自动化爆破子域名，并遍历所有端口寻找http服务，并使用crawlergo、dirsearch、xray等工具扫描并集成报告；支持动态添加扫描到的域名至任务；

Last update: Dec 30, 2022

Related tags

Overview

AutoScanner

AutoScanner是什么

AutoScanner是一款自动化扫描器，其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务，并使用集成的工具进行扫描，最后集成扫描报告；
工具目前有：oneforall、masscan、nmap、crawlergo、dirsearch、xray、awvs、whatweb等

是之前hscan 的重构版本；

AutoScanner做了什么

自动下载项目所需要的tools
使用oneforall遍历子域名
使用masscan遍历主机所有开放端口
使用nmap扫描开放端口；得出所有http服务端口
使用crawlergo进行扫描
动态添加crawlergo扫描到的域名至任务清单
使用dirsearch进行目录文件扫描
扫描到的目录、文件传递到xray
使用xray进行被动扫描
扫描结束后生成两份报告，xray和所有tools集成的一份报告
...

另外，在各个工具直接做了很多逻辑处理，如masscan扫描到过多开放端口，直接忽略；如nmap发现80和443同时开放http服务，忽略443；等等
需要注意的是，项目中提供了awvs的扫描脚本，但是考虑到正版盗版的原因项目中未集成awvs的安装包；

项目运行

由于涉及过多pip包依赖及浏览器环境等，建议使用docker运行；
其中注意项目所需要的工具会自动下载，但是由于国内github网速问题可能会导致下载失败等问题，如果发生，可下载下方包解压到tools目录；
链接: https://pan.baidu.com/s/1FAP02yYK7CF9mxMD0yj08g 密码: a6p4

截图展示

部分截图可以看之前的hscan；这儿展示下单独的tools的报告

Comments

报错 Name or service not know

你好：作者我在kali linux上安装此软件，全部安装完后运行docker_run.sh文件报Name or service not konw错误如图所示:

后面就什么反应都没了

其中docker_run.sh中指定了域名参数 docker run -ti --rm -vpwd/:/root/ auto:latest -d domain.com

请问这是什么情况。

opened by laohuan12138 3
--fu url.txt时报错，请问怎么解决

root:~/Autoscanner# docker run -ti --rm -v pwd/:/root/ autoscanner:latest --fu url.txt Traceback (most recent call last): File "main.py", line 25, in main() File "main.py", line 20, in main arguments = ArgumentParser() File "/root/lib/arguments_parse.py", line 18, in init self.urlList = get_file_content(options.urls_file) AttributeError: 'Values' object has no attribute 'urls_file'

opened by h1iba1 2
构建docker镜像报错

构建镜像报错 #12 187.6 E: Failed to fetch http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_102.0.5005.115-1_amd64.deb Connection failed [IP: 220.181.174.225 80] #12 187.6 E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

executor failed running [/bin/sh -c ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && apt install -y curl wget python3 python3-pip masscan whatweb nmap tzdata dnsutils google-chrome-stable && pip3 install -r requirements.txt]: exit code: 100

opened by Lins-MDFK 0

oneforall跑完后，xray、Nuclei未在工作

环境

谷歌云vps、ubuntu18

现象

1、oneforall跑完后，未看到xray在工作；/root/Autoscanner/tools/xray_linux_amd64目录下xray的证书信息、配置文件也不存在 2、Nuclei只跑完www.xxx.com的主域名，进程就结束了 3、日志信息

21:31:35,356 [INFOR] oneforall:253 - Finished OneForAll
Request Progress: 131it [00:42,  3.05it/s]
286

2022-03-18 21:31:35.478 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Oneforall - over
2022-03-18 21:31:35.538 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Bugscanner - start scanning
2022-03-18 21:31:36.613 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Bugscanner - over
2022-03-18 21:31:36.614 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Nslookup - start scanning
2022-03-18 21:31:42.482 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Nslookup - over
2022-03-18 21:31:42.488 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - Masscan - start scanning
Error in received packet: No such file or directory
src/rawsock-getif.c:299: read_netlink: 2
FAIL: could not determine default interface
FAIL:... try "--interface ethX"
311

2022-03-18 21:31:42.592 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - Masscan - over
2022-03-18 21:31:42.593 | INFO     | lib.Tools:__init__:49 - /tmp/tmpttz7zu0m - Nmap - start scanning
320

2022-03-18 21:31:59.095 | INFO     | lib.Tools:__init__:56 - /tmp/tmpttz7zu0m - Nmap - over
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
2022-03-18 21:32:09.536 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - IpLocation - start scanning
2022-03-18 21:32:09.615 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - IpLocation - over
2022-03-18 21:32:09.616 | INFO     | lib.Tools:__init__:49 -  - Whatweb - start scanning
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
383

2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:56 -  - Whatweb - over
2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Snapshot - start scanning
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Snapshot - over
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Nuclei - start scanning

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.6.3

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] nuclei-templates are not installed, installing...
[INF] Successfully downloaded nuclei-templates (v8.9.0) to /root/nuclei-templates. GoodLuck!
[INF] Using Nuclei Engine 2.6.3 (latest)
[INF] Using Nuclei Templates 8.9.0 (latest)
[INF] Templates added in last update: 2
[INF] Templates loaded for scan: 3013
[INF] Templates clustered: 502 (Reduced 461 HTTP Requests)
[INF] Using Interactsh Server: oast.me
485

2022-03-18 21:33:56.049 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Nuclei - over
2022-03-18 21:33:56.050 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Crawlergo - start scanning
724

2022-03-18 21:34:16.972 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Crawlergo - over
2022-03-18 21:34:32.018 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Dirsearch - start scanning
778

2022-03-18 21:35:19.327 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Dirsearch - over
[email protected]:~/Autoscanner#

opened by yida223 1

Releases(v1.2.1)

v1.2.1(Jul 15, 2022)
修改了前台界面

修改了之前的一些bug

Source code(tar.gz)
Source code(zip)
v1.2.0(Mar 18, 2022)

-增加nuclei -增加bugscanner -调整nmap的扫描次序 -调优
Source code(tar.gz)
Source code(zip)
v1.1.0(Jul 7, 2021)
全新重构

加入网页截图，cdn检测，定位信息等

Source code(tar.gz)
Source code(zip)
v1.0.2(May 23, 2021)
修复了一些bug

增加--fq功能，一键从企查查的备案列表导出文件中读取并扫描

Source code(tar.gz)
Source code(zip)
v1.0.1(Apr 23, 2021)
增加了工具执行时超时强制结束功能

Source code(tar.gz)
Source code(zip)
v1.0.0(Apr 17, 2021)

Source code(tar.gz)
Source code(zip)

Owner

[email protected]

GitHub Repository

This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service

3 Nov 23, 2022

Sentinel-1 SAR time series analysis for OSINT use

SARveillance Sentinel-1 SAR time series analysis for OSINT use. Description Generates a time lapse GIF of the Sentinel-1 satellite images for the loca

21 Dec 09, 2022

Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.

Midas ELF64 Injector Description Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary. All you n

20 Dec 24, 2022

AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically to AIL

AIL LeakFeeder: A Module for AIL Framework that automates the process to feed leaked files automatically to AIL, So basically this feeder will help you ingest AIL with your leaked files automatically

8 May 03, 2022

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE Analyze Usage ------------------------------------------------------------- [*] CVE-2021-220

224 Aug 05, 2022

A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

MacPer A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms. Not all of the exploits directly sp

20 Nov 30, 2022

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

368 Jan 04, 2023

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

6 Oct 10, 2022

CSAW 2021 writeups

CSAW 2021 Writeups Challenge Category Solved by The Magic Modbus ics root2thrill Lazy Leaks Forensics root2thrill Poem Collection warm-up root2thrill

7 Oct 06, 2021

This repo created for bypassing Widevine L3 DRM and obtaining keys.

First run: Copy headers (with cookies) of POST license request from browser to headers.py like dictionary. pip install -r requirements.txt # if doesn'

263 Jan 07, 2023

A terminal based web shell controller

shell-hack Tribute to Chinese ant sword； A Powerful terminal based webshell controller； Usage : Usage : python3 shell-hack.py --url [URL] --w

10 Dec 28, 2021

Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

This program is an non-object oriented opensource, hidden and undetectable backdoor/reverse shell/RAT for Windows made in Python 3 which contains many features such as multi-client support and cross-

35 Apr 17, 2022

Detection And Breaking With Python

Detection And Breaking IIIIIIIIIIIIIIIIIIII PPPPPPPPPPPPPPPPP VVVVVVVV VVVVVVVV I::::::::II::::::::I P:::::::

1 Dec 26, 2021

CTF framework and exploit development library

pwntools - CTF toolkit Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and develo

9.8k Dec 31, 2022

A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

26 Mar 15, 2022

Virus-Builder - This tool will generate a virus that can only destroy Windows computer

Virus-Builder - This tool will generate a virus that can only destroy Windows computer. You can also configure to auto run in usb drive

16 Dec 30, 2022

A tool to brute force a gmail account. Use this tool to crack multiple accounts

A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts

12 Dec 30, 2022

These are Simple python scripts to test/scan your network

Disclaimer This tool is for Educational purpose only. We do not promote or encourage any illegal activities. Summary These are Simple python scripts t

5 Oct 08, 2022

Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

16 Aug 30, 2022

A small Python Script To get all levels of subdomains from a list

getlevels A small Python Script To get all levels of subdomains Easily get 1st level, 2nd level, 3rd level, 4th level .... nth level subdomains Usag

9 Feb 15, 2022