自动化爆破子域名,并遍历所有端口寻找http服务,并使用crawlergo、dirsearch、xray等工具扫描并集成报告;支持动态添加扫描到的域名至任务;

Overview

AutoScanner

AutoScanner是什么

AutoScanner是一款自动化扫描器,其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务,并使用集成的工具进行扫描,最后集成扫描报告;
工具目前有:oneforall、masscan、nmap、crawlergo、dirsearch、xray、awvs、whatweb等

是之前hscan 的重构版本;

AutoScanner做了什么

  • 自动下载项目所需要的tools
  • 使用oneforall遍历子域名
  • 使用masscan遍历主机所有开放端口
  • 使用nmap扫描开放端口;得出所有http服务端口
  • 使用crawlergo进行扫描
  • 动态添加crawlergo扫描到的域名至任务清单
  • 使用dirsearch进行目录文件扫描
  • 扫描到的目录、文件传递到xray
  • 使用xray进行被动扫描
  • 扫描结束后生成两份报告,xray和 所有tools集成的一份报告
  • ...

另外,在各个工具直接做了很多逻辑处理,如masscan扫描到过多开放端口,直接忽略;如nmap发现80和443同时开放http服务,忽略443;等等
需要注意的是,项目中提供了awvs的扫描脚本,但是考虑到正版盗版的原因项目中未集成awvs的安装包;

项目运行

由于涉及过多pip包依赖及浏览器环境等,建议使用docker运行;
其中注意项目所需要的工具会自动下载,但是由于国内github网速问题可能会导致下载失败等问题,如果发生,可下载下方包解压到tools目录;
链接: https://pan.baidu.com/s/1FAP02yYK7CF9mxMD0yj08g 密码: a6p4

截图展示

部分截图可以看之前的hscan; 这儿展示下单独的tools的报告 image image image

You might also like...
Comments
  • 报错  Name or service not know

    报错 Name or service not know

    你好: 作者 我在kali linux上安装此软件,全部安装完后运行docker_run.sh文件报Name or service not konw错误 如图所示:

    后面就什么反应都没了

    其中docker_run.sh中指定了域名参数 docker run -ti --rm -vpwd/:/root/ auto:latest -d domain.com

    请问这是什么情况。

    opened by laohuan12138 3
  • --fu url.txt时报错,请问怎么解决

    --fu url.txt时报错,请问怎么解决

    root:~/Autoscanner# docker run -ti --rm -v pwd/:/root/ autoscanner:latest --fu url.txt Traceback (most recent call last): File "main.py", line 25, in main() File "main.py", line 20, in main arguments = ArgumentParser() File "/root/lib/arguments_parse.py", line 18, in init self.urlList = get_file_content(options.urls_file) AttributeError: 'Values' object has no attribute 'urls_file'

    opened by h1iba1 2
  • 构建docker镜像报错

    构建docker镜像报错

    构建镜像报错 #12 187.6 E: Failed to fetch http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_102.0.5005.115-1_amd64.deb Connection failed [IP: 220.181.174.225 80] #12 187.6 E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

    executor failed running [/bin/sh -c ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && apt install -y curl wget python3 python3-pip masscan whatweb nmap tzdata dnsutils google-chrome-stable && pip3 install -r requirements.txt]: exit code: 100

    opened by Lins-MDFK 0
  • oneforall跑完后,xray、Nuclei未在工作

    oneforall跑完后,xray、Nuclei未在工作

    环境

    谷歌云vps、ubuntu18

    现象

    1、oneforall跑完后,未看到xray在工作;/root/Autoscanner/tools/xray_linux_amd64目录下xray的证书信息、配置文件也不存在 2、Nuclei只跑完www.xxx.com的主域名,进程就结束了 3、日志信息

    21:31:35,356 [INFOR] oneforall:253 - Finished OneForAll
    Request Progress: 131it [00:42,  3.05it/s]
    286
    
    2022-03-18 21:31:35.478 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Oneforall - over
    2022-03-18 21:31:35.538 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Bugscanner - start scanning
    2022-03-18 21:31:36.613 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Bugscanner - over
    2022-03-18 21:31:36.614 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Nslookup - start scanning
    2022-03-18 21:31:42.482 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Nslookup - over
    2022-03-18 21:31:42.488 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - Masscan - start scanning
    Error in received packet: No such file or directory
    src/rawsock-getif.c:299: read_netlink: 2
    FAIL: could not determine default interface
    FAIL:... try "--interface ethX"
    311
    
    2022-03-18 21:31:42.592 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - Masscan - over
    2022-03-18 21:31:42.593 | INFO     | lib.Tools:__init__:49 - /tmp/tmpttz7zu0m - Nmap - start scanning
    320
    
    2022-03-18 21:31:59.095 | INFO     | lib.Tools:__init__:56 - /tmp/tmpttz7zu0m - Nmap - over
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    2022-03-18 21:32:09.536 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - IpLocation - start scanning
    2022-03-18 21:32:09.615 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - IpLocation - over
    2022-03-18 21:32:09.616 | INFO     | lib.Tools:__init__:49 -  - Whatweb - start scanning
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    /usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
    383
    
    2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:56 -  - Whatweb - over
    2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Snapshot - start scanning
    2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Snapshot - over
    2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Nuclei - start scanning
    
                         __     _
       ____  __  _______/ /__  (_)
      / __ \/ / / / ___/ / _ \/ /
     / / / / /_/ / /__/ /  __/ /
    /_/ /_/\__,_/\___/_/\___/_/   2.6.3
    
                    projectdiscovery.io
    
    [WRN] Use with caution. You are responsible for your actions.
    [WRN] Developers assume no liability and are not responsible for any misuse or damage.
    [INF] nuclei-templates are not installed, installing...
    [INF] Successfully downloaded nuclei-templates (v8.9.0) to /root/nuclei-templates. GoodLuck!
    [INF] Using Nuclei Engine 2.6.3 (latest)
    [INF] Using Nuclei Templates 8.9.0 (latest)
    [INF] Templates added in last update: 2
    [INF] Templates loaded for scan: 3013
    [INF] Templates clustered: 502 (Reduced 461 HTTP Requests)
    [INF] Using Interactsh Server: oast.me
    485
    
    2022-03-18 21:33:56.049 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Nuclei - over
    2022-03-18 21:33:56.050 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Crawlergo - start scanning
    724
    
    2022-03-18 21:34:16.972 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Crawlergo - over
    2022-03-18 21:34:32.018 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Dirsearch - start scanning
    778
    
    2022-03-18 21:35:19.327 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Dirsearch - over
    [email protected]:~/Autoscanner# 
    
    opened by yida223 1
Releases(v1.2.1)
MD5-CRACKER - A gmail brute force app created with python3

MD5-CRACKER So this is my first app i created with python3 . if you guys downloa

2 Nov 10, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

Prashant Agheda 1 Nov 02, 2022
OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

Marco Simioni 13 Jul 13, 2022
High level cheatsheet that was designed to make checks on the OSCP more manageable

High level cheatsheet that was designed to make checks on the OSCP more manageable. This repository however could also be used for your own studying or for evaluating test systems like on HackTheBox

Jacob Scheetz 89 Jan 01, 2023
DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

DepFine DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE Installation: You Can inst

Hossam mesbah 14 Nov 11, 2022
neo Tool is great one in binary exploitation topic

neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it

Hamza Elansari 4 Oct 10, 2022
A security system to warn you when people enter your room 🎥

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead (< v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

GoAhead RCE Exploit Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamic

Francisco Spínola 2 Dec 12, 2021
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo

Teppei Fukuda 80 Nov 28, 2022
Brute force attack tool for Azure AD Autologon/Seamless SSO

Brute force attack tool for Azure AD Autologon

nyxgeek 89 Jan 02, 2023
Tool ini berfungsi untuk membuat virus secara instan

vbug (ID) Tool ini berfungsi untuk membuat virus secara instan. Dengan begitu pengguna vbug maker dapat menggunakannya dengan mudah dan cepat. Di dala

OneTXz 3 Jun 05, 2022
Early days of an Asset Discovery tool.

Please star this project! Written in Python Report Bug . Request Feature DISCLAIMER This project is in its early days, everything you see here is almo

grag1337 3 Dec 20, 2022
Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

Nano 5 Nov 23, 2021
If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

Ph0tonz 3 Jun 07, 2022
The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

22 Jul 25, 2022
CVE-2022-21907 Vulnerability PoC

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17, just some sm

Michele 16 Dec 18, 2022
Apache Solr SSRF(CVE-2021-27905)

Solr-SSRF Apache Solr SSRF #Use [-] Apache Solr SSRF漏洞 (CVE-2021-27905) [-] Options: -h or --help : 方法说明 -u or --url

Henry4E36 70 Nov 09, 2022
Open-source jailbreaking tool for many iOS devices

Open-source jailbreaking tool for many iOS devices *Read disclaimer before using this software. checkm8 permanent unpatchable bootrom exploit for hund

6.7k Jan 05, 2023
Python low-interaction honeyclient

Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th

Angelo Dell'Aera 896 Dec 19, 2022