FoFaX
๐ English README | ๐ Releases Download ๐ ่ฏฆ็ปไฝฟ็จๆๆกฃ Docs
0x00 ็ฎไป
FoFaX ๆฏไธๆฌพไฝฟ็จ Go ็ผๅ็ๅฝไปค่ก FoFa ๆฅ่ฏขๅทฅๅ ท๏ผๅจๆฏๆ FoFa ๆฅ่ฏข่งๅไธๅขๅ ไบ Fx ่ฏญๆณๆฅๆนไพฟไฝฟ็จ่ ็ผๅ่ชๅทฑ็่งๅ๏ผๅนถไธๅ ็ฝฎไบไธไบๅธธ็จ็่งๅ๏ผ้คๆญคไนๅค่ฟๆ่ๅจๅ ถไปๅฎๅ จไบงๅๅจๅ ็ๅ ถไปๅคไธชๅฎ็จๅ่ฝใไธป่ฆ็ๅ่ฝๅฆไธ๏ผ
- ๅบๆฌ FoFa ่ฏญๆณๆฅ่ฏข
- ่ๅจๅ ถไปๅฎๅ จๅทฅๅ ท
- ๅ ็ฝฎๅคง้ FoFa ่งๅ
- Icon Hash ๆฌๅฐ/ๅจ็บฟ่ฎก็ฎๆฅ่ฏข
- URL ่ฏไนฆ่ฎก็ฎๆฅ่ฏข
- ๆ้คๅฝๅ ่ตไบง
- ไธ้ฎๆต่งๅจไธญๆๅผ
- ๆดๅค๏ผ็ญๅพ ๆจไฝฟ็จๅ็ๅ้ฆ๏ผโฆโฆ
้คๆญคไนๅค่ฟๅฏไปฅ่ชๅฎไน Fx ่ฏญๆณๆฅ่ฏข๏ผ็จๆทๅฏไปฅ้่ฟ yaml ๆ ผๅผ็้ ็ฝฎๆไปถ็ผๅ่ชๅทฑ็็นๅฎ Fx ๆฅ่ฏข่งๅใ
0x01 ไธ่ฝฝ
็นๅป Releasesไธ่ฝฝ้พๆฅ ๏ผๆ็ ง่ชๅทฑ็็ณป็ปๆถๆ้ๆฉ็ธๅบ็ๅ่ก็ๆฌไธ่ฝฝใ
0x02 ้ ็ฝฎ
MacOS/Linux
ๅฐไธ่ฝฝไธๆฅ็ FoFaX ๅ็ผฉๅ
่งฃๅ๏ผๅปบ่ฎฎๆพๅจ /usr/local/bin/
็ฎๅฝไธ๏ผไปฅ่พพๅฐไปปๆ็ฎๅฝ้ฝๅฏไปฅ่ฟ่ก FoFaX ๅฝไปค็็ฎ็ใ
tar -zxvf ~/Downloads/fofax_v0.1.22_darwin_amd64.tar.gz -C /usr/local/bin/
็ฌฌไธๆฌก่ฟ่ก FoFaX ๅฝไปคไผ่ชๅจ็ๆไธไธช้
็ฝฎๆไปถ๏ผไฝไบ ~/.config/fofax/fofax.yaml
ใ
fofax
____ ____ _ __
/ __/____ / __/____ _| |/ /
/ /_ / __ \ / /_ / __ `/| /
/ __// /_/ // __// /_/ // |
/_/ \____//_/ \__,_//_/|_|
fofax.xiecat.fun
2021/12/23 21:21:28 [SUCC] create config file /Users/user/.config/fofax/fofax.yaml. please modify and use
ๆฅไธๆฅๅฐฑๆฏๅฏนๆญค้
็ฝฎๆไปถ่ฟ่ก้
็ฝฎไบ๏ผไธ่ฌๆฅ่ฏดๅช้่ฆ้
็ฝฎๅฎ email
ๅ key
ๅฐฑๅฏไปฅไบใ
vim ~/.config/fofax/fofax.yaml
# fofa api email
fofa-email: ******@gmail.com
# fofa api key
fofakey: ***************
Windows
่งฃๅๅ็ผฉๅ
๏ผ็ฌฌไธๆฌก่ฟ่ก fofax.exe ไผๅจๅ็บง็ฎๅฝไธ็ๆไธไธช fofax.yaml ็้
็ฝฎๆไปถใ็ถๅๆๅผๆญค้
็ฝฎๆไปถ๏ผๅนถๅกซๅ email
ๅ key
ใ
0x03 ไฝฟ็จๆนๆณ
ไฝฟ็จ Tips
ไธๅธฆไปปไฝๅๆฐๆถ๏ผ้คไบไผ่พๅบ ASCII Logo๏ผ่ฟไผ้ๆบ่พๅบไธๆกไฝฟ็จ Tipsใ
fofax
____ ____ _ __
/ __/____ / __/____ _| |/ /
/ /_ / __ \ / /_ / __ `/| /
/ __// /_/ // __// /_/ // |
/_/ \____//_/ \__,_//_/|_|
fofax.xiecat.fun
fofaX is a command line fofa query tool, simple is the best!
Tips:
Comment: ๆ็ดข Fx ไธญ google-reverse, ๆฅ่ฏขๆถไฝฟ็จๆฉๅฑๅ่ฝๅฟ
้กปๅ -fe ๅๆฐ
Usage: fofax -q 'fx="google-reverse"' -fe
ๅธฎๅฉไฟกๆฏ
ๅฏไปฅไฝฟ็จ fofax -h
ๆพ็คบๅธฎๅฉไฟกๆฏใ
fofax -h
fofaX is a command line fofa query tool, simple is the best!
Usage:
fofax [flags]
Flags:
CONFIGS:
-email, -fofa-email string Fofa API Email
-key, -fofakey string Fofa API Key
-p, -proxy string proxy for http like http://127.0.0.1:8080
-fofa-url string Fofa url (default "https://fofa.so")
-debug Debug mode
FILTERS:
-fs, -fetch-size int The maximum number of query (default 100)
-e, -exclude Exclude the honeypot.
-ec, -exclude-country-cn Exclude CN.
-ffi, -fetch-fullHost-info URL fetch, with scheme, hostname, port
-fto, -fetch-titles-ofDomain Fetch website title
SINGLE QUERY/ERT/ICON:
-q, -query string FoFa query statement
-uc, -url-cert string Enter the certificate of the https URL to query
-iu, -url-to-icon-hash string Enter the URL of an icon, calculate it and query it
-if, -icon-file-path string Calculate the hash of the local icon file, then query it
MULTIPLE QUERY/CERT/ICON:
-qf, -query-file string Load files, query multiple statements
-ucf, -url-cert-file string Read the URL from the file, calculate the cert and then query it
-iuf, -icon-hash-url-file string Retrieve the URL from the file, calculate the icon hash and query it
FX GRAMMER:
-g, -gen string Generate fx statement files eg: default_fx.yaml
-fd, -fxdir string fxdir directory (default "/Users/user/.config/fofax/fxrules")
-l, -lists List of fx statements
-lt, -list-tags List fx tags
-s, -search string Search for fx statements. Statements are separated by semicolons eg: id=fx-2021-01;query="jupyter Unauth"
-tree Print syntax tree
-fe, -fofa-ext Using extended syntax(fx)
-ss, -show-single string Display a single fx message
OTHER OPTIONS:
-config string fofax configuration file.The file reading order(fofax.yaml,/Users/user/.config/fofax/fofax.yaml,/etc/fofa.yaml) (default "/Users/user/.config/fofax/fofax.yaml")
-v, -version Show fofaX version
-use Syntax queries
-open Open with your browser only support pipline/-q/-uc/-iu/-if
-no-limit-open No limit to the number of openings in your browser
FoFa ่ฏญๆณ่งๅ
ไฝฟ็จ -use
ๅๆฐ๏ผๆพ็คบ FoFa ่ฏญๆณๆฅ่ฏข่งๅใ
fofax -use
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Query โ Explanation โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ title="beijing" โ ไปๆ ้ขไธญๆ็ดข"ๅไบฌ" โ
โ header="elastic" โ ไปhttpๅคดไธญๆ็ดข"elastic" โ
โ body="็ฝ็ป็ฉบ้ดๆต็ป" โ ไปhtmlๆญฃๆไธญๆ็ดข"็ฝ็ป็ฉบ้ดๆต็ป" โ
โ title="beijing" โ ไปๆ ้ขไธญๆ็ดข"ๅไบฌ" โ
โ header="elastic" โ ไปhttpๅคดไธญๆ็ดข"elastic" โ
โ body="็ฝ็ป็ฉบ้ดๆต็ป" โ ไปhtmlๆญฃๆไธญๆ็ดข"็ฝ็ป็ฉบ้ดๆต็ป" โ
โ fid="kIlUsGZ8pT6AtgKSKD63iw==" โ ๆฅๆพ็ธๅ็็ฝ็ซๆ็บน โ
โ domain="google.com" โ ๆ็ดขๆ นๅๅๅธฆๆgoogle.com็็ฝ็ซ โ
โ icp="ไบฌICP่ฏ030173ๅท" โ ๆฅๆพๅคๆกๅทไธบ"ไบฌICP่ฏ030173ๅท"็็ฝ็ซ โ
โ js_name="js/jquery.js" โ ๆฅๆพ็ฝ็ซๆญฃๆไธญๅ
ๅซjs/jquery.js็่ตไบง โ
โ js_md5="82ac3f14327a8b7ba49baa208d4eaa15" โ ๆฅๆพjsๆบ็ ไธไนๅน้
็่ตไบง โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ๅบ็กๆฅ่ฏข
ๆๅฆไธไธค็งๆนๅผๆฅ่ฏข app="APACHE-Solr"
๏ผไธๆๅฎๆฐ้้ป่ฎคไผ่พๅบ 100 ไธช host๏ผๅนถไธ้ป่ฎคไผๅฏนๆฐๆฎ่ฟ่กๅป้ใ
fofax -q 'app="APACHE-Solr"'
2021/12/23 20:17:32 [SUCC] Fetch Data From FoFa: [100/30830]
54.114.20.168:8443
193.8.4.43:8983
208.37.227.95:8983
3.20.255.140:8983
3.114.85.178:8983
82.142.82.197:8983
159.39.10.212:8983
199.102.27.69:8983
โฆโฆโฆโฆ
echo 'app="APACHE-Solr"' | fofax
2021/12/23 20:17:59 [SUCC] Fetch Data From FoFa: [100/30830]
54.114.20.168:8443
193.8.4.43:8983
208.37.227.95:8983
3.20.255.140:8983
3.114.85.178:8983
82.142.82.197:8983
159.39.10.212:8983
199.102.27.69:8983
โฆโฆโฆโฆ
ๆๅฎๆฅ่ฏขๆฐ้
echo 'app="APACHE-Solr"' | fofax -fs 5
2021/12/23 20:19:00 [SUCC] Fetch Data From FoFa: [5/30830]
13.57.71.190:8443
165.22.215.32:8983
184.73.40.143:8443
3.20.255.140:8983
ๅฆไธๅช่พๅบไบ 4 ๆกๆฐๆฎ๏ผๆฏๅ ไธบ FoFaX ่ชๅจๅฏน้ๅค็ๆฐๆฎ่ฟ่กไบๅป้ใ
ๆ้คๆฅ่ฏข
ๆทปๅ -e
ๅๆฐ๏ผๆ้ค่็ฝ็ๅนฒๆฐใ
echo 'app="APACHE-Solr"' | fofax -fs 10 -e
2021/12/23 22:56:14 [SUCC] Fetch Data From FoFa: [10/30849]
13.126.128.253:80
185.22.235.14:8983
151.248.126.4:8983
20.71.77.183:80
23.102.46.20:443
15.113.170.101:8443
52.58.201.109:80
ๆทปๅ -ec
ๅๆฐ๏ผๆ้คไธญๅฝ็ๆฐๆฎใ
echo 'app="APACHE-Solr"' | fofax -fs 10 -ec
2021/12/23 22:56:36 [SUCC] Fetch Data From FoFa: [10/26044]
15.113.170.101:8443
52.58.201.109:80
13.126.128.253:80
185.22.235.14:8983
151.248.126.4:8983
20.71.77.183:80
23.102.46.20:443
่ทๅ URL
ๆทปๅ -ffi
ๅๆฐ๏ผๆ นๆฎๆฅ่ฏข่ฏญๅฅ็ดๆฅ่ทๅๅฏนๅบ็ URL๏ผ[scheme]://[host]:[port]๏ผใ
echo 'app="APACHE-Solr"' | fofax -fs 5 -ffi
2021/12/23 20:21:03 [SUCC] Fetch Data From FoFa: [5/30830]
https://184.73.40.143:8443
http://120.24.42.244:8983
https://13.57.71.190:8443
http://165.22.215.32:8983
่ทๅ Title
echo 'domain="baidu.com" && status_code="200"' | fofax -fs 10 -fto
2021/12/23 20:21:19 [SUCC] Fetch Data From FoFa: [10/1124]
https://home.baidu.com [ๅ
ณไบ็พๅบฆ]
http://research.baidu.com [Baidu Research]
http://fecs.baidu.com [FECS - Front End Code Style Suite]
http://yuntu.baidu.com [ไผไธๅพ่ฐฑ]
https://ditu.baidu.com [็พๅบฆๅฐๅพ]
https://sp2.baidu.com [็พๅบฆไธไธ๏ผไฝ ๅฐฑ็ฅ้]
https://tushuo.baidu.com [ๅพ่ฏด]
https://ocpc.baidu.com [็พๅบฆ oCPC ๅผๅ่
ไธญๅฟ]
https://naotu.baidu.com [็พๅบฆ่ๅพ - ไพฟๆท็ๆ็ปดๅทฅๅ
ท]
http://usa.baidu.com [Baidu USA]
Debug ๆจกๅผ
ๆทปๅ -debug
ๅๆฐ๏ผๅผๅฏ Debug ่ฏฆ็ปๆจกๅผใ
echo 'app="APACHE-Solr"' | fofax -fs 5 -ffi -debug
2021/12/25 21:28:57 [DEBUG] FoFa Size : 5
2021/12/25 21:28:57 [DEBUG] FoFa Query of: app="APACHE-Solr"
2021/12/25 21:28:57 [DEBUG] https://fofa.so/api/v1/search/all?email=**********@gmail.com&key=**************************&qbase64=YXBwPSJBUEFDSEUtU29sciI=&size=5&page=1&fields=protocol,ip,port,host
2021/12/25 21:28:57 [DEBUG] Resp Time: 432/millis
2021/12/25 21:28:57 [SUCC] Fetch Data From FoFa: [5/30942]
http://35.183.115.103
http://3.17.203.145:8983
http://195.201.119.15:49154
https://18.169.23.120
http://174.138.127.51:8983
ๆต่งๅจไธญๆๅผ
echo 'app="APACHE-Solr"' | fofax -open
่ฎก็ฎ Icon Hash ๅนถๆฅ่ฏข
ไธค็งๆนๅผ๏ผ็ฌฌไธ็งๆฏ็ดๆฅๆ นๆฎๆไพ Icon ็ URL ๆฅๆฅ่ฏขใ
fofax -iu https://www.baidu.com/favicon.ico -fs 5
2021/12/23 20:21:59 [SUCC] Fetch Data From FoFa: [5/13284]
47.98.104.77:8088
154.39.217.22:80
xueshu.mrsb.tk:80
154.39.217.2:80
154.39.217.28:80
็ฌฌไบ็งๆฏๆ นๆฎๆฌๅฐ Icon ๆไปถ๏ผๆฅ่ฎก็ฎ Hash ๅนถๆฅ่ฏขใ
wget https://www.baidu.com/favicon.ico
fofax -if favicon.ico -fs 5
2021/12/23 21:25:24 [SUCC] Fetch Data From FoFa: [5/13284]
47.98.104.77:8088
154.39.217.22:80
xueshu.mrsb.tk:80
154.39.217.2:80
154.39.217.28:80
่ฎก็ฎ่ฏไนฆๅนถๆฅ่ฏข
fofax -fs 5 -uc https://www.baidu.com/
2021/12/23 21:29:54 [SUCC] Fetch Data From FoFa: [5/361619]
180.97.93.146:443
180.97.93.65:443
112.3.25.49:443
itv.leiqiang8.cn:80
owa2.leiqiang8.cn:80
0x04 Fx ่ฏญๆณๆฅ่ฏข
ๅจไฝฟ็จ FoFa ๅไฟกๆฏๆถ้ๆ่ ๅ ถไปไบๆ ็ๆถๅ๏ผๆๅฏ่ฝ่ฟๆกๆฅ่ฏข่ฏญๅฅไผ้ๅธธ้ๅธธ็้ฟ๏ผ้ๅธธไธๅฅฝ่ฎฐๅฟ๏ผๆไปฌๆปไธๅฏ่ฝไธ้จๆฟไธชๅฐๆฌๆฌๅป่ฎฐ่ฟไธช FoFa ๆฅ่ฏข่ฏญๅฅๅงใ
่ฟไธชๆถๅ๏ผๅฐฑๅฏไปฅไฝฟ็จ FoFaX ็ Fx ๅ่ฝใ็ฎๅ FoFaX ๅทฒ็ปๅ ็ฝฎๅ ๅๆก Fx ่ฏญๆณๆฅ่ฏข่งๅ๏ผ็จๆทๅฏ็ดๆฅไฝฟ็จ็ธๅบๅๆฐ่ฟ่กๆฅ่ฏขใๅๆถ็จๆท่ฟๅฏไปฅ้่ฟ yaml ๆ ผๅผ็้ ็ฝฎๆไปถ๏ผ็ผๅ่ชๅทฑ็นๅฎ็ Fx ่ฏญๆณๆฅ่ฏข่งๅใ
ๆพ็คบๅ ็ฝฎ Fx ๆฅ่ฏข่ฏญๅฅ
fofax -l
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโ
โ Id โ Query โ RuleName โ Author โ Tag โ Type โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโค
โ fx-2021-1001 โ google-reverse โ Googleๅไปฃๆๅกๅจ โ fofa โ google โ ๅ
็ฝฎ โ
โ fx-2021-1002 โ python-simplehttp โ Python SimpleHTTP โ fofa โ python โ ๅ
็ฝฎ โ
โ fx-2021-1003 โ data-leak โ ็คพๅทฅๅบ โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1004 โ hfs-rce โ ๅญๅจๅฝไปคๆง่ก็HFSๆๅก โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1005 โ satellite-ftp โ ไธ้ฎๆฅๅซๆFTP๏ผ โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1006 โ mk-mining โ mk่ทฏ็ฑๅจๅ
จ็ๆ็ฟๆๆ โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1007 โ ss-manager-login โ ss-Manager ็ปๅฝ โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1008 โ heating-monitor โ ไพๆ็ๆง็ณป็ป โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1009 โ free-proxy โ ๅ
่ดนไปฃ็ๆฑ โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1010 โ honeypot โ ่็ฝ โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1011 โ hacked-website โ ่ขซๆ้ป็็ซ็น โ fofa โ fun โ ๅ
็ฝฎ โ
โ fx-2021-1012 โ jupyter-unauth โ Jupyter ๆชๆๆ โ xiecat โ unauth โ ๅ
็ฝฎ โ
โ fx-2021-11001 โ APACHE-ActiveMQ โ APACHE ActiveMQ โ fofa โ log4j2,fofa โ ๅ
็ฝฎ โ
โ fx-2021-11002 โ Apache_OFBiz โ Apache OFBiz โ fofa โ log4j2,fofa โ ๅ
็ฝฎ โ
โ fx-2021-11003 โ Jenkins โ Jenkins โ fofa โ log4j2,fofa โ ๅ
็ฝฎ โ
โ fx-2021-11004 โ RabbitMQ โ RabbitMQ โ fofa โ log4j2,fofa โ ๅ
็ฝฎ โ
โ fx-2021-11005 โ Apache-log4j2-Web โ Apache log4j2 Web โ fofa โ log4j2,fofa โ ๅ
็ฝฎ โ
โ fx-2021-11006 โ Jedis โ Jedis โ fofa โ log4j2,fofa โ ๅ
็ฝฎ โ
โ fx-2021-11007 โ APACHE-tika โ APACHE tika โ fofa โ log4j2,fofa โ ๅ
็ฝฎ โ
โโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโ
ๅๅบ Fx ่ฏญๅฅ็่ฏฆ็ปๅ ๅฎน
fofax -ss fx-2021-1001
fx-2021-1001 fx-2021-1001
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Name โ Value โ
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ID โ fx-2021-1001 โ
โ Query โ google-reverse โ
โ RuleName โ Googleๅไปฃๆๅกๅจ โ
โ RuleEnglish โ Google Reverse proxy โ
โ Author โ fofa โ
โ FofaQuery โ body="var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();" โ
โ Tag โ google โ
โ Type โ ๅ
็ฝฎ โ
โ Description โ ไธ็จๆไปฃ็ๅฐฑๅฏไปฅ่ฎฟ้ฎ็Googleๆ็ดข๏ผไฝๆ็ดข่ฎฐๅฝๅฏ่ฝไผ่ขซ่ฎฐๅฝใ โ
โ FileDir โ โ
โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ๆทปๅ -fe
ๅๆฐ้่ฟ Fx ่ฏญๆณ่ฟ่กๆฅ่ฏข
[~] fofax -q 'fx="google-reverse"' -fe -fs 5
2021/12/23 22:27:02 [SUCC] fx query id:google-reverse
2021/12/23 22:27:03 [SUCC] Fetch Data From FoFa: [5/5834]
54.76.26.205:10000
47.74.3.55:80
47.90.7.161:443
23.83.249.79:443
45.76.10.197:8081
ๆต่งๅจไธญ็ดๆฅๆๅผ
fofax -q 'fx="google-reverse"' -fe -open
2021/12/23 22:22:21 [SUCC] fx query id:google-reverse
2021/12/23 22:22:21 [SUCC] the query body="var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();" will be opened with a browser
็ผๅ่ชๅฎไน็ Fx ่ฏญๆณ่งๅ
ไธ้ข็ปๅบไธไธชไพๅญ๏ผไฝฟ็จ FoFa ๅฏนๆไธช็ฎๆ ่ฟ่กไฟกๆฏๆถ้็ๆกไพใ
็ๆไธไธชๆจก็
ไฝฟ็จ -g
ๅนถๆๅฎ็ๆ็ๆไปถๅๆๅฎ่ทฏๅพ๏ผ่ฟๆ ทไพฟ็ๆไบไธไธชๆจก็ๆไปถใ
fofax -g info-gathering.yaml
2021/12/24 20:09:27 [INFO] Will Write Plugin file: info-gathering.yaml
ๆฅ็ๆญค yaml ๆไปถ๏ผๅ ถๅ ๅฎนๅฆไธใ
id: fx-2021-01
query: ๆฅ่ฏข็ๅญ็ฌฆไธฒ็จไบfx="jupyter Unauth" eg:(jupyter Unauth)
rule_name: ่งๅๅ็งฐ eg:(jupyter ๆชๆๆ)
rule_english: jupyter unauthorized
description: ่งๅๆ่ฟฐ
author: ไฝ่
<้ฎ็ฎฑ>eg:(xiecat)
fofa_query: fofa่ฏญๅฅ eg:(body="ipython-main-app" && title="Home Page - Select or create a notebook")"
tag:
- ๆ ็ญพ1 eg(unauthorized)
- ๆ ็ญพ2
source: ่ฏญๅฅๆฅๆบ
ๆ็
งๅฆไธ่ฏดๆ๏ผไฟฎๆน็ธๅบๅ
ๅฎน๏ผไพฟๆบไธไธชๆฐ็ Fx ่ฏญๆณ่งๅ๏ผๅ
ณไบๆญคๆไปถ็่ทฏๅพ๏ผๅจ็ผๅๅฎๆดๅ่ฏทๆพๅจ ~/.config/fofax/fxrules/
่ฟไธช็ฎๅฝใ
ไธบๆนไพฟๅคๅถ๏ผ่ฏฆ็ปๅ ๅฎนๅฆไธ๏ผๆณจๆ title ๅคๅกซๅ่ชๅทฑ็็ฎๆ ๅ๏ผ๏ผ
id: fx-2021-01
query: redteam-info-gathering
rule_name: ็บข้ไฟกๆฏๆถ้
rule_english: redteam-info-gathering
description: ไฝฟ็จfofa้ๅฏนๆไธช็ฎๆ ่ฟ่ก็บข้ๅธธ่ง็้ซๅ
ณๆณจCMS/OA็ณป็ป็ไฟกๆฏๆถ้
author: xiecat
fofa_query: title="Target" && (title="ๅนณๅฐ" || title="OA" || title="็ณป็ป" || title="ๅๅ" || title="ๅๅ
ฌ" || title="่ด่ฟ" || title="ๆณๅพฎ" || title="็จๅ" || title="็ฎก็" || title="ๅๅฐ" || title="็ปๅฝ" || title="login" || title="admin") && country="CN"
tag:
- redteam
source:
ไธ้ขๅฐฑๅฏไปฅไฝฟ็จๆญค Fx ๆฅ่ฏข่งๅไบ๏ผๆญคๆฅ่ฏขไธๅฏไปฅ่ฏดไธๆนไพฟใใ
fofax -q 'fx="redteam-info-gathering"' -fe -ffi
2021/12/25 21:31:01 [SUCC] fx query id:redteam-info-gathering
2021/12/25 21:31:01 [SUCC] Fetch Data From FoFa: [27/27]
http://60.205.169.36:9080
https://43.243.13.187
http://806f52.ylhskhgyn.com
https://119.28.47.98:8443
http://124.70.197.255:8088
https://223.72.236.165
http://192.144.212.92:8080
https://114.255.204.149
......
0x05 ่ๅจไฝฟ็จๆกไพ
ๅจ็บข้ไฟกๆฏๆถ้ๅฎๆฏๅ๏ผไพฟๅฏไปฅๅฐๆถ้ๅฐ็่ตไบงไบค็ปๆขๆดปๅทฅๅ ทใๆ็บน่ฏๅซๅทฅๅ ทไปฅๅๆผๆดๆซๆๅทฅๅ ทๅป่ฟ่กๆขๆดปใๆ็บน่ฏๅซๅๆผๆดๆขๆตใ
FoFax && httpX
CVE-2021-43798 Grafana ๆชๆๆ็ฎๅฝ้ๅใ
FoFaX && Nuclei
ๅฐ FoFaX ่ทๅ็ๆฐๆฎไผ ้ๅฐ Nuclei๏ผ็ถๅไฝฟ็จ CVE-2021-43798 Template ๆน้ๆผๆดๆซๆใ
FoFaX && Xray
FoFaX && observer_ward
FoFaX && dismap
0x06 Stargazers
0x07 ่ด่ฐข
FoFaX ๅทฒๅ ๅ ฅ FOFA ๅ ฑๅ่ ่ฎกๅ๏ผๆ่ฐข FOFA ๆไพ็่ดฆๅทๆฏๆใ