Bot releases are hidden (Show)
Published by zan8in 8 months ago
id: oob-demo
set:
oob: oob()
oobHTTP: oob.HTTP // http://xxxxxx.dnslog.cn
oobDNS: oob.DNS // xxxxxx.dnslog.cn
rules:
r0:
request:
method: GET
path: /?url={{oobHTTP}}
expression: oobcheck(oob,"http",3)
r1:
request:
method: POST
path: /test
body: cmd=ping+{{oobDNS}}
expression: oobcheck(oob,"dns",3)
expression: r0() || r1()
oob()
: 声明一个 oob 对象
oobHTTP
: 获取 http 协议信息 http://xxxxxx.dnslog.cn/
oobDNS
: 获取 dns 协议信息 xxxxxx.dnslog.cn
oobcheck(oob, "dns", 3)
:检查反连结果,参数1是 oob 对象,参数2是检查的协议 http 或 dns,参数3是验证请求延时访问时间(秒)
afrog -t example.com -oob dnslogcn // 使用 dnslog.cn
afrog -t example.com -oob alphalog // 使用 alphalog ,需自搭建反连服务
afrog -t example.com -oob xray // 使用 xray 反连,需自搭建反连服务
afrog -t example.com // 默认使用 ceyeio
随着新版本的发布,所有历史 PoC 的 newReverse() 方法均已升级为新版的 oob() 方法。为确保兼容性和功能完整性,我们强烈建议所有用户尽快升级至 3.0.1 版本。否则,之后的版本可能无法支持旧版的反连功能。
新版 oob() 功能需要修改 afrog-config.yaml 配置文件
afrog-config.yaml 会自动创建在 c:/users/yourname/.config/afrog/afrog-config.yaml ,linux系统是 ~/.config/afrog/afrog-config.yaml 文件。
afrog-config.yaml 配置如下:
server: :16868
reverse:
ceye:
api-key: "your ceye api key"
domain: "your ceye"
dnslogcn:
domain: dnslog.cn
jndi:
jndi_address: ""
ldap_port: ""
api_port: ""
eye:
host: ""
token: ""
domain: ""
alphalog:
domain: yourdnslog.sh
api_url: "http://yourdnslog.sh/"
xray:
x_token: "xraytest"
domain: dnslogus.top
api_url: "http://x.1x.0.xx:8777"
webhook:
dingtalk:
tokens:
- ""
at_mobiles:
- ""
at_all: false
range: high,critical
cyberspace:
zoom_eyes:
- ""
Published by zan8in 8 months ago
【新增 】Repeat 函数,重复一个字符串多次,并返回重复后的字符串。用法: repeat("a", 8179) 返回一个由字符 "a" 重复 8179 次组成的字符串。
【优化】可恨的Windows命令行不支持漂亮的进度条,所以我只能简化显示。
Published by zan8in over 1 year ago
We have performed urgent repairs on Yonyou NC PoCs to ensure accurate vulnerability scanning. Thank you, @wuha0926 , for discovering and assisting in resolving the issue.
Thank you, @zhizhuoshuma, for optimizing the kingdee-erp-binaryformatterproxy-deserial PoCs.
我们已对 Yonyou NC PoCs 进行紧急修复,以确保扫描能够准确检测漏洞,感谢 @wuha0926 发现并协助修复问题。
感谢 @zhizhuoshuma 对 kingdee-erp-binaryformatterproxy-deserial PoCs 进行优化。
Published by zan8in over 1 year ago
The moon represents my heart.
Add:
月亮代表我的心
新增
Published by zan8in over 1 year ago
We have fixed a potential false-positive issue with PoC CVE-2022-23131, making it more reliable and accurate in detecting actual vulnerabilities.
Published by zan8in over 1 year ago
Fix -pd command, some PoC content is not printed completely
累计:951
Published by zan8in over 1 year ago
Add:
-target / -t now supports multiple URLs, such as: afrog -t example.com,hackerone.com,nmap.org
Add JNDI reverse connection functionality.
Add the afrog calling library and a demonstration example.
新增:
-target / -t 现在支持多个 URL,比如:afrog -t example.com,hackerone.com,nmap.org
添加 JNDI 反连功能
添加 afrog 调用库和演示示例
Published by zan8in over 1 year ago
Add:
-mrbs Dynamically set the maximum size of the http response body (default 2m)
remove poc shiro-key-detect
新增:
命令 -mrbs 动态设置 http 响应 body 的最大值(默认 2m)
删除 PoC shiro-key-detect
Published by zan8in over 1 year ago
Add
Writing TCP/UDP POC files using YAML
Writing POC files for Go programming language using YAML
The Shiro Key detection script by default checks 20 keys.
Optimization
Resolve the path error issue during program updates with the "-update" command.
Enhance the console prompt messages
Disable the "-up" command and switch to automatic execution.
Change the notification level for the unconfigured reverse connection platform to Info
By default, target access is not monitored. Please enable it using the "-monitor-targets" or "-mt" command
Remove duplicate PoC: hikvision-applyct-fastjson-rce
新增
使用 YAML 编写 TCP/UDP 的 POC 文件
使用 YAML 调用 Go 语言的 POC 文件
Shiro Key 检测脚本默认检测 20 个 Key
优化
解决 -update 程序更新时的路径错误问题
改进控制台提示信息
禁用 -up 命令,改为自动执行
将反连平台未配置的提示等级改为 Info
默认情况下不会监视目标访问,请使用 "-monitor-targets" 或 "-mt" 命令进行启用
删除重复 PoC: hikvision-applyct-fastjson-rce
Published by zan8in over 1 year ago
Add:
Optimization:
新增:
优化:
Published by zan8in over 1 year ago
Urgent update:
BUG:
version check
Added:
Revise:
紧急更新
BUG:
版本检查
导致内网无法使用问题新增:
修改:
Published by zan8in over 1 year ago
Added:
Optimization:
新增:
优化:
Published by zan8in over 1 year ago
bug:
optimization:
delete:
PoC:
修复:
- 修复 afrog html 报告 XSS 漏洞
优化:
- 简化 URL 黑名单机制
- 优化 http/s 检测功能
- 优化 文件上传 (所有) PoC
- 优化 RCE (所有) PoC
删除:
- 去掉 Fingerprint 指纹识别及命令参数 (替代工具 pyxis)
- 去掉不常用命令参数
PoC:
- 新增 52 PoC
- 验证和优化 n 多个 PoC
- 删除 PoC csz-cms-multiple-blind-sql-injection
- 删除 PoC phpstudy-nginx-wrong-resolve
- 内置几个 private PoC
Published by zan8in over 1 year ago
Merge many fingerprint pocs into the panel-detect.yaml file to reduce the number of http requests
Console print date format, 2023-01-01 changed to 01-01
Simplified afrog-config configuration
Fixed: invalid -fc
configuration
Tip: Configure the -c
command, which can increase the concurrency speed very quickly
将多个 panel 指纹探测合并到文件 panel-detect.yaml,大幅减少 http 请求
精简控制台日期打印,2023-01-01 改为 01-01
精简 afrog-config 配置信息
解决:-fc
命令配置无效问题
提示:配置 -c
命令能明显提高扫描速度
Published by zan8in almost 2 years ago
Added optional -onlyfinger/-of option for fingerprint scan only
Added CEL function year
、shortyear
、month
、day
、timestamp_sencond
, eg: tongda-oa-api-ali-upload.yaml
Added Boolean type attribute verified
, default false, verified PoC is true
Added rule attribute expressions
, a request to verify multiple rules
Published by zan8in almost 2 years ago
Published by zan8in almost 2 years ago
Published by zan8in almost 2 years ago
Full Changelog: https://github.com/zan8in/afrog/compare/v2.0.0...v2.0.1
紧急发布修复 BUG 的小版本 ~
解决 afrog 线程池经常卡死 BUG(紧急)
Published by zan8in almost 2 years ago
Full Changelog: https://github.com/zan8in/afrog/compare/v1.3.9...v2.0.0
Published by zan8in about 2 years ago
Full Changelog: https://github.com/zan8in/afrog/compare/v1.3.8...v1.3.9