20230120-v1.1.8

README.en-us.md

@@ -1,7 +1,7 @@
 # vulcat
 
 [![python](https://img.shields.io/badge/Python-3-blue?logo=python)](https://shields.io/)
-[![version](https://img.shields.io/badge/Version-1.1.7-blue)](https://shields.io/)
+[![version](https://img.shields.io/badge/Version-1.1.8-blue)](https://shields.io/)
 [![license](https://img.shields.io/badge/LICENSE-GPL-yellow)](https://shields.io/)
 [![stars](https://img.shields.io/github/stars/CLincat/vulcat?color=red)](https://shields.io/)
 [![forks](https://img.shields.io/github/forks/CLincat/vulcat?color=red)](https://shields.io/)
@@ -47,7 +47,7 @@ Examples:
 python3 vulcat.py -u https://www.example.com/
 python3 vulcat.py -u https://www.example.com/ -a thinkphp --log 3
 python3 vulcat.py -u https://www.example.com/ -a tomcat -v CVE-2017-12615
-python3 vulcat.py -f url.txt -t 10
+python3 vulcat.py -f url.txt -t 10 -o html
 python3 vulcat.py --list
 ```
 
@@ -116,11 +116,11 @@ Options:
                         number does not discriminate between sizes, and the
                         symbol - and _ are acceptable (e.g. -a fastjson -v
                         cnVD-2019-22238 or -a Tomcat -v CVE-2017_12615)
-    -x, --exp           Use with the -a and -v parameters, After the Poc scan,
-                        if the vulnerability exists, enter the Exp interaction
-                        mode of the vulnerability; You can use --list to see
-                        Exp support vulnerabilities. (e.g. -a httpd -v
-                        CVE-2021-42013 -x)
+    --shell             Use with the -a and -v parameters, After the Poc scan,
+                        if the vulnerability exists, enter the Shell
+                        interaction mode of the vulnerability; You can use
+                        --list to see Shell support vulnerabilities. (e.g. -a
+                        httpd -v CVE-2021-42013 -x)
 
   Api:
     The third party Api
@@ -134,13 +134,9 @@ Options:
   Save:
     Save scan results
 
-    --output-text=TXT_FILENAME
-                        Save the scan results in TXT format, no vulnerability
-                        will not generate files(e.g. --output-text result.txt)
-    --output-json=JSON_FILENAME
-                        Save the scan results in JSON format, no vulnerability
-                        will not generate files(e.g. --output-text
-                        result.json)
+    -o OUTPUT, --output=OUTPUT
+                        Save the scan results in txt/json/html format, no
+                        vulnerability will not generate files (e.g. -o html)
 
   General:
     General operating parameter
@@ -156,34 +152,34 @@ Options:
     --list              View all payload
 
   Supported target types(Case insensitive):
-    AliDruid, airflow, apisix, apachedruid, appweb, cisco, confluence, discuz, django,
-    drupal, elasticsearch, f5bigip, fastjson, flink, gitea, gitlab,
-    grafana, influxdb, hadoop, httpd, jenkins, jetty, jupyter, keycloak,
-    landray, minihttpd, mongoexpress, nexus, nacos, nodejs, nodered,
-    phpmyadmin, phpunit, rails, showdoc, solr, spring, supervisor,
-    skywalking, thinkphp, tomcat, ueditor, weblogic, webmin, yonyou, zabbix
+    AliDruid, airflow, apisix, apachedruid, appweb, cisco, confluence,
+    discuz, django, drupal, elasticsearch, f5bigip, fastjson, flink,
+    gitea, gitlab, grafana, influxdb, hadoop, httpd, jenkins, jetty,
+    jupyter, keycloak, landray, minihttpd, mongoexpress, nexus, nacos,
+    nodejs, nodered, phpmyadmin, phpunit, rails, showdoc, solr, spring,
+    supervisor, skywalking, thinkphp, tomcat, ueditor, weblogic, webmin,
+    yonyou, zabbix
 ```
 
 ## language
-You can change the language of -h/--help, currently only Chinese and English
+You can change the language of vulcat, currently only Chinese and English
 
-* Open the vulcat/lib/initial/language.py
-* Switching the "return" order and then saving the file implements the -h/--help language switch
+* Open the vulcat/config.yaml
+* Modify the value of "language" and save the file to switch the Vulcat language
 
 ```
-def language():
-    return lang['zh_cn']
-    return lang['en_us']
+# Language, default is English en-us, Chinese is zh-cn
+language: en-us
 ```
 
 ## Dnslog
 You can customize http://ceye.io
 
-* Open the vulcat/lib/initial/config.py
-* Find the code below, fill in your domain name and token, and save the file
+* Open the vulcat/config.yaml
+* Find the following code, replace Null with your own domain name and token, and save the file
 ```
-args.ceye_domain = ''
-args.ceye_token = ''
+ceye-domain: Null
+ceye-token: Null
 ```
 
 ## Custom POC
@@ -201,7 +197,7 @@ args.ceye_token = ''
 
 ```
 +----------------------+--------------------+--------------+-----+--------------------------------------------------------------+
-| Target               | Vuln id            | Vuln Type    | Exp | Description                                                  |
+| Target               | Vuln id            | Vuln Type    | Sh  | Description                                                  |
 +----------------------+--------------------+--------------+-----+--------------------------------------------------------------+
 | Alibaba Druid        | (None)             | unAuth       |  -  | Alibaba Druid unAuthorized                                   |
 +----------------------+--------------------+--------------+-----+--------------------------------------------------------------+
@@ -349,9 +345,9 @@ args.ceye_token = ''
 +----------------------+--------------------+--------------+-----+--------------------------------------------------------------+
 | Zabbix               | CVE-2016-10134     | SQLinject    |  -  | latest.php or jsrpc.php SQLinject                            |
 +----------------------+--------------------+--------------+-----+--------------------------------------------------------------+
-vulcat-1.1.7/2022.12.15
+vulcat-1.1.8/2023.01.20
 99/Poc
-37/Exp
+37/Shell
 ```
 </details>
 
@@ -360,6 +356,9 @@ vulcat-1.1.7/2022.12.15
 * [sqlmap](https://github.com/sqlmapproject/sqlmap)
 * [dirsearch](https://github.com/maurosoria/dirsearch)
 * [HackRequests](https://github.com/boy-hack/hack-requests)
+* [vulhub](https://github.com/vulhub/vulhub)
+* [vulfocus](https://github.com/fofapro/vulfocus)
+* [ttkbootstrap](https://github.com/israel-dryer/ttkbootstrap/)
 
 ## Star History
 [![Star History Chart](https://api.star-history.com/svg?repos=CLincat/vulcat&type=Timeline)](https://star-history.com/#Ashutosh00710/github-readme-activity-graph&Timeline)

README.md

@@ -1,7 +1,7 @@
 # vulcat
 
 [![python](https://img.shields.io/badge/Python-3-blue?logo=python)](https://shields.io/)
-[![version](https://img.shields.io/badge/Version-1.1.7-blue)](https://shields.io/)
+[![version](https://img.shields.io/badge/Version-1.1.8-blue)](https://shields.io/)
 [![license](https://img.shields.io/badge/LICENSE-GPL-yellow)](https://shields.io/)
 [![stars](https://img.shields.io/github/stars/CLincat/vulcat?color=red)](https://shields.io/)
 [![forks](https://img.shields.io/github/forks/CLincat/vulcat?color=red)](https://shields.io/)
@@ -50,7 +50,7 @@ Examples:
 python3 vulcat.py -u https://www.example.com/
 python3 vulcat.py -u https://www.example.com/ -a thinkphp --log 3
 python3 vulcat.py -u https://www.example.com/ -a tomcat -v CVE-2017-12615
-python3 vulcat.py -f url.txt -t 10
+python3 vulcat.py -f url.txt -t 10 -o html
 python3 vulcat.py --list
 ```
 
@@ -109,8 +109,9 @@ Options:
                         指定漏洞编号, 配合-a/--application对单个漏洞进行扫描, 可以使用--list查看漏洞编号,
                         没有漏洞编号的漏洞暂不支持, 编号不区分大小, 符号-和_皆可 (如: -a fastjson -v
                         CNVD-2019-22238 或者 -a Tomcat -v cvE-2017_12615)
-    -x, --exp           配合-a和-v参数进行使用, Poc扫描过后, 如果该漏洞存在, 则进入该漏洞的Exp交互模式; 可以使用
-                        --list查看支持Exp的漏洞(如: -a httpd -v CVE-2021-42013 -x)
+    --shell             配合-a和-v参数进行使用, Poc扫描过后, 如果该漏洞存在, 则进入该漏洞的Shell交互模式;
+                        可以使用--list查看支持Shell的漏洞(如: -a httpd -v CVE-2021-42013
+                        -x)
 
   Api:
     第三方api
@@ -122,11 +123,8 @@ Options:
   Save:
     保存扫描结果
 
-    --output-text=TXT_FILENAME
-                        以txt格式保存扫描结果, 无漏洞时不会生成文件(如: --output-text result.txt)
-    --output-json=JSON_FILENAME
-                        以json格式保存扫描结果, 无漏洞时不会生成文件(如: --output-text
-                        result.json)
+    -o OUTPUT, --output=OUTPUT
+                        以txt/json/html格式保存扫描结果, 无漏洞时不会生成文件 (如: -o html)
 
   General:
     通用工作参数
@@ -141,33 +139,34 @@ Options:
     --list              查看所有Payload
 
   支持的目标类型(-a参数, 不区分大小写):
-    AliDruid, airflow, apisix, apachedruid, appweb, cisco, confluence, discuz, django,
-    drupal, elasticsearch, f5bigip, fastjson, flink, gitea, gitlab,
-    grafana, influxdb, hadoop, httpd, jenkins, jetty, jupyter, keycloak,
-    landray, minihttpd, mongoexpress, nexus, nacos, nodejs, nodered,
-    phpmyadmin, phpunit, rails, showdoc, solr, spring, supervisor,
-    skywalking, thinkphp, tomcat, ueditor, weblogic, webmin, yonyou, zabbix
+    AliDruid, airflow, apisix, apachedruid, appweb, cisco, confluence,
+    discuz, django, drupal, elasticsearch, f5bigip, fastjson, flink,
+    gitea, gitlab, grafana, influxdb, hadoop, httpd, jenkins, jetty,
+    jupyter, keycloak, landray, minihttpd, mongoexpress, nexus, nacos,
+    nodejs, nodered, phpmyadmin, phpunit, rails, showdoc, solr, spring,
+    supervisor, skywalking, thinkphp, tomcat, ueditor, weblogic, webmin,
+    yonyou, zabbix
 ```
 
 ## 语言
-可以修改-h/--help的语言, 目前只有中文和英文(麻麻再也不用担心我看不懂啦!)
+可以修改vulcat的语言, 目前只有中文和英文(麻麻再也不用担心我看不懂英文啦!)
 
-* 打开vulcat/lib/initial/language.py, 打开后会看到以下代码↓
-* en_us为英文, zh_cn为中文, 将return调换上下顺序, 然后保存文件就实现了-h语言的切换
+* 打开vulcat/config.yaml, 打开后会看到以下代码↓
+* 对language的值进行修改, 然后保存文件就实现了vulcat语言的切换
 ```
-def language():
-    return lang['zh_cn']
-    return lang['en_us']
+# 语言, 默认为英文en-us, 中文为zh-cn
+language: en-us
 ```
 
 ## 自定义Dnslog平台
 可以定义自己的http://ceye.io
 
-* 打开vulcat/lib/initial/config.py
-* 找到以下代码, 填写自己的域名和token, 保存文件即可
+* 打开vulcat/config.yaml
+* 找到以下代码, 将Null替换为自己的域名和token, 保存文件即可
 ```
-args.ceye_domain = ''
-args.ceye_token = ''
+# ceye.io的域名和token
+ceye-domain: Null
+ceye-token: Null
 ```
 
 ## 自定义 POC
@@ -185,7 +184,7 @@ args.ceye_token = ''
 
 ```
 +----------------------+--------------------+--------------+-----+----------------------------------------------------------------------+
-| Target               | Vuln id            | Vuln Type    | Exp | Description                                                          |
+| Target               | Vuln id            | Vuln Type    | Sh  | Description                                                          |
 +----------------------+--------------------+--------------+-----+----------------------------------------------------------------------+
 | Alibaba Druid        | (None)             | unAuth       |  -  | 阿里巴巴Druid未授权访问                                              |
 +----------------------+--------------------+--------------+-----+----------------------------------------------------------------------+
@@ -333,9 +332,9 @@ args.ceye_token = ''
 +----------------------+--------------------+--------------+-----+----------------------------------------------------------------------+
 | Zabbix               | CVE-2016-10134     | SQLinject    |  -  | latest.php或jsrpc.php存在sql注入                                     |
 +----------------------+--------------------+--------------+-----+----------------------------------------------------------------------+
-vulcat-1.1.7/2022.12.15
+vulcat-1.1.8/2023.01.20
 99/Poc
-37/Exp
+37/Shell
 ```
 </details>
 
@@ -344,6 +343,9 @@ vulcat-1.1.7/2022.12.15
 * [sqlmap](https://github.com/sqlmapproject/sqlmap)
 * [dirsearch](https://github.com/maurosoria/dirsearch)
 * [HackRequests](https://github.com/boy-hack/hack-requests)
+* [vulhub](https://github.com/vulhub/vulhub)
+* [vulfocus](https://github.com/fofapro/vulfocus)
+* [ttkbootstrap](https://github.com/israel-dryer/ttkbootstrap/)
 
 ## 参考链接
 

config.yaml

@@ -0,0 +1,41 @@
+# 语言, 默认为英文en-us, 中文为zh-cn
+language: en-us
+
+# ceye.io的域名和token
+ceye-domain: Null
+ceye-token: Null
+
+# 请求Header
+  # 运行时指定--user-agent参数, 会覆盖config.yaml的User-Agent
+headers:
+  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0
+  Content-Type: application/x-www-form-urlencoded
+  # 符号 * 要用引号引起来
+  Accept: "*/*"
+  Connection: close
+
+# 当指定-a参数为all时, 或框架指纹识别失败时, 将会使用以下框架的POC进行扫描, 可以控制开关
+applist: [
+  'airflow', 'alidruid', 'apachedruid', 'apacheunomi', 'apisix', 'appweb', 
+  'cisco', 'confluence', 
+  'discuz', 'django', 'drupal', 
+  'elasticsearch', 
+  'f5bigip', 'fastjson', 'flink', 
+  'gitea', 'gitlab', 
+  # 'grafana', # 由于该框架的POC请求过多, 会影响扫描速度, 所以默认不会启用 (当指纹识别到Grafana框架, 或-a指定时才会进行扫描)
+  'hadoop', 'httpd', 
+  'influxdb', 
+  'jenkins', 'jetty', 'jupyter', 
+  'keycloak', 
+  'landray', 
+  'minihttpd', 'mongoexpress', 
+  'nacos', 'nexus', 'nodejs', 'nodered', 
+  'phpmyadmin', 'phpunit', 
+  'rails', 
+  'showdoc', 'skywalking', 'solr', 'spring', 'supervisor', 
+  'thinkphp', 'tomcat', 
+  'ueditor', 
+  'weblogic', 'webmin', 
+  'yonyou', 
+  'zabbix'
+]