用于红队成员初步快速攻击的全自动化工具。

Related tags

MiscellaneousJuD
Overview

关于

Author:m0sway
Mail:[email protected]
Github:https://www.github.com/m0sway/Jud

JuD是什么

JuD是一款自动化扫描器,其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务,并使用集成的工具进行扫描,最后集成扫描报告;
工具目前有:oneforall、masscan、nmap、Wafw00f、rad、xray、ServerChan等

工作流程

  • 使用Oneforall遍历子域名
  • 遍历结束后,Server酱会发送提醒到WeChat
  • 使用masscan遍历主机所有开放端口
  • 使用nmap扫描开放端口;得出所有http服务端口
  • 使用Wafw00f进行WAF判断
  • 若无WAF,传递到rad
  • 使用rad进行扫描
  • 扫描到的URL传递到Xray
  • 使用Xray进行被动扫描
  • 扫描时发现漏洞Server酱会发送提醒到WeChat
  • 扫描结束后生成Xray报告
  • 每次项目的数据都会存入sqlite数据库,后续个人可查看

后续开发

后续还会加入FOFA的调用、dirsearch扫描目录等,优化代码,兼容Windows。

项目使用

项目是在Linux下开发的,请在Linux环境下使用。
rad扫描器是基于Chrome浏览器的,请先安装Chrome浏览器(若使用的时候报Chrome相关错误,打开Chrome的文件注释掉最后一行即可)。
接着将自己的Oneforall、Xray工具放入Tools中对应的文件夹(文件夹已经创建,将文件放入即可,不要套娃)
安装Oneforall所需Python库
配置文件在lib下的config.py,填入自己的server酱的key,其他相关配置也可做相应的更改。
全部安装完毕之后:
将目标填入 target.txt ,若是从ip开始扫描将目标填入 ip.txt ,若是直接扫描web将目标填入 task.txt 
启用命令: sudo python3 JuD.py  
可使用单个模块或者使用全自动模式。
扫描结果保存在results目录下,每次的扫描结果都会根据时间戳重命名。
结束时一定要使用工具中的退出选项,否则下次运行时会报错。

如有问题请提交Issues

2021/6/10 更新

更新了IP_SCAN表和TASK表的数据去重,避免多次扫描同一目标。 在全自动模式下注释了WAF判断(单模块依旧可以使用)。代码做了一些小优化。

2021/6/11 更新

新增了从IP开始全自动扫描 新增了从TASK开始全自动扫描

Owner
m0sway
m0sway
An advanced NFT Generator

NFT Generator An advanced NFT Generator Free software: GNU General Public License v3 Documentation: https://nft-generator.readthedocs.io. Features TOD

NFT Generator 5 Apr 21, 2022
A website to collect vintage 4 tracks cassette recorders.

Vintage 4tk cassette recorders A website to collect vintage 4 tracks cassette recorders. Local development setup Copy and customize Django settings (e

1 May 01, 2022
This library is an ongoing effort towards bringing the data exchanging ability between Java/Scala and Python

PyJava This library is an ongoing effort towards bringing the data exchanging ability between Java/Scala and Python

Byzer 6 Oct 17, 2022
Runtime Type Checking in Python 3

typo This package intends to provide run-time type checking for functions annotated with argument type hints (standard library typing module in Python

Ivan Smirnov 26 Dec 13, 2022
Procscan is a quick and dirty python script used to look for potentially dangerous api call patterns in a Procmon PML file.

PROCSCAN Procscan is a quick and dirty python script used to look for potentially dangerous api call patterns in a Procmon PML file. Installation git

Daniel Santos 9 Sep 02, 2022
Users can read others' travel journeys in addition to being able to upload and delete posts detailing their own experiences

Users can read others' travel journeys in addition to being able to upload and delete posts detailing their own experiences! Posts are organized by country and destination within that country.

Christopher Zeas 1 Feb 03, 2022
An awesome script to convert the University Of Oviedo web calendar to Google or Outlook calendars.

autoUniCalendar Un script en Python para convertir el calendario de la intranet de la Universidad de Oviedo en un calendario de Outlook o Google Calen

Bimo99B9 14 Sep 28, 2022
Defichain maxi - Scripts to optimize performance on defichain rewards

defichain_maxi This script is made to optimize your defichain vault rewards by m

kuegi 75 Dec 31, 2022
Parametric Bottle in CADQuery

Parametric Bottle using CADQuery The proposed code makes it possible to generate different types and sizes of 3D bottles in order to train Pixel2mesh

Ayoub EL HOUDRI 1 May 22, 2022
Wannier & vASP Postprocessing module

WASPP module Wannier90 & vASP Postprocessing module with functionalities I needed during my PhD. Being updated Version: 0.5 Main functions: Wannier90

Irián Sánchez Ramírez 4 Dec 27, 2022
Block the annoying Token Grabbers on your discord

General We have seen that in the last time many discord servers are infected by fake discord nitro links we want to put an end to this and have develo

BadTiger Network 2 Jul 16, 2022
The code for 2021 MGTV AI Challenge Anti Stealing Link, and the online result ranks 10th.

赛题介绍 芒果TV-第二届“马栏山杯”国际音视频算法大赛-防盗链 随着业务的发展,芒果的视频内容也深受网友的喜欢,不少视频网站和应用开始盗播芒果的视频内容,盗链网站不经过芒果TV的前端系统,跳过广告播放,且消耗大量的服务器、带宽资源,直接给公司带来了巨大的经济损失,因此防盗链在日常运营中显得尤为重要

tongji40 16 Jun 17, 2022
36 key ergo split keyboard, designed around the Seeeduino Xiao platform

Slice36 Minimalist Split Keyboard 36 key ergo split keyboard, designed around the Seeeduino Xiao platform. Inspired by the Corne, Ferris, Ben Vallack'

54 Dec 21, 2022
Streamlit apps done following data professor's course on YouTube

streamlit-twelve-apps Streamlit apps done following data professor's course on YouTube Español Curso de apps de data science hecho por Data Professor

Federico Bravin 1 Jan 10, 2022
Fisherman is a free open source fishing bot written in python.

Fisherman is a free open source fishing bot written in python.

Pure | Cody 33 Jan 29, 2022
Liquid Rocket Engine Cooling Simulation

Liquid Rocket Engine Cooling Simulation NASA CEA The implemented class calls NASA CEA via RocketCEA. INSTALL GUIDE In progress install instructions fo

John Salib 1 Jan 30, 2022
👀 nothing to see here

Woofy Woofy is blue dog companion token of YFI (Wifey) It utilizes a special Woof bonding curve which allows two-way conversion between the tokens. Th

Yearn Finance 36 Mar 14, 2022
Python meta class and abstract method library with restrictions.

abcmeta Python meta class and abstract method library with restrictions. This library provides a restricted way to validate abstract methods. The Pyth

Morteza NourelahiAlamdari 8 Dec 14, 2022
Python plugin/extra to load data files from an external source (such as AWS S3) to a local directory

Data Loader Plugin - Python Table of Content (ToC) Data Loader Plugin - Python Table of Content (ToC) Overview References Python module Python virtual

Cloud Helpers 2 Jan 10, 2022
A fluid medium for storing, relating, and surfacing thoughts.

Conceptarium A fluid medium for storing, relating, and surfacing thoughts. Read more... Instructions The conceptarium takes up about 1GB RAM when runn

115 Dec 19, 2022