Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias Traversal Vulnerabilities
2024-2-5 19:30:0 Author: www.kitploit.com(查看原文) 阅读量:13 收藏

navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities

Techniques

Currently, navgix supports 2 techniques for finding vulnerable directories (or location aliases). Those being the following:

Heuristics

navgix will make an initial GET request to the page, and if there are any directories specified on the page HTML (specified in src attributes on html components), it will test each folder in the path for the vulnerability, therefore if it finds a link to /static/img/photos/avatar.png, it will test /static/, /static/img/ and /static/img/photos/.

Brute-force

navgix will also test for a short list of common directories that are common to have this vulnerability and if any of these directories exist, it will also attempt to confirm if a vulnerability is present.

Installation

git clone https://github.com/Hakai-Offsec/navgix; cd navgix;
go build

Acknowledgements

Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias Traversal Vulnerabilities Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias Traversal Vulnerabilities Reviewed by Zion3R on 8:30 AM Rating: 5


文章来源: http://www.kitploit.com/2024/02/navgix-multi-threaded-golang-tool-that.html
如有侵权请联系:admin#unsafe.sh