taibeihacker
Moderator
Navgix是一种多线程Golang工具,将检查nginx别名遍历
Go Build Build
Techniques
当前,Navgix支持2种查找脆弱目录(或位置别名)的技术。那些是以下:Heuristics
navgix will make an initial GET request to the page, and if there are any directories specified on the page HTML (specified in src attributes on html components), it will test each folder in the path for the vulnerability, therefore if it finds a link to /static/img/photos/avatar.png, it will test /static/, /static/img/and /static/img/photos/。Brute-force
Navgix还将测试具有此漏洞的常见目录的简短列表,如果存在这些目录中的任何一个,它也将尝试确认是否存在漏洞。Installation
GIT克隆https://github.com/hakai-OffSec/navgix; CD Navgix;Go Build Build