Welcome to the official Lotus Lua Scripts repository! Here, we provide a collection of Lua scripts to scan different vulnerabilities.
This table shows the progress of our tool and script development in Lua. We've already rewritten some of our tools, such as the SQLiDetector and Simple SSTI Detector, and we're currently working on several others, including a BugCrowd HunT Framework, a web application scanner, and an SSH bruteforcer.
We're developing scripts for famous CVEs, like CVE-2014-2321, CVE-2019-11248, CVE-2020-11450, and others. We're also working on a scanner for the OWASP Top 10 and a recon Framework.
| Tool/Script | Status |
|---|---|
| SQLiDetector | βοΈ Finished |
| Simple SSTI Detector | βοΈ Finished |
| PHPINFO Finder | βοΈ Finished |
| Jenkins /script RCE Scanner | βοΈ Finished |
| Basic LFI Scanner | βοΈ Finished |
| BugCrowd HunT Framework | β³ In progress |
| Git Dir leakage scanner | βοΈ Finished |
| extractfromjs | βοΈ Finished |
| CVE-2014-2321.lua | βοΈ Finished |
| CVE-2019-11248.lua | βοΈ Finished |
| CVE-2020-11450.lua | βοΈ Finished |
| CVE-2022-0378.lua | βοΈ Finished |
| CVE-2022-0381.lua | βοΈ Finished |
| CVE-2022-1234.lua | β³ In progress |
| SSH Bruteforce | β³ In progress |
| CVE-2017-5638 Apache Struts | β³ In progress |
| CVE-2017-11882 Microsoft | β³ In progress |
| CVE-2018-7600 Drupal | β³ In progress |
| CVE-2018-8174 Windows | β³ In progress |
| CVE-2019-19781 Citrix | β³ In progress |
| CVE-2021-21972 VMware vCenter | βοΈ Finished |
| CVE-2021-21985 VMware vCenter | βοΈ Finished |
| CVE-2023-23752 Joomla! CMS | βοΈ Finished |
| CVE-2023-23333 SolarView Compact | βοΈ Finished |
| OWASP Top 10 Scanner | β³ In progress |
| Recon Script | β³ In progress |
You can use these scripts as an example or on real targets that you have permission to scan. Please use these scripts responsibly and ethically.
To use the Lotus Lua Scripts, you need to have Lotus installed on your system. You can download from the official Repo: https://github.com/rusty-sec/lotus π
Once you have Lotus installed, you can simply download the scripts from this repository and run them using the following command:
# target one script
$ lotus scan scriptname.lua -o out.json
# select all scripts in this directory
$ lotus scan active/ -o out.json
We welcome contributions to the Lotus Lua Scripts repository. If you have a script that you would like to contribute, please fork this repository and submit a pull request.
These scripts are provided for educational purposes only. The authors are not responsible for any damage or illegal activities caused by the misuse of these scripts. Use them at your own risk.