banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

FuzzScanner is a toolkit for information gathering.

#工具89
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
FuzzScanner is a tool used for information gathering, specifically for collecting information on website subdomains, open ports, port fingerprints, C-class addresses, sensitive directories, and link crawling. It is designed to quickly collect website information and is useful for vulnerability exploration. The tool was developed to streamline the process of discovering subdomains, scanning ports, and scanning directories for large-scale targets. It is easy to install and use, and supports various scanning options such as domain scanning, web fingerprinting, directory scanning, and C-class scanning. FuzzScanner is available on GitHub.

Tool Introduction

A toolset for information gathering, mainly used for batch collection of website subdomains, open ports, port fingerprints, C-class addresses, sensitive directories, link crawling, and other information.

fuzzScanner can be used for batch and rapid collection of website information, allowing for faster discovery of other ports, applications, or website management backends than others. It is also suitable for preliminary information gathering for src vulnerability mining.

The initial development intention was relatively simple. At that time, I was participating in some attack and defense exercises and needed to quickly discover subdomains, scan ports, and scan directories of target websites. I had some scattered tools at hand, such as lijiejie's subdomains, subdomain digger, dirsearch, etc. However, when the target workload is large, these repetitive tasks can be time-consuming and laborious. Therefore, I created this collection of eighteen killing weapons in one, the "super weapon" - fuzzScanner.

Installation

The platform development and operation are both in a Linux environment. Windows has not been tested. Tools such as wydomain, WhatWeb, subDomainsBrute, dirsearch, wafw00f, etc. are all placed in the libs directory and can be directly called by default.

The usage is relatively simple:

  1. Download from GitHub:
    git clone https://github.com/TideSec/FuzzScanner

  2. Install the dependencies in requirements.txt:
    pip install -r requirements.txt

  3. Install Ruby environment to run WhatWeb:
    sudo yum install ruby (for CentOS, Fedora, or RHEL systems)
    sudo apt-get install ruby-full (for Debian or Ubuntu systems)

  4. Install nmap:
    yum install nmap (for CentOS, Fedora, or RHEL systems)
    apt-get install nmap (for Debian or Ubuntu systems)

  5. Run the script. Since calling nmap requires root permissions, sudo is required:
    sudo python FuzzScanner.py

Tool Usage

The usage is relatively simple, with parameter settings explained.

  • python FuzzScanner.py -hc target.com: Domain, web fingerprinting, directory scanning, and C scanning for a single target website.

  • python FuzzScanner.py -Hc vuln_domains.txt: Domain, web fingerprinting, directory scanning, and C scanning for one or more target websites read from a file.

  • python FuzzScanner.py -hca target.com: Domain, web fingerprinting, directory scanning, C scanning, and full port scanning for a single target website.

  • python FuzzScanner.py -Hca vuln_domains.txt: Domain, web fingerprinting, directory scanning, C scanning, and full port scanning for one or more target websites read from a file.

  • python FuzzScanner.py -h target.com: Domain, web fingerprinting, and directory scanning for a single target website.

  • python FuzzScanner.py -H vuln_domains.txt: Domain, web fingerprinting, and directory scanning for one or more target websites read from a file.

  • python FuzzScanner.py -c 192.168.1.1: C scanning for a single IP address.

  • python FuzzScanner.py -cd 192.168.1.1: C scanning and directory enumeration for a single IP address.

  • python FuzzScanner.py -C vuln_ip.txt: C scanning for one or more target IP addresses read from a file.

  • python FuzzScanner.py -Cd vuln_ip.txt: C scanning and directory enumeration for one or more target IP addresses read from a file.

  • python FuzzScanner.py -ca 192.168.1.1: C scanning and full port scanning for a single IP address.

  • python FuzzScanner.py -Ca vuln_ip.txt: C scanning and full port scanning for one or more target IP addresses read from a file.

Notes

  1. When scanning C-class addresses, if full port scanning is selected, the speed may be slower, but there may be surprises. It is suitable for running on a server.

  2. If directory enumeration is selected, the speed may also be slower. Directory enumeration directly uses dirsearch and will call dirsearch when a web service is found on a certain port.

Project Address:

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.