扫瞄攻击
PIP是一基于Web的内容发布系统,SPIPScan是一款基于python编写的SPIP漏洞扫描程序,该版本支持探测服务器所安装的SPIP插件版本、暴力破解、检测主题版本、敏感文件夹识别等。
使用方法如下:
python spipscan.py Usage: spipscan.py [options]Options:
-h, --help show this help message and exit
--website=WEBSITE Website to pentest
--path=PATH Path for webapp (default : "/")
--plugins Detect plugins installed
--themes Detect themes installed
--users Bruteforce user logins
--sensitive_folders Detect sensitive folders
--version Detect version
--vulns Detect possible vulns
--bruteforce_plugins_file=BRUTEFORCE_PLUGINS_FILE
Bruteforce plugin file (eg. plugins_name.db)
--bruteforce_themes_file=BRUTEFORCE_THEMES_FILE
Bruteforce theme file (eg. themes_name.db)
--bruteforce_logins_file=BRUTEFORCE_LOGINS_FILE
Bruteforce login file (eg. user_logins.db)
--verbose Verbose mode
版本检测:
$ python spipscan.py --website=//127.0.0.1 --version
返回结果:
Application is located here : //127.0.0.1/
[!] Version is : 3.0.13
[!] Plugin folder is : plugins-dist/
插件检测:
python spipscan.py --website=//127.0.0.1 --plugins
返回结果:
[!] Plugin folder is : plugins-dist/
[!] folder plugins-dist/ is accessible
[!] Plugin breves detected. Version : 1.3.5
[!] Plugin compagnon detected. Version : 1.4.1
[!] Plugin compresseur detected. Version : 1.8.6
[!] Plugin dump detected. Version : 1.6.7
[!] Plugin filtres_images detected. Version : 1.1.7
[!] Plugin forum detected. Version : 1.8.29
[!] Plugin jquery_ui detected. Version : 1.8.21
[!] Plugin mediabox detected. Version : 0.8.4
[!] Plugin medias detected. Version : 2.7.51
[!] Plugin mots detected. Version : 2.4.10
[!] Plugin msie_compat detected. Versoin : 1.2.0
[!] Plugin organiseur detected. Version : 0.8.10
[!] Plugin petitions detected. Version : 1.4.4
[!] Plugin porte_plume detected. Version : 1.12.4
[!] Plugin revisions detected. Version : 1.7.6
[!] Plugin safehtml detected. Version : 1.4.0
[!] Plugin sites detected. Version : 1.7.10
[!] Plugin squelettes_par_rubrique detected. Version : 1.1.1
[!] Plugin statistiques detected. Version : 0.4.19
[!] Plugin svp detected. Version : 0.80.18
[!] Plugin textwheel detected. Version : 0.8.17
[!] Plugin urls_etendues detected. Version : 1.4.15
[!] Plugin vertebres detected. Version : 1.2.2
下载地址
同类软件
D盾 Web查杀(网站后门查找工具) V2.1.5.4 (永久免费)
大小:5.23MB
WebRobot v1.8.2 网站多功能网络安全渗透检测工具
大小:3MB
SSQLInjection 超级SQL注入工具 V1.0 正式版 20170905
大小:311KB
WebRobot v1.54 绿色版 (网站注入安全扫描防护工具)
大小:1MB
Acunetix Web Vulnerability Scanner 11.x汉化包中文版(附注册机)
大小:45.8MB
IIS ShortName Scanner IIS 短文件名扫描工具(java与python打包)
大小:87KB
sqlmap v1.1.3 一个开源的渗透测试工具(sql注入监测工具)
大小:6.8MB
漏洞扫描器WebCruiser Web Vulnerability Scanner v3.5.4 免费绿色版
大小:660KB
Test404多线程后台极速扫描器(网站扫描软件) V1.7 官方免费绿色版
大小:1.89MB
中国菜刀 (chopper) v1.5 网站后门检测利用工具
大小:1.21MB
微信收款码
支付宝收款码