sbe-scan

module

v0.0.3 Latest Latest Go to latest Published: Jan 27, 2024 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wjlin0/sbe-scan

Links

Open Source Insights

README ¶

sbe-scan 是一个用Go语言编写的 SpringBoot ENV 利用工具，可以用来获取 SpringBoot 应用的配置信息，包括配置文件中的配置项、环境变量、JVM参数等。

安装

sbe-scan 需要go 1.21才能完成安装执行以下命令

go install github.com/wjlin0/sbe-scan/cmd/sbe-scan@latest

或者安装完成的二进制文件在release中下载

使用

sbe-scan -help

sbe-scan is a tool to scan spring boot env.

Usage:
  sbe-scan [flags]

Flags:
INPUT:
   -url, -u string[]  URL to scan
   -list string[]     File containing list of URLs to scan

OUTPUT:
   -o, -output string  Directory to save results (default "output/")

CONFIG:
   -eu, -env-url string[]            URL to get env
   -ju, -jolokia-url string[]        URL to get jolokia
   -jlu, -jolokia-list-url string[]  URL to get jolokia list
   -en, -env-name string[]           env name to get env
   -m, -method string[]              method to get env (support methods one)
   -header string[]                  Headers to use for enumeration

LIMIT:
   -timeout int          time to wait in seconds before timeout (default 10)
   -t, -thread int       Number of concurrent threads (default 10) (default 10)
   -rl, -rate-limit int  Rate limit for enumeration speed (n req/sec)

DEBUG:
   -debug                           Enable debugging
   -p, -proxy string[]              list of http/socks5 proxy to use (comma separated or file input)
   -irt, -input-read-timeout value  timeout on input read (default 3m0s)
   -no-stdin                        disable stdin processing

UPDATE:
   -update  Update tool


Examples:
Run sbe-scan on a single targets
        $ sbe-scan -url https://example.com
Run sbe-scan on a list of targets
        $ sbe-scan -list list.txt
Run sbe-scan on a single targets with env-url
        $ sbe-scan -url https://example.com -eu /actuator/env
Run sbe-scan on a single targets with jolokia-list-url
        $ sbe-scan -url https://example.com -jlu /actuator/jolokia/list
Run sbe-scan on a single targets a proxy server
        $ sbe-scan -url https://example.com  -proxy http://127.0.0.1:7890

use pathScan to collect targets and pass them to sbe-scan via standard input

pathScan -ue quake -uq 'app:"springboot"' -uc -silent -ul 200 | sbe-scan

➜  ~ pathScan -ue quake -uq 'app:"springboot"' -uc -silent -ul 200 | sbe-scan

            __
   _____   / /_   ___           _____  _____  ____ _   ____
  / ___/  / __ \ / _ \ ______  / ___/ / ___/ / __  /  / __ \
 (__  )  / /_/ //  __//_____/ (__  ) / /__  / /_/ /  / / / /
/____/  /_.___/ \___/        /____/  \___/  \__,_/  /_/ /_/

				wjlin0.com

慎用。你要为自己的行为负责
开发者不承担任何责任，也不对任何误用或损坏负责.
[INF] Current sbe-scan version v0.0.3 (latest)
[INF] Loaded 109 targets from input
[INF] Running all methods
[INF] find url https://example.com  write to /Users/wjl/output/5051ebf7c0761402e8d072c9a50cb0f1.application.json

Directories ¶

Path	Synopsis
cmd
sbe-scan
pkg
method
method/agent/one
runner
types
update
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL