GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 1in9e → gosint

1in9e / gosint

Licence: other
Gosint is a distributed asset information collection and vulnerability scanning platform

Programming Languages

javascript
184084 projects - #8 most used programming language
CSS
56736 projects
python
139335 projects - #7 most used programming language
HTML
75241 projects
Less
1899 projects
shell
77523 projects

Labels

osintbugbountyinformation-securityinformation-gatheringsecurity-tools

Projects that are alternatives of or similar to gosint

Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (+63.95%)
Mutual labels:  osint, bugbounty, information-gathering
Pdlist
A passive subdomain finder
Stars: ✭ 204 (-40.7%)
Mutual labels:  osint, bugbounty, information-gathering
Scylla
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Stars: ✭ 154 (-55.23%)
Mutual labels:  osint, information-security, information-gathering
Scylla
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Stars: ✭ 424 (+23.26%)
Mutual labels:  osint, information-security, information-gathering
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+885.76%)
Mutual labels:  osint, bugbounty, information-gathering
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+899.71%)
Mutual labels:  osint, bugbounty, information-gathering
recce
Domain availbility checker
Stars: ✭ 30 (-91.28%)
Mutual labels:  bugbounty, information-security, information-gathering
Oneforall
OneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+1121.51%)
Mutual labels:  osint, bugbounty, information-gathering
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+2510.76%)
Mutual labels:  osint, bugbounty, information-gathering
Onionsearch
OnionSearch is a script that scrapes urls on different .onion search engines.
Stars: ✭ 135 (-60.76%)
Mutual labels:  osint, information-gathering
Osint Tools
👀 Some of my favorite OSINT tools.
Stars: ✭ 155 (-54.94%)
Mutual labels:  osint, information-gathering
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-50.87%)
Mutual labels:  osint, bugbounty
Asnip
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Stars: ✭ 126 (-63.37%)
Mutual labels:  osint, bugbounty
Giggity
Wraps github api for openly available information about an organization, user, or repo
Stars: ✭ 111 (-67.73%)
Mutual labels:  osint, information-security
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-68.6%)
Mutual labels:  osint, information-security
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+640.7%)
Mutual labels:  osint, information-gathering
Deadtrap
An OSINT tool to gather information about the real owner of a phone number
Stars: ✭ 73 (-78.78%)
Mutual labels:  osint, information-gathering
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+572.09%)
Mutual labels:  osint, information-gathering
Contact.sh
An OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-37.21%)
Mutual labels:  osint, bugbounty
Moriarty Project
This tool gives information about the phone number that you entered.
Stars: ✭ 223 (-35.17%)
Mutual labels:  osint, information-gathering
View All Similar Projects ➔

gosint

Build Status simpleui python

简介

在开始使用之前,请务必阅读并同意免责声明中的条款,否则请勿下载安装使用本系统。

gosint, srchunter全新出发, 一款分布式资产信息收集与管理和漏洞扫描工具

    1. 实现原理简单,可根据个人挖洞经验进行扩展
    2. 支持分布式部署,取决于你的财力(主机数量多少);客户端可部署于vps/pc/laptop...
    3. docker一键化部署
    4. 漏洞实时通知
    5. 扫描引擎可自定义

原理

info

Usage

使用前须知

扫描插件中使用了一些优秀的工具,其中部分工具所需license、接口api token等需自行添加

xray高级版license

将xray-license.lic分别添加到如下位置即可:(xray配置文件需自行配置/如reverse等)

gosint/client/subdomain_scan/xray_subdomain/tools/
gosint/client/vuln_scan/rad2xray/tools/

Client Config

  • C段存活/端口依赖于fofa,需配置fofa api
  • 域名CNAME黑名单
gosint/client/config.yaml

通知

支持邮件/企业微信机器人提醒通知功能,其他可通过libs/common.py扩展

更改django配置文件中邮件及企业微信机器人token即可实现机器人通知功能

其他Tools配置项请自行配置

...

生产环境版

注意:请在生产环境下替换为强密码

默认情况下,gosint中间件所使用账号密码分别为gosintuser、gosintpass
# 中间件账号密码需替换文件:(建议全局关键字搜索替换)
gosint/docker-compose.yml
gosint/client/docker-compose.yml
gosint/gosint/setting-prod.py
gosint/supervisor/supervisord.conf

# Web应用账号密码需替换文件:(Web应用账号密码默认分别为gosint、gosint)
gosint/docker-entrypoint.sh: 如下分别对应用户名、邮箱、密码,改为自己的即可
python manage.py shell -c "from django.contrib.auth.models import User; User.objects.create_superuser('gosint', '[email protected]', 'gosint') if not User.objects.filter(username='gosint').exists() else 0"
关于celery监控

新版本默认开启,需在gosint/setting-prod.py 252行ip改为自己服务器ip即可:

'url': 'http://127.0.0.1:5555/goflower/',

celery监控暂时采用flower的形式,通过nginx开放了5555端口到外部,故设置了账号密码认证,此处建议修改为强口令, 默认口令为:go gosint,

详见gosint/supervisor/supervisord.conf (line 38)

command=celery flower --broker=amqp://gosintuser:gosintpass@rabbitmq:5672/gosint -A gosint --url_prefix=goflower --basic_auth=go:gosint

单一服务器部署

生产环境搭建,采取docker化部署的方案

服务器需安装docker / docker-compose, 请自行安装

cd gosint/
docker-compose up -d --build

! 为了避免xray webhook被人恶意塞数据,建议对webhook url path进行修改,直接改如下两处即可:

gosint/apps/dashboard/urls.py
gosint/client/docker-entrypoint.sh

分布式部署

分布式部署依赖于celery的任务调度,通过Celery Broker将任务分发到不同的客户端,调度work再通过Celery Backend异步获取执行后的结果,本应用分别采用了RabbitMQ、Redis作为broker、backend,所以需要确保服务端相应端口开放

服务端
cd gosint/
docker-compose up -d --build
客户端(可部署多个)

客户端位于gosint/client目录, 单独讲client上传至客户端VPS即可,无需拷贝服务端代码

某一个节点开启哪些扫描功能通过client/config.ini配置, 扫描插件列表如下:

# true or false对应相应的扫描插件是否启用
subfinder=true
ksubdomain=true
xray_subdomain=true
certip=false
# domaininfo=true
httpx=true
naabu=true
port_api=true
fileleak=true
jsfinder=true
nuclei=true
rad2xray=true
redfinger=true

客户端节点开启方式:

cd client/
# 插件选用控制
vim config.ini
# 更改服务端IP
vim docker-compose.yml 
# 开启节点
docker-compose up -d --build

需注意,客户端docker-compose.yml中需要修改服务端地址:

  • BROKER
  • BACKEND
  • SERVER_URL (用于xray webhook接收)

本地开发调试版

需要分别部署Web服务端、Celery Servicer端及Client端及redis. 注意调试模式"debug"下客户端执行Mac可执行文件,Windows需自行下载客户端可执行文件,并修改相应位置代码

Web服务端

pip3 install -r requirements.txt
# Django
python3 manage.py migrate
python3 manage.py runserver

Server端

# 当前位置下执行
python3 -m celery -A gosint  worker -Q server -n server -l info

Client端

需要到./client/下各个客户端目录中执行相应Celery,将其中的docker-entrypoint.sh用python3执行即可

# 例如fileleak
python3 -m celery -A fileleak worker -l info -Q fileleak

Redis

建议docker一键启动

docker run -it -d -p 6379:6379 redis redis-server

Pycharm开发环境

# mac 设置python3虚拟环境
cd ~
virtualenv  -p /usr/bin/python3  py3env
# 终端进入py3env虚拟环境
source ~/py3env/bin/activate

节点任务监控

gosint可采用Celery flower对节点任务进行监控

生产环境开启监控

开启服务端docker前修改如下文件配置自启动即可 gosint/supervisor/supervisord.conf

[program:flower]
...
autostart=true

对应生产环境的节点任务监控,也可以在本地计算机运行如下命令即可在本地进行监控

# flower 本地监控
celery flower --broker=amqp://gosintuser:[email protected]:25672/gosint

本地开发调试环境启动任务监控

celery flower -A gosint

预览

Version

V1.0.2

  • 更新说明部分issue反馈问题

V1.0.1

  • 更新部分issue反馈问题
    • client无限重启问题
    • celery监控默认未开启问题
    • README修改用户名密码强提示问题
  • fix issue:

V1.0.0

  • open source
  • from gosint_priv to gosint

TODO

  • 主机扫描
  • 优化过程

Thanks

  1. gosint参考了许多优秀的开源项目,它们包括但不限于:
  2. gosint banner及logo图设计来自于我的女朋友
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].