W12scan is a network asset discovery engine that can automatically aggregate related assets for analysis and use.
Here is a web source program, but the scanning end is at w12scan-client Thinking Based on python3 + django + elasticsearch + redis and use the web restful api to add scan targets.
Powerful search syntax
Search for cms, service, titles, country regions, etc., to quickly find relevant targets.
title=“abc” # Search from the title
header=“abc” # Search from http header
body=“123” # Search from body text
url = “*.baidu.com” # Search for subdomains of baidu.com
ip = ‘18.104.22.168’ # Search from IP,support '192.168.1.0/24' and '192.168.1.*'
port = ‘80’ # Search form port
app = ’nginx’ # Search application
country = ‘cn’ # Search from country
service = ‘mysql’ # Search from service
bug = 'xx' # Search from Vulnerability
By customizing a company-related domain name or ip asset, w12scan will automatically help you find the corresponding asset target. When you browse the target, there is a prominent logo to remind you of the target's ownership.
Enter the target details. If the target is ip, all domain names on the ip and all domain names on the c class will be automatically associated. If the target is a domain name, the adjacent station, segment c and subdomain are automatically associated.
WEB will check the status of the node every few minutes, you can see the number of node scans and the node scan log.
Provides an interface to add tasks, you can add it on the WEB side or integrate it in any software.
Common vulnerability verification service built into the scanner.
Easy to distribute
This is taken into account in the design of the program architecture. It is very easy to distribute and run the scan terminal directly on another machine. It also can be distributed based on docker, celery service.
Quickly build an environment with docker
git clone https://github.com/boy-hack/w12scan
docker-compose up -d