An extensible and concurrency pentest framework in Go, also with WebGUI. Feel free to CONTRIBUTE!
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
assassin rename util to utils May 1, 2018
attacker update demo and fix crawler error May 29, 2018
config support multiple users Apr 26, 2018
demo update demo Jun 3, 2018
dict version 0.8 May 28, 2018
gatherer fix domain process error Jun 3, 2018
logger first commit Mar 25, 2018
poc version 0.8 May 28, 2018
seeker add mux for seeker Jun 3, 2018
utils use barbarian to run program concurrently May 4, 2018
web update frontend Jul 19, 2018
AssassinGo fix domain process error Jun 3, 2018
LICENSE Create LICENSE Apr 21, 2018
README.MD Update README.MD Nov 22, 2018
backup.sql update backup.sql Jun 6, 2018
deploy.sh add deploy.sh Apr 27, 2018
design-pattern.png update design-pattern.png May 18, 2018
docker-compose.yml Update docker-compose.yml Jul 17, 2018
dockerfile support multiple users Apr 26, 2018
logo.jpg first commit Mar 25, 2018
main.go fix spell error Apr 7, 2018

README.MD

Rawsec's CyberSecurity Inventory MIT License

AssassinGo

AssassinGo is an extensible and concurrency information gathering and vulnerability scanning framework, with WebSocket based Web GUI.

Just for learn, welcome PR.

Features

  • Retrieve Security Headers
  • Bypass CloudFlare
  • Detect CMS Version
  • Honeypot Detect
  • Port Scan
  • Trace Route and Mark on Google Map
  • Subdomain Scan
  • Dir Scan and Site Map
  • Whois Lookup
  • Crawl the Paramed URLs
  • Basic SQLi Check
  • Basic XSS Check
  • Intruder
  • SSH Bruter
  • Google-Hacking with Headless-Chrome
  • Friendly PoC Interface
  • Web GUI(using WebSocket)
  • Generate Report

Installation

localhost

git clone https://github.com/AmyangXYZ/AssassinGo
cd AssassinGo
docker-compose up --build -d
cat backup.sql | docker exec -i assassingo_mariadb_1 /usr/bin/mysql -uag --password=password ag

Then visit http://127.0.0.1:8000 and login as admin:admin

VPS

If you want to deploy on your VPS, please clone the Frontend and modify the base_url of AJAX and WebSocket, then run npm run build and copy the output to web/ directory as deploy.sh says.

Remember to add your google-map key in index.html.

Demo

base

traceroute

subdomain

intruder

seek

poc

Outline Design

I choose Composite Pattern to increase expansibility.

design-pattern

API

AJAX

Path Method Func Params Return
/token POST sign in username=admin&password=adminn {SG_Token:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1M…W4ifQ.qY-k5f54CrQ6_dNdjgQgqjh5xS8iFZOjTLcfMfirY0w" (stored in cookie)}
/api/target POST set a target target=xxx OR targets=t1,t2... nil
/api/info/basic GET get ip and retrieve security headers nil {data:{"ip": "192.168.1.1", "webserver": "nginx","click_jacking_protection":true,"content_security_policy":false,"strict_transport_security":false,"x_content_type_options":true}
/api/info/bypasscf GET find real ip behind cloudflare nil {"real_ip":"123.123.123.123"}
/api/info/cms GET detect cms nil {data:{"cms": "wordpress"}}
/api/info/honeypot GET get ip and webserver nil {data:{"score": "0.3"}}
/api/info/whois GET whois nil {data:{"domain":"example.com","registrar_name":"alibaba", "admin_name":"xiaoming", "admin_email":"a@qq.com", "admin_phone":"+86.12312345678", "created_date":"2016-07-28T12:57:53.0Z","expiration_date":"2018-07-28T12:57:53.0Z", "ns":"dns9.hichina.com", "state":"clienttransferprohibited"}}
/api/poc GET get poc list nil {data:{"poc_list":["drupal-rce":{"id":"CVE-2017-7602","ty## pe":"remote code execution","text":"biubiubiu","platform## ":"php","data":"2018-04-25",## "reference":"https://cve.mitre.org/cgi-## bin/cvename.cgi?name=CVE-2018-7602"},"seacms-v654-rce"]## }}
/api/poc/:poc GET run the specified poc nil {data:{"host": "example.com", "exploitable":"true"}}

WebSocket

Path Func Params Return
/ws/info/port port scan nil {"port": "80", "service": "http"}
/ws/info/tracert trace route and mark on google map nil {"ttl": 1, "addr": 192.168.1.1, "elapsed_time": 22720440, "country": China, "lat": 34.2583,"long": 116.1614}
/ws/info/subdomain enmu subdomain nil {"subdomain":"earth.google.com"}
/ws/info/dirb brute force dir {"concurrency":20, "dict":"php"}; {"stop":1} {"path": "admin.php", "resp_status": 200, "resp_len": 110}
/ws/attack/crawl crawl paramed urls {"max_depth": 4} {"url": "example.com/?id=1"}
/ws/attack/sqli check sqli nil {"sqli_url": "example.com/?id=1}
/ws/attack/xss check xss nil {"xss_url": "example.com/?id=1}
/ws/attack/intrude brute force {"header": "GET / HTTP/1.1 ...", "payload": "p1,p2...", "concurrency": "10"}; {"stop":1} {"payload": 1, "resp_status": 200, "resp_len": 110}
/ws/attack/ssh brute force ssh {"port":"22",, "concurrency":40} {"user":"root","passwd":"biubiubiu"}
/ws/seek seek targets {"query": "biu", "se": "bing/google", "max_page": 10} {"urls": urls}
/ws/poc/:poc run poc {concurrency:10} {"exploitable_host": "example.com"}

License

MIT