README.md

# dedecmscan

dedescan是一款可以扫描所有已公开的dedecms漏洞的扫描器。

        ...                 ...                                                     
        ...                 ...                                                     
        ...                 ...                                                     
        ...                 ...                                                     
        ...                 ...                                                     
   ........  .......   ........   .......   .......    ......    ......   ........  
  ...  .... .... ....  ... ....  .... ...  .... ...   ... ....  ...  ...  .... .... 
 ....  .... ...   ... ...   ...  ...   ... ...       ...   ...  .    ...  ...   ... 
 ....   ... ......... ...   ... ..........  ....     ...           .....  ...   ... 
 ....   ... ...       ...   ... ....         ......  ...        ........  ...   ... 
 ....  .... ...       ...   ... ....            .... ...   ... ....  ...  ...   ... 
  ...  .... ....  ... ....  ...  ...  .... ...   ... ....  ... ....  ...  ...   ... 
  .........  ........  ........   .......  ........   ........  ........  ...   ... 
    .......   .....     .......    .....     .....      ....     ........ ...   ... 

用法： python3 dedescan.py

然后直接输入域名即可

已实现的功能

• 后台查找（win）
• 版本探测
• 短路经检测
• 路径检测
• trace检测
• advancedsearch.php SqlInject
• sql_class.php SqlInject
• feedback_js.php SqlInject
• getpage xss
• guestbook.php SqlInject
• infosearch.php SqlInject
• jump.php xss
• login.php xss
• recommend.php SQL
• redirect
• reg_new.php SqlInject
• search.php sqlinject
• V5order by SqlInject
• article_keyword_select.php xss
• catelog_tree.php xss
• content_list.php xss
• file_pic_vie.php xss
• pic_view.php xss
• select_images.php xss
• writebook getshell
• digg_frame.php rce
• list.php xss
• login.php xss
• config.php xss
• flash xss

部分截图

其他说明

本程序依赖：

• requests
• re
• termcolor
• threading
• itertools

forked from zjacai/dedecmscan，原版的库貌似没有了，做个备份