GoScan: Interactive Network Scanner


GoScan: Interactive Network Scanner

Introduction

GoScan is an Interactive Network Scanner Client written in Go, featuring auto-completion, which provides abstraction and automation over Nmap – a well-known network scanner tool. You can use it to perform host discovery, port scanning, and service enumeration tasks, for both casual and professional purposes.

GoScan: An Interactive Network Scanner Client

GoScan Network Scanner is particularly suited for unstable environments, such as: unstable and unreliable network connectivity, no screen situations, etc.). It uses SQLite database for running scans and monitoring and maintaining their states. In addition, scans run in the background (detached from the main thread), so even if connection to the box running GoScan is lost, results can be uploaded asynchronously.

Features:

  • Interactive network scanner with auto-completion,
  • Suitable for both casual an professional pentesting tasks,
  • Capable of host discovery, port scanning and service enumeration (integrates a lot of tools, such as: EyeWitness, Hydra, nikto, etc.),
  • Scans run in the background, in case the connection is lost, you can upload results asynchronously (no need for the process restart, data can be imported at different stages),
  • Supports all the main steps of network enumeration,
  • and much more.

External Integrations [Service Enumeration Supports]

  • ARP: nmap
  • DNS: nmap, dnsrecon, dnsenum, host
  • FINGER: nmap, finger-user-enum
  • FTP: nmap, ftp-user-enum, hydra [AGGRESIVE]
  • HTTP: nmap, nikto, dirb, EyeWitness, SQLmap, fimap
  • RDP: nmap, EyeWitness
  • SMB: nmap, enum4linux, nbtscan, samrdump
  • SMTP: nmap, smtp-user-enum
  • SNMP: nmap, snmpcheck, onesixtyone, snmpwalk
  • SSH: hydra [AGGRESIVE]
  • SQL: nmap
  • VNC: EyeWitnes

Install

Build from source

Clone the repo:

$ git clone https://github.com/marco-lancini/goscan.git

Navigate to the GoScan directory and build:

$ cd goscan/goscan/ 
$ make setup
$ make build

If you want to make a multi-platform binary, run:

$ make cross

Binary Install

This is the recommended way of installation. Get binary:

$ wget https://github.com/marcolancini/goscan/releases/download/v2.3/goscan_2.3_linux_amd64.zip $ unzip goscan_2.3_linux_amd64.zip

Then place the executable in PATH:

$ chmod +x goscan 
$ sudo mv ./goscan /usr/local/bin/goscan

Install via Docker

$ git clone https://github.com/marco-lancini/goscan.git 
$ cd goscan/
$ docker-compose up --build

Usage Options

GoScan supports all the main steps of network enumeration.

1. Load targets:

	load target SINGLE <IP/32>		Add a single target via the CLI (must be a valid CIDR)
	load target MULTI <path-to-file>	Upload multiple targets from a text file or folder

2. Host Discovery:

	sweep <TYPE> <TARGET>			Perform a Ping Sweep
	load alive SINGLE <IP>			Add a single alive host via the CLI (must be a /32)
	load alive MULTI <path-to-file>		Upload multiple alive hosts from a text file or folder

3. Port Scanning:

	portscan <TYPE> <TARGET>		Perform a port scan
	load portscan <path-to-file>		Or upload nmap results from XML files or folder

4. Service Enumeration:

	
	enumerate <TYPE> DRY <TARGET>		Dry Run (only show commands, without performing them
	enumerate <TYPE> <POLITE/AGGRESSIVE> <TARGET> Perform enumeration of detected services

5. Special Scans:
   
   EyeWitness
	special eyewitness			Take screenshots of websites, RDP services, and open VNC servers (KALI ONLY)
	EyeWitness.py				needs to be in the system path

   Extract (Windows) domain information from enumeration data
	special domain <users/hosts/servers>	

   DNS
	special dns DISCOVERY <domain>		Enumerate DNS (nmap, dnsrecon, dnsenum)
	special dns BRUTEFORCE <domain>		Bruteforce DNS
	special dns BRUTEFORCE_REVERSE <domain> <base_IP> Reverse Bruteforce DNS

Utils

	show <targets/hosts/ports>		Show results
	set config_file <PATH>			Automatically configure settings by loading a config file
	set output_folder <PATH>		Change the output folder (by default ~/goscan)
	set nmap_switches 			Modify the default nmap switches
	<SWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD> <SWITCHES> 
	set_wordlists <FINGER_USER/FTP_USER/...> <PATH> Modify the default wordlists

Download Box