Releases: chaitin/xray
Releases · chaitin/xray
1.9.11
1.9.10
1.9.9
1.9.8
1.9.7
1.9.6
1.9.5
1.9.4
更新内容
插件更新
- 添加XStream扫描插件,支持列表如下(该插件需开启反连平台)
- CVE-2021-21344
- CVE-2021-21345
- CVE-2021-39141
- CVE-2021-39144
- ...(共29个插件)
- fastjson插件支持cve-2022-25845的检测
POC编写/执行更新
- 新增警告信息,师傅们可以根据警告信息删除检测插件创建的文件等
- 支持在GET,HEAD,OPTION时添加body
- 添加compare version函数,可以对匹配出的版本进行对比
- 添加html实体编码/解码函数
- 添加java反序列化函数
- 添加hex/hexDecode函数
优化内容
- 优化了反连平台漏洞捕获逻辑,提高了命中率
- 优化了 poc lint 变得更人性化
- yaml脚本支持获取rmi反连平台的链接,具体使用请参考官方文档
- 优化了Struts2检测模块,添加反连确认,减少误报漏报
修复POC
规则优化,规则弱
poc-yaml-drawio-cve-2022-1713-ssrf
poc-yaml-h3c-cvm-upload-file-upload
poc-yaml-iis-cve-2017-7269
poc-yaml-74cms-sqli-cve-2020-22209
poc-yaml-reporter-file-read
poc-yaml-wanhu-ezoffice-documentedit-sqli
poc-yaml-joomla-cve-2017-8917-sqli
poc-yaml-iis-cve-2017-7269
poc-yaml-emerge-e3-cve-2019-7256
poc-yaml-alibaba-nacos-v1-auth-bypass
poc-yaml-wanhu-ezoffice-documentedit-sqli
poc-yaml-magicflow-gateway-main-xp-file-read
poc-yaml-gitblit-cve-2022-31268
poc-yaml-phpstudy-nginx-wrong-resolve
poc-yaml-confluence-cve-2022-26138
poc-yaml-metinfo-lfi-cnvd-2018-13393
poc-yaml-zabbix-cve-2019-17382
poc-yaml-wordpress-paypal-pro-cve-2020-14092-sqli
poc-yaml-vite-cnvd-2022-44615
poc-yaml-phpmyadmin-cve-2018-12613-file-inclusion
poc-yaml-zabbix-cve-2022-23134
poc-yaml-ametys-cms-cve-2022-26159
优化删除(功能与xray的通用插件重复)
poc-yaml-nexusdb-cve-2020-24571-path-traversal
poc-yaml-specoweb-cve-2021-32572-fileread
poc-yaml-tvt-nvms-1000-file-read-cve-2019-20085
poc-yaml-zyxel-vmg1312-b10d-cve-2018-19326-path-traversal
新增无害化处理
poc-yaml-fanruan-v9-file-upload
poc-yaml-h3c-cvm-upload-file-upload
poc-yaml-seeyon-unauthorized-fileupload
poc-yaml-thinkcmf-write-shell
poc-yaml-wanhu-oa-officeserver-file-upload
poc-yaml-weaver-oa-workrelate-file-upload
poc-yaml-yonyou-grp-u8-file-upload
poc-yaml-yonyou-nc-file-accept-upload
poc-yaml-yonyou-u8c-file-upload
poc-yaml-zhiyuan-oa-wpsassistservlet-file-upload
新增POC 96个
poc-yaml-ruijie-fileupload-fileupload-rce
poc-yaml-eweaver-oa-mecadminaction-sqlexec
poc-yaml-xxl-job-default-password
poc-yaml-wordpress-plugin-superstorefinder-ssf-social-action-php-sqli
poc-yaml-magento-config-disclosure-info-leak
poc-yaml-ukefu-cnvd-2021-18305-file-read
poc-yaml-ukefu-cnvd-2021-18303-ssrf
poc-yaml-eweaver-eoffice-mainselect-info-leak
poc-yaml-linksys-cnvd-2014-01260
poc-yaml-wordpress-welcart-ecommerce-cve-2022-41840-path-traversal
poc-yaml-jeesite-userfiles-path-traversal
poc-yaml-yongyou-nc-iupdateservice-xxe
poc-yaml-v-sol-olt-platform-unauth-config-download
poc-yaml-ibm-websphere-portal-hcl-cve-2021-27748-ssrf
poc-yaml-yonyou-nc-uapws-db-info-leak
poc-yaml-yonyou-nc-service-info-leak
poc-yaml-yongyou-nc-cloud-fs-sqli
poc-yaml-finecms-filedownload
poc-yaml-weaver-eoffice-userselect-unauth
poc-yaml-fortinet-cve-2022-40684-auth-bypass
poc-yaml-dapr-dashboard-cve-2022-38817-unauth
poc-yaml-wordpress-zephyr-project-manager-cve-2022-2840-sqli
poc-yaml-jira-cve-2022-39960-unauth
poc-yaml-qnap-cve-2022-27593-fileupload
poc-yaml-wordpress-all-in-one-video-gallery-cve-2022-2633-lfi
poc-yaml-atlassian-bitbucket-archive-cve-2022-36804-remote-command-exec
poc-yaml-wordpress-simply-schedule-appointments-cve-2022-2373-unauth
poc-yaml-zoho-manageengine-opmanager-cve-2022-36923
poc-yaml-red-hat-freeipa-cve-2022-2414-xxe
poc-yaml-wavlink-cve-2022-2488-rce
poc-yaml-wavlink-cve-2022-34045-info-leak
poc-yaml-wordpress-shareaholic-cve-2022-0594-info-leak
poc-yaml-wordpress-wp-stats-manager-cve-2022-33965-sqli
poc-yaml-opencart-newsletter-custom-popup-sqli
poc-yaml-wordpress-events-made-easy-cve-2022-1905-sqli
poc-yaml-wordpress-kivicare-cve-2022-0786-sqli
poc-yaml-wordpress-cve-2022-1609-rce
poc-yaml-solarview-compact-cve-2022-29303-rce
poc-yaml-wordpress-arprice-lite-cve-2022-0867-sqli
poc-yaml-wordpress-fusion-cve-2022-1386-ssrf
poc-yaml-wordpress-nirweb-cve-2022-0781-sqli
poc-yaml-wordpress-metform-cve-2022-1442-info-leak
poc-yaml-wordpress-mapsvg-cve-2022-0592-sqli
poc-yaml-wordpress-badgeos-cve-2022-0817-sqli
poc-yaml-wordpress-daily-prayer-time-cve-2022-0785-sqli
poc-yaml-wordpress-woo-product-table-cve-2022-1020-rce
poc-yaml-wordpress-documentor-cve-2022-0773-sqli
poc-yaml-wordpress-multiple-shipping-address-woocommerce-cve-2022-0783-sqli
poc-yaml-gitlab-cve-2022-1162-hardcoded-password
poc-yaml-thinkphp-cve-2022-25481-info-leak
poc-yaml-wordpress-cve-2022-0591-ssrf
poc-yaml-wordpress-simple-link-directory-cve-2022-0760-sqli
poc-yaml-wordpress-ti-woocommerce-wishlist-cve-2022-0412-sqli
poc-yaml-wordpress-notificationx-cve-2022-0349-sqli
poc-yaml-wordpress-page-views-count-cve-2022-0434-sqli
poc-yaml-wordpress-masterstudy-lms-cve-2022-0441-unauth
poc-yaml-wordpress-seo-cve-2021-25118-info-leak
poc-yaml-wordpress-perfect-survey-cve-2021-24762-sqli
poc-yaml-wordpress-asgaros-forum-cve-2021-24827-sqli
poc-yaml-tcexam-cve-2021-20114-info-leak
poc-yaml-wordpress-woocommerce-cve-2021-32789-sqli
poc-yaml-wordpress-profilepress-cve-2021-34621-unauth
poc-yaml-wordpress-wp-statistics-cve-2021-24340-sqli
poc-yaml-voipmonitor-cve-2021-30461-rce
poc-yaml-rocket-chat-cve-2021-22911-nosqli
poc-yaml-pega-infinity-cve-2021-27651-unauth
poc-yaml-wordpress-modern-events-calendar-lite-cve-2021-24146-info-leak
poc-yaml-afterlogic-webmail-cve-2021-26294-path-traversal
poc-yaml-wavlink-cve-2020-13117-rce
poc-yaml-prestashop-cve-2021-3110-sqli
poc-yaml-cockpit-cve-2020-35847-nosqli
poc-yaml-cockpit-cve-2020-35848-nosqli
poc-yaml-keycloak-cve-2020-10770-ssrf
poc-yaml-prestashop-cve-2020-26248-sqli
poc-yaml-wordpress-paypal-pro-cve-2020-14092-sqli
poc-yaml-microstrategy-cve-2020-11450-info-leak
poc-yaml-adobe-experience-manager-cve-2019-8086-xxe
poc-yaml-blogengine-net-cve-2019-10717-path-traversal
poc-yaml-dotcms-cve-2018-17422-url-redirection
poc-yaml-php-proxy-cve-2018-19458-fileread
poc-yaml-circarlife-scada-cve-2018-16671-info-leak
poc-yaml-circarlife-scada-cve-2018-16670-info-leak
poc-yaml-circarlife-scada-cve-2018-16668-info-leak
poc-yaml-dotnetnuke-cve-2017-0929-ssrf
poc-yaml-orchid-core-vms-cve-2018-10956-path-traversal
poc-yaml-circarlife-scada-cve-2018-12634-info-leak
poc-yaml-nuuo-nvrmini2-cve-2018-11523-upload
poc-yaml-jolokia-cve-2018-1000130-code-injection
poc-yaml-fiberhome-cve-2017-15647-path-traversal
poc-yaml-opendreambox-cve-2017-14135-rce
poc-yaml-sap-cve-2017-12637-fileread
poc-yaml-glassfish-cve-2017-1000029-lfi
poc-yaml-boa-cve-2017-9833-fileread
poc-yaml-mantisbt-cve-2017-7615-unauth
poc-yaml-wordpress-cve-2017-5487-info-leak
poc-yaml-thinkcmf-cve-2018-19898-sqli
1.9.3
- 做了一些优化
- 优化扫描效率
- 增强子域名收集功能
- 增加了一些功能
- 添加burp的history导出文件转yml脚本的功能
- log4j2-rce的检测
- 为自定义脚本(gamma)添加
- 格式化时间戳函数
- 进制转换函数
- sha,hmacsha函数
- url全字符编码函数
- rev 字符串反向函数
- 添加 upper 字符串大写函数
- dir()
- basename()
- body_string
- title_string
- 扫描时,可以指定POC的危害等级,分为
low,medium,high,critical,通过--level参数指定 - 为shiro插件添加文件加载功能,可以直接加载指定文件中的key
- 可在配置文件中配置每个poc的标签,通过--tags来指定标签扫描
- 更新了
--list功能,可查看相关标签对应poc - 为 response 添加 icon_url 属性
- 修复了一些问题
- 修复cve-2021-29490误报严重问题
- 修复报告只显示参考链接,不显示提交者的问题
- 修复cache可能出现的请求不发送问题
- 过滤部分冗余的错误日志
- 修复一些意外导致panic的问题
- 新增x命令
- 支持对发现的web站点进行漏洞探测
- 支持带宽控制与智能速率调节,最优化扫描效率
- 支持多目标多端口随机探测,基于有限元的随机化方案
- 支持ICMP/TCP/UDP主机存活探测
- 支持SYN/CONNECT端口扫描
- 支持URL/IP/域名/IP范围/CIDR等多种输入方式
- 支持指纹识别
-
该命令实际上是xray内置的、启用了
- printer
- service-scan
- target-parse
这三个内置的插件的命令。
其中service-scan提供 主机存活探测、服务指纹识别、web指纹识别 的功能
可以查看 plugin-config.xray.yaml,module-config.xray.yaml获得详细配置信息,执行xray x --help 获取命令行参数与试用方法。
示例:
xray x -t example.com
xray x -t http://example.com
xray x -t example.com/24
xray x -t 192.168.1.1/24
xray x -t 192.168.1.1-192.168.1.254
xray x -t 192.168.1.1-254
xray x -t 192.168.1.1-254 -p 22,80,443-445
- 新增385个poc,感谢师傅们的提交,更新后即可自动加载
- vmware-vcenter-cve-2021-21985-rce.yml
- 74cms-cnvd-2021-45280.yml
- adobe-coldfusion-cve-2018-15961.yml
- ametys-cms-cve-2022-26159.yml
- anmei-rce.yml
- apache-airflow-cve-2020-13927-unauthorized.yml
- apache-apisix-dashboard-api-unauth-rce.yml
- atlassian-jira-unauth-user-enumeration.yml
- auerswald-cve-2021-40859.yml
- clickhouse-http-unauth.yml
- cve-2022-24990-terramaster-fileupload.yml
- dedecms-cve-2017-17731-sqli.yml
- dedecms-mysql-error-trace.yml
- dedecms-search-php-sqli.yml
- doccms-sqli.yml
- earcms-download-php-exec.yml
- earcms-index-uplog-php-file-upload.yml
- emlog-cve-2021-3293.yml
- ewebs-fileread.yml
- eyoucms-cve-2021-39501.yml
- ezoffice-smartupload-jsp-upload.yml
- finecms-getshell.yml
- full-read-ssrf-in-spring-cloud-netflix.yml
- grafana-snapshot-cve-2021-39226.yml
- hadoop-yarn-rpc-rce.yml
- hikvision-readfile.yml
- hongfan-oa-readfile.yml
- interlib-read-file.yml
- ivanti-endpoint-manager-cve-2021-44529-rce.yml
- jinhe-oa-readfile.yml
- joomla-jck-cve-2018-17254-sqli.yml
- kingdee-oa-apusic-readfile.yml
- landray-oa-rce.yml
- lionfish-cms-image-upload-php-upload.yml
- lionfish-cms-wxapp-php-upload.yml
- mastodon-cve-2022-0432.yml
- metersphere-plugincontroller-rce.yml
- metinfo-x-rewrite-url-sqli.yml
- movabletype-cve-2021-20837-rce.yml
- netpower-readfile.yml
- nette-framework-cve-2020-15227-rce.yml
- nginx-path-traversal.yml
- oa8000-workflowservice-sqli.yml
- onethink-sqli.yml
- php-chat-live-uploadimg-html-upload.yml
- phpcms-960-sqli.yml
- phpweb-appplus-php-upload.yml
- pigcms-file-upload.yml
- prestashop-smartblog-cve-2021-37538.yml
- qibocms-readfile.yml
- rudloff-alltube-cve-2022-0692.yml
- seeyon-oa-a6-information-disclosure.yml
- spring-cloud-gateway-cve-2022-22947-rce.yml
- supesite-sqli.yml
- sysaid-itil-cve-2021-43972.yml
- tongda-oa-action-upload-php-upload.yml
- tongda-oa-report-bi-func-php-sqli.yml
- voipmonitor-cve-2022-24260.yml
- wanhuoa-upload-rce.yml
- weaver-e-office-lazyuploadify-upload.yml
- weaver-oa-eoffice-information-disclosure.yml
- weijiaoyi-post-curl-ssrf.yml
- western-digital-mycloud-ftp-download-exec.yml
- western-digital-mycloud-jqueryfiletree-exec.yml
- western-digital-mycloud-multi-uploadify-file-upload.yml
- western-digital-mycloud-raid-cgi-exec.yml
- western-digital-mycloud-sendlogtosupport-php-exec.yml
- western-digital-mycloud-upload-php-exec.yml
- western-digital-mycloud-upload-php-upload.yml
- yonyou-erp-nc-readfile.yml
- zhixiang-oa-sqli.yml
- zoho-cve-2022-23779-info-leak.yml
- adobe-coldfusion-cve-2021-21087.yml
- alibaba-anyproxy-fetchbody-fileread.yml
- apache-apisix-cve-2020-13945-rce.yml
- apache-guacamole-default-password.yml
- atlassian-jira-cve-2019-3403.yml
- bsphp-unauthorized-access.yml
- cve-2017-16894-sensitive-documents.yml
- delta-entelitouch-cookie-user-password-disclosure.yml
- domoticz-cve-2019-10664.yml
- druid-cve-2021-25646.yml
- dynamicweb-cve-2022-25369.yml
- egroupware-spellchecker-rce.yml
- elfinder-cve-2021-32682-rce.yml
- emerge-e3-cve-2019-7256.yml
- essl-dataapp-unauth-db-leak.yml
- finecms-cve-2018-6893.yml
- franklinfueling-cve-2021-46417-lfi.yml
- fuelcms-cve-2018-16763-rce.yml
- genixcms-register-cve-2015-3933-sqli.yml
- getsimple-cve-2019-11231.yml
- ghostscript-cve-2018-19475-rce.yml
- jetty-servlets-concatservlet-information-disclosure-cve-2021-28169.yml
- jetty-web-inf-information-disclosure-cve-2021-34429.yml
- jira-cve-2021-26086.yml
- joomla-history-cve-2015-7857-sqli.yml
- jquery-picture-cut-upload-php-fileupload-cve-2018-9208.yml
- jsrog-artifactory-cve-2019-9733.yml
- kibana-cve-2019-7609-rce.yml
- kodexplorer-directory-traversal.yml
- maccms-cve-2017-17733-rce.yml
- metabase-cve-2021-41277.yml
- nostromo-cve-2011-0751-directory-traversal.yml
- nuxeo-cve-2018-16341-rce.yml
- odoo-cve-2019-14322.yml
- php-imap-cve-2018-19518-rce.yml
- phpmoadmin-cve-2015-2208-rce.yml
- piwigo-cve-2022-26266-sqli.yml
- rconfig-ajaxserversettingschk-cve-2019-16662-rce.yml
- rconfig-commands-inc-cve-2020-10220-sqli.yml
- resin-directory-traversal-cve-2021-44138.yml
- ruanhong-jvm-lfi.yml
- ruanhong-oa-xxe.yml
- ruckus-default-password.yml
- seeyon-oa-a8-m-information-disclosure.yml
- showdoc-cnvd-2020-26585.yml
- socomec-cve-2019-15859.yml
- spring-data-rest-cve-2017-8046-rce.yml
- subrions-search-cve-2017-11444-sqli.yml
- teclib-glpl-cve-2019-10232.yml
- terramaster-tos-cve-2022-24989.yml
- tibco-jasperreports-cve-2018-18809-directory-traversal.yml
- tongda-oa-login-code-php-login-bypass.yml
- twonkyserver-cve-2018-7171-fileread.yml
- vmware-workspace-cve-2021-22054-ssrf.yml
- vmware-workspace-cve-2022-22954-rce.yml
- vtigercrm-cve-2020-19363.yml
- weaver-ecology-getsqldata-sqli-rce.yml
- wordpress-site-editor-cve-2018-7422-lfi.yml
- wso2-cve-2022-29464-fileupload.yml
- wuzhicms-cve-2018-11528.yml
- zabbix-cve-2019-17382.yml
- zimbra-collaboration-server-cve-2013-7091-lfi.yml
- zoneminder-cve-2016-10140-unauth-access.yml
- apollo-default-password.yml
- ecology-oa-eoffice-officeserver-php-file-read.yml
- dptech-vpn-fileread.yml
- ezoffice-filupload-controller-getshell.yml
- yachtcontrol-webapplication-cve-2019-17270.yml
- atlassian-jira-cve-2019-3401.yml
- emerge-e3-cve-2019-7254.yml
- vbulletin-cve-2020-12720.yml
- netsweeper-webadmin-cve-2020-13167.yml
- searchblox-cve-2020-35580.yml
- opensis-cve-2020-6637.yml
- hd-network-real-time-monitoring-system-cve-2021-45043.yml
- visual-tools-dvr-vx16-cve-2021-42071.yml
- jsrog-artifactory-cve-2019-17444.yml
- reolink-RLC-410W-CVE-2022-21236.yml
- tlr-2005ksh-cve-2021-45428.yml
- zoho-manageengine-access-manager-plus-cve-2022-29081.yml
- selea-ocr-anpr-arbitrary-get-file-read.yml
- easyappointments-cve-2022-0482.yml
- netgear-ssl-vpn-20211222-cve-2022-29383.yml
- hitachi-vantara-pentaho-business-analytics-cve-2021-34684.yml
- manageengine-opmanager-cve-2020-11946.yml
- intelbras-wireless-cve-2021-3017.yml
- sapido-router-unauthenticated-rce.yml
- china-telecom-zte-f460-rce.yml
- china-mobile-yu-router-information-disclosure.yml
- tlr-2855ks6-arbitrary-file-creation-cve-2021-46418.yml
- uniview-isc-rce.yml
- feiyuxing-route-wifi-password-leak.yml
- changjie-crm-sqli.yml
- fhem-file-read-cve-2020-19360.yml
- hikvision-ip-camera-backdoor.yml
- kyocera-file-read.yml
- niushop-cms-sqli.yml
- dlink-dap-1620-firmware-cve-2021-46381.yml
- emby-mediaserver-cve-2020-26948.yml
- zoho-manageengine-opmanager-cve-2020-12116.yml
- zabbix-cve-2022-23134.yml
- tieline-ip-audio-gateway-cve-2021-35336.yml
- selea-ocr-anpr-arbitrary-seleacamera-file-read.yml
- microweber-cve-2022-0378.yml
- atlassian-jira-cve-2022-0540.yml
- sophosfirewall-bypass.yml
- zoho-manageengine-desktop-central-cve-2021-44515.yml
- tenda-11n-ultra-vires.yml
- tenda-w15e-passsword-leak.yml
- ziguang-sqli-cnvd-2021-41638.yml
- kemai-ras-ultra-vires.yml
- cerebro-request-ssrf.yml
- motioneye-info-leak-cve-2022-25568.yml
- yinda-get-file-read.yml
- jupyter-notebook-rce.yml
- e-message-unauth.yml
- kkfileview-cve-2021-43734.yml
- dlink-dsl-28881a-ultra-vires.yml
- kunshi-vos3000-fileread.yml
- reolink-nvr-configuration-disclosure-cve-2021-40150.yml
- d-Link-dir-825-cve-2021-46442.yml
- vite-cnvd-2022-44615.yml
- gitblit-cve-2022-31268.yml
- bigant-server-cve-2022-23347-lfi.yml
- wordpress-page-builder-kingcomposer-cve-2022-0165-url-redirect.yml
- huayu-reporter-rce.yml
- d-link-dap-2020-cve-2021-27250.yml
- 74cms-se-cve-2022-29720.yml
- 74cms-se-cve-2022-33095.yml
- pbootcms-rce-cve-2022-32417.yml
- e-office-v10-sqli.yml
- yonyou-nc-file-upload.yml
- xiaomi-cve-2019-18371.yml
- yonyou-erp-u8-fil...
XRAY 1.8.4
- 新增如下热门漏洞 poc,感谢师傅们的提交,更新后即可自动加载
- apache-storm-unauthorized-access.yml
- confluence-cve-2021-26085-arbitrary-file-read.yml
- dahua-cve-2021-33044-authentication-bypass.yml
- exchange-cve-2021-41349-xss.yml
- gocd-cve-2021-43287.yml
- grafana-default-password.yml
- hikvision-unauthenticated-rce-cve-2021-36260.yml
- jellyfin-cve-2021-29490.yml
- jinher-oa-c6-default-password.yml
- kingdee-eas-directory-traversal.yml
- pentaho-cve-2021-31602-authentication-bypass.yml
- qilin-bastion-host-rce.yml
- secnet-ac-default-password.yml
- spon-ip-intercom-file-read.yml
- spon-ip-intercom-ping-rce.yml
- yaml 脚本部分更新
- 增加了 http request 和 response 的 raw_header 方法
- 增加了 bicontains 和 faviconHash 函数
- 增加了 payloads 结构
- 增加了 http path 的表达能力,使用
^来访问绝对路径 - 文档更新 更新 PR
- 更新了上面新增的内容
- 更新了如何处理转义字符的说明,并提出了 multipart 中
\r\n的解决方法 - 更新了 http path 如何使用的文档
- 更新了 payload 如何使用的文档
- 更新了 webhook 的部分内容
PS:祝大家春节快乐 ✿✿ヽ(°▽°)ノ✿