红蓝对抗打点扫描器开发

2021-06-23

扫描器

字数统计: 4.7k | 阅读时长≈ 26 分钟

Vscan

Vscan 是一款为红队开发的简单、快速的跨平台打点扫描器。

1.目标：翻版goby扫描器

https://github.com/gobysec/Goby
goby是一款已经比较成熟的红队打点扫描器，我目前的开发目标是能达到其同样的效果，虽然有点重复造轮子的嫌疑，但是goby有个缺点是不开源，无法特别灵活的添加自己想要的东西

2.端口扫描

https://github.com/projectdiscovery/naabu

一款扫描器必备的东西是端口扫描，虽然massscan和nmap是非常给力的端口扫描工具，要比其他端口扫描器好用，但是由于他们都是C语言开发的，想要集成到vscan里比较繁琐，所以我选择了大方向go语言的一款端口扫描器，他支持CONNECT、SYN扫描，C段扫描等功能，对于我们来说完全足够

端口扫描一般是作为输入的第一步，所以我们不需要指定太多默认参数，只需要修改一下输出即可

我将Output的默认输出参数调整为ips_port.txt，输出格式为192.168.1.1:80，可以非常方便的读取并进行下一步扫描，同时，我们可以保留其他输入参数，保留原扫描器的功能

3.服务识别

https://github.com/projectdiscovery/httpx
这是一款http服务快速识别扫描器
对于外网打点来说，最重要的就是web快速扫描，这款识别扫描器非常好用，可以快速识别网站的标题、网址、状态码、指纹等，还可以保留内容

同样的，我将它集成到vscan的pkg包里，并赋值一些默认参数，将端口扫描的结果ips_port.txt作为输入

需要注意的是，由于httpx使用了retryablehttp库作为指纹识别，我们需要把retryablehttp库整个下载下来，方便后续的指纹添加,这里我添加了一个shiro指纹，可以快速识别服务器是否使用shiro

4.漏洞扫描（nday、0day自动利用）

我在pkg包里新建了一个exp版块，建立了一个入口函数check，以后其他所有nday也可以使用同样的入口，方便检测

shiro exp内容：
包含CBC、GCM两种方式的检测，遍历测试一百多个key

漏洞扫描的过程我放到了指纹识别以后多线程并行进行，例如如果识别到使用了shiro服务，则调用shiro.Check

matches := r.wappalyzer.Fingerprint(resp.Headers, resp.Data)
for match := range matches {
    technologies = append(technologies, match)
    if match == "Shiro" {
        key := shiro.Check(URL.String())
        if key != ""{
            technologies = append(technologies, "key:"+key)
        }
    }
}

5.演示

➜  vscan git:(main) ✗ sudo go run main.go -host 101.xxx.180.97/24 -top-ports top-100 
Password:
[INF] Running SYN scan with root privileges
101.xxx.180.67:80
101.xxx.180.118:443
101.xxx.180.118:80
101.xxx.180.118:8443
101.xxx.180.125:80
101.xxx.180.18:80
101.xxx.180.15:443
101.xxx.180.15:80
101.xxx.180.25:80
101.xxx.180.207:2001
101.xxx.180.21:80
101.xxx.180.21:443
101.xxx.180.217:80
101.xxx.180.61:80
101.xxx.180.153:80
101.xxx.180.132:7070
101.xxx.180.151:8080
101.xxx.180.151:80
101.xxx.180.121:80
101.xxx.180.7:80
101.xxx.180.7:8080
101.xxx.180.209:80
101.xxx.180.209:443
101.xxx.180.89:443
101.xxx.180.89:80
101.xxx.180.32:80
101.xxx.180.174:80
101.xxx.180.240:80
101.xxx.180.240:8080
101.xxx.180.240:443
101.xxx.180.4:443
101.xxx.180.4:80
101.xxx.180.41:80
101.xxx.180.41:443
101.xxx.180.58:80
101.xxx.180.36:8080
101.xxx.180.232:80
101.xxx.180.232:8081
101.xxx.180.37:80
101.xxx.180.215:80
101.xxx.180.159:80
101.xxx.180.69:80
101.xxx.180.46:8443
101.xxx.180.46:443
101.xxx.180.46:80
101.xxx.180.172:8888
101.xxx.180.172:80
101.xxx.180.101:8080
101.xxx.180.187:80
101.xxx.180.187:143
101.xxx.180.187:53
101.xxx.180.187:443
101.xxx.180.187:110
101.xxx.180.187:995
101.xxx.180.187:587
101.xxx.180.187:25
101.xxx.180.187:993
101.xxx.180.220:443
101.xxx.180.29:8080
101.xxx.180.29:80
101.xxx.180.65:80
101.xxx.180.214:80
101.xxx.180.213:80
101.xxx.180.196:443
101.xxx.180.196:80
101.xxx.180.178:80
101.xxx.180.178:443
101.xxx.180.90:8081
101.xxx.180.90:80
101.xxx.180.182:80
101.xxx.180.78:21
101.xxx.180.78:80
101.xxx.180.78:8080
101.xxx.180.66:8081
101.xxx.180.66:8080
101.xxx.180.45:80
101.xxx.180.10:80
101.xxx.180.24:80
101.xxx.180.143:80
101.xxx.180.2:80
101.xxx.180.22:8080
101.xxx.180.102:80
101.xxx.180.70:80
101.xxx.180.175:443
101.xxx.180.175:80
101.xxx.180.17:80
101.xxx.180.225:80
101.xxx.180.225:8080
101.xxx.180.225:443
101.xxx.180.96:443
101.xxx.180.96:8080
101.xxx.180.96:80
101.xxx.180.161:443
101.xxx.180.161:80
101.xxx.180.127:80
101.xxx.180.38:80
101.xxx.180.87:80
101.xxx.180.87:443
101.xxx.180.208:443
101.xxx.180.208:80
101.xxx.180.140:80
101.xxx.180.169:80
101.xxx.180.63:80
101.xxx.180.81:443
101.xxx.180.9:80
101.xxx.180.20:80
101.xxx.180.97:8080
101.xxx.180.83:80
101.xxx.180.23:80
101.xxx.180.184:80
101.xxx.180.144:80
101.xxx.180.76:80
101.xxx.180.76:8080
101.xxx.180.218:443
101.xxx.180.218:80
101.xxx.180.42:443
101.xxx.180.42:80
101.xxx.180.173:80
101.xxx.180.236:80
101.xxx.180.236:443
101.xxx.180.176:8443
101.xxx.180.176:443
101.xxx.180.176:80
101.xxx.180.171:80
101.xxx.180.171:443
101.xxx.180.216:80
101.xxx.180.51:80
101.xxx.180.155:443
101.xxx.180.155:8888
101.xxx.180.155:8080
101.xxx.180.155:80
101.xxx.180.138:80
101.xxx.180.3:80
101.xxx.180.40:80
101.xxx.180.157:8888
101.xxx.180.157:8080
101.xxx.180.157:80
101.xxx.180.157:443
101.xxx.180.47:80
101.xxx.180.47:443
101.xxx.180.47:8443
101.xxx.180.198:80
101.xxx.180.198:443
101.xxx.180.185:80
101.xxx.180.103:443
101.xxx.180.103:80
101.xxx.180.103:8080
101.xxx.180.109:80
101.xxx.180.98:80
101.xxx.180.98:8080
101.xxx.180.13:443
101.xxx.180.13:80
101.xxx.180.131:80
101.xxx.180.82:80
101.xxx.180.82:8080
101.xxx.180.82:81
101.xxx.180.233:8081
101.xxx.180.233:443
101.xxx.180.233:8080
101.xxx.180.233:80
101.xxx.180.228:80
101.xxx.180.43:443
101.xxx.180.43:80
101.xxx.180.31:80
101.xxx.180.85:80
101.xxx.180.95:443
101.xxx.180.19:80
101.xxx.180.142:80
101.xxx.180.183:80
101.xxx.180.139:80
101.xxx.180.104:80
101.xxx.180.147:443
101.xxx.180.147:8080
101.xxx.180.147:80
101.xxx.180.212:80
101.xxx.180.212:443
101.xxx.180.72:8080
101.xxx.180.193:80
101.xxx.180.193:443
101.xxx.180.106:80
101.xxx.180.226:8080
101.xxx.180.64:443
101.xxx.180.64:80
101.xxx.180.206:2001
101.xxx.180.237:80
101.xxx.180.237:8080
101.xxx.180.39:80
101.xxx.180.241:80
101.xxx.180.28:80
101.xxx.180.8:80
101.xxx.180.68:443
101.xxx.180.177:80
101.xxx.180.158:443
101.xxx.180.158:8888
101.xxx.180.158:80
101.xxx.180.158:8080
101.xxx.180.44:443
101.xxx.180.44:80
101.xxx.180.71:80
101.xxx.180.71:443
101.xxx.180.99:443
101.xxx.180.99:80
101.xxx.180.99:8080
101.xxx.180.168:80
101.xxx.180.168:8888
101.xxx.180.62:80
101.xxx.180.62:443
101.xxx.180.123:443
101.xxx.180.123:80
101.xxx.180.33:80
101.xxx.180.128:8080
101.xxx.180.152:80
101.xxx.180.152:6000
101.xxx.180.188:443
101.xxx.180.26:80
101.xxx.180.211:80
101.xxx.180.211:8888
101.xxx.180.154:8888
101.xxx.180.154:80
101.xxx.180.154:8080
101.xxx.180.56:80
101.xxx.180.86:80
http://101.xxx.180.121 [200] [] [mod_dav,Apache,UNIX]
http://101.xxx.180.128:8080 [200] [] [Resin,Java]
http://101.xxx.180.131 [200] [] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.103 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.161:443 [400] [400 The plain HTTP request was sent to HTTPS port] [Nginx]
http://101.xxx.180.125 [200] [XX科技党建] [Nginx]
http://101.xxx.180.118 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.151 [200] [IIS7] [IIS,Windows Server]
http://101.xxx.180.109 [302,200] [XX政府采购网] [Java Servlet,Java,JavaServer Pages,mod_dav,Apache,UNIX] [http://101.xxx.180.109/login.do;jsessionid=cKqtgSvHwbDqWZ4LlQ1jrVy6NDy0d2pqjh7McrjJTKQMhB3dPprY!-1317743727!-380700843?method=beginloginnew]
https://101.xxx.180.13 [200] [XX市电子印章公共服务平台] [Nginx,Bootstrap,jQuery]
https://101.xxx.180.152:6000 [302,200] [登录超时，请重新登录] [https://101.xxx.180.152:6000/common/error.htm]
http://101.xxx.180.174 [200] [] [Windows Server,Microsoft ASP.NET,IIS]
https://101.xxx.180.147 [403] [403 Forbidden] [Nginx]
https://101.xxx.180.118 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.127 [200] [] [Nginx]
http://101.xxx.180.15 [301,200] [XX市法学会] [Nginx,Public CMS,Java,Bootstrap,jQuery] [https://101.xxx.180.15/]
http://101.xxx.180.151:8080 [200] [Apache Tomcat/8.5.24]
http://101.xxx.180.103:8080 [404] []
https://101.xxx.180.118:8443 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.144 [200] [创•在XX] [PHP,Apache,Windows Server,OpenSSL,Bootstrap,jQuery,animate.css]
http://101.xxx.180.161 [200] [XX少年儿童图书馆] [Nginx,Vue.js,Nuxt.js,Node.js]
http://101.xxx.180.101:8080 [404] []
https://101.xxx.180.15 [200] [XX市法学会] [Bootstrap,jQuery,Nginx,Public CMS,Java]
http://101.xxx.180.183 [403] []
http://101.xxx.180.147:8080 [404] []
http://101.xxx.180.123 [200] [] [Nginx]
http://101.xxx.180.106 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.142 [403] [403 Forbidden] [Apache]
http://101.xxx.180.153 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.18 [502] [502 Bad Gateway]
https://101.xxx.180.123 [200] [] [Nginx]
http://101.xxx.180.132:7070 [200] [Openfire HTTP Binding Service]
http://101.xxx.180.169 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.104 [200] [] [Apache,mod_dav,UNIX]
https://101.xxx.180.171 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.140 [404] [404 Not Found] [Nginx]
https://101.xxx.180.196:80 [404] []
http://101.xxx.180.139 [200] []
http://101.xxx.180.168 [302,200] [XX市科学学研究所协同系统 V8.0SP1] [Java] [http://101.xxx.180.168:80/seeyon/index.jsp]
http://101.xxx.180.155 [302,302,200] [unKnow Oops] [Font Awesome,Bootstrap,jQuery,Bootstrap Table,Apache Tomcat,Java,Ionicons] [http://www.xxx.com.cn/unKnow.html]
https://101.xxx.180.198 [404] []
http://101.xxx.180.152 [200] [IIS7] [IIS,Windows Server]
http://101.xxx.180.158 [302,302,200] [unKnow Oops] [Font Awesome,Bootstrap,jQuery,Bootstrap Table,Ionicons,Apache Tomcat,Java] [http://www.xxx.com.cn/unKnow.html]
http://101.xxx.180.154 [302,302,200] [unKnow Oops] [Bootstrap Table,Ionicons,Font Awesome,Apache Tomcat,Java,Bootstrap,jQuery] [http://www.xxx.com.cn/unKnow.html]
http://101.xxx.180.103 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.168:8888 [302,200] [XX市科学学研究所协同系统 V8.0SP1] [Java] [http://101.xxx.180.168:8888/seeyon/index.jsp]
http://101.xxx.180.211:8888 [404] []
http://101.xxx.180.147 [301,200] [XX化学工业区管理委员会] [Nginx,Bootstrap,jQuery] [https://www.xxx.cn/]
http://101.xxx.180.138 [200] [欢迎光临——XX市科技金融信息服务平台 | 科技履约贷款申请、科技小巨人贷款申请、成果转化项目贷款申请、科技小微贷款申请、股权融资申请、金融、投资、中介机构、科技专家] [Apache,ThinkPHP,PHP,Bootstrap,jQuery]
http://101.xxx.180.175 [503] [Service Unavailable] [Microsoft HTTPAPI]
https://101.xxx.180.176 [404] [HTTP Status 404 – Not Found]
https://101.xxx.180.220 [200] [Welcome to nginx!] [Nginx]
https://101.xxx.180.176:8443 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.228 [404] [Error 404--Not Found] [UNIX,Apache,Java Servlet,JavaServer Pages,Java]
http://101.xxx.180.13 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.157 [302,302,200] [unKnow Oops] [Bootstrap Table,Apache Tomcat,Java,Ionicons,Font Awesome,Bootstrap,jQuery] [http://www.shgbdsgl.com.cn/unKnow.html]
https://101.xxx.180.178 [200] [无标题文档] [W`indows Server,Slick,jQuery,OWL Carousel,Microsoft ASP.NET,IIS]
http://101.xxx.180.187 [403] [403 - 禁止访问: 访问被拒绝。] [Windows Server,Microsoft ASP.NET,IIS]
http://101.xxx.180.178 [200] [无标题文档] [Windows Server,Slick,jQuery,OWL Carousel,Microsoft ASP.NET,IIS]
http://101.xxx.180.102 [404] [Apache Tomcat/5.0.27 - Error report] [Apache Tomcat,Java]
https://101.xxx.180.187 [301,302,200] [Outlook Web App] [Microsoft ASP.NET,IIS,Windows Server] [https://101.xxx.180.187/owa/auth/logon.aspx?url=https%3a%2f%2f101.xxx.180.187%2fowa%2f&reason=0]
http://101.xxx.180.193 [404] [] [Envoy]
http://101.xxx.180.171 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.172 [200] [] [Jetty,Java]
https://101.xxx.180.196 [404] []
http://101.xxx.180.25 [200] [IIS Windows Server] [IIS,Windows Server]
http://101.xxx.180.214 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.212 [200] [IIS Windows Server] [Windows Server,Microsoft ASP.NET,IIS]
http://101.xxx.180.177 [200] [XX市智慧城市建设试点示范项目申报系统-用户登录] [Apache Tomcat,Java]
http://101.xxx.180.216 [404] [HTTP状态 404 - 未找到]
https://101.xxx.180.209 [200] []
http://101.xxx.180.176 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.217 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.218 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.236 [302,302,200] [网络服务平台 XX市工商联合会 XX市总商会] [Java] [https://101.xxx.180.236/hbIndexAction!indexMain.action]
http://101.xxx.180.218 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.17 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.31 [200] [XX市服务央企平台] [Apache Tomcat,Java]
http://101.xxx.180.182 [200] [一库两平台系统] [Java,Apache Tomcat]
http://101.xxx.180.233 [302,302,200] [Grafana] [Nginx] [http://101.xxx.180.233:80/graph/login]
http://101.xxx.180.185 [502] [502 Bad Gateway]
http://101.xxx.180.237 [200] [Welcome to nginx!] [Nginx]
https://101.xxx.180.233 [302,302,200] [Grafana] [Nginx] [https://101.xxx.180.233:443/graph/login]
http://101.xxx.180.232 [200] [IIS7] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.237:8080 [404] [] [Apache Tomcat,Java]
https://101.xxx.180.42 [200] [XX血液中心维护中] [OpenResty,Nginx]
https://101.xxx.180.188 [200] [XX市新闻出版局办公外网系统] [Java,Nginx]
http://101.xxx.180.23 [] [500 Internal Server Error] [Nginx]
http://101.xxx.180.240:8080 [200] [XX市民防办公室] [Apache Tomcat,Java]
http://101.xxx.180.19 [404] [] [Apache Tomcat,Java]
https://101.xxx.180.208 [404] []
http://101.xxx.180.241 [404] [HTTP状态 404 - 未找到]
http://101.xxx.180.184 [302,200] [XX新闻出版 XX版权] [Java] [http://101.xxx.180.184/index.jsp]
http://101.xxx.180.211 [502] [502 Bad Gateway]
https://101.xxx.180.175 [503] [Service Unavailable] [Microsoft HTTPAPI]
http://101.xxx.180.26 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.213 [502] [502 Bad Gateway]
https://101.xxx.180.208:80 [404] []
http://101.xxx.180.29 [404] [] [Java,Apache Tomcat]
http://101.xxx.180.29:8080 [404] [] [Apache Tomcat,Java]
https://101.xxx.180.21 [400] [] [Apache Tomcat,Java]
http://101.xxx.180.226:8080 [302,200] [proxyService] [http://101.xxx.180.226:8080/login]
http://101.xxx.180.61 [403] [提示]
http://101.xxx.180.2 [200] [Welcome to Apusic Application Server] [Java]
http://101.xxx.180.232:8081 [200] [Apache Tomcat/8.5.38]
http://101.xxx.180.233:8080 [302,200] [proxyService] [http://101.xxx.180.233:8080/login]
http://101.xxx.180.37 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.62 [301,200] [] [PHP,Nginx] [https://101.xxx.180.62/]
http://101.xxx.180.3 [200] [XX青年云平台] [Apache Tomcat,Java]
http://101.xxx.180.33 [200] [XX市经信委会展工作信息平台] [Apache Tomcat,Java]
http://101.xxx.180.69 [200] [XX市公务人员统一身份认证平台] [Nginx]
http://101.xxx.180.21 [400] [] [Apache Tomcat,Java]
http://101.xxx.180.43 [404] [Not Found]
http://101.xxx.180.64 [302,302,200] [XX博物馆] [Java,Handlebars,Slick,jQuery] [https://101.xxx.180.64/mu/frontend/pg/index]
https://101.xxx.180.41 [404] [Not Found]
http://101.xxx.180.42 [404] [404 Not Found] [OpenResty,Nginx]
https://101.xxx.180.44 [200] [首页] [Apache,Ubuntu]
http://101.xxx.180.240 [403] [403 Forbidden] [Nginx]
https://101.xxx.180.81 [404] [404 Not Found]
https://101.xxx.180.240 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.41 [200] [IIS Windows Server]
http://101.xxx.180.70 [404] [Not Found] [Microsoft HTTPAPI]
https://101.xxx.180.198:80 [404] []
https://101.xxx.180.43 [] [运行时错误]
http://101.xxx.180.24 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.46 [302,200] [XX市财政局] [OWL Carousel,jQuery] [https://xxx]
http://101.xxx.180.38 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.46 [302,200] [XX市财政局] [OWL Carousel,jQuery] [http://xxx]
http://101.xxx.180.28 [200] [党建网管理后台] [Nginx,Java]
https://101.xxx.180.47 [302,200] [XX市财政局] [OWL Carousel,jQuery] [https://xxx]
https://101.xxx.180.236 [302,200] [网络服务平台 XX市工商联合会 XX市总商会] [Java] [https://101.xxx.180.236:443/hbIndexAction!indexMain.action]
http://101.xxx.180.89 [999] [] [Nginx]
http://101.xxx.180.63 [200] [XX世博会博物馆] [IIS,Windows Server,animate.css,OWL Carousel,jQuery]
http://101.xxx.180.47 [302,200] [XX市财政局] [OWL Carousel,jQuery] [http://xxx]
http://101.xxx.180.32 [200] [网站域名不存在] [Apache Tomcat,Java]
http://101.xxx.180.215 [302,200] [XX市建筑垃圾综合服务监管平台] [Microsoft ASP.NET,IIS] [http://xxx/SHCityEnvCW/CWS/index.html]
https://101.xxx.180.62 [200] [] [PHP,Nginx]
http://101.xxx.180.96 [404] []
http://101.xxx.180.58 [404] [] [Java,Apache Tomcat]
http://101.xxx.180.67 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.40 [200] [IIS7] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.68 [200] [XX市计量测试技术研究院门户网站] [Apache]
http://101.xxx.180.45 [200] [XX企业提升自主创新能力] [Nginx]
https://101.xxx.180.64 [302,302,200] [XX博物馆] [Java,Slick,jQuery,Handlebars] [https://101.xxx.180.64:443/mu/frontend/pg/m/index]
http://101.xxx.180.76 [400] [Bad Request] [Microsoft HTTPAPI]
http://101.xxx.180.44 [302,200] [首页] [Apache,Ubuntu] [https://101.xxx.180.44/]
https://101.xxx.180.71 [302,200] [Sign in · GitLab] [Vue.js,Ruby,Nginx,GitLab,Ruby on Rails] [https://101.xxx.180.71/users/sign_in]
http://101.xxx.180.7 [200] [IIS7] [IIS,Windows Server]
http://101.xxx.180.82 [200] [XX市健康中心]
https://101.xxx.180.46:8443 [502] [502 Bad Gateway]
http://101.xxx.180.86 [200] [] [OpenSSL,PHP,Apache,Windows Server]
http://101.xxx.180.51 [200] [] [mod_jk,Apache Tomcat,OpenSSL,UNIX,Apache]
http://101.xxx.180.4 [200] [] [Windows Server,mod_jk,Apache Tomcat,Java,Apache]
http://101.xxx.180.90 [200] [XX市水务局一网通办] [Apache Tomcat,Java]
https://101.xxx.180.89 [200] [XX血液中心维护中] [Nginx]
http://101.xxx.180.4:443 [503] []
http://101.xxx.180.22:8080 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.65 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.56 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.90:8081 [200] [Apache Tomcat/7.0.40] [Nginx]
http://101.xxx.180.66:8080 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.66:8081 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.9 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.39 [200] [XX网] [Nginx,Bootstrap,jQuery]
[+] Url:  http://101.xxx.180.97:8080
[+] CBC-KEY: kPH+bIxk5D2deZiIxcaaaA==
[+] rememberMe= 7h07qc6BQW2AOusAHluBki9jLZlew1/VEAofmo+wSzebi5XQV71r3fp2XHYLQWzdTXkl7aXly8scIB6rFy2UqEi+QtNybAFyzvZy2H8FUVg6v0l54oxaGGnJT8zhdo2fdalvCsD1fnfnxCypjm8t2svagr5wNxb0N2Tqa8q/SAQ2eRls+m2XEHRlrFx8u1jH
http://101.xxx.180.97:8080 [302,302,200] [XX卫生登陆界面] [Shiro,key:kPH+bIxk5D2deZiIxcaaaA==,Java] [http://101.xxx.180.97:8080/key/login;JSESSIONID=5e1544ea64e34d7ca376046b746fb5ca]
http://101.xxx.180.78 [200] [IIS Windows Server] [IIS,Windows Server,Microsoft ASP.NET]
http://101.xxx.180.78:8080 [200] [Apache Tomcat/8.0.3] [Apache Tomcat,Java]
http://101.xxx.180.36:8080 [400] [] [Apache Tomcat,Java]
http://101.xxx.180.85 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.71 [301,302,200] [Sign in · GitLab] [Nginx,GitLab,Ruby on Rails,Vue.js,Ruby] [https://xxx.cn/users/sign_in]
http://101.xxx.180.8 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.7:8080 [404] [Apache Tomcat/6.0.32 - Error report] [Apache Tomcat,Java]
https://101.xxx.180.99 [404] []
http://101.xxx.180.98:8080 [404] [HTTP状态 404 - 未找到]
http://101.xxx.180.99:8080 [502] [502 Bad Gateway]
http://101.xxx.180.72:8080 [200] [] [Nginx]
http://101.xxx.180.76:8080 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.96:8080 [404] []
http://101.xxx.180.159 [302,200] [后台 登录] [Shiro,Java,Font Awesome,Bootstrap,jQuery,animate.css] [http://101.xxx.180.159:80/login.shtml;JSESSIONID=db28a935-02dd-4f08-8c8f-639d2852a0f1]
https://101.xxx.180.95 [200] [XX市科技创新管理服务信息系统] [Apache Tomcat,Shiro,Java]
https://101.xxx.180.96 [200] [首页] [Shiro,Java]
http://101.xxx.180.99 [200] [首页] [Shiro,Java]

6.TO DO

1.加入智能后台弱口令扫描
2.加入泛微、致远等nday

7.源码

暂未公开

版权声明： 本博客所有文章除特别声明外，著作权归作者所有。转载请注明出处！