StarCrossPortal/scalpel

scalpel是一款命令行漏洞扫描工具，支持深度参数注入，拥有一个强大的数据解析和变异算法，可以将常见的数据格式（json, xml, form等）解析为树结构，然后根据poc中的规则，对树进行变异，包括对叶子节点和树结构的变异。变异完成之后，将树结构还原为原始的数据格式。

Issues

运行后怎么才会生成文件，运行不结束
#20 opened a year ago by xiaoliusec
0
代理问题
#19 opened 2 years ago by mormkkkk
0
输出报告“漏洞名称”字段显示为test
#18 opened 2 years ago by oldhand2016
0
报告输出缺少api调用
#17 opened 2 years ago by oldhand2016
0
通用漏洞检测建议
#14 opened 2 years ago by pwnhxl
1
浏览器挂代理不会进行扫描
#15 opened 2 years ago by pwnhxl
0
建议怎加界面功能说实话命令行不太友好
#16 opened 2 years ago by xf43k
1
运行后没生成任何文件
#12 opened 2 years ago by lusiwei
1
关天证书的问题
#11 opened 2 years ago by lutong9527
1
err: open : no such file or directory
#10 opened 2 years ago by studyVVVV
1
使用说明不太清晰，不太懂~~~~
#9 opened 2 years ago by QianQuanX
2
关于使用过程遇到问题
#8 opened 2 years ago by wolefu
1
二级目录里的poc好像不会自动加载
#3 opened 2 years ago by cokeBeer
5
Content-Type和body类型不一致的问题
#4 opened 2 years ago by cokeBeer
1
如果参数是经过编码或者加密，如何解决
#7 opened 2 years ago by gcf0082
3
问题
#1 opened 2 years ago by jinzezhi
6
延时注入问题
#6 opened 2 years ago by AirSkye
1
【需求】增加响应对比规则
#2 opened 2 years ago by Luoooio
4