Closed Teicu closed 2 years ago
Hi,
Can you add another alternative to ceye, so we can use for example Burp Collaborator? It often happens that ceye is offline and then another source is needed. Maybe even canarytokens can be a solution.
it would also be possible to give some examples of use, both for a list of ip/domains and even for a single url, please?
thank you
Thanks for opening the issue YES,you are right,I need to improve readme, including detailed usage, including an English page .... And other dnslog tool,some port map result Give me some time and I'll finish it
Thank you for your answer and also thank you for this tool.
Cheers
Hi again,
If I run a command like this for example.. ./vscan -l /Desktop/target.txt -top-ports -ceyeapi a9fe2304232323 -ceyedomain test.ceye.io
I think the scanner gets in direct contact with the ceye server, because I get a lot of HTTP and DNS interactions from my IP.
what did I do wrong?
Then one more question. If I have a list of 100 domains and run the scanner against them. The moment it discovers a log4shell vulnerability for example and I get a pingback interaction on ceye. How do I know which domain is vulnerable? It's hard to understand that from so many urls.
Thanks again
Hi again,
If I run a command like this for example.. ./vscan -l /Desktop/target.txt -top-ports -ceyeapi a9fe2304232323 -ceyedomain test.ceye.io
I think the scanner gets in direct contact with the ceye server, because I get a lot of HTTP and DNS interactions from my IP.
what did I do wrong?
Then one more question. If I have a list of 100 domains and run the scanner against them. The moment it discovers a log4shell vulnerability for example and I get a pingback interaction on ceye. How do I know which domain is vulnerable? It's hard to understand that from so many urls.
Thanks again
In fact, vscan only queried the results of ceye, will automatically report [GoPOC] or [YmlPOC] which domain is vulnerable
For log4j, you can add -local-jndi
LIST: ./vscan -l hosts.txt -local-jndi xxx.xxx.xxx.xxx:1234 -ceyeapi xxx -ceyedomain xxxxxx.ceye.io -o out.txt
IP: ./vscan -host 111.111.111.111 -p 80,443 -local-jndi xxx.xxx.xxx.xxx:1234 -ceyeapi xxx -ceyedomain xxxxxx.ceye.io -o out.txt
URL : ./vscan -host https://www.google.com -p 443 -local-jndi xxx.xxx.xxx.xxx:1234 -ceyeapi xxx -ceyedomain xxxxxx.ceye.io -o out.txt
I usually scan like this,both use -local-jndi and ceyednslog
I understand now thank you again. But I have a small problem. In order to use -local-jndi I have to set or install something on my MacBook? Or how does that work.
I understand now thank you again. But I have a small problem. In order to use -local-jndi I have to set or install something on my MacBook? Or how does that work.
you need a WAN IP, make sure that the other machine can access the jndi port of your computer
for example scan on your vps, add -local-jndi vps-ip:3333, vps will open 3333 port for jndilog server
Thank you. I appreciate you responding to me.
Hi,
Can you add another alternative to ceye, so we can use for example Burp Collaborator? It often happens that ceye is offline and then another source is needed. Maybe even canarytokens can be a solution.
it would also be possible to give some examples of use, both for a list of ip/domains and even for a single url, please?
thank you