Skip to content

maya6/-scan-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits

.vscode

.vscode

 
 

bf_dicts

bf_dicts

 
 

docker_vuln

docker_vuln

 
 

durpal

durpal

 
 

fckeditor

fckeditor

 
 

gatepass_vuln

gatepass_vuln

 
 

iis

iis

 
 

ipq

ipq

 
 

ipquery

ipquery

 
 

jboss

jboss

 
 

kindeditor

kindeditor

 
 

navigate_vuln

navigate_vuln

 
 

redis_vuln

redis_vuln

 
 

spring_vuln

spring_vuln

 
 

tomcat

tomcat

 
 

weblogic

weblogic

 
 

zabbix_vuln

zabbix_vuln

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

moon.py

moon.py

 
 

Repository files navigation

vulnerability-list

常见漏洞快速检测,目前包含以下漏洞。

Tomcat:

  • CVE_2017_12615 / CVE_2017_12617
  • tomcat_weakpassword
  • example_vulnerability(检测tomcat的examples等目录是否存在)

moon.py -u tomcat http://xx.xx.xx.xx:xxxx

Fckeditor

  • 获取版本及常见上传页面检测
  • fck<=2.4版本上传直接上传asa文件getshell

moon.py -u fck http://xx.xx.xx.xx/fckxx

Weblogic

  • CVE_2017_10271 #利用方法参考:https://vulhub.org
  • weblogic_ssrf_cve-2014-4210
  • weblogic_weakpassword
  • CVE-2018-2628 #Author:xxlegend
  • CNVD-C-2019-48814

moon.py -u weblogic http://xx.xx.xx.xx:xxxx

IP归属查询

  • 能简单查一下IP的归属地

moon.py -u ip http://www.xxx.com

IIS

  • 短文件名泄露 #来自 lijiejie/IIS_shortname_Scanner

moon.py -u iis http://xx.xx.xx.xx

Docker

  • docker_daemon_api未授权访问

moon.py -u docker http://xx.xx.xx.xx:xxxx

Redis

  • redis未授权访问

moon.py -u redis http://xx.xx.xx.xx:xxxx or moon.py -u redis xx.xx.xx.xx:xxxx

Zabbix

  • zabbix_sql_CVE_2016_10134 #有参考独自等待的脚本

moon.py -u zabbix http://xx.xx.xx.xx:xxxx

Navigate

moon.py -u navigate http://xx.xx.xx.xx:xxxx

Gatepass

moon.py -u gatepass http://xx.xx.xx.xx:xxxx

Jboss

  • admin-console
  • Checking Struts2
  • Checking Servlet Deserialization
  • Checking Application Deserialization
  • Checking Jenkins
  • Checking web-console
  • Checking jmx-console
  • JMXInvokerServlet
  • 此模块调用的是 #jexboss

moon.py -u jboss http://xx.xx.xx.xx:xxxx

Kindeditor

  • kindeditor<=4.1.5文件上传漏洞

moon.py -u kindeditor http://xx.xx.xx.xx:xxxx/kidneditor-4.1.5

Drupal

moon.py -u drupal http://xxx.xxx.xxx.xxx:xxxx

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages