自动化爆破子域名，并遍历所有端口寻找http服务，并使用crawlergo、dirsearch、xray等工具扫描并集成报告；支持动态添加扫描到的域名至任务；

Last update: Dec 30, 2022

Related tags

Overview

AutoScanner

AutoScanner是什么

AutoScanner是一款自动化扫描器，其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务，并使用集成的工具进行扫描，最后集成扫描报告；
工具目前有：oneforall、masscan、nmap、crawlergo、dirsearch、xray、awvs、whatweb等

是之前hscan 的重构版本；

AutoScanner做了什么

自动下载项目所需要的tools
使用oneforall遍历子域名
使用masscan遍历主机所有开放端口
使用nmap扫描开放端口；得出所有http服务端口
使用crawlergo进行扫描
动态添加crawlergo扫描到的域名至任务清单
使用dirsearch进行目录文件扫描
扫描到的目录、文件传递到xray
使用xray进行被动扫描
扫描结束后生成两份报告，xray和所有tools集成的一份报告
...

另外，在各个工具直接做了很多逻辑处理，如masscan扫描到过多开放端口，直接忽略；如nmap发现80和443同时开放http服务，忽略443；等等
需要注意的是，项目中提供了awvs的扫描脚本，但是考虑到正版盗版的原因项目中未集成awvs的安装包；

项目运行

由于涉及过多pip包依赖及浏览器环境等，建议使用docker运行；
其中注意项目所需要的工具会自动下载，但是由于国内github网速问题可能会导致下载失败等问题，如果发生，可下载下方包解压到tools目录；
链接: https://pan.baidu.com/s/1FAP02yYK7CF9mxMD0yj08g 密码: a6p4

截图展示

部分截图可以看之前的hscan；这儿展示下单独的tools的报告

Comments

报错 Name or service not know

你好：作者我在kali linux上安装此软件，全部安装完后运行docker_run.sh文件报Name or service not konw错误如图所示:

后面就什么反应都没了

其中docker_run.sh中指定了域名参数 docker run -ti --rm -vpwd/:/root/ auto:latest -d domain.com

请问这是什么情况。

opened by laohuan12138 3
--fu url.txt时报错，请问怎么解决

root:~/Autoscanner# docker run -ti --rm -v pwd/:/root/ autoscanner:latest --fu url.txt Traceback (most recent call last): File "main.py", line 25, in main() File "main.py", line 20, in main arguments = ArgumentParser() File "/root/lib/arguments_parse.py", line 18, in init self.urlList = get_file_content(options.urls_file) AttributeError: 'Values' object has no attribute 'urls_file'

opened by h1iba1 2
构建docker镜像报错

构建镜像报错 #12 187.6 E: Failed to fetch http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_102.0.5005.115-1_amd64.deb Connection failed [IP: 220.181.174.225 80] #12 187.6 E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

executor failed running [/bin/sh -c ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && apt install -y curl wget python3 python3-pip masscan whatweb nmap tzdata dnsutils google-chrome-stable && pip3 install -r requirements.txt]: exit code: 100

opened by Lins-MDFK 0

oneforall跑完后，xray、Nuclei未在工作

环境

谷歌云vps、ubuntu18

现象

1、oneforall跑完后，未看到xray在工作；/root/Autoscanner/tools/xray_linux_amd64目录下xray的证书信息、配置文件也不存在 2、Nuclei只跑完www.xxx.com的主域名，进程就结束了 3、日志信息

21:31:35,356 [INFOR] oneforall:253 - Finished OneForAll
Request Progress: 131it [00:42,  3.05it/s]
286

2022-03-18 21:31:35.478 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Oneforall - over
2022-03-18 21:31:35.538 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Bugscanner - start scanning
2022-03-18 21:31:36.613 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Bugscanner - over
2022-03-18 21:31:36.614 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Nslookup - start scanning
2022-03-18 21:31:42.482 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Nslookup - over
2022-03-18 21:31:42.488 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - Masscan - start scanning
Error in received packet: No such file or directory
src/rawsock-getif.c:299: read_netlink: 2
FAIL: could not determine default interface
FAIL:... try "--interface ethX"
311

2022-03-18 21:31:42.592 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - Masscan - over
2022-03-18 21:31:42.593 | INFO     | lib.Tools:__init__:49 - /tmp/tmpttz7zu0m - Nmap - start scanning
320

2022-03-18 21:31:59.095 | INFO     | lib.Tools:__init__:56 - /tmp/tmpttz7zu0m - Nmap - over
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
2022-03-18 21:32:09.536 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - IpLocation - start scanning
2022-03-18 21:32:09.615 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - IpLocation - over
2022-03-18 21:32:09.616 | INFO     | lib.Tools:__init__:49 -  - Whatweb - start scanning
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
383

2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:56 -  - Whatweb - over
2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Snapshot - start scanning
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Snapshot - over
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Nuclei - start scanning

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.6.3

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] nuclei-templates are not installed, installing...
[INF] Successfully downloaded nuclei-templates (v8.9.0) to /root/nuclei-templates. GoodLuck!
[INF] Using Nuclei Engine 2.6.3 (latest)
[INF] Using Nuclei Templates 8.9.0 (latest)
[INF] Templates added in last update: 2
[INF] Templates loaded for scan: 3013
[INF] Templates clustered: 502 (Reduced 461 HTTP Requests)
[INF] Using Interactsh Server: oast.me
485

2022-03-18 21:33:56.049 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Nuclei - over
2022-03-18 21:33:56.050 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Crawlergo - start scanning
724

2022-03-18 21:34:16.972 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Crawlergo - over
2022-03-18 21:34:32.018 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Dirsearch - start scanning
778

2022-03-18 21:35:19.327 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Dirsearch - over
[email protected]:~/Autoscanner#

opened by yida223 1

Releases(v1.2.1)

v1.2.1(Jul 15, 2022)
修改了前台界面

修改了之前的一些bug

Source code(tar.gz)
Source code(zip)
v1.2.0(Mar 18, 2022)

-增加nuclei -增加bugscanner -调整nmap的扫描次序 -调优
Source code(tar.gz)
Source code(zip)
v1.1.0(Jul 7, 2021)
全新重构

加入网页截图，cdn检测，定位信息等

Source code(tar.gz)
Source code(zip)
v1.0.2(May 23, 2021)
修复了一些bug

增加--fq功能，一键从企查查的备案列表导出文件中读取并扫描

Source code(tar.gz)
Source code(zip)
v1.0.1(Apr 23, 2021)
增加了工具执行时超时强制结束功能

Source code(tar.gz)
Source code(zip)
v1.0.0(Apr 17, 2021)

Source code(tar.gz)
Source code(zip)

Owner

[email protected]

GitHub Repository

A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

167 Dec 19, 2022

On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse

3 Dec 04, 2022

Buff A simple BOF library I wrote under an hour to help me automate with BOF attack

What is Buff? A simple BOF library I wrote under an hour to help me automate with BOF attack. It comes with fuzzer and a generic method to generate ex

3 Nov 21, 2022

NS-LOOKUP - A python script for scanning website for getting ip address of a website

NS-LOOKUP A python script for scanning website for getting ip address of a websi

5 Aug 02, 2022

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

500 Jan 06, 2023

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

431 Dec 22, 2022

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

2 Feb 05, 2022

Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

CVE-2021-40870 Exploitation An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous ty

16 Nov 15, 2022

Scanner for Intranet

cthun3是集成端口扫描,服务识别,netbios扫描,网站识别,暴力破解和漏洞扫描的工具. cthun(克苏恩)是魔兽世界电子游戏中一位上古之神截图 cthun3结合viper使用时截图使用方法端口扫描 -ps-ip 端口扫描的ip地址范围,例如可以输入 -ps-ip 192.168.14

18 Sep 03, 2022

Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.

GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __

352 Jan 02, 2023

A semi-automatic osint/recon framework.

Smog Framework A semi-automatic osint/recon framework. Requirements git Python = 3.8 How to use it

22 Oct 17, 2022

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi

408 Jan 03, 2023

Sentinel-1 SAR time series analysis for OSINT use

SARveillance Sentinel-1 SAR time series analysis for OSINT use. Description Generates a time lapse GIF of the Sentinel-1 satellite images for the loca

21 Dec 09, 2022

Simple script for looping a Denial Of Service (DoS) attack over one single mac address in range

Bluetooth Simple Denial Of Service (DoS) Legal Note This project is made only for educational purposes and for helping in Proofs of Concept. The autho

1 Jan 09, 2022

Lightweight and beneficial Dependency Injection plugin for apscheduler

Implementation of dependency injection for apscheduler Prerequisites: apscheduler-di solves the problem since apscheduler doesn't support Dependency I

11 Dec 07, 2022

Discord Token Stealer Malware Protection

TokenGuard TokenGuard, protect your account, prevent token steal. Totally free and open source Discord Server: https://discord.gg/EmwfaGuBE8 Source Co

10 Nov 23, 2022

The best Python Backdoor👌

Backdoor The best Python Backdoor Files Server file is used in all of cases If client is Windows, the client need execute EXE file If client is Linux,

13 Oct 28, 2022

Archive-Crack - A Tools for crack file archive

Install In TERMUX apt update && apt upgrade -y pkg install python git unrar

10 Oct 06, 2022

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

MassDNS A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amou

2.5k Jan 07, 2023

Scout Suite - an open source multi-cloud security-auditing tool,

Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t

5k Jan 05, 2023