The background,
This paragraph of time always wanted to just dig in the scanner, found some of his own ideas many predecessors have done a thing, let me a little depressed at the same time, a little excited, that idea is right, I’m going to stand on the shoulders of giants to secondary development, to join some of my ideas, see from freebuf W13Scan scanner, think of the scanner is cool, Prepare for further research.
Since I am a PHP developer, I am not very familiar with Python, so there are some problems in the installation process, write down the solution and give a reference to those who need it.
Install Python
W13ScanIs based onpython3To run it, we need to install itpython3.5The above version can be downloaded frompythonDownload and install from the official websitepython3.6After the installation, open the CMD window and runpythonorpipCommand to see if environment variables are automatically added, as shown in the following figure
As you can see in the picture above,pythonThe installation directory has not been added to the environment variables, sopipThe order wasn’t found. We found itpython“, copy the Python path above,
And open right click on my computer to find the advanced Settings, environment variables inside, as shown below
In the figure above, I have putpythonCatalogue andpipAdd the path to the systempathAnd then let’s reopen onecmdWindow, run the PIP command again, as shown below
As you can see from the figure above, I have successfully added the PIP directory to the environment variable
3. Install dependencies
So what we’re going to do is we’re going toW13ScanAfter the module is installed, find the project directory you just downloaded inWindows10Hold down in the systemshiftButton, and then right click to see the “Open PowerShell Window here” option, which we click as shown below
After entering the powershell window, we perform PIP install – r/requirements. TXT -i https://pypi.tuna.tsinghua.edu.cn/simple command, as shown in the figure below
After the command is executed, some modules may not be installed, you need to go topythonManually download the source code of the corresponding module from the official website to install it, as shown in the following figure
Don’t get upset if you find yourself in a situation like the one above, there is a quick solution, we used the PyCharm editor to quickly solve the problem, as shown below
In the above image, you can see that using PyCharm to open requirements.txt, you can place the mouse over the module that you want to install. Alternatively, when you open requirements. TXT, it will automatically list all required installments. In this case, you can install all dependent modules at once, as shown below
In the image above we check the modules and press the Install button to install all modules
Four, start operation
After the dependency module is installed, it is ready to run. There are two modes of running, active scan and passive proxy. Here I use active scan as an example
inurl: php id=
Copy the codeThe results of the search results are shown below
URLAddresses, both withid=1So let’s pick some random parameters like thatURLTo test the address, run the following command
python W13SCAN\w13scan.py -u "http://www.crammed.be/index.php?id=7"
Copy the codeThe following figure shows the execution result
As can be seen in the figure above, SQL injection vulnerability in URL has been scanned and the saving path has been suggested. We can see the scanning result by opening the corresponding file according to the path, as shown in the figure below
In the figure above, you can see that the scan result shows the name of the POC, the script path, and the URL of the scan; Scan results and sent packets and returned packets
Read the source code
W13Scan scanner is completely open source. I plan to learn deeply and develop on the shoulders of giants. Therefore, I plan to deeply learn the source code
In the figure above, you can see that the lib module has a red warning, indicating that the module cannot be found. The reason is that we opened the wrong directory using PyCharm. The project directory that we should open is the W13SCAN directory that we downloaded from GitHub
In the figure above, we re-open the directory with Pycharm and then re-open the w13Scans.py file, which looks like this
As you can see in the figure above, there is no longer a red warning, we can also use the mouse + CTRL jump source
Author: Tang Qingsong
Date: 2020-12-03