前言

Hscan是一个超精简的POC扫描框架,支持插件化扫描器调度,
插件位于plugins目录下,插件开发比较简单,格式参考自带的poc插件。

HSacn是从内部平台独立的一个小模块,不推荐用于生产环境。可作为企业巡检及漏洞扫描辅助。源码比较简单,可根据要求自定义。

使用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
python hscan.py
_ _ _____
| | | | / ____|
| |__| || (___ ___ __ _ _ __
| __ | \___ \ / __|/ _` || '_ \
| | | | ____) || (__| (_| || | | |
|_| |_||_____/ \___|\__,_||_| |_|
plugins weB vulnerability Scanner
bey0nd [at] (http://www.itwzw.cn)

usage: HScan.py [options]

* A plugins weB vulnerability Scanner. *
Author : bey0nd [at] (http://www.itwzw.cn)

optional arguments:
-h, --help show this help message and exit
-u [HOST [HOST2 HOST3 ...] [HOST [HOST2 HOST3 ...] ...]]
Scan several url from command line
-f TargetFile Load new line delimited targets from TargetFile
-p , --plugins Load plugins from TargetDirectory
-cookie name=value HTTP cookies for Target
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
python hscan.py -u 172.16.32.97
_ _ _____
| | | | / ____|
| |__| || (___ ___ __ _ _ __
| __ | \___ \ / __|/ _` || '_ \
| | | | ____) || (__| (_| || | | |
|_| |_||_____/ \___|\__,_||_| |_|
plugins weB vulnerability Scanner
bey0nd [at] (http://www.itwzw.cn)

[-] 11:39:05 [INFO] check target [172.16.32.97] with plugins [redis-remote]
[-] 11:39:05 [INFO] check target [172.16.32.97] with plugins [redis-unauth]
[-] 11:39:05 [INFO] all target[s] is done , check result with output

success : 0

源码

https://github.com/ibey0nd/HScan