Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/youki992/VscanPlus

[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.
https://github.com/youki992/VscanPlus

fingerprint fuzzing nuclei portscan security sql-injection xray

Last synced: 9 days ago
JSON representation

Host: GitHub
URL: https://github.com/youki992/VscanPlus
Owner: youki992
License: bsd-3-clause
Created: 2024-02-27T07:16:57.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-11-14T03:19:10.000Z (about 2 months ago)
Last Synced: 2024-11-14T04:18:39.838Z (about 2 months ago)
Topics: fingerprint, fuzzing, nuclei, portscan, security, sql-injection, xray
Language: Go
Homepage:
Size: 1.28 MB
Stars: 214
Watchers: 3
Forks: 20
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - youki992/VscanPlus - [VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本，端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具，批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect web (Go)

README

VscanPlus

VscanPlus is a second development version of Vscan, an open-source, lightweight, fast, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.

中文文档 •
Compilation/Installation/Running •
Parameter Description •
Usage •

# Features

![image](./static/help.png)

![image](./static/exp.png)

# Updates

- Updated ehole fingerprint
- Updated nuclei detection scripts
- Updated xray detection scripts
- Fixed missing field error when reading nuclei templates
- Standardized fingerprint names, nuclei, xray detection script naming format

# Commits

- According to the original vscan development documentation, users can customize fingerprints and pocs. The calling relationship between the two is: first detect the fingerprint, then call the corresponding poc, similar to the recently updated -ac command line detection feature in nuclei, both based on fingerprints to detect vulnerabilities

- According to the original vscan development documentation, the xray poc naming format corresponding to the fingerprint is: fingerprint-xxxx-yml, so the format of the newly added pocs has been standardized, including:
``
Weaver-OA
Yonyou-OA
Tongda-OA
Jinhe-OA
ThinPHP
Spring-Boot
Spring-Blade
Apache-Tomcat
Drupal
Microsoft-Exchange
Sangfor
``

- Nuclei loads pocs through tags

- ~~Based on the xray rule detection of the original vscan, the logic of loading multiple rules in yml v2 similar to nuclei templates has been rewritten, which can achieve multi-expression detection functionality~~

- The fuzzy detection feature for subdomain name takeover vulnerabilities is added
```
Based on the detection rules in the https://github.com/EdOverflow/can-i-take-over-xyz project, the corresponding domain name is determined to have a subdomain name takeover vulnerability by comparing the domain name CNAME resolution and the request return information. After the detection is complete, a matched_domains.txt file is generated in the current directory.
```
![image](https://img.picui.cn/free/2024/11/14/67356c0dda314.png)

```
Running effects
```
![image](https://img.picui.cn/free/2024/11/14/67356bc8eff9e.png)

# Todo

- Fix bugs related to some detection scripts failing to load

# Warning

- To compile and generate executable files, please download the vcsanplus-main-code.zip file from the releases

**本工具由Code4th安全团队二次开发和维护**

![image](https://ice.frostsky.com/2024/08/18/5559fc7abc47065e9e5e53a7dba2142b.jpeg)

**团队公开群**
- QQ群一群（772375860）

# Reference

https://github.com/veo/vscan

# Star History

[![Star History Chart](https://api.star-history.com/svg?repos=youki992/VscanPlus&type=Date)](https://star-history.com/#youki992/VscanPlus&Date)