Git Product home page Git Product logo

zpscan's People

Contributors

niudaii avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

phuong39 ddostest123 ww18877317962 wha000tif startagain2016 icysun x-team-robots kwnzue istoliving cnmars 5l1v3r1 gamblingmaster2020 smallbluefox jiecoll mimicode flyer116 resources-zhangyw qing-420 msr00t tangzong-jx newt7744 dawnadvent akunwin ljjljjj diannaofengzi zzhsec ultramarine123 a099 mwb0350 svchost9913 ggg4566 musum kenyon-wong wubainian afwu cmjlove1 cwh12355 rabbitsafe xiaosaoba yearnming 550849750 amazingsec 1683728221 mrquiet trevor3000 goiruri 3yujw7njai ddawxaf iq-scm qigj github-user-6 empty2081 bowman03 zhuxianjin allinu babelqwerty simonlee-hello changheluor007 hi-unc1e grow520 gysf666 hdys0vn hosinozola sobinge yyming-sudo dontian122 lubyruffy ch1ngg ouyangkongzhu howsson anqisec wagadameimei

zpscan's Issues

oracle 爆破不生效

使用命令
./zpscan crack -i ip:1521 --user test123 --pass thinker

输出内容如下,已确认test123/thinker 可以正常连接oracle,但是爆破并没有显示成功。

开始爆破……
……
爆破结束
运行时间

模板使用报错

image
大佬,使用过程中出现这个问题是咋回事啊,资源文件也放好了呀

http指纹可以发下吗

师傅,下载的配置文件里finger指纹只有一个,看了下格式跟其他的指纹库不适配。

domainscan问题

师傅,domainscan扫完后,开始HTTP探活一直循环卡在探测这里,一个端口会进行4次左右的探测
微信截图_20230211153643

微信截图_20230211153741

webscan模块报错

root@TX-VPS:~/zpscan# ./zpscan_linux webscan -o out-zpscan-pocscan.txt -f ../urls.txt
[ERR] initFinger() err, Get "/xxx": unsupported protocol scheme ""
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x8ac955]

goroutine 1 [running]:
github.com/niudaii/zpscan/internal/utils.GetAllFile.func1({0x0, 0x0}, {0x0?, 0x0?}, {0x0?, 0x0?})
/home/runner/work/zpscan/zpscan/internal/utils/fileutil.go:63 +0x35
path/filepath.Walk({0x0, 0x0}, 0xc0006d9a18)
/opt/hostedtoolcache/go/1.18.8/x64/src/path/filepath/path.go:515 +0x50
github.com/niudaii/zpscan/internal/utils.GetAllFile({0x0?, 0xc0006d9ab0?})
/home/runner/work/zpscan/zpscan/internal/utils/fileutil.go:62 +0x52
github.com/niudaii/zpscan/pkg/pocscan/goby.LoadAllPoc({0x0?, 0x0?})
/home/runner/work/zpscan/zpscan/pkg/pocscan/goby/poc.go:97 +0x33
github.com/niudaii/zpscan/cmd.initPoc()
/home/runner/work/zpscan/zpscan/cmd/pocscan.go:71 +0x39
github.com/niudaii/zpscan/cmd.glob..func7(0x4174e80?, {0x20b1037?, 0x4?, 0x4?})
/home/runner/work/zpscan/zpscan/cmd/webscan.go:67 +0x28a
github.com/spf13/cobra.(*Command).execute(0x4174e80, {0xc0001772c0, 0x4, 0x4})
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:876 +0x67b
github.com/spf13/cobra.(*Command).ExecuteC(0x4174700)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:918
github.com/niudaii/zpscan/cmd.Execute()
/home/runner/work/zpscan/zpscan/cmd/root.go:108 +0x1da
main.main()
/home/runner/work/zpscan/zpscan/main.go:9 +0x17

crack模块在i/o timeout之后就会滚动条拉到底

使用了2w的字典, 然后运行rdp爆破后发现在i/o timeout之后就会滚动条拉到底, 然后就不跑了(--debug下看到的)
.\zpscan_1.8.39.exe crack -i xxx --user Administrator,Public,MSSQLSERVER,SQLTELEMETRY -m rdp --threads 100 --pass-file "xxx\top19576.txt" --debug

怎么使用

[ERR] initFinger() err, open : no such file or directory
[FTL] initQqwry() err, open : no such file or directory

建议

建议加入域名端口扫描

webscan功能建议

师傅的工具很棒,提一下webscan指纹识别的功能建议,是否考虑method增加get或者post请求类的,有些站点需要携带指纹url或者关键字才能回显对应框架的指纹

使用说明

可不可以出一下使用说明啊 不会用啊

wmi 扫描模块出错

本地 127.0.0.1:135
未能扫出口令(用户名密码已知)
20 线程,默认超时

当前测试环境win 10

target形式和-m参数冲突,导致产生歧义

代码片段位于:zpscan/pkg/crack/parse.go的 ParseTargets函数中
image

parse.go文件的第16行,tmp = strings.Split(tmp[1], "|")

tmp参数原本来自于对target参数的分割,tmp[0]是ip,tmp[1]是端口。但这里对tmp[1]又用 '|'进行了分割,并且把分割后的值覆盖了原来的tmp,导致下面对tmp的判断永远不可能==2。所以如果target的形式是x.x.x.x:2022这种非标端口,走到这一步后,len(tmp)==2这个判断永远不成立。只能走else分支,但是在预置端口-服务对应关系列表中找不到2022端口,此时及时制定了-m为ssh,也会提示目标为空

下图是证明,都是爆破ssh服务,非标端口时无法正常运行
image

从作者代码看,|应该是为了支持 x.x.x.x:2022|ssh这种形式。不过这里既然有-m参数,建议能够把-m参数和 ip:port|servername这两种形式合并下。比较容易歧义

crack多线程异常等待

url.txt

192.168.73.35:3389|rdp
45.144.1.22:22|ssh

执行命令

.\zpscan.exe crack -f .\url.txt   --user-file .\user.txt  --pass-file .\pass-100.txt --timeout 15    --debug

问题:crack 爆破弱口令,当url.txt的目标都爆破出弱口令时,程序在50秒左右完成扫描并输出结果,然后程序就在一直等待,--debug无结果输出,【爆破结束】在3m29秒才输出,进程才退出。

image

image

wmi 爆破报错

goroutine 1125 [running]:
github.com/C-Sto/goWMIExec/pkg/ntlmssp.ParseSSPChallenge({0x45a22f8, 0x0, 0x0})
/home/runner/go/pkg/mod/github.com/!c-!sto/go!w!m!i![email protected]/pkg/ntlmssp/ntlmssp.go:114 +0x9c5
github.com/niudaii/zpscan/pkg/crack/plugins/wmiexec.(*wmiExecer).Auth(0xc000973b30)
/home/runner/work/zpscan/zpscan/pkg/crack/plugins/wmiexec/wmiexec.go:264 +0x64a
github.com/niudaii/zpscan/pkg/crack/plugins/wmiexec.WMIExec({0xc000faae70, 0xd}, {0xc0000a8110, 0xd}, {0xc0006d5ea8, 0x8}, {0x0, 0x0}, {0x0, 0x0}, ...)
/home/runner/work/zpscan/zpscan/pkg/crack/plugins/wmiexec/wmiexec.go:790 +0x39b
github.com/niudaii/zpscan/pkg/crack/plugins.WmiCrack(0xc000bb1040)
/home/runner/work/zpscan/zpscan/pkg/crack/plugins/wmi.go:11 +0xb1
github.com/niudaii/zpscan/pkg/crack.(*Runner).Crack.func1()
/home/runner/work/zpscan/zpscan/pkg/crack/runner.go:118 +0x43b
created by github.com/niudaii/zpscan/pkg/crack.(*Runner).Crack
/home/runner/work/zpscan/zpscan/pkg/crack/runner.go:106 +0x5e5

    被扫描目标windows 7
    线程 20

当前测试环境win 10

支持json格式输出

output可以添加一个json格式的输出,方便其他工具解析扫描结果。
我比较懒,就不mr了。

poc模块报错

image

root@HW-VPS:~/zpscan# ./zpscan_linux pocscan -o out-zpscan-pocscan.txt -f ../urls.txt panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x8ac955]

goroutine 1 [running]:
github.com/niudaii/zpscan/internal/utils.GetAllFile.func1({0x0, 0x0}, {0x0?, 0x0?}, {0xc0002d4390?, 0x76?})
/home/runner/work/zpscan/zpscan/internal/utils/fileutil.go:63 +0x35
path/filepath.Walk({0x0, 0x0}, 0xc000757a88)
/opt/hostedtoolcache/go/1.18.8/x64/src/path/filepath/path.go:515 +0x50
github.com/niudaii/zpscan/internal/utils.GetAllFile({0x0?, 0xc000757af0?})
/home/runner/work/zpscan/zpscan/internal/utils/fileutil.go:62 +0x52
github.com/niudaii/zpscan/pkg/pocscan/goby.LoadAllPoc({0x0?, 0x210041b?})
/home/runner/work/zpscan/zpscan/pkg/pocscan/goby/poc.go:97 +0x33
github.com/niudaii/zpscan/cmd.initPoc()
/home/runner/work/zpscan/zpscan/cmd/pocscan.go:71 +0x39
github.com/niudaii/zpscan/cmd.glob..func5(0x4174480?, {0x20b1037?, 0x4?, 0x4?})
/home/runner/work/zpscan/zpscan/cmd/pocscan.go:45 +0x14a
github.com/spf13/cobra.(*Command).execute(0x4174480, {0xc0001133c0, 0x4, 0x4})
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:876 +0x67b
github.com/spf13/cobra.(*Command).ExecuteC(0x4174700)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:918
github.com/niudaii/zpscan/cmd.Execute()
/home/runner/work/zpscan/zpscan/cmd/root.go:108 +0x1da
main.main()
/home/runner/work/zpscan/zpscan/main.go:9 +0x17

牛蛙牛蛙

不知道师傅有没有做web的想法,工具很棒

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.