W13Scan介绍

W13scan 是基于Python3的一款开源的Web漏洞发现工具,它支持主动扫描模式和被动扫描模式,能运行在Windows、Linux、Mac上。

图片

丰富的检测插件

图片

使用

usage: w13scan [options]

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         Show program's version number and exit
  --debug               Show programs's exception
  --level {1,2,3,4,5}   different level use different payload: 0-5 (default 2)

Proxy:
  Passive Agent Mode Options

  -s SERVER_ADDR, --server-addr SERVER_ADDR
                        server addr format:(ip:port)

Target:
  options has to be provided to define the target(s)

  -u URL, --url URL     Target URL (e.g. "http://www.site.com/vuln.php?id=1")
  -f URL_FILE, --file URL_FILE
                        Scan multiple targets given in a textual file

Request:
  Network request options

  --proxy PROXY         Use a proxy to connect to the target URL
                        eg:http@127.0.0.1:8080 or socks5@127.0.0.1:1080
  --timeout TIMEOUT     Seconds to wait before timeout connection (default 30)
  --retry RETRY         Time out retrials times.

Output:
  output

  --html                When selected, the output will be output to the output
                        directory by default, or you can specify
  --json JSON           The json file is generated by default in the output
                        directory, you can change the path

Optimization:
  Optimization options

  -t THREADS, --threads THREADS
                        Max number of concurrent network requests (default 31)
  --disable DISABLE [DISABLE ...]
                        Disable some plugins (e.g. --disable xss sqli_error
                        webpack)
  --able ABLE [ABLE ...]
                        Enable some moudle (e.g. --enable xss webpack)

安装

安装w13scan需要依赖Python3.6以上环境.

git clone https://github.com/w-digital-scanner/w13scan.git
cd w13scan # 进入git目录
pip3 install -r requirements.txt
cd W13SCAN # 进入源码目录
python3 w13scan.py -h

下载地址:被动式安全扫描器icon-default.png?t=N7T8https://mp.weixin.qq.com/s/izv3HwjxSJS14b28SM5NHw

Logo

开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!

更多推荐