HermesToolL/wp-multiscan-bugbounty

GitHub: HermesToolL/wp-multiscan-bugbounty

一款面向授权安全测试的多平台被动漏洞检测工具，支持WordPress、Tomcat、SmarterMail、Laravel和SubrionCMS的CVE快速筛查。

Stars: 0 | Forks: 0

# wp-multiscan-bugbounty 用于 WordPress、Subrion、Tomcat、SmarterMail 和 Laravel 的被动漏洞扫描器。仅检测，不利用。专为授权的 Bug Bounty 研究和安全评估而构建。 # 漏洞扫描器一款**仅限检测**的安全扫描器，用于识别跨多个平台的已知漏洞，包括 WordPress、SubrionCMS、Apache Tomcat、SmarterMail 和 Laravel。专为授权的 Bug Bounty 狩猎和渗透测试而设计。 ## 主要功能 - **零利用** - 仅通过版本检查和端点分析进行被动检测 - **多平台** - WordPress 插件/主题、SubrionCMS、Apache Tomcat、SmarterMail、Laravel - **CVE 覆盖** - 追踪 25+ 个关键 CVE，包含 2024-2025 年的披露 - **并发扫描** - 多线程架构，实现高效评估 - **详细报告** - 提供 JSON 和文本输出，包含修复指导 ## 法律合规 ⚠️ **仅供授权使用**：本工具**不执行任何利用** - 它仅检测易受攻击的版本和可访问的端点。请仅在你拥有的系统上使用，或在获得明确书面许可的情况下进行测试。 ## 快速开始 ``` # 安装依赖 pip install requests urllib3 # 扫描单个目标 python scanner.py -u https://example.com # 扫描多个目标 python scanner.py -f targets.txt -t 20 # 🔍 WordPress & 多平台漏洞扫描器 [![Python 3.8+](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) A **detection-only** vulnerability scanner designed for authorized bug bounty hunting and security research. Identifies security vulnerabilities across WordPress, Apache Tomcat, SmarterMail, Laravel, and SubrionCMS without exploitation. ⚠️ **FOR AUTHORIZED USE ONLY** - Use only on systems you have explicit written permission to test. ## 🚀 功能 - **Multi-Platform Support**: WordPress, Apache Tomcat, SmarterMail, Laravel, SubrionCMS - **Passive Detection**: No exploitation, only version checks and endpoint verification - **Threaded Scanning**: Configurable concurrent scans for efficiency - **Comprehensive Reporting**: JSON, TXT, and detailed markdown reports - **CVE Coverage**: Includes recent critical CVEs: - CVE-2025-24813 (Apache Tomcat RCE) - CVE-2025-52691 (SmarterMail Arbitrary File Upload) - CVE-2024-21546 (Laravel File Upload Bypass) - And 20+ WordPress plugin vulnerabilities ## 📋 需求 - Python 3.8+ - `requests` library - `urllib3` ## 🔧 安装 ```bash # 克隆仓库 git clone https://github.com/yourusername/wp-multi-vuln-scanner.git cd wp-multi-vuln-scanner # 安装依赖 pip install -r requirements.txt # 或作为包安装 pip install -e . Supported Vulnerabilities WordPress: Modern Events Calendar, iDraw, WooCommerce Gift Card, WPVivid Backup, and 15+ plugins Apache Tomcat: CVE-2025-24813 (File Upload RCE) SmarterMail: CVE-2025-52691 (Arbitrary File Upload) Laravel: CVE-2024-21546 (Upload Bypass) SubrionCMS: CVE-2018-19422 (Admin Panel Upload) Output vuln.txt - List of vulnerable targets detailed_report.txt - Full technical findings with remediation ```

标签：Apache Tomcat, Bug Bounty, Claude, CVE检测, Laravel, Python安全工具, SmarterMail, Snort++, SubrionCMS, WordPress安全, 加密, 反取证, 可自定义解析器, 合规检测, 多平台扫描, 安全评估, 密码管理, 插件系统, 操作系统监控, 漏洞扫描器, 版本识别, 白盒审计, 网络安全, 聊天机器人, 被动扫描, 逆向工具, 隐私保护