From 01deed5380ee00d162cd383f929b61c2fedcd063 Mon Sep 17 00:00:00 2001 From: Jarcis-cy Date: Thu, 4 Jul 2024 11:18:50 +0800 Subject: [PATCH] =?UTF-8?q?[update]=20=E6=B7=BB=E5=8A=A0evilpot=E4=BF=A1?= =?UTF-8?q?=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 16 ++++++++++++---- README_EN.md | 17 +++++++++++++---- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index eccea2441..ecbd77da1 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ xapp是一款专注于web指纹识别的工具。你可以使用xapp对web目标 xray webscan --basic-crawler http://example.com --html-output vuln.html ``` -1. 使用 HTTP 代理进行被动扫描 +2. 使用 HTTP 代理进行被动扫描 ```bash xray webscan --listen 127.0.0.1:7777 --html-output proxy.html @@ -71,13 +71,13 @@ xapp是一款专注于web指纹识别的工具。你可以使用xapp对web目标 >如需扫描 https 流量,请阅读下方文档 `抓取 https 流量` 部分 -1. 只扫描单个 url,不使用爬虫 +3. 只扫描单个 url,不使用爬虫 ```bash xray webscan --url http://example.com/?a=b --html-output single-url.html ``` -1. 手动指定本次运行的插件 +4. 手动指定本次运行的插件 默认情况下,将会启用所有内置插件,可以使用下列命令指定本次扫描启用的插件。 @@ -86,7 +86,7 @@ xapp是一款专注于web指纹识别的工具。你可以使用xapp对web目标 xray webscan --plugins cmd-injection,sqldet --listen 127.0.0.1:7777 ``` -1. 指定插件输出 +5. 指定插件输出 可以指定将本次扫描的漏洞信息输出到某个文件中: @@ -173,6 +173,14 @@ xray的进步离不开各位师傅的支持,秉持着互助共建的精神, ## 🔧周边生态 +### POC质量确认靶场 + +[**Evil Pot**](https://github.com/chaitin/xray/tree/master/tests/evilpot) + +一个专门用于让扫描器产生误报的靶场 + +编写插件应该尽量避免能在这个靶场扫描出结果 + ### POC编写辅助工具 该工具可以辅助生成POC,且在线版支持**poc查重**,本地版支持直接发包验证 diff --git a/README_EN.md b/README_EN.md index c9a4ea5ac..44930e725 100644 --- a/README_EN.md +++ b/README_EN.md @@ -62,7 +62,7 @@ Project address: https://github.com/chaitin/xray-plugins xray webscan --basic-crawler http://example.com --html-output vuln.html ``` -1. Use HTTP proxy for passive scanning +2. Use HTTP proxy for passive scanning ```bash xray webscan --listen 127.0.0.1:7777 --html-output proxy.html @@ -71,13 +71,13 @@ Project address: https://github.com/chaitin/xray-plugins > To scan HTTPS traffic, please read the "Capture HTTPS Traffic" section below. -1. Scan a single URL without using a crawler +3. Scan a single URL without using a crawler ```bash xray webscan --url http://example.com/?a=b --html-output single-url.html ``` -1. Manually specify plugins for this run +4. Manually specify plugins for this run By default, all built-in plugins will be enabled. You can specify the plugins to be enabled for this scan with the following commands. @@ -86,7 +86,7 @@ Project address: https://github.com/chaitin/xray-plugins xray webscan --plugins cmd-injection,sqldet --listen 127.0.0.1:7777 ``` -1. Specify Plugin Output +5. Specify Plugin Output You can specify to output the vulnerability information of this scan to a file: @@ -175,6 +175,15 @@ Refer to: https://docs.xray.cool/#/guide/contribute ## 🔧 Surrounding Ecosystem + +### POC Quality Confirmation Range + +[**Evil Pot**](https://github.com/chaitin/xray/tree/master/tests/evilpot) + +A range specifically designed to allow scanners to generate false positives + +Plugins should be written to try to avoid being able to scan results in this range + ### POC Writing Assistant Tools This tool can assist in generating POCs, and the online version supports **POC duplication checks**, while the local version supports direct packet verification.