Releases: hack007x/veil
v1.27
EN:
- Optimize the header information of the response packet. There is currently a bug where if multiple fields have the same name, only the first one can be extracted.
- Added the ability to extract and display request variable values in the report. For example:
#$ passwd1111 = helloveil1234 To display "helloveil1234" in the report
#> extract: name=password, from=variable, kval=passwd1111 - Optimized the -o output parameter, adding vulnerability information to the txt text output.
- Optimized HTML report output.
- Latest version of POC updated to 3410
https://github.com/hack007x/veil_poc
ZH:
1:优化响应包的header头部信息,目前存在一个bug,如果存在多个字段名是一样的,目前拥有都自能提取第一个。
2:新增对请求的变量值提取在报告中显示比如:
#$ passwd1111 = helloveil1234 要在报告中显示这个密码是helloveil1234
#> extract: name=password, from=variable, kval=passwd1111
3:优化-o输出参数,新增txt文本输出漏洞信息
4:优化HTML报告输出
5:最新版本 POC更新至3410个
https://github.com/hack007x/veil_poc
v1.26 - 极致的性能优化 - Ultimate performance optimization
EN:
- Optimized console output information, added vulnerability statistics function.
- Maximum OOB verification time: 68 seconds (8s initial wait + 12 polling intervals × 5s). Optimized: Maximum 13 seconds (4s initial wait + 3 polling intervals × 3s).
- HTTP client optimization | MaxIdleConns: 200 (global idle connection limit) | MaxIdleConnsPerHost: 10 (idle connections per host) | MaxConnsPerHost: 20 (concurrency limit per host) | IdleConnTimeout: 90s | Enabled Keep-Alive (disabled in the old probe version).
- Response body size limit: Added MaxResponseBodySize = 2MB. The scanner does not need to read the entire 50MB page—the matcher only needs the first small portion. Responses exceeding 2MB are automatically truncated to prevent OOM.
- Dialer Optimization: Connection timeout 10s | TCP Keep-Alive 30s | TLS handshake timeout 10s
- Matcher/Extractor Regular Expression Caching: Regular expression compilation reduced from O(N) to O(1), where N = number of scans.
- Shared HTTP Client: Added SharedClient, all workers share the same httpclient.Client, maximizing TCP connection reuse.
- Main Loop Architecture Optimization - Stores only vulnerability results: Append only when res.Vulnerable == true, non-vulnerable results are GCed immediately after printing.
- Interleaved Scheduling: for template → for target, each POC attacks different hosts in turn, maximizing connection pool utilization.
- Latest version POC updated to 3251
https://github.com/hack007x/veil_poc
ZH:
1:优化输出控制台信息,新增漏洞统计功能
2:每次 OOB 验证耗时最高 68 秒(8s 初始等待 + 12 次 × 5s 轮询间隔)。优化后:最高 13 秒(4s 初始等待 + 3 次 × 3s 轮询间隔)
3:HTTP 客户端优化|MaxIdleConns: 200(全局空闲连接上限)| MaxIdleConnsPerHost: 10(每主机空闲连接)| MaxConnsPerHost: 20(每主机并发上限)| IdleConnTimeout: 90s | 启用 Keep-Alive(旧版 probe 中禁用了)
4:响应体大小限制:新增 MaxResponseBodySize = 2MB。扫描器不需要读取完整的 50MB 页面——matcher 只需要前面一小部分。超过 2MB 的响应自动截断,防止 OOM。
5:Dialer 优化:连接超时 10s | TCP Keep-Alive 30s | TLS 握手超时 10s
6:Matcher/Extractor 正则缓存 :正则编译从 O(N) 降为 O(1),N = 扫描次数。
7:共享 HTTP 客户端:新增 SharedClient ,所有 worker 共享同一个 httpclient.Client,最大化 TCP 连接复用。
8:主循环架构优化-只存储漏洞结果:只有 res.Vulnerable == true 时才 append,非漏洞结果打印后立即 GC
9:交错调度:for template → for target,每个 POC 轮流打不同主机,最大化连接池利用率。
10:最新版本 POC更新至3251个
https://github.com/hack007x/veil_poc
v1.24 大版本更新-Cross-version update
EN:
0:Thanks to user @wuha0926 for reporting the issue of template validation failing with the response_time function.
1:Added the function stop_scan: true/false (This means that the process will stop immediately as soon as one path matches, and no further requests will be sent.)
2:Added functions aes_cbc, java_class_cmd, aes_cbc_decrypt, shiro_cookie, jndi_payload, jndi_wrapper, jndi_rmi, etc., for deserialization scanning.
3: Added three built-in variables: {{username}}, {{password}}, and {{email}}. These variables are read by default if referenced in the template and are located in the wordlists directory.
4:The matcher/extractor no longer extracts information based on context; it is now optimized for precise information extraction.
5:Optimized the removal of output vulnerability URL information; now only the vulnerability URL is output.
6:Optimized the matcher priority and accuracy issues.
7:Optimized the output report format for -o.
8:Updated the latest version of POCs to 3233.
https://github.com/hack007x/veil_poc
9:POC writing manual v1.2.3
@https://github.com/hack007x/veil/wiki/veil-Poc-%E8%AF%AD%E6%B3%95%E6%80%BB%E8%A7%88v1.2.3
ZH:
0:感谢用户@wuha0926 反馈提出的问题,模板验证response_time 函数不通过问题
1:新增函数:stop_scan: true/false (这意味着,只要其中一条路径匹配,该过程就会立即停止,并且不会发送任何进一步的请求。)
2:新增函数aes_cbc、java_class_cmd、aes_cbc_decrypt、shiro_cookie、jndi_payload、jndi_wrapper、jndi_rmi 等等用于反序列化扫描
3:新增内置变量 {{username}} {{password}} {{email}}3个内置变量,如果模板有引用到默认读读取,wordlists目录下。
4:匹配器-提取器 不再上下文延申提取信息,优化为精准提取信息。
5:优化删除输出漏洞URL信息,目前只输出漏洞的URL即可
6:优化匹配器优先级问题以及匹配器精准度问题。
7:优化-o 输出报告格式
8:最新版本 POC更新至3233个
https://github.com/hack007x/veil_poc
9:poc编写手册 v1.2.3
https://github.com/hack007x/veil/wiki/veil-Poc-%E8%AF%AD%E6%B3%95%E6%80%BB%E8%A7%88v1.2.3
Contributors
Assets 6
v1.20
EN:
1: Optimized redirect function: #@ follow_redirects: true
2:Changed to not follow redirects by default. Templates requiring redirection must include #@ follow_redirects: true. Leaving it blank will result in not following (default).
3.:-no-follow-redirects has been removed.
4.:-follow-redirects requires following redirects.
5:The simplest way is to simply include #@follow_redirects: true in the template if you need to carefully manage redirection; otherwise, leave it blank.
6.:For detailed instructions, please refer to the documentation:
https://github.com/hack007x/veil/wiki/veil-Poc-%E8%AF%AD%E6%B3%95%E6%80%BB%E8%A7%88v1.2.2
ZH:
1:优化重定向函数: #@ follow_redirects: true
2:已更改为默认不跟随重定向,需要重定向的模板需要 填写 #@ follow_redirects: true 如果什么都不写则为:不跟随(默认)
3:-no-follow-redirects 已删除
4:-follow-redirects 需要跟随重定向
5:其实最简单就是如果需要跟随重定向直接在模板写#@ follow_redirects: true 如不需要则不写。
6:详细查阅手册
https://github.com/hack007x/veil/wiki/veil-Poc-%E8%AF%AD%E6%B3%95%E6%80%BB%E8%A7%88v1.2.2
v1.16
EN:
1:Added the response_time function to detect time-delayed blind SQL injection: #@ matcher: response_time > 10 # Response time greater than 10 seconds
2: Added the version function for version comparison: version < 1.1.8 # Version less than 1.1.8
3:For details, please refer to the book written by PoC.
https://github.com/hack007x/veil/wiki/veil-Poc-%E8%AF%AD%E6%B3%95%E6%80%BB%E8%A7%88v1.2.0#61-%E5%B7%A6%E5%80%BClhs%E5%AE%8C%E6%95%B4%E5%88%97%E8%A1%A8
ZH:
1:新增response_time 函数用于检测盲注时间延迟注入: #@ matcher: response_time > 10 #响应时间大于10秒
2:新增version 函数 用于版本比较 version < 1.1.8 #版本小于1.1.8
3:详细请看poc编写书册
https://github.com/hack007x/veil/wiki/veil-Poc-%E8%AF%AD%E6%B3%95%E6%80%BB%E8%A7%88v1.2.0#61-%E5%B7%A6%E5%80%BClhs%E5%AE%8C%E6%95%B4%E5%88%97%E8%A1%A8
v1.17-1.18
EN:
1: Validate Template Validation: Supports validation for functions like response_time, version, and version_le.
2: Validate Template Validation: Now automatically writes a hash value at the bottom of each template to indicate template repetitions: # @VEIL-STAMP: xxxxxx
3:-pl: Optimizes output for viewing all templates.
4.:Optimized Line Breaks in POST Request Body: The function req.Body = strings.TrimSpace(strings.Join(bodyLines, "\n")) has been optimized.
ZH:
1:validate模板验证 对response_time、和version、version_le等函数验证支持
2:validate模板验证 现在会对每个模板在最底部自当写入一串哈希值 位置模板重复, # @VEIL-STAMP: xxxxxx
3:-pl 查看所有模板优化输出
4:POST请求的body 换行精准 优化函数 req.Body = strings.TrimSpace(strings.Join(bodyLines, "\n"))
v1.15
EN:
1: Optimize -u -l for automatic detection of protocol + port support: http://test.com or test.com
2: Change the certificate verification to skip by default. Previously, the default verification led to the failure of detecting SSL target connections: tls: failed to verify certificate: x509: certificate signed by unknown authority
3: The old parameter "-no-verify-ssl" has been abolished and uniformly changed to "-verify-ssl" (default is to skip)
4: Optimize the output of the report .html and handle the details
5: Optimize the condition judgment of the matching function
ZH:
1:优化-u -l 自动检测协议+端口 支持: http/s://test.com 或者 test.com
2:把证书校验改为默认跳过,以前是默认校验导致检测ssl目标连接失败:tls: failed to verify certificate: x509: certificate signed by unknown authority
3:-no-verify-ssl 旧参数已废除 统一更改为:-verify-ssl (默认跳过)
4:优化报告输出 .html 细节处理
5:优化 匹配函数条件判断
v1.14
EN:
- Optimized the
:collectMatcherEvidencefunction to collect four types of evidence:status_code,body contains,body matches, andheader. - Added
:headerfor precise matching ofContent-Typein response headers. - To match
Content-Type: text/plain; charset=utf-8in the response header. - Example:
#@ matcher: header["Content-Type"] contains "text" - Or:
#@ matcher: header["Content-Type"] contains "text/plain"
ZH:
1:优化:collectMatcherEvidence函数,收集四种证据:status_code、body contains、body matches、header
2:新增:header 可在响应头精准匹配Content-Type
3:想在响应头匹配Content-Type: text/plain; charset=utf-8
4:示例 #@ matcher: header["Content-Type"] contains "text"
5:或者 #@ matcher: header["Content-Type"] contains "text/plain"
v1.13
EN:
1: Remove the -stats parameter. I want to change the code logic
2: Simplify the -severity parameter -> -s
3: Add -vc -> Check if there is a new version of veil_poc
4: New -up -> Update the veil_poc rule library to the current directory
5: Optimize the optimization logic for all network rates
ZH:
1:删除 -stats参数 想改代码逻辑
2:简化 -severity 参数 -> -s
3:新增 -vc -> 检查veil_poc是否有新版本
4:新增 -up -> 更新 veil_poc 规则库到当前目录
5:优化所有网络速率的优化逻辑
v1.0
EN:
The project has been preliminarily completed and released. As it was developed by an individual, many details may not have been handled perfectly. If you encounter any problems during use, please feel free to raise them. We will continue to update it.
ZH:
该项目已初步完成并发布。由于是由个人开发,许多细节可能尚未完善。如果您在使用过程中遇到任何问题,请随时提出。我将持续更新。