hanc00l / nemo_go Goto Github PK
View Code? Open in Web Editor NEWNemo是用来进行自动化信息收集的一个简单平台,通过集成常用的信息收集工具和技术,实现对内网及互联网资产信息的自动收集,提高隐患排查和渗透测试的工作效率。
License: Apache License 2.0
nemo_go's Issues
希望可以加个页面js链接爬虫
希望可以加个页面js链接爬虫
字段更新
感谢你使用侦查守卫,最近有一个破坏式更新:
- 如果你在使用解析后的json结果,请将字段更新:what_web_name => name
- 添加
is_web字段标识是否为web服务
[{
"url": "https://httpbin.org",
"name": ["swagger"],
"priority": 5,
"length": 9593,
"title": "httpbin.org",
"status_code": 200,
"is_web": true,
"plugins": []
}]Subfinder如何添加Source key
rt
结果导出
师傅好,请问扫描结果这么导出呢
希望能增加自动推送poc的功能
希望能增加推送poc的功能,能推送一些自己写的基于nuclei的poc到所有的worker上
Task Error
I am getting errors after creating the task.
time="2022-11-08 01:22:55" level=info msg="Received new message: {\"UUID\":\"ec0bb53c-61ae-45b3-9ae7-4c4a2d89fbf5\",\"Name\":\"portscan\",\"RoutingKey\":\"machinery_task\",\"ETA\":\"2022-11-08T01:22:55.6276748+06:00\",\"GroupUUID\":\"\",\"GroupTaskCount\":0,\"Args\":[{\"Name\":\"taskId\",\"Type\":\"string\",\"Value\":\"ec0bb53c-61ae-45b3-9ae7-4c4a2d89fbf5\"},{\"Name\":\"configJSON\",\"Type\":\"string\",\"Value\":\"{\\\"target\\\":\\\"76.76.21.22\\\",\\\"executeTarget\\\":\\\"\\\",\\\"port\\\":\\\"--top-ports 1000\\\",\\\"orgId\\\":null,\\\"rate\\\":1000,\\\"ping\\\":false,\\\"tech\\\":\\\"-sS\\\",\\\"ipLocation\\\":true,\\\"httpx\\\":true,\\\"screenshot\\\":true,\\\"fingerprinthub\\\":true,\\\"iconhash\\\":true,\\\"cmdBin\\\":\\\"nmap\\\",\\\"loadOpenedPort\\\":false,\\\"isPortscan\\\":true}\"}],\"Headers\":{},\"Priority\":0,\"Immutable\":false,\"RetryCount\":0,\"RetryTimeout\":0,\"OnSuccess\":null,\"OnError\":null,\"ChordCallback\":null,\"BrokerMessageGroupId\":\"\",\"SQSReceiptHandle\":\"\",\"StopTaskDeletionOnError\":false,\"IgnoreWhenTaskNotRegistered\":false}"
time="2022-11-08 01:22:55" level=info msg="Failed processing task 71a41c06-e34a-4e70-a3ad-189e7762543a. Error = task not exist"
time="2022-11-08 01:22:55" level=info msg="Failed processing task ec0bb53c-61ae-45b3-9ae7-4c4a2d89fbf5. Error = task not exist"
API Version
大佬怎么添加了fofa那些的api,全部都没用呢
nemo poc如何批量验证
nemo poc如何批量验证
单docker启动后容易挂掉
单docker启动后随便点一点 没过几分钟就会挂掉
4g 内存
子域名扫描完成后 不显示结果
任务扫描成完成后domain不显示结果
docker 启动失败啊
worker工作一段时间后会自动掉线,需要重启才重新链接
创建的任务直接出错
./worker_darwin_amd64运行错误
根据分构说明docker部署,配置都是对的,但是连接的还是本地的rabbitmq
漏洞扫描功能希望添加导入自定义poc
在漏洞验证时会有自定义poc的需求
建议支持导入xray_yaml格式的自定义poc方便进行漏洞验证
WARN[0000] Found orphan containers docker-compose报错 5000端口无法访问
hanc00l师傅你好 WARN[0000] Found orphan containers ([nemo-server rabbitmq mysql]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
看似服务起来了 但是无法访问web
师傅方便建个群么
师傅方便建个群么
为啥不能批量poc
漏洞验证这里必须选一个poc,不能做到批量Poc验证
功能添加建议
- 支持oneforall扫描结果导入
- 漏洞扫描支持输入某个组织,这样子可以巡检已经保存的对应组织的资产
能否支持fsan扫描结果中的漏洞信息
支持导入fscan扫描结果是个挺好的功能,但目前是不是不支持识别fscan扫描结果中的漏洞为vulnerability
想请教一下,这个前端要怎么修改或编写?
docker安装方式可以更新一下吗
docker安装方式可以更新一下吗
build失败
师傅,我跑build.sh好像不成功,爆这个错
➜ nemo_go git:(main) ✗ CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags "-s -w" -trimpath -o server_darwin_amd64 cmd/server/main.go
# github.com/mat/besticon/besticon
/Users/kuron3k0/go/pkg/mod/github.com/mat/[email protected]+incompatible/besticon/caching.go:28:23: cannot use siteURL (variable of type string) as type context.Context in argument to iconCache.Get:
string does not implement context.Context (missing Deadline method)
/Users/kuron3k0/go/pkg/mod/github.com/mat/[email protected]+incompatible/besticon/caching.go:47:13: impossible type assertion: ctx.(string)
string does not implement context.Context (missing Deadline method)
# github.com/hanc00l/nemo_go/pkg/task/domainscan
/Users/kuron3k0/go/pkg/mod/github.com/hanc00l/[email protected]/pkg/task/domainscan/crawler.go:86:34: cannot use targets (variable of type []*"github.com/hanc00l/crawlergo/pkg/model".Request) as type []*"crawlergo/pkg/model".Request in argument to pkg.NewCrawlerTask
/Users/kuron3k0/go/pkg/mod/github.com/hanc00l/[email protected]/pkg/task/domainscan/crawler.go:307:34: cannot use targets (variable of type []*"github.com/hanc00l/crawlergo/pkg/model".Request) as type []*"crawlergo/pkg/model".Request in argument to pkg.NewCrawlerTask
/Users/kuron3k0/go/pkg/mod/github.com/hanc00l/[email protected]/pkg/task/domainscan/crawler.go:341:6: cannot use *r (variable of type "crawlergo/pkg/model".Request) as type "github.com/hanc00l/crawlergo/pkg/model".Request in argument to func(req model2.Request) {…}
可以加一个shodan的接口
添加任务失败!
这是为啥? 无法进行扫描
权限拒绝,web没起来
ubuntu20
go build 报错了
难题
师傅可以帮忙看一下配置文件吗 我根据文档进行了配置 但是结果还是这样
work 异常退出 || work 自动下线
work 异常退出
- 使用docker 自动部署
意外退出代码
time="2022-03-14 01:56:32" level=info msg="Crawling GET https://xxxx.com.cn/user/application/text/text/html"
panic: sync: WaitGroup is reused before previous Wait has returned
goroutine 523366 [running]:
sync.(*WaitGroup).Wait(0xea94aa)
sync/waitgroup.go:132 +0xa5
github.com/hanc00l/crawlergo/pkg/engine.(*Tab).Start.func3()
github.com/hanc00l/[email protected]/pkg/engine/tab.go:232 +0x2b
created by github.com/hanc00l/crawlergo/pkg/engine.(*Tab).Start
github.com/hanc00l/[email protected]/pkg/engine/tab.go:230 +0x5cf没找他其他下线原因。下线不一定是这个问题。已知任务量过大的时候 work %100 异常退出。还会存在服务器卡死现象。。。ssh 都连接不上去 服务器配置 2核心4G 分配了四个 work
mysql启动异常
mysql启动异常,开了几次了,都没法启动,导致前段页面数据拉取失败
端口扫描
小建议
建议端口扫描采用masscan+nmap结合的方式扫描
masscan探测端口存活,nmap探测存活端口指纹提高效率和准确率
can‘t work.help?
thx
似乎nemo/server:v2这个镜像无了
能留个联系方式吗
希望添加nuclei
希望添加nuclei,因为其poc有几k个且更新频率更高,
是否可以添加周期性的扫描配置?
周期性扫描,这样便于发现一些临时公开的资产
单docker启动后,没有数据
worker加载出错
worker 会加载conf/server.yml,从releases下载的worker包里没有server.yml导致出错
open conf/server.yml: no such file or directory
Load Server config fail!
这是必要的吗?
为什么Nemo增加了任务一直处于create状态呢
为什么Nemo增加了任务一直处于create状态呢
希望可以加个目录扫描功能
希望可以加个目录扫描功能,如果不行的话当我没说😂
域名泛解析问题
docker-compose -f docker-compose.server.yml up -d报错
ERROR: client version 1.38 is too new. Maximum supported API version is 1.37
容易断网
线程我worlk文件改了,是我改错地方了吗?但是还是以启动网络就GG了。
docker 搭建成功访问5000端口显示502
求助hanc00l大佬~
大佬您好,我是Mars的作者,最近基于你的nemo进行了二次开发,发现很多思路也都很接近,有些问题想一起交流一下,不知是否方便。感谢。我的微信:secplus
mac m1 docker 启动服务异常
pocsan 模块问题
#pkg/task/pocscan/xray.go
cmdArgs = append(
cmdArgs,
"--log-level", "error", "webscan", "--plugins", "phantasm", "--poc",
filepath.Join(conf.GetRootPath(), conf.GlobalWorkerConfig().Pocscan.Xray.PocPath, x.Config.PocFile),
"--json-output", resultTempFile, "--url-file", inputTargetFile,
)- 大佬我想问下 这个POC 扫描部分是资产探测完成后用户根据poc 主动探测的嘛
** 假想情况是否为 探测某个资产完毕后 识别到指纹信息为shiro 然后通过调用pocsan 模板进行shiro 扫描。
** 是否有必要改为全量扫描模式(不然感觉分布式意义不大。。)
** 针对专项poc 检测Nuclei 貌似效果更好。。
web无法访问
为何web服务都已监听,但web就是无法访问
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.