rm history

.github/build/linux.yml

@@ -0,0 +1,23 @@
+env:
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod tidy
+project_name: scan4all
+builds:
+  - id: scan4all-linux
+    ldflags:
+      - -s -w
+    binary: scan4all
+    env:
+      - CGO_ENABLED=1
+    main: main.go
+    goos:
+      - linux
+    goarch:
+      - amd64
+archives:
+- format: zip
+
+checksum:
+  name_template: "{{ .ProjectName }}-linux-checksums.txt"

.github/build/mac.yml

@@ -0,0 +1,26 @@
+env:
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod tidy
+project_name: scan4all
+builds:
+  - id: scan4all-darwin
+    ldflags:
+      - -s -w
+    binary: scan4all
+    env:
+      - CGO_ENABLED=1
+    main: main.go
+    goos:
+      - darwin
+    goarch:
+      - amd64
+
+archives:
+- format: zip
+  replacements:
+      darwin: macOS
+
+checksum:
+  name_template: "{{ .ProjectName }}-mac-checksums.txt"

.github/build/windows.yml

@@ -0,0 +1,26 @@
+env:
+  - GO111MODULE=on
+before:
+  hooks:
+    - go mod tidy
+project_name: scan4all
+builds:
+  - id: scan4all-windows
+    ldflags:
+      - -s -w
+    binary: scan4all
+    env:
+      - CGO_ENABLED=1
+      - CC=x86_64-w64-mingw32-gcc
+      - CXX=x86_64-w64-mingw32-g++
+    main: main.go
+    goos:
+      - windows
+    goarch:
+      - amd64
+
+archives:
+- format: zip
+
+checksum:
+  name_template: "{{ .ProjectName }}-windows-checksums.txt"

.github/workflows/build.yml

@@ -0,0 +1,69 @@
+name: 🎉 Release Binary
+on:
+  create:
+    tags:
+      - v*
+  workflow_dispatch:
+
+jobs:
+  build-mac:
+    runs-on: macos-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+      - name: Install Dependences
+        run: brew install libpcap
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release -f .github/build/mac.yml --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-linux:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+      - name: Install Dependences
+        run: sudo apt install libpcap-dev
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release -f .github/build/linux.yml --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-windows:
+    runs-on: windows-latest
+    steps:
+      - name: Code checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release -f .github/build/windows.yml --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql.yml

@@ -0,0 +1,73 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '15 4 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+

.gitignore

@@ -0,0 +1,21 @@
+# Binaries for programs and plugins
+.idea
+*.iml
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+scan4all
+scan4all_linux
+.DS_Store
+nuclei_Yaml/nuclei_yaml
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "nuclei-templates"]
+	path = nuclei-templates
+	url = git@github.com:hktalent/nuclei-templates.git

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2021, veo
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Makefile.cross-compiles

@@ -0,0 +1,22 @@
+export PATH := $(GOPATH)/bin:$(PATH)
+export GO111MODULE=on
+LDFLAGS := -s -w
+
+os-archs=darwin:amd64 darwin:arm64 freebsd:386 freebsd:amd64 linux:386 linux:amd64 linux:arm linux:arm64 windows:386 windows:amd64 linux:mips64 linux:mips64le linux:mips:softfloat linux:mipsle:softfloat
+
+all: build
+
+build: app
+
+app:
+	@$(foreach n, $(os-archs),\
+		os=$(shell echo "$(n)" | cut -d : -f 1);\
+		arch=$(shell echo "$(n)" | cut -d : -f 2);\
+		gomips=$(shell echo "$(n)" | cut -d : -f 3);\
+		target_suffix=$${os}_$${arch};\
+		echo "Build $${os}-$${arch}...";\
+		env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} GOMIPS=$${gomips} go build -trimpath -ldflags "$(LDFLAGS)" -o ./release/scan4all_$${target_suffix} .;\
+		echo "Build $${os}-$${arch} done";\
+	)
+	@mv ./release/scan4all_windows_386 ./release/scan4all_windows_386.exe
+	@mv ./release/scan4all_windows_amd64 ./release/scan4all_windows_amd64.exe

README.md

@@ -0,0 +1,63 @@
+<p align="center">
+  <a href="/static/Installation.md">编译/安装/运行</a> •
+  <a href="/static/usage.md">参数说明</a> •
+  <a href="/static/running.md">使用方法</a> •
+  <a href="/static/scenario.md">使用场景</a> •
+  <a href="/static/pocs.md">POC列表</a> •
+  <a href="/static/development.md">自定义扫描器</a>
+</p>
+
+# Features
+
+<h1 align="center">
+  <img src="static/vscan-run.png" alt="scan4all" width="850px"></a>
+  <br>
+</h1>
+
+- Fast port scan, fingerprint detection function
+- Fast login password blasting function
+- Fast POC detection function
+- Fast sensitive file detection
+- Lightweight, open source, cross-platform use
+- Supports multiple types of input - STDIN/HOST/IP/CIDR/URL/TXT
+- Supports multiple types of output - JSON/TXT/CSV/STDOUT
+## New features controlled by configuration files, environment variables
+- url list with context path, enable precise scan UrlPrecise=true ./main -l xx.txt
+- Enable smart subdomain traversal, export EnableSubfinder=true
+- Automatically identify the situation that a domain (DNS) is associated with multiple IPs, and automatically scan the associated multiple IPs
+- Preprocessing, when multiple domain names in the list have the same ip, port scans are merged to improve efficiency
+- In-depth analysis, automatic correlation scan: automatically obtain domain name information in ssl, in the case of *.xxx.com, and configured to allow automatic subdomain traversal, the subdomain traversal will be automatically completed, and the target will be added to the scan list
+- When the input target (target) is ip, all domain names, fingerprint information, historical port information will be automatically associated from the 51pwn cloud, and processed (the cloud service function requires authorization)
+- Automated supply chain analysis and scanning, which requires authorization to use
+- Allows to define your own dictionary through config/config.json configuration, or set related switches, you can define several Options for nuclei, httx, naabu here
+# Implementation process
+- 0. [Subdomain] integrates Subfinder, export EnableSubfinder=true starts, automatically drills deep into the domain name information in the ssl certificate
+- 1. [Port Scanning] Integrate naabu (2.1k), the official product of Nuclei, the famous name Dingding
+- 2. [Service Identification] naabu calls the nmap installed by the system, please install nmap yourself first
+- 3. [Fingerprint recognition] nmap + integrated and optimized EHole (1.4k), and will continue to integrate more fingerprint recognition later
+- 4. [Web Scanning] Integrated httpx (3.2k), officially produced by Nuclei, the famous name Dingding
+- 5. [Vulnerability Scanning]
+    * Integrated nuclei (8.6k) + nuclei-templates (4.5k optimized version, https://github.com/hktalent/nuclei-templates)
+    * Integrated xray 2.0 (6.9k), a total of 354 POCs
+    * scan4all itself implements 8 fuzz components, and at the same time implements vulnerability detection that integrates 14 types of common components
+# How Install
+```bash
+go install github.com/hktalent/scan4all@2.1.5
+scan4all -h
+```
+# How use
+Please install nmap by yourself before use
+```bash
+go build -o scan4all main.go
+# Precise scanning UrlPrecise=true
+UrlPrecise=true ./scan4all -l xx.txt
+```
+
+# changelog
+- 2022-06-20 Integrated Subfinder, domain name blasting, startup parameter export EnableSubfinder=true, note that it is very slow after startup; automatic deep drilling of domain name information in ssl certificate
+  Allows to define your own dictionary through config/config.json configuration, or set related switches
+- 2022-06-17 Optimize the case of multiple IPs in one domain name, all IPs will be port scanned, and then follow the subsequent scanning process
+- 2022-06-15 This version adds several weblogic password dictionaries and webshell dictionaries obtained in actual combat in the past
+- 2022-06-10 Complete the integration of nuclei, including the integration of nuclei templates of course
+- 2022-06-07 Added similarity algorithm to detect 404
+- 2022-06-07 Added the http url list precise scan parameter, which is enabled based on the environment variable UrlPrecise=true