PassiveScan-被动扫描之巅

DAST漏洞扫描一般分俩类：主动扫描和被动扫描。主动扫描一般是对通过爬虫获取到的参数发起扫描，被动扫描一般是根据代理流量中的参数发起扫描。因为爬虫技术的技术劣势，部分漏洞通过主动扫描几乎不可能发现，必须通过被动扫描实现。被动扫描结合爬虫技术往往是DAST的最优解。这正是本项目准备解决的问题。作者：0e0w

本项目创建于2021年12月28日，最近的一次更新时间为2023年12月15日。

• 01-被动扫描资源
• 02-被动扫描项目
• 03-网站爬虫项目
• 04-代理流量项目
• 05-被动扫描参考

01-被动扫描资源

• [ ] https://github.com/0e0w/MITM
• [ ] https://paper.seebug.org/1473

02-被动扫描项目

一、Golang

• [ ] https://github.com/chaitin/xray
• [ ] https://github.com/Magicskys/Kiddy
• [ ] https://github.com/virink/xray-weblisten-ui
• [ ] https://github.com/ssssdl/GoHttpProxyScan
• [ ] https://github.com/IceMoon1995/jray
• [ ] https://github.com/momosecurity/FindSomething

二、Python

• [ ] https://github.com/knownsec/LSpider
• [ ] https://github.com/guimaizi/testing_wave
• [ ] https://github.com/amcai/myscan
• [ ] https://github.com/ysrc/GourdScanV2
• [ ] https://github.com/w-digital-scanner/w13scan
• [ ] https://github.com/timwhitez/crawlergo_x_XRAY
• [ ] https://github.com/jiangsir404/pbscan
• [ ] https://github.com/ydxred/NagaScan
• [ ] https://github.com/clancyb00m/PassiveSqlCheck
• [ ] https://github.com/imagemlt/LoggedProxy
• [ ] https://github.com/wdsjxh/fiddler_tools
• [ ] https://github.com/fanxs-t/Shadow-Border
• [ ] https://github.com/YagamiiLight/Cerberus
• [ ] https://github.com/grayddq/PassiveSecCheck
• [ ] https://github.com/grayddq/PassiveDataSorting
• [ ] https://github.com/cqkenuo/SecXss
• [ ] https://github.com/ghtwf01/excavator

三、Java

• [ ] https://github.com/c0ny1/passive-scan-client
• [ ] https://github.com/songxiaomo1997/ScanStation
• [ ] https://github.com/EmYiQing/Burpsuite-JSScan

四、JS

• [ ] https://github.com/yu2lulu/passiveproxy

五、C#

• [ ] https://github.com/XiaoTouMingyo/ProxyScan

03-网站爬虫项目

一、Golang

• [ ] https://github.com/Qianlitp/crawlergo
• [ ] https://github.com/chaitin/rad

二、Python

04-代理流量项目

此部分包括流量代码转发篡改的相关项目底层库等。

一、Golang

• https://github.com/topics/mitmproxy?l=go
• https://github.com/search?l=Go&q=mitmproxy
• https://github.com/search?l=Go&q=MITM
• [ ] https://github.com/google/martian
• [ ] https://github.com/lqqyt2423/go-mitmproxy | 用Go实现的中间人攻击 | 195
• [ ] https://github.com/projectdiscovery/proxify
• [ ] https://github.com/wuhan005/Houki | 简单的 golang mitm 代理实现 | 20
• [ ] https://github.com/hupe1980/mitmproxy | Golang mitm 代理实现 | 0
• [ ] https://github.com/elazarl/goproxy | Go 的 HTTP 代理库 | 4.6k
• [ ] https://github.com/ouqiang/mars | HTTP(S)代理, 用于抓包调试 153
• [ ] https://github.com/AdguardTeam/gomitmproxy | 简单的 golang mitm 代理实现 | 54
• [ ] https://github.com/bettercap/bettercap
• [ ] https://github.com/9seconds/httransform
• [ ] https://github.com/moriyoshi/devproxy
• [ ] https://github.com/yinqiwen/gsnova
• [ ] https://github.com/Gh0u1L5/AutoSQL
• [ ] https://github.com/xiaohaogong/AutoSQL
• [ ] https://github.com/Dk0n9/goFoxy
• [ ] https://github.com/nicecp/GoIyov
• [ ] https://github.com/faceair/betproxy
• [ ] https://github.com/telanflow/mps
• [ ] https://github.com/snaigle/mitm-proxy
• [ ] https://github.com/ffutop/mitmproxy
• [ ] https://github.com/pulkitsharma07/proxybench
• [ ] https://github.com/yarochewsky/mitmproxy-go
• [ ] https://github.com/sunshibao/go-gomitmproxy
• [ ] https://github.com/dstotijn/hetty
• [ ] https://github.com/starkandwayne/gotcha
• [ ] https://github.com/DataHenHQ/till
• [ ] https://github.com/Binject/backdoorfactory
• [ ] https://github.com/faceair/betproxy
• [ ] https://github.com/cheahjs/wintun-mitm
• [ ] https://github.com/blck-snwmn/proxymitm
• [ ] https://github.com/davidpenn/mitm
• [ ] https://github.com/yarochewsky/mitmproxy-go
• [ ] https://github.com/jmizell/GoMITMProxy
• [ ] https://github.com/yarochewsky/mitmproxy-go
• [ ] https://github.com/moriyoshi/devproxy
• [ ] https://github.com/coyove/goflyway
• [ ] https://github.com/zboya/gomitmproxy
• [ ] https://github.com/buger/goreplay
• [ ] https://github.com/malfunkt/hyperfox
• [ ] https://github.com/Adrosar/rtmor
• [ ] https://github.com/cokeBeer/go-mitm
• [ ] https://github.com/syncsynchalt/dime-a-tap
• [ ] https://github.com/lyyyuna/mitm

二、Python

• [ ] https://github.com/netxfly/passive_scan
• [ ] https://github.com/mitmproxy/mitmproxy

三、Java

05-被动扫描参考

• https://github.com/ASTTeam/PassivesScan