{"id":13844054,"url":"https://github.com/d3ckx1/Fvuln","last_synced_at":"2025-07-11T21:32:42.024Z","repository":{"id":40610539,"uuid":"410568346","full_name":"d3ckx1/Fvuln","owner":"d3ckx1","description":"F-vuln（全称：Find-Vulnerability）是为了自己工作方便专门编写的一款自动化工具，主要适用于日常安全服务、渗透测试人员和RedTeam红队人员，它集合的功能包括：存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。","archived":false,"fork":false,"pushed_at":"2023-07-22T02:03:42.000Z","size":21344,"stargazers_count":1070,"open_issues_count":22,"forks_count":142,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-10-16T09:41:44.991Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/d3ckx1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-09-26T14:05:11.000Z","updated_at":"2024-10-08T08:07:20.000Z","dependencies_parsed_at":"2024-02-08T20:59:09.344Z","dependency_job_id":"5919adb7-2929-47e7-95c7-84164c5cb04d","html_url":"https://github.com/d3ckx1/Fvuln","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3ckx1%2FFvuln","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3ckx1%2FFvuln/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3ckx1%2FFvuln/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3ckx1%2FFvuln/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/d3ckx1","download_url":"https://codeload.github.com/d3ckx1/Fvuln/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225763232,"owners_count":17520424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:02:33.671Z","updated_at":"2024-11-21T16:30:28.324Z","avatar_url":"https://github.com/d3ckx1.png","language":null,"funding_links":[],"categories":["web shell、shellcode","LLM分析过程","Others"],"sub_categories":["网络服务_其他"],"readme":"\u003c!-- markdownlint-disable first-line-heading --\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/d3ckx1/Fvuln/blob/main/image/logo.png\" alt=\"Fvuln\" height=\"150\" /\u003e\n  \u003ch1 align=\"center\" \u003e F-vuln \u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \n\u003ch4 align=\"center\" \u003e F-vuln（全称：Find-Vulnerability）是为了自己工作方便专门编写的一款自动化工具，主要适用于日常安全服务、渗透测试人员和RedTeam红队人员，它集合的功能包括：存活IP探测、开放端口探测、web服务探测、web漏洞扫描、smb爆破、ssh爆破、ftp爆破、mssql爆破等其他数据库爆破工作以及大量web漏洞检测模块。它可以根据目标开放的服务进行特定操作，不做无用功。适用于内网环境、互联网，对发现的安全问题，自动生成保存有用的内容在txt表里，以方便安全人员对授权项目完成测试工作。\u003c/h4\u003e\n\n \n  \n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://www.github.com/d3ckx1\" target=\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/badge/作者-d3ckx1-2277cc.svg?style=flat-square\u0026logo=GitHub\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/d3ckx1/Fvuln\"\u003e\u003cimg alt=\"Fvuln\" src=\"https://img.shields.io/github/forks/d3ckx1/Fvuln.svg\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/d3ckx1/Fvuln\"\u003e\u003cimg alt=\"Fvuln\" src=\"https://img.shields.io/github/issues/d3ckx1/Fvuln.svg\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/d3ckx1/Fvuln\"\u003e\u003cimg alt=\"Fvuln\" src=\"https://img.shields.io/github/stars/d3ckx1/Fvuln.svg\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/d3ckx1/Fvuln\"\u003e\u003cimg alt=\"Fvuln\" src=\"https://img.shields.io/badge/Fvuln-green\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n# v1.4.9 更新\n1、修复漏洞误报；\n2、新增单独或批量漏洞扫描功能，-s 参数；\n3、新增33个POC；\n4、去掉一些banner。\n\n# v1.4.8 更新\n1、新增25个漏洞检测；（现共460个漏洞模块）\n2、新增在服务爆破功能提示处，不操作8秒后自动进行爆破功能；\n3、新增加入200个常用密码字典；\n4、端口探测、SMB爆破提升速度；\n5、修复漏洞误报。（感谢反馈）\n\n# v1.4.7 更新\n\n1、新增55个漏洞检测；（现共436个漏洞模块）\n2、新增centos程序版本；\n3、修复多个漏洞误报。（感谢@Jaky老师的反馈）\n\n\n\n\n# 已经支持检测的漏洞表\nhttps://github.com/d3ckx1/Fvuln/blob/main/vuln-list.txt\n\n# 注：未经允许不可用于非法扫描攻击，请遵守国家法律法规\n\n\n\n# 建议运行环境\nWindows环境安装Terminal命令行，（这样运行显示更漂亮美观）\n如下图这些都可以\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20210926222313.png)\n\nLinux环境使用默认命令行终端即可。\n\n# 使用命令_v1.4 版:\n\nFvuln.exe -s tomcat -u http://192.168.0.100/\n\n查看程序版本：Fvuln.exe -v （如果你能直连github，即可获取程序最新版本号）\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/version2.png)\n\n（如果你不能直连github，即这样，你懂的）\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/version1.png)\n\n\n\nfofa批量搜索检测：Fvuln.exe -fofa \"泛微云桥\"\n\n \n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/fofa.png)\n\n 注：再同目录下创建“key.txt”文件，文件内第一行写入邮箱地址；第二行写入你的key\n\n\n\n\n批量URL检测：Fvuln.exe -us urls.txt\n\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/urls.png)\n\n注：url.txt 里面放的是URL网站，如下图，\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/url_txt.png)\n或者直接不要http，我写了识别没有http，会自己添加  \"http://\" 与 “/”\n\n单URL检测：Fvuln.exe -u http://192.168.1.1\n\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/url-check.png)\n\n查看帮助: Fvuln.exe -h \n\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/1.png)\n\n查看现在能检测的漏洞模块：Fvuln.exe -l  or Fvuln.exe --list\n\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/2.png)\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/3.png)\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/4.png)\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/5.png)\n\n执行： Fvuln.exe -t 192.168.0.100  or Fvuln.exe 192.168.0.1/24\n\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/6.png)\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/7.png)\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/8.png)\n\n执行完成，查看报表：\n\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/9.png)\n\n批量执行：Fvuln.exe -f ip.txt\n\n如果觉得我存活探测慢或者工作中又其他需求需要对特定IP进行扫描工作，可以把IP地址，写进txt里，使用这个功能正常进行全部工作。\n\n如图；\n![Image text](https://github.com/d3ckx1/Fvuln/blob/main/image/ip_txt.png)\n\n\n# 缺点\n\n1、爆破ssh工作时命令行上会出现大量报错，但不影响爆破工作、报表里不会保存这些报错。\n\n# 支持的系统\nwindowexe版本\\Linux版本请在 Releases 中下载\nhttps://github.com/d3ckx1/Fvuln/releases\n\n:)\n\n\n# 欢迎大家使用，并向我提出宝贵意见，以及欢迎大家给我提供poc/exp.\n\n\n\n## 🏁 Star曲线\n![star](https://starchart.cc/d3ckx1/Fvuln.svg)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3ckx1%2FFvuln","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd3ckx1%2FFvuln","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3ckx1%2FFvuln/lists"}