Bot releases are visible (Hide)
Published by github-actions[bot] about 1 year ago
Published by github-actions[bot] about 1 year ago
Add
Optimization
新增
优化
Published by github-actions[bot] about 1 year ago
go install ..afrog/v2
command has been resolved.go install ..afrog/v2
命令时版本不正确的问题。Published by github-actions[bot] about 1 year ago
Add:
Version 2.7.8 introduced the Eye.sh backlink configuration option. For more detailed information, please refer to the afrog wiki.
In order to mitigate the impact of a large number of requests on the reverse-link platform and enhance the accuracy of POC validation, an independent concurrent rate control is implemented for POCs that require support from the reverse-link platform.(The "smart" parameter does not affect the concurrency of reverse-link POCs)
新增:
reverse:
ceye:
api-key: "bba3368******630b8fca0"
domain: "*****.ceye.io"
jndi:
jndi_address: "x.x.x.x"
ldap_port: "1389"
api_port: "34567"
eye:
token: "1f****4d"
domain: "****.eyes.sh"
为了减少大量请求对反链平台造成的影响,并提高POC验证的准确性,对需要反链平台支持的POC进行独立的并发速率控制。("smart" 参数不会影响反向链 POC 的并发数量)
-reverse-rate-limit/-rrl 和 -reverse-concurrency/-rc 这两个参数用于调控反链平台支持的 PoC 并发速率,建议不要设置得过高。
修复:
Published by github-actions[bot] about 1 year ago
Add:
新增:
优化:
Published by github-actions[bot] about 1 year ago
Add:
新增:
优化:
Published by github-actions[bot] about 1 year ago
optimization:
优化:
Published by github-actions[bot] over 1 year ago
Add
● -ep, --exclude-pocs,pocs to exclude from the scan (comma-separated)
● -epf, --exclude-pocs-file,list of pocs to exclude from scan (file)
新增命令
● -ep, --exclude-pocs,可用于排除扫描中的 POC(以逗号分隔)
● -epf, --exclude-pocs-file,可用于从扫描中排除 POC 列表(以文件形式提供)
Published by github-actions[bot] over 1 year ago
Changing the backlink alive check to concurrent execution.
Add go poc : ecology-filedownloadforoutdoc-sqli
Poc Count: 1041
将反链存活检查改为并发执行
新增 go poc : ecology-filedownloadforoutdoc-sqli
Poc 总数: 1041
Published by github-actions[bot] over 1 year ago
● Add anti-link platform survival detection function
● Add extractor functionality to extract sensitive information such as version numbers
● Delete PoC: CNVD-2021-15824、t-soft-e-commerce4-urunadi-stored-xss、clicshopping-v2-xss
● 新增反链平台存活检测功能
● 新增提取器 extractors 功能,可提取版本号等敏感信息
● 删除 PoC : CNVD-2021-15824、t-soft-e-commerce4-urunadi-stored-xss、clicshopping-v2-xss
Published by github-actions[bot] over 1 year ago
● Improvement: Enhance the functionality of the -s and -S commands. Currently, we have added support for using -s and -S simultaneously in both -pl and scan filtering.
● -smart Intelligent adjustment of concurrency based on changes in the total number of assets being scanned.
● Add built-in functions toUpper and toLower.
● 改进 -s 和 -S 命令的功能。目前,我们已经支持在 -pl 和扫描过滤中同时使用 -s 和 -S
● -smart 根据资产总数的扫描变化,智能调整并发数。
● 新增内置函数 toUpper 和 toLower
afrog 2.7.0 新功能小技巧:
① 搜索“用友”存在的高危和紧急漏洞 afrog -pl -s yonyou,用友 -S high,critical
② 搭配本地的POC一同搜索“用友”存在的高危和紧急漏洞afrog -pl -s yonyou,用友 -S high,critical -ap "d:/mypoc1,e:/mypoc2"
③ 扫描“用友”存在的高危和紧急漏洞 afrog -T urls.txt -s yonyou,用友 -S high,critical
Published by zan8in over 1 year ago
We have performed urgent repairs on Yonyou NC PoCs to ensure accurate vulnerability scanning. Thank you, @wuha0926 , for discovering and assisting in resolving the issue.
Thank you, @zhizhuoshuma, for optimizing the kingdee-erp-binaryformatterproxy-deserial PoCs.
我们已对 Yonyou NC PoCs 进行紧急修复,以确保扫描能够准确检测漏洞,感谢 @wuha0926 发现并协助修复问题。
感谢 @zhizhuoshuma 对 kingdee-erp-binaryformatterproxy-deserial PoCs 进行优化。
Published by zan8in over 1 year ago
The moon represents my heart.
Add:
月亮代表我的心
新增
Published by zan8in over 1 year ago
We have fixed a potential false-positive issue with PoC CVE-2022-23131, making it more reliable and accurate in detecting actual vulnerabilities.
Published by zan8in over 1 year ago
Fix -pd command, some PoC content is not printed completely
累计:951
Published by zan8in over 1 year ago
Add:
-target / -t now supports multiple URLs, such as: afrog -t example.com,hackerone.com,nmap.org
Add JNDI reverse connection functionality.
Add the afrog calling library and a demonstration example.
新增:
-target / -t 现在支持多个 URL,比如:afrog -t example.com,hackerone.com,nmap.org
添加 JNDI 反连功能
添加 afrog 调用库和演示示例
Published by zan8in over 1 year ago
Add:
-mrbs Dynamically set the maximum size of the http response body (default 2m)
remove poc shiro-key-detect
新增:
命令 -mrbs 动态设置 http 响应 body 的最大值(默认 2m)
删除 PoC shiro-key-detect
Published by zan8in over 1 year ago
Add
Writing TCP/UDP POC files using YAML
Writing POC files for Go programming language using YAML
The Shiro Key detection script by default checks 20 keys.
Optimization
Resolve the path error issue during program updates with the "-update" command.
Enhance the console prompt messages
Disable the "-up" command and switch to automatic execution.
Change the notification level for the unconfigured reverse connection platform to Info
By default, target access is not monitored. Please enable it using the "-monitor-targets" or "-mt" command
Remove duplicate PoC: hikvision-applyct-fastjson-rce
新增
使用 YAML 编写 TCP/UDP 的 POC 文件
使用 YAML 调用 Go 语言的 POC 文件
Shiro Key 检测脚本默认检测 20 个 Key
优化
解决 -update 程序更新时的路径错误问题
改进控制台提示信息
禁用 -up 命令,改为自动执行
将反连平台未配置的提示等级改为 Info
默认情况下不会监视目标访问,请使用 "-monitor-targets" 或 "-mt" 命令进行启用
删除重复 PoC: hikvision-applyct-fastjson-rce
Published by zan8in over 1 year ago
Add:
Optimization:
新增:
优化:
Published by zan8in over 1 year ago
Urgent update:
BUG:
version check
Added:
Revise:
紧急更新
BUG:
版本检查
导致内网无法使用问题新增:
修改: