| Follow @lancinimarco

Reading time ~2 minutes

Introducing GoScan (aka a reason to learn Go)

It’s been a while since I wanted to carve the time to learn Go. Everyone seemed to love it, so I wanted to give it a try.

I started by reading The Little Go Book. My reaction after a couple of hours?

I was already in love: many aspects similar to C, concurrency almost transparent to the programmer, etc. The only thing that confused me is how Go treats arrays…

I needed a project to experiment on, so I took the chance to get rid of a bunch of python scripts I used to perform network enumeration during a pentest.

This post is now outdated, please refer to GoScan v2.

Introducing GoScan

GoScan is an interactive network scanner client, featuring auto-complete, which provides abstraction and automation over nmap.

It can be used to perform host discovery, port scanning, and service enumeration in situations where being stealthy is not a priority, and time is limited (think at CTFs, OSCP, exams, etc.).

demo

Installation and usage instructions can be found on Github.

Historical Tracking in GoScan

Recently I’ve been reading the great “The Hacker Playbook 3” from Peter Kim. In Chapter 2 (“Red Team Recon”) a Lab exercise challenges readers to build a better network diff scanner, able to continuously monitor the target’s network over time. In particular, Peter suggested to implement the following features:

  1. Build a better port list than the default nmap
  2. Keep historical tracking of ports
  3. Implement nmap banners
  4. Build email slerting/notification system

Reading this made me think that GoScan was already able to deal with a similar situation: point 1 was already implemented, point 3 was already in my todo-list, but point 2 caught my eye as a potential nice addition to GoScan. I left point 4 for the future as alerting is not something I needed right now.

In the end, it was pretty straightfoward to extend GoScan to provide support for an historical tracking of ports, which I’ve released in V1.3.

Example

Let’s perform a quick portscan on a sample host:

As you can see different ports have been found as open. Now, let’s stop the webserver running on port 80 and run another scan. You’ll be notified that port is not open anymore:

You will still have the entire history tracked in the supporting database, but the CLI will only report the more recent information collected for every host.

GoScan can be found on Github: https://github.com/marco-lancini/goscan.

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I'm a Security Engineer, mainly interested in cloud native technologies, devops, and network security...  

Currently Working On

Currently, my areas of focus are two: cloud native tech and red teaming. Here is a short list of what I’m currently working on in my spare time.

  1. Cloud Native Tech
    • Cloud Security (AWS, Azure, GCP)
    • Container Security (docker, kubernetes)
      1. So I Heard You Want to Learn Kubernetes -- An attempt to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.
      2. My Arsenal of Cloud Native (Security) Tools -- A curated list of (security) tools that can help assessing the security of AWS, Docker, Kubernetes, and even Git repositories.
    • Infrastructure-as-Code (Consul, Vault, Packer, Terraform, Ansible)
      1. Docker + Consul + Vault: A Practical Guide -- How to use docker-compose to spin up a Vault instance backed by Consul.
      2. Offensive Infrastructure with Modern Technologies -- An N-part blog post series, to record my journey and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
  2. Red Teaming
    • Techniques
      1. Red Teaming Mind Map from The Hacker Playbook 3 -- A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.
    • Tooling
      1. Offensive ELK -- Custom Elasticsearch setup, aiming to show how traditional defensive tools can be effectively used for offensive security data analysis, helping your team collaborate and triage scan results.
      2. GoScan -- An interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.
      3. Robtex-Go -- A library that provides a little wrapper over such APIs, and can be quickly integrated in any other Go codebase.
Continue reading