59

GitHub - jeffzh3ng/Fuxi-Scanner: Network Security Vulnerability Scanner

 5 years ago
source link: https://github.com/jeffzh3ng/Fuxi-Scanner
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

Fuxi-Scanner

Travis GitHub license GitHub stars

README English | 中文

Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions.

  • Vulnerability detection & management
  • Authentication Tester
  • IT asset discovery & management
  • Port scanner
  • Subdomain scanner
  • Acunetix Scanner (Integrate Acunetix API)

Screenshots

fuxi_dashboard.png

Installation

Documentation

Usage

Vulnerability Scanner

The scanner module integrate an open-sourced remote vulnerability testing and PoC development framework - Pocsuite

Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.

You can acquiring PoC scripts from Seebug community

The target can be IP, network segment or URL.

fuxi_poc_new_scan.png

You can manage plugins in the Plugin Manager modules. The plugin must conform to the PoC Coding Style

fuxi_poc_plugin_management.png

Asset Management

IT Asset Registration:

fuxi_asset_new.png

Automatic Service Discovery:

fuxi_asset_server_search.png

You can scan the vulnerability by searching and filtering out specific services

Authentication Tester

This is an auth tester with hydra

Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. (55)

fuxi_auth_new_scan.png

Subdomain Scanner

It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting

You can improved wordlist in settings for finding more subdomains

fuxi_domain_new_scan.png

fuxi_poc_list.png

Acunetix Scanner

This module delivers scanning tasks by integrate Acunetix Web Vulnerability Scanner API

fuxi_acunetix_new_scan.png

You can scan multiple websites at the same time

Port Scanner

Port scanner allows you to discover which TCP ports are open on your target host.

Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system

fuxi_port_scanner.png

Settings

fuxi_settings.png

Links


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK