101 lines
4.0 KiB
Markdown
101 lines
4.0 KiB
Markdown
# Fuxi-Scanner
|
|
|
|
[](https://www.python.org/)
|
|
[](https://github.com/jeffzh3ng/Fuxi-Scanner/blob/master/LICENSE)
|
|
[](https://github.com/jeffzh3ng/Fuxi-Scanner/stargazers)
|
|
|
|
|
|
### README English | [中文](doc/README.zh.md)
|
|
|
|
Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions.
|
|
|
|
- Vulnerability detection & management
|
|
- Authentication Tester
|
|
- IT asset discovery & management
|
|
- Port scanner
|
|
- Subdomain scanner
|
|
- Acunetix Scanner (Integrate Acunetix API)
|
|
|
|
## Screenshots
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
[Documentation](doc/INSTALL.en.md)
|
|
|
|
## Usage
|
|
|
|
### Vulnerability Scanner
|
|
|
|
The scanner module integrate an open-sourced remote vulnerability testing and PoC development framework - [Pocsuite](https://github.com/knownsec/Pocsuite)
|
|
|
|
Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.
|
|
|
|
You can acquiring PoC scripts from [Seebug community](https://www.seebug.org/)
|
|
|
|
The target can be IP, network segment or URL.
|
|
|
|
|
|
|
|
You can manage plugins in the Plugin Manager modules. The plugin must conform to the [PoC Coding Style](https://github.com/knownsec/Pocsuite/blob/master/docs/CODING.md)
|
|
|
|
|
|
|
|
### Asset Management
|
|
|
|
IT Asset Registration:
|
|
|
|
|
|
|
|
Automatic Service Discovery:
|
|
|
|
|
|
|
|
You can scan the vulnerability by searching and filtering out specific services
|
|
|
|
### Authentication Tester
|
|
|
|
This is an auth tester with [hydra](https://github.com/vanhauser-thc/thc-hydra)
|
|
|
|
Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. (55)
|
|
|
|
|
|
|
|
### Subdomain Scanner
|
|
|
|
It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting
|
|
|
|
You can improved wordlist in settings for finding more subdomains
|
|
|
|
|
|
|
|
|
|
|
|
### Acunetix Scanner
|
|
|
|
This module delivers scanning tasks by integrate Acunetix Web Vulnerability Scanner API
|
|
|
|
|
|
|
|
You can scan multiple websites at the same time
|
|
|
|
### Port Scanner
|
|
|
|
Port scanner allows you to discover which TCP ports are open on your target host.
|
|
|
|
Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system
|
|
|
|
|
|
|
|
### Settings
|
|
|
|
|
|
|
|
## Links
|
|
|
|
- Homepage: [https://fuxi-scanner.com](https://fuxi-scanner.com)
|
|
- Download: [.tar](https://github.com/jeffzh3ng/Fuxi-Scanner/tarball/master) or [.zip](https://github.com/jeffzh3ng/Fuxi-Scanner/zipball/master)
|
|
- E-mail: [jeffzh3ng@gmail.com](mailto:jeffzh3ng@gmail.com)
|
|
- Telegram: [jeffzhang](https://t.me/jeffzhang)
|