afrog

What is it for?

afrog is a high-performance vulnerability scanner designed for security testing, bug bounty, pentesting, and red teaming. It detects known vulnerabilities (CVE, CNVD, default passwords, information leaks, unauthorized access, command execution, etc.) using customizable Proof of Concepts (PoCs) and generates detailed HTML reports.

Installation

Prerequisites

Go 1.19 or higher

Quick installation (binary)

Download the latest binary from: https://github.com/zan8in/afrog/releases/latest
Unzip and give execution permissions:
```
chmod +x afrog
./afrog -h
```

Install from source

git clone https://github.com/zan8in/afrog.git
cd afrog
go build cmd/afrog/main.go
./afrog -h

Install with Go

go install -v github.com/zan8in/afrog/v3/cmd/afrog@latest

Basic usage

Scan a single target:

afrog -t https://example.com

Scan multiple URLs:

afrog -T urls.txt

Scan using custom PoCs:

afrog -t https://example.com -P my_pocs_folder/

Filter by keyword in PoCs:

afrog -t https://example.com -s weblogic,jboss

Filter by severity:

afrog -t https://example.com -S high,critical

Generate JSON report:

afrog -t https://example.com -json result.json

Usage examples

Scan a site and generate an HTML report:
```
afrog -t https://victim.com
```
The report is automatically saved in the current folder.
Scan several sites from a file:
```
afrog -T targets.txt
```

Use web mode to view results in your browser:

afrog -web
# Then open http://localhost:16868 in your browser

Notes

The first use creates the configuration file afrog-config.yaml in ~/.config/afrog/.
For PoCs that require interaction with external services (like ceye.io), configure the keys in the YAML file.
Legal use: Only use on your own systems or with explicit authorization.

🚨 R1nzler

Explorer