No issue, just a question

[Teicu]

Hi,

Can you add another alternative to ceye, so we can use for example Burp Collaborator? It often happens that ceye is offline and then another source is needed. Maybe even canarytokens can be a solution.

it would also be possible to give some examples of use, both for a list of ip/domains and even for a single url, please?

thank you

[veo]

Hi,

Can you add another alternative to ceye, so we can use for example Burp Collaborator? It often happens that ceye is offline and then another source is needed. Maybe even canarytokens can be a solution.

it would also be possible to give some examples of use, both for a list of ip/domains and even for a single url, please?

thank you

Thanks for opening the issue YES,you are right,I need to improve readme, including detailed usage, including an English page .... And other dnslog tool,some port map result Give me some time and I'll finish it

[Teicu]

Thank you for your answer and also thank you for this tool.

Cheers

[Teicu]

Hi again,

If I run a command like this for example.. ./vscan -l /Desktop/target.txt -top-ports -ceyeapi a9fe2304232323 -ceyedomain test.ceye.io

I think the scanner gets in direct contact with the ceye server, because I get a lot of HTTP and DNS interactions from my IP.

what did I do wrong?

Then one more question. If I have a list of 100 domains and run the scanner against them. The moment it discovers a log4shell vulnerability for example and I get a pingback interaction on ceye. How do I know which domain is vulnerable? It's hard to understand that from so many urls.

Thanks again

[veo]

Hi again,

If I run a command like this for example.. ./vscan -l /Desktop/target.txt -top-ports -ceyeapi a9fe2304232323 -ceyedomain test.ceye.io

I think the scanner gets in direct contact with the ceye server, because I get a lot of HTTP and DNS interactions from my IP.

what did I do wrong?

Then one more question. If I have a list of 100 domains and run the scanner against them. The moment it discovers a log4shell vulnerability for example and I get a pingback interaction on ceye. How do I know which domain is vulnerable? It's hard to understand that from so many urls.

Thanks again

In fact, vscan only queried the results of ceye, will automatically report [GoPOC] or [YmlPOC] which domain is vulnerable

For log4j, you can add -local-jndi

[veo]

LIST: ./vscan -l hosts.txt -local-jndi xxx.xxx.xxx.xxx:1234 -ceyeapi xxx -ceyedomain xxxxxx.ceye.io -o out.txt

IP: ./vscan -host 111.111.111.111 -p 80,443 -local-jndi xxx.xxx.xxx.xxx:1234 -ceyeapi xxx -ceyedomain xxxxxx.ceye.io -o out.txt

URL : ./vscan -host https://www.google.com -p 443 -local-jndi xxx.xxx.xxx.xxx:1234 -ceyeapi xxx -ceyedomain xxxxxx.ceye.io -o out.txt

I usually scan like this,both use -local-jndi and ceyednslog

[Teicu]

I understand now thank you again. But I have a small problem. In order to use -local-jndi I have to set or install something on my MacBook? Or how does that work.

[veo]

I understand now thank you again. But I have a small problem. In order to use -local-jndi I have to set or install something on my MacBook? Or how does that work.

you need a WAN IP, make sure that the other machine can access the jndi port of your computer

for example scan on your vps, add -local-jndi vps-ip:3333, vps will open 3333 port for jndilog server

[Teicu]

Thank you. I appreciate you responding to me.