GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ps1dr3x → lachesis

ps1dr3x / lachesis

Licence: GPL-3.0 License
👨‍💻 A work-in-progress web services mass scanner written in Rust

Programming Languages

rust
11053 projects
javascript
184084 projects - #8 most used programming language
HTML
75241 projects

Labels

webservicescannervulnerabilitymassmasscan

Projects that are alternatives of or similar to lachesis

Whour
Tool for information gathering, IPReverse, AdminFInder, DNS, WHOIS, SQLi Scanner with google.
Stars: ✭ 18 (-67.27%)
Mutual labels:  scanner, vulnerability
Shellshockhunter
It's a simple tool for test vulnerability shellshock
Stars: ✭ 52 (-5.45%)
Mutual labels:  scanner, vulnerability
V3n0m Scanner
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+1440%)
Mutual labels:  scanner, vulnerability
Iblessing
iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (+492.73%)
Mutual labels:  scanner, vulnerability
porteye
Detect alive host and open port .
Stars: ✭ 17 (-69.09%)
Mutual labels:  scanner, masscan
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+650.91%)
Mutual labels:  scanner, vulnerability
Openvas Scanner
Open Vulnerability Assessment Scanner - Scanner for Greenbone Vulnerability Management (GVM)
Stars: ✭ 1,056 (+1820%)
Mutual labels:  scanner, vulnerability
NSE-scripts
NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (+90.91%)
Mutual labels:  scanner, vulnerability
aemscan
Adobe Experience Manager Vulnerability Scanner
Stars: ✭ 161 (+192.73%)
Mutual labels:  scanner, vulnerability
Burp Retire Js
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
Stars: ✭ 157 (+185.45%)
Mutual labels:  scanner, vulnerability
Api
Vulners Python API wrapper
Stars: ✭ 313 (+469.09%)
Mutual labels:  scanner, vulnerability
MassVulScan
Bash script which quickly identifies open network ports and any associated vulnerabilities / Script Bash qui permet d'identifier rapidement les ports réseaux ouverts et les éventuelles vulnérabilités associées.
Stars: ✭ 56 (+1.82%)
Mutual labels:  scanner, masscan
Droid Hunter
(deprecated) Android application vulnerability analysis and Android pentest tool
Stars: ✭ 256 (+365.45%)
Mutual labels:  scanner, vulnerability
A2sv
Auto Scanning to SSL Vulnerability
Stars: ✭ 524 (+852.73%)
Mutual labels:  scanner, vulnerability
mondoo
🕵️‍♀️ Mondoo Cloud-Native Security & Vulnerability Risk Management
Stars: ✭ 60 (+9.09%)
Mutual labels:  scanner, vulnerability
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+1512.73%)
Mutual labels:  scanner, vulnerability
log4shell-finder
Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.
Stars: ✭ 22 (-60%)
Mutual labels:  scanner, vulnerability
log4jscanwin
Log4j Vulnerability Scanner for Windows
Stars: ✭ 142 (+158.18%)
Mutual labels:  scanner, vulnerability
Not Your Average Web Crawler
A web crawler (for bug hunting) that gathers more than you can imagine.
Stars: ✭ 107 (+94.55%)
Mutual labels:  scanner, vulnerability
vulnscan
A static binary vulnerability scanner
Stars: ✭ 47 (-14.55%)
Mutual labels:  scanner, vulnerability
View All Similar Projects ➔

Lachesis

Lachesis is a work in progress web services mass scanner written in Rust.

This project was born as a test of the Rust's networking (and asynchronous I/O) performance, but later expanded with the intention of creating a sort of "little personal Shodan", an open scanner that collects statistical data on web services and exposes the outdated, vulnerable or misconfigured services publicly accessible around the web.

-------------8<-------------
.          .                 
|  ,-. ,-. |-. ,-. ,-. . ,-. 
|  ,-| |   | | |-' `-. | `-. 
`' `-^ `-' ' ' `-' `-' ' `-'
                      v0.3.0
-------------8<-------------


Lachesis v0.3.0
Michele Federici (@ps1dr3x) <[email protected]>

USAGE:
    lachesis [FLAGS] [OPTIONS] --dataset <FILE> --subnet <SUBNET>... --web-ui

FLAGS:
    -v, --debug      Print debug messages
    -h, --help       Prints help information
    -V, --version    Prints version information
    -w, --web-ui     Serve a web app (and a basic API) to visualize/explore collected data
                      

OPTIONS:
    -D, --dataset <FILE>                   The full path of the DNS dataset used for the requests. The accepted format
                                           is:
                                           
                                           {"name":"example.com","type":"a","value":"93.184.216.34"}
                                           {"name":"example.net","type":"a","value":"93.184.216.34"}
                                           {"name":"example.org","type":"a","value":"93.184.216.34"}
                                           
                                           An example of a compatible dataset is the forward DNS dataset by Rapid7
                                           (https://opendata.rapid7.com/sonar.fdns_v2/)
                                            
    -d, --def <FILE>...                    Default: all the files in resources/definitions
                                            
                                           Multiple definitions can be selected (eg. --def wordpress --def vnc)
                                           Accepted formats are:
                                             File name with or without extension (eg. vnc.json or vnc). The json file
                                           will be searched in directory resources/definitions/
                                             Full/relative path to file (eg. resources/definitions/vnc.json or
                                           /casual_path/mydef.json)
                                              
    -e, --exclude-def <FILE>...            If all the existing definitions are selected (no -d/--def values provided) is
                                           possible to exclude some of them using this argument.
                                           Accepted formats are:
                                             File name with or without extension (eg. vnc.json or vnc)
                                              
    -c, --max-concurrent-requests <NUM>    Sets a maximum number of concurrent requests
                                            [default: 0]
    -m, --max-targets <NUM>                Sets a maximum limit of targets
                                            
    -t, --req-timeout <NUM>                Sets a maximum timeout for each request (seconds)
                                            [default: 10]
    -S, --subnet <SUBNET>...               Scan one or more subnets
                                            
    -u, --user-agent <STRING>              Sets a custom user agent (http/https)
                                            [default: lachesis/0.3.0]

Roadmap / TODOs

  • Optimise https, http and tcp requests, async/concurrency management and minimize overheads (e.g. SYN scan for ports, rustls instead of openssl)
  • Add definitions and scan options (e.g. request methods, payloads, paths)
  • Plugin system/API to expand or integrate the scanner's capabilities
  • Additional information gathering on the known hosts (e.g. further scan after specific findings, periodic checks)
  • Improve the web API and the Web UI (a geo map showing the findings would be nice)
  • A more structured "agent mode" for continuous scanning

Build from source

Dependencies

  • Rust: Can be compiled using an updated stable version
  • Node.js, Npm: Needed for the Web UI (front end) part
  • On Linux and BSD based OS:
    • pkg-config (pkg-config on deb, pkg-config/pkgconfig/pkgconf-pkg-config on rpm)
    • libssl (libssl-dev on deb, openssl-devel on rpm)
  • Docker, Docker Compose: Needed for running the tests (test db)

Compile and run (development)

Web UI

If you don't intend to work on the Web UI (front end) part, you can do this only once. If you don't intend to use the Web UI, this can be skipped.

npm install
npm run build # or npm run watch

Lachesis

cargo run -- --help

Production build (Web UI + Lachesis)

./scripts/build-release.sh

Tests

docker-compose up -d
cargo test

Troubleshooting

"Too many open files" error

Some Linux distributions are pre-configured with a low limit on the number of maximum opened files. Depending on the number of concurrent requests and other factors, that limit might be reached, crashing the software.

The limits can usually be increased in the following files. This is only an example, depending on the machine configuration and overall load they can be set higher or lower, only for a user or only for root.

  • PAM (/etc/security/limits.conf) 
    * - nofile 99999 # or username - nofile 99999
root soft nofile 99999
root hard nofile 99999
  • Systemd (/etc/systemd/user.conf and /etc/systemd/system.conf) 
    DefaultLimitNOFILE=99999

Note: to make sure the modification is effective, a reboot is recommended. The current limits can be checked using the commands:

ulimit -Hn #hard
ulimit -Sn #soft
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].