zongdeiqianxing / autoscanner Goto Github PK

输入域名>爆破子域名>扫描子域名端口>发现扫描web服务>集成报告的全流程全自动扫描器。集成oneforall、masscan、nmap、dirsearch、crawlergo、xray等工具，另支持cdn识别、网页截图、站点定位；动态识别域名并添加功能、工具超时中断等

Dockerfile 1.30% Python 73.75% HTML 24.90% Shell 0.06%

crawlergo dirsearch nmap-http masscan xray cdn snapshot nslookup iplocation scanner

autoscanner's Introduction

AutoScanner

AutoScanner是什么

AutoScanner是一款自动化扫描器，其功能分为两块：

1 遍历所有子域名、子域名主机所有端口及所有http、https端口服务
2 对子域名主机信息进行相关检测，如cname解析判断是否是cdn、域名定位信息判断是否为云服务器、masscan扫端口、nmap等
3 对http端口服务截图、使用集成的工具如crawlergo、xray、dirsearch等进行扫描；
4 集成扫描报告

AutoScanner对工具之间的调用衔接做了很多处理：

1 bugscanner同站点域名识别、crawlergo爬取出的域名动态添加到扫描列表中
2 判断站点是否存在cdn，存在的话跳过系列host检测；如masscan扫描出大于20个开放端口时，自动判定为存在安全设备
3 curl访问站点识别，如访问失败跳过后续web检测
4 所有工具增加超时中断功能，避免工具卡死卡住
...

项目运行

由于涉及过多工具、python包依赖及浏览器环境等，建议使用docker运行；

0x01 工具下载

二选一即可

工具在执行时会自动多线程下载,不用任何操作直接下载完成正常运行，即使下载过程中有中断。 (国内从github下载，可能非常慢)
下载百度云,将解压的tools目录放置项目主目录即main.py这一层；
- 链接: https://pan.baidu.com/s/1FAP02yYK7CF9mxMD0yj08g 密码: a6p4

0x02 构建镜像

docker build -t auto .
构建过程中如果有报错，请多尝试几次或者更换源，实测过程中是遇到几次因为源的问题构建不成功，但是注销阿里云源即可成功。

0x03 执行项目

docker运行命令参数已放入docker_run.sh文件中，直接修改执行./docker_run.sh即可
其中支持参数为：
- -d 单个domain
- -f 包含多个domains的文件
- --fq 从企查查导出的企业备案域名xls文件

0x04 报告查看

执行python3 -m http.server 80 --directory report/, 在浏览器中输入地址即可

截图展示

autoscanner's People

Contributors

Stargazers

Watchers

Forkers

sobinge huangyuan666 zhuanyedecainiao jeromeyoung luckxiao520 meiyingnima lekkoo dk47os3r haoirui soliontheroad morns0 kaka77 whitehsbg wuzuowei security888test code4security xiaoaliha m0tky evi1hack hkxiaoyao hcjcn cross2to anquanzhu gysf666 sunrong1027 hackerx2021 baozhazhizi orgyia gkfnf putinone xiaolushuo nanaao gaozzr mrdoulestar xinchenmi winrose-c shabi123987 isiaon fenghaolinroix strugg1e ddostest123 favorite-project phlinhng oozeryze ta0ing kk98kk0 techris45 conanjun xx-zhang jusk9527 afwu geoiplab gamblingmaster2020 desirefire pen9un leeasina yolel yougar0 m3g4byt3 lyy0755 fengzihk lay0us1 jaygith zaigaochu bingpo a111b111 jax7sec bambooeric apologizefor gaosongs icysun bowman03 nnanfeng weber213 xinxiemy norwhereok zeker62 sashka3076 1f3lse sakazulu tools-env vikutorika nearlee2008 mergerly 2416041498 viplurker startagain2016 whoamisysteminfo xqdd2004 r1ghrfhd darkkid0 linhai2015 gg-big-org auxiliarya crj0b rank0 16778738 xizyy werwolfz duohao123

autoscanner's Issues

报错卡死

师傅您好，在运行了docker_install.sh之后，跑到dirsearch后卡死，看了下命令，现在dirsearch 已经不支持-e * 命令，后面不加参数即可。

Decompressing Rootfs, please be patient.
writing launch script
fixing shebang of start-kali.sh
making start-kali.sh executable
removing image for some space
You can now launch Kali with the ./start-kali.sh script
~ $ ls
kali-binds kali.sh storage
kali-fs start-kali.sh
~ $ bash start-kali.sh
root@localhost:# apt update && pkg upgrade -y
Get:1 http://mirror.fsmg.org.nz/kali kali-rolling InRelease [30.5 kB]
Err:1 http://mirror.fsmg.org.nz/kali kali-rolling InRelease
The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository [email protected]
Reading package lists... Done
W: GPG error: http://mirror.fsmg.org.nz/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository [email protected]
E: The repository 'http://mirror.fsmg.org.nz/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@localhost:# apt update
Get:1 http://mirror.fsmg.org.nz/kali kali-rolling InRelease [30.5 kB]
Err:1 http://mirror.fsmg.org.nz/kali kali-rolling InRelease
The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository [email protected]
Reading package lists... Done
W: GPG error:http://mirror.fsmg.org.nz/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository [email protected]
E: The repository 'http://mirror.fsmg.org.nz/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@localhost:~#

Recentement my termux had problems with root @ kali using when I bash start-kali.sh it goes more when and to give apt update && pkg upgrade -y it gives a wpg error any can help me how to solve this

:W: GPG error:
:E: The repository:
:N: Updating:
N: See apt-secure:

报错 Name or service not know

你好：
作者
我在kali linux上安装此软件，全部安装完后运行docker_run.sh文件报Name or service not konw错误
如图所示:

后面就什么反应都没了

其中docker_run.sh中指定了域名参数
docker run -ti --rm -v pwd/:/root/ auto:latest -d domain.com

请问这是什么情况。

大佬考虑新增漏洞通知吗

大佬能加个漏洞通知吗 tg 微信钉钉都好

使用docker build -t auto .构建时出现错误

你好，我使用docker build -t auto .构建时出现错误

提示这样的错误，我换源和多执行几次还是这样：

Dockerfile:35

34 |
35 | >>> RUN go env -w GOPROXY=https://goproxy.cn,direct
36 | >>> && GO111MODULE=on go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
37 |

ERROR: failed to solve: process "/bin/sh -c go env -w GOPROXY=https://goproxy.cn,direct && GO111MODULE=on go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest" did not complete successfully: exit code: 1

--fu url.txt时报错，请问怎么解决

root:~/Autoscanner# docker run -ti --rm -v pwd/:/root/ autoscanner:latest --fu url.txt
Traceback (most recent call last):
File "main.py", line 25, in
main()
File "main.py", line 20, in main
arguments = ArgumentParser()
File "/root/lib/arguments_parse.py", line 18, in init
self.urlList = get_file_content(options.urls_file)
AttributeError: 'Values' object has no attribute 'urls_file'

构建docker镜像报错

构建镜像报错
#12 187.6 E: Failed to fetch http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_102.0.5005.115-1_amd64.deb Connection failed [IP: 220.181.174.225 80]
#12 187.6 E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

executor failed running [/bin/sh -c ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && apt install -y curl wget python3 python3-pip masscan whatweb nmap tzdata dnsutils google-chrome-stable && pip3 install -r requirements.txt]: exit code: 100

对于子域名对应的IP存在重复扫描的现象

若多个子域名对应同一个IP，则该IP会进行数次端口扫描等任务，影响了扫描效率

可以批量扫描域名吗

执行的时候将域名添加到1.url 系统支持扫描多个域名吗，如果支持，请问使用什么分隔

docker怎么用啊

我下载了tools，但不知道放哪，可以出个详细点的教程嘛

容器镜像构建提示错误

你好，我使用docker build -t auto .构建时出现错误

提示这样的错误，我换源和多执行几次还是这样：
The command '/bin/sh -c go env -w GOPROXY=https://goproxy.cn,direct && GO111MODULE=on go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest' returned a non-zero code: 2

我尝试过在DockerFile文件里面修改这一行，试了好几种方法都不行：
RUN go env -w GOPROXY=https://goproxy.cn,direct
&& GO111MODULE=on go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

感谢指导~

不能批量扫域名了？

作者，现在-f参数貌似不存在了，不能批量扫域名了？

文件一直重复下载，参数是怎么用的？

参数是直接 ./docker_run.sh --d baidu.com

docker搭建容器文件夹permission denied

如题，做后正常使用的就只有osscan这个漏扫，其他都无法使用，百度也没有解决这个问题

请问这个报错什么意思？

我手动下载的百度盘的链接，并且解压为 tools 文件夹，和main.py 在同一个文件夹。
执行 docker build -t auto .
就报这个错误

。

oneforall跑完后，xray、Nuclei未在工作

环境

谷歌云vps、ubuntu18

现象

1、oneforall跑完后，未看到xray在工作；/root/Autoscanner/tools/xray_linux_amd64目录下xray的证书信息、配置文件也不存在
2、Nuclei只跑完www.xxx.com的主域名，进程就结束了
3、日志信息

21:31:35,356 [INFOR] oneforall:253 - Finished OneForAll
Request Progress: 131it [00:42,  3.05it/s]
286

2022-03-18 21:31:35.478 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Oneforall - over
2022-03-18 21:31:35.538 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Bugscanner - start scanning
2022-03-18 21:31:36.613 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Bugscanner - over
2022-03-18 21:31:36.614 | INFO     | lib.Tools:__init__:49 - www.lenovo.com - Nslookup - start scanning
2022-03-18 21:31:42.482 | INFO     | lib.Tools:__init__:56 - www.lenovo.com - Nslookup - over
2022-03-18 21:31:42.488 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - Masscan - start scanning
Error in received packet: No such file or directory
src/rawsock-getif.c:299: read_netlink: 2
FAIL: could not determine default interface
FAIL:... try "--interface ethX"
311

2022-03-18 21:31:42.592 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - Masscan - over
2022-03-18 21:31:42.593 | INFO     | lib.Tools:__init__:49 - /tmp/tmpttz7zu0m - Nmap - start scanning
320

2022-03-18 21:31:59.095 | INFO     | lib.Tools:__init__:56 - /tmp/tmpttz7zu0m - Nmap - over
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
2022-03-18 21:32:09.536 | INFO     | lib.Tools:__init__:49 - 23.59.108.184 - IpLocation - start scanning
2022-03-18 21:32:09.615 | INFO     | lib.Tools:__init__:56 - 23.59.108.184 - IpLocation - over
2022-03-18 21:32:09.616 | INFO     | lib.Tools:__init__:49 -  - Whatweb - start scanning
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
/usr/lib/ruby/vendor_ruby/target.rb:188: warning: URI.escape is obsolete
383

2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:56 -  - Whatweb - over
2022-03-18 21:32:18.629 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Snapshot - start scanning
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Snapshot - over
2022-03-18 21:32:25.103 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Nuclei - start scanning

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.6.3

                projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] nuclei-templates are not installed, installing...
[INF] Successfully downloaded nuclei-templates (v8.9.0) to /root/nuclei-templates. GoodLuck!
[INF] Using Nuclei Engine 2.6.3 (latest)
[INF] Using Nuclei Templates 8.9.0 (latest)
[INF] Templates added in last update: 2
[INF] Templates loaded for scan: 3013
[INF] Templates clustered: 502 (Reduced 461 HTTP Requests)
[INF] Using Interactsh Server: oast.me
485

2022-03-18 21:33:56.049 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Nuclei - over
2022-03-18 21:33:56.050 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Crawlergo - start scanning
724

2022-03-18 21:34:16.972 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Crawlergo - over
2022-03-18 21:34:32.018 | INFO     | lib.Tools:__init__:49 - http://www.lenovo.com:80 - Dirsearch - start scanning
778

2022-03-18 21:35:19.327 | INFO     | lib.Tools:__init__:56 - http://www.lenovo.com:80 - Dirsearch - over
root@instance-2:~/Autoscanner#