Afrog: A Tool for Finding Vulnerabilities

afrog is an excellent performance, fast and stable, PoC customizable vulnerability scanning (hole digging) tool. PoC involves CVE, CNVD, default password, information leakage, fingerprint identification, unauthorized access, arbitrary file reading, command execution, etc. It helps network security practitioners quickly verify and fix vulnerabilities in a timely manner.

Features

• Great performance, least requests, best results
• Real-time display, scanning progress
• View request and response packets of scan results
• Start the program to automatically update the local PoC library
• Long-term maintenance, update PoC
• API interface, easy access to other projects

Install

Method 1: Binary installation (recommended)

• Download the compressed package Go to download
  • MacOS afrog_darwin_amd64.tar.gz
  • Linux afrog_linux_amd64.tar.gz
  • MacOS M1 afrog_linux_arm64.tar.gz
  • Windows afrog_windows_amd64.zip
• Unzip the compressed package
• cd unzip directory
• run afrog

Linux boot

./afrog_linux_amd64 -t example.com -o r.html

Windows boot

afrog_windows_amd64.exe -t example.com -o r.html

Macos boot

./afrog_darwin_amd64 -t example.com -o r.html

Macos m1 boot

./afrog_linux_arm64 -t example.com -o r.html

Method 2: Compile and install

First download the source code

git clone https://github.com/zan8in/afrog

Go to the afrog directory

cd afrog

Then start compiling the source code. Different operating systems have different compilation commands.

Compilation for Linux

To set the variable, execute the following three commands respectively

SET CGO_ENABLED=0
SET GOOS=linux
SET GOARCH=amd64

Then, execute the compile command

go build  -v -a -o afrog_linux_amd64 cmd/afrog/main.go

The compilation is complete, and the files are generated in the afrog directory afrog_linux_amd64

Compilation for Windows

To set the variable, execute the following three commands respectively

SET CGO_ENABLED=0
SET GOOS=windows
SET GOARCH=amd64

Then, execute the compile command

go build -v -a -o afrog_windows_amd64.exe  cmd/afrog/main.go

The compilation is complete, and the files are generated in the afrog directory afrog_windows_amd64

Compilation for MacOS

To set the variable, execute the following three commands respectively

SET CGO_ENABLED=0
SET GOOS=darwin
SET GOARCH=amd64

Then, execute the compile command

go build -v -a -o afrog_darwin_amd64  cmd/afrog/main.go

The compilation is complete, and the files are generated in the afrog directory afrog_darwin_amd64

Compilation for Arm Architecture system（MacOS M1）

To set the variable, execute the following three commands respectively

SET CGO_ENABLED=0
SET GOOS=linux
SET GOARCH=arm

Then, execute the compile command

go build -v -a -o afrog_linux_arm64  cmd/afrog/main.go

The compilation is complete, and the files are generated in the afrog directory afrog_linux_arm64

Examples

Scan a single target.

afrog -t http://127.0.0.1 -o result.html

Scan multiple targets.

afrog -T urls.txt -o result.html

For example: urls.txt

http://192.168.139.129:8080
http://127.0.0.1

Test a single PoC file

afrog -t http://127.0.0.1 -P ./testing/poc-test.yaml -o result.html

Test multiple PoC files

afrog -t http://127.0.0.1 -P ./testing/ -o result.html

Output HTML report

Disclaimer

This tool is only for legally authorized enterprise security construction behavior. If you need to test the usability of this tool, please build a target environment by yourself.

In order to avoid malicious use, all PoCs included in this project are theoretical judgments of vulnerabilities, there is no vulnerability exploitation process, and no real attacks or exploits will be launched on the target.

When using this tool for detection, you should ensure that the behavior complies with local laws and regulations and has obtained sufficient authorization. **Do not scan unauthorized targets. **

If you have any illegal behavior in the process of using this tool, you shall bear the corresponding consequences by yourself, and we will not bear any legal and joint responsibility.

Before installing and using this tool, please must read carefully and fully understand the contents of each clause. Restrictions, disclaimers or other clauses involving your significant rights and interests may be bolded or underlined to remind you to pay attention . Unless you have fully read, fully understood and accepted all the terms of this agreement, please do not install and use this tool. Your use behavior or your acceptance of this agreement in any other express or implied manner shall be deemed that you have read and agreed to be bound by this agreement.