marco-lancini / goscan Goto Github PK

Interactive Network Scanner

License: MIT License

Makefile 1.23% Go 97.24% Shell 1.17% Dockerfile 0.36%

golang pentesting nmap docker

goscan's Introduction

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.

Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service enumeration not only in situations where being stealthy is not a priority and time is limited (think at CTFs, OSCP, exams, etc.), but also (with a few tweaks in its configuration) during professional engagements.

GoScan is also particularly suited for unstable environments (think unreliable network connectivity, lack of "screen", etc.), given that it fires scans and maintain their state in an SQLite database. Scans run in the background (detached from the main thread), so even if connection to the box running GoScan is lost, results can be uploaded asynchronously (more on this below). That is, data can be imported into GoScan at different stages of the process, without the need to restart the entire process from scratch if something goes wrong.

In addition, the Service Enumeration phase integrates a collection of other tools (e.g., EyeWitness, Hydra, nikto, etc.), each one tailored to target a specific service.

Installation

Binary installation (Recommended)

Binaries are available from the Release page.

# Linux (64bit)
$ wget https://github.com/marco-lancini/goscan/releases/download/v2.4/goscan_2.4_linux_amd64.zip
$ unzip goscan_2.4_linux_amd64.zip

# Linux (32bit)
$ wget https://github.com/marco-lancini/goscan/releases/download/v2.4/goscan_2.4_linux_386.zip
$ unzip goscan_2.4_linux_386.zip

# After that, place the executable in your PATH
$ chmod +x goscan
$ sudo mv ./goscan /usr/local/bin/goscan

Build from source

# Clone and spin up the project
$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan/
$ docker-compose up --build
$ docker-compose run cli /bin/bash

# Initialize DEP
root@cli:/go/src/github.com/marco-lancini/goscan $ make init
root@cli:/go/src/github.com/marco-lancini/goscan $ make setup

# Build
root@cli:/go/src/github.com/marco-lancini/goscan $ make build

# To create a multi-platform binary, use the cross command via make
root@cli:/go/src/github.com/marco-lancini/goscan $ make cross

Usage

GoScan supports all the main steps of network enumeration:

Step	Commands
1. Load targets	Add a single target via the CLI (must be a valid CIDR): `load target SINGLE <IP/32>` Upload multiple targets from a text file or folder: `load target MULTI <path-to-file>`
2. Host Discovery	Perform a Ping Sweep: `sweep <TYPE> <TARGET>` Or load results from a previous discovery: Add a single alive host via the CLI (must be a /32): `load alive SINGLE <IP>` Upload multiple alive hosts from a text file or folder: `load alive MULTI <path-to-file>`
3. Port Scanning	Perform a port scan: `portscan <TYPE> <TARGET>` Or upload nmap results from XML files or folder: `load portscan <path-to-file>`
4. Service Enumeration	Dry Run (only show commands, without performing them): `enumerate <TYPE> DRY <TARGET>` Perform enumeration of detected services: `enumerate <TYPE> <POLITE/AGGRESSIVE> <TARGET>`
5. Special Scans	EyeWitness Take screenshots of websites, RDP services, and open VNC servers (KALI ONLY): `special eyewitness` `EyeWitness.py` needs to be in the system path Extract (Windows) domain information from enumeration data `special domain <users/hosts/servers>` DNS Enumerate DNS (nmap, dnsrecon, dnsenum): `special dns DISCOVERY <domain>` Bruteforce DNS: `special dns BRUTEFORCE <domain>` Reverse Bruteforce DNS: `special dns BRUTEFORCE_REVERSE <domain> <base_IP>`
Utils	Show results: `show <targets/hosts/ports>` Automatically configure settings by loading a config file: `set config_file <PATH>` Change the output folder (by default `~/goscan`): `set output_folder <PATH>` Modify the default nmap switches: `set nmap_switches <SWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD> <SWITCHES>` Modify the default wordlists: `set_wordlists <FINGER_USER/FTP_USER/...> <PATH>`

External Integrations

The Service Enumeration phase currently supports the following integrations:

WHAT	INTEGRATION
ARP	nmap
DNS	nmap dnsrecon dnsenum host
FINGER	nmap finger-user-enum
FTP	nmap ftp-user-enum hydra [AGGRESSIVE]
HTTP	nmap nikto dirb EyeWitness sqlmap [AGGRESSIVE] fimap [AGGRESSIVE]
RDP	nmap EyeWitness
SMB	nmap enum4linux nbtscan samrdump
SMTP	nmap smtp-user-enum
SNMP	nmap snmpcheck onesixtyone snmpwalk
SSH	hydra [AGGRESSIVE]
SQL	nmap
VNC	EyeWitness

License

GoScan is released under a MIT License. See the LICENSE file for full details.

goscan's People

Contributors

Stargazers

Watchers

Forkers

wood520 gavz oksbsb marciopocebon ecore2018 xiaolushuo shad0w008 secoba neo-chang slowmistio rajivraj bobtux johndoex1 cmscardoso fuckgitb 957204459 koalacxr whoerau xushuda526 cybertoxin s0x06 bronx205 bladeism kweros xiaohlu05 superdong0 testtz ztencmcp kumaran-git qsdj djbdjb madwind76 b-xiang vysecurity huangyuan666 1337g bbhunter p41bl4f killvxk mlynchcogent seabreg 0nexo0r themiddleblue waterpeitw modulexcite canthus verlegen inboxs sakishum chennqqi fzpixzj90h7baqieoop5hg soxueren 5up3rc w1ck3dth1ngs akshayjaing edgardo001 a7t0fwa7 ubuntulover09 madmanlabs macdaliot yannjun rulzgz backwardn crackercat attackgithub shammishailaj dennyx dawnadvent io-go-scripz caiql silent-dust sh1nu11bi yuhisern7 triplekill pencoo xiaoshen2017 freeide jirotao deepwebhacker awesome-security isgasho fdlucifer sserf alessiodallapiazza dzhan85 raystyle underwood12 kenuoseclab homingzheng r4b3rt thapr0digy echocipher rajkrishnamurthy the-shelter offsec1 pbutler6163 alessio polling-repo-continua latkes adampielak

goscan's Issues

MULTI load

when trying to load a text file with IPs it crashes on Kali
`[goscan] > load target MULTI re
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x740884]

goroutine 1 [running]:
github.com/marco-lancini/goscan/core/cli.cmdLoad(0xc420160210, 0x3, 0x3, 0x4)
/go/src/github.com/marco-lancini/goscan/core/cli/executor.go:137 +0x114
github.com/marco-lancini/goscan/core/cli.Executor(0xc420096ce0, 0x14)
/go/src/github.com/marco-lancini/goscan/core/cli/executor.go:23 +0x14e
github.com/marco-lancini/goscan/vendor/github.com/c-bata/go-prompt.(*Prompt).Run(0xc420255c20)
/go/src/github.com/marco-lancini/goscan/vendor/github.com/c-bata/go-prompt/prompt.go:77 +0x688
main.main()
/go/src/github.com/marco-lancini/goscan/main.go:67 +0xee`

Feature Request: OWASP Amass

OWASP Amass would make a nice addition to your DNS enumeration, especially since it is written in Go!

https://github.com/OWASP/Amass

Error - make setup

i got this error while setting up -

root@kali:~/goscan/goscan# make setup
go get github.com/golang/lint/golint
go get golang.org/x/tools/cmd/goimports
go get -u github.com/golang/dep/cmd/dep
dep ensure
could not find project Gopkg.toml, use dep init to initiate a manifest
make: *** [Makefile:13: setup] Error 1

when i tried second time - i got this error

root@kali:~/goscan/goscan# make setup
go get github.com/golang/lint/golint
go get golang.org/x/tools/cmd/goimports
go get -u github.com/golang/dep/cmd/dep

cd /root/go/src/github.com/golang/dep; git pull --ff-only

fatal: unable to access 'https://github.com/golang/dep/': Could not resolve host: github.com
package github.com/golang/dep/cmd/dep: exit status 1
make: *** [Makefile:12: setup] Error 1

Broken links

Makefile (line 15)
go get github.com/golang/lint/golint
should be:
go get golang.org/x/lint/golint
The old link returns 404

All go files with imports pointing to
https://github.com/marco-lancini/goscan/core
need to be updated to
https://github.com/marco-lancini/goscan/goscan/core
The old links don't download any packages, as it says they are empty.

I forked the repo and tested on my Github account, to see if getting all the packages worked. It did work.

OS system: Ubuntu 20.04.4 LTS
Go version: 1.16.14

Feature ideas

Love the tool so far, great for small one off scenarios.
Not sure the direction you want to go with this tool, but here's a couple ideas.

An option to remove targets, so you don't sweep invalid or incorrectly entered IP's
Have the tool validate if optional tools like Eyewitness, nikto etc are installed or not.
Option to point to existing install, and or option to install from within goscan.
I noticed that the application suggests you need to enter IP's in the format of x.x.x.x/32
However it accepts IP's in any form (including null/non-IP values) sanitize the inputs?

Add brew installation

It would be nice to see goscan on brew so the installation would be really easy for mac users.

Rate limit port scan?

Hello, is there a switch that I can use to rate limit the number of concurrent scans that are done with the portscan flag? I've loaded some 7 thousand IPs and its crashing every machine I run it from. I've tried multiple times running this from screen on my droplet and I can't get the scan to finish. I also am not recording any data it seems so even if it made it part way into the scan its not recording anything for me.

Is this project abandoned?

Cross compilation doesn't work on macosx.

Dep is deprecated and archived in favor of go modules.

This project is actually not working (binary - executable) or compiling on go version go 1.16.3 darwin/amd64.

The biggest problems, requiring mod files (not as important as some think if you are compiling or running locally - compile and write your code in a way that it doesn't burden the end user - make this an option or remove), remove DEP, make all the fancy imports of the terminal colors and memory optional. This is killing it moving forward - unless you want people to use an old system just to get things to work.

removing IP from previous scan

I am testing Goscan, which I really like so far. I loaded one IP and ran through the process. But I can’t load another IP or remove the previous IP, it shows the first IP. I can’t clear either. Is there a way to remove an IP once you have completed the goscan for that IP? Because of this issue, I am only able to use goscan once.

Error while loading an entire class C addresses space

Hi,

Hi, thanks for your work.

Got an issue here where I tried to load an entire class C space addresses from a text file.

OS Used: Kali Linux

The format of that text file is:

192.10x.x.0
...
...
192.10x.x.255

The error message is:

[goscan] > load target MULTI targets.lst
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x830adb7]

goroutine 1 [running]:
github.com/marco-lancini/goscan/core/cli.cmdLoad(0x1aa12028, 0x3, 0x3, 0x4)
	/go/src/github.com/marco-lancini/goscan/core/cli/executor.go:137 +0xe7
github.com/marco-lancini/goscan/core/cli.Executor(0x1aa681e0, 0x51)
	/go/src/github.com/marco-lancini/goscan/core/cli/executor.go:23 +0x113
github.com/marco-lancini/goscan/vendor/github.com/c-bata/go-prompt.(*Prompt).Run(0x1aa85da0)
	/go/src/github.com/marco-lancini/goscan/vendor/github.com/c-bata/go-prompt/prompt.go:77 +0x548
main.main()
	/go/src/github.com/marco-lancini/goscan/main.go:67 +0xd2

Any ideas? thanks!

Build Error

root@kali:~/Desktop/goscan/goscan# make setup
go get github.com/golang/lint/golint
go get golang.org/x/tools/cmd/goimports
go get -u github.com/golang/dep/cmd/dep
dep ensure
could not find project Gopkg.toml, use dep init to initiate a manifest
make: *** [Makefile:13: setup] Error 1

Add multi-arch release

Since Go allows cross-compilation it would be great to generate releases for the main operating systems.

runtime error: index out of range due to incomplete command

Hi Marco,

goscan looks very promising to me. Thank you for your development effort and publishing it as open source. 😃

I downloaded and use v.2.4 on a kali 2020.1 box and can provoke a crash using a incomplete command, just by leaving out the IP/target:

[goscan] > load target SINGLE
panic: runtime error: index out of range

goroutine 1 [running]:
github.com/marco-lancini/goscan/core/utils.ParseNextArg(...)
	/go/src/github.com/marco-lancini/goscan/core/utils/utils.go:116
github.com/marco-lancini/goscan/core/cli.cmdLoad(0xc420076760, 0x2, 0x2, 0x4)
	/go/src/github.com/marco-lancini/goscan/core/cli/executor.go:115 +0x764
github.com/marco-lancini/goscan/core/cli.Executor(0xc42025cce0, 0x12)
	/go/src/github.com/marco-lancini/goscan/core/cli/executor.go:23 +0x14e
github.com/marco-lancini/goscan/vendor/github.com/c-bata/go-prompt.(*Prompt).Run(0xc4200622a0)
	/go/src/github.com/marco-lancini/goscan/vendor/github.com/c-bata/go-prompt/prompt.go:77 +0x688
main.main()
	/go/src/github.com/marco-lancini/goscan/main.go:67 +0xee

I would expect an error message and no crash.
I can reproduce this crash.