Releases: zan8in/afrog
Releases · zan8in/afrog
v3.1.3
v3.1.2
- 【优化】PoC文件:
smartbi-bypass-builtin-user-login.yaml
- 【新增】资产自动去重功能
- 【优化】资产存活性验证功能
- 【新增】PoC 10 个
- [Optimization] PoC file:
smartbi-bypass-builtin-user-login.yaml
- [New Feature] Automatic asset deduplication
- [Optimization] Asset liveness verification
v3.1.1
- 【需求】HTML报告新增 Copy 按钮,一键复制Request请求包。
- 【BUG】修复 afrog 工具中使用 -P 命令指定不存在的YAML文件时,会错误地扫描所有PoC文件的问题。
- Added Copy button to HTML report for one-click Request package copy.
- Resolve the bug where using the '-P' command with a non-existent YAML file for afrog results in scanning all PoCs.
v3.1.0
Changelog
- 增强 afrog 漏洞报告,新增响应时间显示功能,以便用户更直观地评估目标系统的响应速度。
- 在启动afrog时,若未执行OOB POC扫描,则不会进行OOB存活性的探测。
- 2cfd555 在yaml模板规则,在type中增加https标头,区别http标头。
- Enhance the afrog vulnerability report by adding a response time display feature, enabling users to more intuitively evaluate the response speed of the target system.
- When initiating afrog, if the OOB POC scan is not performed, then the detection of OOB viability will not be conducted.
v3.0.9 【从21世纪安全撤离】
【BUG】修复了 -t 命令中自动将路径(path)全部转换为小写的错误(BUG)。
[BUG] The bug that automatically converted all paths to lowercase in the -t command has been fixed.
v3.0.8
v3.0.7 Dream a dream for you.
新增 OOB 平台:recvsuit,使用命令:-oob revsuit
afrog-config.yaml 新增配置:
token: 密钥(参考 revsuit 教程)
dns_domain: 记录 dns log 的域名
http_url: 记录 http log 的 url
api_url: revsuit 的验证接口(参考 revsuit 教程)
官网:https://github.com/Li4n0/revsuit
教程:稍后加入 wiki
v3.0.6 Dream a dream for you
- afrog 已更新了 POC 扫描逻辑,现在先扫描普通 POC,然后再扫描 OOB POC。这是因为 OOB POC 的并发扫描需要单独配置,并且速率远低于普通 POC。
-oob-rate-limit/-orl
设定 OOB POC 的每秒最大请求量,默认为 25;-oob-concurrency/-oc
则设置 OOB POC 的最大并发执行数量,默认为 25。- 修复了一个导致 ceye 验证接口不稳定时漏报的 BUG。
- 将 SQLite3 数据表的 ID 修改为雪花算法,以支持分布式系统。
- 首次使用 afrog 并指定 config 配置文件时,SQLite3 未初始化表,导致插入操作报错的 BUG。
- afrog has updated the POC scanning logic, which now scans regular POCs first and then OOB POCs. This is because concurrent scanning for OOB POCs requires separate configuration and operates at a significantly lower rate than regular POCs.
- The -oob-rate-limit/-orl sets the maximum number of requests per second for OOB POCs, defaulting to 5, while -oob-concurrency/-oc configures the maximum concurrent execution count for OOB POCs, defaulting to 2.
- A bug that caused missed reports when the ceye verification interface was unstable has been fixed.
- The IDs of SQLite3 data tables have been modified to use the Snowflake algorithm to support distributed systems.
- When afrog was used for the first time with a specified config file, SQLite3 did not initialize the tables, resulting in errors for insert operations. This bug has been addressed.
v3.0.5
修复一个BUG,该BUG导致在Linux环境内使用 -ap 命令时,指定路径全部转为小写,从而无法正常工作。
Fix a bug where the -ap command cannot be used due to all specified paths being converted to lowercase within the Linux environment.
v3.0.3 追梦
- 新增 -header 命令,用于自定义 header 头在所有 http 请求中,使用示例:
-header '"Cookie: PHPSESSION=xxxxx","Authorization: yyyyyyyyyy","Token: zzzzz"'
- 命令 -cookie 已废弃
- Introduce the '-header' command for customizing header in all HTTP requests, with usage examples.
-header '"Cookie: PHPSESSION=xxxxx","Authorization: yyyyyyyyyy","Token: zzzzz"'
- The command '-cookie' has been deprecated.