Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/WingsSec/Meppo
漏洞检测框架 Meppo | By WingsSec
https://github.com/WingsSec/Meppo
Last synced: 21 days ago
JSON representation
漏洞检测框架 Meppo | By WingsSec
- Host: GitHub
- URL: https://github.com/WingsSec/Meppo
- Owner: WingsSec
- License: mit
- Created: 2022-03-22T02:05:35.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-11-14T07:04:34.000Z (about 1 year ago)
- Last Synced: 2024-08-05T17:44:09.001Z (4 months ago)
- Language: Python
- Homepage:
- Size: 5.08 MB
- Stars: 220
- Watchers: 7
- Forks: 38
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - WingsSec/Meppo - 漏洞检测框架 Meppo | By WingsSec (Python)
README
# Meppo
漏洞检测框架 Meppo | By WingsSec### Update Log
##### V1.0 `2021-09-26` `框架开源`
##### V1.1 `2022-03-23` `正式开源`
同时开源了大量高质量漏洞检测脚本
##### V2.0 `2022-04-07`
版本重大更新,我们换了套皮肤 /手动狗头
优化框架交互,优化多种消息的颜色等级提示
继fofa之后新增shodan、hunter API导出
进一步丰富和优化脚本
##### V2.1 `2022-04-13`
新增API接口,简单实现单poc+单目标调度需求
/list 用于查询所有moudles和payloads
/api 传入poc和target参数即可实现交互
鉴于并发对前后端异步和服务器资源的依赖,so,穷!
进一步丰富和优化脚本![](show.png)
```angular2html
__ __
| \/ | ___ _ __ _ __ ___
| |\/| |/ _ \ '_ \| '_ \ / _ \
| | | | __/ |_) | |_) | (_) |
|_| |_|\___| .__/| .__/ \___/
|_| |_|漏洞检测框架 Meppo | By WingsSec | V 2.1
[ 30 MOUDLES 64 PAYLOADS ]
Usage:
python Meppo.py -l List All Moudles
python Meppo.py -ll List All Payloads
python Meppo.py -m xxx -l List Payload Of The Moudle
python Meppo.py -poc xxx -u target 单目标 单POC监测
python Meppo.py -poc xxx -f targets.txt 多目标 单POC监测
python Meppo.py -m xxx -u target 单目标 模块监测
python Meppo.py -m xxx -f targets.txt 多目标 模块监测
python Meppo.py -fofa APP="DEMO" FOFA API 报告导出 num默认1000
python Meppo.py -fofa APP="DEMO" -num 100 FOFA API 报告导出 自定义数量
python Meppo.py -hunter APP="DEMO" HUNTER API 报告导出 num默认1000
python Meppo.py -hunter APP="DEMO" -num 100 SHODAN HUNTER 报告导出 自定义数量
python Meppo.py -shodan APP="DEMO" SHODAN API 报告导出 num默认1000
python Meppo.py -shodan APP="DEMO" -num 100 SHODAN API 报告导出 自定义数量
python Meppo.py -server 启动API服务 默认1988端口
python Meppo.py -server -port 1988 启动API服务 自定义端口```
```angular2html
__ ___
/ |/ /__ ____ ____ ____
/ /|_/ / _ \/ __ \/ __ \/ __ \
/ / / / __/ /_/ / /_/ / /_/ /
/_/ /_/\___/ .___/ .___/\____/
/_/ /_/漏洞检测框架 Meppo | By WingsSec | V 2.1
[ 30 MOUDLES 64 PAYLOADS ]
usage: Meppo.py [-h] [-l] [-ll] [-m MOUDLE] [-u URL] [-f FILE] [-poc POC] [-fofa FOFA] [-shodan SHODAN] [-num NUM]options:
-h, --help show this help message and exit
-l list
-ll list all
-m MOUDLE moudle
-u URL target url
-f FILE the file of target list漏洞检测模块:
-poc POC 漏洞检测资产爬取模块:
-fofa FOFA 资产爬取
-hunter HUNTER 资产爬取
-shodan SHODAN 资产爬取
-num NUM 资产数量API服务模块:
-server 启动API服务
-port PORT 监听端口```
```angular2html
_____
/ \ ____ ______ ______ ____
/ \ / \_/ __ \\____ \\____ \ / _ \
/ Y \ ___/| |_> > |_> > <_> )
\____|__ /\___ > __/| __/ \____/
\/ \/|__| |__|漏洞检测框架 Meppo | By WingsSec | V 2.1
[ 30 MOUDLES 64 PAYLOADS ]
【Payload List】
==================================================================================================================
| Moudle | Payload | Remark |
------------------------------------------------------------------------------------------------------------------
| AlibabaCanal | Alibaba_Canal_Info_Leak | Alibaba Canal config 云密钥信息泄露漏洞 |
------------------------------------------------------------------------------------------------------------------
| Apache | CVE_2021_41773 | Apache httpd 目录穿越漏洞 |
------------------------------------------------------------------------------------------------------------------
| Confluence | CVE_2021_26084 | Confluence OGNL注入RCE |
------------------------------------------------------------------------------------------------------------------
| Demo | Demo | robots.txt敏感信息泄露 |
------------------------------------------------------------------------------------------------------------------
| Demo | Test | 万能test |
------------------------------------------------------------------------------------------------------------------
| Discuz |discuz_version_change_getshell| discuz 版本转换功能getshell漏洞 |
------------------------------------------------------------------------------------------------------------------
| Drupal | CVE_2018_7600 | Drupal 7 RCE |
------------------------------------------------------------------------------------------------------------------
| Drupal | CVE_2018_7600_8 | Drupal 8 RCE |
------------------------------------------------------------------------------------------------------------------
| Drupal | CVE_2019_6340 | drupal8-REST-RCE |
------------------------------------------------------------------------------------------------------------------
| ESAFENET | CNVD_2021_26058 | 亿赛通电子文档安全管理系统远程命令执行漏洞 |
------------------------------------------------------------------------------------------------------------------
| EyouCMS | EyouCMS_qiantai_rce | 易优CMS前台RCE |
------------------------------------------------------------------------------------------------------------------
| F5 | CVE_2020_5902 | F5 BIG-IP 远程代码执行漏洞1 |
------------------------------------------------------------------------------------------------------------------
| F5 | CVE_2021_22986 | F5 BIG-IP 远程代码执行漏洞2 |
------------------------------------------------------------------------------------------------------------------
| Fikker | Fikker_admin | fikker Console default password |
------------------------------------------------------------------------------------------------------------------
| H3C | IMC_RCE | H3C IMC RCE |
------------------------------------------------------------------------------------------------------------------
| Inspur | CVE_2020_21224 | Inspur ClusterEngine V4.0 RCE |
------------------------------------------------------------------------------------------------------------------
| Inspur | Inspur_Any_user_login | 浪潮任意用户登录漏洞 |
------------------------------------------------------------------------------------------------------------------
| Inspur | Inspur_sysShell_RCE | 浪潮ClusterEngineV4.0 sysShell RCE |
------------------------------------------------------------------------------------------------------------------
| Jeecms | Jeecms_ssrf_getshell | Jeecms ssrf漏洞 |
------------------------------------------------------------------------------------------------------------------
| Kangle | Kangle_default_password | kangle 默认密码 |
------------------------------------------------------------------------------------------------------------------
| Landray | Landray_OA_anyfile_read | 蓝凌OA custom.jsp 任意文件读取漏洞 |
------------------------------------------------------------------------------------------------------------------
| Landray |Landray_OA_xmldecoder_getshell| 蓝凌OA xmldecoder 反序列化漏洞 |
------------------------------------------------------------------------------------------------------------------
| Lanproxy | CVE_2021_3019 | Lanproxy 目录遍历漏洞 |
------------------------------------------------------------------------------------------------------------------
| Nexus | CVE_2019_7238 | Nexus RCE |
------------------------------------------------------------------------------------------------------------------
| Seeyon | CNVD_2019_19299 | 致远OA A8 htmlofficeservlet RCE |
------------------------------------------------------------------------------------------------------------------
| Seeyon | CNVD_2020_62422 | 致远OA webmail.do任意文件下载检测 |
------------------------------------------------------------------------------------------------------------------
| Seeyon | CNVD_2021_01627 | 致远OA ajax.do登录绕过 任意文件上传 |
------------------------------------------------------------------------------------------------------------------
| Seeyon | Information_seeyou | 致远OA 敏感信息泄露 |
------------------------------------------------------------------------------------------------------------------
| Seeyon | Seeyon_OA_SessionLeak_Upload | 致远OA Session泄露 任意文件上传漏洞 |
------------------------------------------------------------------------------------------------------------------
| Seeyon | Seeyon_OA_Session_Leak | 致远OA getSessionList.jsp Session泄漏漏洞 |
------------------------------------------------------------------------------------------------------------------
| Seeyon | Seeyon_OA_SQLInjection | 致远OA SQL注入漏洞 |
------------------------------------------------------------------------------------------------------------------
| SonarQube | CVE_2020_27986 | SonarQube API 未授权访问漏洞 |
------------------------------------------------------------------------------------------------------------------
| Spring | CVE_2022_22947 | Spring Cloud Gateway RCE |
------------------------------------------------------------------------------------------------------------------
| Spring | CVE_2022_22963 | spring_function_rce |
------------------------------------------------------------------------------------------------------------------
| Spring | CVE_2022_22965 | Spring Core RCE |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_Any_file_upload | TDXK_前台任意文件上传 |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_Any_user_login | TDXK_任意用户登录 |
------------------------------------------------------------------------------------------------------------------
| TDXK | TDXK_logined_any_file_upload | TDXK_登录后任意文件上传 |
------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------
| Weaver | CNVD_2019_32204 | 泛微OA Bsh 远程代码执行漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weaver | Weaver_e_Bridge_file_read | 泛微云桥 e-Bridge 任意文件读取 |
------------------------------------------------------------------------------------------------------------------
| Weaver | Weaver_e_Cology_RCE | 泛微E-Cology WorkflowServiceXml RCE |
------------------------------------------------------------------------------------------------------------------
| Weaver |Weaver_e_cology_v9_file_upload| 泛微OA weaver.common.Ctrl 任意文件上传漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weaver | Weaver_OA_V8_sqlinjection | 泛微OA V8 SQL注入漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weblogic | CVE_2014_4210 | Weblogic SSRF漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weblogic | CVE_2017_10271 | Weblogic XML Decoder反序列化漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weblogic | CVE_2018_2894 | Weblogic任意文件上传漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weblogic | CVE_2019_2725 | Weblogic RCE |
------------------------------------------------------------------------------------------------------------------
| Weblogic | CVE_2020_16882 | Weblogic未授权远程代码执行漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weblogic | CVE_2021_2109 | Weblogic LDAP 远程代码执行漏洞 |
------------------------------------------------------------------------------------------------------------------
| Weblogic | Weblogic_Console_Info_Leak | Weblogic控制台路径泄露 |
------------------------------------------------------------------------------------------------------------------
| Zabbix | CVE_2016_10134 | Zabbix SQL注入 |
------------------------------------------------------------------------------------------------------------------
| Zabbix | Zabbix_default_password | zabbix 默认密码 |
==================================================================================================================```