liamg / furious Goto Github PK

View Code? Open in Web Editor NEW

569.0 16.0 85.0 8.67 MB

:angry: Go IP/port scanner with SYN (stealth) scanning and device manufacturer identification

License: GNU General Public License v3.0

Makefile 0.24% Shell 0.39% Go 99.38%

port-scanner ip-scanner network-scanner security

furious's Introduction

Furious IP/Port Scanner

Furious is a fast, lightweight, portable network scanner.

I haven't done any proper performance testing, but a SYN scan of a single host, including all known ports (~6000) will typically take in the region of 4 seconds. On the same machine, nmap took 98 seconds and produced exactly the same results.

Install

You'll need to install libpcap.

On Linux, install libpcap with your package manager
On OSX, brew install libpcap
On Windows, install WinPcap

Then just:

go get -u github.com/liamg/furious

Options

`-s [TYPE]` `--scan-type [TYPE]`

Use the specified scan type. The options are:

Type	Description
`syn`	A SYN/stealth scan. Most efficient scan type, using only a partial TCP handshake. Requires root privileges.
`connect`	A less detailed scan using full TCP handshakes, though does not require root privileges.
`device`	Attempt to identify device MAC address and manufacturer where possible. Useful for listing devices on a LAN.

The default is a SYN scan.

`-p [PORTS]` `--ports [PORTS]`

Scan the specified ports. Defaults to a list of all known ports as provided by IANA.

Ports may be specified using a comma delimited list, and ranges are also allowed.

For example:

--ports 22,80,443,8080-8082

...will scan 22, 80, 443, 8080, 8081, and 8082.

`-t [MS]` `--timout-ms [MS]`

The network timeout to apply to each port being checked. Default is 1000ms.

`-w [COUNT]` `--workers [COUNT]`

The number of worker routines to use to scan ports in parallel. Default is 1000 workers.

`-u` `--up-only`

Only show output for hosts that are confirmed as up.

`--version`

Output version information and exit.

Usage

Furious can be used to:

Find open ports on one or more hosts

Scan a single host:

furious 192.168.1.4

Scan a whole CIDR:

furious 192.168.1.0/24

Scan a mixture of IPs, hostnames and CIDRs

furious -s connect 8.8.8.8 192.168.1.1/24 google.com

Run a SYN (stealth) scan (with root privileges)

sudo -E furious -s syn 192.168.1.1

Run a connect scan as any user

furious -s connect 192.168.1.1

Identify device MAC address and manufacturer within a local network

furious -s device 192.168.1.1/24 -u

Troubleshooting

`sudo: furious: command not found`

If you installed using go, your user has the environment variables required to locate go programs, but root does not. You need to:

sudo env "PATH=$PATH" furious

SYN/Connect scans are slower than nmap!

They're not in my experience, but with default arguments furious scans nearly six times as many ports as nmap does by default.

furious's People

Contributors

Stargazers

Watchers

Forkers

ninefive sakishum tricleoo qing-q bonedaddy andremota hohjgdhsj benderpan rms1000watt lorock werty1st backwardn ro9ueadmin sagaroffsec chriswalz leofigy io-security-solutions daniel-007 pwnfun silverark famatte69 mitghi jeremybusk fdlucifer 2morales mmg1 buyabez bentol mgcfish wangshifeng stanonyime amatheraeworld piterpentester a7600999 potatonc tarn4 isgasho shopper29 3reequency raw44oe langubtc bdunlap9 knowledge-wisdom-understanding zyxtarmo nclvvp4444 dpunkturban ohfill slooppe logycon sashka3076 mdalmao 5l1v3r1 d3v53c olivierh59500 stevemcquaid karelorigin weiwhy afwu deancn anonimo501 wheatj fbaube fz3r0 sorieil yebottle azrotronik yibit zhaobisheng jackcleo mrquiet sylviagaytaneh2021 zhongpei parvineyvazov huffery z0mbieb0y johnfg2610 zak1sme chaim12345 iq-scm st2ne royvdelft bihanikeshav themasterdoctor zhangkaibin0921

furious's Issues

Local scanning on Mac is throwing panic

Hi, came across this tool for port scanning and it works well with external sites:

Do you know why local ones fail?

`
(base) ip-192-168-86-35:apk_decompile jack$ sudo furious 192.168.86.35

Starting scan at 2020-02-06 13:01:51.335325 -0800 PST m=+0.008516310

panic: router only implemented in linux

goroutine 41 [running]:
github.com/liamg/furious/vendor/github.com/google/gopacket/routing.New(...)
/Users/jack/go/src/github.com/liamg/furious/vendor/github.com/google/gopacket/routing/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scanHost(0xc000306000, 0xc000692020, 0x10, 0x10, 0xc0002a8000, 0x16b4, 0x1c00, 0xc000694000, 0xc000694120, 0x43c9060, ...)
/Users/jack/go/src/github.com/liamg/furious/scan/scan-syn.go:242 +0x2ab
github.com/liamg/furious/scan.(*SynScanner).Start.func1(0xc000306000)
/Users/jack/go/src/github.com/liamg/furious/scan/scan-syn.go:74 +0x173
created by github.com/liamg/furious/scan.(*SynScanner).Start
/Users/jack/go/src/github.com/liamg/furious/scan/scan-syn.go:68 +0x43
`

Thanks!

Filtered Ports not populated

Thank for your hard work on this. I thinking about using it for a project so giving it a thorough testing. I'm new to go so please forgive me if I've missed something obvious here. I've been coding for 20 years, but the go routines and channels are going to take a while to get my head around!

Looking at scan-syn.go, it looks like the filtered ports are never assessed or sent to the filtered channel to be added to the filtered array. Is that right?

Since we are not expecting a response, would it be right in thinking that after a timeout any port that isn't open, or closed would be essentially confirmed as filtered (unless it was just lost in the network)?

Add support for macOS?

I tried to run this from my macOS iMac (bit silly of me?):

(⎈ |local:default)
prologic@Jamess-iMac
Tue Oct 20 08:32:02
~
 1
$ sudo furious 10.0.0.7
Password:

Starting scan at 2020-10-20 08:32:15.415617 +1000 AEST m=+0.005401962

panic: router only implemented in linux

goroutine 31 [running]:
github.com/liamg/furious/vendor/github.com/google/gopacket/routing.New(...)
	/Users/prologic/go/src/github.com/liamg/furious/vendor/github.com/google/gopacket/routing/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scanHost(0xc000184c90, 0xc00018a330, 0x10, 0x10, 0xc000356000, 0x16b4, 0x1c00, 0xc00018c1e0, 0xc00018c300, 0x43d40c0, ...)
	/Users/prologic/go/src/github.com/liamg/furious/scan/scan-syn.go:242 +0x274
github.com/liamg/furious/scan.(*SynScanner).Start.func1(0xc000184c90)
	/Users/prologic/go/src/github.com/liamg/furious/scan/scan-syn.go:74 +0x173
created by github.com/liamg/furious/scan.(*SynScanner).Start
	/Users/prologic/go/src/github.com/liamg/furious/scan/scan-syn.go:68 +0x43

Is it possible to add support for macOS here? Is there an equivalent implementation that can be added?

Use as library

I'm attempting to reference your project as a library, it seems like a really well thought out project. I'm currently running into an issue I don't understand. When I try to reference your code from a different project I get the response of:

Scan results for host 192.168.3.5
	Host is down

Where if I run the furious tool:

sudo ./furious -s connect 192.168.3.5

Starting scan at 2019-12-17 20:55:56.545097688 +0000 UTC m=+0.026920458

Scan results for host 192.168.3.5
	Host is up with 56.66663ms latency
	PORT	STATE	SERVICE
	22/tcp    	OPEN      	ssh

Scan complete in 2.418170027s.

It seems to work fine. The code I'm using looks like this and semantically doesn't seem any different what what your project is running.

if os.Getuid() > 0 {
		fmt.Println("Access Denied: You must be a priviliged user to run this type of scan.")
		os.Exit(1)
	}
	targetIterator := scan.NewTargetIterator("192.168.3.5")
	scanner := scan.NewConnectScanner(targetIterator, 6000, 1000)
	if err := scanner.Start(); err != nil {
		fmt.Println(err)
		os.Exit(1)
	}
	ctx, _ := context.WithCancel(context.Background())
	results, err := scanner.Scan(ctx, scan.DefaultPorts)
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}

	for _, result := range results {
		scanner.OutputResult(result)
	}

panic: router only implemented in linux

Does not support windows

furious 192.168.218.149

00 CST m=+0.031451601

panic: router only implemented in linux

goroutine 26 [running]:
github.com/liamg/furious/vendor/github.com/googl
e/gopacket/routing.New(...)
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/vendor/github.com/google/gopacket/routing
/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scan
Host(0xc00005eba0, 0xc000056a40, 0x10, 0x10, 0xc
000268000, 0x16b4, 0x1c00, 0xc000041740, 0xc0000
41860, 0x7b5580, ...)
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/scan/scan-syn.go:242 +0x2b2
github.com/liamg/furious/scan.(*SynScanner).Star
t.func1(0xc00005eba0)
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/scan/scan-syn.go:74 +0x17a
created by github.com/liamg/furious/scan.(*SynSc
anner).Start
        C:/Users/sxuec/go/src/github.com/liamg/f
urious/scan/scan-syn.go:68 +0x4a```

Option to output to json

Would be great to have json to stdout

Fix SYN scanning on OSX

We need to switch to libpcap for syn scanning on osx.

Nice info here: https://www.devdungeon.com/content/packet-capture-injection-and-analysis-gopacket

`furious -s connect example.com` always return `Host is down`

Exactly as mentioned in the title the command always returns Host is down output.

❯ furious -s connect github.com

Starting scan at 2020-08-29 01:04:42.530665 +0300 +03 m=+0.019277855

Scan results for host 140.82.121.4
	Host is down

Scan complete in 2.110237526s.

Environment Information

❯ go version
go version go1.15 darwin/amd64

❯ brew info libpcap
libpcap: stable 1.9.1 (bottled), HEAD [keg-only]

Added Homebrew libpcap to path

❯ furious --version
furious development version

feature request: add an option to generate structured output

please add an option to generate json or xml structured output, something like that in nmap.

Misses Ports

Any idea why both furious and masscan cannot detect port 80 on: 104.36.195.221?

Router only implemented in linux

I compiled furious for Windows using "go get github.com/liamg/furious"

There are two problems: on "furious -s device host" it gives a DOWN response, but it also shows the MAC address and open ports.
The second problem: when executing "furious host" produces

C:\Users\i.eremeev\go\bin>furious 192.168.2.35

Starting scan at 2019-09-17 09:33:42.3653148 +0700 +07 m=+0.017996401

panic: router only implemented in linux

goroutine 23 [running]:
github.com/google/gopacket/routing.New(...)
C:/Users/i.eremeev/go/pkg/mod/github.com/google/[email protected]/routing/other.go:14
github.com/liamg/furious/scan.(*SynScanner).scanHost(0xc0002aa000, 0xc000280110, 0x10, 0x10, 0xc00025a000, 0x16b4, 0x1c00, 0xc00027c240, 0xc000b0e000, 0x7c6b80, ...)
C:/Users/i.eremeev/go/pkg/mod/github.com/liamg/[email protected]/scan/scan-syn.go:242 +0x269
github.com/liamg/furious/scan.(*SynScanner).Start.func1(0xc0002aa000)
C:/Users/i.eremeev/go/pkg/mod/github.com/liamg/[email protected]/scan/scan-syn.go:74 +0x17a
created by github.com/liamg/furious/scan.(*SynScanner).Start
C:/Users/i.eremeev/go/pkg/mod/github.com/liamg/[email protected]/scan/scan-syn.go:68 +0x4a

liamg / furious Goto Github PK

furious's Introduction

Furious IP/Port Scanner

Install

Options

-s [TYPE] --scan-type [TYPE]

-p [PORTS] --ports [PORTS]

-t [MS] --timout-ms [MS]

-w [COUNT] --workers [COUNT]

-u --up-only

--version

Usage

Find open ports on one or more hosts

Scan a mixture of IPs, hostnames and CIDRs

Run a SYN (stealth) scan (with root privileges)

Run a connect scan as any user

Identify device MAC address and manufacturer within a local network

Troubleshooting

sudo: furious: command not found

SYN/Connect scans are slower than nmap!

furious's People

Contributors

Stargazers

Watchers

Forkers

furious's Issues

Environment Information

Recommend Projects

Recommend Topics

Recommend Org

`-s [TYPE]` `--scan-type [TYPE]`

`-p [PORTS]` `--ports [PORTS]`

`-t [MS]` `--timout-ms [MS]`

`-w [COUNT]` `--workers [COUNT]`

`-u` `--up-only`

`--version`

`sudo: furious: command not found`