自动化爆破子域名,并遍历所有端口寻找http服务,并使用crawlergo、dirsearch、xray等工具扫描并集成报告;支持动态添加扫描到的域名至任务;

Overview

AutoScanner

AutoScanner是什么

AutoScanner是一款自动化扫描器,其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务,并使用集成的工具进行扫描,最后集成扫描报告;
工具目前有:oneforall、masscan、nmap、crawlergo、dirsearch、xray、awvs、whatweb等

是之前hscan 的重构版本;

AutoScanner做了什么

  • 自动下载项目所需要的tools
  • 使用oneforall遍历子域名
  • 使用masscan遍历主机所有开放端口
  • 使用nmap扫描开放端口;得出所有http服务端口
  • 使用crawlergo进行扫描
  • 动态添加crawlergo扫描到的域名至任务清单
  • 使用dirsearch进行目录文件扫描
  • 扫描到的目录、文件传递到xray
  • 使用xray进行被动扫描
  • 扫描结束后生成两份报告,xray和 所有tools集成的一份报告
  • ...

另外,在各个工具直接做了很多逻辑处理,如masscan扫描到过多开放端口,直接忽略;如nmap发现80和443同时开放http服务,忽略443;等等
需要注意的是,项目中提供了awvs的扫描脚本,但是考虑到正版盗版的原因项目中未集成awvs的安装包;

项目运行

由于涉及过多pip包依赖及浏览器环境等,建议使用docker运行;
其中注意项目所需要的工具会自动下载,但是由于国内github网速问题可能会导致下载失败等问题,如果发生,可下载下方包解压到tools目录;
链接: https://pan.baidu.com/s/1FAP02yYK7CF9mxMD0yj08g 密码: a6p4

截图展示

部分截图可以看之前的hscan; 这儿展示下单独的tools的报告 image image image

You might also like...
Comments
  • 报错  Name or service not know

    报错 Name or service not know

    你好: 作者 我在kali linux上安装此软件,全部安装完后运行docker_run.sh文件报Name or service not konw错误 如图所示:

    后面就什么反应都没了

    其中docker_run.sh中指定了域名参数 docker run -ti --rm -vpwd/:/root/ auto:latest -d domain.com

    请问这是什么情况。

    opened by laohuan12138 3
  • --fu url.txt时报错,请问怎么解决

    --fu url.txt时报错,请问怎么解决

    root:~/Autoscanner# docker run -ti --rm -v pwd/:/root/ autoscanner:latest --fu url.txt Traceback (most recent call last): File "main.py", line 25, in main() File "main.py", line 20, in main arguments = ArgumentParser() File "/root/lib/arguments_parse.py", line 18, in init self.urlList = get_file_content(options.urls_file) AttributeError: 'Values' object has no attribute 'urls_file'

    opened by h1iba1 2
  • 构建docker镜像报错

    构建docker镜像报错

    构建镜像报错 #12 187.6 E: Failed to fetch http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_102.0.5005.115-1_amd64.deb Connection failed [IP: 220.181.174.225 80] #12 187.6 E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

    executor failed running [/bin/sh -c ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && apt install -y curl wget python3 python3-pip masscan whatweb nmap tzdata dnsutils google-chrome-stable && pip3 install -r requirements.txt]: exit code: 100

    opened by Lins-MDFK 0
  • oneforall跑完后,xray、Nuclei未在工作

    oneforall跑完后,xray、Nuclei未在工作

    环境

    谷歌云vps、ubuntu18

    现象

    1、oneforall跑完后,未看到xray在工作;/root/Autoscanner/tools/xray_linux_amd64目录下xray的证书信息、配置文件也不存在 2、Nuclei只跑完www.xxx.com的主域名,进程就结束了 3、日志信息

    21:31:35,356 [INFOR] oneforall:253 - Finished OneForAll
    Request Progress: 131it [00:42,  3.05it/s]
    286
    
    2022-03-18 21:31:35.478 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Oneforall - over
    2022-03-18 21:31:35.538 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Bugscanner - start scanning
    2022-03-18 21:31:36.613 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Bugscanner - over
    2022-03-18 21:31:36.614 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Nslookup - start scanning
    2022-03-18 21:31:42.482 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Nslookup - over
    2022-03-18 21:31:42.488 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - Masscan - start scanning
    Error in received packet: No such file or directory
    src/rawsock-getif.c:299: read_netlink: 2
    FAIL: could not determine default interface
    FAIL:... try "--interface ethX"
    311
    
    2022-03-18 21:31:42.592 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - Masscan - over
    2022-03-18 21:31:42.593 | INFO     | lib.Tools:__init__:49 - /tmp/tmpttz7zu0m - Nmap - start scanning
    320
    
    2022-03-18 21:31:59.095 | INFO     | lib.Tools:__init__:56 - /tmp/tmpttz7zu0m - Nmap - over
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    2022-03-18 21:32:09.536 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - IpLocation - start scanning
    2022-03-18 21:32:09.615 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - IpLocation - over
    2022-03-18 21:32:09.616 | INFO     | lib.Tools:__init__:49 -  - Whatweb - start scanning
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    383
    
    2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:56 -  - Whatweb - over
    2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Snapshot - start scanning
    2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Snapshot - over
    2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Nuclei - start scanning
    
                         __     _
       ____  __  _______/ /__  (_)
      / __ \/ / / / ___/ / _ \/ /
     / / / / /_/ / /__/ /  __/ /
    /_/ /_/\__,_/\___/_/\___/_/   2.6.3
    
                    projectdiscovery.io
    
    [WRN] Use with caution. You are responsible for your actions.
    [WRN] Developers assume no liability and are not responsible for any misuse or damage.
    [INF] nuclei-templates are not installed, installing...
    [INF] Successfully downloaded nuclei-templates (v8.9.0) to /root/nuclei-templates. GoodLuck!
    [INF] Using Nuclei Engine 2.6.3 (latest)
    [INF] Using Nuclei Templates 8.9.0 (latest)
    [INF] Templates added in last update: 2
    [INF] Templates loaded for scan: 3013
    [INF] Templates clustered: 502 (Reduced 461 HTTP Requests)
    [INF] Using Interactsh Server: oast.me
    485
    
    2022-03-18 21:33:56.049 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Nuclei - over
    2022-03-18 21:33:56.050 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Crawlergo - start scanning
    724
    
    2022-03-18 21:34:16.972 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Crawlergo - over
    2022-03-18 21:34:32.018 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Dirsearch - start scanning
    778
    
    2022-03-18 21:35:19.327 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Dirsearch - over
    [email protected]:~/Autoscanner# 
    
    opened by yida223 1
Releases(v1.2.1)
WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

CVE-2020-14756 WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar README project base on https://github.com/Y4er/CVE-2020-2555 and weblo

Y4er 77 Dec 06, 2022
Check for breached passwords with k-anonymity

passwnd Check for breached passwords with k-anonymity Usage To get prompted to enter the password securely, simply run: passwnd.py Alternatively, you

Nat 1 Feb 08, 2022
Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use.

Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (

HellSec 59 Dec 01, 2022
Omega - From Wordpress admin to pty

The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.

Ángel Heredia 12 Nov 09, 2022
Learning to compose soft prompts for compositional zero-shot learning.

Compositional Soft Prompting (CSP) Compositional soft prompting (CSP), a parameter-efficient learning technique to improve the zero-shot compositional

Bats Research 32 Jan 02, 2023
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服

86 Dec 09, 2022
KeyLogger

By-Emirhan KeyLogger Hangi Sistemlerde Çalışır? | On Which Systems Does It Work? KALİ LİNUX UBUNTU PARDUS MİNT TERMUX ARCH YÜKLEME & ÇALIŞTIRMA KOMUTL

2 Feb 24, 2022
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 2 Jan 31, 2022
Proof-of-concept obfuscation toolkit for C# post-exploitation tools

InvisibilityCloak Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio proj

259 Dec 19, 2022
Script for automatic dump and brute-force passwords using Volatility Framework

Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework

whoamins 11 Apr 11, 2022
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

136 Jan 02, 2023
Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __

idna 352 Jan 02, 2023
This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly

Pro_Crack Facebook Fast Cracking Tool This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly Installation On Te

•JINN• 1 Jan 16, 2022
SSL / TLS Checking Tool written in Python3

ssts-chk SSL / TLS Checking Tool written in Python3. This tool will perform the following functions: Connect the target given Analyze the secure conne

Douglas Berdeaux 2 Feb 12, 2022
MainCoon - an automated recon framework

MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.

Md. Nur habib 8 Aug 26, 2022
An Advanced Local Network IP Scanner, made in python of course!

██╗██████╗    ██████╗ █████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗ ██║██╔══██╗  ██╔════╝██╔══██╗██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██

Polsulpicien 2 Dec 18, 2021
自动化爆破子域名,并遍历所有端口寻找http服务,并使用crawlergo、dirsearch、xray等工具扫描并集成报告;支持动态添加扫描到的域名至任务;

AutoScanner AutoScanner是什么 AutoScanner是一款自动化扫描器,其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务,并使用集成的工具进行扫描,最后集成扫描报告; 工具目前有:oneforall、masscan、nmap、crawlergo、dirse

633 Dec 30, 2022
An intranet tool for easily intranet pentesting

IntarKnife v1.0 a tool can be used in intarnet for easily pentesting moudle hash spray U can use this tool to spray hash on a webshell IntraKnife.exe

4 Nov 24, 2021