GoScan- An Interactive Community Scanner
GoScan is an interactive community scanner consumer, that includes auto-completion, which offers abstraction and automation over nmap.
GoScan can now be used to carry out host discovery, port scanning, and repair enumeration not solely in conditions the place being stealthy will not be a precedence and time is proscribed (suppose at CTFs, OSCP, exams, and many others.), but in addition (with a couple of tweaks in its configuration) throughout skilled engagements.
GoScan can also be significantly fitted to unstable environments (suppose unreliable community connectivity, lack of “display”, and many others.), provided that it fires scans and keep their state in an SQLite database.
Scans run within the background (indifferent from the primary thread), so even when connection to the field operating GoScan is misplaced, outcomes might be uploaded asynchronously (extra on this beneath). That’s, information might be imported into GoScan at completely different levels of the method, with out the necessity to restart your complete course of from scratch if one thing goes incorrect.
As well as, the Service Enumeration part integrates a set of different instruments (e.g., EyeWitness, Hydra, nikto, and many others.), each tailor-made to focus on a particular service.
Set up
Binary set up (Really helpful)
Binaries can be found from the Release web page.
# Linux (64bit)
$ wget https://github.com/marco-lancini/goscan/releases/obtain/v2.3/goscan_2.3_linux_amd64.zip
$ unzip goscan_2.3_linux_amd64.zip
# Linux (32bit)
$ wget https://github.com/marco-lancini/goscan/releases/obtain/v2.3/goscan_2.3_linux_386.zip
$ unzip goscan_2.3_linux_386.zip
# After that, place the executable in your PATH
$ chmod +x goscan
$ sudo mv ./goscan /usr/native/bin/goscan
Construct from supply
$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan/goscan/
$ make setup
$ make construct
To create a multi-platform binary, use the cross command by way of make:
$ make cross
Docker
$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan/
$ docker-compose up –build
Utilization
GoScan helps all the primary steps of community enumeration:
Step Instructions
1. Load targets
- Add a single goal by way of the CLI (should be a sound CIDR): load goal SINGLE
- Add a number of targets from a textual content file or folder: load goal MULTI
2. Host Discovery
- Carry out a Ping Sweep: sweep
- Or load outcomes from a earlier discovery:
> Add a single alive host by way of the CLI (should be a /32): load alive SINGLE
> Add a number of alive hosts from a textual content file or folder: load alive MULTI
3. Port Scanning
- Carry out a port scan: portscan
- Or add nmap outcomes from XML information or folder: load portscan
4. Service Enumeration
- Dry Run (solely present instructions, with out performing them): enumerate
DRY - Carry out enumeration of detected providers: enumerate
5. Particular Scans
Take screenshots of internet sites, RDP providers, and open VNC servers (KALI ONLY): particular eyewitness
EyeWitness.py must be within the system path
Extract (Home windows) area info from enumeration information
particular area
Enumerate DNS (nmap, dnsrecon, dnsenum): particular dns DISCOVERY
Bruteforce DNS: particular dns BRUTEFORCE
Reverse Bruteforce DNS: particular dns BRUTEFORCE_REVERSE
Utils
- Present outcomes: present
- Robotically configure settings by loading a config file: set config_file
- Change the output folder (by default ~/goscan): set output_folder
- Modify the default nmap switches: set nmap_switches
- Modify the default wordlists: set_wordlists
Exterior Integrations
The Service Enumeration part at present helps the next integrations:
WHAT INTEGRATION
- ARP nmap
- DNS nmap, dnsrecon, dnsenum, host
- FINGER nmap, finger-user-enum
- FTP nmap, ftp-user-enum, hydra [AGGRESSIVE]
- HTTP nmap, nikto, dirb, EyeWitness, sqlmap [AGGRESSIVE], fimap [AGGRESSIVE]
- RDP nmap, EyeWitness
- SMB nmap, enum4linux, nbtscan, samrdump
- SMTP nmap, smtp-user-enum
- SNMP nmap, snmpcheck, onesixtyone, snmpwalk
- SSH hydra [AGGRESSIVE]
- SQL nmap
- VNC EyeWitness