Skip to content
/ LadonGo Public
forked from k8gege/LadonGo

LadonGO 4.0 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。

k8gege.org/Ladon

License

MIT license
0 stars 304 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

1f3lse/LadonGo

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits
color
color
 
 
dcom
dcom
 
 
dic
dic
 
 
example
example
 
 
exp
exp
 
 
ftp
ftp
 
 
goftp
goftp
 
 
http
http
 
 
icmp
icmp
 
 
img
img
 
 
info
info
 
 
logger
logger
 
 
mongodb
mongodb
 
 
mssql
mssql
 
 
mysql
mysql
 
 
nbt
nbt
 
 
oracle
oracle
 
 
ping
ping
 
 
port
port
 
 
redis
redis
 
 
rexec
rexec
 
 
routeros
routeros
 
 
smb
smb
 
 
snmp
snmp
 
 
ssh
ssh
 
 
str
str
 
 
t3
t3
 
 
tcp
tcp
 
 
vul
vul
 
 
winrm
winrm
 
 
worker
worker
 
 
401SCAN.Log
401SCAN.Log
 
 
FTPSCAN.Log
FTPSCAN.Log
 
 
LICENSE
LICENSE
 
 
Ladon.go
Ladon.go
 
 
MSSQLSCAN.Log
MSSQLSCAN.Log
 
 
MYSQLSCAN.Log
MYSQLSCAN.Log
 
 
Makefile
Makefile
 
 
ORACLESCAN.Log
ORACLESCAN.Log
 
 
README.md
README.md
 
 
REDISSCAN.Log
REDISSCAN.Log
 
 
ROUTEROSSCAN.Log
ROUTEROSSCAN.Log
 
 
SMBSCAN.Log
SMBSCAN.Log
 
 
SQLPLUSSCAN.Log
SQLPLUSSCAN.Log
 
 
SSHSCAN.Log
SSHSCAN.Log
 
 
WINRMSCAN.Log
WINRMSCAN.Log
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
install.go
install.go
 
 
ip.txt
ip.txt
 
 
ip24.txt
ip24.txt
 
 
pass.txt
pass.txt
 
 
port.log
port.log
 
 
update.txt
update.txt
 
 
url.txt
url.txt
 
 
user.txt
user.txt
 
 
userpass.txt
userpass.txt
 
 

Repository files navigation

Ladon Scanner For Golang

Wiki

http://k8gege.org/Ladon/LadonGo.html

Author Ladon Bin GitHub issues Github Stars GitHub forks GitHub license Downloads

简介

LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。4.0版本包含37个功能,高危漏洞检测MS17010、SmbGhost,远程执行SshCmd、WinrmCmd、PhpShell、JspShell、GoWebShell、L,12种协议密码爆破Smb/Ssh/Ftp/Mysql/Mssql/Oracle/Sqlplus/Winrm/HttpBasic/Redis/MongoDB/RouterOS,存活探测/信息收集/指纹识别NbtInfo、OnlinePC、Ping、Icmp、SnmpScan,HttpBanner、HttpTitle、TcpBanner、WeblogicScan、OxidScan,端口扫描/服务探测PortScan,正向Socks5代理。

开发环境

OS: Kali 2019 X64
IDE: Mousepad
Go: 1.13 Linux

功能模块

Detection

. .
OnlinePC (Using ICMP/SNMP/Ping detect Online hosts)
PingScan (Using system ping to detect Online hosts)
IcmpScan (Using ICMP Protocol to detect Online hosts)
SnmpScan (Using Snmp Protocol to detect Online hosts)
HttpBanner (Using HTTP Protocol Scan Web Banner)
HttpTitle (Using HTTP protocol Scan Web titles)
T3Scan (Using T3 Protocol Scan Weblogic hosts)
PortScan (Scan hosts open ports using TCP protocol)
TcpBanner (Scan hosts open ports using TCP protocol)
OxidScan (Using dcom Protocol enumeration network interfaces)
NbtInfo (Scan hosts open ports using NBT protocol)

VulDetection

. .
MS17010 (Using SMB Protocol to detect MS17010 hosts)
SmbGhost (Using SMB Protocol to detect SmbGhost hosts)
CVE-2021-21972 (Check VMware vCenter 6.5 6.7 7.0 Rce Vul)
CVE-2021-26855 (Check CVE-2021-26855 Microsoft Exchange SSRF)

BruteForce

. .
SmbScan (Using SMB Protocol to Brute-For 445 Port)
SshScan (Using SSH Protocol to Brute-For 22 Port)
FtpScan (Using FTP Protocol to Brute-For 21 Port)
401Scan (Using HTTP BasicAuth to Brute-For web Port)
MysqlScan (Using Mysql Protocol to Brute-For 3306 Port)
MssqlScan (Using Mssql Protocol to Brute-For 1433 Port)
OracleScan (Using Oracle Protocol to Brute-For 1521 Port)
MongodbScan (Using Mongodb Protocol to Brute-For 27017 Port)
WinrmScan (Using Winrm Protocol to Brute-For 5985 Port)
SqlplusScan (Using Oracle Sqlplus Brute-For 1521 Port)
RedisScan (Using Redis Protocol to Brute-For 6379 Port)

RemoteExec

. .
SshCmd (SSH Remote command execution Default 22 Port)
WinrmCmd (Winrm Remote command execution Default 5985 Port)
PhpShell (Php WebShell command execution Default 80 Port)
GoWebShell (Go WebShell Default http://IP:888/web)
WinJspShell (JSP Shell Remote command execution Default 80 Port)
LnxJspShell (JSP Shell Remote command execution Default 80 Port)
LnxRevShell (Bash Reverse Shell)

Exploit

. .
PhpStudyDoor (PhpStudy 2016 & 2018 BackDoor Exploit)
CVE-2018-14847 (Export RouterOS Password 6.29 to 6.42)

Socks5

. .
Socks5 (Socks5 forward proxy server)

源码编译

go get github.com/k8gege/LadonGo
go build Ladon.go

快速编译

make windows
make linux
make mac

一键安装

Linux/Mac

make install

Windows

go run install.go

使用教程

帮助

Ladon FuncList
Ladon Detection
Ladon VulDetection
adon BruteFor
Ladon RemoteExec
Ladon Exploit
Ladon Example

用法

Ladon IP/机器名/CIDR/URL/txt 扫描模块

IP Ladon 192.168.1.8 MS17010
C段 Ladon 192.168.1.8/24 MS17010
C段 Ladon 192.168.1/c MS17010
B段 Ladon 192.168/b MS17010
A段 Ladon 192/a MS17010

C段(1-5) Ladon 192.168.1-192.168.5 MS17010
URL Ladon http://192.168.1.8:8080 BasicAuthScan
IP列表  Ladon ip.txt MS17010
URL列表 Ladon url.txt HttpBanner

例子

正向Socks5代理服务器

Ladon Socks5 192.168.1.8 1080

信息收集、漏洞检测

Ping扫描C段存活主机(任意权限)
Ladon 192.168.1.8/24 PingScan

ICMP扫描C段存活主机(管理员权限)
Ladon 192.168.1.8/24 IcmpScan

SNMP扫描C段存活主机、设备信息
Ladon 192.168.1.8/24 SnmpScan

SMB扫描C段永恒之蓝MS17010漏洞主机
Ladon 192.168.1.8/24 MS17010

SMB扫描C段永恒之黑SmbGhost漏洞主机
Ladon 192.168.1.8/24 SmbGhost

T3扫描C段开放WebLogic的主机
Ladon 192.168.1.8/24 T3Scan

HTTP扫描C段开放Web站点Banner
Ladon 192.168.1.8/24 BannerScan

HTTP扫描C段开放Web站点标题
Ladon 192.168.1.8/24 HttpTitle

TCP扫描C段开放端口服务信息
Ladon 192.168.1.8/24 TcpBanner

TCP扫描C段主机常见开放端口
Ladon 192.168.1.8/24 PortScan

密码爆破、弱口令

扫描C段445端口Windows机器弱口令
Ladon 192.168.1.8/24 SmbScan

扫描C段22端口Linux机器SSH弱口令
Ladon 192.168.1.8/24 SshScan

扫描C段21端口FTP服务器弱口令
Ladon 192.168.1.8/24 FtpScan

扫描C段3306端口Mysql服务器弱口令
Ladon 192.168.1.8/24 MysqlScan

扫描C段1521端口Oracle服务器弱口令
Ladon 192.168.1.8/24 OracleScan

扫描C段27017端口MongoDB服务器弱口令
Ladon 192.168.1.8/24 MongodbScan

扫描C段1521端口Oracle服务器弱口令
Ladon 192.168.1.8/24 SqlplusScan

扫描C段5985端口Winrm服务器弱口令
Ladon 192.168.1.8/24 WinrmScan

扫描C段6379端口Redis服务器空口令
Ladon 192.168.1.8/24 RedisScan

扫描C段8728端口RouterOS路由器
Ladon 192.168.1.8/24 RouterOSScan

远程命令执行
Ladon SshCmd host port user pass cmd
Ladon WinrmCmd host port user pass cmd
Ladon PhpShell url pass cmd
Ladon PhpStudyDoor url cmd

SshCmd & WinrmCmd image

PhpShell & PhpStudyDoor image

扫C段(192.168.1/c)

. . .
ICMP 3毫秒 1/20秒
WebTitle 10毫秒 1/6秒
T3Scan 15毫秒 1/4秒
EthScan 2毫秒 1/30秒

扫B段(192.168/b)

. . .
EthScan 23分钟 1个端口
T3Scan 1小时 4个端口
WebTitle 40分钟 1个端口
MS17010 12分钟 1个端口
Snmp 20分钟 1个端口

PS:扫描速度实际上和Ladon .net版速度也差不多,只是没专门记录,因为重写测试过程中顺便记录一下GO版速度

跨平台/全平台/全系统

支持新旧操作系统,特别是老旧Linux系统,网上很多工具根本不能用或各种报错

TestOn

ID OS
0 WinXP
1 Win 2003
2 Win 7
3 Win 8.1
4 Win 10
5 Win 2008 R2
6 Win 2012 R2
7 Win 2019
8 Kali 1.0.2
9 Kali 2018
10 Kali 2019
11 SUSE 10
12 CentOS 5.8
13 CentOS 6.3
14 CentOS 6.8
15 Fedora 5
16 RedHat 5.7
17 BT5-R3
18 MacOS 10.15
19 Ubuntu 8
20 Ubuntu 18

以上系统测试成功,其它系统未测,若不支持可自行编译

MacOS x64 10.15

image

Linux

image

Windows

image

Download

LadonGo (ALL OS)

https://github.com/k8gege/LadonGo/releases
http://k8gege.org/Download/LadonGo.rar

Ladon (Windows & Cobalt Strike)

历史版本: https://github.com/k8gege/Ladon/releases
7.0版本:http://k8gege.org/Download
8.6版本:K8小密圈

About

LadonGO 4.0 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。

k8gege.org/Ladon

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

12 tags

Packages

No packages published

Languages

  • Go 98.9%
  • Makefile 1.1%