VscanPlus is a second development version of Vscan, an open-source, lightweight, fast, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.
中文文档 • Compilation/Installation/Running • Parameter Description • Usage •
According to the original vscan development documentation, the xray poc naming format corresponding to the fingerprint is: fingerprint-xxxx-yml, so the format of the newly added pocs has been standardized, including:
Weaver-OA Yonyou-OA Tongda-OA Jinhe-OA ThinPHP Spring-Boot Spring-Blade Apache-Tomcat Drupal Microsoft-Exchange Sangfor
Nuclei loads pocs through tags
Based on the xray rule detection of the original vscan, the logic of loading multiple rules in yml v2 similar to nuclei templates has been rewritten, which can achieve multi-expression detection functionality
The fuzzy detection feature for subdomain name takeover vulnerabilities is added
Based on the detection rules in the https://github.com/EdOverflow/can-i-take-over-xyz project, the corresponding domain name is determined to have a subdomain name takeover vulnerability by comparing the domain name CNAME resolution and the request return information. After the detection is complete, a matched_domains.txt file is generated in the current directory.
Running effects
本工具由Code4th安全团队二次开发和维护
团队公开群