Viper
2021-12-18 15:33:18 Author: github.com(查看原文) 阅读量:12 收藏

This branch is up to date with master.

Contribute
  • This branch is not ahead of the upstream master.

    No new commits yet. Enjoy your day!

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

English | 简体中文

  • Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration
  • Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on
  • Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories
  • Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold
  • Viper supports running native msfconsole in browser and multi - person collaboration

Log4j Scanning Readme


Click to expand

v1.5.10 20211216

New Features

  • New log4j passive scanning function
  • Viper + crawlergo can be used in combination to automatically and actively scan log4j vulnerabilities

Log4j passive scan

  • Automatically replace the get request parameter with payload
  • The auto replace post request parameter is payload
  • The JSON value of auto replace post request is payload
  • Auto replace skip password field
  • Automatically add payload in headers (polling by Dictionary)
  • The payload contains the original payload and the payload bypassing the WAF
  • The payload contains UUID, which can find the specific request content that triggers the vulnerability according to the dnslog record

Log4j automatic active scanning

  • Get all requests for automatic page acquisition through chrome headless + crawler, and import the requests into the passive proxy to realize automatic scanning

Log4j Scanning Readme

v1.5.9 20211204

Optimization

  • Merge Metasploit Framework version 6.1.18
  • Update ruby version to 3.0

Bugfix

  • Fix bug on FOFA search

v1.5.8 20211126

New features

  • New module Syscall Visual Studio project

Optimization

  • InternetScan UI is updated to make the operation more convenient, and the manual import function is added
  • Add partial log (heartbeat data section)
  • Merge Metasploit Framework version 6.1.17

Bugfix

  • Fix the problem that the PEM certificate could not be loaded

v1.5.7 20211115

Optimization

  • 'InternetScan' add debug interface
  • Webdelivery currently no longer forces binding of target and payload
  • Functional optimization of Puma and ipgeo
  • front-end interaction optimization
  • Merge Metasploit Framework version 6.1.15

Bugfix

  • Fix the handler exception caused by ipgeo exception
  • Fix the repeated addition of UDP handler after Viper restart

v1.5.6 20211031

New Features

  • Added 'Hander firewall' function
  • Added the module of "Direct windows syscall evasion technique"

Optimization

  • reverse_http(s) when the network is disconnected, the timeout is updated from 21 seconds (Windows default) to 3 seconds
  • The current session does not expire by default and will not exit automatically
  • Merge Metasploit Framework version 6.1.13

Bugfix

  • Repair reverse_tcp failed to connect when 'sessionexpirationtimeout' is 0
  • Fix failure to get default lhost parameter on ui

v1.5.5 20211024

New Features

  • Added CVE-2021-40449 LPE module
  • One click download all Viper logs from WEBUI

Optimization

  • Merged metasploit-framework 6.1.12

Bugfix

  • Fix the port occupancy problem after the socks is removed

v1.5.4 20211017

New Features

  • Added MS17-010 Exploit (CSharp) module

Optimization

  • Merged metasploit-framework 6.1.11

Bugfix

  • Fix duplicate add reverse_http(s) handler failed to deal with session online requests.

v1.5.3 20211010

Optimization

  • Optimize msfconsole user experience
  • Merged metasploit-framework 6.1.10

v1.5.2 20211007

Optimization

  • Login page multilingual support
  • Merged metasploit-framework 6.1.9

v1.5.1 20210926

New Features

  • Added Obtain Internet outbound IP module
  • New search filter for session process list

Optimization

  • Antivirus software display supports English version
  • Optimize the output format of the intranet scanning module
  • Optimize the performance and UI of the Run Module function
  • Merged metasploit-framework 6.1.8 version

Bugfix

  • Fix the problem that the name of antivirus software is not displayed

v1.5.0 20210919

New Features

  • VIPER now support English language

Optimization

  • Optimized the format of session online SMS
  • Merged metasploit-framework 6.1.7 version

Bugfix

  • Fixed the issue that ExitOnSession did not take effect
  • Fix the issue that the bind handler of the exploit module does not take effect

v1.4.2 20210822

New Features

  • Added Session online by SCF (Tencent API Gateway) module

Optimization

  • Use Unix socketpair to replace 127.0.0.1 socketpair to improve performance
  • Optimize the handler function, add HttpHostHeader parameter
  • Block ids check of session
  • Merged metasploit-framework 6.1.5 version

Bugfix

  • Fixed the problem that some module tasks could not be deleted
  • Fixed the issue of channel not being released in MSF
  • Fix the issue of Clone Https certificate certificate length, adapt to the new features of SSLVersion
  • Fix the issue that the session does not respond after the use of Linux intranet routing and command execution due to stream hang

viper.png

  • viperjs (Frontend)

https://github.com/FunnyWolf/viperjs

  • viperpython (Backend)

https://github.com/FunnyWolf/viperpython

  • vipermsf (MSFRPC)

https://github.com/FunnyWolf/vipermsf

Edward_Snowdeng exp Fnzer0 qingyun00 脸谱 NoobFTW Somd5-小宇 timwhitez ViCrack xiaobei97 yumusb

Viper has joined 404Team 404StarLink 2.0 - Galaxy


文章来源: https://github.com/y35uishere/Viper
如有侵权请联系:admin#unsafe.sh