{"id":13539674,"url":"https://github.com/marco-lancini/goscan","last_synced_at":"2025-04-12T23:43:10.907Z","repository":{"id":42349947,"uuid":"133977183","full_name":"marco-lancini/goscan","owner":"marco-lancini","description":"Interactive Network Scanner","archived":false,"fork":false,"pushed_at":"2020-10-21T17:02:39.000Z","size":14808,"stargazers_count":1023,"open_issues_count":8,"forks_count":147,"subscribers_count":33,"default_branch":"master","last_synced_at":"2025-04-12T23:43:05.798Z","etag":null,"topics":["docker","golang","nmap","pentesting"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marco-lancini.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["marco-lancini"],"custom":["https://www.buymeacoffee.com/marcolancini"]}},"created_at":"2018-05-18T16:10:18.000Z","updated_at":"2025-04-07T14:32:04.000Z","dependencies_parsed_at":"2022-09-02T12:01:53.723Z","dependency_job_id":null,"html_url":"https://github.com/marco-lancini/goscan","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marco-lancini%2Fgoscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marco-lancini%2Fgoscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marco-lancini%2Fgoscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marco-lancini%2Fgoscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marco-lancini","download_url":"https://codeload.github.com/marco-lancini/goscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248647256,"owners_count":21139081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","golang","nmap","pentesting"],"created_at":"2024-08-01T09:01:30.275Z","updated_at":"2025-04-12T23:43:10.889Z","avatar_url":"https://github.com/marco-lancini.png","language":"Go","funding_links":["https://github.com/sponsors/marco-lancini","https://www.buymeacoffee.com/marcolancini"],"categories":["Misc","\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","Go","Related Lists","Go (531)","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner"],"readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/marco-lancini/goscan/master/.github/goscan_logo.png\" width=\"40%\"\u003e\u003c/p\u003e\n\n\n**GoScan** is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.\n\nAlthough it started as a small side-project I developed in order to learn [@golang](https://twitter.com/golang), GoScan can now be used to perform host discovery, port scanning, and service enumeration not only in situations where being stealthy is not a priority and time is limited (think at CTFs, OSCP, exams, etc.), but also (with a few tweaks in its configuration) during professional engagements.\n\nGoScan is also particularly suited for unstable environments (think unreliable network connectivity, lack of \"`screen`\", etc.), given that it fires scans and maintain their state in an SQLite database. Scans run in the background (detached from the main thread), so even if connection to the box running GoScan is lost, results can be uploaded asynchronously (more on this below). That is, data can be imported into GoScan at different stages of the process, without the need to restart the entire process from scratch if something goes wrong.\n\nIn addition, the Service Enumeration phase integrates a collection of other tools (e.g., `EyeWitness`, `Hydra`, `nikto`, etc.), each one tailored to target a specific service.\n\n![demo](https://raw.githubusercontent.com/marco-lancini/goscan/master/.github/demo.gif)\n\n\n\n# Installation\n\n#### Binary installation (Recommended)\n\nBinaries are available from the [Release](https://github.com/marco-lancini/goscan/releases) page.\n\n```bash\n# Linux (64bit)\n$ wget https://github.com/marco-lancini/goscan/releases/download/v2.4/goscan_2.4_linux_amd64.zip\n$ unzip goscan_2.4_linux_amd64.zip\n\n# Linux (32bit)\n$ wget https://github.com/marco-lancini/goscan/releases/download/v2.4/goscan_2.4_linux_386.zip\n$ unzip goscan_2.4_linux_386.zip\n\n# After that, place the executable in your PATH\n$ chmod +x goscan\n$ sudo mv ./goscan /usr/local/bin/goscan\n```\n\n#### Build from source\n\n```bash\n# Clone and spin up the project\n$ git clone https://github.com/marco-lancini/goscan.git\n$ cd goscan/\n$ docker-compose up --build\n$ docker-compose run cli /bin/bash\n\n# Initialize DEP\nroot@cli:/go/src/github.com/marco-lancini/goscan $ make init\nroot@cli:/go/src/github.com/marco-lancini/goscan $ make setup\n\n# Build\nroot@cli:/go/src/github.com/marco-lancini/goscan $ make build\n\n# To create a multi-platform binary, use the cross command via make\nroot@cli:/go/src/github.com/marco-lancini/goscan $ make cross\n```\n\n\n\n\n# Usage\n\nGoScan supports all the main steps of network enumeration:\n\n![process](https://raw.githubusercontent.com/marco-lancini/goscan/master/.github/goscan_process.png)\n\n\n| Step | Commands |\n| ---- | ----------- |\n| 1. **Load targets**   | \u003cul\u003e\u003cli\u003eAdd a single target via the CLI (must be a valid CIDR): `load target SINGLE \u003cIP/32\u003e`\u003c/li\u003e\u003cli\u003eUpload multiple targets from a text file or folder: `load target MULTI \u003cpath-to-file\u003e`\u003c/li\u003e\u003c/ul\u003e|\n| 2. **Host Discovery** | \u003cul\u003e\u003cli\u003ePerform a Ping Sweep: `sweep \u003cTYPE\u003e \u003cTARGET\u003e`\u003c/li\u003e\u003cli\u003e  Or load results from a previous discovery:\u003cul\u003e\u003cli\u003eAdd a single alive host via the CLI (must be a /32): `load alive SINGLE \u003cIP\u003e`\u003c/li\u003e\u003cli\u003eUpload multiple alive hosts from a text file or folder: `load alive MULTI \u003cpath-to-file\u003e`\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e |\n| 3. **Port Scanning** | \u003cul\u003e\u003cli\u003ePerform a port scan: `portscan \u003cTYPE\u003e \u003cTARGET\u003e`\u003c/li\u003e\u003cli\u003eOr upload nmap results from XML files or folder: `load portscan \u003cpath-to-file\u003e`\u003c/li\u003e\u003c/ul\u003e |\n| 4. **Service Enumeration** | \u003cul\u003e\u003cli\u003eDry Run (only show commands, without performing them): `enumerate \u003cTYPE\u003e DRY \u003cTARGET\u003e`\u003c/li\u003e\u003cli\u003e Perform enumeration of detected services: `enumerate \u003cTYPE\u003e \u003cPOLITE/AGGRESSIVE\u003e \u003cTARGET\u003e`\u003c/li\u003e\u003c/ul\u003e |\n| 5. **Special Scans** | \u003cul\u003e\u003cli\u003e*EyeWitness*\u003cul\u003e\u003cli\u003eTake screenshots of websites, RDP services, and open VNC servers (KALI ONLY): `special eyewitness`\u003c/li\u003e\u003cli\u003e`EyeWitness.py` needs to be in the system path\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e*Extract (Windows) domain information from enumeration data*\u003cul\u003e\u003cli\u003e`special domain \u003cusers/hosts/servers\u003e`\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e*DNS*\u003cul\u003e\u003cli\u003eEnumerate DNS (nmap, dnsrecon, dnsenum): `special dns DISCOVERY \u003cdomain\u003e`\u003c/li\u003e\u003cli\u003eBruteforce DNS: `special dns BRUTEFORCE \u003cdomain\u003e`\u003c/li\u003e\u003cli\u003eReverse Bruteforce DNS: `special dns BRUTEFORCE_REVERSE \u003cdomain\u003e \u003cbase_IP\u003e`\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e |\n| **Utils** | \u003cul\u003e\u003cli\u003eShow results: `show \u003ctargets/hosts/ports\u003e`\u003c/li\u003e\u003cli\u003eAutomatically configure settings by loading a config file: `set config_file \u003cPATH\u003e`\u003c/li\u003e\u003cli\u003eChange the output folder (by default `~/goscan`): `set output_folder \u003cPATH\u003e`\u003c/li\u003e\u003cli\u003eModify the default nmap switches: `set nmap_switches \u003cSWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD\u003e \u003cSWITCHES\u003e`\u003c/li\u003e\u003cli\u003eModify the default wordlists: `set_wordlists \u003cFINGER_USER/FTP_USER/...\u003e \u003cPATH\u003e`\u003c/li\u003e\u003c/ul\u003e |\n\n\n\n## External Integrations\n\nThe _Service Enumeration_ phase currently supports the following integrations:\n\n| WHAT | INTEGRATION |\n| ---- | ----------- |\n| ARP  | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003c/ul\u003e |\n| DNS  | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003ednsrecon\u003c/li\u003e\u003cli\u003ednsenum\u003c/li\u003e\u003cli\u003ehost\u003c/li\u003e\u003c/ul\u003e |\n| FINGER  | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003efinger-user-enum\u003c/li\u003e\u003c/ul\u003e |\n| FTP  | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003eftp-user-enum\u003c/li\u003e\u003cli\u003ehydra [AGGRESSIVE]\u003c/li\u003e\u003c/ul\u003e |\n| HTTP | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003enikto\u003c/li\u003e\u003cli\u003edirb\u003c/li\u003e\u003cli\u003eEyeWitness\u003c/li\u003e\u003cli\u003esqlmap [AGGRESSIVE]\u003c/li\u003e\u003cli\u003efimap [AGGRESSIVE]\u003c/li\u003e\u003c/ul\u003e |\n| RDP  | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003eEyeWitness\u003c/li\u003e\u003c/ul\u003e |\n| SMB  | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003eenum4linux\u003c/li\u003e\u003cli\u003enbtscan\u003c/li\u003e\u003cli\u003esamrdump\u003c/li\u003e\u003c/ul\u003e |\n| SMTP | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003esmtp-user-enum\u003c/li\u003e\u003c/ul\u003e |\n| SNMP | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003cli\u003esnmpcheck\u003c/li\u003e\u003cli\u003eonesixtyone\u003c/li\u003e\u003cli\u003esnmpwalk\u003c/li\u003e\u003c/ul\u003e |\n| SSH  | \u003cul\u003e\u003cli\u003ehydra [AGGRESSIVE]\u003c/li\u003e\u003c/ul\u003e |\n| SQL  | \u003cul\u003e\u003cli\u003enmap\u003c/li\u003e\u003c/ul\u003e |\n| VNC  | \u003cul\u003e\u003cli\u003eEyeWitness\u003c/li\u003e\u003c/ul\u003e |\n\n\n\n\n# License\n\nGoScan is released under a MIT License. See the `LICENSE` file for full details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarco-lancini%2Fgoscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarco-lancini%2Fgoscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarco-lancini%2Fgoscan/lists"}