English | 简体中文
Plain Violent Powerful Self-expanding stitching monster
+-+-+-+-+-+-+-+-+-+-+-+-+
|H|X|n|i|n|e|T|a|i|l|s|
+-+-+-+-+-+-+-+-+-+-+-+-+
- Introduction
- Install
- Instructions
- screenshots
- TODO
- Maintainer
- Contribute
- Reward
- License
- Appreciation_Code
🐾python3
implementation of a command-line WEB scanning tool that integrates several scanning tools on github
.
🔱The goal is to lie down and dig a hole
The project code is tested under the latest community version of xray1.7
without errors
Currently integrated in this project: crawlergo OneForAll subDomainsBrute Subfinder Sublist3r Xray JSfinder pppXray Server Sauce
The next project that I want to integrate is ARL Asset Lighthouse System
The result of the project is the fusion of these individually powerful components into a single application, suitable for SRC batch scanning, CNVD vertical upscaling, etc.
Project structure:
Install python3
(python2
is not supported at this time)
Download the code for this project: git clone https://github.com/Cl0udG0d/HXnineTails
Install the appropriate library files pip3 install -r requirements.txt
For domestic users, the first line of
requirements.txt
uses the Aliyun mirrorIf you are installing
python
library files on a foreign server, please delete the first line ofrequirements.txt
for speedup
The following project needs to be installed and the path configured in the config.py
file
Xray (better with the premium version)
For example, on my personal laptop, the path information in config.py
is
'''
Paths where each project is located.
'''
Chrome_Path='C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe'
Xray_Path='D:\\Xray\\xray.exe'
crawlergo_Path='C:\\Users\\Administrator\\Desktop\\test_tools\\crawlergo.exe'
OneForAll_Path='C:\\Users\\Administrator\\Desktop\\test_tools\\OneForAll-master\\'
subDomainsBrute_Path='C:\\Users\\Administrator\\Desktop\\test_tools\\subDomainsBrute-master\\'
subfinder_Path='C:\\Users\\Administrator\\Desktop\\test_tools\\subfinder\\'
Open the command line in the HXnineTails
folder and enter the scan parameters
Command line use, with the following parameter details.
-h --help output help information such as python3 scan.py --help
-a --attone for a single URL, only crawlergo dynamic crawler + xray scan For example Baidu official website python3 scan.py -a https://www.baidu.com
-s --attsrc for SRC assets, information gathering +crawlergo+xray , for example Baidu SRC python3 scan.py -s baidu.com
-d --attdetail for SRC assets, information collection + crawlergo + xray + C segment information collection + js sensitive information collection , for example Baidu SRC input python3 scan.py -d baidu.com
-t --thread Number of threads, default is 5 e.g. python3 scan.py -t 10 -a http://testphp.vulnweb.com/
-r reads the txt file to be scanned, one URL per line, and -a scans each URL taken out, e.g. python3 scan.py -t 10 -r target.txt
-c Clean up the saved vulnerability-related reports, i.e. clean up the files in the save folder
It is recommended to use the -a
or -s
parameter for scanning
There are also some global configurations in config.py
that can be modified by yourself, such as
SERVERKEY=''
portlist=['80','8080','8000','8081','8001']
blacklist=["spider", "org"]
ThreadNum=5
PYTHON="python3"
SERVERKEY
is the key
value used by Server Sauce for your registration
portlist
is the default list of ports scanned during C-segment scanning
The string in blacklist
that appears in the URL to be scanned will not be scanned
ThreadNum
The default number of threads
PYTHON
The name of the host python interpreter, default is python3
Some external programs or configurations are mentioned above, if you don't need to use them in your scan, you can leave them uninstalled and they will pass by themselves during the program run
python3 scan.py --help
python3 scan.py -t 3 -a http://testphp.vulnweb.com/
View saved reports
Write an English readme(Thanks brother wenyurush)- Streamline and add modules
- Add ARL module
- ...
🍺You're very welcome to join us! Raise an Issue or submit a Pull Request.
🍻And of course feel free to send me an email at 2585614464@qq.com Join us!
🍻 welcome call Throokie throught the email 326516678@qq.com
背人语
掌控安全-hab
MIT © Spring Teller
If it helps you, how about buying the author a cup of milk tea? (hehehe)👍 (Please leave a message with your ID when you reward