1►
Tool introduction
Weak password detection, vulnerability scanning, port scanning (protocol identification, component identification), web directory scanning, sub-domain name scanning, grade protection simulation grading, automated operation and maintenance, grade protection tool (network security level protection on-site evaluation tool) built-in level 3 Classification guarantee verification orders and baseline verification tools.
2►
The main function
Host survival detection, vulnerability scanning, subdomain scanning, port scanning, various service database blasting, POC scanning, XSS scanning, webtitle detection, web fingerprint identification, web sensitive information leakage, web directory browsing, web file download, and other security risks Self-examination of problem risks, etc.; Weak password/unauthorized access: more than 40 types; WEB component identification: more than 300 types; Vulnerability scanning: XSS, arbitrary file access, arbitrary command execution, sensitive information leakage, default account password...; Asset scanning: Scan live hosts -> Determine live ports -> Identify protocols/components -> Scan for weak passwords and vulnerabilities based on component protocols -> Output reports.
3►
Feature preview
Asset/component/vulnerability scanning function preview
WEB directory scanning function preview
Weak password/unauthorized currently supported types
serial number | type | Whether to support | Remark |
---|---|---|---|
1 | SSH | √ | |
2 | RDP | √ | |
3 | FTP | √ | |
4 | MySQL | √ | |
5 | PostgreSQL | √ | |
6 | Redis | √ | |
7 | MSSQL | √ | |
8 | SMB | √ | |
9 | Telnet | √ | |
10 | Tomcat | √ | |
11 | MangoDB | √ | Only verify unauthorized access |
12 | Elasticsearch | √ | Only verify unauthorized access |
13 | oracle | √ | |
14 | ZooKeeper | √ | Only verify unauthorized access |
15 | dubbo | √ | Verify default account only |
16 | nps | √ | Verify default account only |
17 | Druid | √ | Only verify unauthorized access |
18 | activemq | √ | Verify default account only |
20 | couchdb | √ | Only verify unauthorized access |
21 | Hadoop-Administration | √ | Only verify unauthorized access |
22 | ApacheSpark | √ | Only verify unauthorized access |
23 | swagger | √ | Only verify unauthorized access |
24 | Kibana | √ | Only verify unauthorized access |
25 | Kafka Manager | √ | Only verify unauthorized access |
26 | Jenkins | √ | Only verify unauthorized access |
27 | Everything | √ | Only verify unauthorized access |
28 | D-Link Router | √ | Verify default account only |
29 | Nacos | √ | Verify default account only |
30 | HiveServer | √ | Only verify unauthorized access |
31 | DockerRegistry | √ | Only verify unauthorized access |
32 | ApacheStorm | √ | Only verify unauthorized access |
33 | Prometheus | √ | Only verify unauthorized access |
34 | Node-Exporter | √ | Only verify unauthorized access |
35 | ApacheDruid | √ | Only verify unauthorized access |
36 | Zabbix | √ | Verify default account only |
37 | JupyterLab | √ | Only verify unauthorized access |
Asset scanning currently supports functions
serial number | Function | Whether to support | Remark |
---|---|---|---|
1 | Multithreading | √ | The default is 100 concurrency, the number of concurrencies can be specified through -c |
2 | Specify port | √ | Format supports 1,2,3,2-20 |
3 | Specified IP | √ | The format supports 192.168.1.1, 192.168.1.1/24, 192.168.1-10, http://www.baidu.com |
4 | Exclude ports/hosts | √ | |
5 | Detect host survival before scanning | √ | Based on ping, you can pass –noping to skip detection and survive. |
6 | Shuffle the order of hosts | √ | Not scrambled by default, can be scrambled with –random |
7 | Protocol identification | √ | Currently supports common protocols: ssh, redis, https, https, MySQL, pgsql, ftp, etc. |
8 | overtime time | √ | The default is 5 seconds, which can be specified by -t |
9 | Identify web | √ | Currently supports identifying server, title, and ssl certificates |
10 | Save results | √ | The default save is saved to portscan.xlsx |
11 | Host operating system identification | √ | based on ttl |
12 | Component identification | √ | Currently commonly used 300+ |
13 | Automatically scan for weak passwords | √ | rdp, ssh, redis, mysql, oracle, es, telnet, pgsql and other 40 types |
14 | Web automatically scans xss | √ | |
15 | Automatic web scanning for vulnerabilities | √ | Scan POC, unauthorized access, directory leakage |
16 | Quick scan format | √ | Supported formats: https://192.168.1.1:9090, http://192.168.1.1:9090, 192.168.1.1:9090/login/index.php |
17 | sql injection scan | √ | |
Web directory scanning currently supports functions
serial number | Function | Whether to support | Remark |
---|---|---|---|
1 | Multithreading | √ | The default is 30 concurrency |
2 | Custom status code | √ | Default is 200 |
3 | proxy mode | √ | http/s、socks |
4 | Return title | √ | |
5 | Timeout waiting often | √ | Default is 3 seconds |
6 | loop wait | √ | Default is unlimited |
7 | built-in url | √ | 3W+ |
8 | Custom User-Agent | √ | |
9 | Retransmission | ||
10 | reptile | ||
11 | Save results | √ | Save to dirScan.json |
12 | Built-in dictionary | √ | 3W directory paths |
13 | Identify directory browsing | √ | |
14 | Identify sensitive information leaks | √ | |
15 | Identification file download | √ | |
16 | xss scan | √ | |
17 | Component identification | √ | Currently commonly used 300+ |
Currently supported types of automated assessment
serial number | type | Whether to support | Remark |
---|---|---|---|
1 | Centos | √ | Run remotely or locally via SSH |
2 | Windows | √ | Run locally |
3 | Redis | √ | Run remotely or locally |
4 | PostgreSQL | √ | Run remotely or locally |
5 | Oracle | √ | Run remotely or locally |
6 | MSSQL | √ | Run remotely or locally |
7 | H3C | √ | SSH remote |
8 | Huawei | √ | SSH remote |
9 | AIX | √ | Customizable commands are not built in |
10 | Ubuntu | √ | Customizable commands are not built in |
11 | MongoDB | ||
12 | Elasticsearch | ||
Common startup parameters
golin web (通过web方式启动,仅支持等保功能) golin port (自动读取本地网卡IP地址段进行扫描,过滤虚拟网卡地址段) golin port -i 192.168.1.1/24 (扫描c段端口并扫描弱口令、xss、poc漏洞) golin port -i 192.168.1.1/24 --ipfile ip.txt (扫描指定IP段的同时扫描ip.txt文件中的主机,默认读取ip.txt,目录下如果存在不使用--ipfile也会读取) golin port -i 192.168.1.1:8080 (快速扫描某一主机的特定端口) golin port -i 192.168.1.1/24 -c 1000 -t 10(仅扫描c段端口并设置并发数为1000,端口连接超时为10秒) golin port -i 192.168.1.1/24 --noping --nocrack --random(扫描c段端口但不探测存活不扫描弱口令,并且打乱主机顺序扫描) golin port -i 192.168.1.1/24 --nopoc(扫描c段端口但禁用扫描漏洞) golin dirsearch -u https://test.com -f 字典.txt --code 200,404 (扫描状态码为200以及404的web目录) golin domain -u baidu.com --api (扫描子域名,并且调用fofa、RapidDNS的API) golin [linux、mysql、oracle、sqlserver、redis、windows...] (按照3级等保要求核查各项安全配置生成html形式报告) golin update (检查是否可更新)
` How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.