Skip to content

Latest commit

 

History

History
71 lines (46 loc) · 4.17 KB

README.md

File metadata and controls

71 lines (46 loc) · 4.17 KB

Serein | rain falling from a cloudless sky

Declaration

  • This project is only for authorized use. It is prohibited to use this project for illegal operations, otherwise you will be responsible for the consequences. Please abide by the laws of your country! ! !

  • I wrote it after staying up late for a short period of time, and my head is dizzy. I expect there will be many mistakes. Please point out that my contact information has been posted below, I would be very grateful!

  • Planning to add an exploit module every day in July, so welcome star/fork, every star and fork of yours is my motivation!

Latest-Interface-Display

0

Exploit-Example

  1. We want to exploit the Fumeng Cloud AjaxMethod.ashx SQL injection vulnerability in batches, so we base64 encrypt the statement and get: dGl0bGU9IuWtmuebn+S6kSAi.

  2. We choose to get the first 2000 (the specific number needs to be filled in according to your own membership):

    0

    1

    2

  3. Click directly on Fumeng Cloud AjaxMethod.ashx SQLinjection [auto-muti-exp]:

    3

  4. You can see that the software starts batch testing:

    5

  5. Delete the three files urls.txt, corrected url.txt, host.txt in the folder, and prepare to use other modules.

How-To-Use

  1. git clone https://github.com/W01fh4cker/Serein_Linux.git
    cd Serein_Linux
    pip3 install -r requirements.txt
    python3 Serein_Linux.py
  2. Click Software Configuration in the upper left corner to configure email and key of fofa (note that it is not a password, but API KEY in https://fofa.info/personalData), then you can be happy to use fofa search instead. **Note: It must be a fofa ordinary/advanced/enterprise account, because fofa registered members need to consume f coins to call api, if you are a registered member, please make sure you have f coins, otherwise you cannot query ! **

  3. After the collection is completed, urls.txt, corrected url.txt, host.txt will be generated in the same level directory of the software, and the collected original url , url with http/https header added and Website IP only will be saved respectively.

  4. After completing a scan task, to start the next scan, please delete the three files urls.txt, correcturl.txt, and host.txt in the folder.

  5. If you encounter any problems in use and have lively ideas, you have three ways to communicate with me:

mailto:sharecat2022@gmail.com

https://github.com/W01fh4cker/Serein/issues

Wechat: W01fh4cker

To-Do List

  1. Improve the weight query module. When we want to submit the vulnerability platform after one-click stud, because the platform has weight requirements, we need to carry out ip-->domain for the website containing the vulnerability, then reverse the domain name, and use multiple query interfaces for weighting Query, filter out websites that meet the weight requirements, and export them.
  2. (Preferred) Add other search engines, such as: Censys, Zoomeye, Quake, etc.
  3. Add proxy mode.
  4. Others have not been thought of yet. If you have any ideas, you can put them directly in issues.

W01fh4cker's interest exchange community

  • https://discord.gg/n2c5Eaw4Jx

image

Star Growth Curve

Stargazers over time