{"id":13538771,"url":"https://github.com/boy-hack/airbug","last_synced_at":"2025-10-05T16:28:11.039Z","repository":{"id":109047186,"uuid":"148161532","full_name":"boy-hack/airbug","owner":"boy-hack","description":"Airbug(空气洞)，收集漏洞poc用于安全产品","archived":false,"fork":false,"pushed_at":"2019-09-26T12:59:19.000Z","size":3411,"stargazers_count":353,"open_issues_count":0,"forks_count":100,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-04-12T13:15:42.707Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/boy-hack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-09-10T13:42:15.000Z","updated_at":"2025-03-07T09:51:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"f8f7048a-d30a-4da4-a4f1-ca200e52701b","html_url":"https://github.com/boy-hack/airbug","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/boy-hack/airbug","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fairbug","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fairbug/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fairbug/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fairbug/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/boy-hack","download_url":"https://codeload.github.com/boy-hack/airbug/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boy-hack%2Fairbug/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260933626,"owners_count":23084960,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:15.773Z","updated_at":"2025-10-05T16:28:05.985Z","avatar_url":"https://github.com/boy-hack.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Python","LLM分析过程","Python (1887)","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集"],"sub_categories":["\u003ca id=\"750f4c05b5ab059ce4405f450b56d720\"\u003e\u003c/a\u003e资源收集"],"readme":"# airbug\nAirbug(空气洞),一个长期开放用于收集漏洞poc仓库,可用于相关安全产品，亮点是能够在线加载poc并进行验证。\n\n所有PoC文件按照一定格式编写，且支持python3.x，为了方便操作，Airbug平台所有网络访问需要使用[黑客们使用的http底层网络库 - hack-requests](https://github.com/boy-hack/hack-requests)引擎编写。  \n\n- 因为使用了`hack-requests`，需要安装 `pip3 install HackRequests`\n## 如何使用\n在安装了`HackRequests`之后，就可以通过一种非常`hack`的方法来使用在线poc\n```bash\npython3 -c \"exec(__import__('HackRequests').http('https://raw.githubusercontent.com/boy-hack/airbug/master/airbug.py').text())\" -u https://x.hacking8.com -r emlog\n```\n- `-u` 指定目标\n- `-r` 确定cms名称，多个可用逗号分隔\n\n### 目录结构\n- cms 存放web相关poc\n- common 存放通用程序poc\n- hardware 存放硬件漏洞poc\n- system 存放一些系统和知名程序poc\n\n## Poc文件格式\nPOC插件的格式设计崇尚简单易用，所有内容只需要用`poc(arg,**kwargs)`函数封装即可，不关注其他细节。\n- 当poc验证成功时可返回文本或`Ture`或字典,为了返回详细信息，推荐使用字典返回形式\n- 若poc验证失败，返回`None`或`False`即可  \n\n```python\n# Author:w8ay\n# Name:测试DEMO\n\ndef poc(arg, **kwargs):\n    result = {\n        \"name\": \"Demo插件\",  # 插件名称\n        \"content\": \"如果这个插件能显示出来，就说明w12scan框架测试成功了\",  # 插件返回内容详情，会造成什么后果。\n        \"url\": arg,  # 漏洞存在url\n        \"log\": {\n            \"send\": \"send\",\n            \"response\": \"response\"\n        },\n        \"tag\": \"demo\"  # 漏洞标签\n    }\n    return result\n\n\nif __name__ == \"__main__\":\n    pass\n\n```\n\n### 参数传递\n\n在调用poc函数时，有的poc需要传递多个参数，这里统一约定\n\n| 序号 | 参数 | 解释        |\n| ---- | ---- | ----------- |\n| 1    | arg  | 传递一个url,格式:http\\[s\\]://xxx.xx 最后边没有`/` |\n| 2    | ip   | 传递ip      |\n| 3    | port | 传递端口    |\n\narg参数是必须的，如果有些情况只需要ip和端口，将arg置空，poc中读取ip，port即可，参考[system/iis/iis_webdav.py](system/iis/iis_webdav.py)\n\n## 目前遇到的问题\u0026困境\n- 期待更多人提交PoC，提交后该PoC便可被在线调用。[Thanks](./thanks.md)\n- 参数的不统一，部分PoC需要提供额外参数，这种额外参数以什么形式传递进来，是airbug在线调用遇到问题之一，还未解决。\n- 需要使用dnslog验证的漏洞，需要提供一个外部的接口，但我更倾向于选择一个第三方开源且免费的平台（很显然没有），所以可能会自己造轮子。\n\n## 参考\n- [https://github.com/Lucifer1993/AngelSword](https://github.com/Lucifer1993/AngelSword)\n- [https://github.com/vulhub/vulhub](https://github.com/vulhub/vulhub)\n- https://github.com/opensec-cn/kunpeng\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboy-hack%2Fairbug","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fboy-hack%2Fairbug","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboy-hack%2Fairbug/lists"}