afrog: A Security Tool for Bug Bounty, Pentest and Red Teaming
What is afrog
afrog is a high-performance vulnerability scanner that is fast and stable. It supports user-defined PoC and comes with several built-in types, such as CVE, CNVD, default passwords, information disclosure, fingerprint identification, unauthorized access, arbitrary file reading, and command execution. With afrog, network security professionals can quickly validate and remediate vulnerabilities, which helps to enhance their security defense capabilities.
Features
- Open source
- Fast, stable, with low false positives
- Detailed HTML vulnerability reports
- Customizable and stably updatable PoCs
- Active community exchange group
Example
Scan a single target.
afrog -t http://example.com -o result.html
Scan multiple targets.
afrog -T urls.txt -o result.html
For example urls.txt
http://example.com
http://test.com
http://github.com
Test a single PoC file
afrog -t http://example.com -P ./testing/poc-test.yaml -o result.html
Test multiple PoC files
afrog -t http://example.com -P ./testing/ -o result.html
Output html report
Install & Use
Copyright (c) 2022 zan8in
