ctf-missfeng / goscan Goto Github PK
View Code? Open in Web Editor NEWGoScan是采用Golang语言编写的一款分布式综合资产管理系统,适合红队、SRC等使用
GoScan是采用Golang语言编写的一款分布式综合资产管理系统,适合红队、SRC等使用
请问遇到这个问题,可能的原因是什么
例如shiro框架匹配,需要请求cookie中带个rememberMe=xxx
主机地址目前不支持IP范围,建议增加IP范围模式
例如1.1.1.1-1.1.1.15
写的真好
简单试用了一下,发现泛解析的问题比较严重,可否考虑后续添加泛解析过滤呢?
不支持三级域名吗?比如输入主域名 tsinghua.edu.cn ,扫描到的子域名却是国内所有edu.cn的站点
1、Postgresql数据库安装
$ apt-get install postgresql postgresql-client # 安装数据库
$ su postgres
$ psql -U postgres # 默认安装密码为空
$ ALTER USER postgres WITH PASSWORD 'xxxxxx'; # 修改postgre用户数据库密码
$ CREATE DATABASE goscan; # 创建数据库
$ \q # 退出
2、sql文件导入,使用数据库管理工具或命令行导入sql文件
sql里没有插入任何数据,需要执行完sql后手动插入一些数据
psql -h 127.0.0.1 -U postgres -W -f public.sql
3、Nsq消息队列运行,防火墙开放以下端口
$ nohub ./nsqd -tcp-address 0.0.0.0:4150 -http-address 0.0.0.0:4151 -max-msg-timeout 1h > nsq.log &
连上数据库:
psql -U postgres -h 127.0.0.1 -W
sql里没有添加数据,这个是为了添加账号
依次执行以下命令
\c goscan
INSERT INTO users(id, username, password, nick_name) values(1, 'root', '$2a$04$4AA4bbrAQfFgjBC31D889.WdfIYkdIC6nRa6UewENsoS.adMv6rr2', 'root');
执行完毕后你将拥有一个账户, 账号 root 密码Admin@&%F^111 这个密码完全是为了符合后台验证
更新密码:
UPDATE users SET password='$2a$04$4AA4bbrAQfFgjBC31D889.WdfIYkdIC6nRa6UewENsoS.adMv6rr2';
./Web > web.log &
登陆后,在扫描引擎处配置消息队列,
tcp 地址为: 0.0.0.0:4150
http地址为:0.0.0.0:4151
配置client下的config.toml
密码一定要和server的一致
然后运行就好了
./client
或者使用docker编译成images,启动多个实例(Client、config.toml、Dockerfile三个文件单独放一个目录进行编译)
$ docker build -t goscan:v1 .
$ docker run -itd --name scan1 goscan:v1
$ docker run -itd --name scan2 goscan:v1
$ docker run -itd --name scan3 goscan:v1
一点小坑 踩完了
采集速度还可, 再体验体验
密码也可以自己build
附送代码:
package main
import (
"fmt"
"golang.org/x/crypto/bcrypt"
)
func HashAndSalt(pwd []byte) string {
hash, err := bcrypt.GenerateFromPassword(pwd, bcrypt.MinCost)
if err != nil {
}
return string(hash)
}
func main(){
password := "Admin@&%F^111"
fmt.Print(HashAndSalt([]byte(password)))
}
请问师傅是否有考虑过动态加载插件,比如动态加载一个poc直接的思路?我目前是一直卡在这里,想跟师傅交流一下,不知道师傅有没有好的思路
这web端默认密码是啥 ,进数据库看是加密的。。
服务端时不时报错,然后停止运行,是不是网络不稳定的问题?
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0xb1b47f]
goroutine 24 [running]:
github.com/CTF-MissFeng/GoScan/Web/library/nsq/suddomain.subDomainPush(0xc000032380, 0x2, 0x4, 0x5, 0xffffffffffffffff)
/Users/miss/data/Project/go/github.com/CTF-MissFeng/GoScan/Web/library/nsq/suddomain/subdomain.go:77 +0x1bf
github.com/CTF-MissFeng/GoScan/Web/library/nsq/suddomain.(*Handler).HandleMessage(0xc0002d2780, 0xc0005821e0, 0xd821c0, 0xc0002d2780)
/Users/miss/data/Project/go/github.com/CTF-MissFeng/GoScan/Web/library/nsq/suddomain/subdomain.go:66 +0x17f
github.com/nsqio/go-nsq.(*Consumer).handlerLoop(0xc00020c580, 0xfce820, 0xc0002d2780)
/Users/miss/go/pkg/mod/github.com/nsqio/[email protected]/consumer.go:1113 +0x13f
created by github.com/nsqio/go-nsq.(*Consumer).AddConcurrentHandlers
/Users/miss/go/pkg/mod/github.com/nsqio/[email protected]/consumer.go:1095 +0x7b
在第一个表末尾貌似少了一个分号
通过readme看到端口扫描用的是nmap的指纹,请问是调用nmap的二进制文件还是,使用golang解析nmap的指纹库呢?这部分代码能否开源呢?
V0.01版本如何升级到0.2,或0.2是否有部署文档。
作者您好: 我对您在代码中写的static.go中data比较感兴趣, 不知道您可以提供下data数据吗?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.