git # 目前收集的联动工具

欢迎大家来提供联动案例。

# httpX (opens new window) - http 快速验证 apisix 漏洞

fofax -q 'title="Apache APISIX Dashboard"' -ffi | httpx -path "/apisix/admin/migrate/export" -status-code -mc 200 -ms '{"Counsumers":[],"Routes'

fofax_httpx

# 快速验证存活并展示标题

fofax  -q 'title="Apache APISIX Dashboard"' -ffi|httpx -title

# Nuclei (opens new window) - 简单快速扫描工具

echo 'app="kubernetes"' | fofax | httpx | nuclei -t ~/nuclei-templates/misconfiguration/kubernetes/kubernetes-pods.yaml
fofax -q 'fx=kubernetes' -fe | httpx | nuclei -t ~/nuclei-templates/misconfiguration/kubernetes/kubernetes-pods.yaml
echo 'fx=kubernetes' | fofax  -fe | httpx | nuclei -t ~/nuclei-templates/misconfiguration/kubernetes/kubernetes-pods.yaml
echo 'fx=kubernetes' | fofax  -fe  -ffi | nuclei -t ~/nuclei-templates/misconfiguration/kubernetes/kubernetes-pods.yaml

fofax_nuclei

# Xray (opens new window) - 被动扫描器

感谢@荋丶 、@becivells两位师傅提供。

echo 'header="rememberme=deleteMe" || header="shiroCookie"' | fofax -fs 100 -e -ec | httpx -o shiro.txt && xray ws ss --uf shiro.txt
./xray --log-level fatal ws --plugins shiro --uf <(echo 'header="rememberme=deleteMe" || header="shiroCookie"' | fofax -fs 10 -ffi -ec )

fofax_xray

# Observer_ward (opens new window) - web 指纹识别工具

感谢@0x727 (opens new window)开源团队提供。

echo 'login' | fofax -fs 100  -ec -ffi | ./observer_ward_darwin --stdin

fofax_observer_ward

# Dismap (opens new window) - web 指纹识别工具

./dismap -file <(echo 'title="login"' | fofax -fs 10 -ffi)

fofax_dismap

# Naabu (opens new window) - 端口扫描器

echo '(title="职业学院" || title="大学" || title="职业技术学院" || title="学院") && country="CN"' | fofax -ff 'domain' -fs 10 | naabu

fofax_naabu

# Nmap (opens new window) - 老牌端口扫描器

# Linux/macOS

nmap -iL <(echo 'app="APACHE-Solr"' | fofax -fs 10 -ff ip)

Nmap

# Windows

echo 'app="APACHE-Solr"' | fofax -fs 1 -ff ip > targets.txt && nmap -iL targets.txt

Nmap2

# Jsubfinder (opens new window) - 从页面获取域名

.\fofax.exe -q 'app=\"Grafana\"' -ffi | jsubfinder.exe search

jsubfinder

# sylas (opens new window) - 获取更多 fofa 数据

sylas -q 'app="APACHE-Solr"'|fofax -ff "host,lastupdatetime" -fs 10000 

sylas

WARNING

-fs 请务必设置为 10000