Soulcynics404/venomstrike

GitHub: Soulcynics404/venomstrike

一款基于Rust的Web漏洞扫描器与VAPT报告生成器，自动化完成安全评估与合规报告输出。

Stars: 1 | Forks: 0

# 🐍 VenomStrike ### 高级 Web 漏洞扫描器与 VAPT 报告生成器 ![Rust](https://img.shields.io/badge/Rust-000000?style=for-the-badge&logo=rust&logoColor=white) ![License](https://img.shields.io/badge/License-MIT-green.svg?style=for-the-badge) ![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20macOS%20%7C%20Windows-blue?style=for-the-badge) **A comprehensive command-line web vulnerability scanner built in Rust that performs automated security assessments and generates professional VAPT reports.** [Features](#features) • [Installation](#installation) • [Usage](#usage) • [Architecture](#architecture) • [Reports](#reports) • [Contributing](#contributing)

## 🎯 功能特性 ### 扫描流程 | Phase | Description | |-------|-------------| | **Phase 1: Reconnaissance** | DNS enumeration, subdomain discovery, port scanning (optional Nmap integration) | | **Phase 2: Fingerprinting** | Web server, CMS, programming language, JS libraries, WAF detection | | **Phase 3: CVE Intelligence** | NVD API 2.0 + ExploitDB + EPSS scores + CISA KEV catalog | | **Phase 4: Active Scanning** | Custom-built scanners for 11+ vulnerability types | | **Phase 5: VAPT Reporting** | HTML, JSON, PDF, and SARIF report generation | ### 漏洞扫描器 - ✅ SQL Injection (error-based, boolean-blind, time-based) - ✅ Cross-Site Scripting (XSS) with encoding bypass - ✅ Server-Side Request Forgery (SSRF) - ✅ Local/Remote File Inclusion (LFI/RFI) - ✅ Server-Side Template Injection (SSTI) - ✅ OS Command Injection - ✅ CORS Misconfiguration - ✅ Open Redirect - ✅ CSRF Detection - ✅ Security Header Analysis - ✅ SSL/TLS Certificate Checks ### CVE 情报引擎（核心差异化功能） - 🔍 **NIST NVD API 2.0** — CVE lookup by CPE string - 💀 **ExploitDB Integration** — Maps CVEs to available exploits - 📊 **EPSS Scores** — Exploitation probability from FIRST.org - 🚨 **CISA KEV Catalog** — Known Exploited Vulnerabilities - 🛡️ **Remediation Guidance** — Prioritized fix recommendations ### 报告格式 - 📄 **HTML** — Interactive report with severity charts and executive summary - 📋 **JSON** — Machine-readable for CI/CD pipeline integration - 📑 **PDF** — Client-ready professional format - 🔗 **SARIF** — GitHub Security tab integration ## 📦 安装 ### 先决条件 - Rust 1.70+ (install via [rustup](https://rustup.rs)) - OpenSSL development libraries - Optional: Nmap, wkhtmltopdf, Docker ### 从源码构建 ``` # 克隆仓库 git clone https://github.com/Soulcynics404/venomstrike.git cd venomstrike # 安装系统依赖（Kali Linux / Debian） sudo apt install -y build-essential pkg-config libssl-dev wkhtmltopdf nmap # 构建 cargo build --release # 全局安装（可选） sudo cp target/release/venomstrike /usr/local/bin/ ``` # Docker ``` docker build -t venomstrike . docker run venomstrike scan --target https://example.com ``` ## 🚀 使用方法 ### 完整扫描 ``` venomstrike scan --target https://example.com --formats html,json,sarif ``` ## 使用全部选项进行扫描 ``` venomstrike scan \ --target https://example.com \ --threads 20 \ --rate-limit 15 \ --phases recon,fingerprint,cve,active,report \ --formats html,json,pdf,sarif \ --output ./reports \ --nmap \ --nvd-key YOUR_NVD_API_KEY \ --cookie "session=abc123" \ --verbose ``` ## 仅侦察模式 ``` venomstrike recon --target https://example.com --nmap ``` ## CVE 查询 ``` venomstrike cve-lookup --technology apache --version 2.4.51 ``` ## 从之前的扫描生成报告 ``` venomstrike report --input ./reports/scan_results.json --formats html,pdf ``` ## 📋 命令参考 | Command | Description | |---------|-------------| | `scan` | Full vulnerability scan | | `recon` | Reconnaissance phase only | | `cve-lookup` | CVE lookup for a specific technology | | `report` | Generate reports from JSON results | ### 关键选项 | Option | Description | Default | |--------|-------------|---------| | `--target` | Target URL | Required | | `--threads` | Concurrent threads | 10 | | `--rate-limit` | Requests per second | 10 | | `--phases` | Scan phases to run | all | | `--formats` | Report output formats | html,json | | `--nmap` | Enable Nmap port scanning | false | | `--nvd-key` | NVD API key for faster lookups | None | | `--proxy` | HTTP/SOCKS5 proxy | None | | `--cookie` | Session cookie | None | | `--auth` | Authorization header | None | | `--verbose` | Detailed output | false | ## 🏗️ 架构 ``` venomstrike/ ├── src/ │ ├── main.rs # Entry point │ ├── lib.rs # Library root │ ├── cli.rs # CLI argument parsing (clap) │ ├── config.rs # Configuration management │ ├── error.rs # Custom error types │ ├── core/ │ │ ├── engine.rs # Main scan orchestrator │ │ ├── rate_limiter.rs # Request rate limiting │ │ ├── scope.rs # Scope enforcement │ │ ├── session.rs # HTTP session management │ │ └── crawler.rs # Web crawler │ ├── recon/ # Phase 1: Reconnaissance │ ├── fingerprint/ # Phase 2: Technology detection │ ├── cve/ # Phase 3: CVE intelligence │ ├── scanners/ # Phase 4: Vulnerability scanners │ │ ├── traits.rs # Scanner plugin trait │ │ ├── sqli.rs # SQL Injection │ │ ├── xss.rs # Cross-Site Scripting │ │ └── ... # Additional scanners │ ├── reporting/ # Phase 5: Report generation │ └── utils/ # Utility functions ├── payloads/ # External payload files ├── config/ # Configuration files ├── data/ # CVE databases └── tests/ # Test suite ``` ### 插件架构 Adding a new scanner is simple — implement the `VulnerabilityScanner` trait: ``` use async_trait::async_trait; use crate::scanners::traits::VulnerabilityScanner; pub struct MyCustomScanner; #[async_trait] impl VulnerabilityScanner for MyCustomScanner { fn name(&self) -> &str { "My Custom Scanner" } fn description(&self) -> &str { "Checks for custom vulnerability" } async fn scan( &self, pages: &[CrawledPage], client: &reqwest::Client, ) -> VenomResult> { // Your scanning logic here Ok(vec![]) } } ``` Then register it in `src/scanners/mod.rs`. ## 🧪 测试 ### 运行测试 ``` cargo test ``` ### 针对易受攻击应用进行测试 ``` # 启动易受攻击的应用 docker-compose up -d # 扫描 DVWA venomstrike scan --target http://localhost:8081 --formats html # 扫描 WebGoat venomstrike scan --target http://localhost:8082/WebGoat --formats html # 扫描 Juice Shop venomstrike scan --target http://localhost:8083 --formats html # 停止应用 docker-compose down ``` ## 🔑 环境变量 | Variable | Description | |----------|-------------| | `NVD_API_KEY` | NIST NVD API key for faster CVE lookups | Get a free NVD API key: https://nvd.nist.gov/developers/request-an-api-key ## 📊 示例报告输出 ``` ┳ VenomStrike v1.0.0 🎯 Target: https://example.com ══ Phase 1: Reconnaissance ══ → DNS: A → 93.184.216.34 → Found 5 subdomains → Found 3 open ports ══ Phase 2: Technology Fingerprinting ══ → Apache v2.4.51 → PHP v8.1.0 → WordPress v6.4.2 ══ Phase 3: CVE Intelligence Engine ══ ⚠ CVE-2023-25690 [CRITICAL] CVSS: 9.8 ⚠ CVE-2023-31122 [HIGH] CVSS: 7.5 ══ Phase 4: Active Vulnerability Scanning ══ 🔥 [CRITICAL] SQL Injection at /page?id=1 🔥 [HIGH] Reflected XSS at /search?q=test ══ Scan Complete ══ Critical: 2 | High: 3 | Medium: 5 | Low: 8 | Info: 4 ``` ## ⚠️ 免责声明 **VenomStrike is designed for authorized security testing only.** Always obtain proper written authorization before scanning any target. Unauthorized scanning is illegal and unethical. The authors are not responsible for any misuse of this tool. ## 📜 许可证 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. ## 🤝 贡献 Contributions are welcome! Please: 1. Fork the repository 2. Create a feature branch (`git checkout -b feature/new-scanner`) 3. Commit your changes (`git commit -am 'Add new scanner'`) 4. Push to the branch (`git push origin feature/new-scanner`) 5. Open a Pull Request

Built with ❤️ and Rust by Soulcynics404

标签：C2日志可视化, CISA KEV, CORS误配置, CSRF检测, CTI, CVE情报, DNS枚举, EPSS, ExploitDB, Homebrew安装, HTML报告, JSON报告, JSON 请求, LFI/RFI, NVD API, PDF报告, Rust安全工具, SARIF报告, SSL/TLS证书检查, SSRF, SSTI, VAPT报告, Web服务器指纹, Web漏洞扫描, 可视化界面, 命令注入, 命令行扫描器, 多平台支持, 多模态安全, 安全头分析, 开放重定向, 指纹识别, 数据统计, 文档结构分析, 端口扫描, 编程语言识别, 网络安全工具, 请求拦截, 调试插件, 通知系统