 jumps\n + Filter invalid Content-Type, invalid status?\n + save url, title, contype, rsp_len, rsp_code\n - Vuln\n + Add multiple HTTP ports from one host to the POC target\n + Call POC based on fingerprint and port service\n + Unauthorized, deserialized, RCE, Sqli...\n - BruteForce\n + Mysql\n + Postgresql\n + SSH\n - Crawl\n + Extract dynamic parameters by crawling, de-weighting\n + Js File information disclosure (phone,apikey,email,ip,domain,todo)\n + HTML Comment leak (phone,email,domain,ip,todo)\n - Report\n + Results are stored in the Sqlite3 database\n + Inbound deduplication, detected that existing items will not be scanned\n + Generate html report\n\n \n\nUsage\n--------\npython3 Vxscan.py -h \n```\noptional arguments:\n -h, --help show this help message and exit \n -u URL, --url URL Start scanning this url -u xxx.com \n -i INET, --inet INET cidr eg. 1.1.1.1 or 1.1.1.0/24 \n -f FILE, --file FILE read the url from the file \n``` \n\n**1. Scan a website** \n```python3 vxscan.py -u http://www.xxx.com/ ``` \n**2. Scan a website from a file list** \n```python3 vxscan.py -f hosts.txt``` \n**3. cidr eg. 127.0.0.0/24** \n```python3 vxscan.py -i 127.0.0.0/24``` \n\nStructure\n--------\n```\n├─Vxscan.py master file\n├─data\n│ ├─apps.json Web fingerprint information\n│ ├─apps.txt Web fingerprint information (WEBEYE)\n│ ├─GeoLite2-ASN.mmdb geoip\n│ ├─GeoLite2-City.mmdb asn\n├─doc to store some image or document resources\n├─report html report related content\n├─lib\n│ ├─common.py Determine CDN, port scan, POC scan, etc.\n│ ├─color.py terminal color output\n│ ├─cli_output.py terminal output\n│ ├─active.py to judge dns resolution and ping ip survival\n│ ├─save_html.py Generate html reports\n│ ├─waf.py waf rules\n│ ├─options.py option settings\n│ ├─iscdn.py Determine whether IP is CDN based on ip segment and asn range\n│ ├─osdetect.py OS version identification\n│ ├─random_header.py custom header header\n│ ├─settings.py setting script\n│ ├─vuln.py Batch call POC scan\n│ ├─url.py Deduplicate the fetched connection\n│ ├─verify.py script provides verification interface\n│ ├─sqldb.py All related to sqlite3 are here\n│ ├─Requests.py packaged requests library, do some custom settings\n├─script\n│ ├─Poc.py Poc script\n│ ├─......\n├─Plugins\n│ ├─ActiveReconnaissance\n│ ├─active.py to determine host survival and verify dns resolution\n│ ├─check_waf.py judge website waf\n│ ├─crawk.py Crawl website links and test\n│ ├─osdetect.py Operating System Identification\n│ ├─InformationGathering\n│ ├─geoip.py Location Search\n│ ├─js_leaks.py js information disclosure\n│ ├─PassiveReconnaissance\n│ ├─ip_history.py pdns interface\n│ ├─reverse_domain.py side station query\n│ ├─virustotal.py VT Pdns query\n│ ├─wappalyzer.py CMS passive fingerprint recognition\n│ ├─Scanning\n│ ├─dir_scan directory scan\n│ ├─port_scan port scan\n├─requirements.txt\n├─report.py html report generation\n├─logo.jpg\n├─error.log\n\n```\n\n\nSETTING\n--------\n```python\n# coding=utf-8\n\n# global timeout\nTIMEOUT = 5\n\n# Is the status to be excluded\nBLOCK_CODE = [\n 301, 403, 308, 404, 405, 406, 408, 411, 417, 429, 493, 502, 503, 504, 999\n]\n# Set scan thread\nTHREADS = 100\n# Content type to exclude\nBLOCK_CONTYPE = [\n 'image/jpeg', 'image/gif', 'image/png', 'application/javascript',\n 'application/x-javascript', 'text/css', 'application/x-shockwave-flash',\n 'text/javascript', 'image/x-icon'\n]\n\n# Whether to skip directory scanning\nSCANDIR = True\n\n# Whether to start the POC plugin\nPOC = True\n\n# Skip if it exists in the result db\nCHECK_DB = False\n\n# invalid 404 page\nPAGE_404 = [\n 'page_404\"', \"404.png\", '找不到页面', '页面找不到', \"Not Found\", \"访问的页面不存在\",\n \"page does't exist\", 'notice_404', '404 not found'\n]\n\n# ping\nPING = True\n\n# socks5 proxy\n# SOCKS5 = ('127.0.0.1', 1080)\nSOCKS5 = ()\n\n# shodan\nSHODAN_API = ''\n\n# VT\nVIRUSTOTAL_API = ''\n\n# cookie\nCOOKIE = {'Cookie': 'test'}\n```\nPOC\n--------\n**1. Call POC based on port open or fingerprint recognition results** \nCreate a new python file in the script directory, define the check function, the parameters passed in are mainly the ip address, port list, fingerprint identification list, and then return the result:\n```python\nimport pymongo\nfrom lib.verify import verify\n\ntimeout = 2\nvuln = ['27017', 'Mongodb']\n\ndef check(ip, ports, apps):\n # Verify is used to verify if there is a Mongodb related result in the scan list. If the port is not open, it will not be scanned.\n if verify(vuln, ports, apps):\n try:\n conn = pymongo.MongoClient(host=ip, port=27017, serverSelectionTimeoutMS=timeout)\n database_list = conn.list_database_names()\n if not database_list:\n conn.close()\n return\n conn.close()\n return '27017 MongoDB Unauthorized Access'\n except Exception as e:\n pass\n```\n**2. Traversing on each HTTP port where the target IP is open** \nGenerate the url to be scanned according to the list of port services passed, and then visit it in each web port. The following script will get the title of each http port of ip. \n```python\nfrom lib.verify import get_list\nfrom lib.random_header import HEADERS\nfrom lxml import etree\nimport requests\n\ndef get_title(url):\n try:\n r = requests.get(url, headers=HEADERS, timeout=3, verify=False)\n html = etree.HTML(r.text)\n title = html.xpath('//title/text()')\n return url + ' | ' + title[0]\n except:\n pass\n\n\ndef check(ip, ports, apps):\n result = []\n probe = get_list(ip, ports)\n for i in probe:\n out = get_title(i)\n if out:\n result.append(out)\n return result\n```\n\nFingerprint\n--------\nHow to add fingerprint recognition features \nModify the contents of the data/apps.txt file \n**1. Match HTTP Header header** \nCacti|headers|Set-Cookie|Cacti= \n**2. Match HTTP response body** \nASP|index|index|\u003ca[^\u003e]*?href=('|\")[^http][^\u003e]*?\\.asp(\\?|\\#|\\1) \n**3. Split Headers heads to match in k or v** \nThinkSNS|match|match|T3_lang \n\nWaf/CDN list\n--------\n360 \n360wzws \nAnquanbao \nArmor \nBaiduYunjiasu \nAWS WAF \nAdNovum \nAiree CDN \nArt of Defence HyperGuard \nArvanCloud \nBarracuda NG \nBeluga CDN \nBinarySEC \nBlockDoS \nBluedon IST \nCacheFly CDN \nChinaCache CDN \nCisco ACE XML Gateway \nCloudFlare CDN \nCloudfront CDN \nComodo \nCompState \nDenyALL WAF \nDenyAll \nDistil Firewall \nDoSArrest Internet Security \nF5 BIG-IP APM \nF5 BIG-IP ASM \nF5-TrafficShield \nFastly CDN \nFortiWeb \nFortiWeb Firewall \nGoDaddy \nGreyWizard Firewall \nHuaweiCloudWAF \nHyperGuard Firewall \nIBM DataPower \nISAServer \nImmunify360 \nImperva SecureSphere \nIncapsula CDN \nJiasule \nKONA \nKeyCDN \nModSecurity \nNGENIX CDN \nNSFOCUS \nNaxsi \nNetContinuum \nNetContinuum WAF \nNeusoft SEnginx \nNewdefend \nPalo Alto Firewall \nPerimeterX Firewall \nPowerCDN \nProfense \nQiniu CDN \nReblaze Firewall \nSDWAF \nSafe3 \nSafedog \nSiteLock TrueShield \nSonicWALL \nSonicWall \nSophos UTM Firewall \nStingray \nSucuri \nTeros WAF \nUsp-Sec \nVarnish \nWallarm \nWatchGuard \nWebKnight \nWest263CDN \nYundun \nYunsuo \nZenEdge Firewall \naesecure \naliyun \nazion CDN \ncloudflare CDN \ndotDefender \nlimelight CDN \nmaxcdn CDN \nmod_security \nyunsuo \n\n\nOutput\n--------\nThe following is the AWVS scanner test website results \n![image](https://github.com/al0ne/Vxscan/raw/master/doc/logo.jpg)\n![image](https://github.com/al0ne/Vxscan/raw/master/doc/logo1.jpg)\n![image](https://github.com/al0ne/Vxscan/raw/master/doc/logo2.jpg)\n\nNote\n------\nFingerprint recognition mainly calls Wappalyzer and WebEye: \nhttps://github.com/b4ubles/python3-Wappalyzer \nhttps://github.com/zerokeeper/WebEye \nPoc referenced: \nBBscan scanner https://github.com/lijiejie/BBScan \nPOC-T https://github.com/Xyntax/POC-T/tree/2.0/script \nPerun https://github.com/WyAtu/Perun \nRefer to the anthx port scan, service judgment: \nhttps://raw.githubusercontent.com/AnthraX1/InsightScan/master/scanner.py \nJs sensitive information regular extraction reference: \nhttps://github.com/nsonaniya2010/SubDomainizer \nWAF judges the use of waf00f and whatwaf judgment rules: \nhttps://github.com/EnableSecurity/wafw00f \nhttps://github.com/Ekultek/WhatWaf \nThe html report uses: \nhttps://github.com/WyAtu/Perun\nhttps://github.com/ly1102 \n","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fal0ne%2FVxscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fal0ne%2FVxscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fal0ne%2FVxscan/lists"}