Fast scan for redtools

scaninfo by 华东360安服团队

注意的点

  • 漏洞扫描的时候有时候最后几个任务会卡住,是因为ftp爆破模块,这个fscan也一样目前没有好的解决办法,后续更新.先阶段可以-eq 21跳过ftp,或者control+c 主动停止不影响结果保存。
  • 有时候扫外网的全端口会漏掉端口可以使用-n 指定线程为500,400,默认为900.网络好的话900-1000都是没有问题
  • 关于结果报告 xlsx 文件是当你control+c 主动停止或任务正常结束时才会写入。txt文件是实时写入。

项目说明

为何有这个项目

在渗透测试的端口扫描阶段,相信很多人遇到的问题是nmap太慢,masscan不准确。难以在速度与准确度之间寻找一个平衡。 其实有个工具不错就是TXPortMap。但是没有进度条。

在内网这块fscan算是一款很优秀的工具但也有一些问题,如端口扫描不支持服务识别等。

指纹这块EHole也算一款很优秀的工具

如何解决这个问题

  • infoscan 专门解决上述问题并对上述项目代码进行了优化与重构,快速的端口扫描和服务识别比masscan更快。

  • 包含fscan的绝大部份功能除了poc扫描和自定义字典

  • 更好的web探测与指纹识别

  • 更好的报告输出

使用说明

image-20211105132301924

常见的参数

infoscan -uf  url.txt -m  webfinger  web指纹识别
infoscan  -i  192.168.0.0/24  -p  1-65535  -eq 53  -m port 端口扫描
infoscan  -i  192.168.0.0/24  -l ip.txt  -uf  url.txt -t1000   可以组合各种目标ip段ip文件url文件

报告

报告主要是直观的excel并对每一种类型进行分类。同时也会生成txt json格式的结果。

image-20211105134827966

image-20211105134954709

参数

主要参数

参数 说明
-ei 排除某IP
-eq 排除某端口
-l 指定IP文件
-uf 指定要web指纹识别的url文件
-ff 指定指纹文件默认使用内置
-o 指定保存的结果文件默认为result
-p 指定端口默认使用top100
-m 指定扫描的模块默认为全部
-pt 指定ping 探测存活的线程
-vt 指定web指纹扫描的线程默认500
-n 指定端口扫描的线程默认900
-show 查看扫描支持的模块
-t 端口扫描tcp连接的超时时间默认0.5
-np 跳过存活探测

模块说明

模块 说明
ftp ftp弱口令探测
ssh ssh弱口令探测
smb smb弱口令探测
mssql mssql弱口令探测
mysql mysql弱口令探测
mgo mongodb弱口令探测
redis redis弱口令探测
psql psql弱口令探测
ms17010 ms17010探测
smbghost smbghost探测
webfinger web指纹识别
netbios netbios探测,可以识别主机名发现域控
findnet oxid
all 所有
port 端口扫描
ping ping 存活
mem memcached弱口令

感谢!

棱角团队

https://github.com/EdgeSecurityTeam/EHole

https://github.com/shadow1ng/fscan

https://github.com/4dogs-cn/TXPortMap

最后

欢迎小伙伴们加入我们的知识星球。

image-20211105140236732

Owner
kb_24
kb_24
https://github.com/redtoolskobe/scaninfo
Similar Resources

Log4j-scanner tools - Support for multiple scan method

Log4j-scanner URL mode (fuzzing url with header, payload) go run . url -h Usage

Sep 7, 2022

Auto scan log4j bug with excel of server list

Log4JCheck Auto scan log4j bug with excel of server list. Please read https://ww

Dec 24, 2021

Scan your pictures and videos for corruption, and sort them by EXIF or modification time

scanogram Scan your pictures and videos for corruption, and sort them by EXIF or modification time. Introduction This tool is a fast and lightweight s

Dec 2, 2022

Scan for viruses by shelling out to clamav (streaming via stdin)

clamscan This is currently just an example program, but will eventually be a small library. ClamAV has functionality for performing a streaming scan o

Jan 12, 2022

A port scan and service weakpass brute tool build by golang.

A port scan and service weakpass brute tool build by golang.

A port scan and service weakpass brute tool build by golang.

Jan 5, 2023

Build & Scan - Container Image

BSImage (build&scan image) Requirements Trivy Docker BSImage (shell script version) Usage of build (shell script version) ./bsimage.sh start image:ta

Apr 12, 2022

Scan systems and docker images for potential spring4shell vulnerabilities.

Scan systems and docker images for potential spring4shell vulnerabilities.

Scan systems and docker images for potential spring4shell vulnerabilities. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Spring4shell versions. Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.

Nov 9, 2022

A fast and easy to use URL health checker ⛑️ Keep your links healthy during tough times

A fast and easy to use URL health checker ⛑️ Keep your links healthy during tough times

AreYouOK? A minimal, fast & easy to use URL health checker Who is AreYouOk made for ? OSS Package Maintainers 📦️

Oct 7, 2022

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •

Dec 30, 2022
Comments
  • portscan fail

    portscan fail

    ➜ ~ scaninfo -i 49.115.113.120 -p 1-65535

                    scan info  v1.1.0

    本工具只做探测没有提供利用方式只供学习,请遵守国家网络安全. 扫描的时候可以手动停止结果会自动保存,-h查看使用说明-show查看支持的模块. 漏洞和指纹扫描的时候可能最后几个任务很慢,是因为弱口令爆破,可以手动control+c结束. WARNING 默认使用TOP100端口,可以-p指定端口或者使用参数-t1000扫TOP1000. WARNING 使用ICMP扫描请确认是否为sudo权限,已切换成PING扫描
    SUCCESS imcp存活主机扫描结束,存活主机数量为【1】台
    INFO 正在进行端口探测... (请等待) SUCCESS 整理端口扫描结果
    SUCCESS 端口服探测完成,发现端口数量为【0】条 INFO 开始进行漏洞和web指纹扫描 需要扫描的web指纹和漏洞数量为 0 SUCCESS 漏洞和指纹扫描已经结束
    SUCCESS 所有任务已经结束。

  • 如果可以自定义模块就好了

    如果可以自定义模块就好了

    我自己也写了一个小扫描器的,当然和你们比起来很垃圾。不过我弄了一个autoscan,自定义扫描模块,比如某次扫描我只想探活+爆破,那我在配置文件中设置好这两个功能点就可以让它直接跑;或者比如某次扫描我只想探活+端口扫描+title扫描,同样也可以在配置文件中设置好这三个功能点,然后让它直接跑就行了。当然这只是一个小小的建议。

Related tags
Security scaninfo
A fast tool to scan CRLF vulnerability written in Go
 A fast tool to scan CRLF vulnerability written in Go

CRLFuzz A fast tool to scan CRLF vulnerability written in Go Resources Installation from Binary from Source from GitHub Usage Basic Usage Flags Target

Jan 1, 2023
Scan and analyze OSS dependencies and licenses from compiled Go binaries
 Scan and analyze OSS dependencies and licenses from compiled Go binaries

golicense - Go Binary OSS License Scanner golicense is a tool that scans compiled Go binaries and can output all the dependencies, their versions, and

Nov 6, 2022
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...
 Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

Dec 25, 2022
Akuma Scan comes with the purpose of scanning/detecting WAF (Web Application Firewall) on a certain website. Made to be easy, accurate and agile.

.m. ,_ ' ;M; ,;m ` ;M;.

Mar 21, 2022
Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.
 Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.

carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har

Nov 1, 2022
WIP. Converts Azure Container Scan Action output to SARIF, for an easier integration with GitHub Code Scanning

container-scan-to-sarif container-scan-to-sarif converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for

Jan 25, 2022
Go network scan tool.

gns Go network scan tool. Version: v0.6.0 Usage: gns [Options] <IP or domain> eg: gns -r 22-8080 -s 300 localhost Options: -a All ports, 1-6553

Dec 9, 2021
Use golang.org/x/vuln to scan your dependencies

vulnz - Use golang.org/x/vuln to scan your dependencies vulnz uses golang.org/x/vuln to scan the dependencies in your go.mod. Install go install githu

Oct 10, 2022
Git watchdog will scan your public repository and find out the vulnerabilities

Dependencies Docker Go 1.17 MySQL 8.0.25 Bootstrap Run chmod +x start.sh if start.sh script does not have privileged to run Run ./start.sh --bootstrap

Dec 30, 2021
Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

Dec 28, 2021