• Stars
    star
    114
  • Rank 308,031 (Top 7 %)
  • Language
    Python
  • Created about 4 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🐸fingerprint detect framework 批量深度指纹识别框架

Frog-Fp

  • 🐸Frog For Automatic Scan

  • 🐶Doge For Defense Evasion&Offensive Security

  • 本系列命名为Frog可能是因为这种生物的寿命长 🐸 🤓 +1s

  • Frog-Fp为Frog系列第三个项目🐸,写的有点累了

  • 安全本逆天而行,猝死很正常,请勿用作授权之外非法用途

许久不更新,现在看来项目有点拉跨了

1.关于自动化的设计,难点在于经验如何转化为程序的逻辑

2.大规模攻防对抗初期拼的是"以漏洞找资产的能力"

3.个人能力有限,精力有限,此项目的完成过程非常纠结

🐸Frog-Fp

Frog-Fp批量深度指纹识别,采用python3实现,具体实现流程如下所示:

不开启深度扫描:
input: domain/ip/cidr-->web端口发现-->浅层指纹识别
input: url-->浅层指纹识别

开启深度扫描:
input: domain/ip/cidr-->web端口发现-->浅层指纹识别-->爬虫 && dir fuzz-->目录过滤与去重-->深度指纹识别
input: url-->初次指纹识别-->爬虫 && dir fuzz-->目录过滤与去重-->深度指纹识别

指纹库采用yaml格式进行解析, 需自行添加, 支持get,post,md5三种方式进行识别, 指纹库不公开, 具体格式见fingerprint内的demo文件

web端口发现使用c26root/hb, 爬虫使用chaitin/rad, 目录fuzz使用ffuf/ffuf

注:c26root/hb 我略微修改了输出代码,所以目前的hb二进制文件不可直接更新。

支持ip/domain/CIDR输入

about

在大规模红蓝对抗中,不触发waf拦截的指纹识别是比较好的自动化切入点。

尤其是在手上有了一部分0day后,深度的指纹识别能提升"以漏洞找资产的能力"。

此框架的构思基于个人的一部分打点经验,有很多不足之处。

Usage

若在linux下使用,请给 rad_linux/ffuf_linux/hb_linux三个文件可执行权限

并且执行pip install安装依赖

python3 -m pip install -r requirements.txt

Linux下:
python3 -m pip install -r requirements.txt --ignore-installed PyYAML

将指纹库yaml文件放入fingerprint文件夹内,执行check.py可进行yaml格式检查。

常用命令

python3 Frog-Fp.py win/linux -tL urls.txt
python3 Frog-Fp.py win/linux -dL ips.txt

输入的文本按行划分,支持ip/domain/CIDR格式

若识别出结果会存到fp_results.txt

tmp/history内会储存爬虫所得目录的历史记录

yaml格式解析

GET,POST:

#name为yaml的标题,请以fp开头,以请求方法结尾,中间以-连接
name: fp-demo-get

#method目前支持GET,POST
method: GET

#目录采用list格式,可写多个
path: ["/","/login"]

#Header采用dict格式,可写入""留空,即采用chrome默认header
Header: {"Accept-Language":"zh-CN", "Content-Type": "text/javascript"}

#Cookie采用;分隔多个key=value,中间不要有空格
Cookie: key1=value1;key2=value2

#follow_redirects可赋值True或False,记得第一位字母大写
follow_redirects: True

#expression表达式采用python语句直接执行,requests请求的返回值为r
expression: |
      r.status_code == 200 and ('test' in str(r.headers) or 'test1' in r.content.decode())

#若请求方法为POST可加入data字段,格式为string
data: ''

MD5:

#name为yaml的标题,请以fp开头,以md5结尾
name: fp-demo-md5

#md5_path为文件路径,list格式,与md5的list一一对应
md5_path: ["/test.ico","/favicon.ico"]

#md5为对于path的md5值,与md5_path一一对应
md5: ["18b786ca7913a58cb8463f1a5feca293","ffaadddssa7913a58cb8463f1a5feca2"]

config.py

#指纹识别代理(去掉井号)(dirfuzz,爬虫代理暂不支持)
proxies = {
	#"http":"http://127.0.0.1:8080",
	#"https":"http://127.0.0.1:8080",
}

#目录fuzz递归深度
recursion = 2

#目录fuzz超时(s)
fuzztime = 5

#指纹识别超时(s)
timeout = 5

#单个目标爬虫超时(s)
crawler_timeout = 600

#指纹识别线程数
threads = 100

#目录fuzz线程数
fuzz_t = 20

#web端口扫描超时
hb_time = 5

#端口扫描线程数
hb_t = 200

#端口扫描端口list
ports = "80,443,8080,8443"

#仅基础扫描,此配置为True就不会进行爬虫与目录fuzz
only_basic = True

#深度扫描进行爬虫
deep_crawl = False

目录扫描的字典位于ffuf/dict.txt,可自行修改

todo

若有好的建议,程序的bug,欢迎提交issues

🚀Star Trend

Stargazers over time

etc

  1. 开源的样本大部分可能已经无法免杀,需要自行修改

  2. 我认为基础核心代码的开源能够帮助想学习的人

  3. 本人从github大佬项目中学到了很多

  4. 若用本人项目去进行:HW演练/红蓝对抗/APT/黑产/恶意行为/违法行为/割韭菜,等行为,本人概不负责,也与本人无关

  5. 本人已不参与大小HW活动的攻击方了,若溯源到timwhite id与本人无关

More Repositories

1

crawlergo_x_XRAY

360/0Kee-Team/crawlergo动态爬虫结合长亭XRAY扫描器的被动扫描功能
Python
1,168
star
2

Cobalt-Strike-Aggressor-Scripts

Cobalt Strike Aggressor 插件包
C
664
star
3

Doge-Loader

🐶Cobalt Strike Shellcode Loader by Golang
Go
279
star
4

Doge-Gabh

GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisper/RefleXXion golang implementation
Go
271
star
5

Doge-XSS-Phishing

xss钓鱼,cna插件配合php后端收杆
JavaScript
266
star
6

rad-xray

xray+rad批量主动扫描
Python
217
star
7

Frog-Auth

🐸Unauthorized Detection Framework未授权访问检测框架
Python
156
star
8

Frog-checkCDN

批量检查目标是否为cdn
Python
133
star
9

Doge-Assembly

Golang evasion tool, execute-assembly .Net file
Go
88
star
10

Frog-Submon

🐸Subdomain Monitor, 子域名监控
Python
75
star
11

Doge-Defense-Evasion-Ref

Defense Evasion & Bypass AntiVirus reference
74
star
12

ReturnGate

ReturnGate, just like HellsGate.
Go
66
star
13

killProcessPOC

use aswArPot.sys to kill process
Go
62
star
14

Doge-MemX

Golang implementation of Reflective load PE from memory
Go
59
star
15

doge-getsys

An easy way to getsystem by golang.
Go
56
star
16

Doge-sRDI

Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode
Go
53
star
17

Doge-Persistence-Platform

后渗透持久化控制平台; Windows Persistence Platform;
45
star
18

Git-Daily

Github Security Daily Repository.
43
star
19

Doge-CSBridge

CS http Dynamic Encrypt Bridge.
Go
42
star
20

Spoofing-Gate

(Hellsgate|Halosgate|Tartarosgate)+Spoofing-Gate. Ensures that all systemcalls go through ntdll.dll
Go
41
star
21

gobusterdns

lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具
Go
40
star
22

Bof2PIC

BOF/COFF obj file to PIC(shellcode). by golang
C
35
star
23

memmod

Fork & modify of Wireguard's Memmod
Go
32
star
24

Doge-CLRLoad

load assembly executable file in memory
Go
30
star
25

Doge-ScreenShot

desktop screenshot
Go
30
star
26

about-anti-honeypot

关于蜜罐的一些微小的统计工作
JavaScript
30
star
27

Doge-AMSI-patch

golang amsi bypass
Go
30
star
28

Doge-DumpMem

dump lsass
Go
30
star
29

Doge-RecycledGate

Golang implementation of Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll;
Go
29
star
30

Doge-Hide

windows API to hide console window by golang
Go
28
star
31

Doge-Direct-Syscall

Golang Direct Syscall
Assembly
28
star
32

AddressOfEntryPoint-injection

x64 version
Go
27
star
33

Doge-SelfDelete

Golang implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
Go
26
star
34

Doge-PX

DPX - the Doge Packer for eXecutables
Go
26
star
35

Doge-Process-Injection

Demo of process injection, using Nt, direct syscall, etc.
Go
26
star
36

ScareCrow-Common

ScareCrow loader binary source which easier to read and learn
Go
25
star
37

iSliver

Learning notes of amazing Sliver C2 project.
Go
24
star
38

Doge-Whisper

golang implementation of Syswhisper2/Syswhisper3
Go
23
star
39

Doge-AliveCheck

Use ICMP requests to check the alive subnet.
Go
23
star
40

Doge-newSyscall

use shellcode as asm function
Go
22
star
41

Doge-EGGCall

Like Hell's Gate but more EGG :)
Go
21
star
42

Doge-BlockDLLs

Preventing 3rd Party DLLs from Injecting into your Malware
Go
21
star
43

CLR-RWX

Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间
Go
21
star
44

Doge-RL

Reflective DLL injection Execution
Go
20
star
45

find-subdomain-by-xray

利用xray高级版批量收集子域名
Python
19
star
46

JmpUnhook

Ntdll Unhooking POC
Go
18
star
47

Doge-AddSSP

Load ssp dll golang implementation
Go
17
star
48

Cobalt-Strike-det

Cobalt Strike teamserver detection.
Python
17
star
49

Doge-HeapAlloc

Go
15
star
50

Doge-Misc

杂 物 收 纳
Go
15
star
51

Freeze-Common

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
Go
14
star
52

Doge-PX_GUI

DPX工具界面展示
14
star
53

Cafe

程序员在家饮品制作指南。Programmer's guide about how to make drinks at home (Chinese only).
13
star
54

Doge-Persist

Windows Persistence Collection
Go
12
star
55

Etwti-UnhookPOC

Etwti-UnhookPOC just for test
Go
11
star
56

Doge-Unhook

DLL Unhooking
Go
11
star
57

Doge-BadUSB

开源!自主设计的badusb电路板
10
star
58

PyC2-demo

从入门到放弃的产物,学习过程中用python实现的一个单点c2基本功能
Python
10
star
59

sandbox-data-collection

云沙箱数据采集(19年刚学go的远古项目,勿吐槽)
Go
10
star
60

Go-VEH

VEH hook
Go
10
star
61

Divide-Conquer-demo

Divide and Conquer - A technique to bypass NextGen AV
Go
9
star
62

Doge-UnhookEtw

unhook etw by golang
Go
9
star
63

Doge-Obf

golang String Obfuscate
Go
9
star
64

Doge-WhereAmI

Golang implementation of boku7/whereami
Go
8
star
65

ice-strike-design

Ice-Strike C2界面设计分享
8
star
66

Doge-memLDR

memory dll loader
Go
8
star
67

Doge-FindFirewallPorts

Golang implementation of FindFirewallPorts by 清水川崎
Go
7
star
68

Frog-CertDomain

Get CommonName and DNS domains from SSL cert.
Go
7
star
69

Doge-NpThief

Grab unsaved Notepad contents
Go
7
star
70

CVE-2018-8639-EXP

CVE-2018-8639-EXP
6
star
71

Doge-RWXenum

Enumerating RWX Protected Memory Regions.
Go
6
star
72

Doge-OTP

Google Authenticator OTP
Go
6
star
73

Argue-like-Cobalt-Strike

Argue like Cobalt Strike
C++
5
star
74

Doge-hookbypass

C++
5
star
75

Doge-TypeUnhook

type ntdll.dll for dll unhooking
Go
5
star
76

Doge-ReMap

Unhook full dll by Section ReMap
Go
5
star
77

ACG-BOF

Preventing 3rd Party DLLs from Injecting into your Malware
C
5
star
78

fingerprint-scanner-research

开源指纹识别项目调研
5
star
79

Mouse-Control

just for fun
Go
4
star
80

argument-spoofing

argue like Cobalt Strike
4
star
81

VEH-FuncObf

function call Obfuscator using veh hook
C
4
star
82

timwhitez

about me
4
star
83

Doge-ByteBinStr

Byte<->BinaryString convert
Go
4
star
84

powershell-killav

use ps1 to kill some antivirus
PowerShell
3
star
85

v4-v6

ipv4 address maps to ipv6 address
Go
3
star
86

useless-webshell

比小马大比大马小,俗称中马
PHP
3
star
87

BinHol

Binary Hollowing
Go
3
star
88

Sub-Filter

过滤跑出来的子域名
Python
3
star
89

LockWorkStation

Go
2
star
90

str2ntlm

string to ntlm hash string
Go
2
star
91

Garmin-Async

自动化使用dailysync.vyzt.dev定期同步佳明国内与国际版账号
Go
2
star
92

AD-CoT

Advanced Dynamic Chain-of-Thought Framework Prompt
2
star
93

zoomeye-search

导入domain批量zoomeye查询
Python
1
star
94

Sec_MindMap

一些思维导图记录
1
star
95

META-ATT-CK-Framework

A comprehensive matrix of actionable offensive security techniques based on ATT&CK Framework
1
star