{"id":13575183,"url":"https://github.com/chainreactors/gogo","last_synced_at":"2025-05-14T14:07:30.697Z","repository":{"id":63425218,"uuid":"504051070","full_name":"chainreactors/gogo","owner":"chainreactors","description":"面向红队的, 高度可控可拓展的自动化扫描引擎 | A highly controllable and scalable automated scanning engine for red teams","archived":false,"fork":false,"pushed_at":"2025-05-12T14:51:08.000Z","size":2374,"stargazers_count":1713,"open_issues_count":19,"forks_count":165,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-05-12T15:56:47.903Z","etag":null,"topics":["recon","redteam","security","security-tools"],"latest_commit_sha":null,"homepage":"https://chainreactors.github.io/wiki/gogo/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainreactors.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-06-16T07:13:40.000Z","updated_at":"2025-05-12T14:51:12.000Z","dependencies_parsed_at":"2023-02-17T01:45:52.344Z","dependency_job_id":"cab077c3-3562-4dac-90c8-4529d0ffd957","html_url":"https://github.com/chainreactors/gogo","commit_stats":{"total_commits":1165,"total_committers":3,"mean_commits":388.3333333333333,"dds":"0.023175965665236054","last_synced_commit":"6de16d652c0158751a74b6cdd25747cc2b77f0c8"},"previous_names":[],"tags_count":152,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fgogo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fgogo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fgogo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fgogo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainreactors","download_url":"https://codeload.github.com/chainreactors/gogo/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254159194,"owners_count":22024558,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["recon","redteam","security","security-tools"],"created_at":"2024-08-01T15:00:58.832Z","updated_at":"2025-05-14T14:07:30.658Z","avatar_url":"https://github.com/chainreactors.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# gogo\n\nblog posts:\n\n- https://chainreactors.github.io/wiki/blog/2022/11/15/gogo-introduce/\n\n![](https://socialify.git.ci/chainreactors/gogo/image?description=1\u0026font=Inter\u0026forks=1\u0026issues=1\u0026language=1\u0026name=1\u0026owner=1\u0026pattern=Circuit%20Board\u0026pulls=1\u0026stargazers=1\u0026theme=Light)\n\n\n## Features\n\n\n* 自由的端口配置\n* 支持主动/被动指纹识别\n* 关键信息提取, 如title, cert 以及自定义提取信息的正则\n* 支持nuclei poc, 引擎: https://github.com/chainreactors/neutron\n* 无害的扫描, 每个添加的poc都经过人工审核\n* 可控的启发式扫描\n* 超强的性能, 最快的速度, 尽可能小的内存与CPU占用.\n* 最小发包原则, 尽可能少地发包获取最多的信息\n* 支持DSL, 可以通过修改的配置文件自定义自己的gogo\n* 完善的输出与输出设计\n* 几乎不依赖第三方库, 纯原生go编写, 在windows 2003上也可以使用完整的漏洞/指纹识别功能\n \n## QuickStart\n\n完整的文档与教程位于wiki: https://chainreactors.github.io/wiki/gogo/\n\n指纹与poc仓库: https://github.com/chainreactors/templates\n\n### 最简使用\n\n指定网段进行默认扫描, 并在命令行输出\n\n`gogo -i 192.168.1.1/24 -p win,db,top2 `\n\n### 端口配置\n\n一些常用的端口配置:\n\n* `-p -`  等于`-p 1-65535`\n* `-p 1-1000` 端口范围\n* `-p common` tag: common 表示内网常用端口\n* `-p top2,top3` 可以同时选择多个tag. 外网常见web端口\n* `-p all` 表示所有预设的tag的合集.\n\n通过逗号分割多个配置, 可根据场景进行各种各样的组合配置. 例如:\n\n`gogo -i 1.1.1.1/24 -p 1-1000,common,http,db`\n\n**查看全部端口配置**\n\n`gogo -P port`\n\n可查看所有的tag对应的端口. \n\n```\n当前已有端口配置: (根据端口类型分类)\n         top1 :  80,443,8080\n         top2 :  70,80,81,82,83,84,85,86,87,88,89,90,443,1080,2000,2001,3000,3001,1443,4443,4430,5000,5001,5601,6000,6001,6002,6003,7000,7001,7002,7003,9000,9001,9002,9003,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8091,8000,8001,8002,8003,8004,8005,8006,8007,8008,8009,8010,8011,8012,8013,8014,8015,8016,8017,8018,8019,8020,8820,6443,8443,9443,8787,7080,8070,7070,7443,9080,9081,9082,9083,5555,6666,7777,7788,9999,6868,8888,8878,8889,7890,5678,6789,9090,9091,9092,9093,9094,9095,9096,9097,9098,9099,9100,9988,9876,8765,8099,8763,8848,8161,8060,8899,800,801,888,10000,10001,10002,10003,10004,10005,10006,10007,10008,10009,10010,1081,1082,10080,10443,18080,18000,18088,18090,19090,19091,50070\n         top3 :  444,9443,6080,6443,9070,9092,9093,7003,7004,7005,7006,7007,7008,7009,7010,7011,9003,9004,9005,9006,9007,9008,9009,9010,9011,8100,8101,8102,8103,8104,8105,8106,8107,8108,8109,8110,8111,8161,8021,8022,8023,8024,8025,8026,8027,8028,8029,8030,8880,8881,8882,8883,8884,8885,8886,8887,8888,8889,8890,8010,8011,8012,8013,8014,8015,8016,8017,8018,8019,8020,8090,8091,8092,8093,8094,8095,8096,8097,8098,8099,8180,8181,8983,1311,8363,8800,8761,8873,8866,8900,8282,8999,8989,8066,8200,8040,8060,10800,18081\n         docker :  2375,2376,2377,2378,2379,2380\n         lotus :  1352\n         dubbo :  18086,20880,20881,20882\n         oracle :  1158,1521,11521,210\n         ...\n         ...\n         ...\n```\n\n### 启发式扫描\n\n当目标范围的子网掩码小于24时, 建议启用 smart模式扫描([原理见doc](https://chainreactors.github.io/wiki/gogo/detail/#_7)), 例如子网掩码为16时(输出结果较多, 建议开启--af输出到文件, 命令行只输出日志)\n\n`gogo -i 172.16.1.1/12 -m ss --ping -p top2,win,db --af`\n\n`--af` 表示自动指定文件生成的文件名.\n\n`-m ss` 表示使用supersmart模式进行扫描. 还有ss,sc模式适用于不同场景\n\n`--ping` 表示在指纹识别/信息获取前判断ip是否能被ping通, 减少无效发包. **需要注意的是, 不能被ping通不代表目标一定不存活, 使用时请注意到这一点**\n\n### workflow\n\n启发式扫描的命令有些复杂, 但可以使用workflow将复杂的命令写成配置文件, 快捷调用([内置的workflow细节见doc](https://chainreactors.github.io/wiki/gogo/start/#workflow)).\n\n `gogo -w 172` \n\n即可实现与`gogo -i 172.16.1.1/12 -m ss --ping -p top2,win,db --af` 完全相同的配置\n\n**查看所有workflow**\n\n`gogo -P workflow` \n\n常用的配置已经被集成到workflow中, 例如使用supersmart mod 扫描10段内网, `gogo -w 10`即可. \n\n还有一些预留配置(即填写了其他配置, 但没有填写目标, 需要-i手动指定目标), 例如:\n\n`gogo -w ss -i 11.0.0.0/8`\n\nworkflow中的预设参数优先级低于命令行输入, 因此可以通过命令行覆盖workflow中的参数. 例如:\n\n`gogo -w 10 -i 11.0.0.0/8`\n\n### 示例 \n\n**一个简单的任务**\n\n`gogo -i 81.68.175.32/28 -p top2`\n\n```\ngogo -i 81.68.175.32/28 -p top2\n[*] Current goroutines: 1000, Version Level: 0,Exploit Target: none, PortSpray: false ,2022-07-07 07:07.07\n[*] Start task 81.68.175.32/28 ,total ports: 100 , mod: default ,2022-07-07 07:07.07\n[*] ports: 80,81,82,83,84,85,86,87,88,89,90,443,1080,2000,2001,3000,3001,4443,4430,5000,5001,5601,6000,6001,6002,6003,7000,7001,7002,7003,9000,9001,9002,9003,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8090,8000,8001,8002,8003,8004,8005,8006,8007,8008,8009,8010,8011,8012,8013,8014,8015,8016,8017,8018,8019,8020,6443,8443,9443,8787,7080,8070,7070,7443,9080,9081,9082,9083,5555,6666,7777,9999,6868,8888,8889,9090,9091,8091,8099,8763,8848,8161,8060,8899,800,801,888,10000,10001,10080 ,2022-07-07 07:07.07\n[*] Scan task time is about 8 seconds ,2022-07-07 07:07.07\n[+] http://81.68.175.33:80      nginx/1.16.0            nginx                   bd37 [200] HTTP/1.1 200\n[+] http://81.68.175.32:80      nginx/1.18.0 (Ubuntu)           nginx                   8849 [200] Welcome to nginx!\n[+] http://81.68.175.34:80      nginx           宝塔||nginx                     f0fa [200] 没有找到站点\n[+] http://81.68.175.34:8888    nginx           nginx                   d41d [403] HTTP/1.1 403\n[+] http://81.68.175.34:3001    nginx           webpack||nginx                  4a9b [200] shop_mall\n[+] http://81.68.175.37:80      Microsoft-IIS/10.0              iis10                   c80f [200] HTTP/1.1 200             c0f6 [200] 安全入口校验失败\n[*] Alive sum: 5, Target sum : 1594 ,2022-07-07 07:07.07\n[*] Totally run: 4.0441884s ,2022-07-07 07:07.07\n```\n\n如果要联动其他工具, 可以指定`-q/--quiet`关闭日志信息, 只保留输出结果.\n\n### 输出与再处理\n\n关于输入输出以及各种高级用法请见[output的wiki](https://chainreactors.github.io/wiki/gogo/start/#output)\n\n如果执行`gogo -i 81.68.175.1 --af`\n\n扫描完成后, 可以看到在gogo二进制文件同目录下, 生成了`.81.68.175.1_28_all_default_json.dat1`, 该文件是deflate压缩的json文件.\n\n通过gogo格式化该文件, 获得human-like的结果\n\n```\n gogo  -F .\\.81.68.175.1_28_all_default_json.dat1\nScan Target: 81.68.175.1/28, Ports: all, Mod: default\nExploit: none, Version level: 0\n\n[+] 81.68.175.32\n        http://81.68.175.32:80  nginx/1.18.0 (Ubuntu)           nginx                   8849 [200] Welcome to nginx!\n        tcp://81.68.175.32:22                   *ssh                     [tcp]\n        tcp://81.68.175.32:389                                           [tcp]\n[+] 81.68.175.33\n        tcp://81.68.175.33:3306                 *mysql                   [tcp]\n        tcp://81.68.175.33:22                   *ssh                     [tcp]\n        http://81.68.175.33:80  nginx/1.16.0            nginx                   bd37 [200] HTTP/1.1 200\n[+] 81.68.175.34\n        tcp://81.68.175.34:3306                 mysql 5.6.50-log                         [tcp]\n        tcp://81.68.175.34:21                   ftp                      [tcp]\n        tcp://81.68.175.34:22                   *ssh                     [tcp]\n        http://81.68.175.34:80  nginx           宝塔||nginx                     f0fa [200] 没有找到站点\n        http://81.68.175.34:8888        nginx           nginx                   d41d [403] HTTP/1.1 403\n        http://81.68.175.34:3001        nginx           webpack||nginx                  4a9b [200] shop_mall\n[+] 81.68.175.35\n        http://81.68.175.35:47001       Microsoft-HTTPAPI/2.0           microsoft-httpapi                       e702 [404] Not Found\n[+] 81.68.175.36\n        http://81.68.175.36:80  nginx   PHP     nginx                   babe [200] 风闻客栈24小时发卡中心 - 风闻客栈24小时发卡中心\n        tcp://81.68.175.36:22                   *ssh                     [tcp]\n...\n...\n```\n\n**导出到其他工具**\n\n一些常用的输出格式.\n\n* `-o full` 默认输出格式, 即上面示例所示.\n* `-o color` 带颜色的full输出. 在v2.11.0版本之后, -F 输出到命令行时为默认开启状态. 如果需要关闭, 手动指定`-o full`即可\n* `-o jl`  一行一个json, 可以通过管道传给jq实时处理\n* `-o json` 一个大的json文件\n* `-o url` 只输出url, 通常在`-F`时使用\n\n所有的输出格式见: https://chainreactors.github.io/wiki/gogo/start/#_4\n\n**输出过滤器**\n\n`--filter` 参数可以从dat文件中过滤出指定的数据并输出.\n\n例如过滤指定字段的值: `gogo -F 1.dat --filter framework::redis -o target` 表示从1.dat中过滤出redis的目标, 并输出为target字段.\n\n其中`::` 表示模糊匹配, 还有其他三种语法,如 `==` 为精准匹配, `!=` 为不等于, `!:` 为不包含\n\n`-F 1.json -f file` 重新输出到文件, 也可以`-F 1.dat --af` 自动生成格式化后的文件名. \n\n## 注意事项\n\n* **(重要)**因为并发过高,可能对路由交换设备造成伤害, 例如某些家用路由设备面对高并发可能会死机, 重启, 过热等后果. 因此在外网扫描的场景下**建议在阿里云,华为云等vps上使用**,如果扫描国外资产,建议在国外vps上使用.本地使用如果网络设备性能不佳会带来大量丢包. 如果在内网扫描需要根据实际情况调整并发数.\n* 如果使用中发现疯狂报错,大概率是io问题(例如多次扫描后io没有被正确释放,或者配合proxifier以及类似代理工具使用报错),可以通过重启电脑,或者虚拟机中使用,关闭代理工具解决.如果依旧无法解决请联系我们.\n* 还需要注意,upx压缩后的版本虽然体积小,但是有可能被杀软杀,也有可能在部分机器上无法运行.\n* 一般情况下无法在代理环境中使用,除非使用-t参数指定较低的速率(默认并发为4000).\n* gogo本身并不具备任何攻击性, 也无法对任何漏洞进行利用.\n* **使用gogo需先确保获得了授权, gogo反对一切非法的黑客行为**\n\n### 使用场景并发推荐\n\n默认的并发linux为4000, windows为1000, 为企业级网络环境下可用的并发. 不然弱网络环境(家庭, 基站等)可能会导致网络dos\n\n建议根据不同环境,手动使用-t参数指定并发数.\n\n* 家用路由器(例如钓鱼, 物理, 本机扫描)时, 建议并发 100-500\n* linux 生产网网络环境(例如外网突破web获取的点), 默认并发4000, 不需要手动修改\n* windows 生产网网络环境, 默认并发1000, 不需要手动修改\n* 高并发下udp协议漏报较多, 例如获取netbois信息时, 建议单独对udp协议以较低并发重新探测\n* web的正向代理(例如regeorg),建议并发 10-30\n* 反向代理(例如frp), 建议并发10-100\n\n如果如果发生大量漏报的情况, 大概率是网络环境发生的阻塞, 倒是网络延迟上升超过上限.\n\n因此也可以通过指定 `-d 5 `(tcp默认为2s, tls默认为两倍tcp超时时间,即4s)来提高超时时间, 减少漏报.\n\n未来也许会实现auto-tune, 自动调整并发速率\n\n**这些用法大概只覆盖了一小半的使用场景, 请[阅读文档](https://chainreactors.github.io/wiki/gogo/)**\n\n## Make\n\n### 手动编译\n\n```bash\n# download\ngit clone --recurse-submodules https://github.com/chainreactors/gogo\ncd gogo/v2\n\n# sync dependency\ngo mod tidy   \n\n# generate template.go\n# 注意: 如果需要使用go1.10编译windows03可用版本， 也需要先使用高版本的go generate生成相关依赖\ngo generate  \n\n# build \ngo build .\n\n# windows server 2003 compile\nGOOS=windows GOARCH=386 go1.10 build .\n\n# 因为go1.10 还没有go mod, 可能会导致依赖报错. 如果发生了依赖报错, 可以使用go1.11 编译. \n# go1.11 官方声明不支持windows server 2003 , 实测可以稳定运行(需要调低并发).\nGOOS=windows GOARCH=386 go1.11 build .\n```\n\n如果需要编译windows xp/2003的版本, 请先使用高版本的go生成templates. 再使用go 1.11编译即可.\n\n## Similar or related works\n\n* [ServerScan](https://github.com/Adminisme/ServerScan) 早期的简易扫描器, 功能简单但开拓了思路\n* [fscan](https://github.com/shadow1ng/fscan) 简单粗暴的扫描器, 细节上有不少问题, 但胜在简单. 参考其直白的命令行，设计了workflow相关功能.\n* [kscan](https://github.com/lcvvvv/kscan) 功能全面的扫描器, 从中选取合并了部分指纹\n* [ladongo](https://github.com/k8gege/LadonGo) 集成了各种常用功能, 从中学习了多个特殊端口的信息收集\n* [cube](https://github.com/JKme/cube) 与fscan类似, 从中学习了NTLM相关协议的信息收集\n\ngogo从这些相似的工作中改进自身. 感谢前人的工作. \n\n细节上的对比请看[文档](https://chainreactors.github.io/wiki/gogo/design/)\n\n## THANKS\n\n* https://github.com/projectdiscovery/nuclei-templates\n* https://github.com/projectdiscovery/nuclei\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainreactors%2Fgogo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainreactors%2Fgogo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainreactors%2Fgogo/lists"}