diff --git "a/P1soda - Poc\346\226\207\346\241\243.md" "b/P1soda - Poc\346\226\207\346\241\243.md"
new file mode 100644
index 0000000..cf5d122
--- /dev/null
+++ "b/P1soda - Poc\346\226\207\346\241\243.md"
@@ -0,0 +1,61 @@
+P1soda Poc库
+
+```
+|-- 74cms-weixin-sqli.yaml
+|-- UEditor
+| `-- ueditor_file_upload.yml
+|-- docker
+|-- exchange-version-Detection.yaml
+|-- exposed-docker-api.yaml
+|-- gitlab
+| `-- gitlab-CVE-2021-22205-Preauth-RCE-\264\355\316\363\316\264\321\351\326\244.yaml
+|-- hikivision
+| |-- hikivision-CVE-2021-7921-infoLeak.yaml
+| |-- hikivision-version-Detection.yaml
+| |-- hikvision-cve-2021-36260.yml
+| |-- hikvision-isecure-info-leak.yaml
+| |-- hikvision-ivms-file-upload-bypass.yaml
+| |-- hikvision-ivms-file-upload-rce.yaml
+| `-- hikvision-js-files-upload.yaml
+|-- jenkins
+| |-- jenkins-asyncpeople.yaml
+| |-- jenkins-script.yaml
+| |-- jenkins-stack-trace.yaml
+| `-- jenkins-unauthenticated.yaml
+|-- nacos
+| |-- nacos-auth-bypass.yaml
+| `-- nacos-version.yaml
+|-- phpmyadmin-unauth.yaml
+|-- sangfor-ba-rce.yaml
+|-- sangfor-edr-auth-bypass.yaml
+|-- sangfor-edr-rce.yaml
+|-- sangfor-login-rce.yaml
+|-- sangfor-ngaf-lfi.yaml
+|-- seeyon-config-exposure.yaml
+|-- seeyon-createmysql-exposure.yaml
+|-- seeyon-initdata-exposure.yaml
+|-- seeyon-oa-setextno-sqli.yaml
+|-- seeyon-oa-sp2-file-upload.yaml
+|-- thinkphp
+| |-- thinkphp-2-rce.yaml
+| |-- thinkphp-501-rce.yaml
+| |-- thinkphp-5022-rce.yaml
+| |-- thinkphp-5023-rce.yaml
+| |-- thinkphp-509-information-disclosure.yaml
+| `-- thinkphp6-arbitrary-write.yaml
+|-- tomcat
+| `-- tomcat_manager_leak.yml
+|-- vmwareEsxi
+| |-- Vmware_ESXI-Detection.yaml
+| |-- vcenter-CVE-2021-21972.yml
+| |-- vcenter-CVE-2021-21985.yml
+| |-- vcenter-CVE-2021-22005.yml
+| `-- vmware-CVE-2022-22954.yml
+|-- wooyun-2015-148227.yaml
+|-- zabbix
+| `-- zabbix-cve-2022-23231.yml
+|-- zhiyuan-file-upload.yaml
+|-- zhiyuan-oa-info-leak.yaml
+`-- zhiyuan-oa-session-leak.yaml
+```
+
diff --git "a/P1soda - \346\217\222\344\273\266\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/P1soda - \346\217\222\344\273\266\344\275\277\347\224\250\346\214\207\345\215\227.md"
new file mode 100644
index 0000000..5ccdab3
--- /dev/null
+++ "b/P1soda - \346\217\222\344\273\266\344\275\277\347\224\250\346\214\207\345\215\227.md"
@@ -0,0 +1,230 @@
+## Netspy 网段探测插件
+
+需要的参数如下
+
+```
+-plg netspy //指定插件
+-spymode rapid (默认值) / depth //rapid 急速探测,depth 深度探测
+-cidr 10.10.10.10/16 //指定网段
+```
+
+命令行使用示例 `P1soda.exe -plg netspy -cidr 38.45.22.41/22,101.43.3.46/16`
+
+```
+P1soda (苏打水) 是一款迈向更高、更快、更强的全方位内网扫描工具, Powered by P001water
+beta_version: 0.0.6
+
+[INF] 38.45.22.41/22 is from 38.45.20.0 to 38.45.23.255
+[INF] 101.43.3.46/16 is from 101.43.0.0 to 101.43.255.255
+[INF] NetSpy mode: rapid
+[INF] NetSpy num 520 ; spy example: [38.45.20.1 38.45.20.252]
+[INF] 38.45.23.1 up --> 38.45.23.1/24
+[INF] 38.45.22.1 up --> 38.45.22.1/24
+[INF] 101.43.10.111 up --> 101.43.10.111/24
+[INF] 101.43.2.135 up --> 101.43.2.135/24
+[INF] 101.43.9.170 up --> 101.43.9.170/24
+[INF] 101.43.4.75 up --> 101.43.4.75/24
+[INF] 101.43.27.17 up --> 101.43.27.17/24
+[INF] 101.43.34.196 up --> 101.43.34.196/24
+[INF] 101.43.33.84 up --> 101.43.33.84/24
+[INF] 101.43.16.173 up --> 101.43.16.173/24
+[INF] 101.43.29.83 up --> 101.43.29.83/24
+[INF] 101.43.6.8 up --> 101.43.6.8/24
+[INF] 101.43.31.223 up --> 101.43.31.223/24
+[INF] 101.43.1.218 up --> 101.43.1.218/24
+[INF] 101.43.22.37 up --> 101.43.22.37/24
+[INF] 101.43.21.16 up --> 101.43.21.16/24
+[INF] 101.43.15.86 up --> 101.43.15.86/24
+[INF] 101.43.28.116 up --> 101.43.28.116/24
+[INF] 101.43.19.32 up --> 101.43.19.32/24
+[INF] 101.43.35.189 up --> 101.43.35.189/24
+[INF] 101.43.20.214 up --> 101.43.20.214/24
+[INF] 101.43.37.136 up --> 101.43.37.136/24
+[INF] 101.43.53.154 up --> 101.43.53.154/24
+[INF] 101.43.55.241 up --> 101.43.55.241/24
+[INF] 101.43.48.241 up --> 101.43.48.241/24
+[INF] 101.43.40.30 up --> 101.43.40.30/24
+[INF] 101.43.47.235 up --> 101.43.47.235/24
+[INF] 101.43.39.166 up --> 101.43.39.166/24
+[INF] 101.43.43.196 up --> 101.43.43.196/24
+[INF] 101.43.66.89 up --> 101.43.66.89/24
+[INF] 101.43.59.222 up --> 101.43.59.222/24
+[INF] 101.43.65.149 up --> 101.43.65.149/24
+[INF] 101.43.62.253 up --> 101.43.62.253/24
+[INF] 101.43.67.47 up --> 101.43.67.47/24
+[INF] 101.43.73.133 up --> 101.43.73.133/24
+[INF] 101.43.69.110 up --> 101.43.69.110/24
+[INF] 101.43.77.103 up --> 101.43.77.103/24
+[INF] 101.43.74.65 up --> 101.43.74.65/24
+[INF] 101.43.82.123 up --> 101.43.82.123/24
+[INF] 101.43.70.46 up --> 101.43.70.46/24
+[INF] 101.43.83.124 up --> 101.43.83.124/24
+[INF] 101.43.71.191 up --> 101.43.71.191/24
+[INF] 101.43.85.84 up --> 101.43.85.84/24
+[INF] 101.43.95.188 up --> 101.43.95.188/24
+[INF] 101.43.89.30 up --> 101.43.89.30/24
+[INF] 101.43.96.6 up --> 101.43.96.6/24
+[INF] 101.43.101.40 up --> 101.43.101.40/24
+[INF] 101.43.90.35 up --> 101.43.90.35/24
+[INF] 101.43.108.189 up --> 101.43.108.189/24
+[INF] 101.43.86.224 up --> 101.43.86.224/24
+[INF] 101.43.93.224 up --> 101.43.93.224/24
+[INF] 101.43.97.43 up --> 101.43.97.43/24
+[INF] 101.43.91.221 up --> 101.43.91.221/24
+[INF] 101.43.110.186 up --> 101.43.110.186/24
+[INF] 101.43.122.244 up --> 101.43.122.244/24
+[INF] 101.43.120.28 up --> 101.43.120.28/24
+[INF] 101.43.132.148 up --> 101.43.132.148/24
+[INF] 101.43.117.3 up --> 101.43.117.3/24
+[INF] 101.43.128.248 up --> 101.43.128.248/24
+[INF] 101.43.127.30 up --> 101.43.127.30/24
+[INF] 101.43.131.58 up --> 101.43.131.58/24
+[INF] 101.43.151.202 up --> 101.43.151.202/24
+[INF] 101.43.156.13 up --> 101.43.156.13/24
+[INF] 101.43.142.12 up --> 101.43.142.12/24
+[INF] 101.43.152.37 up --> 101.43.152.37/24
+[INF] 101.43.149.130 up --> 101.43.149.130/24
+[INF] 101.43.140.10 up --> 101.43.140.10/24
+[INF] 101.43.165.181 up --> 101.43.165.181/24
+[INF] 101.43.166.81 up --> 101.43.166.81/24
+[INF] 101.43.162.211 up --> 101.43.162.211/24
+[INF] 101.43.172.145 up --> 101.43.172.145/24
+[INF] 101.43.161.106 up --> 101.43.161.106/24
+[INF] 101.43.192.38 up --> 101.43.192.38/24
+[INF] 101.43.200.90 up --> 101.43.200.90/24
+[INF] 101.43.184.66 up --> 101.43.184.66/24
+[INF] 101.43.199.41 up --> 101.43.199.41/24
+[INF] 101.43.188.227 up --> 101.43.188.227/24
+[INF] 101.43.206.226 up --> 101.43.206.226/24
+[INF] 101.43.203.152 up --> 101.43.203.152/24
+[INF] 101.43.210.168 up --> 101.43.210.168/24
+[INF] 101.43.243.126 up --> 101.43.243.126/24
+[INF] 101.43.240.20 up --> 101.43.240.20/24
+[INF] 101.43.252.143 up --> 101.43.252.143/24
+[INF] Net Segment Statistics:
+101.43.0.0 [The Number of CSegment: 79]
+ 101.43.59.0/24 [1]
+ 101.43.95.0/24 [1]
+ 101.43.2.0/24 [1]
+ 101.43.33.0/24 [1]
+ 101.43.16.0/24 [1]
+ 101.43.4.0/24 [1]
+ 101.43.140.0/24 [1]
+ 101.43.240.0/24 [1]
+ 101.43.252.0/24 [1]
+ 101.43.31.0/24 [1]
+ 101.43.1.0/24 [1]
+ 101.43.77.0/24 [1]
+ 101.43.192.0/24 [1]
+ 101.43.34.0/24 [1]
+ 101.43.21.0/24 [1]
+ 101.43.28.0/24 [1]
+ 101.43.43.0/24 [1]
+ 101.43.70.0/24 [1]
+ 101.43.89.0/24 [1]
+ 101.43.108.0/24 [1]
+ 101.43.91.0/24 [1]
+ 101.43.6.0/24 [1]
+ 101.43.243.0/24 [1]
+ 101.43.156.0/24 [1]
+ 101.43.71.0/24 [1]
+ 101.43.85.0/24 [1]
+ 101.43.10.0/24 [1]
+ 101.43.128.0/24 [1]
+ 101.43.151.0/24 [1]
+ 101.43.117.0/24 [1]
+ 101.43.120.0/24 [1]
+ 101.43.199.0/24 [1]
+ 101.43.65.0/24 [1]
+ 101.43.35.0/24 [1]
+ 101.43.40.0/24 [1]
+ 101.43.66.0/24 [1]
+ 101.43.83.0/24 [1]
+ 101.43.27.0/24 [1]
+ 101.43.55.0/24 [1]
+ 101.43.110.0/24 [1]
+ 101.43.149.0/24 [1]
+ 101.43.172.0/24 [1]
+ 101.43.15.0/24 [1]
+ 101.43.19.0/24 [1]
+ 101.43.48.0/24 [1]
+ 101.43.73.0/24 [1]
+ 101.43.101.0/24 [1]
+ 101.43.97.0/24 [1]
+ 101.43.142.0/24 [1]
+ 101.43.22.0/24 [1]
+ 101.43.165.0/24 [1]
+ 101.43.210.0/24 [1]
+ 101.43.47.0/24 [1]
+ 101.43.74.0/24 [1]
+ 101.43.86.0/24 [1]
+ 101.43.161.0/24 [1]
+ 101.43.37.0/24 [1]
+ 101.43.96.0/24 [1]
+ 101.43.127.0/24 [1]
+ 101.43.166.0/24 [1]
+ 101.43.9.0/24 [1]
+ 101.43.67.0/24 [1]
+ 101.43.90.0/24 [1]
+ 101.43.93.0/24 [1]
+ 101.43.132.0/24 [1]
+ 101.43.152.0/24 [1]
+ 101.43.162.0/24 [1]
+ 101.43.200.0/24 [1]
+ 101.43.62.0/24 [1]
+ 101.43.203.0/24 [1]
+ 101.43.188.0/24 [1]
+ 101.43.20.0/24 [1]
+ 101.43.53.0/24 [1]
+ 101.43.69.0/24 [1]
+ 101.43.82.0/24 [1]
+ 101.43.122.0/24 [1]
+ 101.43.131.0/24 [1]
+ 101.43.184.0/24 [1]
+ 101.43.29.0/24 [1]
+38.45.0.0 [The Number of CSegment: 2]
+ 38.45.23.0/24 [1]
+ 38.45.22.0/24 [1]
+
+```
+
+
+
+## 主机信息收集插件
+
+目前只支持Windows基本信息收集
+
+需要的参数如下
+
+```
+-plg infospy //指定插件
+-collect basic // 基础信息收集模式
+```
+
+基础信息收集包括
+
+```
+系统基本信息、磁盘和共享信息、网络信息(网卡、arp缓存等等)、补丁、环境变量信息
+```
+
+命令行使用示例,`-plg infospy -collect basic`,
+
+报告以`Html`形式输出在当前目录,命名格式为 `Hostnmae_Report.html`
+
+
+
+
+
+
+
+## 主机敏感文件收集插件
+
+目前只支持Windows
+
+需要的参数如下
+
+```
+-plg filespy //指定插件
+```
+
+算了,下个版本再放吧
\ No newline at end of file
diff --git a/README.md b/README.md
index 16610fa..30cd106 100644
--- a/README.md
+++ b/README.md
@@ -6,17 +6,31 @@
-P1soda (苏打水)是一款更高、更快、更强的全方位内网扫描工具,Powered by P001water
+P1soda (苏打水)是一款常规内网渗透场景下的全方位漏洞扫描工具,Powered by P001water
+## Version
+
+当前最新版本 `v0.0.6` (2025/6/08更新)[更新日志参见](https://github.com/P001water/P1soda/blob/master/更新日志.md)
+
# 功能特色
* 主机存活探测
-充分适应内网场景,ip输入,支持ICMP echo发包探测、ping命令探测
+充分适应内网场景,支持多种格式输入
+
+例如`[-t 10.0.10.60/24]; [-t 10.0.10.60]; [-t 10.0.10.60-255]; [-t 10.0.10.60,10.0.10.61]`
+
+支持ping命令探测( version > 0.0.5 默认选择ping命令探测),ICMP echo发包探测
+
+* 内网网段探测
+
+快速探测内网可达网段,参考插件模式调用
+
+例子:探测B段,`[-plg netspy -cidr 192.168.8.10/16]`
* 端口指纹识别
@@ -25,19 +39,9 @@ P1soda (苏打水)是一款更高、更快、更强的全方位内网扫描
如下14条nmap Probe,支持指纹识别如下协议服务:
```
-ftp
-monetdb
-mysql
-ssh
-postgresql
-socks5
-socks4
-JDWP
-mssql
-memcached
-redis
-adb
-VNC
+ftp、monetdb、mysql、ssh、postgresql、
+socks5、socks4、JDWP、mssql、memcached
+redis、adb、VNC
```
* web 侧信息探测
@@ -48,6 +52,10 @@ http请求时User-Agent头随机化,基本web信息探测,http响应状态
从P1finger中精简的内网常见系统的指纹
+* web 漏洞检测
+
+从头实现的Mini Nuclei引擎,体积小于 2 M,支持nuclei的POC
+
* OXID Resolver DCOM接口未授权网卡探测
socket Raw连接发包解决,避免调包,最小化工具体积
@@ -67,25 +75,23 @@ ssh
vnc
```
-* web 漏洞检测
-
-从头实现的Mini Nuclei引擎,体积小于 2 M,支持nuclei的POC
-
* socks5、http代理使用
支持socks5、http代理使用
-
+* MS-17010检测,redis未授权,vnc未授权检测等等
+
+
# 基本使用
工具参数如下图,默认情况下不开启服务爆破功能
-
+
* 入门使用
-单个、多个目标探测,支持网段输入
+单个、多个目标探测,支持CIDR网段输入
```
P1soda.exe -t 192.168.110.235 // 单个目标
@@ -96,17 +102,13 @@ P1soda.exe -t 192.168.110.235/24 // 扫描110 C段
-* C 段探测
-
--tc 指定ip即可,自动探测ip所在C段
+* 内网网段探测
```
-.\P1soda.exe -tc 192.168.110.229 -br // -br 开启爆破功能
-
-.\P1soda.exe -tc 192.168.110.229,192.168.1.1 // 探测192.168.110.229,192.168.1.1两个C段
+.\P1soda.exe -plg netspy -cidr 192.168.0.0/16
```
-
+
* 指定用户名密码爆破
@@ -151,35 +153,3 @@ P1soda.exe -t 192.168.110.235/24 // 扫描110 C段
debug显示一些poc信息,http请求信息
-
-* 网段探测
-
-更多功能,正在设计中,敬请期待......
-
-
-
-
-
-# 更新日志
-
-
-
-v0.0.1
-
-1. 基本功能更新
-
-v0.0.2
-
-1. 增加网段输入方法,比如扫描C段,P1soda -t 192.168.110.1/24
-2. 修改http/https判断功能
-3. 增加poc和指纹信息
-
-v0.0.3
-
-1. 添加默认扫描端口(fofa上的vnc端口top 5)
-2. 增加vnc服务未授权识别和爆破
-
-
-
-
-
diff --git a/UpdateLog.md b/UpdateLog.md
index b89a1e3..8664a4b 100644
--- a/UpdateLog.md
+++ b/UpdateLog.md
@@ -10,8 +10,6 @@
于是从头实现了nuclei的检测引擎,但是修改了nuclei Poc的Tag字段,整合poc的tag,并根据指纹识别的结果扫描对应标签内Poc
-
-
* 默认扫描端口的选择
默认扫描端口由三部分组成
diff --git a/img/image-20240908232605907.png b/img/image-20240908232605907.png
deleted file mode 100644
index c2f55a6..0000000
Binary files a/img/image-20240908232605907.png and /dev/null differ
diff --git a/img/image-20240909001216321.png b/img/image-20240909001216321.png
deleted file mode 100644
index 3bbf690..0000000
Binary files a/img/image-20240909001216321.png and /dev/null differ
diff --git a/img/image-20241022001135114.png b/img/image-20241022001135114.png
new file mode 100644
index 0000000..8763e9f
Binary files /dev/null and b/img/image-20241022001135114.png differ
diff --git a/img/image-20241022001225844.png b/img/image-20241022001225844.png
new file mode 100644
index 0000000..573cd4e
Binary files /dev/null and b/img/image-20241022001225844.png differ
diff --git a/img/image-20241022010715099.png b/img/image-20241022010715099.png
new file mode 100644
index 0000000..7819036
Binary files /dev/null and b/img/image-20241022010715099.png differ
diff --git a/img/image-20241022140046945.png b/img/image-20241022140046945.png
new file mode 100644
index 0000000..c89d9d2
Binary files /dev/null and b/img/image-20241022140046945.png differ
diff --git a/img/image-20250115164812928.png b/img/image-20250115164812928.png
new file mode 100644
index 0000000..6911e78
Binary files /dev/null and b/img/image-20250115164812928.png differ
diff --git a/img/image-20250115172430938.png b/img/image-20250115172430938.png
new file mode 100644
index 0000000..bf184d1
Binary files /dev/null and b/img/image-20250115172430938.png differ
diff --git a/img/image-20250605215208788.png b/img/image-20250605215208788.png
new file mode 100644
index 0000000..17e6955
Binary files /dev/null and b/img/image-20250605215208788.png differ
diff --git "a/\346\233\264\346\226\260\346\227\245\345\277\227.md" "b/\346\233\264\346\226\260\346\227\245\345\277\227.md"
new file mode 100644
index 0000000..6106cac
--- /dev/null
+++ "b/\346\233\264\346\226\260\346\227\245\345\277\227.md"
@@ -0,0 +1,53 @@
+v0.0.6
+
+功能更新优化较多,建议尽快更新
+
+1. [功能优化] 接入了最新P1finger指纹扫描工具,指纹识别结果更丰富
+2. [功能优化] 优化了漏洞扫描引擎,添加了诸多Poc
+3. [功能优化] 优化输出结果统计显示,方便观察和下一步使用
+4. [功能增加] 优化了Netspy模块,优化了网段统计聚合显示
+5. [功能增加] 增加了主机信息收集插件,详情参见
+
+
+
+v0.0.5
+
+1. [功能增加] ping命令探测模式下增加目标主机类型模糊判断
+2. [功能增加] 内网网段探测
+3. [其他修改] 删除了 [-tc] 参数,可直接调用 [ -t ]参数
+4. [其他修改] 修改了主机存活探测选项 [-pt],ping探测使用[-pt ping]; icmp探测使用[-pt icmp]
+5. [其他修改] release 版本方便使用简写为 `soda`
+
+v0.0.4
+
+1. [功能增加] redis 未授权检测和系统信息提取
+
+
+
+2. [功能增加] ms17010永恒之蓝检测 (没研究过,抄的k8gege的)
+
+
+
+3. [功能增加] hikivision版本信息检测和漏洞poc添加
+
+
+
+v0.0.3
+
+1. 添加默认扫描端口(fofa上的vnc端口top 5)
+2. 增加vnc服务未授权识别和爆破
+
+
+
+v0.0.2
+
+1. 增加网段输入方法,比如扫描C段,P1soda -t 192.168.110.1/24
+2. 修改http/https判断功能
+3. 增加poc和指纹信息
+
+
+
+v0.0.1
+
+1. 基本功能更新
+