漏洞检测框架 -- Meppo
2023-6-10 00:1:47 Author: Web安全工具库(查看原文) 阅读量:53 收藏

===================================

免责声明
请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具来自网络,安全性自测,如有侵权请联系删除。

0x01 工具介绍

漏洞检测框架 Meppo。

0x02 安装与使用

1、常用命令介绍

    __  ___   /  |/  /__  ____  ____  ____  / /|_/ / _ \/ __ \/ __ \/ __ \ / /  / /  __/ /_/ / /_/ / /_/ //_/  /_/\___/ .___/ .___/\____/           /_/   /_/
                漏洞检测框架 Meppo | By WingsSec | V 2.1                  [  30 MOUDLES          64 PAYLOADS ]usage: Meppo.py [-h] [-l] [-ll] [-m MOUDLE] [-u URL] [-f FILE] [-poc POC] [-fofa FOFA] [-shodan SHODAN] [-num NUM]公众号:web安全工具库
options:  -h, --help      show this help message and exit  -l              list  -ll             list all  -m MOUDLE       moudle  -u URL          target url  -f FILE         the file of target list
漏洞检测模块:  -poc POC        漏洞检测
资产爬取模块:  -fofa FOFA      资产爬取  -hunter HUNTER  资产爬取  -shodan SHODAN  资产爬取  -num NUM        资产数量
API服务模块:  -server         启动API服务  -port PORT      监听端口

2、payload列表

   _____                                 /     \   ____ ______ ______   ____   /  \ /  \_/ __ \\____ \\____ \ /  _ \ /    Y    \  ___/|  |_> >  |_> >  <_> )\____|__  /\___  >   __/|   __/ \____/         \/     \/|__|   |__|
                漏洞检测框架 Meppo | By WingsSec | V 2.1                  [  30 MOUDLES          64 PAYLOADS ]                                                【Payload List】                                                ==================================================================================================================|       Moudle       |           Payload            |                           Remark                           |------------------------------------------------------------------------------------------------------------------|    AlibabaCanal    |   Alibaba_Canal_Info_Leak    |           Alibaba Canal config 云密钥信息泄露漏洞          |------------------------------------------------------------------------------------------------------------------|       Apache       |        CVE_2021_41773        |                 Apache httpd 目录穿越漏洞                  |------------------------------------------------------------------------------------------------------------------|     Confluence     |        CVE_2021_26084        |                   Confluence OGNL注入RCE                   |------------------------------------------------------------------------------------------------------------------|        Demo        |             Demo             |                   robots.txt敏感信息泄露                   |------------------------------------------------------------------------------------------------------------------|        Demo        |             Test             |                          万能test                          |------------------------------------------------------------------------------------------------------------------|       Discuz       |discuz_version_change_getshell|              discuz 版本转换功能getshell漏洞               |------------------------------------------------------------------------------------------------------------------|       Drupal       |        CVE_2018_7600         |                        Drupal 7 RCE                        |------------------------------------------------------------------------------------------------------------------|       Drupal       |       CVE_2018_7600_8        |                        Drupal 8 RCE                        |------------------------------------------------------------------------------------------------------------------|       Drupal       |        CVE_2019_6340         |                      drupal8-REST-RCE                      |------------------------------------------------------------------------------------------------------------------|      ESAFENET      |       CNVD_2021_26058        |         亿赛通电子文档安全管理系统远程命令执行漏洞         |------------------------------------------------------------------------------------------------------------------|      EyouCMS       |     EyouCMS_qiantai_rce      |                       易优CMS前台RCE                       |------------------------------------------------------------------------------------------------------------------|         F5         |        CVE_2020_5902         |                F5 BIG-IP 远程代码执行漏洞1                 |------------------------------------------------------------------------------------------------------------------|         F5         |        CVE_2021_22986        |                F5 BIG-IP 远程代码执行漏洞2                 |------------------------------------------------------------------------------------------------------------------|       Fikker       |         Fikker_admin         |              fikker Console default password               |------------------------------------------------------------------------------------------------------------------|        H3C         |           IMC_RCE            |                        H3C IMC RCE                  公众号:web安全工具库       |------------------------------------------------------------------------------------------------------------------|       Inspur       |        CVE_2020_21224        |               Inspur ClusterEngine V4.0 RCE                |------------------------------------------------------------------------------------------------------------------|       Inspur       |    Inspur_Any_user_login     |                    浪潮任意用户登录漏洞                    |------------------------------------------------------------------------------------------------------------------|       Inspur       |     Inspur_sysShell_RCE      |             浪潮ClusterEngineV4.0 sysShell RCE             |------------------------------------------------------------------------------------------------------------------|       Jeecms       |     Jeecms_ssrf_getshell     |                      Jeecms ssrf漏洞                       |------------------------------------------------------------------------------------------------------------------|       Kangle       |   Kangle_default_password    |                      kangle 默认密码                       |------------------------------------------------------------------------------------------------------------------|      Landray       |   Landray_OA_anyfile_read    |             蓝凌OA custom.jsp 任意文件读取漏洞             |------------------------------------------------------------------------------------------------------------------|      Landray       |Landray_OA_xmldecoder_getshell|               蓝凌OA xmldecoder 反序列化漏洞               |------------------------------------------------------------------------------------------------------------------|      Lanproxy      |        CVE_2021_3019         |                   Lanproxy 目录遍历漏洞                    |------------------------------------------------------------------------------------------------------------------|       Nexus        |        CVE_2019_7238         |                         Nexus RCE                          |------------------------------------------------------------------------------------------------------------------|       Seeyon       |       CNVD_2019_19299        |              致远OA A8 htmlofficeservlet RCE               |------------------------------------------------------------------------------------------------------------------|       Seeyon       |       CNVD_2020_62422        |             致远OA webmail.do任意文件下载检测              |------------------------------------------------------------------------------------------------------------------|       Seeyon       |       CNVD_2021_01627        |            致远OA ajax.do登录绕过 任意文件上传             |------------------------------------------------------------------------------------------------------------------|       Seeyon       |      Information_seeyou      |                    致远OA 敏感信息泄露                     |------------------------------------------------------------------------------------------------------------------|       Seeyon       | Seeyon_OA_SessionLeak_Upload |            致远OA Session泄露 任意文件上传漏洞             |------------------------------------------------------------------------------------------------------------------|       Seeyon       |    Seeyon_OA_Session_Leak    |         致远OA getSessionList.jsp Session泄漏漏洞          |------------------------------------------------------------------------------------------------------------------|       Seeyon       |    Seeyon_OA_SQLInjection    |                     致远OA SQL注入漏洞                     |------------------------------------------------------------------------------------------------------------------|     SonarQube      |        CVE_2020_27986        |                SonarQube API 未授权访问漏洞                |------------------------------------------------------------------------------------------------------------------|       Spring       |        CVE_2022_22947        |                  Spring Cloud Gateway RCE                  |------------------------------------------------------------------------------------------------------------------|       Spring       |        CVE_2022_22963        |                    spring_function_rce                     |------------------------------------------------------------------------------------------------------------------|       Spring       |        CVE_2022_22965        |                      Spring Core RCE                       |------------------------------------------------------------------------------------------------------------------|        TDXK        |     TDXK_Any_file_upload     |                   TDXK_前台任意文件上传                    |------------------------------------------------------------------------------------------------------------------|        TDXK        |     TDXK_Any_user_login      |                     TDXK_任意用户登录                      |------------------------------------------------------------------------------------------------------------------|        TDXK        | TDXK_logined_any_file_upload |                   TDXK_登录后任意文件上传                  |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|       Weaver       |       CNVD_2019_32204        |                泛微OA Bsh 远程代码执行漏洞                 |------------------------------------------------------------------------------------------------------------------|       Weaver       |  Weaver_e_Bridge_file_read   |               泛微云桥 e-Bridge 任意文件读取               |------------------------------------------------------------------------------------------------------------------|       Weaver       |     Weaver_e_Cology_RCE      |            泛微E-Cology WorkflowServiceXml RCE             |------------------------------------------------------------------------------------------------------------------|       Weaver       |Weaver_e_cology_v9_file_upload|         泛微OA weaver.common.Ctrl 任意文件上传漏洞         |------------------------------------------------------------------------------------------------------------------|       Weaver       |  Weaver_OA_V8_sqlinjection   |                   泛微OA V8 SQL注入漏洞                    |------------------------------------------------------------------------------------------------------------------|      Weblogic      |        CVE_2014_4210         |                     Weblogic SSRF漏洞                      |------------------------------------------------------------------------------------------------------------------|      Weblogic      |        CVE_2017_10271        |              Weblogic XML Decoder反序列化漏洞              |------------------------------------------------------------------------------------------------------------------|      Weblogic      |        CVE_2018_2894         |                  Weblogic任意文件上传漏洞                  |------------------------------------------------------------------------------------------------------------------|      Weblogic      |        CVE_2019_2725         |                        Weblogic RCE                        |------------------------------------------------------------------------------------------------------------------|      Weblogic      |        CVE_2020_16882        |               Weblogic未授权远程代码执行漏洞               |------------------------------------------------------------------------------------------------------------------|      Weblogic      |        CVE_2021_2109         |               Weblogic LDAP 远程代码执行漏洞               |------------------------------------------------------------------------------------------------------------------|      Weblogic      |  Weblogic_Console_Info_Leak  |                   Weblogic控制台路径泄露                   |------------------------------------------------------------------------------------------------------------------|       Zabbix       |        CVE_2016_10134        |                       Zabbix SQL注入                       |------------------------------------------------------------------------------------------------------------------|       Zabbix       |   Zabbix_default_password    |                      zabbix 默认密码                       |==================================================================================================================

0x03 项目链接下载

1、通过阅读原文,到项目地址下载
2、公众号后台回复:工具,获取网盘下载链接
3、关注公众号逆向有你回复:送书,获取每日送书抽奖码
4、每日抽奖送书规则,个人微信:ivu123ivu

· 今 日 送 书 ·

《安卓Frida逆向与协议分析》翔实地介绍流行的Frida工具在安卓逆向工程中的应用,内容包括:如何安装和使用Frida、基本环境的搭建、Frida-tools、Frida脚本、Frida API、批量自动化Trace和分析、RPC远程方法调用、在无须逆向算法具体实现的情况下对Frida工具的调用,并提供了大量App逆向与协议分析案例,书中还介绍了更加稳定的Xposed框架的使用方法,以及从安卓源码开始定制属于自己的抓包沙箱,打造无法被绕过的抓包环境等内容。


文章来源: http://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247509403&idx=2&sn=907a3186a5969247d0dc14c756efb18c&chksm=ebb54a98dcc2c38e21af65ed1eef23d00f70b664046e0db1fdf2e384ad77089901426b2bbbe5#rd
如有侵权请联系:admin#unsafe.sh