Scanner for Intranet

Related tags

Security related resourcescthun3
Overview

cthun3是集成端口扫描,服务识别,netbios扫描,网站识别,暴力破解和漏洞扫描的工具. cthun(克苏恩)是魔兽世界电子游戏中一位上古之神

截图

cthun3结合viper使用时截图

image.png image.png image.png image.png image.png

使用方法

端口扫描

-ps-ip

端口扫描的ip地址范围,例如可以输入

-ps-ip 192.168.146.1-255,192.168.147.1-192.168.148.255,192.168.149.1/24,ip.txt

ip.txt与cthun在同一目录,ip.txt内容可以是如下格式

192.168.146.1-255
192.168.147.1-192.168.148.255,192.168.149.1/24

-ps-p

端口扫描的端口范围,例如可以输入

-ps-p 22,80,1-65535

-ps-tp

端口扫描top N端口,例如可以输入

-ps-tp 100

-ps-r

端口扫描每个端口的重试次数,可以增强稳定性

-ps-r 2

组合起来就可以像如下方式使用

cthun -ps-ip 192.168.146.1-255,ip.txt -ps-p 60000 -ps-tp 100

Netbios扫描

-ns-ip

端口扫描的ip地址范围,例如可以输入

-ns-ip 192.168.146.1-255,192.168.147.1-192.168.148.255,192.168.149.1/24,ip.txt

ip.txt与cthun在同一目录,ip.txt内容可以是如下格式

192.168.146.1-255
192.168.147.1-192.168.148.255,192.168.149.1/24

Http扫描

-hs-ipport

与portscan组合使用,http扫描会自动将portscan结果中http及https协议的ip:port加入到扫描队列,只需输入

-hs-ipport ps

http扫描也可单独指定的ip:port列表,例如可以输入

-hs-ipport 192.168.146.1/24:8009,192.168.146.1-255:80,ipport.txt

ipport.txt与cthun在同一目录,ip.txt内容可以是如下格式

192.168.146.1-255:80
192.168.147.1-192.168.148.255:443,192.168.149.1/24:8080

-hs-url

检查网站是否存在指定的url

-hs-url /admin/login.jsp,/js/ijustcheck.js,/shell.php

组合起来就可以像如下方式使用

cthun -ps-ip ip.txt -ps-tp 100 -hs-ipport ps -hs-url /admin/login.jsp

cthun -hs-ipport 192.168.146.1-255:80 -hs-url /admin/login.jsp

暴力破解

-bf

与portscan组合使用,暴力破解会自动将portscan结果中符合条件的协议的ip:port加入到破解队列,只需输入

-bf

暴力破解协议列表:smb,ssh,redis,ftp,rdp,mysql,mongodb,memcached,vnc

-bf-smb

smb协议暴力破解,支持和user:pass及hashs暴力破解 与portscan组合使用,自动将portscan结果中smb协议的ip:port加入到扫描队列,只需输入

-bf-smb ps

http扫描也可单独指定的ip:port列表,例如可以输入

-bf-smb 192.168.146.1/24:445,192.168.146.1-255:445,ipport.txt

--bf-ssh -bf-redis -bf-ftp -bf-rdp -bf-mysql -bf-mongodb -bf-memcached -bf-vnc

参考-bf-smb使用方法

-bf-u

暴力破解用户名字典,

-bf-u  lab\\administrator,administrator,root,user.txt

user.txt文件内容格式

root
test
funnywolf

-bf-p

暴力破解密码字典,

-bf-u   1234qwer!@#$,root,foobared,password.txt

password.txt文件内容格式

root
test
123456

-bf-h

smb暴力破解哈希字典(注意不支持命令行直接输入hash内容)

-bf-h hashes.txt

hashes.txt文件内容格式

sealgod,domainadmin1,ae946ec6f4ca785ba54985f61a715a72:1d4d84d758cfa9a8a39f7121cb3e51ed
sealgod,domainadmin2,be946ec6f4ca785ba54985f61a715a72:2d4d84d758cfa9a8a39f7121cb3e51ed

-bf-sk

ssh协议私钥暴力破解,id_rsa为私钥文件名,id_rsa与cthun同一目录

-bf-sk id_rsa

--bf-dd

暴力破解是否使用内置字典

-bf-dd

组合起来就可以像如下方式使用

cthun -ps-ip ip.txt -ps-tp 100 -bf -bf-u user.txt -bf-p password.txt

cthun -ps-ip ip.txt -ps-tp 100 -bf-smb ps -bf-u user.txt -bf-p password.txt

cthun -bf-smb 192.168.146.1-255:445 -bf-u user.txt -bf-p password.txt

漏洞扫描

-vs

与portscan组合使用,漏洞会自动将portscan结果中符合条件的协议的ip:port加入到破解队列,只需输入

-vs

漏洞扫描协议列表:smb,http,https

-vs-smb -vs-http

参考-bf-smb使用方法

网络参数

-ms

最大连接数,Windows建议为100,Linux建议为300

-ms 200

-st

socket超时时间(秒),一般内网中网络延时很低,建议小于0.3

-st 0.2

-lh

是否加载ipportservice.log中的历史扫描结果,用于http扫描 暴力破解 漏洞扫描

-lh

优点

  • 端口扫描扫描速度快(255个IP,TOP100端口,15秒)
  • 服务识别准确(集成NMAP指纹数据库)
  • 单文件无依赖(方便内网扫描)
  • 适应性强(Windows Server 2003/Windows XP,Windows Server 2012,CentOS6,Debain9,ubuntu16)
  • 支持多种协议暴力破解
  • 支持netbios扫描(获取多网卡ip)
  • 支持vul扫描(ms17-010)

缺点

  • 可执行文件大(20M)
  • 不支持Windows Server 2003/Windows XP

漏洞列表

  • ms17-010
  • CVE_2019_3396
  • CVE_2017_12149
  • S2_015
  • S2_016
  • S2_045
  • CVE_2017_12615
  • CVE_2017_10271
  • CVE_2018_2894
  • CVE_2019_2729

依赖

  • RDP的暴力破解依赖OpenSSL(Windows Server 2003/Windows XP不能使用rdp暴力破解,其他功能无影响)
  • Linux服务器需要glibc版本大于2.5(高于centos5,ldd --version查看)

已测试

  • Windows Server 2003
  • Windows7
  • Windows Server 2012
  • CentOS5
  • Kali

更新日志

v1.0 20210712

新功能

  • 发布第一个版本
You might also like...
A simple subdomain scanner in python

Subdomain-Scanner A simple subdomain scanner in python ✨ Features scans subdomains of a domain thats it! 💁‍♀️ How to use first download the scanner.p

Portgas D Ace 2 Jan 7, 2022
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

Anontemitayo 9 Dec 30, 2022
a cool, easily usable and customisable subdomains scanner
a cool, easily usable and customisable subdomains scanner

Subdah 🔎 another subdomains scanner. Installation ⚠️ Python 3.10 required ⚠️ $ git clone https://github.com/traumatism/subdah $ cd subdah $ pip3 inst

toast 14 Oct 18, 2022
Web Headers Security Scanner
Web Headers Security Scanner

Web Headers Security Scanner

Emre Koybasi 3 Dec 16, 2022
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

null 1 Nov 12, 2021
An Advanced Local Network IP Scanner, made in python of course!
An Advanced Local Network IP Scanner, made in python of course!

██╗██████╗    ██████╗ █████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗ ██║██╔══██╗  ██╔════╝██╔══██╗██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██

Polsulpicien 2 Dec 18, 2021
XSS scanner in python

DeadXSS XSS scanner in python How to Download: Step 1: git clone https://github.com/Deadeye0x/DeadXSS.git Step 2: cd DeadXSS Step 3: python3 DeadXSS.p

null 2 Jul 17, 2022
Advanced subdomain scanner, any domain hidden subdomains
Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

Nano 5 Nov 23, 2021
Moodle community-based vulnerability scanner
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
Releases(v1.0)
Owner
rootkit
hack for fun
rootkit
GitHub Repository
Log4j vuln fuzz/scan with python

Log4jFuzz log4j vuln fuzz/scan USE // it's use localhost udp server to check target vuln. python3 log4jFuzz.py [option] optional arguments: -u URL,

VVzv 3 Dec 22, 2021
Safe Policy Optimization with Local Features

Safe Policy Optimization with Local Feature (SPO-LF) This is the source-code for implementing the algorithms in the paper "Safe Policy Optimization wi

Akifumi Wachi 6 Jun 05, 2022
web指纹识别工具

前言 一直苦于没有用的顺手的web指纹识别工具,学习前辈s7ckTeam的Glass和broken5的WebAliveScan优秀开源程序开发的轻量型web指纹工具。

EASY 966 Dec 26, 2022
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin

koz 1.5k Jan 04, 2023
Password database With special stuff

This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password datab

9 Oct 30, 2022
Scans for Log4j versions effected by CVE-2021-44228

check_mkExtension to check for log4j2 CVE-2021-44228 This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0) How it works Run i

inett GmbH 4 Jun 30, 2022
Sudo Baron Samedit Exploit

CVE-2021-3156 (Sudo Baron Samedit) This repository is CVE-2021-3156 exploit targeting Linux x64. For writeup, please visit https://datafarm-cybersecur

Worawit Wang 559 Jan 03, 2023
These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

Varun Jagtap 5 Oct 08, 2022
It's a simple tool for test vulnerability shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to ex

Mr. Cl0wn - H4ck1ng C0d3r 88 Dec 23, 2022
Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

SecurityJon 25 May 10, 2022
Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

CorrelAid Machine Learning Spring School Welcome to the CorrelAid ML Spring School! In this repository you can find the slides and other files for the

CorrelAid 12 Nov 23, 2022
CVE-2021-44228 log4j 2.x rce漏洞检测工具

#1 使用说明 CVE-2021-44228 log4j 2.x rce漏洞检测工具,对目标链接发起get请求并利用dnslog探测是否有回显 $ python3 log4j-scan.py -h

CoCo ainrm- 4 Jan 13, 2022
Local File Inclusion Scanner and Exploiter

LFI-Paradise Local File Inclusion Scanner and Exploiter Features 1- Scanner 2- E

11 Sep 04, 2022
宝塔面板Windows版提权方法

宝塔面板Windows提权方法 本项目整理一些宝塔特性,可以在无漏洞的情况下利用这些特性来增加提权的机会。

298 Dec 14, 2022
Official implementation of the paper "Backdoor Attacks on Self-Supervised Learning".

SSL-Backdoor Abstract Large-scale unlabeled data has allowed recent progress in self-supervised learning methods that learn rich visual representation

UMBC Vision 44 Nov 21, 2022
TCP/UDP port scanner on python, usong scapy and multiprocessin

Port Scanner TCP/UDP port scanner on python, usong scapy and multiprocessing. Usage python3 scanner.py [OPTIONS] IP_ADDRESS [{tcp|udp}[/[PORT|PORT-POR

Egor Krokhin 1 Dec 05, 2021
This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking 💣 Note: you can use this pa

Sina.f 13 Dec 08, 2022
A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

svenskithesource 16 Dec 03, 2022
LaxrFar Python Obfuscator

LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o

LaxrFar 5 Jul 19, 2022
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022