{"id":13845199,"url":"https://github.com/komomon/Komo","last_synced_at":"2025-07-12T01:32:14.028Z","repository":{"id":65570626,"uuid":"541955748","full_name":"komomon/Komo","owner":"komomon","description":"🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray，对web服务进行POC漏洞扫描，对主机进行主机漏洞扫描。","archived":false,"fork":false,"pushed_at":"2024-01-19T10:07:07.000Z","size":24070,"stargazers_count":505,"open_issues_count":2,"forks_count":55,"subscribers_count":14,"default_branch":"main","last_synced_at":"2024-08-05T17:44:00.098Z","etag":null,"topics":["amass","bugbounty","crawlergo","ctfr","emailall","gospider","hacking","httpx","information-gathering","infosec","ksubdomain","naabu","nuclei","oneforall","osint","pentesting","poc","rad","subfinder","xray"],"latest_commit_sha":null,"homepage":"https://www.cnblogs.com/forforever/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/komomon.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-09-27T07:23:05.000Z","updated_at":"2024-07-30T08:36:51.000Z","dependencies_parsed_at":"2023-11-23T04:39:42.898Z","dependency_job_id":null,"html_url":"https://github.com/komomon/Komo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/komomon%2FKomo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/komomon%2FKomo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/komomon%2FKomo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/komomon%2FKomo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/komomon","download_url":"https://codeload.github.com/komomon/Komo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784295,"owners_count":17523617,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amass","bugbounty","crawlergo","ctfr","emailall","gospider","hacking","httpx","information-gathering","infosec","ksubdomain","naabu","nuclei","oneforall","osint","pentesting","poc","rad","subfinder","xray"],"created_at":"2024-08-04T17:03:15.972Z","updated_at":"2024-11-21T18:30:54.517Z","avatar_url":"https://github.com/komomon.png","language":"Python","funding_links":[],"categories":["信息搜集","Python"],"sub_categories":[],"readme":"# Komo 综合资产收集和漏洞扫描工具\n\n```python\nKomo is a comprehensive asset collection and vulnerability scanning tool\n\n██╗  ██╗ ██████╗ ███╗   ███╗ ██████╗ {v1.0 #dev}\n██║ ██╔╝██╔═══██╗████╗ ████║██╔═══██╗\n█████╔╝ ██║   ██║██╔████╔██║██║   ██║\n██╔═██╗ ██║   ██║██║╚██╔╝██║██║   ██║\n██║  ██╗╚██████╔╝██║ ╚═╝ ██║╚██████╔╝\n╚═╝  ╚═╝ ╚═════╝ ╚═╝     ╚═╝ ╚═════╝  By Komomon\n\n```\n\n![image-20220927001227577](images/image-20220927001227577.png)\n\n注：如果需要获得最新beta版本请前往[beta分支](https://github.com/komomon/Komo/tree/beta)，该分支更新将比较慢。\n\n## Intro\u0026\u0026Feature\n\n🚀**Komo**是一个综合资产收集和漏洞扫描工具，并且支持进度记录，通过多种方式对子域进行获取，收集域名，邮箱，子域名存活探测，域名指纹识别，域名反查ip，ip端口扫描，web服务链接爬取并发送给xray扫描，对web服务进行POC扫描，web弱口令扫描，对主机进行主机POC扫描，常见端口弱口令扫描。\n\n🚋**Komo**集成了**oneforall**，**subfinder**，**ksubdomain**，**amass**，**ctfr**，**emailall**，**httpx**，**naabu**，**TxPortMap**，**ehole**，**goon3**，**crawlergo**，**rad**，**hakrawler**，**gau**，**gospider**，**URLfinder**，**vscan**，**nuclei**，**afrog**，**vulmap**，**SweetBabyScan**，**xray**等**20**多款工具，全自动化、智能化工具。本工具依托各工具特色，进行模块化构建。\n\nKomo的目的为了一键化，便捷性，可移植性，便于打点和红队外围渗透工作，所以将基于模块化开发，所有工具都汇总到统一接口，以便于下一个模块调用和后续某模块新增工具。**==如果你有好的工具和改进建议，可以添加下面的公众号群聊来沟通==**。\n\n~~Komo的每个模块可以单独拿出来直接使用，每个模块下面都有一个main，注意工具下载到对应目录下即可。~~\n\nKomo可以自动下载所需的所有工具，不用使用者自己下载每个工具，使用`python3 Komo.py install` 即可，同时也便于移动，**这保证了Komo的体积足够精简**。\n\nKomo目前已经适配window、linux。\n\n\n\n\n\n## Project structure\n\n![流程图](images/流程图.jpg)\n\n\n\n## Usage\n\n### 初始化\n\n安装`python3`（`python2`暂时不支持）\n\n安装相应的库文件`pip3 install -r requirements.txt`\n\n第一次使用下载所需工具，以及部分工具初始化（goon，vulmap，afrog）\n\n**注：国内访问github可能存在超时问题，推荐使用代理下载工具进行初始化。**\n\n```python\npython3 Komo.py install\npython3 Komo.py  --proxy http://127.0.0.1:10809 install\npython3 Komo.py  --proxy socks5://127.0.0.1:10809 install\n```\n\n如下图所示，如果下载失败，则需要手动去下载对应工具到对应目录。\n\n![image-20220927001258352](images/image-20220927001258352.png)\n\n注意：使用v2ray的开全局不一定能行，可以使用clash开TUN。\n\n\n\n### 配置\n\n配置文件config/config.yaml\n\n**部分配置讲解**\n\n修改有runtime字段的工具的runtime字段，设置工具的运行时间，如果超时则kill掉，推荐设置600-1200s\n\n```\ncrawlergo:\n      toolname: crawlergo\n      runtime: 900\nrad:\n      toolname: rad\n      runtime: 900\n```\n\n修改xray的监听端口\n\n```\nother:\n    xray:\n      toolname: xray\n      listenport: 7777 #修改监听端口\n```\n\n其他配置为以后扩充开发预留配置，暂时不用修改。\n\noneforall等工具的配置，要在初始化之后进入到对应工具目录进行修改，比如oneforall：`core/tools/domain/Oneforall`\n\n\n\n### **Komo 支持多种模式**\n\n\u003e install：下载所有工具\n\u003e\n\u003e all: 资产收集+攻击，多种方式收集域名，收集域名邮箱，域名存活探测，域名反查ip，域名指纹识别，ip端口扫描，web服务链接爬取，将爬取的链接发送给xray进行扫描，POC漏洞扫描，反查的ip进行其他端口漏洞扫描，弱口令扫描\n\u003e\n\u003e all2: 资产收集+攻击，提供子域名，域名存活探测，域名反查ip，域名指纹识别，ip端口扫描，web服务链接爬取，将爬取的链接发送给xray进行扫描，POC漏洞扫描，反查的ip进行其他端口漏洞扫描，弱口令扫描\n\u003e \n\u003e collect:只资产收集，多种方式收集域名，收集域名邮箱，域名存活探测，域名反查ip，域名指纹识别，ip端口扫描，web服务链接爬取\n\u003e\n\u003e subdomain: 通过多种方式进行域名收集，dns爬取，爆破，证书获取，DNS运营商处获取。\n\u003e\n\u003e finger: 对收集到的域名或域名文件进行存活探测和指纹识别（Ehole+wapplyzer）\n\u003e\n\u003e portscan：对反查的ip列表或ip文件进行端口扫描\n\u003e\n\u003e sensitive：对收集到的存活域名或域名文件进行url爬取\n\u003e\n\u003e webattack：对收集到的存活域名或域名文件进行url爬取，然后发送给xray进行扫描，同时也调用nuclei，afrog，vulmap，vscan进行漏洞扫描\n\u003e\n\u003e hostattack：对反查的ip列表或ip文件进行常见服务弱口令扫描和漏洞扫描\n\u003e\n\u003e \n\n\n\n#### install 下载所有工具\n\n功能：根据系统下载所有工具以及部分工具初始化\n\n```\npython3 Komo.py install\npython3 Komo.py  --proxy http://127.0.0.1:10809 install\npython3 Komo.py  --proxy socks5://127.0.0.1:10809 install\n```\n\n\n\n#### all 全扫描 \n\n输入：域名/域名文件\n\n功能：多种方式收集域名，收集域名，邮箱，域名存活探测，域名反查ip，域名指纹识别，ip端口扫描，web服务链接爬取，将爬取的链接发送给xray进行扫描，POC漏洞扫描，反查的ip进行其他端口漏洞扫描，弱口令扫描\n\n```python\npython3 Komo.py --domain example.com all\npython3 Komo.py --domains ./domains.txt all\n```\n\n**注意：记得使用该模式之前先启动xray，否则webattack不能完全扫描**\n\n```\nxray.exe webscan --listen 127.0.0.1:7777 --html-output 1.html\n```\n\n\n\n#### all2\n\n输入：子域名/子域名文件\n\n功能：提供子域名，不扫描子域，域名存活探测，域名反查ip，域名指纹识别，ip端口扫描，web服务链接爬取，将爬取的链接发送给xray进行扫描，POC漏洞扫描，反查的ip进行其他端口漏洞扫描，弱口令扫描\n\n```python\npython3 Komo.py --subdomain aaa.example.com all2\npython3 Komo.py --subdomains ./subdomains.txt all2\n```\n\n**注意：记得使用该模式之前先启动xray，否则webattack不能完全扫描**\n\n```\nxray.exe webscan --listen 127.0.0.1:7777 --html-output 1.html\n```\n\n\n\n#### collect\n\n输入：域名/域名文件\n\n功能：全方位资产收集，多种方式收集域名，收集域名，邮箱，域名存活探测，域名反查ip，域名指纹识别，ip端口扫描，web服务链接爬取\n\n```python\npython3 Komo.py --domain example.com collect\npython3 Komo.py --domains ./domains.txt collect\n```\n\n#### collect1\n\n输入：域名/域名文件\n\n功能：只资产收集，多种方式收集域名，收集域名，域名存活探测，域名反查ip，域名指纹识别\n\n功能比collect 少了端口扫描，web链接爬取\n\n```python\npython3 Komo.py --domain example.com collect1\npython3 Komo.py --domains ./domains.txt collect1\n```\n\n#### collect2\n\n输入：域名/域名文件\n\n功能：只资产收集，多种方式收集域名，收集域名，邮箱，域名存活探测，域名反查ip，域名指纹识别，ip端口扫描\n\n功能比collect 少了web链接爬取\n\n```python\npython3 Komo.py --domain example.com collect2\npython3 Komo.py --domains ./domains.txt collect2\n```\n\n\n\n\n\n\n\n#### subdomain\n\n输入：域名/域名文件\n\n功能：通过多种方式进行域名收集，dns爬取，爆破，证书获取，DNS运营商处获取。\n\n```python\npython3 Komo.py --domain example.com subdomain\npython3 Komo.py --domains ./domains.txt subdomain\n```\n\n#### finger\n\n输入：url/url文件\n\n功能：对收集到的域名或域名文件进行存活探测和指纹识别（Ehole+wapplyzer）\n\n```python\npython3 Komo.py --url http://example.com finger\npython3 Komo.py --urls ./urls.txt finger\n```\n\n#### **portscan**\n\n输入：ip/ip文件\n\n功能：对反查的ip列表或ip文件进行端口扫描和端口指纹识别\n\n默认端口扫描列表\n\n```\n21,22,23,25,53,53,69,80,81,88,110,111,111,123,123,135,137,139,161,177,389,427,443,445,465,500,515,520,523,548,623,626,636,873,902,1080,1099,1433,1434,1521,1604,1645,1701,1883,1900,2049,2181,2375,2379,2425,3128,3306,3389,4730,5060,5222,5351,5353,5432,5555,5601,5672,5683,5900,5938,5984,6000,6379,7001,7077,8080,8081,8443,8545,8686,9000,9001,9042,9092,9100,9200,9418,9999,11211,11211,27017,33848,37777,50000,50070,61616\n```\n\n```python\npython3 Komo.py --ip 1.1.1.1 portscan\npython3 Komo.py --ips ./ips.txt portscan\n```\n\n\n\n#### sensitive\n\n输入：url/url文件\n\n功能：对收集到的存活域名或域名文件进行url爬取（crawlergo，rad，gau，URLFinder，gospider，hakrawler）\n\n```python\npython3 Komo.py --url http://example.com sensitive\npython3 Komo.py --urls ./urls.txt sensitive\n```\n\n#### webattack\n\n输入：url/url文件\n\n功能：对url进行爬取，然后发送给xray进行扫描，同时也调用nuclei，afrog，vulmap，vscan进行漏洞扫描\n\n```python\npython3 Komo.py --url http://example.com webattack\npython3 Komo.py --urls ./urls.txt webattack\n```\n\n**注意：记得使用该模式之前先启动xray，否则webattack不能完全扫描**\n\n```\nxray.exe webscan --listen 127.0.0.1:7777 --html-output 1.html\n```\n\n#### webattack2\n\n输入：url/url文件\n\n功能：只进行poc扫描（nuclei，afrog，vulmap，vscan）\n\n```python\npython3 Komo.py --url http://example.com webattack2\npython3 Komo.py --urls ./urls.txt webattack2\n```\n\n\n\n#### hostattack\n\n输入：ip/ip文件\n\n功能：对反查的ip列表或ip文件进行常见服务弱口令扫描和漏洞扫描\n\n```python\npython3 Komo.py --ip 1.1.1.1 hostattack\npython3 Komo.py --ips ./ips.txt hostattack\n```\n\n\n\n\n\n\n\n## **完整Usage**\n\n```python\n    Komo help summary page\n\n    Komo is an automated scanning tool set\n\n    mode:\n    install     Download the required tools\n    \t--proxy Set proxy\n    all         all scan and attack:subdomain, survival detection, finger, portscan, email collect, sensitive(crawl urls), pocscan, Weak password scanning, to_xray\n        --domain    one domain\n        --domains   a domain file\n    all2        run scan and attack except domain collection: survival detection, finger, portscan, email collect, sensitive(crawl urls), pocscan, Weak password scanning, to_xray\n        --subdomain    one subdomain\n        --subdomains   a subdomain file\n    collect     run all collection modules :subdomain, survival detection, finger, port, email collect, sensitive(crawl urls), pocscan, to_xray\n        --domain    one domain\n        --domains   a domain file\n    collect1    run collection modules :subdomain, survival detection, finger\n        --domain    one domain\n        --domains   a domain file\n    collect2    run collection modules :subdomain, survival detection, finger, portscan\n        --domain    one domain\n        --domains   a domain file\n    subdomain   only collect subdomain\n        --domain    one domain\n        --domains   a domains file\n    finger      only collect the survival URL and  fingerprint\n        --url       one url\n        --urls      an urls file\n    portscan    only collect port from ip or ips\n        --ip        one ip\n        --ips       an ips file\n    sensitive   only collect directory with crawl,email\n        --url       one url\n        --urls      an urls file\n    webattack   only attack web from url or urls: pocscan, Weak password scanning, crawl urls to xray\n        --url       one url\n        --urls      an urls file\n    webattack2  only poc scan from url or urls: pocscan, Weak password scanning\n        --url       one url\n        --urls      an urls file\n    hostattack  only attack ip from ip or ips\n        --ip        one ip\n        --ips       an ips file\n    attack      run webattack and hostattack: crawl url to xray, pocscan, Weak password scanning\n\n\n    Example:\n        python3 Komo.py install\n        python3 Komo.py --domain example.com all\n        python3 Komo.py --domains ./domains.txt all\n        python3 Komo.py --domain example.com collect\n        python3 Komo.py --domains ./domains.txt collect\n        python3 Komo.py --domain example.com collect1\n        python3 Komo.py --domains ./domains.txt collect1\n        python3 Komo.py --domain example.com collect2\n        python3 Komo.py --domains ./domains.txt collect2\n        python3 Komo.py --domain example.com subdomain\n        python3 Komo.py --domains ./domains.txt subdomain\n\n        python3 Komo.py --subdomain aaa.example.com all2\n        python3 Komo.py --subdomains ./subdomains.txt all2\n\n        python3 Komo.py --url http://example.com finger\n        python3 Komo.py --urls ./urls.txt finger\n        python3 Komo.py --url http://example.com sensitive\n        python3 Komo.py --urls ./urls.txt sensitive\n        python3 Komo.py --url http://example.com webattack\n        python3 Komo.py --urls ./urls.txt webattack\n        python3 Komo.py --url http://example.com webattack2\n        python3 Komo.py --urls ./urls.txt webattack2\n\n        python3 Komo.py --ip example.com portscan\n        python3 Komo.py --ips ./domains.txt portscan\n        python3 Komo.py --ip example.com hostattack\n        python3 Komo.py --ips ./domains.txt hostattack\n```\n\n\n\n## Result\n\nKomo会将输出结果记录到result/{date} 目录下\n\n该目录下会有多个文件夹，分别对应各个模块的输出:\n\n\u003e domain_log\n\u003e\n\u003e fingerlog\n\u003e\n\u003e portscan_log\n\u003e\n\u003e sensitive_log\n\u003e\n\u003e vulscan_log\n\nresult/{date} 根目录下会有输出结果文件：\n\ntarget 为domain或date\n\n\u003e {target}.final.subdomains.txt 最终找到的所有子域名\n\u003e\n\u003e {target}.links.csv 多个工具爬取到的所有link\n\u003e\n\u003e {target}.many.tools.subdomains.txt 除oneforall之外的其他子域名收集工具收集到的域名\n\u003e\n\u003e {target}.subdomains.ips.txt 域名反查的ip\n\u003e\n\u003e {target}.subdomains.with.http.txt 存活的子域名并且带http(s)\n\n\n\n\n\n\n\n\n\n欢迎Star :star: :star:\n\n\n\n## 更新日志\n\n\n\n### 20230106\n\n1、修复linux下子线程执行进入交互shell的bug\n\n2、配置文件修改hakrawler采用下载方式，进一步缩进Komo体积\n\n3、log文件增加扫描参数记录，便于回忆使用的参数。\n\n4、install 模块添加代理参数`--proxy`，解决国内无法访问github下载工具的问题\n\n\n\n### 20221227\n\n1、增加进度机制，可以记录扫描进度，当未运行完终止时，下次再次运行的时候，使用原参数并增加--date参数，\n来指定上次运行的结果文件夹，这样Komo会从上次终止的位置继续运行\n比如第二次再运行使用`python Komo.py --domain xx.com --date 11-11-11-11-11-11 all`\n\n2、linux版本适配完成\n\n3、download模块添加goon，vulmap，afrog初始化\n\n4、添加common模块\n\n5、修改config.yaml,sensitiveinfo模块的工具运行时间，xray监听端口通过config.yaml配置\n\n6、修改vulsan 模块，子线程不能执行的bug\n\n\n\n### 20221011\n\n    download_tools 逻辑修改，bug修改，tools.yaml 添加tool_main_filename 键\n    sensitive模块添加killprocess\n    sensitive模块修改to_xray添加fromurl参数 只发送给xray，爬取的url的相关链接，减少请求量，提高效率\n    rad，gospider添加运行时间timeout，运行时间太长会卡住\n    domain模块修改 merge_result，将非目标子域名提取出来，放到result/{date}/{domain}.other.subdomains.txt中\n\n\n\n### 20220907\n\n```\n今天完善了main，domain finger sensitive vulscan 在main中实现调用\n\ndomain finger sensitive vulscan 四个模块实现了顺序模块扫描，也实现了单独使用的时候指定单url 单urlsfile\nvulscan的main分成了两个webmanager和hostmanager分别对web和ip进行漏洞扫描\n\nhostmanager加上一个goon,去识别指纹和对端口服务进行弱口令扫描\n\n第一版完成\n```\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n​    \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkomomon%2FKomo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkomomon%2FKomo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkomomon%2FKomo/lists"}