Coder Social home page Coder Social logo

sairson / yasso Goto Github PK

View Code? Open in Web Editor NEW
1.5K 23.0 271.0 13.54 MB

强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp,ssh,redis,postgres,mongodb,mssql,mysql,winrm等服务爆破,快速的端口扫描,强大的web指纹识别,各种内置服务的一键利用(包括ssh完全交互式登陆,mssql提权,redis一键利用,mysql数据库查询,winrm横向利用,多种服务利用支持socks5代理执行)

Go 100.00%

yasso's Introduction

Yasso

强大的内网渗透辅助工具集-让Yasso像风一样 支持rdp,ssh,redis,postgres,mongodb,mssql,mysql,winrm等服务爆破,快速的端口扫描,强大的web指纹识别,各种内置服务的一键利用(包括ssh完全交互式登录,mssql提权,redis一键利用,mysql数据库查询,winrm横向利用,多种服务利用支持socks5代理执行)

新版功能

在原基础上更改扫描和爆破方式,去除不必要的功能,代码更加完善和整洁
增加协议上的识别和端口识别

  • 新版并未发布release版本,请自行clone去编译

功能

Usage:
  Yasso [command]

Available Commands:
  all         Use all scanner module (.attention) Traffic is very big   
  completion  Generate the autocompletion script for the specified shell
  exploit     Exploits to attack the service
  help        Help about any command
  service     Detection or blasting services by module

Flags:
  -h, --help            help for Yasso
      --output string   set logger file (default "result.txt")
  • all 一键扫描功能
  • exploit 常见服务利用(sqlserver,redis,ssh,向日葵等)
  • service 服务爆破和子扫描模块

详情请-h参考

yasso's People

Contributors

sairson avatar yihuaxiang avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

summersec sec-fork iiiusky org-mars maxsecurity jx0n0 939517557 419066074 ctrlaltdelet freeide lyrhy aqimmm ice-001 l10nk1n6 mm0x00 conanjun alberthchang jeromeyoung j5s tao1tao inknull zzhsec wenongs dshtanger gamblingmaster2020 pen9un asura88 pondim hackeyes yjdoudou 98kstar hack404-007 lenz913 wisdark samy1937 sesyi pkcn445 t1ng d2550 avrah qianniaoge kenuosec 1063122023 leojjj re-expoc h0ngzh0ng safe3 joker923105 soliontheroad fengzihk akunwin functfan ghostdragozn xiaobei97 weifangpp 0neatsec jasonlou ztohacker security888test rentr02 nnneznaika frank8862017 ganshiqingyuan uuz2333 r0ck3rt alexking9527 ljt1018168 sccbhxc ilyp qsdj yinyiyu wuchunfu asdlei99 smallvq123 wenbofan protosskai bryan-huangyan yang-fork wanghq211 bsn069 kkkroot ckuire safe6sec yougar0 laowang1026 mstxq17 killvxk nkingpp iuriimattos2 lyzsll terrychen92 haidragon korallin wangyi0127 rockystevejobs yiqun yunnanshangu aug7 peakfish houtx

yasso's Issues

关于“-H”参数问题

在面对大规模资产时,经常遇到多个ip默认端口更改问题,建议使用-H导入文件时支持以下格式。
192.168.1.1:3389
192.168.1.1:33389
192.168.1.1:9833

关于存活探测问题

我想问下师傅 这个Yasso一键扫描 windows 防火墙默认开启拦截icmp包 也就是默认ping不通 ,然后这个一键扫描用的就是ping,然后自然的没有发现这个机器的存活,然后就没有下一步端口扫描服务探测了,那么问题来了,这个工具需要前期自己用msf arp等内网存活工具探测一遍吗

文件流开太多导致bug

如果扫描目标太多,会一直尝试打开log,直到抛出异常

[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files
[!] open log file failed open Yasso.log: too many open files

redis操作报错

Yasso_win_x64.exe crack redis --rebound 127.0.0.1:6379 --pass 12345678 --port 6379 --hostname 127.0.0.1
panic: runtime error: index out of range [2] with length 2

goroutine 1 [running]:
Yasso/cmd.RedisInfo(0xb10040, 0xc000006620, 0xc000023808, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
F:/tools/Yasso/cmd/redis.go:179 +0x645
Yasso/cmd.RedisAuthConn(0xc000022280, 0x9, 0x18eb, 0x0, 0x0, 0x3b9aca00, 0x0, 0x0, 0x0, 0x0, ...)
F:/tools/Yasso/cmd/redis.go:122 +0x3a5
Yasso/cmd.BruteRedisByUser()
F:/tools/Yasso/cmd/redis.go:69 +0x11b
Yasso/cmd.glob..func13(0x10dbb80, 0xc000128780, 0x0, 0x8)
F:/tools/Yasso/cmd/redis.go:23 +0x3d
github.com/spf13/cobra.(*Command).execute(0x10dbb80, 0xc000128700, 0x8, 0x8, 0x10dbb80, 0xc000128700)
C:/Users/Administrator/go/go1.16.4/bin/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x2c2
github.com/spf13/cobra.(*Command).ExecuteC(0x10dbe00, 0x0, 0xc000049f78, 0xc000123f78)
C:/Users/Administrator/go/go1.16.4/bin/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x375
github.com/spf13/cobra.(*Command).Execute(...)
C:/Users/Administrator/go/go1.16.4/bin/pkg/mod/github.com/spf13/[email protected]/command.go:902
Yasso/cmd.Execute()
F:/tools/Yasso/cmd/root.go:38 +0x38
main.main()
F:/tools/Yasso/main.go:12 +0x27

bug

爆破模块:指定的用户名不生效,爆破时还是会时用默认的

字典问题

字典怎么自定义或者选择自己电脑上的字典?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.