-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
检测url(target)=https://example:port/a/b/c #1793
Comments
|
.\xray_windows_386.exe --log-level debug ws --poc "D:\working\document\ 内容风险\xray\workspace/pocs/*" --url-file D:\working\document\内容风险\xray\workspace\2024-04-29\16-33-42-domain.txt --html-output D:\working\document\内容风险\xray\workspace\2024-04-29\16-33-42-other.html |
name: poc-yaml-js-report |
POC Loaded: [DBUG] 2024-05-11 14:52:47 [controller:dispatcher.go:230] fingers count: 2 [DBUG] 2024-05-11 14:52:47 [default:client.go:188] GET https://lppadweb.paas.cmbchina.com/a/release/visualizer/reporter.html 404 Not Foundnginx [Vuln: phantasm] [DBUG] 2024-05-11 14:52:48 [controller:dispatcher.go:502] sending last stat |
上面分别是启动命令,domain.txt里面内容,poc内容以及运行后的日志。 可以看到/a的url成功命中poc,多级路径的看起来未进行检测 |
|
卧槽 兄弟 涉及ip地址的 你脱下敏吧, 有点害怕。 |
问题不大 都是404地址 |
大佬有空帮我看看,为啥一级路径符合poc预期,多级路径就没结果 |
你的脚本和用法感觉没问题 怀疑是检测深度(印象中有个子路径检测深度的)导致的。配置中能不能配置我也忘了。 建议使用 xpoc xpoc 应该没有这个问题 |
配置曾中找过,没找到。要换工具感觉有点难顶,改动太大,部署Linux时libpcap缺了还要gcc编译安装才行。踩坑太难受了~~ |
xpoc没有相关的限制,给他啥就发啥 |
可以了,十分感谢大佬~ |
这种多级路径时,xray不会进行检测吗?若是https://example:port/a则正常进行检测
The text was updated successfully, but these errors were encountered: