AssassinGo
AssassinGo is an extensible and concurrency information gathering and vulnerability scanning framework, with WebSocket based Web GUI.
Just for learn, welcome PR.
Features
- Retrieve Security Headers
- Bypass CloudFlare
- Detect CMS Version
- Honeypot Detect
- Port Scan
- Trace Route and Mark on Google Map
- Subdomain Scan
- Dir Scan and Site Map
- Whois Lookup
- Crawl the Paramed URLs
- Basic SQLi Check
- Basic XSS Check
- Intruder
- SSH Bruter
- Google-Hacking with Headless-Chrome
- Friendly PoC Interface
- Web GUI(using WebSocket)
- Generate Report
Installation
localhost
git clone https://github.com/AmyangXYZ/AssassinGo
cd AssassinGo
docker-compose up --build -d
cat backup.sql | docker exec -i assassingo_mariadb_1 /usr/bin/mysql -uag --password=password ag
Then visit http://127.0.0.1:8000 and login as admin:admin
VPS
If you want to deploy on your VPS, please clone the Frontend and modify the base_url
of AJAX and WebSocket, then run npm run build
and copy the output to web/
directory as deploy.sh says.
Remember to add your google-map key in index.html
.
Demo
Outline Design
I choose Composite Pattern to increase expansibility.
API
AJAX
Path |
Method |
Func |
Params |
Return |
/token |
POST |
sign in |
username=admin&password=adminn |
{SG_Token:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1M…W4ifQ.qY-k5f54CrQ6_dNdjgQgqjh5xS8iFZOjTLcfMfirY0w" (stored in cookie)} |
/api/target |
POST |
set a target |
target=xxx OR targets=t1,t2... |
nil |
/api/info/basic |
GET |
get ip and retrieve security headers |
nil |
{data:{"ip": "192.168.1.1", "webserver": "nginx","click_jacking_protection":true,"content_security_policy":false,"strict_transport_security":false,"x_content_type_options":true} |
/api/info/bypasscf |
GET |
find real ip behind cloudflare |
nil |
{"real_ip":"123.123.123.123"} |
/api/info/cms |
GET |
detect cms |
nil |
{data:{"cms": "wordpress"}} |
/api/info/honeypot |
GET |
get ip and webserver |
nil |
{data:{"score": "0.3"}} |
/api/info/whois |
GET |
whois |
nil |
{data:{"domain":"example.com","registrar_name":"alibaba", "admin_name":"xiaoming", "admin_email":"[email protected]", "admin_phone":"+86.12312345678", "created_date":"2016-07-28T12:57:53.0Z","expiration_date":"2018-07-28T12:57:53.0Z", "ns":"dns9.hichina.com", "state":"clienttransferprohibited"}} |
/api/poc |
GET |
get poc list |
nil |
{data:{"poc_list":["drupal-rce":{"id":"CVE-2017-7602","ty## pe":"remote code execution","text":"biubiubiu","platform## ":"php","data":"2018-04-25",## "reference":"https://cve.mitre.org/cgi-## bin/cvename.cgi?name=CVE-2018-7602"},"seacms-v654-rce"]## }} |
/api/poc/:poc |
GET |
run the specified poc |
nil |
{data:{"host": "example.com", "exploitable":"true"}} |
WebSocket
Path |
Func |
Params |
Return |
/ws/info/port |
port scan |
nil |
{"port": "80", "service": "http"} |
/ws/info/tracert |
trace route and mark on google map |
nil |
{"ttl": 1, "addr": 192.168.1.1, "elapsed_time": 22720440, "country": China, "lat": 34.2583,"long": 116.1614} |
/ws/info/subdomain |
enmu subdomain |
nil |
{"subdomain":"earth.google.com"} |
/ws/info/dirb |
brute force dir |
{"concurrency":20, "dict":"php"}; {"stop":1} |
{"path": "admin.php", "resp_status": 200, "resp_len": 110} |
/ws/attack/crawl |
crawl paramed urls |
{"max_depth": 4} |
{"url": "example.com/?id=1"} |
/ws/attack/sqli |
check sqli |
nil |
{"sqli_url": "example.com/?id=1} |
/ws/attack/xss |
check xss |
nil |
{"xss_url": "example.com/?id=1} |
/ws/attack/intrude |
brute force |
{"header": "GET / HTTP/1.1 ...", "payload": "p1,p2...", "concurrency": "10"}; {"stop":1} |
{"payload": 1, "resp_status": 200, "resp_len": 110} |
/ws/attack/ssh |
brute force ssh |
{"port":"22",, "concurrency":40} |
{"user":"root","passwd":"biubiubiu"} |
/ws/seek |
seek targets |
{"query": "biu", "se": "bing/google", "max_page": 10} |
{"urls": urls} |
/ws/poc/:poc |
run poc |
{concurrency:10} |
{"exploitable_host": "example.com"} |
License
MIT