Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Lotus Lua Scripts is a repository containing a collection of Lua scripts designed to scan for various vulnerabilities.

License

Notifications You must be signed in to change notification settings

CyAxe/lotus-scripts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Lotus Scripts 🌺📜

Welcome to the official Lotus Lua Scripts repository! Here, we provide a collection of Lua scripts to scan different vulnerabilities.

Scripting Progress 📁

This table shows the progress of our tool and script development in Lua. We've already rewritten some of our tools, such as the SQLiDetector and Simple SSTI Detector, and we're currently working on several others, including a BugCrowd HunT Framework, a web application scanner, and an SSH bruteforcer.

We're developing scripts for famous CVEs, like CVE-2014-2321, CVE-2019-11248, CVE-2020-11450, and others. We're also working on a scanner for the OWASP Top 10 and a recon Framework.

Tool/Script Status
SQLiDetector ✔️ Finished
Simple SSTI Detector ✔️ Finished
PHPINFO Finder ✔️ Finished
Jenkins /script RCE Scanner ✔️ Finished
Basic LFI Scanner ✔️ Finished
BugCrowd HunT Framework ⏳ In progress
Git Dir leakage scanner ✔️ Finished
extractfromjs ✔️ Finished
CVE-2014-2321.lua ✔️ Finished
CVE-2019-11248.lua ✔️ Finished
CVE-2020-11450.lua ✔️ Finished
CVE-2022-0378.lua ✔️ Finished
CVE-2022-0381.lua ✔️ Finished
CVE-2022-1234.lua ⏳ In progress
SSH Bruteforce ⏳ In progress
CVE-2017-5638 Apache Struts ⏳ In progress
CVE-2017-11882 Microsoft ⏳ In progress
CVE-2018-7600 Drupal ⏳ In progress
CVE-2018-8174 Windows ⏳ In progress
CVE-2019-19781 Citrix ⏳ In progress
CVE-2021-21972 VMware vCenter ✔️ Finished
CVE-2021-21985 VMware vCenter ✔️ Finished
CVE-2023-23752 Joomla! CMS ✔️ Finished
CVE-2023-23333 SolarView Compact ✔️ Finished
OWASP Top 10 Scanner ⏳ In progress
Recon Script ⏳ In progress

Usage 🚀

You can use these scripts as an example or on real targets that you have permission to scan. Please use these scripts responsibly and ethically.

Installation 🔧

To use the Lotus Lua Scripts, you need to have Lotus installed on your system. You can download from the official Repo: https://github.com/rusty-sec/lotus 🌐

Once you have Lotus installed, you can simply download the scripts from this repository and run them using the following command:

# target one script
$ lotus scan scriptname.lua -o out.json
# select all scripts in this directory
$ lotus scan active/ -o out.json

Contributing 🤝🏼

We welcome contributions to the Lotus Lua Scripts repository. If you have a script that you would like to contribute, please fork this repository and submit a pull request.

Disclaimer ⚠️

These scripts are provided for educational purposes only. The authors are not responsible for any damage or illegal activities caused by the misuse of these scripts. Use them at your own risk.

About

Lotus Lua Scripts is a repository containing a collection of Lua scripts designed to scan for various vulnerabilities.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages