banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

FuzzScanner is a toolkit for information gathering.

#工具88
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
FuzzScanner is a tool used for information gathering, specifically for collecting information on website subdomains, open ports, port fingerprints, C-class addresses, sensitive directories, and link crawling. It is designed to quickly collect website information and is useful for vulnerability detection. The tool was developed to streamline the process of discovering subdomains, scanning ports, and enumerating directories for large-scale targets. FuzzScanner can be installed on Linux platforms and requires the installation of certain dependencies. It can be used to scan single or multiple target websites, perform subdomain enumeration, web fingerprinting, directory enumeration, and C-class scanning. The tool also supports full port scanning and can be used to scan IP addresses. However, full port scanning and directory enumeration may slow down the scanning process. The FuzzScanner tool is available on GitHub.

Tool Introduction

A toolset for information gathering, mainly used for batch collection of website subdomains, open ports, port fingerprints, C-class addresses, sensitive directories, link crawling, and other information.

fuzzScanner can be used for batch and rapid collection of website information, allowing for faster discovery of other ports, applications, or website management backends than others. It is also suitable for preliminary information gathering for src vulnerability mining.

The initial development intention was relatively simple. At that time, I was participating in some attack and defense exercises and needed to quickly discover subdomains, scan ports, and scan directories of target websites. I had some scattered tools at hand, such as lijiejie's subdomains, subdomain digger, dirsearch, etc. However, when the target workload is large, these repetitive tasks can be time-consuming and laborious. Therefore, this collection of eighteen killing weapons in one, the "super weapon" - fuzzScanner, was created.
Installation

The platform development and operation are both in a Linux environment. Windows has not been tested. Tools such as wydomain, WhatWeb, subDomainsBrute, dirsearch, wafw00f, etc. are all placed in the libs directory and can be directly called by default.

The usage is relatively simple:

Download from GitHub

git clone https://github.com/TideSec/FuzzScanner

Install the dependencies in requirements.txt

pip install -r requirements.txt

Install Ruby environment to run whatweb

sudo yum install ruby # CentOS, Fedora, or RHEL system
sudo apt-get install ruby-full # Debian or Ubuntu system

Install nmap

yum install nmap # CentOS, Fedora, or RHEL system
apt-get install nmap # Debian or Ubuntu system

Run the script, as calling nmap requires root privileges, so sudo is required.

sudo python FuzzScanner.py

Tool Usage

The usage is relatively simple, with parameter setting instructions.

python FuzzScanner.py -hc target.com --> domain && web finger && Dir scan && C scan

Set a single target website, enumerate subdomains && recognize web fingerprints && enumerate directories && scan C-class addresses

python FuzzScanner.py -Hc vuln_domains.txt --> domain && web finger && Dir scan && C scan

Read a single or multiple target websites from a file, enumerate subdomains && recognize web fingerprints && enumerate directories && scan C-class addresses

python FuzzScanner.py -hca target.com --> domain && web finger && Dir scan && C scan && C allport

Set a single target website, enumerate subdomains && recognize web fingerprints && enumerate directories && scan all ports in C-class

python FuzzScanner.py -Hca vuln_domains.txt --> domain && web finger && Dir scan && C scan && C allport

Read a single or multiple target websites from a file, enumerate subdomains && recognize web fingerprints && enumerate directories && scan all ports in C-class

python FuzzScanner.py -h target.com --> domain && web finger && Dir scan

Set a single target website, enumerate subdomains && recognize web fingerprints && enumerate directories

python FuzzScanner.py -H vuln_domains.txt --> domain && web finger && Dir scan

Read a single or multiple target websites from a file, enumerate subdomains && recognize web fingerprints && enumerate directories

python FuzzScanner.py -c 192.168.1.1 --> C scan

Set a single IP, perform C-class address detection

python FuzzScanner.py -cd 192.168.1.1 --> C scan && Dir scan

Set a single IP, perform C-class address detection and enumerate web services directories

python FuzzScanner.py -C vuln_ip.txt --> C scan

Read a single or multiple target IP addresses from a file, perform C-class address detection

python FuzzScanner.py -Cd vuln_ip.txt --> C scan && Dir scan

Read a single or multiple target IP addresses from a file, perform C-class address detection and enumerate web services directories

python FuzzScanner.py -ca 192.168.1.1 --> C scan && C allport

Set a single IP, perform C-class address detection and scan all ports

python FuzzScanner.py -Ca vuln_ip.txt --> C scan && C allport

Read a single or multiple target IP addresses from a file, perform C-class address detection and scan all ports

Notes

  1. When scanning the C-class, if full port scanning is selected, the speed will be slower, but there may be surprises. It is suitable for running on a server.

  2. If directory enumeration is selected, the speed may also be slower. Directory enumeration directly uses dirsearch. After enabling this function, when a web service is found on a certain port, dirsearch will be called.

Project Address:

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.