GoScan is an Interactive Network Scanner Client written in Go, featuring auto-completion, which provides abstraction and automation over Nmap – a well-known network scanner tool. You can use it to perform host discovery, port scanning, and service enumeration tasks, for both casual and professional purposes.
GoScan: An Interactive Network Scanner Client
GoScan Network Scanner is particularly suited for unstable environments, such as: unstable and unreliable network connectivity, no screen situations, etc.). It uses SQLite database for running scans and monitoring and maintaining their states. In addition, scans run in the background (detached from the main thread), so even if connection to the box running GoScan is lost, results can be uploaded asynchronously.
Features:
- Interactive network scanner with auto-completion,
- Suitable for both casual an professional pentesting tasks,
- Capable of host discovery, port scanning and service enumeration (integrates a lot of tools, such as: EyeWitness, Hydra, nikto, etc.),
- Scans run in the background, in case the connection is lost, you can upload results asynchronously (no need for the process restart, data can be imported at different stages),
- Supports all the main steps of network enumeration,
- and much more.
External Integrations [Service Enumeration Supports]
- ARP: nmap
- DNS: nmap, dnsrecon, dnsenum, host
- FINGER: nmap, finger-user-enum
- FTP: nmap, ftp-user-enum, hydra [AGGRESIVE]
- HTTP: nmap, nikto, dirb, EyeWitness, SQLmap, fimap
- RDP: nmap, EyeWitness
- SMB: nmap, enum4linux, nbtscan, samrdump
- SMTP: nmap, smtp-user-enum
- SNMP: nmap, snmpcheck, onesixtyone, snmpwalk
- SSH: hydra [AGGRESIVE]
- SQL: nmap
- VNC: EyeWitnes
Install
Build from source
Clone the repo:
$ git clone https://github.com/marco-lancini/goscan.git
Navigate to the GoScan directory and build:
$ cd goscan/goscan/ $ make setup $ make build
If you want to make a multi-platform binary, run:
$ make cross
Binary Install
This is the recommended way of installation. Get binary:
$ wget https://github.com/marcolancini/goscan/releases/download/v2.3/goscan_2.3_linux_amd64.zip $ unzip goscan_2.3_linux_amd64.zip
Then place the executable in PATH:
$ chmod +x goscan $ sudo mv ./goscan /usr/local/bin/goscan
Install via Docker
$ git clone https://github.com/marco-lancini/goscan.git $ cd goscan/ $ docker-compose up --build
Usage Options
GoScan supports all the main steps of network enumeration.
1. Load targets:
load target SINGLE <IP/32> Add a single target via the CLI (must be a valid CIDR)
load target MULTI <path-to-file> Upload multiple targets from a text file or folder
2. Host Discovery:
sweep <TYPE> <TARGET> Perform a Ping Sweep
load alive SINGLE <IP> Add a single alive host via the CLI (must be a /32)
load alive MULTI <path-to-file> Upload multiple alive hosts from a text file or folder
3. Port Scanning:
portscan <TYPE> <TARGET> Perform a port scan
load portscan <path-to-file> Or upload nmap results from XML files or folder
4. Service Enumeration:
enumerate <TYPE> DRY <TARGET> Dry Run (only show commands, without performing them
enumerate <TYPE> <POLITE/AGGRESSIVE> <TARGET> Perform enumeration of detected services
5. Special Scans:
EyeWitness
special eyewitness Take screenshots of websites, RDP services, and open VNC servers (KALI ONLY)
EyeWitness.py needs to be in the system path
Extract (Windows) domain information from enumeration data
special domain <users/hosts/servers>
DNS
special dns DISCOVERY <domain> Enumerate DNS (nmap, dnsrecon, dnsenum)
special dns BRUTEFORCE <domain> Bruteforce DNS
special dns BRUTEFORCE_REVERSE <domain> <base_IP> Reverse Bruteforce DNS
Utils
show <targets/hosts/ports> Show results
set config_file <PATH> Automatically configure settings by loading a config file
set output_folder <PATH> Change the output folder (by default ~/goscan)
set nmap_switches Modify the default nmap switches
<SWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD> <SWITCHES>
set_wordlists <FINGER_USER/FTP_USER/...> <PATH> Modify the default wordlists
