Skip to content
/ afrog Public
forked from zan8in/afrog

一个挖洞工具 - A tool for finding vulnerabilities

License

MIT license
0 stars 410 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ifofor/afrog

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

255 Commits
afrog-pocs
afrog-pocs
 
 
cmd
cmd
 
 
images
images
 
 
internal/runner
internal/runner
 
 
pkg
pkg
 
 
pocs
pocs
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README_zh.md
README_zh.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

afrog

A tool for finding vulnerabilities.
❤️PoC [455]
🐸Like please tag stars🌟⭐

PoC directory中文文档

What is afrog

afrog is a tool for finding vulnerabilities. If you want to finding vulnerabilities such as SQL injection, XSS, file inclusion, etc., AWVS does a better job. Otherwise, you can try afrog.

Features

  • Based on xray kernel, not like xray (afrog template syntax)
  • Great performance, least requests, best results
  • Real-time display, scanning progress
  • View request and response packets of scan results
  • Start the program to automatically update the local PoC library
  • Long-term maintenance, update PoC (afrog-pocs
  • API interface, easy access to other projects

Download afrog

Release

Running afrog

Scan a single target.

afrog -t http://example.com -o result.html

Scan multiple targets.

afrog -T urls.txt -o result.html

For example: urls.txt 

http://example.com
http://test.com
http://github.com

Test a single PoC file

afrog -t http://example.com -P ./testing/poc-test.yaml -o result.html

Test multiple PoC files

afrog -t http://example.com -P ./testing/ -o result.html

Output html report

Disclaimer

This tool is only for legally authorized enterprise security construction behavior. If you need to test the usability of this tool, please build a target environment by yourself.

In order to avoid malicious use, all PoCs included in this project are theoretical judgments of vulnerabilities, there is no vulnerability exploitation process, and no real attacks or exploits will be launched on the target.

When using this tool for detection, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization. **Do not scan unauthorized targets. **

If you have any illegal behavior in the process of using this tool, you shall bear the corresponding consequences by yourself, and we will not bear any legal and joint responsibility.

Before installing and using this tool, please must read carefully and fully understand the contents of each clause. Restrictions, disclaimers or other clauses involving your significant rights and interests may be bolded or underlined to remind you to pay attention . Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not install and use this tool. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed that you have read and agreed to be bound by this agreement.

交流群

About

一个挖洞工具 - A tool for finding vulnerabilities

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

12 tags

Packages

No packages published

Languages

  • Go 100.0%