Skip to content

toyakula/luna

Repository files navigation

Luna —Sscan for Security

Name Python 2.6|2.7 Author Sec

Luna 是一款开源的自动化web漏洞扫描工具,利用最轻量的代码构建被动式扫描框架。主要用途是实现对漏洞扫描策略的快速验证,验证源来自burpsuite中收集的httplog,扫描策略来自独立的python插件。

郑重声明:Luna仅供网络安全爱好者学习和探讨使用,一切利用本工具和基于本工具二次开发的工具进行非法攻击的行为与Luna无关。

Luna is an open-source web security scanner which is based on reduced-code passive scanning framework. You can write a simple python plugin to prove your great ideas with Luna. The format of httplog is the plaintext saved by Burpsuite. And thanks to PortSwigger Ltd.

Disclaimer: Luna is a study demo for web security fans. Anyone who attacks website through Luna(or rewrite by Luna) which breaks the law will take the full responsibility by himself.

Screenshots

logo

structure

luna_arch

running

report

Installation

下载 Luna 源码包

或直接使用git下载安装

git clone  https://github.com/toyakula/luna.git

Luna运行在python 2.6.x2.7.x 环境下。

Download Luna package

Preferably, you can download Luna by using git

git clone  https://github.com/toyakula/luna.git

Luna works out of the box with Python version 2.6.x and 2.7.x on any platform.

Usage

  1. 使用burpsuite 收集httplog ,或将其他格式的httplog 转为burpsuite httplog格式。 保存在 'lunahttplog.txt' 中。

    Save httplog from burp suite or you can also convert other httplog to burpsuite-requestlog format. Save it in the 'lunahttplog.txt'.

    b2ff4819-b6df-44eb-879b-7d2f728d9000

  2. 修改'conf/lunaconf.py'

    host_port=[['127.0.0.1','80'],] http_log = 'lunahttplog.txt'

    设置扫描目标的域名和端口,指定存放httplog的文件。

Modify 'conf/lunaconf.py'

`host_port=[['127.0.0.1','80'],]` 
`http_log = 'lunahttplog.txt'`

Set the target(['host','port']) and set the file which httplog saved in.
  1. python luna.py

Contact

Gmailluna.pyc@gmail.com

Bloghttps://tokula.com

About

luna webscanner

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published