WanLi
方便红队人员对目标站点进行安全检测,快速获取资产。It is convenient for red team personnel to conduct security detection on the target site and quickly obtain assets.
Install / Use
/learn @ExpLangcn/WanLiREADME
停止更新(归档处理),请关注后续项目
点击关注 Twitter 以便快速了解我的动态.
WanLi Scan - 转Go 不再维护Python项目
中文说明 | 许可证|帮助
It is convenient for red team personnel to conduct security detection on the target site and quickly obtain assets.
- Asset search detection using FOFA
- Asset search detection using 360 Quake
- Use Ksubdomain for domain fuzzing
- Use Httpx for domain name information detection
- Exploitation and detection using Nuclei
- Daily automatic update of vulnerability library
法律免责声明
本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。 在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。 如果发现上述禁止行为,我们将保留追究您法律责任的权利。
如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任. 您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。
Function
- [x] call FOFA service for asset detection
- [x] Automatic vulnerability scanning for FOFA asset detection results
- [x] Call Quake service for asset detection
Like the FOFA effect, Quake is currently being updated and upgraded, so let's not post the screenshot of the effect.
- [x] Automatic vulnerability scanning for Quake asset detection results
Like the FOFA effect, Quake is currently being updated and upgraded, so let's not post the screenshot of the effect.
- [x] Subdomain detection on target
- [x] Automatic vulnerability scanning for subdomain detection results
- [x] The program adapts to Windows, Macos, Linux systems
Configure system on the third line of the config/config.yaml file
- [x] Interactive control usage
- [ ] Call HUNTER service for asset detection
- [ ] Vulnerability scan on HUNTER asset detection results
- [ ] Call ARL for asset detection
- [ ] Vulnerability scan on ARL asset results
- [ ] Develop WEB visual interface
use
git clone https://github.com/ExpLangcn/WanLi.git
cd WanLi & pip3 install -r requirements.txt
vim config/config.yaml # Configure FOFA information and Quake information
python3 WanLi.py # Enter interactive mode and enter Help to view help information
update log
2022.2.24:
- Adapt to Windows system
- Restore interactive control, remove parameter control
- Optimize the overall code to improve efficiency
2022.2.21:
- config problem report error solution, more suitable for Windows system
- Removed the Domain scan function of FOFA and Quake and merged it into the Domain parameter
- Improve the vulnerability scanning function, the vulnerability database will be updated before each vulnerability scan
- replace the pocscan parameter with the poc parameter
- To perform vulnerability scanning on Domain results and asset detection results, just add -scan
2022.2.16:
- Refactor to rewrite WanLiScan
- Fixed FOFA asset search issue
- Added FOFA domain name detection
- Added 360 Quake asset search
- Added 360 Quake domain name detection
-Added comprehensive domain name fuzz detection
- Added vulnerability library single target vulnerability scanning function
- Added vulnerability library batch target vulnerability scanning function
2022.2.8:
- Update Docker version
2022.2.x:
- I forgot the time...
😄 I’m ExpLang Twitter 欢迎关注fo~
We chat number
Info
Related Skills
node-connect
353.1kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
111.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
353.1kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
353.1kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
