Zscan a scan blasting tool set

Related tags

Network zscan
Overview

Zscan a scan blasting tool set

简介

Zscan是一个开源的内网端口扫描器、爆破工具和其他实用工具的集合体。以主机发现和端口扫描为基础,可以对mysql、mssql、redis、mongo、postgres、ftp、ssh等服务进行爆破,还有其他netbios、smb、oxid、socks server(扫描内网中的代理服务器)、snmp、ms17010等扫描功能。每个模块还有其独特的功能例如ssh还支持用户名密码和公钥登录,所有服务爆破成功之后还可以执行命令。除了基本的扫描和服务爆破功能之外,zscan还集成了nc模块(连接和监听)、httpserver模块(支持下载文件、上传文件和身份验证)、socks5模块(启动一个代理服务器)。还存在all模块,在扫描的过程中会调用其他所有的扫描和爆破模块。内置代理功能。

使用格式为zscan 模块 参数

 ______     ______     ______     ______     __   __    
/\___  \   /\  ___\   /\  ___\   /\  __ \   /\ "-.\ \   
\/_/  /__  \ \___  \  \ \ \____  \ \  __ \  \ \ \-.  \  
  /\_____\  \/\_____\  \ \_____\  \ \_\ \_\  \ \_\\"\_\ 
  \/_____/   \/_____/   \/_____/   \/_/\/_/   \/_/ \/_/

Usage:
  zscan [command]

Available Commands:
  all         Use all scan mode
  completion  generate the autocompletion script for the specified shell
  ftp         burp ftp username and password 
  help        Help about any command
  httpserver  Start an authentication HTTP server
  mongo       burp mongodb username and password
  ms17010     MS17_010 scan
  mssql       burp mssql username and password
  mysql       burp mysql username and password
  nc          A easy nc
  ping        ping scan to find computer
  postgres    burp postgres username and password
  proxyfind   Scan proxy
  ps          Port Scan
  redis       burp redis password
  snmp        snmp scan
  socks5      Create a socks5 server
  ssh         ssh client support username password burp
  version     Show version of zscan
  winscan     netbios、smb、oxid scan

Flags:
  -h, --help            help for zscan
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
      --proxy string    Connect with a proxy(user:[email protected]:1080 or 172.16.95.1:1080)
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

功能模块

目前已有模块:

  • ping模块:普通用户权限调用系统ping,root权限可以选择使用icmp数据包
  • ps模块:端口扫描和获取httptitle
  • all模块:调用所有扫描和爆破模块进行扫描
  • snmp模块:snmp扫描
  • proxyfind模块:扫描网络中的代理,目前支持socks4/5,后期添加http
  • winscan模块:包含oxid,smb,netbios扫描功能
  • ms17010模块:ms17010漏洞批量扫描
  • ftp模块:ftp用户名密码爆破和执行简单命令
  • mongo模块:mongodb的用户名密码爆破和执行简单命令
  • mssql模块:mssql数据用户名密码爆破和执行简单命令
  • mysql模块:mysql数据用户名密码爆破和执行简单命令
  • postgres模块:postgres数据库用户名密码爆破和执行简单命令
  • redis模块:未授权检查和密码爆破和简单命令执行
  • ssh模块:用户名密码爆破,ssh用户名密码登录,公钥登录
  • httpserver模块:在指定的目录下开启一个http服务器,支持身份验证
  • nc模块:一个简单的nc,可以开端口连接端口
  • socks5模块:开启一个socks5的服务器

Ping Host Discovery

zscan ping 
Usage:
  zscan ping [flags]

Flags:
  -h, --help              help for ping
  -H, --host hosts        Set hosts(The format is similar to Nmap)
      --hostfile string   Set host file
  -i, --icmp              Icmp packets are sent to check whether the host is alive(need root)

Global Flags:
 -h, --help            help for zscan
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
      --proxy string    Connect with a proxy(user:[email protected]:1080 or 172.16.95.1:1080)
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information


三个参数,必须指定host和hostfile两个参数其中的一个,当有root权限的时候可以使用-i不调用本地的ping而是自己发icmp数据包(线程开的特别高的话几千那种,调用本地ping命令回到这cpu占用过高)

Flag代表当前命令的参数,Global Flags代表全局参数(所有命令都可以用)

  • --log:启用这个参数会将当前运行结果以追加的形式写到log.txt(可以记下每次运行的结果)
  • -O --output:将结果输出为文件,默认在当前目录的result.txt中(只保存当前运行这一次的结果),文件路径可以使用--path指定
  • --path:指定结果的保存文件路径
  • --proxy :设置代理,用户名密码(user:[email protected]:port)不需要省份验证(ip:port)
  • -T --thread:指定线程数,默认100
  • -t --timeout:设置延时,网络条件好追求速度的话可以设置成1s
  • -v --verbose:设置显示扫描过程信息

Port scanning

zscan ps
Usage:
  zscan ps [flags]

Flags:
  -b, --banner            Return banner information
  -h, --help              help for ps
  -H, --host hosts        Set hosts(The format is similar to Nmap) eg:192.168.1.1/24,172.16.95.1-100,127.0.0.1
      --hostfile string   Set host file
  -i, --icmp              Icmp packets are sent to check whether the host is alive(need root)
      --ping              Ping host discovery before port scanning
  -p, --port port         Set port eg:1-1000,3306,3389 (default "7,11,13,15,17,19,21,22,23,26,37,38,43,49,51,53,67,70,79,80,81,82,83,84,85,86,88,89,102,104,111,113,119,121,135,138,139,143,175,179,199,211,264,311,389,443,444,445,465,500,502,503,505,512,515,548,554,564,587,631,636,646,666,771,777,789,800,801,873,880,902,992,993,995,1000,1022,1023,1024,1025,1026,1027,1080,1089,1099,1177,1194,1200,1201,1234,1241,1248,1260,1290,1311,1344,1400,1433,1471,1494,1505,1515,1521,1588,1720,1723,1741,1777,1863,1883,1911,1935,1962,1967,1991,2000,2001,2002,2020,2022,2030,2049,2080,2082,2083,2086,2087,2096,2121,2181,2222,2223,2252,2323,2332,2375,2376,2379,2401,2404,2424,2455,2480,2501,2601,2628,3000,3128,3260,3288,3299,3306,3307,3310,3333,3388,3389,3390,3460,3541,3542,3689,3690,3749,3780,4000,4022,4040,4063,4064,4369,4443,4444,4505,4506,4567,4664,4712,4730,4782,4786,4840,4848,4880,4911,4949,5000,5001,5002,5006,5007,5009,5050,5084,5222,5269,5357,5400,5432,5555,5560,5577,5601,5631,5672,5678,5800,5801,5900,5901,5902,5903,5938,5984,5985,5986,6000,6001,6068,6379,6488,6560,6565,6581,6588,6590,6664,6665,6666,6667,6668,6669,6998,7000,7001,7005,7014,7071,7077,7080,7288,7401,7443,7474,7493,7537,7547,7548,7634,7657,7777,7779,7890,7911,8000,8001,8008,8009,8010,8020,8025,8030,8040,8060,8069,8080,8081,8082,8086,8087,8088,8089,8090,8098,8099,8112,8123,8125,8126,8139,8161,8200,8291,8333,8334,8377,8378,8443,8500,8545,8554,8649,8686,8800,8834,8880,8883,8888,8889,8983,9000,9001,9002,9003,9009,9010,9042,9051,9080,9090,9100,9151,9191,9200,9295,9333,9418,9443,9527,9530,9595,9653,9700,9711,9869,9944,9981,9999,10000,10001,10162,10243,10333,10808,11001,11211,11300,11310,12300,12345,13579,14000,14147,14265,15672,16010,16030,16992,16993,17000,18001,18081,18245,18246,19999,20000,20547,22105,22222,23023,23424,25000,25105,25565,27015,27017,28017,32400,33338,33890,37215,37777,41795,42873,45554,49151,49152,49153,49154,49155,50000,50050,50070,50100,51106,52869,55442,55553,60001,60010,60030,61613,61616,62078,64738")

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

--host和--hostfile指定目标

-p指定端口,不指定的话使用默认端口

--ping在端口扫描之前先进行ping主机发现

--icmp在使用ping的时候使用icmp包进行主机发现

nc

zscan nc
Usage:
  zscan nc [flags]

Flags:
  -a, --addr string   listen/connect host address eg(listen):-a 0.0.0.0:4444  eg(connect):-a 172.16.95.1:4444
  -h, --help          help for nc
  -l, --listen        listen mode(default connect)

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

-a指定地址,不使用-l的话代表连接目标,使用-l为监听端口

Socks5

zscan socks5
Usage:
  zscan socks5 [flags]

Flags:
  -a, --addr string       Specify the IP address and port of the Socks5 service (default "0.0.0.0:1080")
  -h, --help              help for socks5
  -P, --password string   Set the socks5 service authentication password
  -U, --username string   Set the socks5 service authentication user name

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

可以使用-a指定socks5服务监听的ip和端口

-p和-u指定代理的用户名和密码

proxyfind

zscan proxyfind
Usage:
  zscan proxyfind [flags]

Flags:
  -h, --help              help for proxyfind
  -H, --host hosts        Set hosts(The format is similar to Nmap) eg:192.168.1.1/24,172.16.95.1-100,127.0.0.1
      --hostfile string   Set host file
  -p, --ports port        Set port eg:1-1000,3306,3389 (default "1080,1089,8080,7890,10808")
      --type string       Set the scan proxy type(socks4/socks5/http) (default "socks5")

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

-H 指定目标,-p指定端口,--type指定扫描的代理协议类型(目前支持socks4/5,其他协议还在努力中)

ssh

zscan ssh
Usage:
  zscan ssh [flags]

Flags:
  -b, --burp              Use burp mode default login mode
  -h, --help              help for ssh
  -H, --host string       Set ssh server host
      --hostfile string   Set host file
  -d, --keypath string    Set public key path
  -k, --login_key         Use public key login
      --passdict string   Set ssh passworddict path
  -P, --password string   Set ssh password
  -p, --port int          Set ssh server port (default 22)
      --userdict string   Set ssh userdict path
  -U, --username string   Set ssh username

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information
登陆模块(默认)

账号密码登陆:./zscan ssh -H 172.16.95.24 -U root -P 123456

公钥登陆:./zscan ssh -H 172.16.95.24 -U root -k

公钥登陆默认会去当前用户目录下面的./ssh取私钥,可以使用-d/--keypath指定私钥路径

爆破模块(-b/--burp参数)

用户名:可以使用-U/--username指定用户名、--userdict指定用户名字典、不指定使用内部用户名(admin,root)

密码:可以使用-P/--password指定密码、--passdict指定密码文件、不指定使用内部密码字典

eg:./zscan_linux ssh -H 172.16.95.1-30 -U root -b --passdict 1.txt

ftp/mysql/mssql/mongo/postgrres/redis模块

以mysql为例,数据库的操作基本山都一样

Usage:
  zscan mysql [flags]

Flags:
      --burpthread int    Set burp password thread(recommend not to change) (default 100)
  -c, --command string    Set the command you want to sql_execute
  -h, --help              help for mysql
  -H, --host string       Set mysql server host
      --hostfile string   Set host file
      --passdict string   Set mysql passworddict path
  -P, --password string   Set mysql password
  -p, --port int          Set mysql server port (default 3306)
      --userdict string   Set mysql userdict path
  -U, --username string   Set mysql username

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

这里面存在一个新的线程参数是burptheard,这个线程和-T的线程不同,-T的线程代表我们并发扫描的目标数量(这个目标是ip和端口的组合,每次并发相当于对目标发送了一个数据包),burptheard代表当我们在上面的并发扫描的单个线程中发现了我们的目标端口例如mysql,他会在当前的扫描线程中开启一个多线程爆破(这里的目标换成了特定ip特定的一个端口,这里就需要进行限速,速度太快可能导致目标服务不可用)

httpserver

Usage:
  zscan httpserver [flags]

Flags:
  -a, --addr string   set http server addr (default "0.0.0.0:7001")
  -d, --dir string    set HTTP server root directory (default ".")
  -h, --help          help for httpserver
  -P, --pass string   Set the authentication password
  -U, --user string   Set the authentication user

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

目前开一个简单的http服务器,只能浏览和下载文件和身份验证,还不能上传文件

-a指定监听的ip和地址

-d指定httpserver开启的

-P和-U设置身份验证的用户名密码

ms17010

Usage:
  zscan ms17010 [flags]

Flags:
  -h, --help              help for ms17010
  -H, --host string       Set target
      --hostfile string   Set host file

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

只需要指定目标即可

snmp

Usage:
  zscan snmp [flags]

Flags:
      --burpthread int        Set burp password thread(recommend not to change) (default 100)
      --get string            set an oid
  -h, --help                  help for snmp
  -H, --host string           Set target
      --hostfile string       Set host file
  -l, --listoid               List commonly used OIDs
      --password string       set a password (default "public")
      --passwordfile string   passwords dict file, eg: ./dict/password.txt
  -p, --port port             Set port (default 161)
      --version string        specifies SNMP version to use. 1|2c|3  (default "2c")
      --walk string           set an oid

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

--listoid列出常见的查询信息

0: 系统基本信息         SysDesc                 GET     1.3.6.1.2.1.1.1.0
1: 监控时间             sysUptime               GET     1.3.6.1.2.1.1.3.0
2: 系统联系人           sysContact              GET     1.3.6.1.2.1.1.4.0
3: 获取机器名           SysName                 GET     1.3.6.1.2.1.1.5.0
4: 机器所在位置         SysLocation             GET     1.3.6.1.2.1.1.6.0
5: 机器提供的服务       SysService              GET     1.3.6.1.2.1.1.7.0
6: 系统运行的进程列表   hrSWRunName             WALK    1.3.6.1.2.1.25.4.2.1.2
7: 系统安装的软件列表   hrSWInstalledName       WALK    1.3.6.1.2.1.25.6.3.1.2
8: 网络接口列表         ipAdEntAddr             WALK    1.3.6.1.2.1.4.20.1.1

可以通过使用--walk和--get进行查询

密码不指定的话默认使用public

winscan

Usage:
  zscan winscan [flags]

Flags:
  -h, --help              help for winscan
  -H, --host string       Set target
      --hostfile string   Set host file
      --netbios           netbios scan
      --oxid              oxid scan
      --smb               smb scan

Global Flags:
      --log             Record the scan results in chronological order,Save path./log.txt
  -O, --output          Whether to enter the results into a file(default ./result.txt),can use --path set
      --path string     the path of result file (default "result.txt")
  -T, --thread thread   Set thread eg:2000 (default 100)
  -t, --timeout time    Set timeout(s) eg:5s (default 3s)
  -v, --verbose         Show verbose information

如果直接给目标的话会同时扫描netbios,oxid,smb。可以使用--来指定只使用某一个

源码编译

go get github.com/zyylhn/zscan
go bulid

使用截图

ssh模块

ssh

ps模块

ps

winscan模块

winscan

redis模块

redisburp

redisexec

all模块

all

免责声明

本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。

在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。

在安装并使用本工具前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。

参考链接

https://github.com/shadow1ng/fscan

https://github.com/k8gege/LadonGo

You might also like...
A C/S Tool to Download Torrent Remotely and Retrieve Files Back Over HTTP at Full Speed without ISP Torrent Limitation.

remote-torrent Download Torrent Remotely and Retrieve Files Over HTTP at Full Speed without ISP Torrent Limitation. This repository is an extension to

Jazigo is a tool written in Go for retrieving configuration for multiple devices, similar to rancid, fetchconfig, oxidized, Sweet.

Table of Contents About Jazigo Supported Platforms Features Requirements Quick Start - Short version Quick Start - Detailed version Global Settings Im

Command-line tool and library for Windows remote command execution in Go

WinRM for Go Note: if you're looking for the winrm command-line tool, this has been splitted from this project and is available at winrm-cli This is a

Small TCP benchmarking tool in Go-lang

Simple TCP benchmark tool in Go =============================== This package provides simple command line tool to benchmark number of concurrent TCP

A TCP throughput measuring tool written in Go language
A TCP throughput measuring tool written in Go language

tcpmeter - a tool for measuring TCP upload and download speeds and RTT latency. Build go build Run start the server on the remote machine: tcpmeter -s

A tool for IDN homograph attacks and detection.

Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are av

📦 Command line peer-to-peer data transfer tool based on libp2p.

pcp - Peer Copy Command line peer-to-peer data transfer tool based on libp2p. Table of Contents Motivation Project Status How does it work? Usage Inst

GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
Network Diagnostic Tool

myLG, Command line Network Diagnostic Tool myLG is an open source software utility which combines the functions of the different network probes in one

Comments
  • 关于zscan代理功能使用出现的严重问题

    关于zscan代理功能使用出现的严重问题

    我发现了zscan一个致命的问题,我想知道这个问题是否有解决方法,当使用proxy代理后,在进行端口扫描,会发现,所设置的所有端口均会为返回成功,我设置了1-100端口,并尝试ps模块的端口扫描 image 我研究了zscan的源码,发现是socks5代理连接的问题。这使得你的zscan扫描在走代理后将完全不准确

    其次程序运行中会出现net.Func的error问题 image 这是一个非常严重的错误,他将会完全印象程序的使用,望修改

    opened by sairson 8
  • 同学,您这个项目引入了244个开源组件,存在2个漏洞,辛苦升级一下

    同学,您这个项目引入了244个开源组件,存在2个漏洞,辛苦升级一下

    检测到 zyylhn/zscan 一共引入了244个开源组件,存在2个漏洞

    漏洞标题:jwt-go 安全漏洞
    缺陷组件:github.com/dgrijalva/[email protected]+incompatible
    漏洞编号:CVE-2020-26160
    漏洞描述:jwt-go是个人开发者的一个Go语言的JWT实现。
    jwt-go 4.0.0-preview1之前版本存在安全漏洞。攻击者可利用该漏洞在使用[]string{} for m[\"aud\"](规范允许)的情况下绕过预期的访问限制。
    影响范围:(∞, 4.0.0-preview1)
    最小修复版本:4.0.0-preview1
    缺陷组件引入路径:[email protected]>github.com/dgrijalva/[email protected]+incompatible
    

    另外还有2个漏洞,详细报告:https://mofeisec.com/jr?p=a2c061

    opened by dependasec[bot] 1
  • panic: runtime error: slice bounds out of range [:-1]

    panic: runtime error: slice bounds out of range [:-1]

    MAC

    $ ./zscan all -H 192.168.8.1/24 --ping --log
    
    Mode:all
    Start time:2021-11-29 10:12:37
    The number of threads:100
    Time delay:3s
    Traget:192.168.8.1/24
    Verbose:Don't show verbose
    Ping befor portscan
    Save scan log in log.txt
    
    
    =========================living ip result list==========================
    [ping] Find '192.168.8.1' aliving
    [ping] Find '192.168.8.123' aliving
    [ping] Find '192.168.8.146' aliving
    [ping] Find '192.168.8.101' aliving
    [ping] Find '192.168.8.121' aliving
    [ping] Find '192.168.8.140' aliving
    [ping] Find '192.168.8.155' aliving
    [ping] Find '192.168.8.159' aliving
    [ping] Find '192.168.8.166' aliving
    [ping] Find '192.168.8.167' aliving
    [ping] Find '192.168.8.255' aliving
    A total of 11 IP addresses were discovered
    Find port 192.168.8.167:22
    Start burp ssh : 192.168.8.167:22
    Find port 192.168.8.1:53
    Find port 192.168.8.1:80
    Find port 192.168.8.159:80
    Find port 192.168.8.121:135
    Find port 192.168.8.146:135
    Find port 192.168.8.159:135
    Find port 192.168.8.166:135
    panic: runtime error: slice bounds out of range [:-1]
    
    goroutine 723 [running]:
    zscan/cmd.oxidIpInfo({0x173a800, 0xc00061a008})
    	/Users/zyy/zscan/cmd/winscan.go:519 +0x492
    zscan/cmd.Connectall({0xc000920270, 0xc000718300}, 0x87)
    	/Users/zyy/zscan/cmd/all.go:139 +0xd45
    zscan/cmd.(*PortScan).Startscan(0xc00017e780)
    	/Users/zyy/zscan/cmd/ps.go:114 +0x14f
    created by zscan/cmd.(*PortScan).Run
    	/Users/zyy/zscan/cmd/ps.go:83 +0x6d
    

    Windows

    C:\Users\Desktop>zscan_win_x64.exe all -H 192.168.8.1/24 --ping --log
    
    Mode:all
    Start time:2021-11-29 10:10:41
    The number of threads:100
    Time delay:3s
    Traget:192.168.8.1/24
    Verbose:Don't show verbose
    Ping befor portscan
    Save scan log in log.txt
    
    
    =========================living ip result list==========================
    [ping] Find '192.168.8.1' aliving
    [ping] Find '192.168.8.123' aliving
    [ping] Find '192.168.8.121' aliving
    [ping] Find '192.168.8.140' aliving
    [ping] Find '192.168.8.155' aliving
    [ping] Find '192.168.8.146' aliving
    [ping] Find '192.168.8.159' aliving
    [ping] Find '192.168.8.167' aliving
    [ping] Find '192.168.8.168' aliving
    [ping] Find '192.168.8.166' aliving
    A total of 10 IP addresses were discovered
    Find port 192.168.8.167:22
    Start burp ssh : 192.168.8.167:22
    Find port 192.168.8.1:53
    Find port 192.168.8.1:80
    Find port 192.168.8.159:80
    Find port 192.168.8.121:135
    Find port 192.168.8.146:135
    Find port 192.168.8.168:135
    panic: runtime error: slice bounds out of range [:-1]
    
    goroutine 598 [running]:
    zscan/cmd.oxidIpInfo({0x10acca0, 0xc0003ae078})
            /Users/zyy/zscan/cmd/winscan.go:519 +0x492
    zscan/cmd.Connectall({0xc0004105b0, 0xc0005321b0}, 0x87)
            /Users/zyy/zscan/cmd/all.go:139 +0xd45
    zscan/cmd.(*PortScan).Startscan(0xc0002ca6e0)
            /Users/zyy/zscan/cmd/ps.go:114 +0x14f
    created by zscan/cmd.(*PortScan).Run
            /Users/zyy/zscan/cmd/ps.go:83 +0x6d
    
    opened by lintstar 4
Releases(v2.0.1)
Owner
null
Subdomain scanner, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

ksubdomain是一款基于无状态的子域名爆破工具,类似无状态端口扫描,支持在Windows/Linux/Mac上进行快速的DNS爆破,在Mac和Windows上理论最大发包速度在30w/s,linux上为160w/s。 hacking8信息流的src资产收集 https://i.hacking8

boyhack 487 Sep 22, 2022
IRC bot for launch ddos attack, Mainly of scan target are IoT device that run linux and open default SSH port

IRC bot for launch ddos attack, Mainly of scan target are IoT device that run linux and open default SSH port

R4bin 3 Nov 10, 2021
Scan your project tree for tag comments.

TagSpot TagSpot is a small programm that scans a project tree for tag comments like TODO or FIXME (full list of supported tags). Usage From the comman

Markus Braunwarth 0 Jan 14, 2022
🦄️ 🎃 👻 Clash Premium 规则集(RULE-SET),兼容 ClashX Pro、Clash for Windows 客户端。

简介 本项目生成适用于 Clash Premium 内核的规则集(RULE-SET),同时适用于所有使用 Clash Premium 内核的 Clash 图形用户界面(GUI)客户端。使用 GitHub Actions 北京时间每天早上 6:30 自动构建,保证规则最新。 说明 本项目规则集(RUL

Loyalsoldier 6k Oct 2, 2022
Automatically register a list of domain names, add them to Cloudflare and set DNS records.

NameCannon Automatically register a list of domain names, add them as zones on Cloudflare, then add DNS records. Usage $ ./NameCannon --namesiloSecret

Kevin Roleke 1 Jan 26, 2022
Simple utility to set the WSL2 subnet to a specific range

WSL subnet utility This is a small Go utility to set the WSL2 host and subnet. It achieves this by: deleting the existing WSL network creating a new o

Michael Barber 7 Sep 8, 2022
This is a tool that allows you to check minecraft names availability, this tool can do around 3000~ names a minute or more!

Checker This is a tool that allows you to check minecraft names availability, this tool can do around 3000~ names a minute or more! Tutorial To instal

null 3 Feb 13, 2022
Traefik config validator: a CLI tool to (syntactically) validate your Traefik configuration filesTraefik config validator: a CLI tool to (syntactically) validate your Traefik configuration files

Traefik Config Validator Note This is currently pre-release software. traefik-config-validator is a CLI tool to (syntactically) validate your Traefik

Thomas Klinger 0 Dec 16, 2021
Server-tool - A simple tool to run and create Minecraft servers

Server Tool A simple tool to run and maintain different Minecraft servers. This

Jack 1 Jan 6, 2022