├── LICENSE
└── README.md


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2022 mlq
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## nucleix
 2 | 
 3 | 整合nuclei与xray(社区版、自带高级版)，实现被动扫描+poc扫描自动化渗透流程
 4 | 
 5 | 使用[ruoyi前后端分离版本](https://gitee.com/y_project/RuoYi-Vue)进行二次开发
 6 | 
 7 | ### 功能列表
 8 | 
 9 | #### 创建扫描任务
10 | ![](https://s3.bmp.ovh/imgs/2022/04/08/e5e81e1b03c4eb29.png)
11 | 将浏览器或者bp等工具代理设置为生成的代理服务器地址即可自动调用xray进行被动漏洞扫描
12 | 
13 | ![](https://s3.bmp.ovh/imgs/2022/04/08/87bb918dd39ef647.png)
14 | 会自动生成两个xray节点<br />
15 | 高级版仅开启shiro、fastjson、struts2、thinkphp等社区版受限制的漏洞插件<br />
16 | 流量流经高级版后会自动流向社区版再次进行漏洞扫描
17 | #### 创建POC扫描
18 | POC扫描使用nuclei进行扫描<br />
19 | 支持两种方式创建扫描<br />
20 | 1.停止采集时将采集到的流量全部去重后进行POC扫描<br />
21 | ![](https://s3.bmp.ovh/imgs/2022/04/08/a60937a82b9b7e26.png)
22 | 2.手动创建POC扫描-手动输入目标或从被动扫描任务处选取目标
23 | ![](https://s3.bmp.ovh/imgs/2022/04/08/4f541f0b554241ab.png)
24 | ![](https://s3.bmp.ovh/imgs/2022/04/08/dcdeda0c06f122ec.png)
25 | 选择POC支持标签选择与poc选择
26 | ![](https://s3.bmp.ovh/imgs/2022/04/08/22baf4b8dfa57094.png)
27 | poc扫描状态
28 | ![](https://s3.bmp.ovh/imgs/2022/04/08/2fe7821f9f1ad566.png)
29 | #### 漏洞列表
30 | 扫描完成后的漏洞统一在此查看
31 | ![](https://s3.bmp.ovh/imgs/2022/04/08/12e48cb51ac138a4.png)
32 | #### POC列表
33 | 对nuclei的poc进行可视化管理
34 | ![](https://s3.bmp.ovh/imgs/2022/04/08/0c6436b4df4d2083.png)
35 | #### 请求记录
36 | 记录被动扫描采集到的原始url，供POC扫描使用
37 | ![](https://s3.bmp.ovh/imgs/2022/04/08/3221ecbf3a7202b2.png)
38 | 
39 | 梳理代码、脱敏后会开放源码
40 | 


--------------------------------------------------------------------------------