Luna 是一款开源的自动化web漏洞扫描工具,利用最轻量的代码构建被动式扫描框架。主要用途是实现对漏洞扫描策略的快速验证,验证源来自burpsuite中收集的httplog,扫描策略来自独立的python插件。
郑重声明:Luna仅供网络安全爱好者学习和探讨使用,一切利用本工具和基于本工具二次开发的工具进行非法攻击的行为与Luna无关。
Luna is an open-source web security scanner which is based on reduced-code passive scanning framework. You can write a simple python plugin to prove your great ideas with Luna. The format of httplog is the plaintext saved by Burpsuite. And thanks to PortSwigger Ltd.
Disclaimer: Luna is a study demo for web security fans. Anyone who attacks website through Luna(or rewrite by Luna) which breaks the law will take the full responsibility by himself.
下载 Luna 源码包
或直接使用git下载安装
git clone https://github.com/toyakula/luna.git
Luna运行在python 2.6.x 和 2.7.x 环境下。
Download Luna package
Preferably, you can download Luna by using git
git clone https://github.com/toyakula/luna.git
Luna works out of the box with Python version 2.6.x and 2.7.x on any platform.
-
使用burpsuite 收集httplog ,或将其他格式的httplog 转为burpsuite httplog格式。 保存在 'lunahttplog.txt' 中。
Save httplog from burp suite or you can also convert other httplog to burpsuite-requestlog format. Save it in the 'lunahttplog.txt'.
-
修改'conf/lunaconf.py'
host_port=[['127.0.0.1','80'],]
http_log = 'lunahttplog.txt'
设置扫描目标的域名和端口,指定存放httplog的文件。
Modify 'conf/lunaconf.py'
`host_port=[['127.0.0.1','80'],]`
`http_log = 'lunahttplog.txt'`
Set the target(['host','port']) and set the file which httplog saved in.
- python luna.py
Gmail : luna.pyc@gmail.com
Blog : https://tokula.com