红蓝对抗打点扫描器开发

Vscan

Vscan 是一款为红队开发的简单、快速的跨平台打点扫描器。

1.目标:翻版goby扫描器

https://github.com/gobysec/Goby
goby是一款已经比较成熟的红队打点扫描器,我目前的开发目标是能达到其同样的效果,虽然有点重复造轮子的嫌疑,但是goby有个缺点是不开源,无法特别灵活的添加自己想要的东西

2.端口扫描

https://github.com/projectdiscovery/naabu

一款扫描器必备的东西是端口扫描,虽然massscan和nmap是非常给力的端口扫描工具,要比其他端口扫描器好用,但是由于他们都是C语言开发的,想要集成到vscan里比较繁琐,所以我选择了大方向go语言的一款端口扫描器,他支持CONNECT、SYN扫描,C段扫描等功能,对于我们来说完全足够

端口扫描一般是作为输入的第一步,所以我们不需要指定太多默认参数,只需要修改一下输出即可

我将Output的默认输出参数调整为ips_port.txt,输出格式为192.168.1.1:80,可以非常方便的读取并进行下一步扫描,同时,我们可以保留其他输入参数,保留原扫描器的功能

3.服务识别

https://github.com/projectdiscovery/httpx
这是一款http服务快速识别扫描器
对于外网打点来说,最重要的就是web快速扫描,这款识别扫描器非常好用,可以快速识别网站的标题、网址、状态码、指纹等,还可以保留内容

同样的,我将它集成到vscan的pkg包里,并赋值一些默认参数,将端口扫描的结果ips_port.txt作为输入

需要注意的是,由于httpx使用了retryablehttp库作为指纹识别,我们需要把retryablehttp库整个下载下来,方便后续的指纹添加,这里我添加了一个shiro指纹,可以快速识别服务器是否使用shiro

4.漏洞扫描(nday、0day自动利用)

我在pkg包里新建了一个exp版块,建立了一个入口函数check,以后其他所有nday也可以使用同样的入口,方便检测

shiro exp内容:
包含CBC、GCM两种方式的检测,遍历测试一百多个key

漏洞扫描的过程我放到了指纹识别以后多线程并行进行,例如如果识别到使用了shiro服务,则调用shiro.Check

1
2
3
4
5
6
7
8
9
10
matches := r.wappalyzer.Fingerprint(resp.Headers, resp.Data)
for match := range matches {
technologies = append(technologies, match)
if match == "Shiro" {
key := shiro.Check(URL.String())
if key != ""{
technologies = append(technologies, "key:"+key)
}
}
}

5.演示

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
➜  vscan git:(main) ✗ sudo go run main.go -host 101.xxx.180.97/24 -top-ports top-100 
Password:
[INF] Running SYN scan with root privileges
101.xxx.180.67:80
101.xxx.180.118:443
101.xxx.180.118:80
101.xxx.180.118:8443
101.xxx.180.125:80
101.xxx.180.18:80
101.xxx.180.15:443
101.xxx.180.15:80
101.xxx.180.25:80
101.xxx.180.207:2001
101.xxx.180.21:80
101.xxx.180.21:443
101.xxx.180.217:80
101.xxx.180.61:80
101.xxx.180.153:80
101.xxx.180.132:7070
101.xxx.180.151:8080
101.xxx.180.151:80
101.xxx.180.121:80
101.xxx.180.7:80
101.xxx.180.7:8080
101.xxx.180.209:80
101.xxx.180.209:443
101.xxx.180.89:443
101.xxx.180.89:80
101.xxx.180.32:80
101.xxx.180.174:80
101.xxx.180.240:80
101.xxx.180.240:8080
101.xxx.180.240:443
101.xxx.180.4:443
101.xxx.180.4:80
101.xxx.180.41:80
101.xxx.180.41:443
101.xxx.180.58:80
101.xxx.180.36:8080
101.xxx.180.232:80
101.xxx.180.232:8081
101.xxx.180.37:80
101.xxx.180.215:80
101.xxx.180.159:80
101.xxx.180.69:80
101.xxx.180.46:8443
101.xxx.180.46:443
101.xxx.180.46:80
101.xxx.180.172:8888
101.xxx.180.172:80
101.xxx.180.101:8080
101.xxx.180.187:80
101.xxx.180.187:143
101.xxx.180.187:53
101.xxx.180.187:443
101.xxx.180.187:110
101.xxx.180.187:995
101.xxx.180.187:587
101.xxx.180.187:25
101.xxx.180.187:993
101.xxx.180.220:443
101.xxx.180.29:8080
101.xxx.180.29:80
101.xxx.180.65:80
101.xxx.180.214:80
101.xxx.180.213:80
101.xxx.180.196:443
101.xxx.180.196:80
101.xxx.180.178:80
101.xxx.180.178:443
101.xxx.180.90:8081
101.xxx.180.90:80
101.xxx.180.182:80
101.xxx.180.78:21
101.xxx.180.78:80
101.xxx.180.78:8080
101.xxx.180.66:8081
101.xxx.180.66:8080
101.xxx.180.45:80
101.xxx.180.10:80
101.xxx.180.24:80
101.xxx.180.143:80
101.xxx.180.2:80
101.xxx.180.22:8080
101.xxx.180.102:80
101.xxx.180.70:80
101.xxx.180.175:443
101.xxx.180.175:80
101.xxx.180.17:80
101.xxx.180.225:80
101.xxx.180.225:8080
101.xxx.180.225:443
101.xxx.180.96:443
101.xxx.180.96:8080
101.xxx.180.96:80
101.xxx.180.161:443
101.xxx.180.161:80
101.xxx.180.127:80
101.xxx.180.38:80
101.xxx.180.87:80
101.xxx.180.87:443
101.xxx.180.208:443
101.xxx.180.208:80
101.xxx.180.140:80
101.xxx.180.169:80
101.xxx.180.63:80
101.xxx.180.81:443
101.xxx.180.9:80
101.xxx.180.20:80
101.xxx.180.97:8080
101.xxx.180.83:80
101.xxx.180.23:80
101.xxx.180.184:80
101.xxx.180.144:80
101.xxx.180.76:80
101.xxx.180.76:8080
101.xxx.180.218:443
101.xxx.180.218:80
101.xxx.180.42:443
101.xxx.180.42:80
101.xxx.180.173:80
101.xxx.180.236:80
101.xxx.180.236:443
101.xxx.180.176:8443
101.xxx.180.176:443
101.xxx.180.176:80
101.xxx.180.171:80
101.xxx.180.171:443
101.xxx.180.216:80
101.xxx.180.51:80
101.xxx.180.155:443
101.xxx.180.155:8888
101.xxx.180.155:8080
101.xxx.180.155:80
101.xxx.180.138:80
101.xxx.180.3:80
101.xxx.180.40:80
101.xxx.180.157:8888
101.xxx.180.157:8080
101.xxx.180.157:80
101.xxx.180.157:443
101.xxx.180.47:80
101.xxx.180.47:443
101.xxx.180.47:8443
101.xxx.180.198:80
101.xxx.180.198:443
101.xxx.180.185:80
101.xxx.180.103:443
101.xxx.180.103:80
101.xxx.180.103:8080
101.xxx.180.109:80
101.xxx.180.98:80
101.xxx.180.98:8080
101.xxx.180.13:443
101.xxx.180.13:80
101.xxx.180.131:80
101.xxx.180.82:80
101.xxx.180.82:8080
101.xxx.180.82:81
101.xxx.180.233:8081
101.xxx.180.233:443
101.xxx.180.233:8080
101.xxx.180.233:80
101.xxx.180.228:80
101.xxx.180.43:443
101.xxx.180.43:80
101.xxx.180.31:80
101.xxx.180.85:80
101.xxx.180.95:443
101.xxx.180.19:80
101.xxx.180.142:80
101.xxx.180.183:80
101.xxx.180.139:80
101.xxx.180.104:80
101.xxx.180.147:443
101.xxx.180.147:8080
101.xxx.180.147:80
101.xxx.180.212:80
101.xxx.180.212:443
101.xxx.180.72:8080
101.xxx.180.193:80
101.xxx.180.193:443
101.xxx.180.106:80
101.xxx.180.226:8080
101.xxx.180.64:443
101.xxx.180.64:80
101.xxx.180.206:2001
101.xxx.180.237:80
101.xxx.180.237:8080
101.xxx.180.39:80
101.xxx.180.241:80
101.xxx.180.28:80
101.xxx.180.8:80
101.xxx.180.68:443
101.xxx.180.177:80
101.xxx.180.158:443
101.xxx.180.158:8888
101.xxx.180.158:80
101.xxx.180.158:8080
101.xxx.180.44:443
101.xxx.180.44:80
101.xxx.180.71:80
101.xxx.180.71:443
101.xxx.180.99:443
101.xxx.180.99:80
101.xxx.180.99:8080
101.xxx.180.168:80
101.xxx.180.168:8888
101.xxx.180.62:80
101.xxx.180.62:443
101.xxx.180.123:443
101.xxx.180.123:80
101.xxx.180.33:80
101.xxx.180.128:8080
101.xxx.180.152:80
101.xxx.180.152:6000
101.xxx.180.188:443
101.xxx.180.26:80
101.xxx.180.211:80
101.xxx.180.211:8888
101.xxx.180.154:8888
101.xxx.180.154:80
101.xxx.180.154:8080
101.xxx.180.56:80
101.xxx.180.86:80
http://101.xxx.180.121 [200] [] [mod_dav,Apache,UNIX]
http://101.xxx.180.128:8080 [200] [] [Resin,Java]
http://101.xxx.180.131 [200] [] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.103 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.161:443 [400] [400 The plain HTTP request was sent to HTTPS port] [Nginx]
http://101.xxx.180.125 [200] [XX科技党建] [Nginx]
http://101.xxx.180.118 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.151 [200] [IIS7] [IIS,Windows Server]
http://101.xxx.180.109 [302,200] [XX政府采购网] [Java Servlet,Java,JavaServer Pages,mod_dav,Apache,UNIX] [http://101.xxx.180.109/login.do;jsessionid=cKqtgSvHwbDqWZ4LlQ1jrVy6NDy0d2pqjh7McrjJTKQMhB3dPprY!-1317743727!-380700843?method=beginloginnew]
https://101.xxx.180.13 [200] [XX市电子印章公共服务平台] [Nginx,Bootstrap,jQuery]
https://101.xxx.180.152:6000 [302,200] [登录超时,请重新登录] [https://101.xxx.180.152:6000/common/error.htm]
http://101.xxx.180.174 [200] [] [Windows Server,Microsoft ASP.NET,IIS]
https://101.xxx.180.147 [403] [403 Forbidden] [Nginx]
https://101.xxx.180.118 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.127 [200] [] [Nginx]
http://101.xxx.180.15 [301,200] [XX市法学会] [Nginx,Public CMS,Java,Bootstrap,jQuery] [https://101.xxx.180.15/]
http://101.xxx.180.151:8080 [200] [Apache Tomcat/8.5.24]
http://101.xxx.180.103:8080 [404] []
https://101.xxx.180.118:8443 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.144 [200] [创•在XX] [PHP,Apache,Windows Server,OpenSSL,Bootstrap,jQuery,animate.css]
http://101.xxx.180.161 [200] [XX少年儿童图书馆] [Nginx,Vue.js,Nuxt.js,Node.js]
http://101.xxx.180.101:8080 [404] []
https://101.xxx.180.15 [200] [XX市法学会] [Bootstrap,jQuery,Nginx,Public CMS,Java]
http://101.xxx.180.183 [403] []
http://101.xxx.180.147:8080 [404] []
http://101.xxx.180.123 [200] [] [Nginx]
http://101.xxx.180.106 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.142 [403] [403 Forbidden] [Apache]
http://101.xxx.180.153 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.18 [502] [502 Bad Gateway]
https://101.xxx.180.123 [200] [] [Nginx]
http://101.xxx.180.132:7070 [200] [Openfire HTTP Binding Service]
http://101.xxx.180.169 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.104 [200] [] [Apache,mod_dav,UNIX]
https://101.xxx.180.171 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.140 [404] [404 Not Found] [Nginx]
https://101.xxx.180.196:80 [404] []
http://101.xxx.180.139 [200] []
http://101.xxx.180.168 [302,200] [XX市科学学研究所协同系统 V8.0SP1] [Java] [http://101.xxx.180.168:80/seeyon/index.jsp]
http://101.xxx.180.155 [302,302,200] [unKnow Oops] [Font Awesome,Bootstrap,jQuery,Bootstrap Table,Apache Tomcat,Java,Ionicons] [http://www.xxx.com.cn/unKnow.html]
https://101.xxx.180.198 [404] []
http://101.xxx.180.152 [200] [IIS7] [IIS,Windows Server]
http://101.xxx.180.158 [302,302,200] [unKnow Oops] [Font Awesome,Bootstrap,jQuery,Bootstrap Table,Ionicons,Apache Tomcat,Java] [http://www.xxx.com.cn/unKnow.html]
http://101.xxx.180.154 [302,302,200] [unKnow Oops] [Bootstrap Table,Ionicons,Font Awesome,Apache Tomcat,Java,Bootstrap,jQuery] [http://www.xxx.com.cn/unKnow.html]
http://101.xxx.180.103 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.168:8888 [302,200] [XX市科学学研究所协同系统 V8.0SP1] [Java] [http://101.xxx.180.168:8888/seeyon/index.jsp]
http://101.xxx.180.211:8888 [404] []
http://101.xxx.180.147 [301,200] [XX化学工业区管理委员会] [Nginx,Bootstrap,jQuery] [https://www.xxx.cn/]
http://101.xxx.180.138 [200] [欢迎光临——XX市科技金融信息服务平台 | 科技履约贷款申请、科技小巨人贷款申请、成果转化项目贷款申请、科技小微贷款申请、股权融资申请、金融、投资、中介机构、科技专家] [Apache,ThinkPHP,PHP,Bootstrap,jQuery]
http://101.xxx.180.175 [503] [Service Unavailable] [Microsoft HTTPAPI]
https://101.xxx.180.176 [404] [HTTP Status 404 – Not Found]
https://101.xxx.180.220 [200] [Welcome to nginx!] [Nginx]
https://101.xxx.180.176:8443 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.228 [404] [Error 404--Not Found] [UNIX,Apache,Java Servlet,JavaServer Pages,Java]
http://101.xxx.180.13 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.157 [302,302,200] [unKnow Oops] [Bootstrap Table,Apache Tomcat,Java,Ionicons,Font Awesome,Bootstrap,jQuery] [http://www.shgbdsgl.com.cn/unKnow.html]
https://101.xxx.180.178 [200] [无标题文档] [W`indows Server,Slick,jQuery,OWL Carousel,Microsoft ASP.NET,IIS]
http://101.xxx.180.187 [403] [403 - 禁止访问: 访问被拒绝。] [Windows Server,Microsoft ASP.NET,IIS]
http://101.xxx.180.178 [200] [无标题文档] [Windows Server,Slick,jQuery,OWL Carousel,Microsoft ASP.NET,IIS]
http://101.xxx.180.102 [404] [Apache Tomcat/5.0.27 - Error report] [Apache Tomcat,Java]
https://101.xxx.180.187 [301,302,200] [Outlook Web App] [Microsoft ASP.NET,IIS,Windows Server] [https://101.xxx.180.187/owa/auth/logon.aspx?url=https%3a%2f%2f101.xxx.180.187%2fowa%2f&reason=0]
http://101.xxx.180.193 [404] [] [Envoy]
http://101.xxx.180.171 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.172 [200] [] [Jetty,Java]
https://101.xxx.180.196 [404] []
http://101.xxx.180.25 [200] [IIS Windows Server] [IIS,Windows Server]
http://101.xxx.180.214 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.212 [200] [IIS Windows Server] [Windows Server,Microsoft ASP.NET,IIS]
http://101.xxx.180.177 [200] [XX市智慧城市建设试点示范项目申报系统-用户登录] [Apache Tomcat,Java]
http://101.xxx.180.216 [404] [HTTP状态 404 - 未找到]
https://101.xxx.180.209 [200] []
http://101.xxx.180.176 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.217 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.218 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.236 [302,302,200] [网络服务平台 XX市工商联合会 XX市总商会] [Java] [https://101.xxx.180.236/hbIndexAction!indexMain.action]
http://101.xxx.180.218 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.17 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.31 [200] [XX市服务央企平台] [Apache Tomcat,Java]
http://101.xxx.180.182 [200] [一库两平台系统] [Java,Apache Tomcat]
http://101.xxx.180.233 [302,302,200] [Grafana] [Nginx] [http://101.xxx.180.233:80/graph/login]
http://101.xxx.180.185 [502] [502 Bad Gateway]
http://101.xxx.180.237 [200] [Welcome to nginx!] [Nginx]
https://101.xxx.180.233 [302,302,200] [Grafana] [Nginx] [https://101.xxx.180.233:443/graph/login]
http://101.xxx.180.232 [200] [IIS7] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.237:8080 [404] [] [Apache Tomcat,Java]
https://101.xxx.180.42 [200] [XX血液中心维护中] [OpenResty,Nginx]
https://101.xxx.180.188 [200] [XX市新闻出版局办公外网系统] [Java,Nginx]
http://101.xxx.180.23 [] [500 Internal Server Error] [Nginx]
http://101.xxx.180.240:8080 [200] [XX市民防办公室] [Apache Tomcat,Java]
http://101.xxx.180.19 [404] [] [Apache Tomcat,Java]
https://101.xxx.180.208 [404] []
http://101.xxx.180.241 [404] [HTTP状态 404 - 未找到]
http://101.xxx.180.184 [302,200] [XX新闻出版 XX版权] [Java] [http://101.xxx.180.184/index.jsp]
http://101.xxx.180.211 [502] [502 Bad Gateway]
https://101.xxx.180.175 [503] [Service Unavailable] [Microsoft HTTPAPI]
http://101.xxx.180.26 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.213 [502] [502 Bad Gateway]
https://101.xxx.180.208:80 [404] []
http://101.xxx.180.29 [404] [] [Java,Apache Tomcat]
http://101.xxx.180.29:8080 [404] [] [Apache Tomcat,Java]
https://101.xxx.180.21 [400] [] [Apache Tomcat,Java]
http://101.xxx.180.226:8080 [302,200] [proxyService] [http://101.xxx.180.226:8080/login]
http://101.xxx.180.61 [403] [提示]
http://101.xxx.180.2 [200] [Welcome to Apusic Application Server] [Java]
http://101.xxx.180.232:8081 [200] [Apache Tomcat/8.5.38]
http://101.xxx.180.233:8080 [302,200] [proxyService] [http://101.xxx.180.233:8080/login]
http://101.xxx.180.37 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.62 [301,200] [] [PHP,Nginx] [https://101.xxx.180.62/]
http://101.xxx.180.3 [200] [XX青年云平台] [Apache Tomcat,Java]
http://101.xxx.180.33 [200] [XX市经信委会展工作信息平台] [Apache Tomcat,Java]
http://101.xxx.180.69 [200] [XX市公务人员统一身份认证平台] [Nginx]
http://101.xxx.180.21 [400] [] [Apache Tomcat,Java]
http://101.xxx.180.43 [404] [Not Found]
http://101.xxx.180.64 [302,302,200] [XX博物馆] [Java,Handlebars,Slick,jQuery] [https://101.xxx.180.64/mu/frontend/pg/index]
https://101.xxx.180.41 [404] [Not Found]
http://101.xxx.180.42 [404] [404 Not Found] [OpenResty,Nginx]
https://101.xxx.180.44 [200] [首页] [Apache,Ubuntu]
http://101.xxx.180.240 [403] [403 Forbidden] [Nginx]
https://101.xxx.180.81 [404] [404 Not Found]
https://101.xxx.180.240 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.41 [200] [IIS Windows Server]
http://101.xxx.180.70 [404] [Not Found] [Microsoft HTTPAPI]
https://101.xxx.180.198:80 [404] []
https://101.xxx.180.43 [] [运行时错误]
http://101.xxx.180.24 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.46 [302,200] [XX市财政局] [OWL Carousel,jQuery] [https://xxx]
http://101.xxx.180.38 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.46 [302,200] [XX市财政局] [OWL Carousel,jQuery] [http://xxx]
http://101.xxx.180.28 [200] [党建网管理后台] [Nginx,Java]
https://101.xxx.180.47 [302,200] [XX市财政局] [OWL Carousel,jQuery] [https://xxx]
https://101.xxx.180.236 [302,200] [网络服务平台 XX市工商联合会 XX市总商会] [Java] [https://101.xxx.180.236:443/hbIndexAction!indexMain.action]
http://101.xxx.180.89 [999] [] [Nginx]
http://101.xxx.180.63 [200] [XX世博会博物馆] [IIS,Windows Server,animate.css,OWL Carousel,jQuery]
http://101.xxx.180.47 [302,200] [XX市财政局] [OWL Carousel,jQuery] [http://xxx]
http://101.xxx.180.32 [200] [网站域名不存在] [Apache Tomcat,Java]
http://101.xxx.180.215 [302,200] [XX市建筑垃圾综合服务监管平台] [Microsoft ASP.NET,IIS] [http://xxx/SHCityEnvCW/CWS/index.html]
https://101.xxx.180.62 [200] [] [PHP,Nginx]
http://101.xxx.180.96 [404] []
http://101.xxx.180.58 [404] [] [Java,Apache Tomcat]
http://101.xxx.180.67 [200] [Welcome to nginx!] [Nginx]
http://101.xxx.180.40 [200] [IIS7] [Microsoft ASP.NET,IIS,Windows Server]
https://101.xxx.180.68 [200] [XX市计量测试技术研究院门户网站] [Apache]
http://101.xxx.180.45 [200] [XX企业提升自主创新能力] [Nginx]
https://101.xxx.180.64 [302,302,200] [XX博物馆] [Java,Slick,jQuery,Handlebars] [https://101.xxx.180.64:443/mu/frontend/pg/m/index]
http://101.xxx.180.76 [400] [Bad Request] [Microsoft HTTPAPI]
http://101.xxx.180.44 [302,200] [首页] [Apache,Ubuntu] [https://101.xxx.180.44/]
https://101.xxx.180.71 [302,200] [Sign in · GitLab] [Vue.js,Ruby,Nginx,GitLab,Ruby on Rails] [https://101.xxx.180.71/users/sign_in]
http://101.xxx.180.7 [200] [IIS7] [IIS,Windows Server]
http://101.xxx.180.82 [200] [XX市健康中心]
https://101.xxx.180.46:8443 [502] [502 Bad Gateway]
http://101.xxx.180.86 [200] [] [OpenSSL,PHP,Apache,Windows Server]
http://101.xxx.180.51 [200] [] [mod_jk,Apache Tomcat,OpenSSL,UNIX,Apache]
http://101.xxx.180.4 [200] [] [Windows Server,mod_jk,Apache Tomcat,Java,Apache]
http://101.xxx.180.90 [200] [XX市水务局一网通办] [Apache Tomcat,Java]
https://101.xxx.180.89 [200] [XX血液中心维护中] [Nginx]
http://101.xxx.180.4:443 [503] []
http://101.xxx.180.22:8080 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.65 [404] [Not Found] [Microsoft HTTPAPI]
http://101.xxx.180.56 [200] [IIS Windows Server] [Microsoft ASP.NET,IIS,Windows Server]
http://101.xxx.180.90:8081 [200] [Apache Tomcat/7.0.40] [Nginx]
http://101.xxx.180.66:8080 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.66:8081 [404] [HTTP Status 404 – Not Found]
http://101.xxx.180.9 [403] [403 Forbidden] [Nginx]
http://101.xxx.180.39 [200] [XX网] [Nginx,Bootstrap,jQuery]
[+] Url: http://101.xxx.180.97:8080
[+] CBC-KEY: kPH+bIxk5D2deZiIxcaaaA==
[+] rememberMe= 7h07qc6BQW2AOusAHluBki9jLZlew1/VEAofmo+wSzebi5XQV71r3fp2XHYLQWzdTXkl7aXly8scIB6rFy2UqEi+QtNybAFyzvZy2H8FUVg6v0l54oxaGGnJT8zhdo2fdalvCsD1fnfnxCypjm8t2svagr5wNxb0N2Tqa8q/SAQ2eRls+m2XEHRlrFx8u1jH
http://101.xxx.180.97:8080 [302,302,200] [XX卫生登陆界面] [Shiro,key:kPH+bIxk5D2deZiIxcaaaA==,Java] [http://101.xxx.180.97:8080/key/login;JSESSIONID=5e1544ea64e34d7ca376046b746fb5ca]
http://101.xxx.180.78 [200] [IIS Windows Server] [IIS,Windows Server,Microsoft ASP.NET]
http://101.xxx.180.78:8080 [200] [Apache Tomcat/8.0.3] [Apache Tomcat,Java]
http://101.xxx.180.36:8080 [400] [] [Apache Tomcat,Java]
http://101.xxx.180.85 [404] [] [Apache Tomcat,Java]
http://101.xxx.180.71 [301,302,200] [Sign in · GitLab] [Nginx,GitLab,Ruby on Rails,Vue.js,Ruby] [https://xxx.cn/users/sign_in]
http://101.xxx.180.8 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.7:8080 [404] [Apache Tomcat/6.0.32 - Error report] [Apache Tomcat,Java]
https://101.xxx.180.99 [404] []
http://101.xxx.180.98:8080 [404] [HTTP状态 404 - 未找到]
http://101.xxx.180.99:8080 [502] [502 Bad Gateway]
http://101.xxx.180.72:8080 [200] [] [Nginx]
http://101.xxx.180.76:8080 [200] [] [Apache Tomcat,Java]
http://101.xxx.180.96:8080 [404] []
http://101.xxx.180.159 [302,200] [后台 登录] [Shiro,Java,Font Awesome,Bootstrap,jQuery,animate.css] [http://101.xxx.180.159:80/login.shtml;JSESSIONID=db28a935-02dd-4f08-8c8f-639d2852a0f1]
https://101.xxx.180.95 [200] [XX市科技创新管理服务信息系统] [Apache Tomcat,Shiro,Java]
https://101.xxx.180.96 [200] [首页] [Shiro,Java]
http://101.xxx.180.99 [200] [首页] [Shiro,Java]

6.TO DO

1.加入智能后台弱口令扫描
2.加入泛微、致远等nday

7.源码

暂未公开

  • 版权声明: 本博客所有文章除特别声明外,著作权归作者所有。转载请注明出处!
  • Copyrights © 2016-2022 | Powered by veo
  •      访问人数: | 浏览次数: