1. Cybersecurity >
  2. Cybersecurity Nachrichten >
  3. Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)


IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung


Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more ...
Instead of injecting each and every shell manually like all the other tools do, VulnX analyses the target website checking the presence of a vulnerabilitie if so the shell will be Injected.searching urls with dorks Tool.

Features
  • Detects cms (wordpress, joomla, prestashop, drupal, opencart, magento, lokomedia)
  • Target informations gatherings
  • Target Subdomains gathering
  • Multi-threading on demand
  • Checks for vulnerabilities
  • Auto shell injector
  • Exploit dork searcher
  • Ports Scan High Level
  • Dns-Servers Dump
  • Input multiple target to scan.
  • Dorks Listing by Name& by ExploitName.
  • Export multiple target from Dorks into a logfile.

DNS-Map-Results
To do this,run a scan with the --dns flag and -d for subdomains. To generate a map of isetso.rnu.tn, you can run the command vulnx -u isetso.rnu.tn --dns -d --output $PATHin a new terminal.
$PATH : Where the graphs results will be stored.


Let's generates an image displaying target Subdomains,MX & DNS data.


Exploits


Joomla

Wordpress

Drupal

PrestaShop

Opencart

VulnxMode
NEW vulnx now have an interactive mode. URLSET


DORKSET


Available command line options
READ VULNX WIKI
usage: vulnx [options]

-u --url url target
-D --dorks search webs with dorks
-o --output specify output directory
-t --timeout http requests timeout
-c --cms-info search cms info[themes,plugins,user,version..]
-e --exploit searching vulnerability & run exploits
-w --web-info web informations gathering
-d --domain-info subdomains informations gathering
-l, --dork-list list names of dorks exploits
-n, --number-page number page of search engine(Google)
-p, --ports ports to scan
-i, --input specify domains to scan from an input file
--threads number of threads
--dns dns informations gathering

Docker
VulnX in DOCKER !!.
$ git clone https://github.com/anouarbensaad/VulnX.git
$ cd VulnX
$ docker build -t vulnx ./docker/
$ docker run -it --name vulnx vulnx:latest -u http://example.com
run vulnx container in interactive mode


to view logfiles mount it in a volume like so:
$ docker run -it --name vulnx -v "$PWD/logs:/VulnX/logs" vulnx:latest -u http://example.com
change the mounting directory..
VOLUME [ "$PATH" ]

Install vulnx on Ubuntu
$ git clone https://github.com/anouarbensaad/vulnx.git
$ cd VulnX
$ chmod +x install.sh
$ ./install.sh
Now run vulnx


Install vulnx on Termux
$ pkg update
$ pkg install -y git
$ git clone http://github.com/anouarbensaad/vulnx
$ cd vulnx
$ chmod +x install.sh
$ ./install.sh
CLICK HERE TO SHOW THE RESULT

Install vulnx in Windows
  • click here to download vulnx
  • download and install python3
  • unzip vulnx-master.zip in c:/
  • open the command prompt cmd.
> cd c:/vulnx-master
> python vulnx.py

example command with options : settimeout=3 , cms-gathering = all , -d subdomains-gathering , run --exploits
vulnx -u http://example.com --timeout 3 -c all -d -w --exploit

example command for searching dorks : -D or --dorks , -l --list-dorks
vulnx --list-dorks return table of exploits name. vulnx -D blaze return urls found with blaze dork

Versions

Warning!
I Am Not Responsible of any Illegal Use

Contribution & License
You can contribute in following ways:
  • Report bugs & add issues
  • Search for new vulnerability
  • Develop plugins
  • Searching Exploits
  • Give suggestions (Ideas) to make it better
Do you want to have a conversation in private? email me : [email protected]
VulnX is licensed under GPL-3.0 License


...
http://feedproxy.google.com/~r/PentestTools/~3/5dg9OsMFi5U/vulnx-v20-intelligent-bot-auto-shell.html

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)

vom 3398.98 Punkte ic_school_black_18dp
Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and

Vulnx v1.9 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress, Joomla, Drupal, Prestashop...)

vom 3210.64 Punkte ic_school_black_18dp
Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and

VulnX v1.7 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS

vom 2552.02 Punkte ic_school_black_18dp
VulnX Wiki • How To Use • Compatibility • Library • Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection, information gathering and vulnerability Scanning of the target

[SA-CORE-2020-012] Remote code execution

vom 1634.18 Punkte ic_school_black_18dp
Drupal core did not properly sanitize certain filenames on uploaded files, which could lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This vulnerabi

[SA-CORE-2020-004] Cross Site Request Forgery

vom 1468.3 Punkte ic_school_black_18dp
The Drupal core Form API didn't properly handle certain form input from cross-site requests, which could lead to other vulnerabilities. This vulnerability affects the following application versions: Drupal 7.0 Drupal 7.1

Added escaping to several admin controllers and send mail to prevent XSS

vom 1467.51 Punkte ic_school_black_18dp
Several sections in admin controllers and send mail were not properly escaped against XSS. This vulnerability affects the following application versions: PrestaShop 1.6.0.1 PrestaShop 1.6.0.1 alpha

[SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem

vom 1448.86 Punkte ic_school_black_18dp
Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following app

Introducing type casting for ids to prevent XSS

vom 1440.58 Punkte ic_school_black_18dp
Always cast integer when it's related to ids on AdminAttributesGroupsController to avoid XSS. This vulnerability affects the following application versions: PrestaShop 1.6.0.1 PrestaShop 1.6.0.1 alpha 1 P

Added escaping to the confirmation link to prevent XSS

vom 1440.58 Punkte ic_school_black_18dp
The onclick confirmation link wasn't properly escaped against XSS. This vulnerability affects the following application versions: PrestaShop 1.6.0.1 PrestaShop 1.6.0.1 alpha 1 P

Escaping added to extended exception message to avoid XSS

vom 1386.73 Punkte ic_school_black_18dp
The extended exception message wasn't properly escaped against XSS. This vulnerability affects the following application versions: PrestaShop 1.6.0.3 PrestaShop 1.6.0.3 beta 1 PrestaShop 1.6.0.4

[SA-CORE-2019-002] Arbitrary PHP code execution

vom 1330.93 Punkte ic_school_black_18dp
A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated

3 Security improvements XML-RPC

vom 1330.42 Punkte ic_school_black_18dp
[XML-RPC] Improve error messages for unprivileged users Add specific permission checks to avoid ambiguous failure messages. [XML-RPC] Fix length validation of anonymous commenter's email address Fix the first step of validating an anonymous commente

Team Security Diskussion über Vulnx v2.0 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress , Joomla , Drupal , Prestashop ...)