├── GoT (Ver1.02 ).exe ├── GoT技术文档.docx ├── README.md ├── command.txt ├── config.db ├── setting.json └── 图片 ├── 1.jpg ├── 10.jpg ├── 11.jpg ├── 12.jpg ├── 3.jpg ├── 4.jpg ├── 5.jpg ├── 6.jpg ├── 7.jpg ├── 8.jpg ├── 9.jpg ├── poc.jpg └── 指纹.jpg /GoT (Ver1.02 ).exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/GoT (Ver1.02 ).exe -------------------------------------------------------------------------------- /GoT技术文档.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/GoT技术文档.docx -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GoT -- 基于SQLite数据库的指纹识别-漏洞POC管理扫描工具 2 | 3 | # 声明:本工具的目的是交流与学习,禁止非法或未授权途径下使用,若是造成网络与社会危害与开发者无关!!!! 4 | 5 | ## 详细内容请看GoT技术文档,若是有什么好想法或者是想添加的功能,可以跟作者沟通,文末尾有作者联系方式 6 | 7 | ## 工具功能截图 8 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/1.jpg) 9 | 10 | 基于sqlite数据对网站指纹和POC进行管理使用,此工具的开发目的就是存储各个框架的识别指纹,和降低批量漏扫poc脚本编写和管理难度。 11 | 12 | POC数据库支持类似于nuclei poc脚本部分功能(base64解密,正则表达式匹配,提取json字段),以后根据需要会更新更多功能。 13 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/poc.jpg ) 14 | 15 | 指纹数据库基于 网站title,body,图标hash和header对网站框架进行识别 16 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/指纹.jpg ) 17 | 18 | ## 基础功能 19 | 20 | ### 资产信息识别(Sniff) 21 | 22 | #### 基本使用 23 | 24 | -u 25 | 26 | GoT.exe sniff -u http://127.0.0.1 27 | 28 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/3.jpg) 29 | 30 | #### sniff模块其他功能 31 | 32 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/4.jpg) 33 | 34 | #### 开启代理并检测代理位置 35 | 36 | -proxy 37 | 38 | -pr 39 | 40 | GoT.exe sniff -u http://127.0.0.1 -proxy socks5://127.0.0.1:7890 -pr 41 | 42 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/5.jpg) 43 | 44 | #### 资产识别+漏洞扫描 45 | 46 | -at 47 | 48 | GoT.exe sniff -u http://127.0.0.1.com:8888 -at 49 | 50 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/6.jpg) 51 | 52 | ### POC+漏扫模块(Attempt) 53 | 54 | #### 基础使用 55 | 56 | -u 单个url 57 | 58 | -f txt文件 59 | 60 | -condition 通过数据库中的字段匹配漏洞进行漏洞扫描 61 | 62 | 使用sqlite数据库工具(DB Browser for SQLite)打开sqlite打开数据库 63 | 64 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/7.jpg) 65 | 66 | 可以看到poc配置信息 67 | 68 | 编写poc的高级函数目前只支持3种:正则表达式,json提取,base64加密。以后会更新支持更多版本的高级函数。 69 | 70 | #### attempt模块功能 71 | 72 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/8.jpg) 73 | 74 | -condition vuln="xxxx漏洞" 75 | -condition CMS="xxxOA" 76 | 77 | GoT.exe attempt -u http://127.0.0.1:8090 -condition vuln="用友U9-0702-敏感信息泄露-TransWebService" 78 | 79 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/9.jpg) 80 | 81 | ### 与FOFA联动(fofa) 82 | 83 | 在command.txt中编写fofa命令,在setting.json中填入key和邮箱 84 | 85 | ![基础功能](https://github.com/AgentVirus/GoT/blob/master/%E5%9B%BE%E7%89%87/12.jpg) 86 | 87 | # 其余功能以后会更详细的文档进行详细的说明 88 | 89 | ### 有啥事发邮箱 agentpumpkin@zohomail.cn 或者联系作者QQ 2764859737 90 | -------------------------------------------------------------------------------- /command.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/command.txt -------------------------------------------------------------------------------- /config.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/config.db -------------------------------------------------------------------------------- /setting.json: -------------------------------------------------------------------------------- 1 | { 2 | "concurrency":50, 3 | "response_time":10, 4 | "fofa_email":"", 5 | "fafa_key":"", 6 | "fofa_size":"10000" 7 | } 8 | -------------------------------------------------------------------------------- /图片/1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/1.jpg -------------------------------------------------------------------------------- /图片/10.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/10.jpg -------------------------------------------------------------------------------- /图片/11.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/11.jpg -------------------------------------------------------------------------------- /图片/12.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/12.jpg -------------------------------------------------------------------------------- /图片/3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/3.jpg -------------------------------------------------------------------------------- /图片/4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/4.jpg -------------------------------------------------------------------------------- /图片/5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/5.jpg -------------------------------------------------------------------------------- /图片/6.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/6.jpg -------------------------------------------------------------------------------- /图片/7.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/7.jpg -------------------------------------------------------------------------------- /图片/8.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/8.jpg -------------------------------------------------------------------------------- /图片/9.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/9.jpg -------------------------------------------------------------------------------- /图片/poc.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/poc.jpg -------------------------------------------------------------------------------- /图片/指纹.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/AgentVirus/GoT/8dd708bbb7c856479c20a99e5fbdc9d259db78ef/图片/指纹.jpg --------------------------------------------------------------------------------