Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/depycode/burpsuite_hack
一款代理扫描器
https://github.com/depycode/burpsuite_hack
Last synced: about 2 months ago
JSON representation
一款代理扫描器
- Host: GitHub
- URL: https://github.com/depycode/burpsuite_hack
- Owner: depycode
- Created: 2023-02-06T06:02:18.000Z (almost 2 years ago)
- Default Branch: master
- Last Pushed: 2023-05-05T15:14:09.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:43:41.840Z (5 months ago)
- Language: Python
- Size: 345 KB
- Stars: 493
- Watchers: 7
- Forks: 60
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - depycode/burpsuite_hack - 一款代理扫描器 (Python)
README
# burpsuite_hack
一款代理扫描器- 适配python3.6+
- 支持 GET/POST/无限嵌套json、list的漏洞探测
- 扫描请求去重
- 基本不会触发WAF,最小化探测
详细请见:https://www.cnblogs.com/depycode/p/17079397.html
# 整体架构
![image](https://github.com/depycode/burpsuite_hack/blob/master/p2.png)# 使用方法
- burpsuite 插件加载:BurpExtender_ALL_UI.py ,修改socks host、port 为扫描端对应的ip和端口,然后点击set
![image](https://github.com/depycode/burpsuite_hack/blob/master/p1.png)
![image](https://github.com/depycode/burpsuite_hack/blob/master/p4.png)- 扫描端启动
```
nohup python3 MyUDPHandler_Threads.py &
```# 创建数据库
```
+--------------------+
| Tables_in_burphack |
+--------------------+
| sql_bool |
| sql_error |
| ssrf |
+--------------------+
``````
+----------+-------------------------------------------------------------------+
| Database | Create Database |
+----------+-------------------------------------------------------------------+
| burphack | CREATE DATABASE `burphack` /*!40100 DEFAULT CHARACTER SET utf8 */ |
+----------+-------------------------------------------------------------------+
``````
+----------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+----------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| sql_bool | CREATE TABLE `sql_bool` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`host` varchar(255) NOT NULL,
`risk` int(11) NOT NULL,
`bool_true_resp` mediumtext NOT NULL,
`bool_true_req` mediumtext NOT NULL,
`bool_false_resp` mediumtext,
`bool_false_req` mediumtext,
`first_resp` mediumtext NOT NULL,
`payload` varchar(255) NOT NULL,
`first_req` mediumtext NOT NULL,
`create_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COMMENT='bool型sql注入' |
+----------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
``````
+-----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+-----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| sql_error | CREATE TABLE `sql_error` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`request_data` mediumtext,
`response` mediumtext,
`host` varchar(255) DEFAULT NULL,
`dbms` varchar(255) DEFAULT NULL,
`create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 |
+-----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
``````
+-------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+-------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ssrf | CREATE TABLE `ssrf` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`payload` varchar(255) DEFAULT NULL,
`request_data` mediumtext,
`response` mediumtext,
`host` varchar(255) DEFAULT NULL,
`is_vul` int(11) DEFAULT '0' COMMENT '0 默认值\n1 存在漏洞',
`create_time` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
`vuType` int(11) DEFAULT NULL COMMENT '1 ssrf\n2 rce',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=16625 DEFAULT CHARSET=utf8 COMMENT='历史ssrf探测请求' |
+-------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
```# 实战成果
- TSRC![image](https://github.com/depycode/burpsuite_hack/blob/master/p3.png)
# 参考
- https://github.com/w-digital-scanner/w13scan