无回显漏洞测试辅助平台 (Spring Boot + Spring Security + Netty),平台使用Java编写,提供DNSLOG,HTTPLOG等功能,辅助渗透测试过程中无回显漏洞及SSRF等漏洞的验证和利用。
项目地址:
https://github.com/SPuerBRead/Bridge
0x01 主要功能
DNSLOG
HTTPLOG
自定义DNS解析
DNS Rebinding
自定义HTTP Response(Response内容、状态码、Header)
数据查询API
配置A记录,子域名ns,解析到10.10.10.10
配置NS记录,子域名dns,解析到ns.dnslog.com
配置A记录,子域名dnslog,解析到10.10.10.10
source bridge.sql
mvn clean package -DskipTests
java -jar dns_log-0.0.1-SNAPSHOT.jar dns.dnslog.com dnslog.dnslog.com 10.10.10.10 a1b2c3d4
git clone https://github.com/SPuerBRead/Bridge.git
cd ./Bridge
1. docker-compose.yml文件中的MYSQL_ROOT_PASSWORD项
2. 程序配置文件application.properties中的spring.datasource.password
java -jar dns_log-0.0.1-SNAPSHOT.jar dns.dnslog.com dnslog.dnslog.com 10.10.10.10 a1b2c3d4
docker-compose build
docker-compose up -d
http://xxx.xx/api/dnslog/search?token={apiKey}&keyword={test}
[
{
"ip": "localhost",
"host": "test1.1.dns.xxxx.com",
"time": "2019-07-30 15:25:14.0",
"type": "A(1)"
}
]
http://xxx.xx/api/weblog/search?token={apiKey}&keyword={test}
[
{
"path": "/",
"method": "POST",
"data": "",
"ip": "10.10.37.75",
"host": "test.1.dns.xxxx.com",
"header": "{\"content-length\":\"22896\",\"postman-token\":\"9575b873-ccd9-4d5b-ba8a-c1f746e40086\",\"host\":\"test.1.dns.xxxx.com\",\"content-type\":\"text/plain\",\"connection\":\"keep-alive\",\"cache-control\":\"no-cache\",\"accept-encoding\":\"gzip, deflate\",\"user-agent\":\"PostmanRuntime/7.13.0\",\"accept\":\"*/*\"}",
"time": "2019-07-23 17:50:10.0",
"params": null,
"version": "HTTP/1.1"
}
]
热文推荐