| Follow @lancinimarco

Reading time ~2 minutes

Introducing GoScan (aka a reason to learn Go)

It’s been a while since I wanted to carve the time to learn Go. Everyone seemed to love it, so I wanted to give it a try.

I started by reading The Little Go Book. My reaction after a couple of hours?

I was already in love: many aspects similar to C, concurrency almost transparent to the programmer, etc. The only thing that confused me is how Go treats arrays…

I needed a project to experiment on, so I took the chance to get rid of a bunch of python scripts I used to perform network enumeration during a pentest.

Introducing GoScan

GoScan is an interactive network scanner client, featuring auto-complete, which provides abstraction and automation over nmap.

It can be used to perform host discovery, port scanning, and service enumeration in situations where being stealthy is not a priority, and time is limited (think at CTFs, OSCP, exams, etc.).

demo

Installation and usage instructions can be found on Github.

Historical Tracking in GoScan

Recently I’ve been reading the great “The Hacker Playbook 3” from Peter Kim. In Chapter 2 (“Red Team Recon”) a Lab exercise challenges readers to build a better network diff scanner, able to continuously monitor the target’s network over time. In particular, Peter suggested to implement the following features:

  1. Build a better port list than the default nmap
  2. Keep historical tracking of ports
  3. Implement nmap banners
  4. Build email slerting/notification system

Reading this made me think that GoScan was already able to deal with a similar situation: point 1 was already implemented, point 3 was already in my todo-list, but point 2 caught my eye as a potential nice addition to GoScan. I left point 4 for the future as alerting is not something I needed right now.

In the end, it was pretty straightfoward to extend GoScan to provide support for an historical tracking of ports, which I’ve released in V1.3.

Example

Let’s perform a quick portscan on a sample host:

As you can see different ports have been found as open. Now, let’s stop the webserver running on port 80 and run another scan. You’ll be notified that port is not open anymore:

You will still have the entire history tracked in the supporting database, but the CLI will only report the more recent information collected for every host.

GoScan can be found on Github: https://github.com/marco-lancini/goscan.

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I'm a Security Engineer, previously Security Consultant, mainly interested in: cloud, devops, netsec, appsec...  

Offensive ELK: Elasticsearch for Offensive Security

How traditional defensive tools for Offensive security data analysis have advantages over the traditional grep when parsing and analysing data. Continue reading

Robtex-Go: Go Client for the Robtex API

Published on June 07, 2018

Burp Pro as a Docker Container

Published on February 03, 2018