UNPKG

overflow-scanner

Version:

Vulnerability scanning using graphs!

github.com/Milk-Cool/overflow

Milk-Cool/overflow

144 lines (142 loc) 8.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>overflow.docs</title> <link href="style.css" rel="stylesheet"> </head> <body> <h1>overflow.docs</h1> <h2>How to use</h2> <p>Overflow is based on node graphs, which are "blocks" (e.g. nodes) connected with each other. Each node gets something as input from nodes connected from the left, does something with it and passes the output along to other nodes, connected from the right.</p> <p>To add a node, double-click empty space in your workspace. Then you can choose what type of node you want to add, set up the parameters, etc.</p> <p>To connect nodes between each other, drag your mouse from a right-side connector to a left-side connector.</p> <p>Please note: some modules require the corresponding tools to be installed an in PATH. If you don't have them installed in your system, the modules <b>will not work</b> and <b>will throw an error!</b></p> <p>On the bottom panel, there are logs and controls on the left side and the tasks view on the right side.</p> <p>The logs display all vulnerable targets, errors and messages.</p> <p>The tasks view displays all currently running tasks, such as scanning or auditing.</p> <p>As for the controls...</p> <ul> <li><b>Run</b> - runs the current workspace, starting from the input nodes (such as <code>overflow/const</code> or <code>overflow/crtsh</code>)</li> <li><b>Clear logs</b> - clears the logs</li> <li><b>Save</b> - saves the workspace to a <code>.json</code> file</li> <li><b>Load</b> - loads the workspace from a <code>.json</code> file</li> <li><b>Docs</b> - opens this page</li> </ul> <h2>Nodes documentation</h2> <details> <summary><code>overflow/const</code></summary> <p>Allows you to paste in or type in a raw list of targets to scan. Targts are separated by newlines.</p> </details> <details> <summary><code>overflow/log</code></summary> <p>Logs a target as vulnerable with an optional custom messsage. The logged target will appear in the "Logs" section.</p> </details> <details> <summary><code>overflow/hasport</code></summary> <p>Takes in a list of targets as input and only outputs those targets that have a port in them.</p> </details> <details> <summary><code>overflow/iprange</code></summary> <p>Takes an IP and a mask, generates a CIDR notation with them (e.g. <code>IP = 192.168.1.0, MASK = 24 -> CIDR = 192.168.1.0/24</code>) and outputs all IPs for that notation.</p> <p><b>Note</b>: Please keep in mind that all IPs are stored in memory at once as strings, so please do not run this with masks lower than 12.</p> </details> <details> <summary><code>overflow/nmap</code></summary> <p>Takes in a list of targets as input and outputs targets with open ports using nmap (installed separately).</p> <p><b>Example</b>: <code>192.168.1.45 -> 192.168.1.45:80, 192.168.1.45:22</code></p> </details> <details> <summary><code>overflow/stripports</code></summary> <p>Takes in a list of targets with ports as input and outputs targets without their ports.</p> <p><b>Example</b>: <code>192.168.1.45:80 -> 192.168.1.45</code></p> </details> <details> <summary><code>overflow/crtsh</code></summary> <p>Makes a request to <a href="https://crt.sh">crt.sh</a> and returns unique subdomains.</p> </details> <details> <summary><code>overflow/stripproto</code></summary> <p>Takes in a list of targets with protocols as input and outputs targets without their protocols.</p> <p><b>Example</b>: <code>ftp://192.168.1.45 -> 192.168.1.45</code></p> </details> <details> <summary><code>overflow/prefixsuffix</code></summary> <p>Adds a prefix and a suffix to a target, can be useful for adding protocols, ports or paths.</p> </details> <details> <summary><code>overflow/metasploitcheck</code></summary> <p>Checks a target using metasploit (installed separately) with the specified exploit. Metasploit is launched with overflow if present on the system.</p> </details> <details> <summary><code>overflow/lograw</code></summary> <p>Logs text as-is.</p> </details> <details> <summary><code>overflow/strippaths</code></summary> <p>Strips paths from targets.</p> </details> <details> <summary><code>overflow/burp</code></summary> <p>Connects to a running Burp Suite (installed separately) instance and scans a webpage using a preset configuration (created in Burp Suite). Requires a valid URL as input and Burp Suite to be set up properly (google "burp suite rest api").</p> </details> <details> <summary><code>overflow/sublist3r</code></summary> <p>Like <code>overflow/crtsh</code>, but using Sublist3r (installed separately). The path to Sublist3r can be customized.</p> </details> <details> <summary><code>overflow/zap</code></summary> <p>Like <code>overflow/burp</code>, but connects to a running ZAP instance (installed separately). To set up ZAP, go to Settings -> API and generate an API key.</p> <p>Has two modes: <code>spider</code> and <code>scan</code>. Please note that unless a URL was detected by ZAP with <code>spider</code>, <code>scan</code> can't scan it. Also, <code>spider</code> only returns targets, while <code>scan</code> only returns logs.</p> </details> <details> <summary><code>overflow/sqlmap</code></summary> <p>Takes a valid URL as an input and runs sqlmap (installed separately) with customizable parameters. The path to sqlmap can be customized.</p> </details> <details> <summary><code>overflow/hasproto</code></summary> <p>Takes in a list of targets as input and only outputs those targets that have a protocol in them.</p> </details> <details> <summary><code>overflow/haspath</code></summary> <p>Takes in a list of targets as input and only outputs those targets that have a path in them.</p> </details> <details> <summary><code>overflow/regex</code></summary> <p>Takes in a list of targets as input and only outputs those targets that match a set regex pattern.</p> </details> <details> <summary><code>overflow/regexmatch</code></summary> <p>Takes in a list of targets as input and outputs regex matches from the inputs.</p> </details> <details> <summary><code>overflow/regexreplace</code></summary> <p>Takes in a list of targets as input and outputs those targets with text matching set regex pattern replaces with set text.</p> </details> <details> <summary><code>overflow/deduplicate</code></summary> <p>Deduplicates a list of targets. Only works when given a <i>list</i> of targets, not when targets are sent individually.</p> </details> <details> <summary><code>overflow/sortabc</code></summary> <p>Alphabetic sorting of targets.</p> </details> <details> <summary><code>overflow/dns</code></summary> <p>DNS resolver. Resolves to both v4 and v6 IPs.</p> </details> <details> <summary><code>overflow/dnsreverse</code></summary> <p>Reverse DNS resolver. Resolves to domains. <a href="https://ipinfo.io">Uses ipinfo.io</a></p> </details> <details> <summary><code>overflow/file</code></summary> <p>Appends the input to the specified file.</p> </details> <details> <summary><code>overflow/logpost</code></summary> <p>Sends the targets to an HTTP endpoint using POST. It sets the <code>User-Agent</code> header to <code>overflow</code> and sends a JSON array.</p> </details> </body> </html>