Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。

Ladon Scanner For Golang

Wiki

http://k8gege.org/Ladon/LadonGo.html

简介

LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含28个模块功能,高危漏洞检测MS17010、SmbGhost,远程执行SshCmd、WinrmCmd、PhpShell,10种协议密码爆破Smb/Ssh/Ftp/Mysql/Mssql/Oracle/Sqlplus/Winrm/HttpBasic/Redis,存活探测/信息收集/指纹识别OnlinePC、Ping、Icmp、SnmpScan,HttpBanner、HttpTitle、TcpBanner、WeblogicScan、OxidScan,端口扫描/服务探测PortScan。

开发环境

OS: Kali 2019 X64
IDE: Mousepad
Go: 1.13 Linux

功能模块

Detection

. .
OnlinePC (Using ICMP/SNMP/Ping detect Online hosts)
PingScan (Using system ping to detect Online hosts)
IcmpScan (Using ICMP Protocol to detect Online hosts)
SnmpScan (Using Snmp Protocol to detect Online hosts)
HttpBanner (Using HTTP Protocol Scan Web Banner)
HttpTitle (Using HTTP protocol Scan Web titles)
T3Scan (Using T3 Protocol Scan Weblogic hosts)
PortScan (Scan hosts open ports using TCP protocol)
TcpBanner (Scan hosts open ports using TCP protocol)
OxidScan (Using dcom Protocol enumeration network interfaces)

VulDetection

. .
MS17010 (Using SMB Protocol to detect MS17010 hosts)
SmbGhost (Using SMB Protocol to detect SmbGhost hosts)
CVE-2021-21972 (Check VMware vCenter 6.5 6.7 7.0 Rce Vul)
CVE-2021-26855 (Check CVE-2021-26855 Microsoft Exchange SSRF)

BruteForce

. .
SmbScan (Using SMB Protocol to Brute-For 445 Port)
SshScan (Using SSH Protocol to Brute-For 22 Port)
FtpScan (Using FTP Protocol to Brute-For 21 Port)
401Scan (Using HTTP BasicAuth to Brute-For web Port)
MysqlScan (Using Mysql Protocol to Brute-For 3306 Port)
MssqlScan (Using Mssql Protocol to Brute-For 1433 Port)
OracleScan (Using Oracle Protocol to Brute-For 1521 Port)
WinrmScan (Using Winrm Protocol to Brute-For 5985 Port)
SqlplusScan (Using Oracle Sqlplus Brute-For 1521 Port)
RedisScan (Using Redis Protocol to Brute-For 6379 Port)

RemoteExec

. .
SshCmd (SSH Remote command execution Default 22 Port)
WinrmCmd (Winrm Remote command execution Default 5985 Port)
PhpShell (Php WebShell command execution Default 80 Port)

Exploit

. .
PhpStudyDoor (PhpStudy 2016 & 2018 BackDoor Exploit)

源码编译

go get github.com/k8gege/LadonGo
go build Ladon.go

快速编译

make windows
make linux
make mac

一键安装

Linux/Mac

make install

Windows

go run install.go

使用教程

帮助

Ladon FuncList
Ladon Detection
Ladon VulDetection
adon BruteFor
Ladon RemoteExec
Ladon Exploit
Ladon Example

用法

Ladon IP/机器名/CIDR/URL/txt 扫描模块

IP Ladon 192.168.1.8 MS17010
C段 Ladon 192.168.1.8/24 MS17010
C段 Ladon 192.168.1/c MS17010
B段 Ladon 192.168/b MS17010
A段 Ladon 192/a MS17010

C段(1-5) Ladon 192.168.1-192.168.5 MS17010
URL Ladon http://192.168.1.8:8080 BasicAuthScan
IP列表  Ladon ip.txt MS17010
URL列表 Ladon url.txt HttpBanner

例子

信息收集、漏洞检测

Ping扫描C段存活主机(任意权限)
Ladon 192.168.1.8/24 PingScan

ICMP扫描C段存活主机(管理员权限)
Ladon 192.168.1.8/24 IcmpScan

SNMP扫描C段存活主机、设备信息
Ladon 192.168.1.8/24 SnmpScan

SMB扫描C段永恒之蓝MS17010漏洞主机
Ladon 192.168.1.8/24 MS17010

SMB扫描C段永恒之黑SmbGhost漏洞主机
Ladon 192.168.1.8/24 SmbGhost

T3扫描C段开放WebLogic的主机
Ladon 192.168.1.8/24 T3Scan

HTTP扫描C段开放Web站点Banner
Ladon 192.168.1.8/24 BannerScan

HTTP扫描C段开放Web站点标题
Ladon 192.168.1.8/24 HttpTitle

TCP扫描C段开放端口服务信息
Ladon 192.168.1.8/24 TcpBanner

TCP扫描C段主机常见开放端口
Ladon 192.168.1.8/24 PortScan

密码爆破、弱口令

扫描C段445端口Windows机器弱口令
Ladon 192.168.1.8/24 SmbScan

扫描C段22端口Linux机器SSH弱口令
Ladon 192.168.1.8/24 SshScan

扫描C段21端口FTP服务器弱口令
Ladon 192.168.1.8/24 FtpScan

扫描C段3306端口Mysql服务器弱口令
Ladon 192.168.1.8/24 MysqlScan

扫描C段1521端口Oracle服务器弱口令
Ladon 192.168.1.8/24 OracleScan

扫描C段1521端口Oracle服务器弱口令
Ladon 192.168.1.8/24 SqlplusScan

扫描C段5985端口Winrm服务器弱口令
Ladon 192.168.1.8/24 WinrmScan

扫描C段6379端口Redis服务器空口令
Ladon 192.168.1.8/24 RedisScan

远程命令执行
Ladon SshCmd host port user pass cmd
Ladon WinrmCmd host port user pass cmd
Ladon PhpShell url pass cmd
Ladon PhpStudyDoor url cmd

SshCmd & WinrmCmd image

PhpShell & PhpStudyDoor image

扫C段(192.168.1/c)

. . .
ICMP 3毫秒 1/20秒
WebTitle 10毫秒 1/6秒
T3Scan 15毫秒 1/4秒
EthScan 2毫秒 1/30秒

扫B段(192.168/b)

. . .
EthScan 23分钟 1个端口
T3Scan 1小时 4个端口
WebTitle 40分钟 1个端口
MS17010 12分钟 1个端口
Snmp 20分钟 1个端口

PS:扫描速度实际上和Ladon .net版速度也差不多,只是没专门记录,因为重写测试过程中顺便记录一下GO版速度

跨平台/全平台/全系统

支持新旧操作系统,特别是老旧Linux系统,网上很多工具根本不能用或各种报错

TestOn

ID OS
0 WinXP
1 Win 2003
2 Win 7
3 Win 8.1
4 Win 10
5 Win 2008 R2
6 Win 2012 R2
7 Win 2019
8 Kali 1.0.2
9 Kali 2018
10 Kali 2019
11 SUSE 10
12 CentOS 5.8
13 CentOS 6.3
14 CentOS 6.8
15 Fedora 5
16 RedHat 5.7
17 BT5-R3
18 MacOS 10.15
19 Ubuntu 8
20 Ubuntu 18

以上系统测试成功,其它系统未测,若不支持可自行编译

MacOS x64 10.15

image

Linux

image

Windows

image

Download

LadonGo (ALL OS)

https://github.com/k8gege/LadonGo/releases
http://k8gege.org/Download/LadonGo.rar

Ladon (Windows & Cobalt Strike)

历史版本: https://github.com/k8gege/Ladon/releases
7.0版本:http://k8gege.org/Download
7.8版本:K8小密圈

Comments
  • go get 报错

    go get 报错

    github.com/k8gege/LadonGo

    ../go/pkg/mod/github.com/k8gege/[email protected]/install.go:25:6: main redeclared in this block previous declaration at ../go/pkg/mod/github.com/k8gege/[email protected]/Ladon.go:184:6 操作系统:ubuntu 20

  • macos报错

    macos报错

    go/pkg/mod/github.com/k8gege/[email protected]/install.go:25:6: main redeclared in this block previous declaration at go/pkg/mod/github.com/k8gege/[email protected]/Ladon.go:184:6

    第一次接触go语言,装一个晚上,我疯了啊

  • go get报错

    go get报错

    go: github.com/k8gege/LadonGo imports github.com/k8gege/LadonGo/mysql imports github.com/Go-SQL-Driver/MySQL: github.com/Go-SQL-Driver/[email protected]: parsing go.mod: module declares its path as: github.com/go-sql-driver/mysql but was required as: github.com/Go-SQL-Driver/MySQL

  • What is the password for Ladon & Drupal Rar

    What is the password for Ladon & Drupal Rar

    Please Can You give me the password for Ladon 7 & Drupal 7.31 SQL injection vulnerability modify the administrator user name and password_1017[K8] rar file. Thanks

  • go编译报错

    go编译报错

    ../../../go/pkg/mod/github.com/k8gege/[email protected]/install.go:25:6: main redeclared in this block previous declaration at ../../../go/pkg/mod/github.com/k8gege/[email protected]/Ladon.go:184:6

    这个该怎么解决?我按照网上的方式,新建了一个文件夹Ladon,将Ladon.go放入其中,可以编译成功,但是无法使用。请问有官方的解决方法么?

  • 为何使用GO?

    为何使用GO?

    为何使用GO

    现有Ladon版本无法兼容一些系统,代理又丢包非常蛋疼。虽然Python版也是跨平台,但是编译体积大,二是有些依赖包(依赖底层库)在某些系统安装非常麻烦甚至装不上,有些编译后不能执行等原因。所以这几天重新学了下GO,现学现卖使用Golang重写Ladon框架,先加一些功能看看效果,GO和PY差不多很简单,框架弄好后,使用开源库一下就可以添加好几个功能模块,然后再测14个操作系统下程序的兼容性,无论性能、体积、兼容性都远甩Python几条街,最主要是编译的程序可在一些旧操作系统上执行,Python可能受限于py版本、相关依赖包或GCC、GLID、SSL等库版本影响,Go可以很好解决这些问题。

    缺点: 很多API库没有人封装或者根本不能用,想要实现Ladon的所有功能或者说一半的功能,两三个月都搞不定,如Ladon的OsScan模块用到的协议就已比这个LadonGo 1.0现在的11个功能还要多。如果用Python的话就非常快了,各种依赖库、各种现有POC,写好扫描框架,稍微改一下集成起来就是功能非常多的扫描器,但是目标PY版本低、操作系统老,本地编译再丢过去都不定能运行,本地都未必能编译,所以选用GO。

GONET-Scanner - Golang network scanner with arp discovery and own parser
GONET-Scanner - Golang network scanner with arp discovery and own parser

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

Dec 11, 2022
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS

log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul

Dec 13, 2021
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e

Jan 9, 2023
Package for controlling the Windows firewall (aka Windows Filtering Platform, WFP)

wf What This is a package for controlling the Windows Filtering Platform (WFP), also known as the Windows firewall. See its docs: https://godoc.org/in

Dec 6, 2022
Ssh-lxd - A proof of concept for an ssh server that spawns a bash session inside a LXD container

SSH LXD A proof of concept for an ssh server that spawns a bash session inside a

Aug 16, 2022
Golang Port Knocking for Linux + Windows

Vishnu(The Hidden Backdoor) RS{JOIN_REDTEAM} Taken from the Trimurit, the triple deity of supreme divinity. Vishnu is known as "The Preserver". This p

Nov 9, 2022
IIS shortname scanner written in Go

sns IIS shortname scanner written in Go Installation Make sure you've a recent version of the Go compiler installed on your system. Then just run: GO1

Jan 6, 2023
The fastest dork scanner written in Go.
The fastest dork scanner written in Go.

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

Jan 1, 2023
Prototype Pollution Scanner

protoscan Prototype Pollution Scanner made in Golang, it was actually made by @tomnomnom in NahamCon2021 https://www.youtube.com/watch?v=Gv1nK6Wj8qM I

Dec 25, 2022
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

Dec 31, 2022
simple webshell scanner

shellboy ShellBoy is a useful web shell finder. It simply knows the signatures of active or inactive webshells on the market and looks for these signa

Dec 18, 2022
MX1014 is a flexible, lightweight and fast port scanner.

MX1014 MX1014 是一个遵循 “短平快” 原则的灵活、轻便和快速端口扫描器 此工具仅限于安全研究和教学,用户承担因使用此工具而导致的所有法律和相关责任! 作者不承担任何法律和相关责任! Version 1.1.1 - 版本修改日志 Features 兼容 nmap 的端口和目标语法 支持各

Dec 19, 2022
A scanner/exploitation tool written in GO, which leverages Prototype Pollution to XSS by exploiting known gadgets.
A scanner/exploitation tool written in GO, which leverages Prototype Pollution to XSS by exploiting known gadgets.

ppmap A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the g

Jan 9, 2023
Another JS scanner but in Go
Another JS scanner but in Go

NipeJS Read list of JS files and look for sensitive data via regex. ☕ Install go get github.com/i5nipe/nipejs ☕ Regular expressions Download the file

Nov 9, 2022
Super Java Vulnerability Scanner
Super Java Vulnerability Scanner

XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点

Dec 30, 2021
Example mini project golang scanner application
Example mini project golang scanner application

Golang Scanner Contoh pembuatan aplikasi Java menggunakan BlueJ cek disini, tetapi berikut ini adalah versi rebuild dari Java ke Golang, dengan menggu

Nov 19, 2022
Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.
Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.

carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har

Nov 1, 2022
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

Dec 14, 2022
A scanner for running security-related configuration checks such as CIS benchmarks

Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan

Dec 15, 2022