- Notifications
You must be signed in to change notification settings - Fork152
Attack surface mapping
gobysec/Goby
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Goby is a new generation network security assessment tool. It can efficiently and practically scan vulnerabilities while sorting out the most complete attack surface information for a target enterprise. Goby can also quickly penetrate the company intranet based on a company's vulnerabilities exposed to the Internet. We strive for Goby to become a more vital tool that can benchmark against hackers' actual attack methods and help companies effectively understand and respond to cyber-attacks.
Goby currently uses Golang development, usesElectron andVUE as the front-end framework, supports windows, MacOS, and Linux without installation. Goby is based on network scanning, therefore permission is required to identify the NIC before using it.The installation methods of different platforms are as follows:
- WindowsDownload the
Npcapand install it. - MacOSRun the following command:
1. cd /dev2. sudo chown $USER:admin bp*For more information, seeGoby WiKi
1. Rule basesGoby has built in more than 100,000 rule recognition engines. The coverage of hardware types includesNetwork devices,IoT devices,Network Security products,office devices, etc. The coverage of software types includes:CRM,CMS,EMAIL,OA system, etc.
2. ProtocolGoby has built in more than 200 protocol recognition engines, including:Network protocols,Database protocols,IoT protocols ,ICS protocols, etc.
3. PortIn addition to common ports, Goby also groups ports based on security practices, including:Enterprises,Cafes,Hotels,Airports,Databases,IoT,SCADA,ICS andBack door detection.
4. Common vulnerabilities and weak passwordsGoby covers common critical vulnerabilities such asWeblogic andTomcat, as well as preset account information of more than 1,000 devices.
- CVE-2020-2551
- CVE-2020-2555
- CVE-2020-1938
- CVE-2020-10189
- CVE-2020-11651
- CVE-2020-11710
- CVE-2020-7961
- CVE-2020-12116
- CVE-2019-10758
- CVE-2019-3799
- CVE-2019-19781
- CVE-2019-3948
- CVE-2018-1000861
- CVE-2018-7600
- CVE-2018-1297
- CVE-2018-13379
- CVE-2017-5638
- CVE-2017-5878
- CVE-2017-17215
- CVE-2017-1000353
- CVE-2016-4437
- CVE-2016-3088
- CVE-2013-2251
- CVE-2011-3556
- ThinkPHP2.1_RCE
- ThinkPHP5_RCE
- Constantly updating...…
For more information about Goby FAQ, please visithere
Contribute POC
- First need to readGoscanner_POC/EXP _Writing_Manual
- Then readCustom PoC Query Rule
Please readhere first if you submit an error or demand suggestion.
If you have a functional type of issue, you can raise an issue on GitHub or in the discussion group below:
- GitHub issue:https://github.com/gobysec/Goby/issues
- WeChat Group: First add my personal WeChat:gobyteam, I will add everyone to the official WeChat group of Goby.