Skip to content
This repository has been archived by the owner on Jul 8, 2022. It is now read-only.

Latest commit

 

History

History
64 lines (45 loc) · 1.98 KB

README.md

File metadata and controls

64 lines (45 loc) · 1.98 KB

WebHunt

image

A command line tool for analyzing web components for security testing. 𒈯

https://github.com/webanalyzer/rules 组件规则的实现,修改部分规则,新增了支持多线程,支持管理组件更新、同步等功能。

Installation

git clone https://github.com/./webhunt-Kits/./webhunt.git
pip3 install -r requirements.txt

Usage

# all commands help
$ ./webhunt --help

## Scan
$ ./webhunt scan --help
# 扫描 http://www.example.com
$ ./webhunt scan -u http://www.example.com
# 开启侵略模式
$ ./webhunt scan -a -u http://www.example.com
# 指定组件(多个)
$ ./webhunt scan -a -u http://www.example.com -c Nginx -c WordPress


## Manage
$ ./webhunt manage --help
# 从远程数据库拉取组件到本地
$ ./webhunt manage --pull --db Database --user root --passwd "hello"
# 同步组件到远程数据库
$ ./webhunt manage --sync --db Database --user root --passwd "hello"
# 同步并更新已存在的组件到远程数据库
$ ./webhunt manage --sync --sync-updating --db Database --user root --passwd "hello"

Result Demo:

[{"name": "title", "title": "Hyuga Platform🌀"}, {"name": "ip", "ips": ["39.107.117.128"]}, {"name": "Apache-Tomcat"}, {"name": "Plesk"}, {"name": "JBoss"}, {"name": "Nginx", "version": "1.8.0"}, {"name": "ElasticSearch"}, {"name": "Atlassian-Confluence"}, {"name": "Drupal"}, {"name": "MikroTik"}, {"name": "NVRmini2", "version": "2013"}, {"name": "Microsoft-Windows-Business-Server", "version": 2003}]

Components

插件脚本编放在 ./components 目录下或者指定其目录,在运行时使用./webhunt ... -d [指定组件目录]

组件编写规范

如下:templates.md

Dev

$ pipenv install -dev

Thx