HyperSecurityLabs/OxideCE-v7.7.7ELITE

GitHub: HyperSecurityLabs/OxideCE-v7.7.7ELITE

Rust 编写的模块化漏洞扫描与红队工具包，结合传统扫描引擎与 ML 异常检测，支持多协议渗透测试和分布式扫描。

Stars: 3 | Forks: 0

# OxideCE-v7.7.7ELITE。开放式可扩展情报与检测引擎 — AI 驱动 · 红队 · 兼容 Kali Linux ``` ____ _ __ / __ \_ __(_)___/ /__ / / / / |/_/ / __ / _ \ / /_/ /> [![关于](https://img.shields.io/badge/About-OXIDE-557C94?style=for-the-badge&logo=github&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) 结合传统漏洞扫描与基于 ML 的异常检测的模块化安全工具包。使用 Rust 构建，专为 Kali Linux 打造。 | 组件 | 技术 | |-----------|-----------| | 语言 | Rust 2021 Edition | | 运行时 | `tokio` async | | ML | `smartcore`, `linfa`, `ndarray`, `statrs` | | 报告 | HTML (Cyberpunk) · JSON · CSV · XML | | 传输 | reqwest (gzip + brotli) |

[![Kali Linux](https://img.shields.io/badge/Kali_Linux-Integration-367bf0?style=for-the-badge&logo=kalilinux&logoColor=ffffff)](https://www.kali.org/) ``` Active Recon (pnet) → src/recon.rs #[cfg(target_os = "linux")] Kali Colour Palette → src/cli/display.rs ELITE_KALI #557C94 DEB Packaging → oxide-ce-debian/ Arch Packaging → PKGBUILD ```

[![安装](https://img.shields.io/badge/Installation-Quick_Start-00d4ff?style=for-the-badge&logo=terminal&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) ``` sudo apt install -y build-essential pkg-config libssl-dev cmake curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh source "$HOME/.cargo/env" git clone https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE.git cd OxideCE-v7.7.7ELITE && cargo build --release sudo cp target/release/oxide /usr/local/bin/ oxide --version # → oxide 7.7.7-elite ```

[![用法](https://img.shields.io/badge/Usage-Reference-b388ff?style=for-the-badge&logo=terminal&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) ``` oxide --url https://example.com --modules all --duration 120 # Full scan oxide --url https://example.com --modules sqli,xss,lfi # Specific modules oxide --url https://example.com --zeroday --duration 120 # Zero-day ML oxide --url https://example.com --headless --crawl-depth 5 # JS rendering oxide --url https://example.com --multiattack # Multi-target oxide --url https://example.com --cookie "session=abc123" # Authenticated oxide --url https://example.com --proxy http://127.0.0.1:8080 # Proxy oxide --list-modules # List modules oxide -u targets.txt --threads 50 # From file ```

[![扫描模块](https://img.shields.io/badge/Scanner_Modules-13_Engines-00e676?style=for-the-badge&logo=github&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) | 模块 | 检测内容 | |--------|-----------| | **SQLi** | 报错型、布尔型、时间型、UNION 型、堆叠查询 | | **Blind SQLi** | 盲注 / 基于时间的推理 | | **XSS** | 反射型、存储型、DOM 型 | | **LFI** | 文件读取确认 | | **路径遍历** | 目录遍历 | | **命令注入** | Linux + Windows 命令 | | **CORS** | 配置错误审计 | | **TLS** | 证书、协议、密码套件 | | **通用应用** | Nikto 式路径探测 | | **默认凭证** | 已知管理员凭证 | | **数据库指纹** | MySQL, PG, MSSQL, Oracle, SQLite | | **Cloudflare** | WAF 检测 + 绕过 | | **内容过滤** | 用于密钥、token、机密信息的正则表达式 |

[![Zero-Day ML](https://img.shields.io/badge/Zero--Day_ML-Anomaly_Engine-ff6b6b?style=for-the-badge&logo=smart&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) ``` Phase 1 ── Crawl (30s) → Phase 2 ── ML Analysis + Auto-Exploit Phase 2.5 ── Fuzz (15 payloads) → Phase 3 ── Report ``` | 组件 | 库 | |-----------|---------| | 特征提取 | 自定义 | | 随机森林 | `smartcore` | | SVM | `smartcore` | | 基线分析 | 统计 | | 异常评分 | 多信号 | | 训练器 | `--train` 标志 | 自动利用: SQLi · XSS · LFI · CMDi · SSTI

[![高级功能](https://img.shields.io/badge/Advanced-Capabilities-00d4ff?style=for-the-badge&logo=github&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) **WAF 绕过** — 检测 12 家供应商 · 12 种规避技术 · 源站 IP 发现 **Session 与 Auth** — Cookie, Bearer, Basic, API Key, JWT, OAuth2 · 劫持测试 **JS 爬取** — Headless Chrome · SPA 路由 · JS URL 提取 **API Fuzzer** — REST + GraphQL · 7 种方法 · 6 种内容类型 **WebSocket** — SQLi, XSS, CMDi, 路径遍历, JSON 注入, DoS **分布式** — Master/worker 集群 · TCP 心跳 · 远程执行 **Recon** — TCP 指纹识别 · OS 检测 · Banner grabbing · DNS · WHOIS

[![CLI 参考](https://img.shields.io/badge/CLI-Full_Reference-557C94?style=for-the-badge&logo=terminal&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) | 标志 | 默认值 | 用途 | |------|---------|---------| | `--url` | 必填 | 目标或 `-u targets.txt` | | `--modules` | — | `all` 或逗号分隔 | | `--zeroday` | false | ML 异常模式 | | `--multiattack` | false | 并发多目标 | | `--active` | false | TCP 指纹识别 (sudo) | | `--headless` | false | Chrome JS 渲染 | | `--resume` | false | 从 checkpoint 恢复 | | `--insta` | false | Instagram OSINT | | `--session` | false | Session 劫持测试 | | `--train` | false | 训练 ML 分类器 | | `--download` | false | 自动下载敏感文件 | | `--threads` | 20 | 并发数 (1–100) | | `--jobs` | 2 | 爬取 worker (1–50) | | `--duration` | 0 | 时间限制 (秒) | | `--rate-limit` | 0 | 最大 req/sec | | `--crawl-depth` | 3 | 爬取深度 (最大 10) | | `--max-urls` | 100 | 最大 URL 数 (最大 10000) | | `--exploitation-level` | 50 | 攻击激烈程度 (1–100) | | `--payload-limit` | 50 | 最大 payload 数 | | `--proxy` | — | HTTP 代理 | | `--cookie` | — | Session cookie | | `--header` | — | 自定义 headers | | `--user-agent` | — | 自定义 UA | | `--output` | — | 报告路径 | | `--format` | json | json/html/csv/xml | | `--insecure` | false | 跳过 SSL 验证 | | `--follow-redirects` | false | 跟随重定向 | | `--max-redirects` | 10 | 重定向限制 | | `--silent-mode` | false | 静默输出 | | `--verbose` | false | 详细输出 | | `--list-modules` | — | 列出模块并退出 | | `--exclude` | — | 跳过模块 | 配置: `oxide-config.toml` 用于持久化设置。

[![报告](https://img.shields.io/badge/Reports-Formats-b388ff?style=for-the-badge&logo=github&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) | 格式 | 主题 | 用例 | |--------|-------|----------| | HTML | Cyberpunk 2077 · 扫描线 · 严重性辉光 | 人工审查 | | JSON | 机器可解析 | 自动化 / pipelines | | CSV | 电子表格就绪 | 数据分析 | | XML | 标准 schema | 工具集成 | 自动保存至 `reports/oxide_.*`

[![更新日志](https://img.shields.io/badge/Changelog-v7.7.7--elite-00e676?style=for-the-badge&logo=github&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE/releases) **新增:** - Zero-Day ML 检测引擎 — 具有自动利用功能的独立异常扫描 - Fuzz 测试阶段 — 15 种 payload 类型 · 崩溃/超时/5xx 跟踪 - 采用 Kali 配色的 Cyberpunk 2077 HTML 报告主题 - 自动保存报告 (HTML + JSON) 到 `reports/` 目录 - 在 recon 阶段进行 WAF 检测 - 单次请求超时 (10秒) · 单次利用超时 (8秒) - Headless Chrome JS 爬取 (`--headless`) - WebSocket fuzzing (SQLi, XSS, CMDi, DoS) - API fuzzer (REST + GraphQL, 7 种方法, 6 种内容类型) - 分布式集群扫描 (master/worker) - Instagram OSINT 模块 - Session 劫持测试 · 扫描 checkpoint/恢复 (`--resume`) - 多目标并发扫描 (`--multiattack`) **变更:** - Banner 渐变色: Kali 蓝灰 → 青色 → 薰衣草色 - 持续时间计时器排除了设置开销 - `--list-modules` 不再需要 `--url` **修复:** - Ctrl+C 响应能力 — 每 200ms 轮询一次关闭状态 - Vercel 误报 — 从 CF 检测中移除了 `server-timing` - 持续时间执行 — 单次请求超时 + `should_continue()` 检查 - 在 `filter.rs`, `cookies.rs`, `session.rs`, `tls_scanner.rs` 中实现了 Panic 安全的字符串切片

[![构建](https://img.shields.io/badge/Build-Release-00d4ff?style=for-the-badge&logo=rust&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) ``` cargo build --release # opt-level=3, LTO=fat, stripped, panic=abort cargo test # run tests ./build-ce-deb.sh # Debian package ``` ``` / Main package ├── src/ Source (scanner/, zero_day/, ai/, advanced/, cli/, ...) ├── oxide-proxy/ HTTP + SOCKS4/5 proxy sub-crate ├── hypersecurity/ Kernel memory safety (libloading) ├── oxide-ce-debian/ DEB packaging └── arch-pkg/ Arch packaging ```

[![Kali Linux](https://img.shields.io/badge/Kali_Linux-Official_Repository_Integration-367bf0?style=for-the-badge&logo=kalilinux&logoColor=ffffff)](https://www.kali.org/) OXIDE 社区版旨在纳入官方 Kali Linux 软件源，以便通过以下方式获取： ``` sudo apt update && sudo apt install oxide ``` ### 当前进度 | 步骤 | 状态 | |------|--------| | Debian 打包 (`oxide-ce-debian/`) | ✅ 完成 | | Arch 打包 (`PKGBUILD`) | ✅ 完成 | | Kali 色板集成 | ✅ 完成 | | `pnet` raw socket 支持 | ✅ 完成 | | 社区测试与验证 | ✅ 进行中 | | 提交至 Kali 软件源 | ⏳ 等待中 | ### 为什么选择 Kali？ - 使用 `tokio` async 运行时的 Rust 原生性能 - 补充现有的 Kali 工具 (`sqlmap`, `nmap`, `burpsuite`, `metasploit`) - 基于 ML 的异常检测填补了传统扫描器的空白 - 单二进制部署 — 没有 Python 依赖地狱 - 通过 raw socket (`pnet`) 进行主动 recon 以实现 OS 指纹识别

[![开发](https://img.shields.io/badge/Development-Community_Driven-00d4ff?style=for-the-badge&logo=github&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) OXIDE 的演进离不开**你的反馈**。每一个功能、修复和升级都由社区塑造 — 欢迎报告 bug、提出功能建议并对优先级进行投票。 ``` Latest: v7.7.7-elite — ML engine, fuzzing, WAF bypass, headless JS Next: Shaped by you → open issues, feature requests, PRs Vision: apt install oxide on Kali Linux ``` [![Issues](https://img.shields.io/badge/Request_Feature-ff6b6b?style=for-the-badge&logo=bugatti&logoColor=ffffff)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE/issues) [![Telegram](https://img.shields.io/badge/Give_Feedback-b388ff?style=for-the-badge&logo=telegram&logoColor=ffffff)](https://t.me/hypersecurity_offsec)

[![Star](https://img.shields.io/badge/⭐_Star_on_GitHub-b388ff?style=for-the-badge&logo=github&logoColor=000000)](https://github.com/HyperSecurityLabs/OxideCE-v7.7.7ELITE) [![网站](https://img.shields.io/badge/⎈_Website-00C8B4?style=for-the-badge&logo=google-chrome&logoColor=000000)](https://hypersecurityoffensivelabs-about.is-best.net/) [![Telegram](https://img.shields.io/badge/✉_Telegram-64D2FF?style=for-the-badge&logo=telegram&logoColor=000000)](https://t.me/hypersecurity_offsec) [![论坛](https://img.shields.io/badge/⎈_Community_Forums-b388ff?style=for-the-badge&logo=discourse&logoColor=000000)](https://hypersecurityoffensivelabs-about.is-best.net/forums/index.php)

标签：Rust, URL枚举, 人工智能, 可视化界面, 实时处理, 密码管理, 插件系统, 用户模式Hook绕过, 网络安全, 网络流量审计, 通知系统, 隐私保护