mvfs56p8q
/
MiaCTFer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
MiaCTFer/client/urlscan/xray/config.yaml

307 lines
11 KiB
Raw Permalink Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

version: 2.3
# 配置解释见 https://chaitin.github.io/xray/#/configration/plugins
plugins:
max_parallel: 13
xss:
enabled: true
ie_feature: false
include_cookie: false
baseline:
enabled: true
detect_outdated_ssl_version: false
detect_http_header_config: false
detect_cors_header_config: false
detect_server_error_page: false
detect_china_id_card_number: false
detect_serialization_data_in_params: true
detect_cookie_password_leak: false
detect_unsafe_scheme: false
detect_cookie_httponly: false
detect_dark_chain: false
detect_host_injection: false
cmd_injection:
enabled: true
detect_blind_injection: false
crlf_injection:
enabled: true
dirscan:
enabled: false
depth: 1
dictionary: ""
jsonp:
enabled: true
path_traversal:
enabled: true
redirect:
enabled: true
sqldet:
enabled: true
error_based_detection: true
boolean_based_detection: true
time_based_detection: true
# 下面两个选项很危险,开启之后可以增加检测率,但是有破坏数据库数据的可能性,请务必了解工作原理之后再开启
dangerously_use_comment_in_sql: false
dangerously_use_or_in_sql: false
ssrf:
enabled: true
xxe:
enabled: true
upload:
enabled: false
brute_force:
enabled: false
detect_default_password: true
detect_unsafe_login_method: false
username_dictionary: ""
password_dictionary: ""
phantasm:
enabled: true
depth: 0
poc:
#- poc-yaml-74cms-sqli-1
#- poc-yaml-74cms-sqli-2
#- poc-yaml-74cms-sqli
- poc-yaml-activemq-cve-2016-3088
- poc-yaml-bash-cve-2014-6271
- poc-yaml-cacti-weathermap-file-write
- poc-yaml-citrix-cve-2019-19781-path-traversal
#- poc-yaml-coldfusion-cve-2010-2861-lfi
- poc-yaml-confluence-cve-2015-8399
- poc-yaml-confluence-cve-2019-3396-lfi
- poc-yaml-coremail-cnvd-2019-16798
- poc-yaml-couchcms-cve-2018-7662
- poc-yaml-couchdb-cve-2017-12635
- poc-yaml-couchdb-unauth
- poc-yaml-dedecms-carbuyaction-fileinclude
- poc-yaml-dedecms-cve-2018-6910
- poc-yaml-dedecms-cve-2018-7700-rce
- poc-yaml-dedecms-guestbook-sqli
- poc-yaml-dedecms-membergroup-sqli
- poc-yaml-dedecms-url-redirection
- poc-yaml-discuz-ml3x-cnvd-2019-22239
- poc-yaml-discuz-v72-sqli
- poc-yaml-discuz-wechat-plugins-unauth
- poc-yaml-discuz-wooyun-2010-080723
- poc-yaml-dlink-850l-info-leak
- poc-yaml-dlink-cve-2019-16920-rce
- poc-yaml-dlink-cve-2019-17506
- poc-yaml-docker-api-unauthorized-rce
- poc-yaml-docker-registry-api-unauth
# - poc-yaml-druid-monitor-unauth
- poc-yaml-drupal-cve-2019-6340
- poc-yaml-drupal-drupalgeddon2-rce
- poc-yaml-drupalgeddon-cve-2014-3704-sqli
# - poc-yaml-duomicms-sqli
- poc-yaml-dvr-cve-2018-9995
# - poc-yaml-ecology-filedownload-directory-traversal
# - poc-yaml-ecology-javabeanshell-rce
# - poc-yaml-ecology-springframework-directory-traversal
# - poc-yaml-ecology-syncuserinfo-sqli
# - poc-yaml-ecology-validate-sqli
# - poc-yaml-ecology-workflowcentertreedata-sqli
- poc-yaml-ecshop-360-rce
- poc-yaml-elasticsearch-cve-2014-3120
- poc-yaml-elasticsearch-cve-2015-1427
- poc-yaml-elasticsearch-cve-2015-3337-lfi
- poc-yaml-elasticsearch-unauth
# - poc-yaml-etcd-unauth
# - poc-yaml-etouch-v2-sqli
# - poc-yaml-fangweicms-sqli
# - poc-yaml-feifeicms-lfr
# - poc-yaml-finecms-sqli
- poc-yaml-finereport-directory-traversal
- poc-yaml-gilacms-cve-2020-5515
- poc-yaml-glassfish-cve-2017-1000028-lfi
- poc-yaml-hadoop-yarn-unauth
- poc-yaml-ifw8-router-cve-2019-16313
- poc-yaml-influxdb-unauth
- poc-yaml-jboss-cve-2010-1871
- poc-yaml-jboss-unauth
- poc-yaml-jenkins-cve-2018-1000600
- poc-yaml-jenkins-cve-2018-1000861-rce
- poc-yaml-jira-cve-2019-11581
- poc-yaml-jira-ssrf-cve-2019-8451
- poc-yaml-joomla-cnvd-2019-34135-rce
- poc-yaml-joomla-cve-2015-7297-sqli
- poc-yaml-joomla-cve-2017-8917-sqli
- poc-yaml-joomla-ext-zhbaidumap-cve-2018-6605-sqli
- poc-yaml-kibana-unauth
- poc-yaml-kong-cve-2020-11710-unauth
- poc-yaml-laravel-debug-info-leak
# - poc-yaml-maccms-rce
# - poc-yaml-maccmsv10-backdoor
- poc-yaml-metinfo-cve-2019-16996-sqli
- poc-yaml-metinfo-cve-2019-16997-sqli
- poc-yaml-metinfo-cve-2019-17418-sqli
- poc-yaml-metinfo-lfi-cnvd-2018-13393
- poc-yaml-mongo-express-cve-2019-10758
- poc-yaml-msvod-sqli
# - poc-yaml-myucms-lfr
- poc-yaml-nagio-cve-2018-10735
- poc-yaml-nagio-cve-2018-10736
- poc-yaml-nagio-cve-2018-10737
- poc-yaml-nagio-cve-2018-10738
- poc-yaml-netgear-cve-2017-5521
- poc-yaml-nextjs-cve-2017-16877
- poc-yaml-nexus-cve-2019-7238
- poc-yaml-nhttpd-cve-2019-16278
- poc-yaml-nuuo-file-inclusion
- poc-yaml-pandorafms-cve-2019-20224-rce
- poc-yaml-php-cgi-cve-2012-1823
- poc-yaml-phpcms-cve-2018-19127
- poc-yaml-phpmyadmin-cve-2018-12613-file-inclusion
- poc-yaml-phpmyadmin-setup-deserialization
- poc-yaml-phpok-sqli
- poc-yaml-phpshe-sqli
- poc-yaml-phpstudy-backdoor-rce
- poc-yaml-phpunit-cve-2017-9841-rce
- poc-yaml-pulse-cve-2019-11510
- poc-yaml-pyspider-unauthorized-access
# - poc-yaml-qibocms-sqli
- poc-yaml-rails-cve-2018-3760-rce
- poc-yaml-razor-cve-2018-8770
- poc-yaml-rconfig-cve-2019-16663
- poc-yaml-resin-cnnvd-200705-315
- poc-yaml-resin-inputfile-fileread-or-ssrf
- poc-yaml-resin-viewfile-fileread
- poc-yaml-satellian-cve-2020-7980-rce
# - poc-yaml-seacms-rce
# - poc-yaml-seacms-sqli
# - poc-yaml-seacms-v654-rce
- poc-yaml-seeyon-wooyun-2015-0108235-sqli
- poc-yaml-solr-cve-2017-12629-xxe
- poc-yaml-solr-cve-2019-0193
- poc-yaml-solr-velocity-template-rce
- poc-yaml-spark-unauth
- poc-yaml-spring-cloud-cve-2020-5405
- poc-yaml-spring-cve-2016-4977
- poc-yaml-springcloud-cve-2019-3799
- poc-yaml-supervisord-cve-2017-11610
- poc-yaml-tensorboard-unauth
- poc-yaml-thinkcmf-write-shell
- poc-yaml-thinkphp-v6-file-write
- poc-yaml-thinkphp5-controller-rce
- poc-yaml-thinkphp5023-method-rce
- poc-yaml-tomcat-cve-2017-12615-rce
- poc-yaml-tomcat-cve-2018-11759
- poc-yaml-tpshop-sqli
- poc-yaml-typecho-rce
- poc-yaml-uwsgi-cve-2018-7490
- poc-yaml-vbulletin-cve-2019-16759
- poc-yaml-weblogic-cve-2017-10271-reverse
- poc-yaml-weblogic-cve-2019-2729-1
- poc-yaml-weblogic-cve-2019-2729-2
- poc-yaml-weblogic-ssrf
- poc-yaml-weblogic-cve-2017-10271
- poc-yaml-weblogic-cve-2019-2725
- poc-yaml-webmin-cve-2019-15107-rce
- poc-yaml-wordpress-ext-adaptive-images-lfi
- poc-yaml-wordpress-ext-mailpress-rce
# - poc-yaml-wuzhicms-v410-sqli
# - poc-yaml-yccms-rce
- poc-yaml-youphptube-encoder-cve-2019-5127
- poc-yaml-youphptube-encoder-cve-2019-5128
- poc-yaml-youphptube-encoder-cve-2019-5129
# - poc-yaml-yungoucms-sqli
- poc-yaml-zabbix-authentication-bypass
- poc-yaml-zabbix-cve-2016-10134-sqli
# - poc-yaml-zcms-v3-sqli
- poc-yaml-zimbra-cve-2019-9670-xxe
# - poc-yaml-zzcms-zsmanage-sqli
- poc-go-ecology-db-config-info-leak
- poc-go-php-cve-2019-11043-rce
# - poc-go-seeyon-htmlofficeservlet-rce
- poc-go-tomcat-cve-2020-1938
- poc-go-tomcat-put
# - poc-go-tongda-arbitrary-auth
# - poc-go-tongda-lfi-upload-rce
log:
level: info # 支持 debug, info, warn, error, fatal
# 配置解释见 https://chaitin.github.io/xray/#/configration/mitm
mitm:
ca_cert: ./ca.crt
ca_key: ./ca.key
auth:
username: ""
password: ""
restriction:
includes: # 允许扫描的域,此处无协议
- '*' # 表示允许所有的域名和 path
excludes:
- 'www.edu.cn'
allow_ip_range: []
queue:
max_length: 3000
proxy_header:
via: "" # 如果不为空proxy 将添加类似 Via: 1.1 $some-value-$random 的 http 头
x_forwarded: false # 是否添加 X-Forwarded-{For,Host,Proto,Url} 四个 http 头
upstream_proxy: "" # mitm 的全部流量继续使用 proxy
# 配置解释见 https://chaitin.github.io/xray/#/configration/basic-crawler
basic_crawler:
max_depth: 0 # 爬虫最大深度, 0 为无限制
max_count_of_links: 0 # 本次扫描总共爬取的最大连接数, 0 为无限制
allow_visit_parent_path: false # 是否允许访问父目录, 如果扫描目标为 example.com/a/ 如果该项为 false, 那么就不会爬取 example.com/ 这级目录的内容
restriction: # 和 mitm 中的写法一致, 有个点需要注意的是如果当前目标为 example.com 那么会自动添加 example.com 到 includes 中。
includes: []
excludes:
- '*google*'
# 配置解释见 https://chaitin.github.io/xray/#/configration/reverse
reverse:
db_file_path: ""
token: ""
http:
enabled: false
listen_ip: 127.0.0.1
listen_port: ""
dns:
enabled: false
listen_ip: 127.0.0.1
domain: ""
is_domain_name_server: false
# 静态解析规则
resolve:
- type: A # A, AAAA, TXT 三种
record: localhost
value: 127.0.0.1
ttl: 60
client:
http_base_url: ""
dns_server_ip: ""
remote_server: false
# 配置解释见 https://chaitin.github.io/xray/#/configration/http
http:
proxy: "" # 漏洞扫描时使用的代理
dial_timeout: 5 # 建立 tcp 连接的超时时间
read_timeout: 10 # 读取 http 响应的超时时间,不可太小,否则会影响到 sql 时间盲注的判断
fail_retries: 1 # 请求失败的重试次数0 则不重试
max_redirect: 5 # 单个请求最大允许的跳转数
max_qps: 10 # 每秒最大请求数
max_conns_per_host: 30 # 同一 host 最大允许的连接数,可以根据目标主机性能适当增大。
max_resp_body_size: 5388608 # 8M单个请求最大允许的响应体大小超过该值 body 就会被截断
headers: # 每个请求预置的 http 头
User-Agent:
- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169
cookies: # 每个请求预置的 cookie 值,效果上相当于添加了一个 Header: Cookie: key=value
key: value
allow_methods: # 允许使用 http 方法
- HEAD
- GET
- POST
- PUT
- DELETE
- OPTIONS
- CONNECT
- PROPFIND
- MOVE
tls_skip_verify: true # 是否验证目标网站的 https 证书。
enable_http2: false # 是否启用 http2
update:
check: false
Reference in new issue View Git Blame Copy Permalink