• Stars
    star
    296
  • Rank 140,464 (Top 3 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 3 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

方便红队人员对目标站点进行安全检测,快速获取资产。It is convenient for red team personnel to conduct security detection on the target site and quickly obtain assets.

WanLi Scan - 转Go 不再维护Python项目

中文说明许可证帮助

It is convenient for red team personnel to conduct security detection on the target site and quickly obtain assets.

  • Asset search detection using FOFA
  • Asset search detection using 360 Quake
  • Use Ksubdomain for domain fuzzing
  • Use Httpx for domain name information detection
  • Exploitation and detection using Nuclei
  • Daily automatic update of vulnerability library

法律免责声明

本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。 在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。 如果发现上述禁止行为,我们将保留追究您法律责任的权利。

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任. 您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。

Function

image-20220224174705312

  • call FOFA service for asset detection

image-20220224174726404

image-20220224174250975

  • Automatic vulnerability scanning for FOFA asset detection results

image-20220224174351014

image-20220224170851426

  • Call Quake service for asset detection

Like the FOFA effect, Quake is currently being updated and upgraded, so let's not post the screenshot of the effect.

  • Automatic vulnerability scanning for Quake asset detection results

Like the FOFA effect, Quake is currently being updated and upgraded, so let's not post the screenshot of the effect.

  • Subdomain detection on target

image-20220224174751261

image-20220224171202785

  • Automatic vulnerability scanning for subdomain detection results

image-20220224171403743

  • The program adapts to Windows, Macos, Linux systems

Configure system on the third line of the config/config.yaml file

image-20220224171426738

  • Interactive control usage

image-20220224174700727

  • Call HUNTER service for asset detection
  • Vulnerability scan on HUNTER asset detection results
  • Call ARL for asset detection
  • Vulnerability scan on ARL asset results
  • Develop WEB visual interface

use

git clone https://github.com/ExpLangcn/WanLi.git
cd WanLi & pip3 install -r requirements.txt
vim config/config.yaml # Configure FOFA information and Quake information

帮助

python3 WanLi.py # Enter interactive mode and enter Help to view help information

update log

2022.2.24:
- Adapt to Windows system
- Restore interactive control, remove parameter control
- Optimize the overall code to improve efficiency
2022.2.21:
    - config problem report error solution, more suitable for Windows system
    - Removed the Domain scan function of FOFA and Quake and merged it into the Domain parameter
    - Improve the vulnerability scanning function, the vulnerability database will be updated before each vulnerability scan
    - replace the pocscan parameter with the poc parameter
    - To perform vulnerability scanning on Domain results and asset detection results, just add -scan
2022.2.16:
    - Refactor to rewrite WanLiScan
    - Fixed FOFA asset search issue
    - Added FOFA domain name detection
    - Added 360 Quake asset search
    - Added 360 Quake domain name detection
    -Added comprehensive domain name fuzz detection
    - Added vulnerability library single target vulnerability scanning function
    - Added vulnerability library batch target vulnerability scanning function
2022.2.8:
    - Update Docker version

2022.2.x:
    - I forgot the time...
  • 个人博客 - 专注分享信息安全新技术、新领域的技术和知识的学习笔记,不时发布原创实用安全工具、安全脚本.
  • 在线武器库 - 提供安全、渗透、社工等方面书签|为广大网络安全爱好者提供网站导航,为小白提供黑客入门网站的安全站点收集.
  • 😄 I’m ExpLang TwitterDiscord: explangTelegram

Knowledge Planet Introduction:

[One-time payment, permanent free, you can join for free if you contact the operation when it expires]

Planet-oriented groups: mainly for information security researchers.

Update cycle: Update every two days at the latest.

Content direction: Original security tools | Security development | WEB security | Intranet penetration | Bypass | Code audit | CTF | 分享Latest VulnerabilitiesSecurity Information

Picture

We chat number

WechatIMG408

Info

More Repositories

1

NucleiTP

自动整合全网Nuclei的漏洞POC,实时同步更新最新POC!
2,571
star
2

Aopo

内网自动化快速打点工具|资产探测|漏洞扫描|服务扫描|弱口令爆破
Go
361
star
3

HVVExploitApply

遵守规章制度关闭项目-使用JAVAFX图形化界面检测对HVV中常见的重点CMS系统和OA系统的已公开的漏洞进行验证。
338
star
4

InfoSearchAll

为了方便安全从业人员在使用网络测绘平台进行信息搜集时的效率,本程序集合了多个网络测绘平台,可以快速在多个网络测绘平台搜索信息并且合并展示及导出。
282
star
5

EPScan

被动收集资产并自动进行SQL注入检测(插件化 自动Bypass)、XSS检测、RCE检测、敏感信息检测
Go
198
star
6

FuYao-Go

自动化进行目标资产探测和安全漏洞扫描|适用于赏金活动、SRC活动、大规模使用、大范围使用|通过使用被动在线资源来发现网站的有效子域|通过强大且灵活的模板,模拟各种安全漏洞检查!Automate target asset detection and security vulnerability scanning | Suitable for bounty campaigns, SRC campaigns, mass usage, mass usage | Discover valid subdomains of websites by using passive online resources | Simulate various Security Vulnerability Check
181
star
7

HoneypotDic

蜜罐抓到的Top密码,根据使用频率排序,持续更新中...
166
star
8

FuYao

FuYao - 扶摇直上九万里!自动化进行资产探测及漏洞扫描|适用黑客进行赏金活动、SRC活动、大规模攻击使用
Python
148
star
9

HvvInfo

一款在红蓝对抗中快速对目标单位进行资产探测和基本扫描的工具
69
star
10

SiftScan

SiftScan 是一个集成资产识别、资产梳理、资产收集、弱点检测、漏洞检测等的工具。它致力于提高红蓝对抗/脆弱性赏金的效率。is a tool that integrates asset identification, asset sorting, asset collection, vulnerability detection, vulnerability detection, etc. It is committed to improving the efficiency of the red-blue confrontation/vulnerability bounty.
48
star
11

HwToolslibrary

HwToolsPro 工具编写POC 插件所需库
Go
31
star
12

HVVExploitApply_POC

HVVExploitApply工具POC登记信息
20
star
13

HKTools

一款辅助安全研发在日常工作中渗透测试、安全研究、安全开发等工作的工具!
14
star
14

Payload-List

整理SQLI、XSS、RCE、Path的payload文件备份留存
14
star
15

ARLplus

云剑侠心系列工具 ARLplus调用工具
Python
4
star
16

expdb

云剑侠心系列 漏洞库搜索工具,易语言开发。
3
star
17

gitjk

gitjk
2
star
18

FOFA-API

云剑侠心系列 FOFA API搜索工具,易语言开发。
2
star
19

ExpLangcn

2
star
20

windows-expdb

云剑侠心系列 漏洞库搜索工具,易语言开发。
C
1
star
21

JDK

Java自用开发版本安装包留存
1
star
22

Aliyun_MalwareDetection

阿里云-安全恶意程序检测
Jupyter Notebook
1
star