What I have accomplished cannot be reversed
The English documentation was generated by GPT3.5
Analyze and scan traffic by using active crawler mode or passive proxy.
Please read the documentation carefully before using
- nmap
- masscan
- chromium
You should check whether the above programs exist on your machine before using them
If you do not want to install nmap and masscan, you can use-nps to specify that port scanning will not be performed and turn off checking
Three built-in crawler modes are available:
| Mode | Corresponding Parameter |
|---|---|
| crawlergo Crawler (Headless browser mode crawler) | --craw c |
| Default katana Crawler (Standard crawling mode using standard go http library to handle HTTP requests/responses) | --craw k |
| katana Crawler (Headless browser mode crawler) | --craw kh |
When using headless mode, you can specify --show to display the crawling process of the browser.
In active mode, you can enter the Security Copilot mode by specifying --copilot, which will not exit after scanning, making it convenient to view the web results page.
./Jie web -t https://public-firing-range.appspot.com/ -p xss -o vulnerability_report.html --copilotIf the username and password for the web are not specified, a yhy/password will be automatically generated, which can be viewed in the logs. For example, the following is the automatically generated one:
INFO [cmd:webscan.go(glob):55] Security Copilot web report authorized:yhy/3TxSZw8t8w
Passive proxy is implemented through go-mitmproxy.
Why is it called Security Copilot? According to my idea, this is not just a vulnerability scanner, but also a comprehensive auxiliary tool.
After hanging the scanner, go through the website once. Even if there are no vulnerabilities, it should tell me the approximate information of this website (fingerprint, cdn, port information, sensitive information, API paths, subdomains, etc.), which helps in further exploration manually, assisting in vulnerability discovery, rather than just finishing the scan and considering it done, requiring manual reevaluation.
HTTPS websites under passive proxy require installing certificates. The HTTPS certificate-related logic is compatible with mitmproxy,
and The certificate is automatically generated after the command is started for the first time, and the path is ~/.mitmproxy/mitmproxy-ca-cert.pem.
Install the root certificate. Installation steps can be found in the Python mitmproxy documentation: About Certificates.
./Jie web --listen :9081 --web 9088 --user yhy --pwd 123 --debugThis will listen on port 9081, and the web interface (SecurityCopilot) will be open on port 9088.
Set the browser's proxy to 9081, or integrate with Burp.
Some configurations can be modified through Jie_config.yaml, or through the configuration interface of http://127.0.0.1:9088/ (changes made in the web interface will be updated in the configuration file in real-time).
./Jie web -h
Flags:
--copilot Blocking program, go to the default port 9088 to view detailed scan information.
In active mode, specify this parameter to block the program. After scanning, the program will not exit, and you can view information on the web port.
-h, --help help for web
--listen string use proxy resource collector, value is proxy addr, (example: 127.0.0.1:9080).
Proxy address listened to in passive mode, default is 127.0.0.1:9080
--np not run plugin.
Disable all plugins
-p, --plugin strings Vulnerable Plugin, (example: --plugin xss,csrf,sql,dir ...)
Specify the enabled plugins. Specify 'all' to enable all plugins.
--poc strings specify the nuclei poc to run, separated by ','(example: test.yml,./test/*).
Custom nuclei vulnerability template address
--pwd string Security Copilot web report authorized pwd.
Web page login password. If not specified, a random password will be generated.
--show specifies whether to show the browser in headless mode.
Whether to display the browser in active scanning mode
--user string Security Copilot web report authorized user, (example: yhy).]
Web page login username, default is yhy (default "yhy")
--web string Security Copilot web report port, (example: 9088)].
Web page port, default is 9088 (default "9088")
Global Flags:
--debug debug
-f, --file string target file
-o, --out string output report file(eg:vulnerability_report.html)
--proxy string proxy, (example: --proxy http://127.0.0.1:8080)
-t, --target string targetDownload the corresponding program from https://github.com/yhy0/Jie/releases/latest. The entire process is built automatically by Github Action, so
feel free to use it.
