zyylhn / zscan Goto Github PK
View Code? Open in Web Editor NEWZscan a scan blasting tool set
License: MIT License
Zscan a scan blasting tool set
License: MIT License
Can you please explain to me step by step how this tol can be installed on Mac? Thank you very much
怎么调用指定的ip.txt列表进行扫描。并指定user和pass 。可以这么用吗。如果可以格式是什么?
请问支持smb login爆破吗?
$ ./zscan all -H 192.168.8.1/24 --ping --log
Mode:all
Start time:2021-11-29 10:12:37
The number of threads:100
Time delay:3s
Traget:192.168.8.1/24
Verbose:Don't show verbose
Ping befor portscan
Save scan log in log.txt
=========================living ip result list==========================
[ping] Find '192.168.8.1' aliving
[ping] Find '192.168.8.123' aliving
[ping] Find '192.168.8.146' aliving
[ping] Find '192.168.8.101' aliving
[ping] Find '192.168.8.121' aliving
[ping] Find '192.168.8.140' aliving
[ping] Find '192.168.8.155' aliving
[ping] Find '192.168.8.159' aliving
[ping] Find '192.168.8.166' aliving
[ping] Find '192.168.8.167' aliving
[ping] Find '192.168.8.255' aliving
A total of 11 IP addresses were discovered
Find port 192.168.8.167:22
Start burp ssh : 192.168.8.167:22
Find port 192.168.8.1:53
Find port 192.168.8.1:80
Find port 192.168.8.159:80
Find port 192.168.8.121:135
Find port 192.168.8.146:135
Find port 192.168.8.159:135
Find port 192.168.8.166:135
panic: runtime error: slice bounds out of range [:-1]
goroutine 723 [running]:
zscan/cmd.oxidIpInfo({0x173a800, 0xc00061a008})
/Users/zyy/zscan/cmd/winscan.go:519 +0x492
zscan/cmd.Connectall({0xc000920270, 0xc000718300}, 0x87)
/Users/zyy/zscan/cmd/all.go:139 +0xd45
zscan/cmd.(*PortScan).Startscan(0xc00017e780)
/Users/zyy/zscan/cmd/ps.go:114 +0x14f
created by zscan/cmd.(*PortScan).Run
/Users/zyy/zscan/cmd/ps.go:83 +0x6d
C:\Users\Desktop>zscan_win_x64.exe all -H 192.168.8.1/24 --ping --log
Mode:all
Start time:2021-11-29 10:10:41
The number of threads:100
Time delay:3s
Traget:192.168.8.1/24
Verbose:Don't show verbose
Ping befor portscan
Save scan log in log.txt
=========================living ip result list==========================
[ping] Find '192.168.8.1' aliving
[ping] Find '192.168.8.123' aliving
[ping] Find '192.168.8.121' aliving
[ping] Find '192.168.8.140' aliving
[ping] Find '192.168.8.155' aliving
[ping] Find '192.168.8.146' aliving
[ping] Find '192.168.8.159' aliving
[ping] Find '192.168.8.167' aliving
[ping] Find '192.168.8.168' aliving
[ping] Find '192.168.8.166' aliving
A total of 10 IP addresses were discovered
Find port 192.168.8.167:22
Start burp ssh : 192.168.8.167:22
Find port 192.168.8.1:53
Find port 192.168.8.1:80
Find port 192.168.8.159:80
Find port 192.168.8.121:135
Find port 192.168.8.146:135
Find port 192.168.8.168:135
panic: runtime error: slice bounds out of range [:-1]
goroutine 598 [running]:
zscan/cmd.oxidIpInfo({0x10acca0, 0xc0003ae078})
/Users/zyy/zscan/cmd/winscan.go:519 +0x492
zscan/cmd.Connectall({0xc0004105b0, 0xc0005321b0}, 0x87)
/Users/zyy/zscan/cmd/all.go:139 +0xd45
zscan/cmd.(*PortScan).Startscan(0xc0002ca6e0)
/Users/zyy/zscan/cmd/ps.go:114 +0x14f
created by zscan/cmd.(*PortScan).Run
/Users/zyy/zscan/cmd/ps.go:83 +0x6d
检测到 zyylhn/zscan 一共引入了244个开源组件,存在2个漏洞
漏洞标题:jwt-go 安全漏洞
缺陷组件:github.com/dgrijalva/[email protected]+incompatible
漏洞编号:CVE-2020-26160
漏洞描述:jwt-go是个人开发者的一个Go语言的JWT实现。
jwt-go 4.0.0-preview1之前版本存在安全漏洞。攻击者可利用该漏洞在使用[]string{} for m[\"aud\"](规范允许)的情况下绕过预期的访问限制。
影响范围:(∞, 4.0.0-preview1)
最小修复版本:4.0.0-preview1
缺陷组件引入路径:zscan@->github.com/dgrijalva/[email protected]+incompatible
另外还有2个漏洞,详细报告:https://mofeisec.com/jr?p=a2c061
exploit模块ssh只支持交互式登录,但是不支持批量登录多台机器执行命令
有考虑在blast模块添加一个执行SSH命令的功能吗,C段机器爆破成功的同时,在每台机器分别执行命令返回结果(非交互)(参考fscan ssh -c 命令)
没有编译环境 请问每次更新的时侯能否编译个成品发出来,谢谢!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.