[ tiếng Trung Readme]
Dismap positioning is an assetdiscoveryandidentificationtool. It can quickly identify protocols and fingerprint information such as web/tcp/udp, locate asset types, and is suitable for internal and external networks. It assists red team personnel to quickly locate potential risk asset information, and assist blue team personnel to detect Suspected Fragile Assets
Dismap has a complete fingerprint rule base, currently including tcp/udp/tls protocol fingerprints and4500+ web fingerprint rules,which can identify favicon, body, header, etc. The introduction to the rule base is located atRuleLab
Scan results can be directly sent tovulmap(>=0.8) for vulnerability scanning.In version 0.3, the text result has been changed, the json file result has been added, and vulmap will support linkage in >= 1.0
Dismap is a binary file for Linux, MacOS, and Windows. Go toReleaseto download the corresponding version to run:
#Linux or MacOS
zhzyker@debian:~$ chmod +x dismap-0.3-linux-amd64
zhzyker@debian:~$./dismap-0.3-linux-amd64 -h
#Windows
C:\Users\zhzyker\Desktop>dismap-0.3-windows-amd64.exe -h
-f,--filestringParsethetargetfromthespecifiedfileforbatchrecognition
-h,--helpShowhelp
-i,--ipstringNetworksegment[e.g.-i192.168.1.0/24or-i192.168.1.1-10]
-j,--jsonstringScanresultinjsonformat[e.g.-jr.json]
-l,--levelintSpecifyloglevel(0:Fatal1:Error2:Info3:Warning4:Debug5:Verbose) (default3)
-m,--modestringSpecifytheprotocol[e.g.-mmysql/-mhttp]
--ncDonotprintcharactercolors
--npNotuseICMP/PINGtodetectsurvivinghosts
-o,--outputstringSavethescanresultstothespecifiedfile(default"output.txt")
-p,--portstringCustomscanports[e.g.-p80,443or-p1-65535]
--proxystringUseproxyscan,supporthttp/socks5protocol[e.g.--proxysocks5://127.0.0.1:1080]
-t,--threadintNumberofconcurrentthreads(default500)
--timeoutintResponsetimeouttime,thedefaultis5seconds(default5)
--typestringSpecifythetype[e.g.--typetcp/--typeudp]
-u,--uristringSpecifyatargetURI[e.g.-uhttps://example.com]
zhzyker@debian:~$./dismap -i 192.168.1.1/24
zhzyker@debian:~$./dismap -i 192.168.1.1/24 -o result.txt -j result.json
zhzyker@debian:~$./dismap -i 192.168.1.1/24 --np --timeout 10
zhzyker@debian:~$./dismap -i 192.168.1.1/24 -t 1000
zhzyker@debian:~$./dismap -u https://github /zhzyker/dismap
zhzyker@debian:~$./dismap -u mysql://192.168.1.1:3306
zhzyker@debian:~$./dismap -i 192.168.1.1/24 -p 1-65535
- Dismap bug feedback or new feature suggestionclick me
- Twitter:https://twitter /zhzyker
The entire rule base is a struct located inrule.go Rough format:
Rule:
Name:name/* Define rule name */
Type:header|body|ico/* Support recognized types, header, body, ico can be any logical combination, ico is to request favicon.ico separately and calculate MD5*/
Mode:and|or/* Type judgment logic */
Rule
InBody:str/* Specify which str exists in the response body */
InHeader:str/* Specify which str exists in the response Header */
InIcoMd5:str_md5/* MD5 of favicon.ico */
Http:
ReqMethod:GET|POST/* Custom request method, currently supports GET and POST */
ReqPath:str/* Custom request web path */
ReqHeader:[]str/* Customize the header of the Http request */
ReqBody:str/* Customize the body of the POST request */
Example1:
Whether the character<flink-root></flink-root>
exists in the response body
{"Apahce Flink","body","",InStr{"(<flink-root></flink-root>)","",""},ReqHttp{"","",nil,""}},
Example2:
Customize the request path/myportal/control/main
,and determine whether there are header characters and body characters in the result of the custom request
It can be found that all support regular expressions
{"Apache OFBiz","body|header","or",InStr{"(Apache OFBiz|apache.ofbiz)","(Set-Cookie: OFBiz.Visitor=(.*))",""},ReqHttp{"GET","/myportal/control/main",nil,""}},
The logical relationship of header, body, ico can be combined at will, but cannot be combined repeatedly:
Can:"body|header|ico", "or"
or"body|header|ico", "or|and"
or"body|ico", "and"
Can't:"body|body", "or"
Repeated combination is not allowed to be specified by type, but it can be achieved through InBody to determine the character:"body", "", InStr{ "(str1|str2)" }