mvfs56p8q
/
MiaCTFer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
MiaCTFer/client/urlscan/xray/config.yaml

307 lines
11 KiB
Raw Permalink Normal View History Unescape

main
2 months ago
version: 2.3
# 配置解释见 https://chaitin.github.io/xray/#/configration/plugins
plugins:
max_parallel: 13
xss:
enabled: true
ie_feature: false
include_cookie: false
baseline:
enabled: true
detect_outdated_ssl_version: false
detect_http_header_config: false
detect_cors_header_config: false
detect_server_error_page: false
detect_china_id_card_number: false
detect_serialization_data_in_params: true
detect_cookie_password_leak: false
detect_unsafe_scheme: false
detect_cookie_httponly: false
detect_dark_chain: false
detect_host_injection: false
cmd_injection:
enabled: true
detect_blind_injection: false
crlf_injection:
enabled: true
dirscan:
enabled: false
depth: 1
dictionary: ""
jsonp:
enabled: true
path_traversal:
enabled: true
redirect:
enabled: true
sqldet:
enabled: true
error_based_detection: true
boolean_based_detection: true
time_based_detection: true
# 下面两个选项很危险,开启之后可以增加检测率,但是有破坏数据库数据的可能性,请务必了解工作原理之后再开启
dangerously_use_comment_in_sql: false
dangerously_use_or_in_sql: false
ssrf:
enabled: true
xxe:
enabled: true
upload:
enabled: false
brute_force:
enabled: false
detect_default_password: true
detect_unsafe_login_method: false
username_dictionary: ""
password_dictionary: ""
phantasm:
enabled: true
depth: 0
poc:
#- poc-yaml-74cms-sqli-1
#- poc-yaml-74cms-sqli-2
#- poc-yaml-74cms-sqli
- poc-yaml-activemq-cve-2016-3088
- poc-yaml-bash-cve-2014-6271
- poc-yaml-cacti-weathermap-file-write
- poc-yaml-citrix-cve-2019-19781-path-traversal
#- poc-yaml-coldfusion-cve-2010-2861-lfi
- poc-yaml-confluence-cve-2015-8399
- poc-yaml-confluence-cve-2019-3396-lfi
- poc-yaml-coremail-cnvd-2019-16798
- poc-yaml-couchcms-cve-2018-7662
- poc-yaml-couchdb-cve-2017-12635
- poc-yaml-couchdb-unauth
- poc-yaml-dedecms-carbuyaction-fileinclude
- poc-yaml-dedecms-cve-2018-6910
- poc-yaml-dedecms-cve-2018-7700-rce
- poc-yaml-dedecms-guestbook-sqli
- poc-yaml-dedecms-membergroup-sqli
- poc-yaml-dedecms-url-redirection
- poc-yaml-discuz-ml3x-cnvd-2019-22239
- poc-yaml-discuz-v72-sqli
- poc-yaml-discuz-wechat-plugins-unauth
- poc-yaml-discuz-wooyun-2010-080723
- poc-yaml-dlink-850l-info-leak
- poc-yaml-dlink-cve-2019-16920-rce
- poc-yaml-dlink-cve-2019-17506
- poc-yaml-docker-api-unauthorized-rce
- poc-yaml-docker-registry-api-unauth
# - poc-yaml-druid-monitor-unauth
- poc-yaml-drupal-cve-2019-6340
- poc-yaml-drupal-drupalgeddon2-rce
- poc-yaml-drupalgeddon-cve-2014-3704-sqli
# - poc-yaml-duomicms-sqli
- poc-yaml-dvr-cve-2018-9995
# - poc-yaml-ecology-filedownload-directory-traversal
# - poc-yaml-ecology-javabeanshell-rce
# - poc-yaml-ecology-springframework-directory-traversal
# - poc-yaml-ecology-syncuserinfo-sqli
# - poc-yaml-ecology-validate-sqli
# - poc-yaml-ecology-workflowcentertreedata-sqli
- poc-yaml-ecshop-360-rce
- poc-yaml-elasticsearch-cve-2014-3120
- poc-yaml-elasticsearch-cve-2015-1427
- poc-yaml-elasticsearch-cve-2015-3337-lfi
- poc-yaml-elasticsearch-unauth
# - poc-yaml-etcd-unauth
# - poc-yaml-etouch-v2-sqli
# - poc-yaml-fangweicms-sqli
# - poc-yaml-feifeicms-lfr
# - poc-yaml-finecms-sqli
- poc-yaml-finereport-directory-traversal
- poc-yaml-gilacms-cve-2020-5515
- poc-yaml-glassfish-cve-2017-1000028-lfi
- poc-yaml-hadoop-yarn-unauth
- poc-yaml-ifw8-router-cve-2019-16313
- poc-yaml-influxdb-unauth
- poc-yaml-jboss-cve-2010-1871
- poc-yaml-jboss-unauth
- poc-yaml-jenkins-cve-2018-1000600
- poc-yaml-jenkins-cve-2018-1000861-rce
- poc-yaml-jira-cve-2019-11581
- poc-yaml-jira-ssrf-cve-2019-8451
- poc-yaml-joomla-cnvd-2019-34135-rce
- poc-yaml-joomla-cve-2015-7297-sqli
- poc-yaml-joomla-cve-2017-8917-sqli
- poc-yaml-joomla-ext-zhbaidumap-cve-2018-6605-sqli
- poc-yaml-kibana-unauth
- poc-yaml-kong-cve-2020-11710-unauth
- poc-yaml-laravel-debug-info-leak
# - poc-yaml-maccms-rce
# - poc-yaml-maccmsv10-backdoor
- poc-yaml-metinfo-cve-2019-16996-sqli
- poc-yaml-metinfo-cve-2019-16997-sqli
- poc-yaml-metinfo-cve-2019-17418-sqli
- poc-yaml-metinfo-lfi-cnvd-2018-13393
- poc-yaml-mongo-express-cve-2019-10758
- poc-yaml-msvod-sqli
# - poc-yaml-myucms-lfr
- poc-yaml-nagio-cve-2018-10735
- poc-yaml-nagio-cve-2018-10736
- poc-yaml-nagio-cve-2018-10737
- poc-yaml-nagio-cve-2018-10738
- poc-yaml-netgear-cve-2017-5521
- poc-yaml-nextjs-cve-2017-16877
- poc-yaml-nexus-cve-2019-7238
- poc-yaml-nhttpd-cve-2019-16278
- poc-yaml-nuuo-file-inclusion
- poc-yaml-pandorafms-cve-2019-20224-rce
- poc-yaml-php-cgi-cve-2012-1823
- poc-yaml-phpcms-cve-2018-19127
- poc-yaml-phpmyadmin-cve-2018-12613-file-inclusion
- poc-yaml-phpmyadmin-setup-deserialization
- poc-yaml-phpok-sqli
- poc-yaml-phpshe-sqli
- poc-yaml-phpstudy-backdoor-rce
- poc-yaml-phpunit-cve-2017-9841-rce
- poc-yaml-pulse-cve-2019-11510
- poc-yaml-pyspider-unauthorized-access
# - poc-yaml-qibocms-sqli
- poc-yaml-rails-cve-2018-3760-rce
- poc-yaml-razor-cve-2018-8770
- poc-yaml-rconfig-cve-2019-16663
- poc-yaml-resin-cnnvd-200705-315
- poc-yaml-resin-inputfile-fileread-or-ssrf
- poc-yaml-resin-viewfile-fileread
- poc-yaml-satellian-cve-2020-7980-rce
# - poc-yaml-seacms-rce
# - poc-yaml-seacms-sqli
# - poc-yaml-seacms-v654-rce
- poc-yaml-seeyon-wooyun-2015-0108235-sqli
- poc-yaml-solr-cve-2017-12629-xxe
- poc-yaml-solr-cve-2019-0193
- poc-yaml-solr-velocity-template-rce
- poc-yaml-spark-unauth
- poc-yaml-spring-cloud-cve-2020-5405
- poc-yaml-spring-cve-2016-4977
- poc-yaml-springcloud-cve-2019-3799
- poc-yaml-supervisord-cve-2017-11610
- poc-yaml-tensorboard-unauth
- poc-yaml-thinkcmf-write-shell
- poc-yaml-thinkphp-v6-file-write
- poc-yaml-thinkphp5-controller-rce
- poc-yaml-thinkphp5023-method-rce
- poc-yaml-tomcat-cve-2017-12615-rce
- poc-yaml-tomcat-cve-2018-11759
- poc-yaml-tpshop-sqli
- poc-yaml-typecho-rce
- poc-yaml-uwsgi-cve-2018-7490
- poc-yaml-vbulletin-cve-2019-16759
- poc-yaml-weblogic-cve-2017-10271-reverse
- poc-yaml-weblogic-cve-2019-2729-1
- poc-yaml-weblogic-cve-2019-2729-2
- poc-yaml-weblogic-ssrf
- poc-yaml-weblogic-cve-2017-10271
- poc-yaml-weblogic-cve-2019-2725
- poc-yaml-webmin-cve-2019-15107-rce
- poc-yaml-wordpress-ext-adaptive-images-lfi
- poc-yaml-wordpress-ext-mailpress-rce
# - poc-yaml-wuzhicms-v410-sqli
# - poc-yaml-yccms-rce
- poc-yaml-youphptube-encoder-cve-2019-5127
- poc-yaml-youphptube-encoder-cve-2019-5128
- poc-yaml-youphptube-encoder-cve-2019-5129
# - poc-yaml-yungoucms-sqli
- poc-yaml-zabbix-authentication-bypass
- poc-yaml-zabbix-cve-2016-10134-sqli
# - poc-yaml-zcms-v3-sqli
- poc-yaml-zimbra-cve-2019-9670-xxe
# - poc-yaml-zzcms-zsmanage-sqli
- poc-go-ecology-db-config-info-leak
- poc-go-php-cve-2019-11043-rce
# - poc-go-seeyon-htmlofficeservlet-rce
- poc-go-tomcat-cve-2020-1938
- poc-go-tomcat-put
# - poc-go-tongda-arbitrary-auth
# - poc-go-tongda-lfi-upload-rce
log:
level: info # 支持 debug, info, warn, error, fatal
# 配置解释见 https://chaitin.github.io/xray/#/configration/mitm
mitm:
ca_cert: ./ca.crt
ca_key: ./ca.key
auth:
username: ""
password: ""
restriction:
includes: # 允许扫描的域,此处无协议
- '*' # 表示允许所有的域名和 path
excludes:
- 'www.edu.cn'
allow_ip_range: []
queue:
max_length: 3000
proxy_header:
via: "" # 如果不为空proxy 将添加类似 Via: 1.1 $some-value-$random 的 http 头
x_forwarded: false # 是否添加 X-Forwarded-{For,Host,Proto,Url} 四个 http 头
upstream_proxy: "" # mitm 的全部流量继续使用 proxy
# 配置解释见 https://chaitin.github.io/xray/#/configration/basic-crawler
basic_crawler:
max_depth: 0 # 爬虫最大深度, 0 为无限制
max_count_of_links: 0 # 本次扫描总共爬取的最大连接数, 0 为无限制
allow_visit_parent_path: false # 是否允许访问父目录, 如果扫描目标为 example.com/a/ 如果该项为 false, 那么就不会爬取 example.com/ 这级目录的内容
restriction: # 和 mitm 中的写法一致, 有个点需要注意的是如果当前目标为 example.com 那么会自动添加 example.com 到 includes 中。
includes: []
excludes:
- '*google*'
# 配置解释见 https://chaitin.github.io/xray/#/configration/reverse
reverse:
db_file_path: ""
token: ""
http:
enabled: false
listen_ip: 127.0.0.1
listen_port: ""
dns:
enabled: false
listen_ip: 127.0.0.1
domain: ""
is_domain_name_server: false
# 静态解析规则
resolve:
- type: A # A, AAAA, TXT 三种
record: localhost
value: 127.0.0.1
ttl: 60
client:
http_base_url: ""
dns_server_ip: ""
remote_server: false
# 配置解释见 https://chaitin.github.io/xray/#/configration/http
http:
proxy: "" # 漏洞扫描时使用的代理
dial_timeout: 5 # 建立 tcp 连接的超时时间
read_timeout: 10 # 读取 http 响应的超时时间,不可太小,否则会影响到 sql 时间盲注的判断
fail_retries: 1 # 请求失败的重试次数0 则不重试
max_redirect: 5 # 单个请求最大允许的跳转数
max_qps: 10 # 每秒最大请求数
max_conns_per_host: 30 # 同一 host 最大允许的连接数,可以根据目标主机性能适当增大。
max_resp_body_size: 5388608 # 8M单个请求最大允许的响应体大小超过该值 body 就会被截断
headers: # 每个请求预置的 http 头
User-Agent:
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169
cookies: # 每个请求预置的 cookie 值,效果上相当于添加了一个 Header: Cookie: key=value
key: value
allow_methods: # 允许使用 http 方法
- HEAD
- GET
- POST
- PUT
- DELETE
- OPTIONS
- CONNECT
- PROPFIND
- MOVE
tls_skip_verify: true # 是否验证目标网站的 https 证书。
enable_http2: false # 是否启用 http2
update:
check: false