Giter VIP home page Giter VIP logo

hanc00l / nemo_go Goto Github PK

View Code? Open in Web Editor NEW
1.6K 1.6K 238.0 182.7 MB

Nemo是用来进行自动化信息收集的一个简单平台,通过集成常用的信息收集工具和技术,实现对内网及互联网资产信息的自动收集,提高隐患排查和渗透测试的工作效率。

License: Apache License 2.0

Dockerfile 0.06% Shell 0.45% Go 43.52% CSS 15.38% JavaScript 21.09% HTML 19.14% Makefile 0.36%

nemo_go's People

Contributors

elliotwutingfeng avatar hanc00l avatar icemoon1995 avatar sh3d0ww01f avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

crackercat sixteen250 showsmall j5s lekkoo harry1080 sairson phuong39 helloshaohua kenuosec 00110100 ddostest123 huangyuan666 jeromeyoung ice-001 re-expoc choutofu 5l1v3r1 yuyuowo zzhsec traxsw featherstark jenxp wha000tif conanjun akz747 offensive-defensive shenliehuozhi morns0 darkkid0 adil0518 kaitoulee fidjiw grouppppp sec-fork x-team-robots hack404-007 nuk96 epic1028 whoiszzr tdr130 bjliyanliang dr0op frankfanslc msr00t medasz sanchahua fatman0 dk47os3r lztcode yourant yougar0 z0edff0x3d redwifiteam sesyi nanaao mrquiet huifeidebaba whale3070 shellsec zaigaochu 1063122023 sbcaorg waynetest monster-24 kk-hub446 cts2021 kmasterv greatspider135 austfish yutianqaq sylj-k 482949203 ckevens qaz7791869 zard-ethan lay0us1 w3lk1n zoombegod zhuanyedecainiao wycdavid cddysq-matrix-01 yfcydyf anfutest fuckgitb xiaoc94 cnmars wule108 sasosos istoliving soliontheroad n0smi1e bingpo p01ice hades-ak1 exploit-3389 sirzhangsheng panda843 alberthchang 0xtbug

nemo_go's Issues

mac m1 docker 启动服务异常

image

由于是使用arm 芯片我改了一下配置中的mysql 正常启动服务,但是启动服务之后却无法正常使用

image

辛苦大佬,希望能够回复我 谢谢。

求助hanc00l大佬~

大佬您好,我是Mars的作者,最近基于你的nemo进行了二次开发,发现很多思路也都很接近,有些问题想一起交流一下,不知是否方便。感谢。我的微信:secplus

build失败

师傅,我跑build.sh好像不成功,爆这个错

➜  nemo_go git:(main) ✗ CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags "-s -w" -trimpath -o server_darwin_amd64 cmd/server/main.go
# github.com/mat/besticon/besticon
/Users/kuron3k0/go/pkg/mod/github.com/mat/[email protected]+incompatible/besticon/caching.go:28:23: cannot use siteURL (variable of type string) as type context.Context in argument to iconCache.Get:
	string does not implement context.Context (missing Deadline method)
/Users/kuron3k0/go/pkg/mod/github.com/mat/[email protected]+incompatible/besticon/caching.go:47:13: impossible type assertion: ctx.(string)
	string does not implement context.Context (missing Deadline method)
# github.com/hanc00l/nemo_go/pkg/task/domainscan
/Users/kuron3k0/go/pkg/mod/github.com/hanc00l/[email protected]/pkg/task/domainscan/crawler.go:86:34: cannot use targets (variable of type []*"github.com/hanc00l/crawlergo/pkg/model".Request) as type []*"crawlergo/pkg/model".Request in argument to pkg.NewCrawlerTask
/Users/kuron3k0/go/pkg/mod/github.com/hanc00l/[email protected]/pkg/task/domainscan/crawler.go:307:34: cannot use targets (variable of type []*"github.com/hanc00l/crawlergo/pkg/model".Request) as type []*"crawlergo/pkg/model".Request in argument to pkg.NewCrawlerTask
/Users/kuron3k0/go/pkg/mod/github.com/hanc00l/[email protected]/pkg/task/domainscan/crawler.go:341:6: cannot use *r (variable of type "crawlergo/pkg/model".Request) as type "github.com/hanc00l/crawlergo/pkg/model".Request in argument to func(req model2.Request) {…}

结果导出

师傅好,请问扫描结果这么导出呢

容易断网

线程我worlk文件改了,是我改错地方了吗?但是还是以启动网络就GG了。

mysql启动异常

mysql启动异常,开了几次了,都没法启动,导致前段页面数据拉取失败
mysql异常
os

worker加载出错

worker 会加载conf/server.yml,从releases下载的worker包里没有server.yml导致出错

open conf/server.yml: no such file or directory
Load Server config fail!

这是必要的吗?

字段更新

感谢你使用侦查守卫,最近有一个破坏式更新:

  1. 如果你在使用解析后的json结果,请将字段更新:what_web_name => name
  2. 添加is_web字段标识是否为web服务
[{
	"url": "https://httpbin.org",
	"name": ["swagger"],
	"priority": 5,
	"length": 9593,
	"title": "httpbin.org",
	"status_code": 200,
	"is_web": true,
	"plugins": []
}]

work 异常退出 || work 自动下线

work 异常退出

  • 使用docker 自动部署

意外退出代码

time="2022-03-14 01:56:32" level=info msg="Crawling GET https://xxxx.com.cn/user/application/text/text/html"
panic: sync: WaitGroup is reused before previous Wait has returned

goroutine 523366 [running]:
sync.(*WaitGroup).Wait(0xea94aa)
        sync/waitgroup.go:132 +0xa5
github.com/hanc00l/crawlergo/pkg/engine.(*Tab).Start.func3()
        github.com/hanc00l/[email protected]/pkg/engine/tab.go:232 +0x2b
created by github.com/hanc00l/crawlergo/pkg/engine.(*Tab).Start
        github.com/hanc00l/[email protected]/pkg/engine/tab.go:230 +0x5cf

没找他其他下线原因。下线不一定是这个问题。已知任务量过大的时候 work %100 异常退出。还会存在服务器卡死现象。。。ssh 都连接不上去 服务器配置 2核心4G 分配了四个 work

好像还不太稳

2021/12/10 10:12:02 github.com/hanc00l/nemo_go/pkg/db/conn.go:39
[error] failed to initialize database, got error dial tcp 127.0.0.1:3306: connect: connection refused

端口扫描

小建议
建议端口扫描采用masscan+nmap结合的方式扫描
masscan探测端口存活,nmap探测存活端口指纹提高效率和准确率

pocsan 模块问题 

#pkg/task/pocscan/xray.go
cmdArgs = append(
		cmdArgs,
		"--log-level", "error", "webscan", "--plugins", "phantasm", "--poc",
		filepath.Join(conf.GetRootPath(), conf.GlobalWorkerConfig().Pocscan.Xray.PocPath, x.Config.PocFile),
		"--json-output", resultTempFile, "--url-file", inputTargetFile,
	)
  • 大佬我想问下 这个POC 扫描部分是资产探测完成后用户根据poc 主动探测的嘛
    ** 假想情况是否为 探测某个资产完毕后 识别到指纹信息为shiro 然后通过调用pocsan 模板进行shiro 扫描。
    ** 是否有必要改为全量扫描模式(不然感觉分布式意义不大。。)
    ** 针对专项poc 检测Nuclei 貌似效果更好。。

功能添加建议

  1. 支持oneforall扫描结果导入
  2. 漏洞扫描支持输入某个组织,这样子可以巡检已经保存的对应组织的资产

难题

image
师傅可以帮忙看一下配置文件吗 我根据文档进行了配置 但是结果还是这样

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.