{"id":13841869,"url":"https://github.com/inbug-team/SweetBabyScan","last_synced_at":"2025-07-11T13:33:03.958Z","repository":{"id":37377529,"uuid":"494458328","full_name":"inbug-team/SweetBabyScan","owner":"inbug-team","description":"Red Tools 渗透测试","archived":false,"fork":false,"pushed_at":"2022-07-07T09:37:02.000Z","size":17543,"stargazers_count":570,"open_issues_count":11,"forks_count":78,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-11-18T07:02:32.014Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/inbug-team.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-20T12:38:04.000Z","updated_at":"2024-11-13T16:30:54.000Z","dependencies_parsed_at":"2022-07-10T13:47:18.316Z","dependency_job_id":null,"html_url":"https://github.com/inbug-team/SweetBabyScan","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inbug-team%2FSweetBabyScan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inbug-team%2FSweetBabyScan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inbug-team%2FSweetBabyScan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inbug-team%2FSweetBabyScan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/inbug-team","download_url":"https://codeload.github.com/inbug-team/SweetBabyScan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729740,"owners_count":17515158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:23.209Z","updated_at":"2024-11-21T12:30:35.554Z","avatar_url":"https://github.com/inbug-team.png","language":"Go","funding_links":[],"categories":["扫描器、资产收集、子域名","Go"],"sub_categories":["网络服务_其他"],"readme":"# SweetBabyScan\n\n轻量级内网资产探测漏洞扫描工具\n\n## 简介\n\n甜心宝贝是一款支持弱口令爆破的内网资产探测漏洞扫描工具，集成了Xray与Nuclei的Poc\n\n### 工具定位\n\n内网资产探测、通用漏洞扫描、弱口令爆破、端口转发、内网穿透、SOCK5\n\n- 主机[IP\u0026域名]存活检测，支持PING/ICMP模式\n- 端口[IP\u0026域名]服务扫描\n- 网站爬虫截图，CMS识别\n- Nuclei \u0026 Xray POC\n- 网卡识别、域控识别、SMBGhost、MS17017\n- 弱口令爆破：\n    - 文件：FTP/SMB\n    - 远程：SSH/RDP/SNMP\n    - 数据库：Redis/MongoDB/MySQL/SQLServer/PgSQL/ES/Oracle/Memcached\n- TCP端口转发\n- 内网穿透\n- SOCK5穿透\n\n### 工具截图\n\n工具根据系统自动下载对应版本的Chromium\n![1](img/1.png)\n![2](img/2.png)\n![3](img/3.png)\n![4](img/4.png)\n![5](img/5.png)\n![13](img/13.png)\n![14](img/14.png)\n![17](img/17.png)\n调高探测与扫描并发\n\n```shell\n./SbScan -h 192.168.0.0/16 -wsh 500 --wsp 500\n```\n\n![6](img/6.png)\n![7](img/7.png)\n![8](img/8.png)\n\n端口扫描可以写端口号、端口范围或者常用端口类型\n\n```shell\n./SbScan -h 192.168.188.0/24 -p 80,22,81-89\n```\n\n![9](img/9.png)\n![10](img/10.png)\n\n列出weblogic漏洞对应的poc\n\n```shell\n./SbScan --lpn --fpn weblogic\n```\n\n![15](img/15.png)\n\n列出thinkphp漏洞对应的poc\n![16](img/16.png)\n\n### 一、编译\n\n- 递归克隆项目，获取最新poc\n\n```shell\ngit clone https://github.com/inbug-team/SweetBabyScan.git --recursive\n```\n\n- 初始化module\n\n```shell\ngo mod tidy\ngo mod vendor\n```\n\n- Windows\n\n```shell\nset GOOS=windows\nset GOARCH=amd64\ngo build -ldflags=\"-s -w\" -trimpath -o SbScan.exe\n\nset GOOS=windows\nset GOARCH=386\ngo build -ldflags=\"-s -w\" -trimpath -o SbScan.exe\n```\n\n- Mac or Linux\n\n```shell\nGOOS=darwin GOARCH=amd64 go build -ldflags=\"-s -w\" -trimpath -o SbScan\nGOOS=darwin GOARCH=arm64 go build -ldflags=\"-s -w\" -trimpath -o SbScan\nGOOS=linux GOARCH=amd64 go build -ldflags=\"-s -w\" -trimpath -o SbScan\nGOOS=linux GOARCH=386 go build -ldflags=\"-s -w\" -trimpath -o SbScan\n```\n\n### 二、运行\n\n- 自动扫描\n\n```shell\n./SbScan\n```\n\n- 根据指定IP段扫描\n\n```shell\n./SbScan -h=192.168.188.1/24\n```\n\n- 根据指定IP+端口扫描\n\n```shell\n./SbScan -h=192.168.188.1/24 -p=tiny\n./SbScan -h=192.168.188.1/24,10.0.0.1/16 -p=22,80,443\n```\n\n- 根据指定IP段混合域名扫描\n\n```shell\n./SbScan -h=192.168.188.1/24,10.0.0.1/24,www.a.com,www.b.xyz,www.c.net\n```\n\n- 修改并发提高性能\n\n```shell\n./SbScan -wsh=2048 -wsp=1024 -h=192.168.188.1/24,10.0.0.1/16 -p=22,80,443\n```\n\n- 跳过主机存活检测（nsh）、POC漏洞探测（nsp）、弱口令爆破（nsw）、高危漏洞探测（nsv）\n\n```shell\n./SbScan -h=192.168.188.1/24 -p=22,80 --nsh --nsp --nsw --nsv\n```\n\n- 指定IP文件、密码文件、账号文件、输出excel文件、指定爆破协议\n\n```shell\n./SbScan -h=ip.txt -wp=pass.txt -wu=user.txt -oe=test.xlsx -ot=test.txt -ssw=redis,ssh,mysql\n```\n\n- 弱口令生成器（覆盖模式iwp、追加模式iap）\n\n```shell\n./SbScan -h=192.168.188.1/24 -iwp -pp=test,Test -pc=@ -ps=123\n```\n\n- 端口转发\n\n```shell\n./SbScan --pf -sh=192.168.188.1:8080 -lp=8080\n```\n\n- 内网穿透公网服务器端启动，启动端口默认9188可自定义\n\n```shell\n./SbScan --pm --pms -secret=自定义密码\n```\n\n- 内网客户端端口映射，TCP端口转发\n\n```shell\n./SbScan --pm --pmc -secret=自定义密码 -su=公网IP:9188 -pcm=8081-127.0.0.1:8080,8082-127.0.0.1:8080,8088-192.168.166.55:80\n```\n\n```text\n127.0.0.1:8080 映射到 公网8081\n127.0.0.1:8080 映射到 公网8082\n192.168.166.55:80 映射到 公网8088\n```\n\n- 内网Sock5穿透\n\n```shell\n./SbScan --pm --pmc --pmcs -secret=自定义密码 -su=公网IP:9188\n```\n\n### 三、参数\n\n- 查看参数帮助命令\n\n\u003e ./SbScan --help\n\n```text\nUsage:\n  ./SbScan [flags]\n\nFlags:\n   -il, -isLog                         显示日志 (default true)\n   -is, -isScreen                      启用截图 (default true)\n   -oe, -outputExcel string            指定保存excel文件路径[以.xlsx结尾]\n   -ot, -outputTxt string              指定保存txt文件路径[以.txt结尾]\n   -h, -host string                    检测网段/域名，或者txt文件[以.txt结尾，一行一组回车换行] (default \"192.168.0.0/16,172.16.0.0/12,10.0.0.0/8\")\n   -p, -port string                    端口范围：tiny[精简]、web[WEB服务]、normal[常用]、database[数据库]、caffe[咖啡厅/酒店/机场]、iot[物联网]、all[全部]、自定义 (default \"web\")\n   -pt, -protocol string               端口范围：tcp、udp、tcp+udp (default \"tcp+udp\")\n   -hb, -hostBlack string              排除网段\n   -msh, -methodScanHost string        验存方式：PING、ICMP (default \"ICMP\")\n   -wsh, -workerScanHost int           存活并发 (default 250)\n   -tsh, -timeOutScanHost int          存活超时 (default 3)\n   -r, -rarity int                     优先级 (default 10)\n   -wsp, -workerScanPort int           扫描并发 (default 250)\n   -tspc, -timeOutScanPortConnect int  端口扫描连接超时 (default 6)\n   -tsps, -timeOutScanPortSend int     端口扫描发包超时 (default 6)\n   -tspr, -timeOutScanPortRead int     端口扫描读取超时 (default 6)\n   -inpo, -isNULLProbeOnly             使用空探针，默认使用自适应探针\n   -iuap, -isUseAllProbes              使用全量探针，默认使用自适应探针\n   -wss, -workerScanSite int           爬虫并发 (default 16)\n   -tss, -timeOutScanSite int          爬虫超时 (default 6)\n   -ts, -timeOutScreen int             截图超时 (default 60)\n   -lpn, -listPocNuclei                列举Poc Nuclei\n   -lpx, -ListPocXray                  列举Poc Xray\n   -fpn, -filterPocName string         筛选POC名称，多个关键字英文逗号隔开\n   -fvl, -filterVulLevel string        筛选POC严重等级：critical[严重] \u003e high[高危] \u003e medium[中危] \u003e low[低危] \u003e info[信息]、unknown[未知]、all[全部]，多个关键字英文逗号隔开\n   -tspn, -timeOutScanPocNuclei int    PocNuclei扫描超时 (default 6)\n   -wsPoc, -workerScanPoc int          Poc并发 (default 100)\n   -gsw, -groupScanWeak int            爆破分组 (default 20)\n   -wsw, -workerScanWeak string        爆破并发，键值对形式，英文逗号分隔 (default \"ssh:1,smb:1,rdp:1,snmp:1,sqlserver:4,mysql:4,mongodb:4,postgres:4,redis:6,ftp:1,clcsearch:4,oracle:4,memcached:4\")\n   -tsw, -timeOutScanWeak int          爆破超时 (default 6)\n   -nsh, -noScanHost                   跳过主机存活检测\n   -nsw, -noScanWeak                   跳过弱口令爆破\n   -nsp, -noScanPoc                    跳过POC漏洞验证\n   -nsv, -noScanVul                    跳过高危系统漏洞探测\n   -ssw, -serviceScanWeak string       指定爆破协议：ssh,smb,rdp,snmp,sqlserver,mysql,mongodb,postgres,redis,ftp,clickhouse,elasticsearch,oracle,memcached，多个协议英文逗号分隔，默认全部\n   -au, -aUser string                  追加弱口令账号字典[以.txt结尾]\n   -ap, -aPass string                  追加弱口令密码字典[以.txt结尾]\n   -wu, -wUser string                  覆盖弱口令账号字典[以.txt结尾]\n   -wp, -wPass string                  覆盖弱口令密码字典[以.txt结尾]\n   -iap, -isAPass                      追加弱口令生成器\n   -iwp, -isWPass                      覆盖弱口令生成器\n   -pp, -passwordPrefix string         密码前缀，多个英文逗号分隔\n   -pc, -passwordCenter string         密码中位，多个英文逗号分隔\n   -ps, -passwordSuffix string         密码后缀，多个英文逗号分隔\n   -pf, -portForward                   开启端口转发\n   -sh, -sourceHost string             目标转发主机\n   -lp, -localPort int                 本机代理端口\n   -pm, -portMap                       开启内网穿透\n   -pmc, -portMapClient                开启内网穿透-客户端\n   -pms, -portMapServer                开启内网穿透-服务端\n   -pmcs, -portMapClientSock5          开启内网穿透-客户端Sock5\n   -s, -secret string                  穿透密钥，自定义 (default \"SBScan\")\n   -psl, -portServerListen int         穿透服务端监听端口 (default 9188)\n   -sp, -sock5Port int                 Sock5监听端口 (default 9189)\n   -sau, -sock5AuthUsername string     Sock5鉴权账号\n   -sap, -sock5AuthPassword string     Sock5鉴权密码\n   -su, -serverUri string              穿透服务端地址，公网IP:端口\n   -pcm, -portClientMap string         穿透客户端映射字典，多个英文逗号隔开，格式：8080-127.0.0.1:8080,9000-192.168.188.1:9000\n```\n\n### 四、更新日志\n\n\u003cdetails\u003e\n  \u003csummary\u003e更新日志👇🏻点击展开\u003c/summary\u003e\n\n```text\n2022-07-03（v0.1.0）\n    [+]更新nuclei\n    [x]修复端口扫描解析指纹库数组越界bug\n2022-06-24（v0.0.9）\n    [+]1.域名存活检测\n    [+]2.域名端口服务扫描\n    [+]3.更新弱口令\n    [+]4.更新nuclei\n    [+]5.新增截图目录\n2022-06-20（v0.0.8）\n    [+]1.Oracle爆破\n    [+]2.Memcached爆破\n    [+]3.RDP远程桌面爆破\n2022-06-15（v0.0.7）\n    [+]1.端口转发\n    [+]2.内网TCP端口映射转发/内网穿透\n    [+]3.Sock5代理/内网穿透\n    [+]4.新增Linux ARM编译，可结合termux在安卓端运行\n2022-06-09（v0.0.6）\n    [+]1.弱口令生成器\n    [+]2.支持excel+txt文件导出\n    [+]3.http跳转资产探测\n    [+]4.更新nuclei\n    [+]5.ICMP自动检测，无权限切换为PING，默认ICMP\n    [x]6.IP洗牌改成4字节整型，降低占用内存\n    [x]7.修复弱口令爆破并发过高丢包bug，协程泄漏问题，增加自定义指定协议并发数\n2022-06-06（v0.0.5）\n    [+]1.自定义输出文件\n    [+]2.自定义爆破协议\n    [+]3.自定义爆破账号密码文件（支持追加模式和覆盖模式）\n    [+]4.自定义IP文件\n2022-06-01（v0.0.4）\n    [x]1.修复POC Xray扫描引擎\n    [x]2.修复外网是否可以达？可达下载chrome并截图\n    [x]3.修复临时文件无法删除bug\n    [+]4.优化进度条\n    [+]5.新增跳过（主机存活、弱口令、POC、高危漏洞）参数\n2022-05-29（v0.0.3）\n    [x]1.修改弱口令爆破阻塞bug\n    [x]2.优化进度条显示\n2022-05-28（v0.0.2）\n    [+]1.网卡识别\n    [+]2.域控识别\n    [+]3.MS17010漏洞探测\n    [+]4.SMBGhost漏洞探测\n    [+]5.POC Xray V2漏洞探测\n    [+]6.POC Nuclei V2漏洞探测\n    [+]7.弱口令爆破\n        * FTP爆破\n        * SSH爆破\n        * SMB爆破\n        * SNMP爆破\n        * Redis爆破\n        * MongoDB爆破\n        * MySQL爆破\n        * SQLServer爆破\n        * PostGreSQL爆破\n        * ElasticSearch爆破\n    [+]8.结果存储到Excel\n2022-05-20（v0.0.1）\n    [+]1.主机存活检测（PING｜ICMP）\n    [+]2.端口服务扫描（高精度探针指纹识别）\n    [+]3.网站指纹爬虫（站点截图、CMS识别）\n```\n\n\u003c/details\u003e\n\n### 五、参考项目\n\n- 致谢🙏🙏🙏\n\n```text\n1.nuclei：https://github.com/projectdiscovery/nuclei\n2.xray：https://github.com/chaitin/xray\n```\n\n### Star Chart\n\n[![Stargazers over time](https://starchart.cc/inbug-team/SweetBabyScan.svg)](https://starchart.cc/inbug-team/SweetBabyScan)\n\n**官网**\nhttps://www.inbug.org\n\n如有BUG优先提交issues:\nhttps://github.com/inbug-team/SweetBabyScan/issues\n\n如有更好的功能建议，欢迎添加微信，好的功能建议采纳后，将会更新到下一个版本中。\n![-Wechat](img/WeChat.png)\n\n同时也可通过公众号联系：\n![-w784](img/InBug.bmp)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finbug-team%2FSweetBabyScan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finbug-team%2FSweetBabyScan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finbug-team%2FSweetBabyScan/lists"}