-
-
Notifications
You must be signed in to change notification settings - Fork 20
/
cn-PentagridScanController.txt
92 lines (92 loc) · 9.11 KB
/
cn-PentagridScanController.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
(?i)About(\W+)README 关于$1阅读
(?i)Duplicates? 重复
(?i)Interesting 有趣的
(?i)Repeatability reasoning or why it was not scanned 可重复性推理或未扫描原因
(?i)scanned 已扫描
(?i)(\W+)repeatability requests $1可重复性请求
A new version of the 5# Scan Controller extension was installed, the settingsare not compatible, so all settings have been reset (check the Scan tab). 安装了5# Scan Controller 的新版本,设置不兼容,因此所有设置都已重置(请检查扫描选项卡)
(?i)Modified Request 修改后的请求
(?i)Modified Response 修改后的响应
(?i)Original Request 原请求
(?i)Original Response 原响应
(?i)(\W?\w+) not found 找不到$1
Only change settings marked with (!) if you really know what you do 确保你知道自己在做什么,否则请不要更改带!的设置
Requests to process (others won't show in UI) 要处理的请求(其他请求不会显示)
(?i)proxy requests? 代理请求
(?i)repeater requests? 重发器请求
Delay scans in seconds (0 to disable) 以秒为单位延迟扫描(0 表示禁用)
(?i)burp active scan Burp主动扫描
(?i)Hard exclusions? 硬排除
Only scan repeatable requests (!) 只扫描可重复的请求(!)
Never scan uninteresting HTTP status codes 不扫描无趣的HTTP状态码
Never scan uninteresting HTTP methods 不扫描无趣的HTTP方法
Never scan GET requests to uninteresting URL file extensions 不扫描以GET请求的无趣文件扩展:js、css等
Never scan requests to uninteresting URL file extensions 不扫描无趣的URL文件扩展请求
Never scan duplicates (URL, status code, parameters, see Duplicates counter) 不扫描重复的请求(URL、状态码、参数、查看重复计数器)
Never scan duplicates (URL, status code, see Duplicates counter) 不扫描重复的请求(URL、状态码、查看重复计数器)
Never scan request URLs matching this Regex 不扫描的URL请求,使用正则匹配
Never scan requests matching this Regex 不扫描匹配此正则表达式的请求
Only scan requests with a minimum interesting score of 仅扫描有趣得分达到最低分数的请求
(?i)Repeatability 重复性
Delay repeatability checks in seconds (0 to disable) 延迟可重复性检查(以秒为单位)(0以禁用)
(?i)Do heuristics? 启发式扫描
Maximum response length difference in % 最大响应长度差%
Heuristic words: repetition success (one per line) 启发式单词:重复成功(每行一个)
Heuristic words: repetition error (one per line) 启发式单词:重复错误(每行一个)
Heuristic words: repetition fatal error (one per line) 启发式单词:重复致命错误(每行一次)
Abort repeatability tests for current request if heuristic detects this many fatal errors 如果启发式检测到这么多致命错误,则中止当前请求的可重复性测试
Modifications for repeatability 可重复性修改
Maximum requests until giving up 最大的请求,直到放弃
Additional catch-all email domain used to detect if email is in a parameter (apart from Collaborator domain) 额外的通用电子邮件域,用于检测电子邮件是否在参数中(除了Collaborator域外)
Change UUIDs in parameter values 更改参数中的 UUID值
Change Emails in parameter values 更改参数中的电子邮件值
Change Numerics [0-9]+ in parameter values 更改参数中数字的值,为[0-9]+
Change Double [0-9]+\.[0-9]+ in parameter values 更改参数中数字的双数值,为[0-9]+\.[0-9]+
Change unix epoch timestamps (now +/- 3 months, in seconds or milliseconds) in parameter values 更改参数中unix时间戳,为(现在+/- 3个月范围,以秒或毫秒为单位)
Change Alphabetic [a-zA-Z] in parameter values 更改参数中的字母值,为([a-zA-Z])
Change Birthdate YYYY-MM-DD in parameter values 更改参数中的日期,为(yyyy-mm-dd)
Change booleans (true, false, 0, 1, True, etc.) in parameter values 更改参数值的布尔值(true、false、0、1、True等)
Change according to charset (e.g. 'foo_bar' might change to 'bffar_a') in parameter values 根据字符编码进行更改参数值更改,(例如,'foo_bar'可能变为'bffar_a')
Inject into URL query strings (Burp's PARAM_URL) URL参数注入(Burp的PARAM_URL)
Inject into body (Burp's PARAM_BODY) Body注入(Burp的PARAM_body)
Inject into cookies (Burp's PARAM_COOKIE) Cookie注入(Burp的PARAM_Cookie)
Inject into non-standard HTTP headers (this extension's PARAM_NON_STANDARD_HEADER) HTTP头注入(此扩展的PARAM_non-Standard_Header)
Inject into XML text nodes (this extension's PARAM_XML_CONTENT) XML节点注入(此扩展的PARAM_XML_Content)
Inject into XML attributes (this extension's PARAM_XML_ATTR) XML属性注入(此扩展的PARAM_XML_ATTR)
Inject into multipart filename (this extension's PARAM_MULTIPART_FILENAME) 文件名扩展注入(此扩展的PARAM_MULTIPART_FILENAME)
Inject into multipart content (this extension's PARAM_MULTIPART_CONTENT) 文件内容注入(此扩展的PARAM_MultiPart_Content)
Inject into JSON values (this extension's PARAM_JSON) JSON值注入(此扩展的PARAM_JSON)
Other settings 其他设置
Turn debug on (see extender output) 打开调试(参见扩展程序输出)
Use this many Threads to check repeatability/scan (requires extension reload) (!) 要用多少线程来检查可重复性/扫描(需要扩展重新加载) (!)
(?i)Unhide all log entries? 取消隐藏所有日志记录
(?i)Delete all log entries? 删除所有日志记录
Detailed settings (un)interesting things 详细设置有趣/无趣的东西
Interesting URL file extensions (one per line) 有趣的URL文件扩展名(每行一个)
Uninteresting URL file extensions (one per line) 无趣的URL文件扩展名(每行一个)
Interesting status codes (one per line) 有趣的状态码(每一行一个)
Uninteresting status codes (one per line) 无趣的状态码(每行一个)
Interesting HTTP methods (one per line) 有趣的HTTP方法(每行一条)
Uninteresting HTTP methods (one per line) 无趣的HTTP方法(每行一个)
(?i)Interesting score settings? 扫描分数设置
Points for multipart/form-data requests multipart/form-data请求的分数
Points for interesting HTTP request method 有趣的HTTP方法分数
Points for interesting URL file extension 有趣的URL文件扩展分数
Points for interesting HTTP response status code 有趣的HTTP状态码分数
Points per parameter 每个参数的分数
Experimental features for repeatability definition settings 重复性定义设置(实验性功能)
Ignore HTTP Status Codes (!) 忽略HTTP状态码(!)
Fixed response content indicating 200 OK (!) 修复响应内容包含200的状态(!)
Improve Automated and Semi-Automated Active Scanning 改进自动和半自动的主动扫描
Active Scanning might often do things that don't make any sense, such as scanning GET requests to .js files or scanning non-repeatable request. This extension allows to filter and preprocess according to your needs. It tries to check if a request is repeatable or not. If a request is not repeatable, it tries to make them repeatable by injecting Hackvertor tags. The extension doesn't try to be perfect, but useful. It cuts corners and in some cases simply doesn't scan certain requests. However, the extension individually displays and explains all decisions, allowing you to change the settings if you don't like the behavior. 主动扫描可能经常做一些没有意义的事情,例如扫描对.js文件的GET请求或扫描不可重复的请求。这个扩展允许根据你的需要进行过滤和预处理。它试图检查一个请求是否是可重复的。如果一个请求是不可重复的,它试图通过注入Hackvertor标签来使其可重复。该扩展并不试图做到完美,但很有用。它走弯路,在某些情况下干脆不扫描某些请求。然而,该扩展单独显示和解释所有的决定,如果你不喜欢这种行为,允许你改变设置。
(?i)Features? 未来
Everything configurable (interesting/uninteresting, blacklisting requests, etc.) 一切都是可配置的(有趣/无趣,请求黑名单,等等)
Howto use this extension 如何使用该扩展
Usage is very simple: 使用方法非常简单:
Add the website you test to the scope 将你测试的网站添加到范围中
Enable "Proxy requests" in the tab/section "Scan - Options - Requests to process" 在 "扫描-选项-要处理的请求 "标签/部分中启用 "代理请求"
Browse the web application (proxy) by using the Burp builtin browser. 使用Burp内置的浏览器(代理)
Check back on the Scan tab and see which request have been active scanned. Check those that have a high 在 "扫描 "选项卡上查看哪些请求已经被主动扫描了
"Interesting" rating but haven't been scanned ("Scanned" column set to false) 检查“有趣”列,有很高评分但还没有被扫描的请求("已扫描 "列设置为假)
See the Dashboard for Active Scan findings 查看主动扫描结果的仪表板
It's always good to sort by the reason column in the UI and check the different reasons. 查看UI中的推理列,排序并检查不同的原因,可能会由意外收获