QingScan is a vulnerability scanning aggregation platform. After adding a target, 30 tools are automatically called. Many people also want to add tools by themselves. In fact, adding them is very simple. We have already thought about it for you. can be completed.
1. Add plugins
Fill in the plugin information in Black Box Scanning - "Plugin List - "Add Plugin"
The plug-in information filled in in the above figure, the name of the plug-in can be named at will, the command executed by the plug-in is the command you execute on the command line, and the tool has a corresponding target, which is replaced by _####_ ;
Scan types are divided into domain name, host, code, URL:
- A domain name is a target in a black box target, a site is usually a domain name
- The host is the target in the black box scan -> host list, which is used to scan the IP address
- The code is the target in the project list of the white box audit, which is used for the white box audit.
- URL is a black box target - "target in the URL list, which is used to scan a single URL
After adding the plug-in, it will automatically jump to the plug-in list, and you can see the information just filled in the plug-in list.
I have three records added to my list, so there are three
Second, the test plug-in
After adding the plugin, you only need to add the corresponding target to view the scan results of the custom tool. Here I added a black box target, as shown in the following figure
There is a View Details on the right side of the table. Click View Details to see the scan results of various tools. After QingScan version v1.3.0, custom tools have also been moved.
After entering the black box details page, slide to the bottom to see the data of the custom plugin list
In the figure above, you can see that the results corresponding to the curl request have been displayed in the table. If you add other plugins, the results returned will also be returned here.
Another point to note is that the results of the plugin can not only be displayed on the details page of the target, but also in the plugin result list, as shown in the following figure
GitHub address:
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。