update Readme 2022-07-16 09:32:1657935149

RanDengShiFu · Jul 16, 2022 · 6d72e97 · 6d72e97
1 parent 429cfcf
commit 6d72e97
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 69 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@
 <img width="928" alt="image" src="https://user-images.githubusercontent.com/18223385/175768227-098c779b-6c5f-48ee-91b1-c56e3daa9c87.png">
 </h1>
 
+- 支持14种密码爆破：rdp,ssh,rsh-spx,mysql,mssql,oracle,postgresql,redis,ftp,mongodb,smb,telnet,snmp,wap-wsp（Elasticsearch）
 - 默认检测系统有nmap时优先使用nmap进行快速扫描，弊端：因为设置网络包过大会导致结果不全，另外需要将root密码设置到环境变量PPSSWWDD，更多参考config/doNmapScan.sh
 - 快速端口扫描，指纹检测功能
 - 快速登录密码爆破功能
@@ -24,81 +25,14 @@
 - 轻量级、开源、跨平台使用
 - 支持多种类型的输入 - STDIN/HOST/IP/CIDR/URL/TXT
 - 支持多种输出类型 - JSON/TXT/CSV/STDOUT
-- 可配置将结果统一存储到Elasticsearch
+- 可配置将结果统一存储到 Elasticsearch
 - 带有上下文路径的url列表，启用精确扫描 UrlPrecise=true ./main -l xx.txt
 - 开启智能子域遍历， export EnableSubfinder=true
 - 自动识别域（DNS）关联多个IP的情况，并自动扫描关联的多个IP
 - 预处理，当列表中多个域名的ip相同时，合并端口扫描，提高效率
 - 深入分析，自动关联扫描：自动获取ssl中的域名信息，如*.xxx.com，并配置允许自动子域遍历，子域遍历自动完成，添加目标到扫描列表
 - 自动化供应链分析和扫描，需要授权才能使用
 - 允许通过config/config.json配置定义自己的字典，或者设置相关的开关，可以在这里定义nuclei、httx、naabu的几个Options
-- 配置说明如下：
-```json
-{
-  "CacheName": ".DbCache", // 提速、优化、避免重复，缓存目录
-  "autoRmCache": "true",   // 程序自动删除缓存，如果你希望保留下次相同目标提速，可以保留
-  //////////各种不需要我说对可自定义字典，你可以配置相同文件 start///////////////
-  "ssh_username": "pkg/hydra/dicts/ssh_user.txt",
-  "ssh_pswd": "pkg/hydra/dicts/ssh_pswd.txt",
-  "ssh_default": "pkg/hydra/dicts/ssh_default.txt",
-  "ftpusername": "pkg/hydra/dicts/ftp_user.txt",
-  "ftp_pswd": "pkg/hydra/dicts/ftp_pswd.txt",
-  "ftp_default": "pkg/hydra/dicts/ftp_default.txt",
-  "rdpusername": "pkg/hydra/dicts/rdp_user.txt",
-  "rdp_pswd": "pkg/hydra/dicts/rdp_pswd.txt",
-  "rdp_default": "pkg/hydra/dicts/rdp_default.txt",
-  "mongodbusername": "pkg/hydra/dicts/mongodb_user.txt",
-  "mongodb_pswd": "pkg/hydra/dicts/mongodb_pswd.txt",
-  "mongodb_default": "pkg/hydra/dicts/mongodb_default.txt",
-  "mssqlusername": "pkg/hydra/dicts/mssql_user.txt",
-  "mssql_pswd": "pkg/hydra/dicts/mssql_pswd.txt",
-  "mssql_default": "pkg/hydra/dicts/mssql_default.txt",
-  "mysqlusername": "pkg/hydra/dicts/mysql_user.txt",
-  "mysql_pswd": "pkg/hydra/dicts/mysql_pswd.txt",
-  "mysql_default": "pkg/hydra/dicts/mysql_default.txt",
-  "oracleusername": "pkg/hydra/dicts/oracle_user.txt",
-  "oracle_pswd": "pkg/hydra/dicts/oracle_pswd.txt",
-  "oracle_default": "pkg/hydra/dicts/oracle_default.txt",
-  "postgresqlusername": "pkg/hydra/dicts/postgresql_user.txt",
-  "postgresql_pswd": "pkg/hydra/dicts/postgresql_pswd.txt",
-  "postgresql_default": "pkg/hydra/dicts/postgresql_default.txt",
-  "redisusername": "pkg/hydra/dicts/redis_user.txt",
-  "redis_pswd": "pkg/hydra/dicts/redis_pswd.txt",
-  "redis_default": "pkg/hydra/dicts/redis_default.txt",
-  "smbusername": "pkg/hydra/dicts/smb_user.txt",
-  "smb_pswd": "pkg/hydra/dicts/smb_pswd.txt",
-  "smb_default": "pkg/hydra/dicts/smb_default.txt",
-  "telnetusername": "pkg/hydra/dicts/telnet_user.txt",
-  "telnet_pswd": "pkg/hydra/dicts/telnet_pswd.txt",
-  "telnet_default": "pkg/hydra/dicts/telnet_default.txt",
-  "tomcatuserpass": "brute/dicts/tomcatuserpass.txt",
-  "jbossuserpass": "brute/dicts/jbossuserpass.txt",
-  "weblogicuserpass": "brute/dicts/weblogicuserpass.txt",
-  "filedic": "brute/dicts/filedic.txt",
-  "top100pass": "brute/dicts/top100pass.txt",
-  "bakSuffix": "brute/dicts/bakSuffix.txt",
-  "fuzzct": "brute/dicts/fuzzContentType1.txt",
-  "fuzz404": "brute/dicts/fuzz404.txt",
-  "page404Content1": "brute/dicts/page404Content.txt",
-  "eHoleFinger": "pkg/fingerprint/dicts/eHoleFinger.json",
-  "localFinger": "pkg/fingerprint/dicts/localFinger.json",
-  "HydraUser": "",
-  "HydraPass": "",
-  //////////各种不需要我说对可自定义字典，你可以配置相同文件 end///////////////
-  // naabu 扫描到到端口后自动调用nmap跑指纹，然后自动调用弱口令检测，windows自动加.exe你不需要关注
-  "nmap": "nmap -n --unique --resolve-all -Pn --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m -oX {filename} --version-intensity 9 --min-rate 10000 -T4",
-  "UrlPrecise": true, // -l 传入文件清单如果是http[s]带上下文，默认启动精准扫描
-  "ParseSSl": false,  // HW打点默认关闭，互联网赏金目标建议设置true
-  "EnableSubfinder": false, // 默认关闭ssl中证书子域名爆破,互联网赏金目标建议设置true
-  "naabu_dns": {},  // naabu工具对dns配置
-  "naabu": {"TopPorts": "1000","ScanAllIPS": true}, // naabu配置
-  "nuclei": {}, // nuclei配置，例如线程等
-  "httpx": {}   // httpx 配置,
-  "enableEsSv": true,        // 开启结果send 到es
-  "esthread": 8 // 结果写入Elasticsearch的线程数,
-  "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s" // Elasticsearch url
-}
-```
 
 # 工作流程
 

diff --git a/static/NicePwn.md b/static/NicePwn.md
@@ -22,5 +22,98 @@ docker run --restart=always --ulimit nofile=65536:65536 -p 9200:9200 -p 9300:930
 config/nuclei_esConfig.yaml
 中的密码，否则里面的密码设置都无意义
 
+### 配置说明
+完整版本，查看:config/config.json
+```json
+{
+  "CacheName": ".DbCache", // 提速、优化、避免重复，缓存目录
+  "autoRmCache": "true",   // 程序自动删除缓存，如果你希望保留下次相同目标提速，可以保留
+  //////////各种不需要我说对可自定义字典，你可以配置相同文件 start///////////////
+  "ssh_username": "pkg/hydra/dicts/ssh_user.txt",
+  "ssh_pswd": "pkg/hydra/dicts/ssh_pswd.txt",
+  "ssh_default": "pkg/hydra/dicts/ssh_default.txt",
+  "ftpusername": "pkg/hydra/dicts/ftp_user.txt",
+  "ftp_pswd": "pkg/hydra/dicts/ftp_pswd.txt",
+  "ftp_default": "pkg/hydra/dicts/ftp_default.txt",
+  "rdpusername": "pkg/hydra/dicts/rdp_user.txt",
+  "rdp_pswd": "pkg/hydra/dicts/rdp_pswd.txt",
+  "rdp_default": "pkg/hydra/dicts/rdp_default.txt",
+  "mongodbusername": "pkg/hydra/dicts/mongodb_user.txt",
+  "mongodb_pswd": "pkg/hydra/dicts/mongodb_pswd.txt",
+  "mongodb_default": "pkg/hydra/dicts/mongodb_default.txt",
+  "mssqlusername": "pkg/hydra/dicts/mssql_user.txt",
+  "mssql_pswd": "pkg/hydra/dicts/mssql_pswd.txt",
+  "mssql_default": "pkg/hydra/dicts/mssql_default.txt",
+  "mysqlusername": "pkg/hydra/dicts/mysql_user.txt",
+  "mysql_pswd": "pkg/hydra/dicts/mysql_pswd.txt",
+  "mysql_default": "pkg/hydra/dicts/mysql_default.txt",
+  "oracleusername": "pkg/hydra/dicts/oracle_user.txt",
+  "oracle_pswd": "pkg/hydra/dicts/oracle_pswd.txt",
+  "oracle_default": "pkg/hydra/dicts/oracle_default.txt",
+  "postgresqlusername": "pkg/hydra/dicts/postgresql_user.txt",
+  "postgresql_pswd": "pkg/hydra/dicts/postgresql_pswd.txt",
+  "postgresql_default": "pkg/hydra/dicts/postgresql_default.txt",
+  "redisusername": "pkg/hydra/dicts/redis_user.txt",
+  "redis_pswd": "pkg/hydra/dicts/redis_pswd.txt",
+  "redis_default": "pkg/hydra/dicts/redis_default.txt",
+  "smbusername": "pkg/hydra/dicts/smb_user.txt",
+  "smb_pswd": "pkg/hydra/dicts/smb_pswd.txt",
+  "smb_default": "pkg/hydra/dicts/smb_default.txt",
+  "telnetusername": "pkg/hydra/dicts/telnet_user.txt",
+  "telnet_pswd": "pkg/hydra/dicts/telnet_pswd.txt",
+  "telnet_default": "pkg/hydra/dicts/telnet_default.txt",
+  "tomcatuserpass": "brute/dicts/tomcatuserpass.txt",
+  "jbossuserpass": "brute/dicts/jbossuserpass.txt",
+  "weblogicuserpass": "brute/dicts/weblogicuserpass.txt",
+  "filedic": "brute/dicts/filedic.txt",
+  "top100pass": "brute/dicts/top100pass.txt",
+  "bakSuffix": "brute/dicts/bakSuffix.txt",
+  "fuzzct": "brute/dicts/fuzzContentType1.txt",
+  "fuzz404": "brute/dicts/fuzz404.txt",
+  "page404Content1": "brute/dicts/page404Content.txt",
+  "eHoleFinger": "pkg/fingerprint/dicts/eHoleFinger.json",
+  "localFinger": "pkg/fingerprint/dicts/localFinger.json",
+  "HydraUser": "",
+  "HydraPass": "",
+  "es_user": "pkg/hydra/dicts/es_user.txt",
+  "es_pswd": "pkg/hydra/dicts/es_pswd.txt",
+  "es_default": "pkg/hydra/dicts/es_default.txt",
+  "snmp_user": "pkg/hydra/dicts/snmp_user.txt",
+  "snmp_pswd": "pkg/hydra/dicts/snmp_pswd.txt",
+  "snmp_default": "pkg/hydra/dicts/snmp_default.txt",
+  //////////各种不需要我说对可自定义字典，你可以配置相同文件 end///////////////
+  // naabu 扫描到到端口后自动调用nmap跑指纹，然后自动调用弱口令检测，windows自动加.exe你不需要关注
+  "nmap": "nmap -n --unique --resolve-all -Pn --min-hostgroup 64 --max-retries 0 --host-timeout 10m --script-timeout 3m -oX {filename} --version-intensity 9 --min-rate 10000 -T4 ",
+  "UrlPrecise": true, // -l 传入文件清单如果是http[s]带上下文，默认启动精准扫描
+  "ParseSSl": false,  // HW打点默认关闭，互联网赏金目标建议设置true
+  "EnableSubfinder": false, // 默认关闭ssl中证书子域名爆破,互联网赏金目标建议设置true
+  "naabu_dns": {},  // naabu工具对dns配置
+  "naabu": {"TopPorts": "1000","ScanAllIPS": true}, // naabu配置
+  "nuclei": {}, // nuclei配置，例如线程等
+  "httpx": {}   // httpx 配置,
+  "enableEsSv": true,        // 开启结果send 到es
+  "esthread": 8 // 结果写入Elasticsearch的线程数,
+  "esUrl": "http://127.0.0.1:9200/%s_index/_doc/%s" // Elasticsearch url
+}
+```
+
 ## 运行扫描任务
-./
+一般不批量的时候，除非想看中间结果，不建议开启 -v -debug
+```bash
+enableEsSv=true ./scan4all -l list.txt
+enableEsSv=true ./scan4all -host target.com
+```
+
+## 查看结果
+更多索引类型见
+config/initEs.sh
+```
+http://127.0.0.1:9200/nmap_index/_doc/156.238.15.99
+http://127.0.0.1:9200/nuclei_index/_doc/_search?q=host:%20in%20%221.2.215.18:1432%22
+http://127.0.0.1:9200/naabu_index/_doc/_search
+http://127.0.0.1:9200/vscan_index/_doc/_search
+http://127.0.0.1:9200/hydra_index/_doc/_search
+http://127.0.0.1:9200/httpx_index/_doc/_search
+http://127.0.0.1:9200/httpx_index/_doc/_search?q=url:in%20%221.28.15.18%22
+
+```