/Medusa

:cat2:Medusa是一个红队武器库平台,目前包括主动、被动扫描(200+个漏洞)、XSS平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Medusa

Release Release Release Release Release Release

Welcome to Medusa

👉About Medusa

The project is licensed under GPL.Free for non-commercial use.

The project development manpower is insufficient. If you find a problem or have comments, please contact us.

bash Ver. Online

Web Ver. Under development

中文文档 | EnglishDocumentation

💡Document

http://medusa.ascotbe.com

🔎Bug coverage list

http://medusa.ascotbe.com/Documentation/#/PluginDirectory

👾Demo

demo

📖Bash Ver. instructions for use

# clone project files(example for ubuntu
git clone https://github.com/Ascotbe/Medusa.git
cd Medusa
# Install python packages
python3 -m pip3 install -r Medusa.txt
# Use the scanner
python3 MedusaScan.py -u www.ascotbe.com

🚀Git proxy

# If download speed too slow when cloning, then you can use proxy. 
# Global proxy setting
git config --global http.proxy http://127.0.0.1:1080
git config --global https.proxy https://127.0.0.1:1080

📋Parameters

Command Number of parameters Effect Annotation
-u 1 Input single url(Use http:// or https:// first better than none, do not use any paremeters follow the url example : -u https://www.ascotbe.com or -u https://192.168.0.1
-f 1 The filename includes urls that want to scan. -u or -f must exists one and only one
-m 1 Scan for single module,such as: Struts2 or Apache, etc. The specific content can be entered by the corresponding name in the project Modules folder.
-t 1 Processes usage setting, default(-t 5) None
-PL 1 Ports in list form As long as they are separated by non-numbers, ports exceeding 65535 will be eliminated. If -p or -P is not output, the default port will be scanned. eg: 22,139,445,3389
-PR 1 Ports in the form of ranges As long as they are separated by non-digits, ports exceeding 65535 will be eliminated. If -p or -P is not output, the default port will be scanned. eg:1-65535

🍀Updating logs

http://medusa.ascotbe.com/Documentation/#/UpDataLog

📂Bug replicate document

https://www.ascotbe.com/Loophole

💚Discussion

  • If you find that the corresponding vulnerability cannot be scanned by the plug-in, please submit the [Bug] issue
  • If you have any problems that cannot be solved by the documentation, please submit an issue of [help]
  • If you have any good comments or ideas, please submit [idea] issue
  • QQ group:690021184

⚠️Disclaimer

Add the following content to the original protocol:

  • If there is any ambiguity, the Chinese version of the description shall be the only explanation

  • Unauthorized commercial use is prohibited for this project

  • This project is only for the safe construction activities of enterprises that are legally authorized. When using this project for testing, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization.

  • If you have any illegal behavior in the process of using this project, you need to bear the corresponding consequences yourself, and we will not bear any legal and joint liabilities.

  • Before using this project, please read carefully and fully understand the content of each clause. Restrictions, exemption clauses or other clauses involving your major rights and interests may be bolded, underlined, etc. to remind you to pay attention. Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not use this item. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed to have been read and agreed to be bound by this agreement.

🌴Contributors

commit

🏁Timeline

star