https://github.com/yqcs/prismx

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具
https://github.com/yqcs/prismx

appscan awvs exp fscan goby nessus nuclei poc prismx vulnerability webscanner

Last synced: 2 months ago
JSON representation

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

Host: GitHub
URL: https://github.com/yqcs/prismx
Owner: yqcs
License: apache-2.0
Created: 2023-12-25T06:08:41.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2025-02-13T01:32:41.000Z (4 months ago)
Last Synced: 2025-04-09T18:17:25.016Z (2 months ago)
Topics: appscan, awvs, exp, fscan, goby, nessus, nuclei, poc, prismx, vulnerability, webscanner
Language: Go
Homepage: https://prismx.io/
Size: 22.5 MB
Stars: 606
Watchers: 9
Forks: 72
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - yqcs/prismx - :: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具 (Go)

README

Prism X · Open Source

`English` • `中文`

---

**Prism X integrates asset discovery, fingerprint recognition, weak password detection, and vulnerability verification, adopting a modular YAML plugin strategy configuration to achieve a PoC verification mechanism highly similar to real attack chains.**

- Cross-platform and lightweight design: Supports multiple operating systems, making it easy to deploy and use.
- Host and asset fingerprint recognition: Provides host survival scanning and asset fingerprint recognition functions to fully grasp the status of network assets.
- Weak password and vulnerability detection: Capable of identifying weak passwords and scanning for vulnerabilities to detect security risks in a timely manner and ensure system security.
- Built-in JNDI external link service: Supports scanning of vulnerabilities that require external connections, such as JNDI and RMI.
- Port fingerprint recognition framework: [**`yqcs/fingerscan`**](https://github.com/yqcs/fingerscan)

### Usage Command

```
Usage of prismx_cli.exe:

-t string
Target hosts to scan, supporting formats like 192.168.1.1/24, 16, 8, 192.168.3.1-80, prismx.io, separated by commas.
-p string
Ports to scan, supporting formats like 80,22,8000-8080.
-bip string
Filter hosts, supporting IP ranges.
-bp string
Filter ports, supporting port ranges.
-m string
Scan speed, options: s (slow), d (medium), f (fast). Default is "d".
-ping boolean
ICMP packets may not be sent under low privileges. Default is -ping=false.
-pn boolean
Do not perform host survival detection. Default is -pn=false.
-s boolean
Enable online subdomain scanning. Default is -s=false.
-vul boolean
Enable vulnerability detection. Default is -vul=true.
-weak boolean
Enable weak password scanning. Default is -weak=true.
```

### Source Code Structure

core: System Core
- aliveCheck: Host and port survival detection
- hydra: Weak password detection
- jsFind: Detection of sensitive content in JS files
- owaspTop10: Tools for detecting XSS, SQL injection, etc. (Not completed yet, needs further optimization)
- plugins: Plugin registration center and plugin files
- subdomain: Subdomain scanning
- vulnerability: Vulnerability detection module
- models: Dependencies for public modules
scan: Task scheduling center
utils: Utility package
- Task list
- Create new task
main.go: Program entry point