ÏîÄ¿×÷Õߣºwrenchonline

ÏîÄ¿µØµã£ºhttps://github.com/wrenchonline/glint

Ò»¡¢¹¤¾ßÏÈÈÝ

glint ÊÇÒ»¿îgolang¿ª·¢µÄwebÎó²î×Ô¶¯(±»¶¯)ɨÃèÆ÷£¬£¬ÊÇÏÖÔÚΪֹ¸úÉÏÖ÷Á÷ÊÖÒյIJâÊÔ¹¤¾ß,ÈôÓÐһϹ¦Ð§:

1.xss ASTÓïÒå¼ì²â ÅäºÏä¯ÀÀÆ÷ÅÀ³æÎÛµã¼Í¼¼ì²â»á²âÊÔÌØÊâxss¼ì²â

2.SQL ×¢Èë¼ì²â £¨¸Õ¸ÕÍê³É²¼¶ûÀàÐͼì²â£¬£¬¹ýʧÐͼì²â£¬£¬Öð½¥ÍêÉÆʱ¼äÐͺÍoob·´Á´¼ì²â£©

3.xray poc ¾ç±¾¼ì²â£¨Õâ¸ö͵ÀÁÖ÷Òª²ÎÕÕ https://github.com/jweny/pocassist )

4.»ùÓÚä¯ÀÀÆ÷µÄÅÀ³æ×Ô¶¯É¨Ãè

5.±»¶¯É¨Ãè

6.csrf ¼ì²â

7.ssrf ¼ì²â £¨ÕýÔÚÖع¹£©

8.jsonp astÓïÒå¼ì²â

9.Xxe ʵÌå×¢Èë¼ì²â Ö§³Ö»ØÏԺͷ´Á´Æ½Ì¨ £¨ÕýÔÚÖع¹£©

10.CRLF ¼ì²â

11.CORS ¿çÓò¹²Ïí¼ì²â

12.Ó¦ÓÃЧÀ͹ýʧ¼ì²â£¨×Ô¶¯£©

13.SSL°æ±¾¼ì²â£¨×Ô¶¯£©

14.cmd webshellºóÃÅ×¢Èë¼ì²â £¨ÕýÔÚÖع¹£©

15.·¾¶´©Ô½¼ì²â

¶þ¡¢×°ÖÃÓëʹÓÃ

1¡¢ÓÉÓÚÆô¶¯Ä£Ê½Éè¼ÆµÃÐí¶à£¬£¬½ÏÁ¿ÔÓÂÒ£¬£¬ÎÒСÎÒ˽¼ÒÍƼöÑо¿Ö°Ô±Ê¹Óñ»¶¯É¨Ãè,¼Ç×Å×°ÉÏchrome

glint.exe --passiveproxy --cert server.pem --key server.key

2¡¢È»ºó»á¼û http://martian.proxy/authority.cer ÏÂÔØÖ¤Êéä¯ÀÀÆ÷µ¼Èë¾ÍÐУ¬£¬ä¯ÀÀÆ÷ÉèÖÃÊðÀí (ÄãµÄ¾ÖÓòÍøip Èç192.168.166.8):8080 £¬£¬¼Ç×ÅÊǾÖÓòÍø²»ÊÇ127,ËäÈ»ÄãÔÚagent.go configure º¯ÊýÖÐÐ޸ġ£¡£¡£

Èý¡¢ÏÂÔصص㣺

ͨ¹ýÏîÄ¿µØµãÏÂÔØ:https://github.com/wrenchonline/glint

ËÄ¡¢ÉùÃ÷£º

½ö¹©Çå¾²Ñо¿Óëѧϰ֮Ó㬣¬Èô½«¹¤¾ß×öÆäËûÓÃ;£¬£¬ÓÉʹÓÃÕ߼縺ËùÓÐÖ´·¨¼°Á¬´øÔðÈΣ¬£¬×÷Õß²»¼ç¸ºÈκÎÖ´·¨¼°Á¬´øÔðÈΡ£¡£¡£

TOPSEC

Ê®ÄêÊ÷ľ£¬£¬°ÙÄêÊ÷ÈË¡£¡£¡£Î´À´£¬£¬×¯ÏÐÓÎÏ·½«Ê¼ÖÕÆð¾¢Ì½Ë÷£¬£¬Ò»Ö±ÑÓÕ¹ÍøÂçÇå¾²È˲Å×÷ÓýµÄ¿í¶ÈºÍÉî¶È£¬£¬ÎªÍøÂçÇå¾²È˲Å×÷ÓýÓ빤ҵÉú³¤Ð¢Ë³ÆóҵʵÁ¦¡£¡£¡£