{"id":13842036,"url":"https://github.com/xiecat/fofax","last_synced_at":"2025-05-15T18:08:53.327Z","repository":{"id":37539488,"uuid":"438202350","full_name":"xiecat/fofax","owner":"xiecat","description":"FOFAX是一个基于fofa.info的API命令行查询工具","archived":false,"fork":false,"pushed_at":"2024-07-22T02:48:22.000Z","size":36427,"stargazers_count":770,"open_issues_count":7,"forks_count":77,"subscribers_count":14,"default_branch":"dev","last_synced_at":"2025-03-31T22:18:29.539Z","etag":null,"topics":["fofa","fofa-cli","rule","survey"],"latest_commit_sha":null,"homepage":"https://fofax.xiecat.fun/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xiecat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-14T10:01:58.000Z","updated_at":"2025-03-29T14:00:22.000Z","dependencies_parsed_at":"2023-01-31T02:45:40.589Z","dependency_job_id":"1b58f648-9367-43fe-afcb-cbbb84fa2d48","html_url":"https://github.com/xiecat/fofax","commit_stats":null,"previous_names":[],"tags_count":58,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiecat%2Ffofax","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiecat%2Ffofax/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiecat%2Ffofax/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiecat%2Ffofax/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xiecat","download_url":"https://codeload.github.com/xiecat/fofax/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247744333,"owners_count":20988783,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fofa","fofa-cli","rule","survey"],"created_at":"2024-08-04T17:01:26.384Z","updated_at":"2025-04-07T23:08:37.521Z","avatar_url":"https://github.com/xiecat.png","language":"Go","funding_links":[],"categories":["其他_安全与渗透","Go Search Automation Tools","Go"],"sub_categories":["网络服务_其他"],"readme":"# FoFaX\n\n[![Latest release](https://img.shields.io/github/v/release/xiecat/fofax)](https://github.com/xiecat/fofax/releases/latest)![GitHub Release Date](https://img.shields.io/github/release-date/xiecat/fofax)![GitHub All Releases](https://img.shields.io/github/downloads/xiecat/fofax/total)[![GitHub issues](https://img.shields.io/github/issues/xiecat/fofax)](https://github.com/xiecat/fofax/issues)\n\n[:ledger: English README](https://github.com/xiecat/fofax/blob/main/README.md)   |   [:pushpin: Releases Download](https://github.com/xiecat/fofax/releases) [:racehorse: 详细使用文档 Docs](http://fofax.xiecat.fun/)\n\n## 0x00 简介\n\nFoFaX 是一款使用 Go 编写的命令行 FoFa 查询工具，在支持 FoFa 查询规则上增加了 Fx 语法来方便使用者编写自己的规则，并且内置了一些常用的规则，除此之外还有联动其他安全产品在内的其他多个实用功能。主要的功能如下：\n\n- 基本 FoFa 语法查询\n- 联动其他安全工具\n- 内置大量 FoFa 规则\n- Icon Hash 本地/在线计算查询\n- URL 证书计算查询\n- 排除国内资产\n- 一键浏览器中打开\n- 更多（等待您使用后的反馈）……\n\n除此之外还可以自定义 Fx 语法查询，用户可以通过 yaml 格式的配置文件编写自己的特定 Fx 查询规则。\n\n## 0x01 下载\n\n点击 [Releases下载链接](https://github.com/xiecat/fofax/releases) ，按照自己的系统架构选择相应的发行版本下载。\n\n## 0x02 配置\n\n### MacOS/Linux\n\n将下载下来的 FoFaX 压缩包解压，建议放在 `/usr/local/bin/` 目录下，以达到任意目录都可以运行 FoFaX 命令的目的。\n\n```console\ntar -zxvf ~/Downloads/fofax_v0.1.22_darwin_amd64.tar.gz -C /usr/local/bin/\n```\n\n第一次运行 FoFaX 命令会自动生成一个配置文件，位于 `~/.config/fofax/fofax.yaml`。\n\n```console\nfofax\n\n      ____        ____       _  __\n     / __/____   / __/____ _| |/ /\n    / /_ / __ \\ / /_ / __ `/|   /\n   / __// /_/ // __// /_/ //   |\n  /_/   \\____//_/   \\__,_//_/|_|\n\n                         fofax.xiecat.fun\n\n2021/12/23 21:21:28 [SUCC] create config file /Users/user/.config/fofax/fofax.yaml. please modify and use\n```\n\n接下来就是对此配置文件进行配置了，一般来说只需要配置完  `key` 就可以了。\n\n```console\nvim ~/.config/fofax/fofax.yaml\n```\n\n```console\n# fofa api key\nfofakey: ***************\n```\n**注意:** email 字段已经被弃用 (2023年12月21日)\n### Windows\n\n解压压缩包，第一次运行 fofax.exe 会在同级目录下生成一个 fofax.yaml 的配置文件。然后打开此配置文件，并填写  `key` 字段。\n\n## 0x03 使用方法\n\n### 使用 Tips\n\n不带任何参数时，除了会输出 ASCII Logo，还会随机输出一条使用 Tips。\n\n```console\nfofax\n\n      ____        ____       _  __\n     / __/____   / __/____ _| |/ /\n    / /_ / __ \\ / /_ / __ `/|   /\n   / __// /_/ // __// /_/ //   |\n  /_/   \\____//_/   \\__,_//_/|_|\n\n                         fofax.xiecat.fun\n\nfofaX is a command line fofa query tool, simple is the best!\n\nTips:\nComment: 搜索 Fx 中 google-reverse, 查询时使用扩展功能必须加 -fe 参数\nUsage: fofax -q 'fx=\"google-reverse\"' -fe\n```\n\n### 帮助信息\n\n可以使用 `fofax -h` 显示帮助信息。\n\n```console\nfofax -h\n\nfofaX is a command line fofa query tool, simple is the best!\n\nUsage:\n  fofax [flags]\n\nFlags:\nCONFIGS:\n   -email, -fofa-email string  Fofa API Email\n   -key, -fofakey string       Fofa API Key\n   -p, -proxy string           proxy for http like http://127.0.0.1:8080\n   -fofa-url string            Fofa url (default \"https://fofa.so\")\n   -debug                      Debug mode\n\nFILTERS:\n   -fs, -fetch-size int          The maximum number of query (default 100)\n   -e, -exclude                  Exclude the honeypot.\n   -ec, -exclude-country-cn      Exclude CN.\n   -ffi, -fetch-fullHost-info    URL fetch, with scheme, hostname, port\n   -fto, -fetch-titles-ofDomain  Fetch website title\n\nSINGLE QUERY/ERT/ICON:\n   -q, -query string              FoFa query statement\n   -uc, -url-cert string          Enter the certificate of the https URL to query\n   -iu, -url-to-icon-hash string  Enter the URL of an icon, calculate it and query it\n   -if, -icon-file-path string    Calculate the hash of the local icon file, then query it\n\nMULTIPLE QUERY/CERT/ICON:\n   -qf, -query-file string           Load files, query multiple statements\n   -ucf, -url-cert-file string       Read the URL from the file, calculate the cert and then query it\n   -iuf, -icon-hash-url-file string  Retrieve the URL from the file, calculate the icon hash and query it\n\nFX GRAMMER:\n   -g, -gen string           Generate fx statement files eg: default_fx.yaml\n   -fd, -fxdir string        fxdir directory (default \"/Users/user/.config/fofax/fxrules\")\n   -l, -lists                List of fx statements\n   -lt, -list-tags           List fx tags\n   -s, -search string        Search for fx statements. Statements are separated by semicolons eg: id=fx-2021-01;query=\"jupyter Unauth\"\n   -tree                     Print syntax tree\n   -fe, -fofa-ext            Using extended syntax(fx)\n   -ss, -show-single string  Display a single fx message\n\nOTHER OPTIONS:\n   -config string  fofax configuration file.The file reading order(fofax.yaml,/Users/user/.config/fofax/fofax.yaml,/etc/fofa.yaml) (default \"/Users/user/.config/fofax/fofax.yaml\")\n   -v, -version    Show fofaX version\n   -use            Syntax queries\n   -open           Open with your browser only support pipline/-q/-uc/-iu/-if\n   -no-limit-open  No limit to the number of openings in your browser\n```\n\n### FoFa 语法规则\n\n使用 `-use` 参数，显示 FoFa 语法查询规则。\n\n```console\nfofax -use\n\n┌───────────────────────────────────────────┬──────────────────────────────────────────────────┐\n│ Query                                     │ Explanation                                      │\n├───────────────────────────────────────────┼──────────────────────────────────────────────────┤\n│ title=\"beijing\"                           │ 从标题中搜索\"北京\"                                     │\n│ header=\"elastic\"                          │ 从http头中搜索\"elastic\"                               │\n│ body=\"网络空间测绘\"                         │ 从html正文中搜索\"网络空间测绘\"                       │\n│ title=\"beijing\"                           │ 从标题中搜索\"北京\"                                    │\n│ header=\"elastic\"                          │ 从http头中搜索\"elastic\"                            │\n│ body=\"网络空间测绘\"                         │ 从html正文中搜索\"网络空间测绘\"                       │\n│ fid=\"kIlUsGZ8pT6AtgKSKD63iw==\"            │ 查找相同的网站指纹                                     │\n│ domain=\"google.com\"                       │ 搜索根域名带有google.com的网站                         │\n│ icp=\"京ICP证030173号\"                      │ 查找备案号为\"京ICP证030173号\"的网站                  │\n│ js_name=\"js/jquery.js\"                    │ 查找网站正文中包含js/jquery.js的资产                    │\n│ js_md5=\"82ac3f14327a8b7ba49baa208d4eaa15\" │ 查找js源码与之匹配的资产                                │\n└───────────────────────────────────────────┴──────────────────────────────────────────────────┘\n```\n\n### 基础查询\n\n有如下两种方式查询 `app=\"APACHE-Solr\"`，不指定数量默认会输出 100 个 host，并且默认会对数据进行去重。\n\n```console\nfofax -q 'app=\"APACHE-Solr\"'\n\n2021/12/23 20:17:32 [SUCC] Fetch Data From FoFa: [100/30830]\n54.114.20.168:8443\n193.8.4.43:8983\n208.37.227.95:8983\n3.20.255.140:8983\n3.114.85.178:8983\n82.142.82.197:8983\n159.39.10.212:8983\n199.102.27.69:8983\n…………\n```\n\n```console\necho 'app=\"APACHE-Solr\"' | fofax\n2021/12/23 20:17:59 [SUCC] Fetch Data From FoFa: [100/30830]\n54.114.20.168:8443\n193.8.4.43:8983\n208.37.227.95:8983\n3.20.255.140:8983\n3.114.85.178:8983\n82.142.82.197:8983\n159.39.10.212:8983\n199.102.27.69:8983\n…………\n```\n\n### 指定查询数量\n\n```console\necho 'app=\"APACHE-Solr\"' | fofax -fs 5\n2021/12/23 20:19:00 [SUCC] Fetch Data From FoFa: [5/30830]\n13.57.71.190:8443\n165.22.215.32:8983\n184.73.40.143:8443\n3.20.255.140:8983\n```\n\n如上只输出了 4 条数据，是因为 FoFaX 自动对重复的数据进行了去重。\n\n### 排除查询\n\n添加 `-e` 参数，排除蜜罐的干扰。\n\n```console\necho 'app=\"APACHE-Solr\"' | fofax -fs 10 -e\n2021/12/23 22:56:14 [SUCC] Fetch Data From FoFa: [10/30849]\n13.126.128.253:80\n185.22.235.14:8983\n151.248.126.4:8983\n20.71.77.183:80\n23.102.46.20:443\n15.113.170.101:8443\n52.58.201.109:80\n```\n\n添加 `-ec` 参数，排除中国的数据。\n\n```console\necho 'app=\"APACHE-Solr\"' | fofax -fs 10 -ec\n2021/12/23 22:56:36 [SUCC] Fetch Data From FoFa: [10/26044]\n15.113.170.101:8443\n52.58.201.109:80\n13.126.128.253:80\n185.22.235.14:8983\n151.248.126.4:8983\n20.71.77.183:80\n23.102.46.20:443\n```\n\n### 获取 URL\n\n添加 `-ffi` 参数，根据查询语句直接获取对应的 URL（[scheme]://[host]:[port]）。\n\n```console\necho 'app=\"APACHE-Solr\"' | fofax -fs 5 -ffi\n2021/12/23 20:21:03 [SUCC] Fetch Data From FoFa: [5/30830]\nhttps://184.73.40.143:8443\nhttp://120.24.42.244:8983\nhttps://13.57.71.190:8443\nhttp://165.22.215.32:8983\n```\n\n### 获取 Title\n\n```console\necho 'domain=\"baidu.com\" \u0026\u0026 status_code=\"200\"' | fofax -fs 10 -fto\n2021/12/23 20:21:19 [SUCC] Fetch Data From FoFa: [10/1124]\nhttps://home.baidu.com [关于百度]\nhttp://research.baidu.com [Baidu Research]\nhttp://fecs.baidu.com [FECS - Front End Code Style Suite]\nhttp://yuntu.baidu.com [企业图谱]\nhttps://ditu.baidu.com [百度地图]\nhttps://sp2.baidu.com [百度一下，你就知道]\nhttps://tushuo.baidu.com [图说]\nhttps://ocpc.baidu.com [百度 oCPC 开发者中心]\nhttps://naotu.baidu.com [百度脑图 - 便捷的思维工具]\nhttp://usa.baidu.com [Baidu USA]\n```\n\n### Debug 模式\n\n添加 `-debug` 参数，开启 Debug 详细模式。\n\n```console\necho 'app=\"APACHE-Solr\"' | fofax -fs 5 -ffi -debug\n2021/12/25 21:28:57 [DEBUG] FoFa Size : 5\n2021/12/25 21:28:57 [DEBUG] FoFa Query of: app=\"APACHE-Solr\"\n2021/12/25 21:28:57 [DEBUG] https://fofa.so/api/v1/search/all?key=**************************\u0026qbase64=YXBwPSJBUEFDSEUtU29sciI=\u0026size=5\u0026page=1\u0026fields=protocol,ip,port,host\n2021/12/25 21:28:57 [DEBUG] Resp Time: 432/millis\n2021/12/25 21:28:57 [SUCC] Fetch Data From FoFa: [5/30942]\nhttp://35.183.115.103\nhttp://3.17.203.145:8983\nhttp://195.201.119.15:49154\nhttps://18.169.23.120\nhttp://174.138.127.51:8983\n```\n\n### 浏览器中打开\n\n```console\necho 'app=\"APACHE-Solr\"' | fofax -open\n```\n\n\u003c!-- ![openinbrowser](./docs/images/openinbrowser.gif) --\u003e\n\n![openinbrowser.gif](https://s2.loli.net/2021/12/25/2lvs4njYEUNmkLS.gif)\n\n### 计算 Icon Hash 并查询\n\n两种方式，第一种是直接根据提供 Icon 的 URL 来查询。\n\n```console\nfofax -iu https://www.baidu.com/favicon.ico -fs 5\n\n2021/12/23 20:21:59 [SUCC] Fetch Data From FoFa: [5/13284]\n47.98.104.77:8088\n154.39.217.22:80\nxueshu.mrsb.tk:80\n154.39.217.2:80\n154.39.217.28:80\n```\n\n第二种是根据本地 Icon 文件，来计算 Hash 并查询。\n\n```console\nwget https://www.baidu.com/favicon.ico\nfofax -if favicon.ico -fs 5\n\n2021/12/23 21:25:24 [SUCC] Fetch Data From FoFa: [5/13284]\n47.98.104.77:8088\n154.39.217.22:80\nxueshu.mrsb.tk:80\n154.39.217.2:80\n154.39.217.28:80\n```\n\n### 计算证书并查询\n\n```console\nfofax -fs 5 -uc https://www.baidu.com/\n\n2021/12/23 21:29:54 [SUCC] Fetch Data From FoFa: [5/361619]\n180.97.93.146:443\n180.97.93.65:443\n112.3.25.49:443\nitv.leiqiang8.cn:80\nowa2.leiqiang8.cn:80\n```\n\n## 0x04 Fx 语法查询\n\n在使用 FoFa 做信息收集或者其他事情的时候，有可能这条查询语句会非常非常的长，非常不好记忆，我们总不可能专门拿个小本本去记这个 FoFa 查询语句吧。\n\n这个时候，就可以使用 FoFaX 的 Fx 功能。目前 FoFaX 已经内置几十条 Fx 语法查询规则，用户可直接使用相应参数进行查询。同时用户还可以通过 yaml 格式的配置文件，编写自己特定的 Fx 语法查询规则。\n\n#### 显示内置 Fx 查询语句\n\n```console\nfofax -l\n\n┌───────────────┬────────────────────┬────────────────────────────────┬────────┬─────────────┬───────┐\n│ Id            │ Query              │ RuleName                       │ Author │ Tag         │ Type  │\n├───────────────┼────────────────────┼────────────────────────────────┼────────┼─────────────┼───────┤\n│ fx-2021-1001  │ google-reverse     │ Google反代服务器                 │ fofa   │ google      │ 内置   │\n│ fx-2021-1002  │ python-simplehttp  │ Python SimpleHTTP              │ fofa   │ python      │ 内置   │\n│ fx-2021-1003  │ data-leak          │ 社工库                          │ fofa   │ fun         │ 内置   │\n│ fx-2021-1004  │ hfs-rce            │ 存在命令执行的HFS服务             │ fofa   │ fun         │ 内置   │\n│ fx-2021-1005  │ satellite-ftp      │ 一键日卫星FTP？                  │ fofa   │ fun         │ 内置   │\n│ fx-2021-1006  │ mk-mining          │ mk路由器全球挖矿感染              │ fofa   │ fun         │ 内置   │\n│ fx-2021-1007  │ ss-manager-login   │ ss-Manager 登录                 │ fofa   │ fun         │ 内置   │\n│ fx-2021-1008  │ heating-monitor    │ 供暖监控系统                     │ fofa   │ fun         │ 内置   │\n│ fx-2021-1009  │ free-proxy         │ 免费代理池                      │ fofa    │ fun         │ 内置   │\n│ fx-2021-1010  │ honeypot           │ 蜜罐                           │ fofa    │ fun         │ 内置   │\n│ fx-2021-1011  │ hacked-website     │ 被挂黑的站点                     │ fofa   │ fun         │ 内置   │\n│ fx-2021-1012  │ jupyter-unauth     │ Jupyter 未授权                  │ xiecat │ unauth      │ 内置   │\n│ fx-2021-11001 │ APACHE-ActiveMQ    │ APACHE ActiveMQ                │ fofa   │ log4j2,fofa │ 内置   │\n│ fx-2021-11002 │ Apache_OFBiz       │ Apache OFBiz                   │ fofa   │ log4j2,fofa │ 内置   │\n│ fx-2021-11003 │ Jenkins            │ Jenkins                        │ fofa   │ log4j2,fofa │ 内置   │\n│ fx-2021-11004 │ RabbitMQ           │ RabbitMQ                       │ fofa   │ log4j2,fofa │ 内置   │\n│ fx-2021-11005 │ Apache-log4j2-Web  │ Apache log4j2 Web              │ fofa   │ log4j2,fofa │ 内置   │\n│ fx-2021-11006 │ Jedis              │ Jedis                          │ fofa   │ log4j2,fofa │ 内置   │\n│ fx-2021-11007 │ APACHE-tika        │ APACHE tika                    │ fofa   │ log4j2,fofa │ 内置   │\n└───────────────┴────────────────────┴────────────────────────────────┴────────┴─────────────┴───────┘\n```\n\n### 列出 Fx 语句的详细内容\n\n```console\nfofax -ss fx-2021-1001\n\nfx-2021-1001 fx-2021-1001\n┌─────────────┬─────────────────────────────────────────────────────────────────────────────────────────────┐\n│ Name        │ Value                                                                                       │\n├─────────────┼─────────────────────────────────────────────────────────────────────────────────────────────┤\n│ ID          │ fx-2021-1001                                                                                │\n│ Query       │ google-reverse                                                                              │\n│ RuleName    │ Google反代服务器                                                                              │\n│ RuleEnglish │ Google Reverse proxy                                                                        │\n│ Author      │ fofa                                                                                        │\n│ FofaQuery   │ body=\"var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();\" │\n│ Tag         │ google                                                                                      │\n│ Type        │ 内置                                                                                         │\n│ Description │ 不用挂代理就可以访问的Google搜索，但搜索记录可能会被记录。                                           │\n│ FileDir     │                                                                                             │\n└─────────────┴─────────────────────────────────────────────────────────────────────────────────────────────┘\n```\n\n### 添加 `-fe` 参数通过 Fx 语法进行查询\n\n```console\n[~] fofax -q 'fx=\"google-reverse\"' -fe -fs 5\n\n2021/12/23 22:27:02 [SUCC] fx query id:google-reverse\n2021/12/23 22:27:03 [SUCC] Fetch Data From FoFa: [5/5834]\n54.76.26.205:10000\n47.74.3.55:80\n47.90.7.161:443\n23.83.249.79:443\n45.76.10.197:8081\n```\n\n### 浏览器中直接打开\n\n```console\nfofax -q 'fx=\"google-reverse\"' -fe -open\n\n2021/12/23 22:22:21 [SUCC] fx query id:google-reverse\n2021/12/23 22:22:21 [SUCC] the query body=\"var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();\" will be opened with a browser\n```\n\n### 编写自定义的 Fx 语法规则\n\n下面给出一个例子，使用 FoFa 对某个目标进行信息收集的案例。\n\n#### 生成一个模版\n\n使用 `-g` 并指定生成的文件名指定路径，这样便生成了一个模版文件。\n\n```console\nfofax -g info-gathering.yaml\n\n2021/12/24 20:09:27 [INFO] Will Write Plugin file: info-gathering.yaml\n```\n\n查看此 yaml 文件，其内容如下。\n\n```console\nid: fx-2021-01\nquery: 查询的字符串用于fx=\"jupyter Unauth\" eg:(jupyter Unauth)\nrule_name: 规则名称 eg:(jupyter 未授权)\nrule_english: jupyter unauthorized\ndescription: 规则描述\nauthor: 作者\u003c邮箱\u003eeg:(xiecat)\nfofa_query: fofa语句 eg:(body=\"ipython-main-app\" \u0026\u0026 title=\"Home Page - Select or create a notebook\")\"\ntag:\n- 标签1 eg(unauthorized)\n- 标签2\nsource: 语句来源\n```\n\n按照如上说明，修改相应内容，便携一个新的 Fx 语法规则，关于此文件的路径，在编写完整后请放在 `~/.config/fofax/fxrules/` 这个目录。\n\n为方便复制，详细内容如下（注意 title 处填写自己的目标名）：\n\n```yaml\nid: fx-2021-01\nquery: redteam-info-gathering\nrule_name: 红队信息收集\nrule_english: redteam-info-gathering\ndescription: 使用fofa针对某个目标进行红队常见的高关注CMS/OA系统的信息收集\nauthor: xiecat\nfofa_query: title=\"Target\" \u0026\u0026 (title=\"平台\" || title=\"OA\" || title=\"系统\" || title=\"协同\" || title=\"办公\" || title=\"致远\" || title=\"泛微\" || title=\"用友\" || title=\"管理\" || title=\"后台\" || title=\"登录\" || title=\"login\" || title=\"admin\") \u0026\u0026 country=\"CN\"\ntag:\n- redteam\nsource: \n```\n\n下面就可以使用此 Fx 查询规则了，此查询不可以说不方便。。\n\n```console\nfofax -q 'fx=\"redteam-info-gathering\"' -fe -ffi\n\n2021/12/25 21:31:01 [SUCC] fx query id:redteam-info-gathering\n2021/12/25 21:31:01 [SUCC] Fetch Data From FoFa: [27/27]\nhttp://60.205.169.36:9080\nhttps://43.243.13.187\nhttp://806f52.ylhskhgyn.com\nhttps://119.28.47.98:8443\nhttp://124.70.197.255:8088\nhttps://223.72.236.165\nhttp://192.144.212.92:8080\nhttps://114.255.204.149\n......\n```\n\n## 0x05 联动使用案例\n\n\u003e 在红队信息收集完毕后，便可以将收集到的资产交给探活工具、指纹识别工具以及漏洞扫描工具去进行探活、指纹识别和漏洞探测。\n\n### FoFax \u0026\u0026 httpX\n\nCVE-2021-43798 Grafana 未授权目录遍历。\n\n\u003c!-- ![FoFaX\u0026httpX](./docs/images/fofax\u0026httpx.png) --\u003e\n\n![fofax_httpx](https://s2.loli.net/2021/12/25/kNx281ne7Ou5p4L.png)\n\n### FoFaX \u0026\u0026 Nuclei\n\n将 FoFaX 获取的数据传递到 Nuclei，然后使用 CVE-2021-43798 Template 批量漏洞扫描。\n\n\u003c!-- ![FoFaX\u0026Nuclei](./docs/images/fofax\u0026nuclei.png) --\u003e\n\n![fofax_nuclei](https://s2.loli.net/2021/12/25/YztbnOelLZGQAIJ.png)\n\n### FoFaX \u0026\u0026 Xray\n\n![fofax_xray](https://github.com/xiecat/fofax-doc/blob/dev/docs/.vuepress/public/fofax\u0026xray.png?raw=true)\n\n### FoFaX \u0026\u0026 observer_ward\n\n![fofax_observer_ward](https://github.com/xiecat/fofax-doc/blob/dev/docs/.vuepress/public/fofax\u0026observer_ward.png?raw=true)\n\n### FoFaX \u0026\u0026 dismap\n\n![fofax_dismap](https://github.com/xiecat/fofax-doc/blob/dev/docs/.vuepress/public/fofax\u0026dismap.png?raw=true)\n\n## 0x06 Stargazers\n\n[![Stargazers over time](https://starchart.cc/xiecat/fofax.svg)](https://starchart.cc/xiecat/fofax)\n\n## 0x07 致谢\n\nFoFaX 已加入 [FOFA 共创者计划](https://fofa.info/development)，感谢 FOFA 提供的账号支持。\n\n![fofa-logo](https://user-images.githubusercontent.com/40891670/209631625-f73811b0-a26a-4a42-8158-e5061464481d.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxiecat%2Ffofax","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxiecat%2Ffofax","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxiecat%2Ffofax/lists"}