search

chushuai / wscan

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.
Other
537 stars 66 forks source link

分享你的Wscan扫描测试经验! #18

Open chushuai opened 4 months ago

chushuai commented 4 months ago

最近在对Wscan进行优化,希望收集各种靶场使用 Wscan 扫描的测试报告。如果你曾经使用过 Wscan 进行扫描测试,无论是在实验室环境还是实际应用中,都非常欢迎你分享你的经验和结果。为保护隐私,请不要包含具体的 IP 地址、域名或其他敏感信息。

Teicu commented 4 months ago
Screenshot 2024-07-08 at 08 46 51

but https://github.com/chushuai/wscan-poc/releases does not exist. 404

Screenshot 2024-07-08 at 08 47 40 Screenshot 2024-07-08 at 08 47 27
chushuai commented 4 months ago

Wscan目前支持Nuclei、Xray、Goby三种格式的插件,同时Wscan会自动识别插件的类型,只需要放在一个文件夹中,并在配置文件中添加相关路径即可,用户需要自行下载,自行维护自己的插件库,做一些配置即可把Nuclei、Xray、Goby插件的能力发挥到极致!

Teicu commented 4 months ago

please let me know if the configuration is correct, thank you

Screenshot 2024-07-08 at 15 02 53
chushuai commented 4 months ago

hi, There is an issue with your configuration. The custom plugin is a unique format plugin for WSCAN, please refer to it https://github.com/chushuai/wscan?tab=readme -ov-file#%E8%87%AA%E5%AE%9A%E4%B9%89fuzz%E6%8F%92%E4%BB%B6

If you want to use Nuclei, Xray, or Goby plugins, please configure them as follows

Update the scanner to the latest version, refer to the following configuration

https://github.com/chushuai/wscan?tab=readme-ov-file#poc%E6%89%AB%E6%8F%8F

    prometheus:
        enabled: true
        depth: 1
        auto_load_poc: false
        include_poc: 
          - C:\wscan_windows_amd64.exe\wscan-poc\pocs
        exclude_poc: []
len0m0 commented 3 months ago

image 师傅请问这个badger文件手动设置目录或关闭吗?自动生成在C盘temp下,内容太大。

chushuai commented 3 months ago

@len0m0 新版已修复