-
-
-
-
-
+
+
+
+
+
- Download • - Wiki • - Helper Function + Download • + Wiki • + Helper Function
@@ -441,7 +441,7 @@ you can install it with: **Binary** ```sh -$ https://github.com/zan8in/afrog/releases/latest +$ https://github.com/zan8in/afrog/v3/releases/latest ``` **Github** @@ -454,7 +454,7 @@ $ ./afrog -h **Go** ```sh -$ go install -v github.com/zan8in/afrog/cmd/afrog@latest +$ go install -v github.com/zan8in/afrog/v3/cmd/afrog@latest ``` ## Running afrog @@ -553,14 +553,14 @@ The JNDI vulnerability refers to security vulnerabilities that exploit the JNDI To obtain JNDI, follow these steps: -- To obtain the source code and compile the JAR file, please visit the official website [github.com/r00tSe7en/JNDIMonitor](https://github.com/r00tSe7en/JNDIMonitor). Alternatively, you can go to the official afrog website [afrog/helper/jndi](https://github.com/zan8in/afrog/tree/main/helper/jndi) to download the pre-compiled JAR file +- To obtain the source code and compile the JAR file, please visit the official website [github.com/r00tSe7en/JNDIMonitor](https://github.com/r00tSe7en/JNDIMonitor). Alternatively, you can go to the official afrog website [afrog/helper/jndi](https://github.com/zan8in/afrog/v3/tree/main/helper/jndi) to download the pre-compiled JAR file - Upload the `JNDIMonitor-2.0.1-SNAPSHOT.jar` file to the server (such as a VPS server), and execute the following startup command: ```sh java -jar ./JNDIMonitor-2.0.1-SNAPSHOT.jar -i 0.0.0.0 -l 1389 -p 3456 ``` -Below are example methods for writing POCs. [Please click to view](https://github.com/zan8in/afrog/wiki/Examples#solr-log4j-rce). +Below are example methods for writing POCs. [Please click to view](https://github.com/zan8in/afrog/v3/wiki/Examples#solr-log4j-rce). ## Json Output (For developers) @@ -587,9 +587,9 @@ afrog -t https://example.com -ja result.json ## Screenshot - + - + ## As Library @@ -623,7 +623,7 @@ More examples: To join the afrog communication group on WeChat, please first add the afrog personal account and mark it as **afrog**. Then, you will be added to the group by the administrator. -
+
## 404Starlink
diff --git a/afrog-helper-function.md b/afrog-helper-function.md
index 64fc42af..4744e83d 100644
--- a/afrog-helper-function.md
+++ b/afrog-helper-function.md
@@ -23,7 +23,7 @@ rules:
expression: r0()
```
-正确用法是首先在 set 内声明,详细用法请参考 [md5 函数示例](https://github.com/zan8in/afrog/blob/main/afrog-helper-function.md#md5)
+正确用法是首先在 set 内声明,详细用法请参考 [md5 函数示例](https://github.com/zan8in/afrog/v3/blob/main/afrog-helper-function.md#md5)
内置函数源码位置:`v2\pkg\runner\celcompile.go`
@@ -829,7 +829,7 @@ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
ysoserial(payload, command, encode)
```
-payload: 攻击载荷,[支持payload列表](https://github.com/zan8in/afrog/blob/main/v2/pkg/utils/ysoserial.go)
+payload: 攻击载荷,[支持payload列表](https://github.com/zan8in/afrog/v3/blob/main/v2/pkg/utils/ysoserial.go)
command: 执行的命令,比如 xxx.dnslog.cn
@@ -837,7 +837,7 @@ encode: 加密方法,目前支持:base64 和 hex
参考示例
-[CVE-2023-49070](https://github.com/zan8in/afrog/blob/46404e7527ca8d5752a9679ce13c83f7fd7b9e5b/v2/pocs/afrog-pocs/CVE/2023/CVE-2023-49070.yaml#L2)、[CVE-2021-29200](https://github.com/zan8in/afrog/blob/46404e7527ca8d5752a9679ce13c83f7fd7b9e5b/v2/pocs/afrog-pocs/CVE/2021/CVE-2021-29200.yaml)
+[CVE-2023-49070](https://github.com/zan8in/afrog/v3/blob/46404e7527ca8d5752a9679ce13c83f7fd7b9e5b/v2/pocs/afrog-pocs/CVE/2023/CVE-2023-49070.yaml#L2)、[CVE-2021-29200](https://github.com/zan8in/afrog/v3/blob/46404e7527ca8d5752a9679ce13c83f7fd7b9e5b/v2/pocs/afrog-pocs/CVE/2021/CVE-2021-29200.yaml)
### AesCBC
用于 aes cbc 加密的 PoC
@@ -856,4 +856,4 @@ iv: 加密 iv
参考示例
-[CVE-2023-20888](https://github.com/zan8in/afrog/blob/46404e7527ca8d5752a9679ce13c83f7fd7b9e5b/v2/pocs/afrog-pocs/CVE/2023/CVE-2023-20888.yaml)
\ No newline at end of file
+[CVE-2023-20888](https://github.com/zan8in/afrog/v3/blob/46404e7527ca8d5752a9679ce13c83f7fd7b9e5b/v2/pocs/afrog-pocs/CVE/2023/CVE-2023-20888.yaml)
\ No newline at end of file
diff --git a/afrog.go b/afrog.go
index 6d2c9dcd..9283b3fe 100644
--- a/afrog.go
+++ b/afrog.go
@@ -8,10 +8,10 @@ import (
"sync/atomic"
"time"
- "github.com/zan8in/afrog/pkg/config"
- "github.com/zan8in/afrog/pkg/result"
- "github.com/zan8in/afrog/pkg/runner"
- "github.com/zan8in/afrog/pkg/utils"
+ "github.com/zan8in/afrog/v3/pkg/config"
+ "github.com/zan8in/afrog/v3/pkg/result"
+ "github.com/zan8in/afrog/v3/pkg/runner"
+ "github.com/zan8in/afrog/v3/pkg/utils"
"github.com/zan8in/goflags"
"github.com/zan8in/gologger"
)
diff --git a/cmd/afrog/main.go b/cmd/afrog/main.go
index b7691f18..0d48becc 100644
--- a/cmd/afrog/main.go
+++ b/cmd/afrog/main.go
@@ -11,12 +11,12 @@ import (
_ "net/http/pprof"
- "github.com/zan8in/afrog/pkg/config"
- "github.com/zan8in/afrog/pkg/db/sqlite"
- "github.com/zan8in/afrog/pkg/progress"
- "github.com/zan8in/afrog/pkg/result"
- "github.com/zan8in/afrog/pkg/runner"
- "github.com/zan8in/afrog/pkg/utils"
+ "github.com/zan8in/afrog/v3/pkg/config"
+ "github.com/zan8in/afrog/v3/pkg/db/sqlite"
+ "github.com/zan8in/afrog/v3/pkg/progress"
+ "github.com/zan8in/afrog/v3/pkg/result"
+ "github.com/zan8in/afrog/v3/pkg/runner"
+ "github.com/zan8in/afrog/v3/pkg/utils"
"github.com/zan8in/gologger"
)
diff --git a/examples/basic_scan/main.go b/examples/basic_scan/main.go
index ad7c4ebc..f5275304 100644
--- a/examples/basic_scan/main.go
+++ b/examples/basic_scan/main.go
@@ -3,7 +3,7 @@ package main
import (
"fmt"
- "github.com/zan8in/afrog"
+ "github.com/zan8in/afrog/v3"
)
func main() {
diff --git a/examples/batch_scan/main.go b/examples/batch_scan/main.go
index 053eef3c..69e43232 100644
--- a/examples/batch_scan/main.go
+++ b/examples/batch_scan/main.go
@@ -3,7 +3,7 @@ package main
import (
"fmt"
- "github.com/zan8in/afrog"
+ "github.com/zan8in/afrog/v3"
)
func main() {
diff --git a/go.mod b/go.mod
index db9f476b..717b5faa 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/zan8in/afrog
+module github.com/zan8in/afrog/v3
go 1.20
diff --git a/go.sum b/go.sum
index 22d5fb2b..146b172d 100644
--- a/go.sum
+++ b/go.sum
@@ -1222,8 +1222,6 @@ github.com/zan8in/gologger v0.0.0-20220917062627-c34a83c0a373 h1:T2YD/hp647jDauu
github.com/zan8in/gologger v0.0.0-20220917062627-c34a83c0a373/go.mod h1:z3Zn3+DLpcfFKNqhAdYECiFeFK+o1EW3Gh0DEhFZ+v4=
github.com/zan8in/goupdate v1.0.0 h1:H3ZVndassN6jNkJROAEkGFHbiyax0yG1RSKXMhzvgLY=
github.com/zan8in/goupdate v1.0.0/go.mod h1:lB3IFGNY/wLFj1qfPOyee2m7lplg/mSDpsng+ax7sc8=
-github.com/zan8in/oobadapter v0.0.0-20240228064213-611d47d14009 h1:WH7mV3GXvh8PRzevq/p0o6oRpw2Q6j0WbU2xLdZpa6Q=
-github.com/zan8in/oobadapter v0.0.0-20240228064213-611d47d14009/go.mod h1:q9M+0H/FBTo9G2XZIsi3IDawHcwgEGDWCabCPoEpZ/I=
github.com/zan8in/oobadapter v0.0.0-20240316010032-90d51fe61219 h1:oDGMh0SoiUYMOyKUrJ6i+mBu+MQs0cY0uLacdlosogM=
github.com/zan8in/oobadapter v0.0.0-20240316010032-90d51fe61219/go.mod h1:q9M+0H/FBTo9G2XZIsi3IDawHcwgEGDWCabCPoEpZ/I=
github.com/zan8in/pins v0.0.0-20231009082442-920437d7fa86 h1:sAwnml3XSZlSYr0yMUvGUgtNQ1fJoU6AdwyMh1mKHwc=
diff --git a/pkg/config/afrogupdate.go b/pkg/config/afrogupdate.go
index 91c093bb..a2ef289b 100644
--- a/pkg/config/afrogupdate.go
+++ b/pkg/config/afrogupdate.go
@@ -9,8 +9,8 @@ import (
"strings"
"github.com/cavaliergopher/grab/v3"
- "github.com/zan8in/afrog/pkg/poc"
- "github.com/zan8in/afrog/pkg/utils"
+ "github.com/zan8in/afrog/v3/pkg/poc"
+ "github.com/zan8in/afrog/v3/pkg/utils"
"github.com/zan8in/gologger"
)
diff --git a/pkg/config/banner.go b/pkg/config/banner.go
index 3828d66e..802c6399 100644
--- a/pkg/config/banner.go
+++ b/pkg/config/banner.go
@@ -4,8 +4,8 @@ import (
"fmt"
"time"
- "github.com/zan8in/afrog/pkg/log"
- "github.com/zan8in/afrog/pkg/utils"
+ "github.com/zan8in/afrog/v3/pkg/log"
+ "github.com/zan8in/afrog/v3/pkg/utils"
"github.com/zan8in/gologger"
)
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 2336a9e5..ba87f666 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -5,7 +5,7 @@ import (
"path/filepath"
"github.com/pkg/errors"
- "github.com/zan8in/afrog/pkg/utils"
+ "github.com/zan8in/afrog/v3/pkg/utils"
"gopkg.in/yaml.v2"
)
diff --git a/pkg/config/options.go b/pkg/config/options.go
index 7b849ec5..b645cbdb 100644
--- a/pkg/config/options.go
+++ b/pkg/config/options.go
@@ -8,13 +8,13 @@ import (
"strings"
"sync"
- "github.com/zan8in/afrog/pkg/log"
- "github.com/zan8in/afrog/pkg/output"
- "github.com/zan8in/afrog/pkg/poc"
- "github.com/zan8in/afrog/pkg/utils"
- "github.com/zan8in/afrog/pkg/web"
- "github.com/zan8in/afrog/pkg/webhook/dingtalk"
- "github.com/zan8in/afrog/pocs"
+ "github.com/zan8in/afrog/v3/pkg/log"
+ "github.com/zan8in/afrog/v3/pkg/output"
+ "github.com/zan8in/afrog/v3/pkg/poc"
+ "github.com/zan8in/afrog/v3/pkg/utils"
+ "github.com/zan8in/afrog/v3/pkg/web"
+ "github.com/zan8in/afrog/v3/pkg/webhook/dingtalk"
+ "github.com/zan8in/afrog/v3/pocs"
"github.com/zan8in/goflags"
"github.com/zan8in/gologger"
fileutil "github.com/zan8in/pins/file"
diff --git a/pkg/cyberspace/cyberspace.go b/pkg/cyberspace/cyberspace.go
index a3c3a6f5..ea82049e 100644
--- a/pkg/cyberspace/cyberspace.go
+++ b/pkg/cyberspace/cyberspace.go
@@ -4,7 +4,7 @@ import (
"fmt"
"strings"
- "github.com/zan8in/afrog/pkg/config"
+ "github.com/zan8in/afrog/v3/pkg/config"
"github.com/zan8in/gologger"
zoom_eyes "github.com/zan8in/zoomeye/pkg/runner"
)
diff --git a/pkg/db/db.go b/pkg/db/db.go
index c126963e..d9844dd2 100644
--- a/pkg/db/db.go
+++ b/pkg/db/db.go
@@ -7,8 +7,8 @@ import (
"path/filepath"
"time"
- "github.com/zan8in/afrog/pkg/poc"
- "github.com/zan8in/afrog/pkg/utils"
+ "github.com/zan8in/afrog/v3/pkg/poc"
+ "github.com/zan8in/afrog/v3/pkg/utils"
"gopkg.in/yaml.v2"
)
diff --git a/pkg/db/sqlite/cmd/List.html b/pkg/db/sqlite/cmd/List.html
new file mode 100644
index 00000000..71c86b96
--- /dev/null
+++ b/pkg/db/sqlite/cmd/List.html
@@ -0,0 +1,360 @@
+
+
+
+
+
+ {{.Request}}
+ {{.Response}}
+ No matching
+ {{end}} +| Column1 | +Column2 | + +
|---|---|
| {{.VulID}} | +{{.Target}} | + +
A F R O G
+ | + + {{.VulID}} + {{.Severity}} + {{.FullTarget}} + | + + +||
|
+ name: {{.PocInfo.Info.Name}} author: {{.PocInfo.Info.Author}}
+ {{if .PocInfo.Info.Created}}
+ created: {{.PocInfo.Info.Created}}
+ {{end}}
+
+ {{if .PocInfo.Info.Description}}
+ description: {{.PocInfo.Info.Description}} + {{end}} + + {{if .PocInfo.Info.Reference}} + reference: + {{range $key, $value := .PocInfo.Info.Reference}} + - {{$value}} + {{end}} + {{end}} + + {{if .PocInfo.Info.Affected}} + affected: {{.PocInfo.Info.Affected}} + {{end}} + + {{if .PocInfo.Info.Solutions}} + solutions: {{.PocInfo.Info.Solutions}} + {{end}} + + + |
+ ||
| {{.FullTarget}} | +||
|
+
+
+
+
+ →
+
+
+ ←
+ |
+
| No matching | + +