自动化爆破子域名，并遍历所有端口寻找http服务，并使用crawlergo、dirsearch、xray等工具扫描并集成报告；支持动态添加扫描到的域名至任务；

Last update: Dec 30, 2022

Related tags

Overview

AutoScanner

AutoScanner是什么

AutoScanner是一款自动化扫描器，其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务，并使用集成的工具进行扫描，最后集成扫描报告；
工具目前有：oneforall、masscan、nmap、crawlergo、dirsearch、xray、awvs、whatweb等

是之前hscan 的重构版本；

AutoScanner做了什么

自动下载项目所需要的tools
使用oneforall遍历子域名
使用masscan遍历主机所有开放端口
使用nmap扫描开放端口；得出所有http服务端口
使用crawlergo进行扫描
动态添加crawlergo扫描到的域名至任务清单
使用dirsearch进行目录文件扫描
扫描到的目录、文件传递到xray
使用xray进行被动扫描
扫描结束后生成两份报告，xray和所有tools集成的一份报告
...

另外，在各个工具直接做了很多逻辑处理，如masscan扫描到过多开放端口，直接忽略；如nmap发现80和443同时开放http服务，忽略443；等等
需要注意的是，项目中提供了awvs的扫描脚本，但是考虑到正版盗版的原因项目中未集成awvs的安装包；

项目运行

由于涉及过多pip包依赖及浏览器环境等，建议使用docker运行；
其中注意项目所需要的工具会自动下载，但是由于国内github网速问题可能会导致下载失败等问题，如果发生，可下载下方包解压到tools目录；
链接: https://pan.baidu.com/s/1FAP02yYK7CF9mxMD0yj08g 密码: a6p4

截图展示

部分截图可以看之前的hscan；这儿展示下单独的tools的报告

Comments

报错 Name or service not know

你好：作者我在kali linux上安装此软件，全部安装完后运行docker_run.sh文件报Name or service not konw错误如图所示:

后面就什么反应都没了

其中docker_run.sh中指定了域名参数 docker run -ti --rm -vpwd/:/root/ auto:latest -d domain.com

请问这是什么情况。

opened by laohuan12138 3
--fu url.txt时报错，请问怎么解决

root:~/Autoscanner# docker run -ti --rm -v pwd/:/root/ autoscanner:latest --fu url.txt Traceback (most recent call last): File "main.py", line 25, in main() File "main.py", line 20, in main arguments = ArgumentParser() File "/root/lib/arguments_parse.py", line 18, in init self.urlList = get_file_content(options.urls_file) AttributeError: 'Values' object has no attribute 'urls_file'

opened by h1iba1 2
构建docker镜像报错

构建镜像报错 #12 187.6 E: Failed to fetch http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_102.0.5005.115-1_amd64.deb Connection failed [IP: 220.181.174.225 80] #12 187.6 E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

executor failed running [/bin/sh -c ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && apt install -y curl wget python3 python3-pip masscan whatweb nmap tzdata dnsutils google-chrome-stable && pip3 install -r requirements.txt]: exit code: 100

opened by Lins-MDFK 0

oneforall跑完后，xray、Nuclei未在工作

环境

谷歌云vps、ubuntu18

现象

1、oneforall跑完后，未看到xray在工作；/root/Autoscanner/tools/xray_linux_amd64目录下xray的证书信息、配置文件也不存在 2、Nuclei只跑完www.xxx.com的主域名，进程就结束了 3、日志信息

21:31:35,356 [INFOR] oneforall:253 - Finished OneForAll
Request Progress: 131it [00:42,  3.05it/s]
286

2022-03-18 21:31:35.478 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Oneforall - over
2022-03-18 21:31:35.538 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Bugscanner - start scanning
2022-03-18 21:31:36.613 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Bugscanner - over
2022-03-18 21:31:36.614 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Nslookup - start scanning
2022-03-18 21:31:42.482 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Nslookup - over
2022-03-18 21:31:42.488 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - Masscan - start scanning
Error in received packet: No such file or directory
src/rawsock-getif.c:299: read_netlink: 2
FAIL: could not determine default interface
FAIL:... try "--interface ethX"
311

2022-03-18 21:31:42.592 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - Masscan - over
2022-03-18 21:31:42.593 | INFO     | lib.Tools:__init__:49 - /tmp/tmpttz7zu0m - Nmap - start scanning
320

2022-03-18 21:31:59.095 | INFO     | lib.Tools:__init__:56 - /tmp/tmpttz7zu0m - Nmap - over
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
2022-03-18 21:32:09.536 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - IpLocation - start scanning
2022-03-18 21:32:09.615 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - IpLocation - over
2022-03-18 21:32:09.616 | INFO     | lib.Tools:__init__:49 -  - Whatweb - start scanning
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
383

2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:56 -  - Whatweb - over
2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Snapshot - start scanning
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Snapshot - over
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Nuclei - start scanning

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.6.3

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] nuclei-templates are not installed, installing...
[INF] Successfully downloaded nuclei-templates (v8.9.0) to /root/nuclei-templates. GoodLuck!
[INF] Using Nuclei Engine 2.6.3 (latest)
[INF] Using Nuclei Templates 8.9.0 (latest)
[INF] Templates added in last update: 2
[INF] Templates loaded for scan: 3013
[INF] Templates clustered: 502 (Reduced 461 HTTP Requests)
[INF] Using Interactsh Server: oast.me
485

2022-03-18 21:33:56.049 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Nuclei - over
2022-03-18 21:33:56.050 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Crawlergo - start scanning
724

2022-03-18 21:34:16.972 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Crawlergo - over
2022-03-18 21:34:32.018 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Dirsearch - start scanning
778

2022-03-18 21:35:19.327 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Dirsearch - over
[email protected]:~/Autoscanner#

opened by yida223 1

Releases(v1.2.1)

v1.2.1(Jul 15, 2022)
修改了前台界面

修改了之前的一些bug

Source code(tar.gz)
Source code(zip)
v1.2.0(Mar 18, 2022)

-增加nuclei -增加bugscanner -调整nmap的扫描次序 -调优
Source code(tar.gz)
Source code(zip)
v1.1.0(Jul 7, 2021)
全新重构

加入网页截图，cdn检测，定位信息等

Source code(tar.gz)
Source code(zip)
v1.0.2(May 23, 2021)
修复了一些bug

增加--fq功能，一键从企查查的备案列表导出文件中读取并扫描

Source code(tar.gz)
Source code(zip)
v1.0.1(Apr 23, 2021)
增加了工具执行时超时强制结束功能

Source code(tar.gz)
Source code(zip)
v1.0.0(Apr 17, 2021)

Source code(tar.gz)
Source code(zip)

Owner

[email protected]

GitHub Repository

Script Crack Facebook Elite 🚶‍♂

elite Script Crack Facebook Elite 🚶‍♂ Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install git $ pkg install python $ pip

1 Jan 02, 2022

LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

40 Dec 21, 2022

AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

Attraction Finder Developers: Riyon Praveen, Aaron Bijoy, & Yash Vora How It Wor

2 Feb 09, 2022

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you.

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you. Although it may not work with high degrees of obfuscation, it's a pretty nice tool to help you even if it's j

3 May 01, 2022

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams

13 Jan 04, 2022

Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

1 Nov 24, 2022

Wordlist attacks on Bitwarden data.json files

BitwardenDecryptBrute This is a slightly modified version of BitwardenDecrypt. In addition to the decryption this version can do wordlist attacks for

42 Nov 09, 2022

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

329 Jan 01, 2023

Password Manager is a simple Python project which helps users in managing their passwords in a easier way

4 Sep 29, 2021

Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

25 May 10, 2022

SonicWALL SSL-VPN Web Server Vulnerable Exploit

44 Nov 15, 2022

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ

22.1k Jan 02, 2023

自动化爆破子域名，并遍历所有端口寻找http服务，并使用crawlergo、dirsearch、xray等工具扫描并集成报告；支持动态添加扫描到的域名至任务；

Related tags

Overview

AutoScanner

AutoScanner是什么

AutoScanner做了什么

项目运行

截图展示

You might also like...

Comments

报错 Name or service not know

--fu url.txt时报错，请问怎么解决

构建docker镜像报错

oneforall跑完后，xray、Nuclei未在工作

环境

现象

Releases(v1.2.1)

v1.2.1(Jul 15, 2022)

v1.2.0(Mar 18, 2022)

v1.1.0(Jul 7, 2021)

v1.0.2(May 23, 2021)

v1.0.1(Apr 23, 2021)

v1.0.0(Apr 17, 2021)

Owner

Script Crack Facebook Elite 🚶‍♂

LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

AttractionFinder - 2022 State Qualified FBLA Attraction Finder Application

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you.

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

Auerswald COMpact 8.0B Backdoors exploit

Wordlist attacks on Bitwarden data.json files

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

Password Manager is a simple Python project which helps users in managing their passwords in a easier way

Python tool for dumping flash via uboot reliably

SonicWALL SSL-VPN Web Server Vulnerable Exploit

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Search Shodan for Minecraft server IPs to grief

Simples brute forcer de diretorios para web pentest.

Brainly-Scrambler - Brainly Scrambler With Python

If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

The ultimate Metasploit apk binder with legit apk written in python3

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

MayorSec DNS Enumeration Tool

Windows Server 2016, 2019, 2022 Extracter & Recovery