v2.7.5

optimization:

• Fix the false positive problem of ecology-filedownloadforoutdoc-sqli
• Fix CVE-2023-28432 rule writing error
• Fix CVE-2021-22205 rule writing error

优化：

• 修复 ecology-filedownloadforoutdoc-sqli 误报问题
• 修复 CVE-2023-28432 规则编写错误问题
• 修复 CVE-2021-22205 规则编写错误问题

v2.7.3

Add
● -ep, --exclude-pocs，pocs to exclude from the scan (comma-separated)
● -epf, --exclude-pocs-file，list of pocs to exclude from scan (file)

新增命令
● -ep, --exclude-pocs，可用于排除扫描中的 POC（以逗号分隔）
● -epf, --exclude-pocs-file，可用于从扫描中排除 POC 列表（以文件形式提供）

v2.7.2

Changing the backlink alive check to concurrent execution.
Add go poc : ecology-filedownloadforoutdoc-sqli
Poc Count: 1041

将反链存活检查改为并发执行
新增 go poc : ecology-filedownloadforoutdoc-sqli
Poc 总数: 1041

v2.7.1

● Add anti-link platform survival detection function
● Add extractor functionality to extract sensitive information such as version numbers
● Delete PoC: CNVD-2021-15824、t-soft-e-commerce4-urunadi-stored-xss、clicshopping-v2-xss

● 新增反链平台存活检测功能
● 新增提取器 extractors 功能，可提取版本号等敏感信息
● 删除 PoC ： CNVD-2021-15824、t-soft-e-commerce4-urunadi-stored-xss、clicshopping-v2-xss

v2.7.0

● Improvement: Enhance the functionality of the -s and -S commands. Currently, we have added support for using -s and -S simultaneously in both -pl and scan filtering.
● -smart Intelligent adjustment of concurrency based on changes in the total number of assets being scanned.
● Add built-in functions toUpper and toLower.

---

● 改进 -s 和 -S 命令的功能。目前，我们已经支持在 -pl 和扫描过滤中同时使用 -s 和 -S
● -smart 根据资产总数的扫描变化，智能调整并发数。
● 新增内置函数 toUpper 和 toLower

---

afrog 2.7.0 新功能小技巧：
① 搜索“用友”存在的高危和紧急漏洞 afrog -pl -s yonyou,用友 -S high,critical
② 搭配本地的POC一同搜索“用友”存在的高危和紧急漏洞afrog -pl -s yonyou,用友 -S high,critical -ap "d:/mypoc1,e:/mypoc2"
③ 扫描“用友”存在的高危和紧急漏洞 afrog -T urls.txt -s yonyou,用友 -S high,critical

v2.6.1

• We have performed urgent repairs on Yonyou NC PoCs to ensure accurate vulnerability scanning. Thank you, @wuha0926 , for discovering and assisting in resolving the issue.

• Thank you, @zhizhuoshuma, for optimizing the kingdee-erp-binaryformatterproxy-deserial PoCs.

---

• 我们已对 Yonyou NC PoCs 进行紧急修复，以确保扫描能够准确检测漏洞，感谢 @wuha0926 发现并协助修复问题。

• 感谢 @zhizhuoshuma 对 kingdee-erp-binaryformatterproxy-deserial PoCs 进行优化。

v2.6.0 月亮代表我的心

The moon represents my heart.
Add:

• The new feature, -append-poc / -ap, allows specifying one or multiple PoC files or directories to be merged with the built-in PoC for scanning together.
• Rawhttp supports HTTP/socks5 proxies.
• Celebrate! The total number of Afro PoCs has exceeded 1000! The current total is 1018.

月亮代表我的心
新增

• 新增 -append-poc / -ap 功能，允许指定一个或多个PoC文件或目录，以与内置PoC合并后一起进行扫描。
• rawhttp 支持 HTTP/socks5 代理
• 庆祝！afrog PoC 的总数突破了1000个！目前总数为1018个。

v2.5.6

We have fixed a potential false-positive issue with PoC CVE-2022-23131, making it more reliable and accurate in detecting actual vulnerabilities.

v2.5.5

Fix:

Fix -pd command, some PoC content is not printed completely

修复：

• 修复 -pd 命令，部分 PoC 内容打印不全问题

PoC:

累计：951

v2.5.3

Add:
-target / -t now supports multiple URLs, such as: afrog -t example.com,hackerone.com,nmap.org
Add JNDI reverse connection functionality.
Add the afrog calling library and a demonstration example.

新增：
-target / -t 现在支持多个 URL，比如：afrog -t example.com,hackerone.com,nmap.org
添加 JNDI 反连功能
添加 afrog 调用库和演示示例