VscanPlus

VscanPlus is a second development version of Vscan, an open-source, lightweight, fast, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.

中文文档 • Compilation/Installation/Running • Parameter Description • Usage •

Features

Updates

• Updated ehole fingerprint
• Updated nuclei detection scripts
• Updated xray detection scripts
• Fixed missing field error when reading nuclei templates
• Standardized fingerprint names, nuclei, xray detection script naming format

Commits

• According to the original vscan development documentation, users can customize fingerprints and pocs. The calling relationship between the two is: first detect the fingerprint, then call the corresponding poc, similar to the recently updated -ac command line detection feature in nuclei, both based on fingerprints to detect vulnerabilities

• According to the original vscan development documentation, the xray poc naming format corresponding to the fingerprint is: fingerprint-xxxx-yml, so the format of the newly added pocs has been standardized, including: Weaver-OA Yonyou-OA Tongda-OA Jinhe-OA ThinPHP Spring-Boot Spring-Blade Apache-Tomcat Drupal Microsoft-Exchange Sangfor

• Nuclei loads pocs through tags

• ~~Based on the xray rule detection of the original vscan, the logic of loading multiple rules in yml v2 similar to nuclei templates has been rewritten, which can achieve multi-expression detection functionality~~

Todo

• Fix bugs related to some detection scripts failing to load

Warning

• To compile and generate executable files, please download the vcsanplus-main-code.zip file from the releases

Reference

https://github.com/veo/vscan

Star History