【技术讨论】一个漏洞批量验证的小工具hackUtils

一个方便大家渗透以及web安全研究的批量漏洞扫描和验证的小工具hackUtils。

项目地址：
https://github.com/brianwrf/hackUtils

Usage:

Options:

-h, --help Show basic help message and exit
-b keyword, --baidu=keyword Fetch URLs from Baidu based on specific keyword
-g keyword, --google=keyword Fetch URLs from Google based on specific keyword
-i keyword, --censysip=keyword Fetch IPs from Censys based on specific keyword
-u keyword, --censysurl=keyword Fetch URLs from Censys based on specific keyword
-w keyword, --wooyun=keyword Fetch URLs from Wooyun Corps based on specific keyword
-j url|file, --joomla=url|file Exploit SQLi for Joomla 3.2 - 3.4
-r url|file, --rce=url|file Exploit Remote Code Execution for Joomla 1.5 - 3.4.5
-f url|file, --ffcms=url|file Exploit Remote Code Execution for FeiFeiCMS 2.8
-k ip|file[::cmd], --jenkins=ip|file[::cmd] Exploit Remote Code Execution for XStream (Jenkins CVE-2016-0792)
-o url|file[::cmd], --shiro=url|file[::cmd] Exploit Remote Code Execution for Apache Shiro 1.2.4
-s url|file, --s2032=url|file Exploit Remote Code Execution for Struts2 (S2-032)
-d site, --domain=site Scan subdomains based on specific site
-e string, --encrypt=string Encrypt string based on specific encryption algorithms (e.g. base64, md5, sha1, sha256, etc.)

Examples:

飞侠来啦，

哦啦啦

前排围观楼主神器

感谢分享

哈，今天测试Apache Shiro 1.2.4这个漏洞的时候就用上的这个工具。感谢呀~

技术交流QQ群： 397745473
来自:https://xianzhi.aliyun.com/forum/read/373.html?fpage=11

CH_vksec