兼具本地式与分布式优势、针对大类通用型Web漏洞、插件外部动态化导入的轻量级主被动扫描器

工具介绍

兼具本地式与分布式优势、针对大类通用型Web漏洞、插件外部动态化导入的轻量级主被动扫描器

工具功能

工具使用

Ling - 可视化

z0 - 命令行

✔ 被动扫描

被动扫描的默认配置(将浏览器流量转发到端口5920):

复制代码
z0 scan -s 127.0.0.1:5920  

常用推荐配置:

复制代码
z0 scan -s 127.0.0.1:5920 --risk 0,1,2,3 --level 2 --disable cmdi,unauth  

被动扫描控制台界面

✔ 主动扫描

主动扫描的默认配置:

复制代码
# 通过Burp/Yakit请求流量启动主动检测(推荐)  
z0 scan -s 127.0.0.1:5920  
复制代码
# 直接检测  
z0 scan -u https://example.com/?id=1  
# 从URL列表进行批量检测  
z0 scan -f urls.txt  

🔖 插件列表

  • PerPage
Plugin Name Description Risk
sqli-bool SQL Boolean-based Blind Injection 2
sqli-time SQL Time-based Blind Injection 2
sqli-error SQL Error-based Injection 2
codei-asp ASP Code Execution 3
codei-php PHP Code Execution 3
cmdi Command Execution 3
other-objectdese Deserialization Parameter Analysis 3
sensi-js JS Sensitive Information Leak 0
sensi-jsonp Jsonp Sensitive Information Leak 1
sensi-php-realpath PHP Real Path Discovery 0
redirect Redirect Vulnerability 1
sensi-webpack Webpack Source Code Leak 1
other-webdav-passive WebDAV Service Passive Detection 1
xpathi-error Error-based XPATH Injection 2
trave-path Path Traversal 2
sensi-backup_1 Backup File Detection (File-based) 1
sensi-viewstate Unencrypted VIEWSTATE Discovery 0
xss JS Semantic-based XSS Scanning 1
crlf_1 CRLF Vulnerability Detection 2
cors-passive CORS Vulnerability (Passive Analysis) 2
unauth Unauthorized Access Vulnerability 2
leakpwd-page-passive Weak Password on Login Page 2
sensi-editfile Editor Backup File Leak 1
sensi-sourcecode Source Code Leak 1
captcha-bypass CAPTCHA Bypass 0
sensi-retirejs Outdated JS Component Detection -1
ssti SSTI Vulnerability Detection 3
ssti-angularjs AngularJS Client-Side Template Injection Detector 2
ssrf SSRF plugin detects server-side request forgery vulnerabilities via crafted payloads. 2
xxe XXE plugin detects XML external entity injection vulnerabilities via malicious payloads. 3
xxe-blind Blind XXE plugin detects out-of-band data exfiltration. 3
codei-java Java Code Injection Vulnerability Scanner (EL/SpEL/OGNL) 3
other-redos Regular Expression Denial of Service (ReDoS) Vulnerability Scanner -1
other-jndi-error JNDI Injection Vulnerability Scanner 3
  • PerDir
Plugin Name Description Risk
sensi-backup_2 Backup File Scan (Directory-based) 1
trave-list_2 Directory Listing 2
sensi-files Sensitive File Leak (e.g., phpinfo, .git) 1
upload-oss OSS Bucket Arbitrary File Upload 2
sensi-frontpage FrontPage Configuration Leak 1
  • PerDomain
Plugin Name Description Risk
sensi-errorpage Error Page Sensitive Information Leak 0
xss-net .NET Universal XSS 1
other-dns-zonetransfer DNS Zone Transfer Vulnerability 1
xss-flash Flash Universal XSS 1
other-idea-parse Idea Directory Parsing 1
other-xst XST Vulnerability Detection -1
other-webdav-active WebDAV Service Discovery 1
upload-put PUT-based Arbitrary File Upload 3
sensi-backup_3 Backup File Detection (Domain-based) 1
cors-active CORS Vulnerability (Active Detection) 2
crlf_3 CRLF Line Injection Vulnerability 2
other-hosti Host Header Injection Detection 1
other-oss-takeover OSS Bucket Takeover Vulnerability 3
sensi-iis-shortname IIS Short Filename Vulnerability 0
other-clickjacking Clickjacking Vulnerability -1
other-baseline Service Version Leak -1
other-smuggling Request Smuggling Vulnerability 3
trave-list_3 Directory Listing 2
  • PerHost
Plugin Name Description
leakpwd-mssql Weak Password on MSSQL Server
leakpwd-mysql Weak Password on MySQL Server
leakpwd-postgresql Weak Password on PostgreSQL Server
leakpwd-redis Weak Password on Redis Server
leakpwd-smb Weak Password on SMB Server
other-ftp-anonymous FTP anonymous Login
other-solr-rce Apache Solr RCE via Velocity
unauth-docker Docker Unauthorized Access
unauth-jenkins Jenkins Unauthorized Access
unauth-memcached Memcached Unauthorized Access
unauth-mongodb Mongodb Unauthorized Access
unauth-resis Redis Unauthorized Access
unauth-rsync Rsync Unauthorized Access
unauth-solr Apache Solr Unauthorized Access
unauth-zookeeper Zookeeper Unauthorized access

工具下载

复制代码
https://github.com/JiuZero/z0scan
相关推荐
介一安全2 个月前
【BurpSuite 插件开发】实战篇(六)实现自定义请求头的修改与请求测试
web安全·安全性测试·burpsuite·安全工具·burp 开发
kp000004 个月前
Tunna工具实战:基于HTTP隧道的RDP端口转发技术
网络安全·内网渗透·安全工具
风间琉璃""9 个月前
bugkctf 渗透测试1超详细版
数据库·web安全·网络安全·渗透测试·内网·安全工具
红酒味蛋糕_1 年前
docker安装AWVS15(网络拉取失败,提供百度云镜像下载)
网络安全·渗透测试·安全工具
RrEeSsEeTt1 年前
kali下安装使用蚁剑(AntSword)
web安全·渗透测试·webshell·安全工具
sujrex1 年前
PHP/JS质量工具,安全工具总结
javascript·安全·php·安全工具·质量工具
内心如初1 年前
渗透测试报告生成工具
web安全·渗透测试·安全工具
黄乔国PHP|JAVA|安全2 年前
Yakit工具篇:综合目录扫描与爆破的使用
安全·web安全·网络安全·安全工具·yakit