GoScan

GoScan is an interactive network scanner client, featuring auto-complete, which provides abstraction and automation over nmap.

It can be used to perform host discovery, port scanning, and service enumeration in situations where being stealthy is not a priority, and time is limited (think of CTFs, OSCP, exams, etc.).

GoScan supports all the main steps of network enumeration:

  1. Host Discovery (ARP + ping sweep): sweep <TYPE> <TARGET>
  2. Port Scanning: portscan <TYPE> <TARGET>
  3. Service Enumeration: enumerate <TYPE> <POLITE/AGGRESSIVE> <TARGET>

Plus some more:

  1. DNS enumeration: dns <DISCOVERY/BRUTEFORCE/BRUTEFORCE_REVERSE> <DOMAIN> [<BASE_IP>]
  2. Domain enumeration (Extract windows domain information from enumeration data): domain <users/hosts/servers>

In addition, it has a few supporting commands:

  • Change the output folder (by default ~/goscan): set_output_folder <PATH>
  • Modify the default nmap switches: set_nmap_switches <SWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD>
  • Modify the default wordlists: set_wordlists <FINGER_USER/FTP_USER/…>
  • Show live hosts: show hosts
  • Show detailed ports information: show ports
  • Reset the database: db reset

External Integrations

The Service Enumeration phase currently supports the following integrations:

WHATINTEGRATION
ARPnmap, netdiscover
DNSnmap, dnsrecon, dnsenum, host
FINGERnmap, finger-user-enum
FTPnmap, ftp-user-enum, hydra
HTTPnmap, nikto, dirb, sqlmap, fimap
RDPnmap
SMBnmap, enum4linux, nbtscan, samrdump
SMTPnmap, smtp-user-enum
SNMPnmap, snmpcheck, onesixtyone, snmpwalk
SSHhydra
SQLnmap

Changelog v2.3

Added

  • Support to automatically configure settings by loading a configuration file

Fixed

  • Nmap output file names when running concurrently on all targets

Use

Download

Copyright (c) 2018 Marco Lancini

Source: https://github.com/marco-lancini/

Loading