Scanner for Intranet

Last update: Sep 03, 2022

Related tags

Security related resources cthun3

Overview

cthun3是集成端口扫描,服务识别,netbios扫描,网站识别,暴力破解和漏洞扫描的工具. cthun(克苏恩)是魔兽世界电子游戏中一位上古之神

截图

cthun3结合viper使用时截图

使用方法

端口扫描

-ps-ip

端口扫描的ip地址范围,例如可以输入

-ps-ip 192.168.146.1-255,192.168.147.1-192.168.148.255,192.168.149.1/24,ip.txt

ip.txt与cthun在同一目录,ip.txt内容可以是如下格式

192.168.146.1-255
192.168.147.1-192.168.148.255,192.168.149.1/24

-ps-p

端口扫描的端口范围,例如可以输入

-ps-p 22,80,1-65535

-ps-tp

端口扫描top N端口,例如可以输入

-ps-tp 100

-ps-r

端口扫描每个端口的重试次数,可以增强稳定性

-ps-r 2

组合起来就可以像如下方式使用

cthun -ps-ip 192.168.146.1-255,ip.txt -ps-p 60000 -ps-tp 100

Netbios扫描

-ns-ip

端口扫描的ip地址范围,例如可以输入

-ns-ip 192.168.146.1-255,192.168.147.1-192.168.148.255,192.168.149.1/24,ip.txt

ip.txt与cthun在同一目录,ip.txt内容可以是如下格式

192.168.146.1-255
192.168.147.1-192.168.148.255,192.168.149.1/24

Http扫描

-hs-ipport

与portscan组合使用,http扫描会自动将portscan结果中http及https协议的ip:port加入到扫描队列,只需输入

-hs-ipport ps

http扫描也可单独指定的ip:port列表,例如可以输入

-hs-ipport 192.168.146.1/24:8009,192.168.146.1-255:80,ipport.txt

ipport.txt与cthun在同一目录,ip.txt内容可以是如下格式

192.168.146.1-255:80
192.168.147.1-192.168.148.255:443,192.168.149.1/24:8080

-hs-url

检查网站是否存在指定的url

-hs-url /admin/login.jsp,/js/ijustcheck.js,/shell.php

组合起来就可以像如下方式使用

cthun -ps-ip ip.txt -ps-tp 100 -hs-ipport ps -hs-url /admin/login.jsp

cthun -hs-ipport 192.168.146.1-255:80 -hs-url /admin/login.jsp

暴力破解

-bf

与portscan组合使用,暴力破解会自动将portscan结果中符合条件的协议的ip:port加入到破解队列,只需输入

-bf

暴力破解协议列表:smb,ssh,redis,ftp,rdp,mysql,mongodb,memcached,vnc

-bf-smb

smb协议暴力破解,支持和user:pass及hashs暴力破解与portscan组合使用,自动将portscan结果中smb协议的ip:port加入到扫描队列,只需输入

-bf-smb ps

http扫描也可单独指定的ip:port列表,例如可以输入

-bf-smb 192.168.146.1/24:445,192.168.146.1-255:445,ipport.txt

--bf-ssh -bf-redis -bf-ftp -bf-rdp -bf-mysql -bf-mongodb -bf-memcached -bf-vnc

参考-bf-smb使用方法

-bf-u

暴力破解用户名字典,

-bf-u  lab\\administrator,administrator,root,user.txt

user.txt文件内容格式

root
test
funnywolf

-bf-p

暴力破解密码字典,

-bf-u   1234qwer!@#$,root,foobared,password.txt

password.txt文件内容格式

root
test
123456

-bf-h

smb暴力破解哈希字典(注意不支持命令行直接输入hash内容)

-bf-h hashes.txt

hashes.txt文件内容格式

sealgod,domainadmin1,ae946ec6f4ca785ba54985f61a715a72:1d4d84d758cfa9a8a39f7121cb3e51ed
sealgod,domainadmin2,be946ec6f4ca785ba54985f61a715a72:2d4d84d758cfa9a8a39f7121cb3e51ed

-bf-sk

ssh协议私钥暴力破解,id_rsa为私钥文件名,id_rsa与cthun同一目录

-bf-sk id_rsa

--bf-dd

暴力破解是否使用内置字典

-bf-dd

组合起来就可以像如下方式使用

cthun -ps-ip ip.txt -ps-tp 100 -bf -bf-u user.txt -bf-p password.txt

cthun -ps-ip ip.txt -ps-tp 100 -bf-smb ps -bf-u user.txt -bf-p password.txt

cthun -bf-smb 192.168.146.1-255:445 -bf-u user.txt -bf-p password.txt

漏洞扫描

-vs

与portscan组合使用,漏洞会自动将portscan结果中符合条件的协议的ip:port加入到破解队列,只需输入

-vs

漏洞扫描协议列表:smb,http,https

-vs-smb -vs-http

参考-bf-smb使用方法

网络参数

-ms

最大连接数,Windows建议为100,Linux建议为300

-ms 200

-st

socket超时时间(秒),一般内网中网络延时很低,建议小于0.3

-st 0.2

-lh

是否加载ipportservice.log中的历史扫描结果,用于http扫描 暴力破解 漏洞扫描等

-lh

优点

端口扫描扫描速度快(255个IP,TOP100端口,15秒)
服务识别准确(集成NMAP指纹数据库)
单文件无依赖(方便内网扫描)
适应性强(Windows Server 2003/Windows XP,Windows Server 2012,CentOS6,Debain9,ubuntu16)
支持多种协议暴力破解
支持netbios扫描(获取多网卡ip)
支持vul扫描(ms17-010)

缺点

可执行文件大(20M)
不支持Windows Server 2003/Windows XP

漏洞列表

ms17-010
CVE_2019_3396
CVE_2017_12149
S2_015
S2_016
S2_045
CVE_2017_12615
CVE_2017_10271
CVE_2018_2894
CVE_2019_2729

依赖

RDP的暴力破解依赖OpenSSL(Windows Server 2003/Windows XP不能使用rdp暴力破解,其他功能无影响)
Linux服务器需要glibc版本大于2.5(高于centos5,ldd --version查看)

已测试

Windows Server 2003
Windows7
Windows Server 2012
CentOS5
Kali

更新日志

v1.0 20210712

新功能

发布第一个版本

A simple subdomain scanner in python

Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁‍♀️ How to use first download the scanner.p

2 Jan 7, 2022

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

9 Dec 30, 2022

a cool, easily usable and customisable subdomains scanner

Subdah 🔎 another subdomains scanner. Installation ⚠️ Python 3.10 required ⚠️ $ git clone https://github.com/traumatism/subdah $ cd subdah $ pip3 inst

14 Oct 18, 2022

Web Headers Security Scanner

3 Dec 16, 2022

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

1 Nov 12, 2021

An Advanced Local Network IP Scanner, made in python of course!

██╗██████╗ ██████╗ █████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗ ██║██╔══██╗ ██╔════╝██╔══██╗██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██

2 Dec 18, 2021

XSS scanner in python

DeadXSS XSS scanner in python How to Download: Step 1: git clone https://github.com/Deadeye0x/DeadXSS.git Step 2: cd DeadXSS Step 3: python3 DeadXSS.p

2 Jul 17, 2022

Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

5 Nov 23, 2021

Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

11 Dec 22, 2022

Scanner for Intranet

Related tags

Overview

截图

使用方法

端口扫描

-ps-ip

-ps-p

-ps-tp

-ps-r

Netbios扫描

-ns-ip

Http扫描

-hs-ipport

-hs-url

暴力破解

-bf

-bf-smb

--bf-ssh -bf-redis -bf-ftp -bf-rdp -bf-mysql -bf-mongodb -bf-memcached -bf-vnc

-bf-u

-bf-p

-bf-h

-bf-sk

--bf-dd

漏洞扫描

-vs

-vs-smb -vs-http

网络参数

-ms

-st

-lh

优点

缺点

漏洞列表

依赖

已测试

更新日志

v1.0 20210712

新功能

You might also like...

A simple subdomain scanner in python

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

a cool, easily usable and customisable subdomains scanner

Web Headers Security Scanner

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

An Advanced Local Network IP Scanner, made in python of course!

XSS scanner in python

Advanced subdomain scanner, any domain hidden subdomains

Moodle community-based vulnerability scanner

Releases(v1.0)

v1.0(Jul 12, 2021)

新功能

Owner

rootkit

A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Brute Force Guess the password for Instgram accounts with python

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

一款辅助探测Orderby注入漏洞的BurpSuite插件，Python3编写，适用于上xray等扫描器被ban的场景

This Repository is an up-to-date version of Harvard nlp's Legacy code and a Refactoring of the jupyter notebook version as a shell script version.

A python script written for lazy people to hack their school systen ;D

NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network

Deltaspy - an advanced keylogger that can send keylogs and screenshots to gmail

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses 🕵️

A guide to building basic malware in Python by implementing a keylogger application

simple python keylogger

A python script to bypass 403-forbidden.

Used to build an XSS platform on the command line.

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

Acc-Data-Gen - Allows you to generate a password, e-mail & token for your Minecraft Account

PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.