## https://sploitus.com/exploit?id=E013EC69-1FD8-5DCA-BA26-9496D12F191F
# ๐ฅ SKILLHack Online Automated GetShell (automated penetration testing in bulk and single site)
๐ฏ One-Stop Asset Mapping & Vulnerability Risk Insight Platform | FOFA + AI + Intelligent Scanning
๐ Official website: hackbyte.io | ๐ Demo site: scan.hackbyte.io
---
## ๐ Project Information
**XHSecTeam Asset Security Mapping Platform** is an integrated security testing platform developed by [HackByte Community (HackByte)](https://hackbyte.io). The platform integrates Internet asset search, vulnerability scanning, DDoS traffic observation and AI security assistant in the same set of interfaces to help security researchers quickly map the attack surface, locate high-risk assets, and continuously monitor risk changes.
### ๐ฏ Core Values
- โ **Asset Mapping Engine** - Powerful asset discovery capability based on FOFA syntax
- โ **Intelligent Vulnerability Scanning** - Integration of multiple vulnerability detection engines to cover common CVEs
- โ **AI Collaborative Analytics** - Natural language translation into FOFA query statements
- โ **Visualization Dashboard** - Intuitively display vulnerability distribution and risk trends
- โ **Offense and Defense Knowledge Base** - Precipitate real-world experience and mapping grammar
---
## โจ Features
### ๐ Asset Mapping Center
- **FOFA Syntax Support** - 15+ fields such as title, ip, domain, port, body, server, etc.
- **Combined Search** - Supports `&&` / `||` logical combinations to build accurate query statements.
- **AI Intelligent Assistant** - Convert natural language to FOFA query to reduce learning cost.
- **Batch Export** - Export search results in one click, support multiple formats.
### ๐ก๏ธ Single-site penetration scanning
- **Fingerprinting** - Automatically identifies web technology stacks, frameworks, middleware
- **POC Validation** - targeted vulnerability detection and validation
- **Visualization Dashboard** - Vulnerability distribution, risk level, remediation recommendations
- **Scan Logging** - Complete record of scanning process and results.
### ๐ DDoS Protection Analysis
- **Traffic monitoring** - bandwidth peaks, percentage of abnormal requests, alert events
- **Pressure Test Configuration** - simulate different types of attacks to evaluate protection capabilities
- **Visualization Charts** - Intuitively display traffic trends and abnormal events.
### ๐ค AI Security Assistant
- **Intelligent dialog** - natural language description of requirements, AI automatically generates query statements
- **Syntax Recommendation** - Recommends the best FOFA syntax combination based on the scenario.
- **History** - save search history for quick reuse
### ๐ Security Knowledge Base
- **FOFA Syntax Advance** - complete tutorial from basic to combinatorial searching
- **Exposed Surface Shrinkage** - A method of combing attack surfaces based on mapping results
- **Live Examples** - Asset mapping practices in real attack and defense scenarios
---
## ๐จ Interface Preview
### Home - Asset Security Overview
- Elegant modern design
- Core Competency Module Display
- Security Knowledge Base Quick Entry
### Asset Mapping - FOFA Search
- Real-time search results display
- AI Assistant Sidebar
- Quick Syntax Input
### Single Site Scanning - Vulnerability Dashboards
- High/Medium/Low Vulnerability Classification
- Vulnerability Trend Chart
- Detailed Scan Logs
### DDoS Analysis - Traffic Monitoring
- Real-time Traffic Profile
- Abnormal Event Alerts
- Protection Recommendations
---
## ๐ Getting Started Quickly
### Online experience
Visit our demo site:**[scan.hackbyte.io](https://scan.hackbyte.io)**
> ๐ก **Hint**: The backend service has been developed and is running stably. For a full feature experience, please go to [hackbyte.io](https://hackbyte.io) to request test access.
### Local deployment
#### 1. Clone the project
```bash
git clone https://github.com/HackByteSec/XHSecTeam-Platform.git
cd XHSecTeam-Platform
``
#### 2. Configure the FOFA API
Edit the `fofa-api.js` file and fill in your FOFA credentials:
``javascript
const _c = {
a: 'YOUR_FOFA_EMAIL_BASE64_REVERSE', // FOFA mailbox (Base64 Reverse Encoding)
b: 'YOUR_FOFA_KEY_BASE64_REVERSE', // FOFA API Key (Base64 inverted)
c: 'xY3LpBXYv8mZulmLhZ2bm9yL6MHc0RHa' // FOFA Base URL
};
``
> ๐ **Encoding method**: Base64 encode your FOFA Email and API Key first, then reverse the strings.
#### 3. Start the service
```bash
# If there is a backend service
cd api
python server.py
# Or open the HTML file directly (front-end demo)
# Open index.html in your browser
``
#### 4. Accessing the Platform
Open your browser and visit:
- Home: `http://localhost/index.html`
- Asset mapping: `http://localhost/aisearch/`
- Single-site scanning: `http://localhost/aibug/single.html`
---
## ๐ Project structure
``
XHSecTeam-Platform/
โโโ index.html # Home page
โโโ fofa-api.js # FOFA API wrapper
โ
โโโ aisearch/ # Asset Mapping Module
โ โโโ index.html
โ
โโโ aibug/ # Vulnerability scanning module โ โโโ single.html โ โโโ single.html
โ โโโ single.html # Single-site scanning dashboard
โ โโโ ai-assistant.html # AI Assistant
โ โโโ vuln-analysis.html # Vulnerability analysis report
โ โโโ ddos-test.html # DDoS stress test
โ โโโ logs.html # Scanning Logs
โ โโโ poc-library.html # POC Vulnerability Library
โ โโโ shell-manager.html # WebShell Management
โ โโโ getshell.html # GetShell Tools
โ โโโ shell-manager.html # GetShell Tools
โ โโโ knowledge/ # Security Knowledge Base โ โโโ index.html # Security Knowledge Base
โ โโโ index.html # Security Knowledge Base
โ โโโ articles/ # Knowledge articles
โ
โ โโโ static/ # Static Resources
โ โโโ css/
โ โ โโโ common.css
โ โ โโโ aisearch.css
โ โโโ knowledge.css
โ โโโ js/
โ โ โโโ layout.js
โ โ โโโ aisearch.js
โ โโโ components/ # public components
โ
โโโ api/ # Backend API (completed)
โ โโโ server.py
โ
โโโ mcp/ # MCP Red Team Tool Integration
โโ main.py
โโโ auto_recon.py # Auto-recon engine
โโโ mcp_tools.py # 60+ tools integration
โโโ ...
``
---
## ๐ Back-end service descriptions
### โ Backend has been developed
Our backend services have been developed and deployed in the production environment, including:
1. **Asset Mapping API** - FOFA query, result parsing, data caching
2. **Vulnerability Scanning Engine** - Integration of Nuclei, Nikto, customized POCs
3. **AI Intelligent Analytics** - natural language processing, query optimization, result analysis
4. **Data Storage Service** - Scan History, Vulnerability Database, User Management
5. **Real-time monitoring service** - DDoS traffic monitoring, push alerts
### ๐ฏ Experience full functionality
As we have a large number of undisclosed 0day vulnerabilities and POCs**, the full back-end functionality requires permissions to prevent abuse:
1. visit [hackbyte.io](https://hackbyte.io)
2. Register for an account and complete authentication
3. Apply for testing privileges in the community
4. After passing the audit, you will get the full API access.
### ๐ Our Advantages
- โ **Exclusive 0day Vulnerability Database** - Continuously updated with undisclosed vulnerabilities.
- โ **Customized POC** - for mainstream frameworks and middleware
- โ **Verified in the field** - All POCs are tested in real environments
- โ **Rapid Response** - New vulnerabilities integrated within 24 hours
> โ ๏ธ **Security Note**: Our vulnerability library is for authorized testing use only, please comply with relevant laws and regulations.
---
## ๐ ๏ธ Technology Stack
### Front-end
- **Framework** - pure native JavaScript (no dependencies, lightweight and efficient)
- **Style** - modern CSS3, responsive design
- **Visualization** - Chart.js / ECharts (chart presentation)
- **Interaction** - Native Fetch API (FOFA API calls)
### Backend
- **Language** - Python 3.10+
- **Framework** - Flask / FastAPI
- **Database** - SQLite / PostgreSQL
- **Cache** - Redis
- **AI Integration** - OpenAI API / Claude API
### Security Tools Integration
- **Asset Mapping** - FOFA API
- **Vulnerability Scanning** - Nuclei, Nikto, SQLMap, XSStrike
- **Port scanning** - Nmap, Masscan
- **Subdomain enumeration** - Subfinder, OneForAll
- **Fingerprinting** - WhatWeb, Wappalyzer
- **POC Authentication** - Self-developed frameworks + open source tools
---
## ๐ Usage Tutorials
### A quick primer on FOFA syntax
#### Basic Queries
``
title="backoffice" # Search for a title containing "backoffice"
ip="1.1.1.1" # Search for a specific IP address.
domain="gov.cn" # Search for a specific domain name
port="3306" # Search for a specific port
body="password" # Search for page content
server="nginx" # Search for server type
``
#### Combined query
``
title="backend" && port="443" # Title contains "backend" and port is 443
domain="edu.co.uk" && title="Login" # The login page for the education site.
server="Apache" && country="CN" # Chinese Apache server
port="80" && body="jQuery" && city="Beijing" # Sites using jQuery in Beijing.
``
#### Advanced Tips
``
cert="example.com" # Certificate contains a specific domain name.
icon_hash="123456" # favicon feature search
protocol="https" # Search only HTTPS sites
is_domain=true # Display only the primary domain name.
``
### AI Assistant Usage Examples
Enter natural language directly into the AI Assistant:
```
"Find all Chinese government websites that use Apache."
"Search for MySQL servers with port 3306 open."
"Query sites with 'Admin Backend' in the title that use Tomcat."
```
The AI automatically generates the corresponding FOFA syntax and performs the search.
---
## ๐ Scanning capability matrix
| Vulnerability Type | Support Level | Detection Method |
| --------- | --------- | ---------|
| SQL Injection | โญโญโญโญโญ | SQLMap + Custom POC |
| XSS Cross-Site | โญโญโญโญโญ | XSStrike + Fuzz Testing |
| File Upload | โญโญโญโญโญ | Dictionary Blast + Bypass Tips |
| RCE command execution | โญโญโญโญโญ | Framework Vulnerabilities + Middleware Vulnerabilities |
| SSRF | โญโญโญโญ | Protocol Detection + Bypass |
| XXE | โญโญโญโญ | XML injection detection |
| deserialization | โญโญโญโญโญ | Shiro/Fastjson/Log4j |
| Weak Passwords | โญโญโญโญโญ | Common Password Dictionary |
| Sensitive Information Leakage | โญโญโญโญ | Directory Scanning + Fingerprint Recognition |
| Permission Bypass | โญโญโญโญ | Authentication Testing + Ultraviolet Detection |
---
## โ ๏ธ Security Statement
### Legal Responsibility
1. This platform** is intended for authorized security testing and research use only** 2.
2. Before using it, please ensure that you have obtained **written authorization** from the owner of the target system.
3. Unauthorized penetration testing of a system is a **violation of the law**. 4.
4. The developer is not liable for any misuse of the system
5. Please comply with local laws, regulations and code of ethics.
### Compliant use
- โ **Legally Authorized Testing** - security testing with explicit written authorization
- โ **Security Research Study** - for learning and studying cybersecurity techniques
- โ **Vulnerability Bounty Program** - Participate in an official vulnerability bounty program
- โ **Unauthorized Attacks** - Prohibit any testing of unauthorized systems
- โ **Malicious Vandalism** - Prohibited to be used for vandalism, theft, extortion and other illegal acts
### 0day Vulnerability Usage Guidelines
We promise:
1. **Open only to authorized users** - Subject to community review
2. **Responsible disclosure** - follow the vulnerability disclosure process
3. **Malicious exploitation is prohibited** - accounts will be banned immediately upon discovery of abuse.
4. **Continuously Updated and Maintained** - Follow the latest security developments in a timely manner.
---
## ๐บ๏ธ Development Roadmap
### Completed โ
- [x] Front-end Interface and Interaction Design
- [x] FOFA API Integration
- [x] AI Intelligent Assistant
- [x] Single Site Vulnerability Scanning Dashboard
- [x] DDoS Traffic Analysis Interface
- [x] Security Knowledge Base
- [x] Backend Service Architecture
- [x] 60+ Security Tools Integration
- [x] 0day Vulnerability Library Build
### In Progress ๐ง
- [ ] Web UI Management Backend
- [ ] Distributed scanning nodes
- [ ] More AI capability integration
- [ ] Mobile Adaptation
### Planned ๐
- [ ] Cloud platform integration (AWS/Azure/GCP)
- [ ] Community shared vulnerability repository
- [ ] Automated exploit chains
- [ ] Real-time threat intelligence subscriptions
---
## ๐ค Contributor Guide
We welcome community contributions! You can participate in the following ways:
1. **Submit Issue** - report a bug or suggest a new feature
2. **Pull Request** - submit code improvements or new features
3. **Documentation** - Improve tutorials and API documentation.
4. **Share Case Studies** - Share your experience with the community.
### Contribution process
```bash
# 1. Fork the repository
# 2. Create a feature branch
git checkout -b feature/your-feature-name
# 3. Commit your changes
git commit -m "Add: your feature description"
# 4. Push to branch
git push origin feature/your-feature-name
# 5. Commit the Pull Request
```
---
## ๐ฎ Contact Us
### Official channels
- ๐ **Official website**: [hackbyte.io](https://hackbyte.io)
- ๐ **Demo site**: [scan.hackbyte.io](https://scan.hackbyte.io)
- ๐ง **email**: support@hackbyte.io
- ๐ฌ **Community**:[hackbyte community](https://hackbyte.io/community)
### Issue Feedback
- Submit a [GitHub Issue](https://github.com/HackByteSec/XHSecTeam-Platform/issues)
- Join our Discord channel
- Post a discussion in the community forum
### Business Collaboration
For commercial licensing, custom development or corporate training, please email business@hackbyte.io
---
### ๐ Open Source Agreement
This project uses the [MIT License](LICENSE) open source agreement.
You are free to:
- โ Commercial use
- โ Modify the source code
- โ Distribute the code
- โ Private use
But please note:
- โ ๏ธ must retain the original author's copyright notice
- โ ๏ธ does not provide any warranty
---
## ๐ Acknowledgments
Thanks to the following open source projects and services:
- [FOFA](https://fofa.info) - Internet asset search engine
- [Nuclei](https://github.com/projectdiscovery/nuclei) - vulnerability scanning engine
- [Nmap](https://nmap.org) - network scanning tool
- [SQLMap](https://sqlmap.org) - SQL injection detection tool
- [OpenAI](https://openai.com) - AI capability support
Special thanks to all members and contributors of the **HackByte community**!
---
โญ If this project was helpful to you, please give us a Star!
๐ Join the Hacker Bytes community for more security resources and technical support!
Made with โค๏ธ by HackByte Security Team