From cb5aa78ef7eab13431eaff89cd823afe6befa2a3 Mon Sep 17 00:00:00 2001 From: InfoSec <1241112575@qq.com> Date: Tue, 8 Dec 2020 10:29:52 +0800 Subject: [PATCH] Add files via upload --- Burpsuite/xray_run_with_burp.bat | 77 ++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 Burpsuite/xray_run_with_burp.bat diff --git a/Burpsuite/xray_run_with_burp.bat b/Burpsuite/xray_run_with_burp.bat new file mode 100644 index 0000000..8d3a211 --- /dev/null +++ b/Burpsuite/xray_run_with_burp.bat @@ -0,0 +1,77 @@ +:: authour: ym2011 +:: time: 2020-12-07 +:: verison: 1.1 + +@echo off +title xray run with burpsuite pro + +set YYYYmmdd=%date:~0,4%%date:~5,2%%date:~8,2% +set hhmiss=%time:~0,2%%time:~3,2%%time:~6,2% +set report=xray_report_%YYYYmmdd%_%hhmiss%.html + +goto comment +联动burp说明:https://docs.xray.cool/#/scenario/burp +引擎初次运行时,会在当前目录内生成一个 config.yaml 文件 +按需进行修改config.yaml的配置 +配置文件说明;https://docs.xray.cool/#/configration/config +restriction: + includes: # 允许扫描的域,此处无协议 + - '*' # 表示允许所有的域名和 path + - 'example.com' # 表示允许 example.com 下的所有 path + - "example.com/admin*" # 表示允许 example.com 下的 /admin 开头的 path + excludes: + - '*google*' + - '*github*' + - '*.gov.cn' + - '*.edu.cn' + - '*chaitin*' + - '*xray.cool' +:comment + +echo **************************************** +echo do not run xray when repeat the packet within burpsuite. +echo it will delete or create hundred of contents automatically. + +if not exist ca.crt ( + goto generaca +) else ( +goto backup +) + +:generaca +echo **************************************** +echo **** genering ca.crt and ca.key ******** +.\xray_windows_amd64.exe genca +echo generaca successfully. + +:backup +if exist proxy.html ( + goto backupreport +) else ( +goto start +) + +:backupreport +echo **************************************** +echo **** old report is backuping now ******* +copy proxy.html %report% +echo successfully,it's name is: %report%. +del proxy.html + +:start +rem 如果需要扫描教育政府类网站,请在config.yaml注释掉(前面加#),如# - '*.gov.cn' +rem 1、powershell 执行监听爬虫,联动burp +:: .\xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output proxy.html +echo **************************************** +echo ********now, xary started*************** + + +.\xray_windows_amd64.exe webscan --listen 127.0.0.1:7777 --html-output proxy.html + +rem 2、使用 xray 基础爬虫模式进行漏洞扫描 +:: .\xray_windows_amd64 webscan --basic-crawler http://testphp.vulnweb.com/ --html-output 1.html + +rem 自1.2.0开始,高级版新增浏览器爬虫支持 +::.\xray_windows_amd64 webscan --browser-crawler http://testphp.vulnweb.com/ --html-output 2.html + +pause \ No newline at end of file