Goscan – Interactive Network Scanner

Goscan - Interactive Network Scanner

GoScan is an interactive community scanner shopper, that includes auto-completion, which gives abstraction and automation over nmap.
Although it began as a small facet-mission I developed with a purpose to study @golang, GoScan can now be used to carry out host discovery, port scanning, and repair enumeration not solely in conditions the place being stealthy will not be a precedence and time is proscribed (suppose at CTFs, OSCP, exams, and so forth.), but additionally (with a number of tweaks in its configuration) throughout skilled engagements.

GoScan can also be significantly fitted to unstable environments (suppose unreliable community connectivity, lack of “display screen“, and so forth.), provided that it fires scans and keep their state in an SQLite database. Scans run within the background (indifferent from the principle thread), so even when connection to the field operating GoScan is misplaced, outcomes might be uploaded asynchronously (extra on this under). That is, information might be imported into GoScan at totally different levels of the method, with out the necessity to restart the complete course of from scratch if one thing goes incorrect.

In addition, the Service Enumeration section integrates a group of different instruments (e.g., EyeWitness, Hydra, nikto, and so forth.), every one tailor-made to focus on a selected service. 


Binary set up (Recommended)
Binaries can be found from the
Release web page.

# Linux (64bit)
$ wget https://github.com/marco-lancini/goscan/releases/obtain/v2.1/goscan_2.1_linux_amd64.zip
$ unzip goscan_2.1_linux_amd64.zip

# Linux (32bit)
$ wget https://github.com/marco-lancini/goscan/releases/obtain/v2.1/goscan_2.1_linux_386.zip
$ unzip goscan_2.1_linux_386.zip

# After that, place the executable in your PATH
$ chmod +x goscan
$ sudo mv ./goscan /usr/native/bin/goscan

Build from supply

$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan/goscan/
$ make setup
$ make construct

To create a multi-platform binary, use the cross command by way of make:


$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan/
$ docker-compose up --build

GoScan helps all the principle steps of community enumeration:

Step Commands
1. Load targets
  • Add a single goal by way of the CLI (should be a /32): load goal SINGLE <IP>
  • Upload a number of targets from a textual content file or folder: load goal MULTI <path-to-file>
2. Host Discovery
  • Perform a Ping Sweep: sweep <TYPE> <TARGET>
  • Or load outcomes from a earlier discovery:
    • Add a single alive host by way of the CLI (should be a /32): load alive SINGLE <IP>
    • Upload a number of alive hosts from a textual content file or folder: load alive MULTI <path-to-file>
3. Port Scanning
  • Perform a port scan: portscan <TYPE> <TARGET>
  • Or add nmap outcomes from XML recordsdata or folder: load portscan <path-to-file>
4. Service Enumeration
  • Dry Run (solely present instructions, with out performing them): enumerate <TYPE> DRY <TARGET>
  • Perform enumeration of detected companies: enumerate <TYPE> <POLITE/AGGRESSIVE> <TARGET>
5. Special Scans
  • EyeWitness
    • Take screenshots of internet sites, RDP companies, and open VNC servers (KALI ONLY): particular eyewitness
    • EyeWitness.py must be within the system path
  • Extract (Windows) area info from enumeration information
    • particular area <customers/hosts/servers>
  • DNS
    • Enumerate DNS (nmap, dnsrecon, dnsenum): particular dns DISCOVERY <area>
    • Bruteforce DNS: particular dns BRUTEFORCE <area>
    • Reverse Bruteforce DNS: particular dns BRUTEFORCE_REVERSE <area> <base_IP>
  • Show outcomes: present <targets/hosts/ports
  • Change the output folder (by default ~/goscan): set output_folder <PATH>
  • Modify the default nmap switches: set nmap_switches <SWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD> <SWITCHES>
  • Modify the default wordlists: set_wordlists <FINGER_USER/FTP_USER/...> <PATH>

External Integrations
The Service Enumeration section at the moment helps the next integrations:

  • nmap
  • dnsrecon
  • dnsenum
  • host
  • nmap
  • ftp-person-enum
  • hydra [AGGRESSIVE]
  • nmap
  • nikto
  • dirb
  • EyeWitness
  • sqlmap [AGGRESSIVE]
  • fimap [AGGRESSIVE]
  • nmap
  • enum4linux
  • nbtscan
  • samrdump
  • nmap
  • snmpcheck
  • onesixtyone
  • snmpwalk

MoreTip.com MoreTip.com


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.