Snowden-AQ / afrog

A Vulnerability Scanning Tools For Penetration Testing

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

afrog

A Vulnerability Scanning Tools For Penetration Testing

DownloadContributorsPoC

PoC Contributors

Typora-Logo
不动明王
Typora-Logo
雪山
Typora-Logo
White-hua
Typora-Logo
123456
Typora-Logo
ifofor
Typora-Logo
Air
Typora-Logo
执着
Typora-Logo
purple-WL
Typora-Logo
throat
Typora-Logo
Secx
Typora-Logo
冰河
Typora-Logo
Sheen
Typora-Logo
a16
Typora-Logo
A1
Typora-Logo
rainbow2972
Typora-Logo
wuha0926
Typora-Logo
茄子
Typora-Logo
lei_sec
Typora-Logo
G-H-Z
Typora-Logo
wh1te
Typora-Logo
清月
Typora-Logo
york
Typora-Logo
7eleven.eth
Typora-Logo
Double-q1015
Typora-Logo
ICEY_
Typora-Logo
lazy
Typora-Logo
Lay0us
Typora-Logo
m4sk
Typora-Logo
沉默树人

What is afrog

afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. It helps network security practitioners quickly verify and fix vulnerabilities in a timely manner.

Features

  • Open Source
  • Fast, stable, low false positives
  • Detailed html vulnerability report
  • PoC can be customized and updated stably
  • Active community exchange group

Example

Basic usage

# Scan a target
afrog -t http://127.0.0.1

# Scan multiple targets
afrog -T urls.txt

# Specify a scan report file
afrog -t http://127.0.0.1 -o result.html

Advanced usage

# Test PoC 
afrog -t http://127.0.0.1 -P ./test/ 
afrog -t http://127.0.0.1 -P ./test/demo.yaml 

# Scan by PoC Keywords 
afrog -t http://127.0.0.1 -s tomcat,springboot,shiro 

# Scan by PoC Vulnerability Severity Level 
afrog -t http://127.0.0.1 -S high,critical 

# Online update afrog-pocs 
afrog -up 

# Disable fingerprint recognition 
afrog -t http://127.0.0.1 -nf

Screenshot

Discussion group

For WeChat group, please add afrog personal account first, and remark "afrog", and then everyone will be pulled into the afrog communication group.

404Starlink

afrog has joined 404Starlink

Disclaimer

This tool is only for legally authorized enterprise security construction behavior. If you need to test the usability of this tool, please build a target environment by yourself.

In order to avoid malicious use, all PoCs included in this project are theoretical judgments of vulnerabilities, there is no vulnerability exploitation process, and no real attacks or exploits will be launched on the target.

When using this tool for detection, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization. **Do not scan unauthorized targets. **

If you have any illegal behavior in the process of using this tool, you shall bear the corresponding consequences by yourself, and we will not bear any legal and joint responsibility.

Before installing and using this tool, please must read carefully and fully understand the contents of each clause. Restrictions, disclaimers or other clauses involving your significant rights and interests may be bolded or underlined to remind you to pay attention . Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not install and use this tool. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed that you have read and agreed to be bound by this agreement.

About

A Vulnerability Scanning Tools For Penetration Testing

License:MIT License


Languages

Language:Go 100.0%