{"id":18450687,"url":"https://github.com/l-codes/mx1014","last_synced_at":"2025-04-05T06:06:31.438Z","repository":{"id":48290254,"uuid":"355529120","full_name":"L-codes/MX1014","owner":"L-codes","description":"MX1014 is a flexible, lightweight and fast port scanner.","archived":false,"fork":false,"pushed_at":"2025-03-05T06:12:25.000Z","size":95,"stargazers_count":144,"open_issues_count":0,"forks_count":18,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-29T05:05:59.995Z","etag":null,"topics":["gather","nmap","portscan","scanner","tcpscan","udpscan"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/L-codes.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-07T12:02:13.000Z","updated_at":"2025-03-05T06:11:12.000Z","dependencies_parsed_at":"2023-11-15T06:22:38.433Z","dependency_job_id":"bd03e7a1-6576-44bf-a974-7d7e1ab75d98","html_url":"https://github.com/L-codes/MX1014","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L-codes%2FMX1014","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L-codes%2FMX1014/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L-codes%2FMX1014/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/L-codes%2FMX1014/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/L-codes","download_url":"https://codeload.github.com/L-codes/MX1014/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247294536,"owners_count":20915340,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gather","nmap","portscan","scanner","tcpscan","udpscan"],"created_at":"2024-11-06T07:26:08.223Z","updated_at":"2025-04-05T06:06:31.423Z","avatar_url":"https://github.com/L-codes.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MX1014\n\n**MX1014** 是一个遵循 **“短平快”** 原则的灵活、轻便和快速端口扫描器 (满足红队需求的出网测试、网段探测和快速高危端口扫描等需求)\n\n\u003e 此工具仅限于安全研究和教学，用户承担因使用此工具而导致的所有法律和相关责任！ 作者不承担任何法律和相关责任！\n\n\n## Version\n\n2.4.2 - [版本修改日志](CHANGELOG.md)\n\n\n## Features\n\n* 兼容 nmap 的端口和目标语法，并支持导入多个 TARGET, 灵活扫描\n* 扫描过程中有自动判定主机存活是否继续扫描其主机的机制，从而加快端口探测速度\n* 可对端口全开放的(如synproxy)目标，进行自动排除，避免出现无意义的扫描结果\n* 使用端口分组的概念，方便指定特定端口组，进行针对性扫描 (端口别名，参考下面的 \"Port Group\")\n* 支持 TCP/UDP 的 Echo 回显数据发送 (UDP 不会返回端口状态)，便于出网探测\n* 支持 TCP closed 状态显示，便于主机存活与出网探测\n* 支持端口模糊测试\n* 支持各组目标扫描不同的端口\n* Unix 环境运行时可自动尝试调节`ulimit -n`限制\n* windows 最低环境支持 xp/2003 等 (即兼容 Golang 1.10.8)\n* 支持 Linux 2.6.18 等 (即兼容 Golang 1.10.8)\n* 使用 epollwait 修改编译, release 兼容 CentOS5\n\n\n## Basic Usage\n1. 直接运行，查看帮助信息 (所有参数与语法说明)\n```ruby\n$ ./mx1014\n\n                          ...                                     .\n                        .111111111111111.........................1111\n      ......111..    .10011111011111110000000000000000111111111100000\n  10010000000011.1110000001.111.111......1111111111111111..........\n  10twelve0111...   .10001. ..\n  100011...          1001               MX1014 by L\n  .001              1001               Version 2.4.2\n  .1.              ...1.\n\n\nUsage: ./mx1014 [Options] [Target1] [Target2]...\n\nTarget Example:\n    192.168.1.0/24\n    192.168.1.*\n    192.168.1-12.1\n    192.168.*.1:22,80-90,8080\n    github.com:22,443,rce\n\nOptions:\n  [Target]\n    -i  File   Target input from list\n    -I         Ignore the wrong address and continue scanning\n    -g  Net    Intranet gateway address range (10/172/192/all)\n    -sh        Show scan target\n    -cnet      C net mode\n\n  [Port]\n    -p  Ports  Default port ranges (Default is \"in\" port group)\n    -sp        Only show default ports (see -p)\n    -ep Ports  Exclude port (see -p)\n    -hp Ports  Priority scan port (Default 80,443,8080,22,445,3389)\n    -fuzz      Fuzz Port\n\n  [Connect]\n    -t  Int    The Number of Goroutine (Default is 512)\n    -T  Int    TCP Connect Timeout (Default is 1980ms)\n    -u         UDP spray\n    -e         Echo mode (TCP needs to be manually)\n    -A         Disable auto discard\n    -a  Int    Too many filtered, Discard the host (Default is 512)\n\n  [Output]\n    -o  File   Output file path\n    -c         Allow display of closed ports (Only TCP)\n    -d  Str    Specify Echo mode data (Default is \"%port%\\n\")\n    -D  Int    Progress Bar Refresh Delay (Default is 5s)\n    -l         Output alive host\n    -P         Do not output protocol name\n    -v         Verbose mode\n```\n\n2. 简单扫描三百多个内网常见端口\n```ruby\n$ ./mx1014 192.168.1.134\n# 2021/10/16 15:30:13 Start scanning 1 hosts... (reqs: 311)\n\n192.168.1.134:22       (in,mac,brute,info,ssh,win,linux)\n192.168.1.134:8080     (in,web1,jdwp,rce,jboss,web2)\n192.168.1.134:8009     (in,ajp,rce,web2)\n\n# 2021/10/16 15:30:14 Finished 311 tasks. alive: 100% (1/1), open: 3, pps: 305, time: 1s\n```\n\n3. 扫描各组不同 IP 的不同端口\n```ruby\n$ ./mx1014 192.168.1.133/24:ssh 192.168.1.133:80-90,443,mysql\n# 2021/10/16 15:47:00 Start scanning 257 hosts... (reqs: 527)\n\n192.168.1.134:22       (win,linux,mac,brute,ssh,info,in)\n192.168.1.133:22       (win,linux,mac,brute,ssh,info,in)\n192.168.1.133:3307     (database1,mysql,brute,database2,in)\n192.168.1.133:82       (web2,in)\n192.168.1.133:3306     (database1,mysql,brute,database2,in)\n192.168.1.133:80       (iis,web2,web1,jboss,in)\n192.168.1.133:81       (web2,in)\n192.168.1.133:83       (web2,in)\n192.168.1.133:84       (web2,in)\n192.168.1.133:87       (web2,in)\n192.168.1.133:88       (win,web2,brute,kerberos,in)\n192.168.1.133:443      (iis,web2,web1,in)\n\n# 2021/10/16 15:47:02 Finished 527 tasks. alive: 1% (3/257), open: 12, pps: 345, time: 1s\n```\n3. 输出信息与第三方程序联动，仅需 IP:PORT 的输出格式\n```ruby\n$ ./mx1014 -P -o out.txt 192.168.1.133:22 # -P 参数不输出端口协议预判信息\n$ grep -v '#' out.txt # 所有的提示信息等均以 '#' 开头，方便过滤\n\n192.168.1.133:22\n```\n\n\n## Advanced Usage\n1. 根据网络环境，调整扫描并发数(-t)、超时(-T)和进度打印间隔(-D), 提速或提高准确度\n```ruby\n$ ./mx1014 -t 1000 -T 500 -D 10 -p 1-65535 192.168.1.134\n# 2021/10/16 15:49:16 Start scanning 1 hosts... (reqs: 65535)\n\n192.168.1.134:8009     (rce,in,web2,ajp)\n192.168.1.134:22       (mac,ssh,brute,in,linux,win,info)\n192.168.1.134:8080     (jboss,jdwp,rce,in,web2,web1)\n# Progress (19022/65535) open: 3, pps: 1895, rate: 29% (RD 24s)\n# Progress (38701/65535) open: 3, pps: 1931, rate: 59% (RD 13s)\n# Progress (58673/65535) open: 3, pps: 1953, rate: 90% (RD 3s)\n\n# 2021/10/16 15:49:50 Finished 65535 tasks. alive: 100% (1/1), open: 3, pps: 1951, time: 33s\n```\n\n2. TCP Echo 模式，如果端口开放，往端口写入当前的端口号\n```ruby\n$ ./mx1014 -e 192.168.1.134:80,8000-8080 # 可用 -d 参数指定 echo 的内容\n# 2021/10/16 15:52:58 Start scanning 1 hosts... (TCP Echo) (reqs: 82)\n\n192.168.1.134:8080     (web2,jboss,jdwp,rce,in,web1)\n192.168.1.134:8009     (web2,rce,in,ajp)\n\n# 2021/10/16 15:52:59 Finished 82 tasks. alive: 100% (1/1), open: 2, pps: 81, time: 1s\n```\n\n3. 从文件中读取目标并进行 UDP 扫描 (默认会 echo 端口号; 可用于出网端口测试)\n\u003e VPS 可利用下面的转发方便接受 echo 内容\n\u003e `iptables -t nat -A PREROUTING -p udp -m multiport --dports 80,8000:8080 -j REDIRECT --to-port 666`\n```ruby\n$ cat \u003e ip.txt \u003c\u003cEOF\nheredoc\u003e 192.168.1.134:80\nheredoc\u003e 192.168.1.130:22\nEOF\n$ ./mx1014 -u -I -i ip.txt  # -I 忽略错误地址继续扫描\n# 2021/10/16 15:57:47 Start scanning 2 hosts... (UDP Spray) (reqs: 2)\n\n\n# 2021/10/16 15:57:47 Finished 2 tasks. alive: 0% (0/2), open: 0, pps: 1306, time: 0s\n```\n\n4. 可显示 closed 状态的端口信息，作用自行脑补\n```ruby\n$ ./mx1014 -c 192.168.1.134:1-65535\n```\n\n5. 禁用自动丢弃主机机制，强制扫描\n```ruby\n$ ./mx1014 -A 192.168.1.134:1-65535\n```\n\n6. 快速探测内网资产\n```ruby\n# 通过 80 端口找到内网存活的网段\n$ ./mx1014 -l -p 80 -g all -o up.txt\n# 根据存活的网段进行 C 段探测\n$ ./mx1014 -cnet -i up.txt\n```\n\n7. 生成模糊的相近端口进行扫描\n```ruby\n# 可根据端口生成相近可能的端口\n$ ./mx1014 -sp -p 80 -fuzz\n# Count: 4\n81,80,8080,79\n```\n\n8. 自动排除端口全开放的主机，如 syn-proxy\n```ruby\n$ ./mx1014 -r -i targets.txt\n```\n\n\n## Port Group\n```ruby\n# NOTE Reference:\n#  all:   https://book.hacktricks.xyz/pentesting/\n#  all:   https://github.com/0xtz/Enum_For_All\n#  jboss: https://www.caldow.cn/archives/4070\n{\n  # pentest\n  in: \"rce,info,brute,web2,iiot\",\n  rce: \"rlogin,jndi,nfs,oracle_ftp,docker,squid,cisco,glassfish,altassian,hp,vnc,nodejs_debug,redis,jdwp,ajp,zabbix,nexus,activemq,zoho,hashicorp,solr,php_xdebug,kafka,elasticsearch,vmware,rocketmq,lpd,distcc,epmd,ipmi,smb,log4j,dubbo,jboss,nacos,finereport,legendsec\",\n  info: \"ftp,ssh,telnet,mail,snmp,rsync,lotus,zookeeper,kibana,pcanywhere,hadoop,checkpoint,iscsi,saprouter,svn,rpc,rusersd,rtsp,amqp,msrpc,netbios,grafana,phone,database1,database2,upnp\",\n  brute: \"ftp,ssh,smb,winrm,rsync,vnc,redis,rdp,database1,telnet,mail,rtsp,kerberos,ldap,socks\",\n\n  # web\n  web1: \"80,443,8080\",\n  web2: \"81-90,444,800,801,1024,1443,2000,2001,3001,4430,4433,4443,5000,5001,5555,5800,6000-6003,6080,6443,6588,6666,6888,7004-7009,7080,7443,7777,8000-8030,8040,8050,8060,8066,8070,8080-8111,8181,8182,8200,8282,8363,8761,8787,8800,8848,8866,8873,8881-8890,8899,8900,8989,8999,9000-9010,9099,9999,10000,10001,10080,10800,18080,18090,activemq,arl,baota,cassini,dlink,ejinshan,fastcgi,flink,fortigate,hivision,ifw8,iis,java_ws,jboss,kc_aom,kibana,natshell,nexus,oracle_web,portainer,rabbitmq,rizhiyi,sapido,seeyon,solr,squid,weblogic,websphere_web,yapi,elasticsearch,zabbix,grafana,wildfly,nacos,finereport\",\n  iis: \"80,443,47001\",\n  jboss: \"jboss_remoting,jboss_rmi,80,1111,8080,8443,45566\",\n  jboss_rmi: \"1098,4444,4445,8083\",\n  jboss_remoting: \"4446,4447,4457\",\n  zookeeper: \"2171,2181,2888,3888\",\n  dubbo: \"20880,20881\",\n  solr: \"8983\",\n  finereport: \"8075\",\n  websphere_web: \"8880,9043,9080,9081,9082,9083,9090.9091,9443\",\n  websphere: \"websphere_web,2809,5558,5578,7276,7286,9060,9100,9353,9401,9402\",\n  activemq: \"8161,61616\",\n  weblogic: \"7000,7001,7002,7003,7010,7070,7071\",\n  squid: \"3128\",\n  rabbitmq: \"15672\",\n  flink: \"8081\",\n  oracle_web: \"3339\",\n  wildfly: \"9990\",\n  baota: \"888,8888\",\n  fastcgi: \"9000\",\n  kc_aom: \"12580,12590\",\n  kibana: \"5601\",\n  portainer: \"9000\",\n  natshell: \"7788\",\n  elasticsearch: \"9200,9300\",\n  rizhiyi: \"8180\",\n  arl: \"5003\",\n  cassini: \"6868\",\n  dlink: \"55555\",\n  fortigate: \"10443\",\n  nexus: \"8081\",\n  sapido: \"1080\",\n  yapi: \"3000\",\n  grafana: \"3000\",\n  hivision: \"7088\",\n  ejinshan: \"6868\",\n  seeyon: \"8001\",\n  java_ws: \"8887\",\n  ifw8: \"880\",\n  zabbix: \"8069,10050\",\n  nacos: \"7848,8848,9848,9849\",\n\n  # mail\n  mail: \"smtp,pop2,pop3,imap\",\n  pop2: \"109\",\n  pop3: \"110,995\",\n  imap: \"143,993\",\n  smtp: \"25,465,587,2525\",\n\n  # database\n  database1: \"mssql,oracle,mysql,postgresql,redis,memcache,mongodb,neo4j\",\n  database2: \"mssql,oracle,mysql,sybase,db2,postgresql,couchdb,redis,memcache,hbase,mongodb,hsqldb,cassandra,kingbase8,dameng,neo4j\",\n  mysql: \"3306,3307,3308\",\n  mssql: \"1433,1434\",\n  oracle: \"210,1158,1521\",\n  hsqldb: \"9001\",\n  redis: \"6379,63790\",\n  postgresql: \"5432\",\n  mongodb: \"27017,28017\",\n  db2: \"5000\",\n  sybase: \"4100,5000\",\n  couchdb: \"5984\",\n  memcache: \"11211\",\n  hbase: \"16000,16010,16020,16030\",\n  cassandra: \"9042,9160\",\n  kingbase8: \"54321\",\n  dameng: \"5236\",\n  neo4j: \"7687\",\n\n  # os\n  win: \"ssh,ftp,telnet,kerberos,msrpc,vnc,netbios,ldap,smb,socks,rdp,winrm,ntp\",\n  linux: \"ssh,ftp,telnet,rlogin,vnc,x11,nfs,whois,socks,ntp,isakmp,rsync,rpc,ipmi,rusersd\",\n  mac: \"ssh,afp,vnc,nfs\",\n\n  # iiot\n  iiot: \"dnp,modbus,s7,ethernet,pcworx,atg,melsecq,omron,crimson,codesys,iec104,procon\",\n  dnp: \"20000\",\n  modbus: \"502\",\n  s7: \"102\",\n  ethernet: \"44818\",\n  pcworx: \"1962\",\n  atg: \"10001\",\n  melsecq: \"5007\",\n  omron: \"9600\",\n  crimson: \"789\",\n  codesys: \"1200\",\n  iec104: \"2404\",\n  procon: \"20547\",\n\n  # other\n  kerberos: \"88\",\n  netbios: \"137,138,139\",\n  smb: \"139,445\",\n  rdp: \"3389\",\n  winrm: \"5985,5986\",\n  afp: \"548\",\n  ftp: \"21,115,2121\",\n  whois: \"43\",\n  dns: \"53\",\n  socks: \"1080\",\n  oracle_ftp: \"2100\",\n  ssh: \"22,2222\",\n  ntp: \"123\",\n  isakmp: \"500\",\n  printer: \"9100\",\n  mqtt: \"1883\",\n  ajp: \"8009\",\n  vnc: \"5800,5900,5901\",\n  rsync: \"873\",\n  nfs: \"2049\",\n  sangfor: \"51111\",\n  nodejs_debug: \"5858,9229\",\n  telnet: \"23\",\n  rpc: \"111\",\n  msrpc: \"135,593\",\n  irc: \"194,6660\",\n  ldap: \"389,636,3268,3269\",\n  rtsp: \"554,8554\",\n  ipmi: \"623\",\n  rusersd: \"1026\",\n  amqp: \"5672\",\n  kafka: \"9092\",\n  upnp: \"49152\",\n  hp: \"5555,5556\",\n  altassian: \"4990\",\n  lotus: \"1352\",\n  cisco: \"4786\",\n  lpd: \"515\",\n  php_xdebug: \"9000\",\n  hashicorp: \"8500\",\n  checkpoint: \"264\",\n  pcanywhere: \"5632\",\n  docker: \"docker_api,kubectl_proxy,kubectl_manager,kube_apiserver,kube_proxy,kubelet_api,kube_weave,kubeflow_dashboard,etcd\",\n  docker_api: \"2375,2376,2377\",\n  kubectl_manager: \"10252\",\n  kubectl_proxy: \"8080,8081\",\n  kube_apiserver: \"6443,8080\",\n  kube_proxy: \"10256,31442\",\n  kubelet_api: \"4149,10248,10250,10255\",\n  kube_weave: \"6781,6782,6783\",\n  kubeflow_dashboard: \"8080\",\n  etcd: \"2379,2380\",\n  iscsi: \"3260\",\n  saprouter: \"3299\",\n  distcc: \"3632\",\n  zoho: \"8383\",\n  phone: \"46888\",\n  svn: \"3690\",\n  snmp: \"161\",\n  epmd: \"4369\",\n  hadoop: \"8020,8040,8041,8042,8088,8480,8485,9000,9083,10000,10003,14000,19888,41414,50010,50020,50030,50060,50070,50075,50090,50470,50475,60010,60030\",\n  rmi: \"jboss_rmi,1028,1098,1090,4444,4445,11099,47001,10999,1099\",\n  jndi: \"rmi,1000,1001,1100,1101,5001,8083,9999,10001,10999,11099,19001\",\n  jmx: \"8093,8686,9010,9011,9012,50500,61616\",\n  jdwp: \"3999,5000,5005,8000,8080,8453,8787-8788,9001,12001-12002,18000,45000,45001\",\n  rlogin: \"512,513,514\",\n  glassfish: \"4848\",\n  rocketmq: \"9876,10909,10911,10912\",\n  vmware: \"9875,5480\",\n  x11: \"6000\",\n  legendsec: \"48620\",\n  log4j: \"4712\", # log4j SocketAppender\n}\n```\n\n## TODO\n\n * 代码逻辑优化\n\n * 实现 SYN ACK NULL 等 raw socket 扫描 (寻找好的实现方案中)\n\n * 继续优化端口组列表，望大家共同维护\n\n * 对本地接口网络自动进行 ARP 的探测存活\n\n * -g 模式下,末尾ip允许多个，或者支持 1.1.1,2.3\n\n## License\n\nGPL 3.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fl-codes%2Fmx1014","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fl-codes%2Fmx1014","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fl-codes%2Fmx1014/lists"}