dismap

module

v0.0.0-...-bb670d2 Latest Latest Go to latest Published: Jan 22, 2024 License: GPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

🌀 Dismap - Asset discovery and identification tool

GitHub Repo stars GitHub forks GitHub all release
[中文 Readme]
Dismap positioning is an asset discovery and identification tool. It can quickly identify protocols and fingerprint information such as web/tcp/udp, locate asset types, and is suitable for internal and external networks. It assists red team personnel to quickly locate potential risk asset information, and assist blue team personnel to detect Suspected Fragile Assets

Dismap has a complete fingerprint rule base, currently including tcp/udp/tls protocol fingerprints and 4500+ web fingerprint rules, which can identify favicon, body, header, etc. The introduction to the rule base is located at RuleLab

~~Scan results can be directly sent to vulmap(>=0.8) for vulnerability scanning.~~ In version 0.3, the text result has been changed, the json file result has been added, and vulmap will support linkage in >= 1.0

🏂 Run

Dismap is a binary file for Linux, MacOS, and Windows. Go to Release to download the corresponding version to run:

# Linux or MacOS
zhzyker@debian:~$ chmod +x dismap-0.3-linux-amd64
zhzyker@debian:~$ ./dismap-0.3-linux-amd64 -h

# Windows
C:\Users\zhzyker\Desktop> dismap-0.3-windows-amd64.exe -h

🎡 Options

  -f, --file string     Parse the target from the specified file for batch recognition
  -h, --help            Show help
  -i, --ip string       Network segment [e.g. -i 192.168.1.0/24 or -i 192.168.1.1-10]
  -j, --json string     Scan result in json format [e.g. -j r.json]
  -l, --level int       Specify log level (0:Fatal 1:Error 2:Info 3:Warning 4:Debug 5:Verbose) (default 3)
  -m, --mode string     Specify the protocol [e.g. -m mysql/-m http]
      --nc              Do not print character colors
      --np              Not use ICMP/PING to detect surviving hosts
  -o, --output string   Save the scan results to the specified file (default "output.txt")
  -p, --port string     Custom scan ports [e.g. -p 80,443 or -p 1-65535]
      --proxy string    Use proxy scan, support http/socks5 protocol [e.g. --proxy socks5://127.0.0.1:1080]
  -t, --thread int      Number of concurrent threads (default 500)
      --timeout int     Response timeout time, the default is 5 seconds (default 5)
      --type string     Specify the type [e.g. --type tcp/--type udp]
  -u, --uri string      Specify a target URI [e.g. -u https://example.com]

🎨 Examples

zhzyker@debian:~$ ./dismap -i 192.168.1.1/24
zhzyker@debian:~$ ./dismap -i 192.168.1.1/24 -o result.txt -j result.json
zhzyker@debian:~$ ./dismap -i 192.168.1.1/24 --np --timeout 10
zhzyker@debian:~$ ./dismap -i 192.168.1.1/24 -t 1000
zhzyker@debian:~$ ./dismap -u https://github.com/zhzyker/dismap
zhzyker@debian:~$ ./dismap -u mysql://192.168.1.1:3306
zhzyker@debian:~$ ./dismap -i 192.168.1.1/24 -p 1-65535

⛪ Discussion

Dismap bug feedback or new feature suggestion click me
Twitter: https://twitter.com/zhzyker

🌈 RuleLab

The entire rule base is a struct located in rule.go Rough format：

Rule:
Name: name /* Define rule name */
Type: header|body|ico  /* Support recognized types, header, body, ico can be any logical combination, ico is to request favicon.ico separately and calculate MD5*/
Mode: and|or /* Type judgment logic */
Rule
InBody: str  /* Specify which str exists in the response body */
InHeader: str  /* Specify which str exists in the response Header */
InIcoMd5: str_md5  /* MD5 of favicon.ico */
Http:
ReqMethod: GET|POST  /* Custom request method, currently supports GET and POST */
ReqPath: str  /* Custom request web path */
ReqHeader: []str  /* Customize the header of the Http request */
ReqBody: str  /* Customize the body of the POST request */

Example1:

Whether the character <flink-root></flink-root> exists in the response body

{"Apahce Flink", "body", "", InStr{"(<flink-root></flink-root>)", "", ""}, ReqHttp{"", "", nil, ""}},

Example2:

Customize the request path /myportal/control/main, and determine whether there are header characters and body characters in the result of the custom request
It can be found that all support regular expressions

{"Apache OFBiz", "body|header", "or", InStr{"(Apache OFBiz|apache.ofbiz)", "(Set-Cookie: OFBiz.Visitor=(.*))", ""}, ReqHttp{"GET", "/myportal/control/main", nil, ""}},

The logical relationship of header, body, ico can be combined at will, but cannot be combined repeatedly:

Can: "body|header|ico", "or" or "body|header|ico", "or|and" or "body|ico", "and"
Can't: "body|body", "or"
Repeated combination is not allowed to be specified by type, but it can be achieved through InBody to determine the character: "body", "", InStr{"(str1|str2)"}

Directories ¶

Path	Synopsis
cmd
dismap
configs
internal
flag
operate
output
parse
protocol
protocol/get
protocol/judge
proxy
pkg
logger

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL