• Stars
    star
    689
  • Rank 65,628 (Top 2 %)
  • Language
    Go
  • License
    GNU General Publi...
  • Created almost 3 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

fofax is a command line query tool based on the API of https://fofa.info/, simple is the best!

FoFaX

Latest releaseGitHub Release DateGitHub All ReleasesGitHub issues

๐Ÿ“’ English README | ๐Ÿ“Œ Releases Download ๐ŸŽ ่ฏฆ็ป†ไฝฟ็”จๆ–‡ๆกฃ Docs

0x00 ็ฎ€ไป‹

FoFaX ๆ˜ฏไธ€ๆฌพไฝฟ็”จ Go ็ผ–ๅ†™็š„ๅ‘ฝไปค่กŒ FoFa ๆŸฅ่ฏขๅทฅๅ…ท๏ผŒๅœจๆ”ฏๆŒ FoFa ๆŸฅ่ฏข่ง„ๅˆ™ไธŠๅขžๅŠ ไบ† Fx ่ฏญๆณ•ๆฅๆ–นไพฟไฝฟ็”จ่€…็ผ–ๅ†™่‡ชๅทฑ็š„่ง„ๅˆ™๏ผŒๅนถไธ”ๅ†…็ฝฎไบ†ไธ€ไบ›ๅธธ็”จ็š„่ง„ๅˆ™๏ผŒ้™คๆญคไน‹ๅค–่ฟ˜ๆœ‰่”ๅŠจๅ…ถไป–ๅฎ‰ๅ…จไบงๅ“ๅœจๅ†…็š„ๅ…ถไป–ๅคšไธชๅฎž็”จๅŠŸ่ƒฝใ€‚ไธป่ฆ็š„ๅŠŸ่ƒฝๅฆ‚ไธ‹๏ผš

  • ๅŸบๆœฌ FoFa ่ฏญๆณ•ๆŸฅ่ฏข
  • ่”ๅŠจๅ…ถไป–ๅฎ‰ๅ…จๅทฅๅ…ท
  • ๅ†…็ฝฎๅคง้‡ FoFa ่ง„ๅˆ™
  • Icon Hash ๆœฌๅœฐ/ๅœจ็บฟ่ฎก็ฎ—ๆŸฅ่ฏข
  • URL ่ฏไนฆ่ฎก็ฎ—ๆŸฅ่ฏข
  • ๆŽ’้™คๅ›ฝๅ†…่ต„ไบง
  • ไธ€้”ฎๆต่งˆๅ™จไธญๆ‰“ๅผ€
  • ๆ›ดๅคš๏ผˆ็ญ‰ๅพ…ๆ‚จไฝฟ็”จๅŽ็š„ๅ้ฆˆ๏ผ‰โ€ฆโ€ฆ

้™คๆญคไน‹ๅค–่ฟ˜ๅฏไปฅ่‡ชๅฎšไน‰ Fx ่ฏญๆณ•ๆŸฅ่ฏข๏ผŒ็”จๆˆทๅฏไปฅ้€š่ฟ‡ yaml ๆ ผๅผ็š„้…็ฝฎๆ–‡ไปถ็ผ–ๅ†™่‡ชๅทฑ็š„็‰นๅฎš Fx ๆŸฅ่ฏข่ง„ๅˆ™ใ€‚

0x01 ไธ‹่ฝฝ

็‚นๅ‡ป Releasesไธ‹่ฝฝ้“พๆŽฅ ๏ผŒๆŒ‰็…ง่‡ชๅทฑ็š„็ณป็ปŸๆžถๆž„้€‰ๆ‹ฉ็›ธๅบ”็š„ๅ‘่กŒ็‰ˆๆœฌไธ‹่ฝฝใ€‚

0x02 ้…็ฝฎ

MacOS/Linux

ๅฐ†ไธ‹่ฝฝไธ‹ๆฅ็š„ FoFaX ๅŽ‹็ผฉๅŒ…่งฃๅŽ‹๏ผŒๅปบ่ฎฎๆ”พๅœจ /usr/local/bin/ ็›ฎๅฝ•ไธ‹๏ผŒไปฅ่พพๅˆฐไปปๆ„็›ฎๅฝ•้ƒฝๅฏไปฅ่ฟ่กŒ FoFaX ๅ‘ฝไปค็š„็›ฎ็š„ใ€‚

tar -zxvf ~/Downloads/fofax_v0.1.22_darwin_amd64.tar.gz -C /usr/local/bin/

็ฌฌไธ€ๆฌก่ฟ่กŒ FoFaX ๅ‘ฝไปคไผš่‡ชๅŠจ็”Ÿๆˆไธ€ไธช้…็ฝฎๆ–‡ไปถ๏ผŒไฝไบŽ ~/.config/fofax/fofax.yamlใ€‚

fofax

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|

                         fofax.xiecat.fun

2021/12/23 21:21:28 [SUCC] create config file /Users/user/.config/fofax/fofax.yaml. please modify and use

ๆŽฅไธ‹ๆฅๅฐฑๆ˜ฏๅฏนๆญค้…็ฝฎๆ–‡ไปถ่ฟ›่กŒ้…็ฝฎไบ†๏ผŒไธ€่ˆฌๆฅ่ฏดๅช้œ€่ฆ้…็ฝฎๅฎŒ email ๅ’Œ key ๅฐฑๅฏไปฅไบ†ใ€‚

vim ~/.config/fofax/fofax.yaml
# fofa api email
fofa-email: ******@gmail.com

# fofa api key
fofakey: ***************

Windows

่งฃๅŽ‹ๅŽ‹็ผฉๅŒ…๏ผŒ็ฌฌไธ€ๆฌก่ฟ่กŒ fofax.exe ไผšๅœจๅŒ็บง็›ฎๅฝ•ไธ‹็”Ÿๆˆไธ€ไธช fofax.yaml ็š„้…็ฝฎๆ–‡ไปถใ€‚็„ถๅŽๆ‰“ๅผ€ๆญค้…็ฝฎๆ–‡ไปถ๏ผŒๅนถๅกซๅ†™ email ๅ’Œ keyใ€‚

0x03 ไฝฟ็”จๆ–นๆณ•

ไฝฟ็”จ Tips

ไธๅธฆไปปไฝ•ๅ‚ๆ•ฐๆ—ถ๏ผŒ้™คไบ†ไผš่พ“ๅ‡บ ASCII Logo๏ผŒ่ฟ˜ไผš้šๆœบ่พ“ๅ‡บไธ€ๆกไฝฟ็”จ Tipsใ€‚

fofax

      ____        ____       _  __
     / __/____   / __/____ _| |/ /
    / /_ / __ \ / /_ / __ `/|   /
   / __// /_/ // __// /_/ //   |
  /_/   \____//_/   \__,_//_/|_|

                         fofax.xiecat.fun

fofaX is a command line fofa query tool, simple is the best!

Tips:
Comment: ๆœ็ดข Fx ไธญ google-reverse, ๆŸฅ่ฏขๆ—ถไฝฟ็”จๆ‰ฉๅฑ•ๅŠŸ่ƒฝๅฟ…้กปๅŠ  -fe ๅ‚ๆ•ฐ
Usage: fofax -q 'fx="google-reverse"' -fe

ๅธฎๅŠฉไฟกๆฏ

ๅฏไปฅไฝฟ็”จ fofax -h ๆ˜พ็คบๅธฎๅŠฉไฟกๆฏใ€‚

fofax -h

fofaX is a command line fofa query tool, simple is the best!

Usage:
  fofax [flags]

Flags:
CONFIGS:
   -email, -fofa-email string  Fofa API Email
   -key, -fofakey string       Fofa API Key
   -p, -proxy string           proxy for http like http://127.0.0.1:8080
   -fofa-url string            Fofa url (default "https://fofa.so")
   -debug                      Debug mode

FILTERS:
   -fs, -fetch-size int          The maximum number of query (default 100)
   -e, -exclude                  Exclude the honeypot.
   -ec, -exclude-country-cn      Exclude CN.
   -ffi, -fetch-fullHost-info    URL fetch, with scheme, hostname, port
   -fto, -fetch-titles-ofDomain  Fetch website title

SINGLE QUERY/ERT/ICON:
   -q, -query string              FoFa query statement
   -uc, -url-cert string          Enter the certificate of the https URL to query
   -iu, -url-to-icon-hash string  Enter the URL of an icon, calculate it and query it
   -if, -icon-file-path string    Calculate the hash of the local icon file, then query it

MULTIPLE QUERY/CERT/ICON:
   -qf, -query-file string           Load files, query multiple statements
   -ucf, -url-cert-file string       Read the URL from the file, calculate the cert and then query it
   -iuf, -icon-hash-url-file string  Retrieve the URL from the file, calculate the icon hash and query it

FX GRAMMER:
   -g, -gen string           Generate fx statement files eg: default_fx.yaml
   -fd, -fxdir string        fxdir directory (default "/Users/user/.config/fofax/fxrules")
   -l, -lists                List of fx statements
   -lt, -list-tags           List fx tags
   -s, -search string        Search for fx statements. Statements are separated by semicolons eg: id=fx-2021-01;query="jupyter Unauth"
   -tree                     Print syntax tree
   -fe, -fofa-ext            Using extended syntax(fx)
   -ss, -show-single string  Display a single fx message

OTHER OPTIONS:
   -config string  fofax configuration file.The file reading order(fofax.yaml,/Users/user/.config/fofax/fofax.yaml,/etc/fofa.yaml) (default "/Users/user/.config/fofax/fofax.yaml")
   -v, -version    Show fofaX version
   -use            Syntax queries
   -open           Open with your browser only support pipline/-q/-uc/-iu/-if
   -no-limit-open  No limit to the number of openings in your browser

FoFa ่ฏญๆณ•่ง„ๅˆ™

ไฝฟ็”จ -use ๅ‚ๆ•ฐ๏ผŒๆ˜พ็คบ FoFa ่ฏญๆณ•ๆŸฅ่ฏข่ง„ๅˆ™ใ€‚

fofax -use

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Query                                     โ”‚ Explanation                                      โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ title="beijing"                           โ”‚ ไปŽๆ ‡้ข˜ไธญๆœ็ดข"ๅŒ—ไบฌ"                                     โ”‚
โ”‚ header="elastic"                          โ”‚ ไปŽhttpๅคดไธญๆœ็ดข"elastic"                               โ”‚
โ”‚ body="็ฝ‘็ปœ็ฉบ้—ดๆต‹็ป˜"                         โ”‚ ไปŽhtmlๆญฃๆ–‡ไธญๆœ็ดข"็ฝ‘็ปœ็ฉบ้—ดๆต‹็ป˜"                       โ”‚
โ”‚ title="beijing"                           โ”‚ ไปŽๆ ‡้ข˜ไธญๆœ็ดข"ๅŒ—ไบฌ"                                    โ”‚
โ”‚ header="elastic"                          โ”‚ ไปŽhttpๅคดไธญๆœ็ดข"elastic"                            โ”‚
โ”‚ body="็ฝ‘็ปœ็ฉบ้—ดๆต‹็ป˜"                         โ”‚ ไปŽhtmlๆญฃๆ–‡ไธญๆœ็ดข"็ฝ‘็ปœ็ฉบ้—ดๆต‹็ป˜"                       โ”‚
โ”‚ fid="kIlUsGZ8pT6AtgKSKD63iw=="            โ”‚ ๆŸฅๆ‰พ็›ธๅŒ็š„็ฝ‘็ซ™ๆŒ‡็บน                                     โ”‚
โ”‚ domain="google.com"                       โ”‚ ๆœ็ดขๆ นๅŸŸๅๅธฆๆœ‰google.com็š„็ฝ‘็ซ™                         โ”‚
โ”‚ icp="ไบฌICP่ฏ030173ๅท"                      โ”‚ ๆŸฅๆ‰พๅค‡ๆกˆๅทไธบ"ไบฌICP่ฏ030173ๅท"็š„็ฝ‘็ซ™                  โ”‚
โ”‚ js_name="js/jquery.js"                    โ”‚ ๆŸฅๆ‰พ็ฝ‘็ซ™ๆญฃๆ–‡ไธญๅŒ…ๅซjs/jquery.js็š„่ต„ไบง                    โ”‚
โ”‚ js_md5="82ac3f14327a8b7ba49baa208d4eaa15" โ”‚ ๆŸฅๆ‰พjsๆบ็ ไธŽไน‹ๅŒน้…็š„่ต„ไบง                                โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

ๅŸบ็ก€ๆŸฅ่ฏข

ๆœ‰ๅฆ‚ไธ‹ไธค็งๆ–นๅผๆŸฅ่ฏข app="APACHE-Solr"๏ผŒไธๆŒ‡ๅฎšๆ•ฐ้‡้ป˜่ฎคไผš่พ“ๅ‡บ 100 ไธช host๏ผŒๅนถไธ”้ป˜่ฎคไผšๅฏนๆ•ฐๆฎ่ฟ›่กŒๅŽป้‡ใ€‚

fofax -q 'app="APACHE-Solr"'

2021/12/23 20:17:32 [SUCC] Fetch Data From FoFa: [100/30830]
54.114.20.168:8443
193.8.4.43:8983
208.37.227.95:8983
3.20.255.140:8983
3.114.85.178:8983
82.142.82.197:8983
159.39.10.212:8983
199.102.27.69:8983
โ€ฆโ€ฆโ€ฆโ€ฆ
echo 'app="APACHE-Solr"' | fofax
2021/12/23 20:17:59 [SUCC] Fetch Data From FoFa: [100/30830]
54.114.20.168:8443
193.8.4.43:8983
208.37.227.95:8983
3.20.255.140:8983
3.114.85.178:8983
82.142.82.197:8983
159.39.10.212:8983
199.102.27.69:8983
โ€ฆโ€ฆโ€ฆโ€ฆ

ๆŒ‡ๅฎšๆŸฅ่ฏขๆ•ฐ้‡

echo 'app="APACHE-Solr"' | fofax -fs 5
2021/12/23 20:19:00 [SUCC] Fetch Data From FoFa: [5/30830]
13.57.71.190:8443
165.22.215.32:8983
184.73.40.143:8443
3.20.255.140:8983

ๅฆ‚ไธŠๅช่พ“ๅ‡บไบ† 4 ๆกๆ•ฐๆฎ๏ผŒๆ˜ฏๅ› ไธบ FoFaX ่‡ชๅŠจๅฏน้‡ๅค็š„ๆ•ฐๆฎ่ฟ›่กŒไบ†ๅŽป้‡ใ€‚

ๆŽ’้™คๆŸฅ่ฏข

ๆทปๅŠ  -e ๅ‚ๆ•ฐ๏ผŒๆŽ’้™ค่œœ็ฝ็š„ๅนฒๆ‰ฐใ€‚

echo 'app="APACHE-Solr"' | fofax -fs 10 -e
2021/12/23 22:56:14 [SUCC] Fetch Data From FoFa: [10/30849]
13.126.128.253:80
185.22.235.14:8983
151.248.126.4:8983
20.71.77.183:80
23.102.46.20:443
15.113.170.101:8443
52.58.201.109:80

ๆทปๅŠ  -ec ๅ‚ๆ•ฐ๏ผŒๆŽ’้™คไธญๅ›ฝ็š„ๆ•ฐๆฎใ€‚

echo 'app="APACHE-Solr"' | fofax -fs 10 -ec
2021/12/23 22:56:36 [SUCC] Fetch Data From FoFa: [10/26044]
15.113.170.101:8443
52.58.201.109:80
13.126.128.253:80
185.22.235.14:8983
151.248.126.4:8983
20.71.77.183:80
23.102.46.20:443

่Žทๅ– URL

ๆทปๅŠ  -ffi ๅ‚ๆ•ฐ๏ผŒๆ นๆฎๆŸฅ่ฏข่ฏญๅฅ็›ดๆŽฅ่Žทๅ–ๅฏนๅบ”็š„ URL๏ผˆ[scheme]://[host]:[port]๏ผ‰ใ€‚

echo 'app="APACHE-Solr"' | fofax -fs 5 -ffi
2021/12/23 20:21:03 [SUCC] Fetch Data From FoFa: [5/30830]
https://184.73.40.143:8443
http://120.24.42.244:8983
https://13.57.71.190:8443
http://165.22.215.32:8983

่Žทๅ– Title

echo 'domain="baidu.com" && status_code="200"' | fofax -fs 10 -fto
2021/12/23 20:21:19 [SUCC] Fetch Data From FoFa: [10/1124]
https://home.baidu.com [ๅ…ณไบŽ็™พๅบฆ]
http://research.baidu.com [Baidu Research]
http://fecs.baidu.com [FECS - Front End Code Style Suite]
http://yuntu.baidu.com [ไผไธšๅ›พ่ฐฑ]
https://ditu.baidu.com [็™พๅบฆๅœฐๅ›พ]
https://sp2.baidu.com [็™พๅบฆไธ€ไธ‹๏ผŒไฝ ๅฐฑ็Ÿฅ้“]
https://tushuo.baidu.com [ๅ›พ่ฏด]
https://ocpc.baidu.com [็™พๅบฆ oCPC ๅผ€ๅ‘่€…ไธญๅฟƒ]
https://naotu.baidu.com [็™พๅบฆ่„‘ๅ›พ - ไพฟๆท็š„ๆ€็ปดๅทฅๅ…ท]
http://usa.baidu.com [Baidu USA]

Debug ๆจกๅผ

ๆทปๅŠ  -debug ๅ‚ๆ•ฐ๏ผŒๅผ€ๅฏ Debug ่ฏฆ็ป†ๆจกๅผใ€‚

echo 'app="APACHE-Solr"' | fofax -fs 5 -ffi -debug
2021/12/25 21:28:57 [DEBUG] FoFa Size : 5
2021/12/25 21:28:57 [DEBUG] FoFa Query of: app="APACHE-Solr"
2021/12/25 21:28:57 [DEBUG] https://fofa.so/api/v1/search/all?email=**********@gmail.com&key=**************************&qbase64=YXBwPSJBUEFDSEUtU29sciI=&size=5&page=1&fields=protocol,ip,port,host
2021/12/25 21:28:57 [DEBUG] Resp Time: 432/millis
2021/12/25 21:28:57 [SUCC] Fetch Data From FoFa: [5/30942]
http://35.183.115.103
http://3.17.203.145:8983
http://195.201.119.15:49154
https://18.169.23.120
http://174.138.127.51:8983

ๆต่งˆๅ™จไธญๆ‰“ๅผ€

echo 'app="APACHE-Solr"' | fofax -open

openinbrowser.gif

่ฎก็ฎ— Icon Hash ๅนถๆŸฅ่ฏข

ไธค็งๆ–นๅผ๏ผŒ็ฌฌไธ€็งๆ˜ฏ็›ดๆŽฅๆ นๆฎๆไพ› Icon ็š„ URL ๆฅๆŸฅ่ฏขใ€‚

fofax -iu https://www.baidu.com/favicon.ico -fs 5

2021/12/23 20:21:59 [SUCC] Fetch Data From FoFa: [5/13284]
47.98.104.77:8088
154.39.217.22:80
xueshu.mrsb.tk:80
154.39.217.2:80
154.39.217.28:80

็ฌฌไบŒ็งๆ˜ฏๆ นๆฎๆœฌๅœฐ Icon ๆ–‡ไปถ๏ผŒๆฅ่ฎก็ฎ— Hash ๅนถๆŸฅ่ฏขใ€‚

wget https://www.baidu.com/favicon.ico
fofax -if favicon.ico -fs 5

2021/12/23 21:25:24 [SUCC] Fetch Data From FoFa: [5/13284]
47.98.104.77:8088
154.39.217.22:80
xueshu.mrsb.tk:80
154.39.217.2:80
154.39.217.28:80

่ฎก็ฎ—่ฏไนฆๅนถๆŸฅ่ฏข

fofax -fs 5 -uc https://www.baidu.com/

2021/12/23 21:29:54 [SUCC] Fetch Data From FoFa: [5/361619]
180.97.93.146:443
180.97.93.65:443
112.3.25.49:443
itv.leiqiang8.cn:80
owa2.leiqiang8.cn:80

0x04 Fx ่ฏญๆณ•ๆŸฅ่ฏข

ๅœจไฝฟ็”จ FoFa ๅšไฟกๆฏๆ”ถ้›†ๆˆ–่€…ๅ…ถไป–ไบ‹ๆƒ…็š„ๆ—ถๅ€™๏ผŒๆœ‰ๅฏ่ƒฝ่ฟ™ๆกๆŸฅ่ฏข่ฏญๅฅไผš้žๅธธ้žๅธธ็š„้•ฟ๏ผŒ้žๅธธไธๅฅฝ่ฎฐๅฟ†๏ผŒๆˆ‘ไปฌๆ€ปไธๅฏ่ƒฝไธ“้—จๆ‹ฟไธชๅฐๆœฌๆœฌๅŽป่ฎฐ่ฟ™ไธช FoFa ๆŸฅ่ฏข่ฏญๅฅๅงใ€‚

่ฟ™ไธชๆ—ถๅ€™๏ผŒๅฐฑๅฏไปฅไฝฟ็”จ FoFaX ็š„ Fx ๅŠŸ่ƒฝใ€‚็›ฎๅ‰ FoFaX ๅทฒ็ปๅ†…็ฝฎๅ‡ ๅๆก Fx ่ฏญๆณ•ๆŸฅ่ฏข่ง„ๅˆ™๏ผŒ็”จๆˆทๅฏ็›ดๆŽฅไฝฟ็”จ็›ธๅบ”ๅ‚ๆ•ฐ่ฟ›่กŒๆŸฅ่ฏขใ€‚ๅŒๆ—ถ็”จๆˆท่ฟ˜ๅฏไปฅ้€š่ฟ‡ yaml ๆ ผๅผ็š„้…็ฝฎๆ–‡ไปถ๏ผŒ็ผ–ๅ†™่‡ชๅทฑ็‰นๅฎš็š„ Fx ่ฏญๆณ•ๆŸฅ่ฏข่ง„ๅˆ™ใ€‚

ๆ˜พ็คบๅ†…็ฝฎ Fx ๆŸฅ่ฏข่ฏญๅฅ

fofax -l

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Id            โ”‚ Query              โ”‚ RuleName                       โ”‚ Author โ”‚ Tag         โ”‚ Type  โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ fx-2021-1001  โ”‚ google-reverse     โ”‚ GoogleๅไปฃๆœๅŠกๅ™จ                 โ”‚ fofa   โ”‚ google      โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1002  โ”‚ python-simplehttp  โ”‚ Python SimpleHTTP              โ”‚ fofa   โ”‚ python      โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1003  โ”‚ data-leak          โ”‚ ็คพๅทฅๅบ“                          โ”‚ fofa   โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1004  โ”‚ hfs-rce            โ”‚ ๅญ˜ๅœจๅ‘ฝไปคๆ‰ง่กŒ็š„HFSๆœๅŠก             โ”‚ fofa   โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1005  โ”‚ satellite-ftp      โ”‚ ไธ€้”ฎๆ—ฅๅซๆ˜ŸFTP๏ผŸ                  โ”‚ fofa   โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1006  โ”‚ mk-mining          โ”‚ mk่ทฏ็”ฑๅ™จๅ…จ็ƒๆŒ–็Ÿฟๆ„ŸๆŸ“              โ”‚ fofa   โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1007  โ”‚ ss-manager-login   โ”‚ ss-Manager ็™ปๅฝ•                 โ”‚ fofa   โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1008  โ”‚ heating-monitor    โ”‚ ไพ›ๆš–็›‘ๆŽง็ณป็ปŸ                     โ”‚ fofa   โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1009  โ”‚ free-proxy         โ”‚ ๅ…่ดนไปฃ็†ๆฑ                       โ”‚ fofa    โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1010  โ”‚ honeypot           โ”‚ ่œœ็ฝ                           โ”‚ fofa    โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1011  โ”‚ hacked-website     โ”‚ ่ขซๆŒ‚้ป‘็š„็ซ™็‚น                     โ”‚ fofa   โ”‚ fun         โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-1012  โ”‚ jupyter-unauth     โ”‚ Jupyter ๆœชๆŽˆๆƒ                  โ”‚ xiecat โ”‚ unauth      โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-11001 โ”‚ APACHE-ActiveMQ    โ”‚ APACHE ActiveMQ                โ”‚ fofa   โ”‚ log4j2,fofa โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-11002 โ”‚ Apache_OFBiz       โ”‚ Apache OFBiz                   โ”‚ fofa   โ”‚ log4j2,fofa โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-11003 โ”‚ Jenkins            โ”‚ Jenkins                        โ”‚ fofa   โ”‚ log4j2,fofa โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-11004 โ”‚ RabbitMQ           โ”‚ RabbitMQ                       โ”‚ fofa   โ”‚ log4j2,fofa โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-11005 โ”‚ Apache-log4j2-Web  โ”‚ Apache log4j2 Web              โ”‚ fofa   โ”‚ log4j2,fofa โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-11006 โ”‚ Jedis              โ”‚ Jedis                          โ”‚ fofa   โ”‚ log4j2,fofa โ”‚ ๅ†…็ฝฎ   โ”‚
โ”‚ fx-2021-11007 โ”‚ APACHE-tika        โ”‚ APACHE tika                    โ”‚ fofa   โ”‚ log4j2,fofa โ”‚ ๅ†…็ฝฎ   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

ๅˆ—ๅ‡บ Fx ่ฏญๅฅ็š„่ฏฆ็ป†ๅ†…ๅฎน

fofax -ss fx-2021-1001

fx-2021-1001 fx-2021-1001
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Name        โ”‚ Value                                                                                       โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ ID          โ”‚ fx-2021-1001                                                                                โ”‚
โ”‚ Query       โ”‚ google-reverse                                                                              โ”‚
โ”‚ RuleName    โ”‚ GoogleๅไปฃๆœๅŠกๅ™จ                                                                              โ”‚
โ”‚ RuleEnglish โ”‚ Google Reverse proxy                                                                        โ”‚
โ”‚ Author      โ”‚ fofa                                                                                        โ”‚
โ”‚ FofaQuery   โ”‚ body="var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();" โ”‚
โ”‚ Tag         โ”‚ google                                                                                      โ”‚
โ”‚ Type        โ”‚ ๅ†…็ฝฎ                                                                                         โ”‚
โ”‚ Description โ”‚ ไธ็”จๆŒ‚ไปฃ็†ๅฐฑๅฏไปฅ่ฎฟ้—ฎ็š„Googleๆœ็ดข๏ผŒไฝ†ๆœ็ดข่ฎฐๅฝ•ๅฏ่ƒฝไผš่ขซ่ฎฐๅฝ•ใ€‚                                           โ”‚
โ”‚ FileDir     โ”‚                                                                                             โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

ๆทปๅŠ  -fe ๅ‚ๆ•ฐ้€š่ฟ‡ Fx ่ฏญๆณ•่ฟ›่กŒๆŸฅ่ฏข

[~] fofax -q 'fx="google-reverse"' -fe -fs 5

2021/12/23 22:27:02 [SUCC] fx query id:google-reverse
2021/12/23 22:27:03 [SUCC] Fetch Data From FoFa: [5/5834]
54.76.26.205:10000
47.74.3.55:80
47.90.7.161:443
23.83.249.79:443
45.76.10.197:8081

ๆต่งˆๅ™จไธญ็›ดๆŽฅๆ‰“ๅผ€

fofax -q 'fx="google-reverse"' -fe -open

2021/12/23 22:22:21 [SUCC] fx query id:google-reverse
2021/12/23 22:22:21 [SUCC] the query body="var c = Array.prototype.slice.call(arguments, 1);return function() {var d=c.slice();" will be opened with a browser

็ผ–ๅ†™่‡ชๅฎšไน‰็š„ Fx ่ฏญๆณ•่ง„ๅˆ™

ไธ‹้ข็ป™ๅ‡บไธ€ไธชไพ‹ๅญ๏ผŒไฝฟ็”จ FoFa ๅฏนๆŸไธช็›ฎๆ ‡่ฟ›่กŒไฟกๆฏๆ”ถ้›†็š„ๆกˆไพ‹ใ€‚

็”Ÿๆˆไธ€ไธชๆจก็‰ˆ

ไฝฟ็”จ -g ๅนถๆŒ‡ๅฎš็”Ÿๆˆ็š„ๆ–‡ไปถๅๆŒ‡ๅฎš่ทฏๅพ„๏ผŒ่ฟ™ๆ ทไพฟ็”Ÿๆˆไบ†ไธ€ไธชๆจก็‰ˆๆ–‡ไปถใ€‚

fofax -g info-gathering.yaml

2021/12/24 20:09:27 [INFO] Will Write Plugin file: info-gathering.yaml

ๆŸฅ็œ‹ๆญค yaml ๆ–‡ไปถ๏ผŒๅ…ถๅ†…ๅฎนๅฆ‚ไธ‹ใ€‚

id: fx-2021-01
query: ๆŸฅ่ฏข็š„ๅญ—็ฌฆไธฒ็”จไบŽfx="jupyter Unauth" eg:(jupyter Unauth)
rule_name: ่ง„ๅˆ™ๅ็งฐ eg:(jupyter ๆœชๆŽˆๆƒ)
rule_english: jupyter unauthorized
description: ่ง„ๅˆ™ๆ่ฟฐ
author: ไฝœ่€…<้‚ฎ็ฎฑ>eg:(xiecat)
fofa_query: fofa่ฏญๅฅ eg:(body="ipython-main-app" && title="Home Page - Select or create a notebook")"
tag:
- ๆ ‡็ญพ1 eg(unauthorized)
- ๆ ‡็ญพ2
source: ่ฏญๅฅๆฅๆบ

ๆŒ‰็…งๅฆ‚ไธŠ่ฏดๆ˜Ž๏ผŒไฟฎๆ”น็›ธๅบ”ๅ†…ๅฎน๏ผŒไพฟๆบไธ€ไธชๆ–ฐ็š„ Fx ่ฏญๆณ•่ง„ๅˆ™๏ผŒๅ…ณไบŽๆญคๆ–‡ไปถ็š„่ทฏๅพ„๏ผŒๅœจ็ผ–ๅ†™ๅฎŒๆ•ดๅŽ่ฏทๆ”พๅœจ ~/.config/fofax/fxrules/ ่ฟ™ไธช็›ฎๅฝ•ใ€‚

ไธบๆ–นไพฟๅคๅˆถ๏ผŒ่ฏฆ็ป†ๅ†…ๅฎนๅฆ‚ไธ‹๏ผˆๆณจๆ„ title ๅค„ๅกซๅ†™่‡ชๅทฑ็š„็›ฎๆ ‡ๅ๏ผ‰๏ผš

id: fx-2021-01
query: redteam-info-gathering
rule_name: ็บข้˜Ÿไฟกๆฏๆ”ถ้›†
rule_english: redteam-info-gathering
description: ไฝฟ็”จfofa้’ˆๅฏนๆŸไธช็›ฎๆ ‡่ฟ›่กŒ็บข้˜Ÿๅธธ่ง็š„้ซ˜ๅ…ณๆณจCMS/OA็ณป็ปŸ็š„ไฟกๆฏๆ”ถ้›†
author: xiecat
fofa_query: title="Target" && (title="ๅนณๅฐ" || title="OA" || title="็ณป็ปŸ" || title="ๅๅŒ" || title="ๅŠžๅ…ฌ" || title="่‡ด่ฟœ" || title="ๆณ›ๅพฎ" || title="็”จๅ‹" || title="็ฎก็†" || title="ๅŽๅฐ" || title="็™ปๅฝ•" || title="login" || title="admin") && country="CN"
tag:
- redteam
source: 

ไธ‹้ขๅฐฑๅฏไปฅไฝฟ็”จๆญค Fx ๆŸฅ่ฏข่ง„ๅˆ™ไบ†๏ผŒๆญคๆŸฅ่ฏขไธๅฏไปฅ่ฏดไธๆ–นไพฟใ€‚ใ€‚

fofax -q 'fx="redteam-info-gathering"' -fe -ffi

2021/12/25 21:31:01 [SUCC] fx query id:redteam-info-gathering
2021/12/25 21:31:01 [SUCC] Fetch Data From FoFa: [27/27]
http://60.205.169.36:9080
https://43.243.13.187
http://806f52.ylhskhgyn.com
https://119.28.47.98:8443
http://124.70.197.255:8088
https://223.72.236.165
http://192.144.212.92:8080
https://114.255.204.149
......

0x05 ่”ๅŠจไฝฟ็”จๆกˆไพ‹

ๅœจ็บข้˜Ÿไฟกๆฏๆ”ถ้›†ๅฎŒๆฏ•ๅŽ๏ผŒไพฟๅฏไปฅๅฐ†ๆ”ถ้›†ๅˆฐ็š„่ต„ไบงไบค็ป™ๆŽขๆดปๅทฅๅ…ทใ€ๆŒ‡็บน่ฏ†ๅˆซๅทฅๅ…ทไปฅๅŠๆผๆดžๆ‰ซๆๅทฅๅ…ทๅŽป่ฟ›่กŒๆŽขๆดปใ€ๆŒ‡็บน่ฏ†ๅˆซๅ’ŒๆผๆดžๆŽขๆต‹ใ€‚

FoFax && httpX

CVE-2021-43798 Grafana ๆœชๆŽˆๆƒ็›ฎๅฝ•้ๅŽ†ใ€‚

fofax_httpx

FoFaX && Nuclei

ๅฐ† FoFaX ่Žทๅ–็š„ๆ•ฐๆฎไผ ้€’ๅˆฐ Nuclei๏ผŒ็„ถๅŽไฝฟ็”จ CVE-2021-43798 Template ๆ‰น้‡ๆผๆดžๆ‰ซๆใ€‚

fofax_nuclei

FoFaX && Xray

fofax_xray

FoFaX && observer_ward

fofax_observer_ward

FoFaX && dismap

fofax_dismap

0x06 Stargazers

Stargazers over time

0x07 ่‡ด่ฐข

FoFaX ๅทฒๅŠ ๅ…ฅ FOFA ๅ…ฑๅˆ›่€…่ฎกๅˆ’๏ผŒๆ„Ÿ่ฐข FOFA ๆไพ›็š„่ดฆๅทๆ”ฏๆŒใ€‚

fofa-logo