【Lazy Artifact】A graphical tool that collects urls in batches, and performs various nday detections on the collected urls in batches. It can be used for src mining, cnvd mining, 0day exploitation, building your own arsenal and other scenarios.
This project is only for authorized use. It is prohibited to use this project for illegal operations, otherwise you will be responsible for the consequences. Please abide by the laws of your country! ! !
I wrote it after staying up late for a short period of time, and my head is dizzy. I expect there will be many mistakes. Please point out that my contact information has been posted below, I would be very grateful!
Planning to add an exploit module every day in July, so welcome star/fork
, every star
and fork
of yours is my motivation!
We want to exploit the Fumeng Cloud AjaxMethod.ashx SQL injection
vulnerability in batches, so we base64
encrypt the statement and get: dGl0bGU9IuWtmuebn+S6kSAi
.
We choose to get the first 2000
(the specific number needs to be filled in according to your own membership):
Click directly on Fumeng Cloud AjaxMethod.ashx SQLinjection [auto-muti-exp]
:
You can see that the software starts batch testing:
Delete the three files urls.txt
, corrected url.txt
, host.txt
in the folder, and prepare to use other modules.
git clone https://github.com/W01fh4cker/Serein_Linux.git
cd Serein_Linux
pip3 install -r requirements.txt
python3 Serein_Linux.py
Click Software Configuration
in the upper left corner to configure email
and key
of fofa
(note that it is not a password, but API KEY
in https://fofa.info/personalData
), then you can be happy to use fofa search
instead.
**Note: It must be a fofa
ordinary/advanced/enterprise account, because fofa
registered members need to consume f
coins to call api
, if you are a registered member, please make sure you have f
coins, otherwise you cannot query ! **
After the collection is completed, urls.txt
, corrected url.txt
, host.txt
will be generated in the same level directory of the software, and the collected original url
, url with http/https header added
and Website IP only
will be saved respectively.
After completing a scan task, to start the next scan, please delete the three files urls.txt
, correcturl.txt
, and host.txt
in the folder.
If you encounter any problems in use and have lively ideas, you have three ways to communicate with me:
mailto:[email protected]
https://github.com/W01fh4cker/Serein/issues
Wechat: W01fh4cker
ip-->domain
for the website containing the vulnerability, then reverse the domain name, and use multiple query interfaces for weighting Query, filter out websites that meet the weight requirements, and export them.Censys
, Zoomeye
, Quake
, etc.issues
.https://discord.gg/n2c5Eaw4Jx