https://github.com/youki992/VscanPlus

[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.
https://github.com/youki992/VscanPlus

fingerprint fuzzing nuclei portscan security sql-injection xray

Last synced: 3 months ago
JSON representation

[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.

• Host: GitHub
• URL: https://github.com/youki992/VscanPlus
• Owner: youki992
• License: bsd-3-clause
• Created: 2024-02-27T07:16:57.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2024-08-19T05:16:00.000Z (4 months ago)
• Last Synced: 2024-08-19T06:29:46.400Z (4 months ago)
• Topics: fingerprint, fuzzing, nuclei, portscan, security, sql-injection, xray
• Language: Go
• Homepage:
• Size: 1.27 MB
• Stars: 166
• Watchers: 3
• Forks: 15
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - youki992/VscanPlus - [VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect web (Go)

README

        


  VscanPlus

  




VscanPlus is a second development version of Vscan, an open-source, lightweight, fast, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.
















  中文文档 •

  Compilation/Installation/Running •

  Parameter Description •

  Usage •



# Features

![image](./static/help.png)

![image](./static/exp.png)

# Updates

- Updated ehole fingerprint

- Updated nuclei detection scripts

- Updated xray detection scripts

- Fixed missing field error when reading nuclei templates

- Standardized fingerprint names, nuclei, xray detection script naming format

# Commits

- According to the original vscan development documentation, users can customize fingerprints and pocs. The calling relationship between the two is: first detect the fingerprint, then call the corresponding poc, similar to the recently updated -ac command line detection feature in nuclei, both based on fingerprints to detect vulnerabilities



    



- According to the original vscan development documentation, the xray poc naming format corresponding to the fingerprint is: fingerprint-xxxx-yml, so the format of the newly added pocs has been standardized, including:

``

Weaver-OA

Yonyou-OA

Tongda-OA

Jinhe-OA

ThinPHP

Spring-Boot

Spring-Blade

Apache-Tomcat

Drupal

Microsoft-Exchange

Sangfor

``

- Nuclei loads pocs through tags



    



- ~~Based on the xray rule detection of the original vscan, the logic of loading multiple rules in yml v2 similar to nuclei templates has been rewritten, which can achieve multi-expression detection functionality~~

# Todo

- Fix bugs related to some detection scripts failing to load

# Warning

- To compile and generate executable files, please download the vcsanplus-main-code.zip file from the releases

**本工具由Code4th安全团队二次开发和维护**

![image](https://ice.frostsky.com/2024/08/18/5559fc7abc47065e9e5e53a7dba2142b.jpeg)

**团队公开群**

- QQ群一群（772375860）

**团队内部知识大陆**

![image](https://ice.frostsky.com/2024/08/18/bea40903e13c5ae238926338dd3b5331.png)

# Reference

https://github.com/veo/vscan

# Star History

[![Star History Chart](https://api.star-history.com/svg?repos=youki992/VscanPlus&type=Date)](https://star-history.com/#youki992/VscanPlus&Date)