Add files via upload
InfoSec
GitHub
parent
2aa05bcf54
commit
cb5aa78ef7
|
|
@ -0,0 +1,77 @@
|
|||
:: authour: ym2011
|
||||
:: time: 2020-12-07
|
||||
:: verison: 1.1
|
||||
|
||||
@echo off
|
||||
title xray run with burpsuite pro
|
||||
|
||||
set YYYYmmdd=%date:~0,4%%date:~5,2%%date:~8,2%
|
||||
set hhmiss=%time:~0,2%%time:~3,2%%time:~6,2%
|
||||
set report=xray_report_%YYYYmmdd%_%hhmiss%.html
|
||||
|
||||
goto comment
|
||||
联动burp说明:https://docs.xray.cool/#/scenario/burp
|
||||
引擎初次运行时,会在当前目录内生成一个 config.yaml 文件
|
||||
按需进行修改config.yaml的配置
|
||||
配置文件说明;https://docs.xray.cool/#/configration/config
|
||||
restriction:
|
||||
includes: # 允许扫描的域,此处无协议
|
||||
- '*' # 表示允许所有的域名和 path
|
||||
- 'example.com' # 表示允许 example.com 下的所有 path
|
||||
- "example.com/admin*" # 表示允许 example.com 下的 /admin 开头的 path
|
||||
excludes:
|
||||
- '*google*'
|
||||
- '*github*'
|
||||
- '*.gov.cn'
|
||||
- '*.edu.cn'
|
||||
- '*chaitin*'
|
||||
- '*xray.cool'
|
||||
:comment
|
||||
|
||||
echo ****************************************
|
||||
echo do not run xray when repeat the packet within burpsuite.
|
||||
echo it will delete or create hundred of contents automatically.
|
||||
|
||||
if not exist ca.crt (
|
||||
goto generaca
|
||||
) else (
|
||||
goto backup
|
||||
)
|
||||
|
||||
:generaca
|
||||
echo ****************************************
|
||||
echo **** genering ca.crt and ca.key ********
|
||||
.\xray_windows_amd64.exe genca
|
||||
echo generaca successfully.
|
||||
|
||||
:backup
|
||||
if exist proxy.html (
|
||||
goto backupreport
|
||||
) else (
|
||||
goto start
|
||||
)
|
||||
|
||||
:backupreport
|
||||
echo ****************************************
|
||||
echo **** old report is backuping now *******
|
||||
copy proxy.html %report%
|
||||
echo successfully,it's name is: %report%.
|
||||
del proxy.html
|
||||
|
||||
:start
|
||||
rem 如果需要扫描教育政府类网站,请在config.yaml注释掉(前面加#),如# - '*.gov.cn'
|
||||
rem 1、powershell 执行监听爬虫,联动burp
|
||||
:: .\xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output proxy.html
|
||||
echo ****************************************
|
||||
echo ********now, xary started***************
|
||||
|
||||
|
||||
.\xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output proxy.html
|
||||
|
||||
rem 2、使用 xray 基础爬虫模式进行漏洞扫描
|
||||
:: .\xray_windows_amd64 webscan --basic-crawler http://testphp.vulnweb.com/ --html-output 1.html
|
||||
|
||||
rem 自1.2.0开始,高级版新增浏览器爬虫支持
|
||||
::.\xray_windows_amd64 webscan --browser-crawler http://testphp.vulnweb.com/ --html-output 2.html
|
||||
|
||||
pause
|
||||
Loading…
Reference in New Issue