AssassinGo

by AmyangXYZ

AmyangXYZ /AssassinGo

An extensible and concurrency pentest framework in Go, also with WebGUI. Feel free to CONTRIBUTE!

482 Stars 82 Forks Last release: Not found MIT License 166 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Rawsec's CyberSecurity Inventory MIT License

AssassinGo

AssassinGo is an extensible and concurrency information gathering and vulnerability scanning framework, with WebSocket based Web GUI.

Just for learn, welcome PR.

Features

  • [x] Retrieve Security Headers
  • [x] Bypass CloudFlare
  • [x] Detect CMS Version
  • [x] Honeypot Detect
  • [x] Port Scan
  • [x] Trace Route and Mark on Google Map
  • [x] Subdomain Scan
  • [x] Dir Scan and Site Map
  • [x] Whois Lookup
  • [x] Crawl the Paramed URLs
  • [x] Basic SQLi Check
  • [x] Basic XSS Check
  • [x] Intruder
  • [x] SSH Bruter
  • [x] Google-Hacking with Headless-Chrome
  • [x] Friendly PoC Interface
  • [x] Web GUI(using WebSocket)
  • [ ] Generate Report

Installation

localhost

git clone https://github.com/AmyangXYZ/AssassinGo
cd AssassinGo
docker-compose up --build -d
cat backup.sql | docker exec -i assassingo_mariadb_1 /usr/bin/mysql -uag --password=password ag

Then visit http://127.0.0.1:8000 and login as admin:admin

VPS

If you want to deploy on your VPS, please clone the Frontend and modify the

base_url
of AJAX and WebSocket, then run
npm run build
and copy the output to
web/
directory as deploy.sh says.

Remember to add your google-map key in

index.html
.

Demo

base

traceroute

subdomain

intruder

seek

poc

Outline Design

I choose Composite Pattern to increase expansibility.

design-pattern

API

AJAX

Path

Method Func Params Return
/token POST sign in username=admin&password=adminn {SGToken:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1M…W4ifQ.qY-k5f54CrQ6dNdjgQgqjh5xS8iFZOjTLcfMfirY0w" (stored in cookie)}
/api/target POST set a target target=xxx OR targets=t1,t2... nil
/api/info/basic GET get ip and retrieve security headers nil {data:{"ip": "192.168.1.1", "webserver": "nginx","clickjackingprotection":true,"contentsecuritypolicy":false,"stricttransportsecurity":false,"xcontenttypeoptions":true}
/api/info/bypasscf GET find real ip behind cloudflare nil {"realip":"123.123.123.123"}
/api/info/cms GET detect cms nil {data:{"cms": "wordpress"}}
/api/info/honeypot GET get ip and webserver nil {data:{"score": "0.3"}}
/api/info/whois GET whois nil {data:{"domain":"example.com","registrarname":"alibaba", "adminname":"xiaoming", "adminemail":"[email protected]", "adminphone":"+86.12312345678", "createddate":"2016-07-28T12:57:53.0Z","expirationdate":"2018-07-28T12:57:53.0Z", "ns":"dns9.hichina.com", "state":"clienttransferprohibited"}}
/api/poc GET get poc list nil {data:{"poc_list":["drupal-rce":{"id":"CVE-2017-7602","ty## pe":"remote code execution","text":"biubiubiu","platform## ":"php","data":"2018-04-25",## "reference":"https://cve.mitre.org/cgi-## bin/cvename.cgi?name=CVE-2018-7602"},"seacms-v654-rce"]## }}
/api/poc/:poc GET run the specified poc nil {data:{"host": "example.com", "exploitable":"true"}}

WebSocket

Path

Func Params Return
/ws/info/port port scan nil {"port": "80", "service": "http"}
/ws/info/tracert trace route and mark on google map nil {"ttl": 1, "addr": 192.168.1.1, "elapsedtime": 22720440, "country": China, "lat": 34.2583,"long": 116.1614}
/ws/info/subdomain enmu subdomain nil {"subdomain":"earth.google.com"}
/ws/info/dirb brute force dir {"concurrency":20, "dict":"php"}; {"stop":1} {"path": "admin.php", "respstatus": 200, "resplen": 110}
/ws/attack/crawl crawl paramed urls {"maxdepth": 4} {"url": "example.com/?id=1"}
/ws/attack/sqli check sqli nil {"sqliurl": "example.com/?id=1}
/ws/attack/xss check xss nil {"xssurl": "example.com/?id=1}
/ws/attack/intrude brute force {"header": "GET / HTTP/1.1 ...", "payload": "p1,p2...", "concurrency": "10"}; {"stop":1} {"payload": 1, "respstatus": 200, "resplen": 110}
/ws/attack/ssh brute force ssh {"port":"22",, "concurrency":40} {"user":"root","passwd":"biubiubiu"}
/ws/seek seek targets {"query": "biu", "se": "bing/google", "maxpage": 10} {"urls": urls}
/ws/poc/:poc run poc {concurrency:10} {"exploitablehost": "example.com"}

License

MIT

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.