Skip to content

Releases: AabyssZG/SpringBoot-Scan

V2.11

20 Nov 08:51
@AabyssZG AabyssZG
2.11
d445573
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.11

更新日志

  • 感谢朋友 山哥@慢雾SlowMist 的建议,删除了对 /actuator/shutdown/shutdown 这两个端点的扫描(虽然工具是GET形式访问不会触发),但为了以防万一还是删除了
Assets 2
Loading

V2.10

19 Nov 12:10
@AabyssZG AabyssZG
2.10
236afcc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.10

更新日志

  • 新增2023 JeeSpringCloud 任意文件上传漏洞利用模块
  • 新增2021 SnakeYAML_RCE 漏洞识别模块
  • 新增2020 Jolokia配置不当导致RCE 漏洞识别模块
  • 新增 CVE-2021-21234 任意文件读取漏洞识别模块
  • 支持自动对Spring进行指纹识别
Assets 2
Loading

V2.05

10 Nov 01:19
@AabyssZG AabyssZG
2.05
7160432
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.05

更新日志

  • 对三个漏洞利用模块的相关工作流程进行优化,并将相关错误输出为 error.log 以便于分析
Assets 2
Loading

V2.04

09 Nov 07:53
@AabyssZG AabyssZG
2.04
09d0746
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.04

更新日志

  • 根据师傅提的issues,对CVE-2022-22947漏洞利用模块流程进行优化,可进行命令交互
Assets 2
Loading

V2.03

07 Feb 01:31
@AabyssZG AabyssZG
2.03
ec3fa9f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.03

更新日志

Assets 2
Loading

V2.02

07 Feb 00:34
@AabyssZG AabyssZG
2.02
3a5ad56
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.02

更新日志

  • 使用随机 User-Agent 请求头
Assets 2
Loading

V2.01

03 Feb 05:36
@AabyssZG AabyssZG
2.01
fd57277
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.01

更新日志

  • 加入代理参数 -p,其他参数(-u / -f / -u / -d)均可以配合代理使用
  • 优化整体流程,对代理进行检测(默认测试www.baidu.com连通性)
Assets 2
Loading

V1.03

01 Feb 04:08
@AabyssZG AabyssZG
1.03
b39361c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V1.03

更新日志

  • 解决了某些站点尝试重连次数过多,导致 requests.exceptions.ConnectionError 报错,程序无法继续运作的问题
  • 优化了相关流程,在各个功能点做好报错的解决
Assets 2
Loading

V1.02

31 Jan 03:11
@AabyssZG AabyssZG
1.02
a076eb2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V1.02

更新日志

  • 新增CVE-2022-22965漏洞利用模块,可一键扫描
  • 对原有漏洞利用模块流程进行优化,大大减少误报率
  • 解决SSL证书相关问题
Assets 2
Loading

V1.01

31 Jan 01:58
@AabyssZG AabyssZG
1.01
6fd1874
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
V1.01

V1.01更新日志

  • 注意,本工具优化了使用者体验,不管是对单一URL扫描还是读取TXT进行批量扫描,example.comhttp://example.com/ 以及http://example.com 都不会报错,程序会自行判断并识别

  • 同时,解决了SSL证书问题,可以对采用SSL证书的Spring Boot框架进行扫描(自签名证书请改成 http:// 即可)

  • 后期将加入更多漏洞利用内置模块(各位师傅能不能赏个Star嘛~码代码挺辛苦的哈哈)

  • 我还整理了一篇SpringBootd的相关渗透姿势在我的个人博客,欢迎各位师傅前来交流哈哈:https://blog.zgsec.cn/index.php/archives/129/

Assets 2
Loading