[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-71460":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":44,"readmeContent":45,"aiSummary":46,"trendingCount":16,"starSnapshotCount":16,"syncStatus":47,"lastSyncTime":48,"discoverSource":49},71460,"scan4all","GhostTroops\u002Fscan4all","GhostTroops","Official repository  vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...","https:\u002F\u002Fscan4all.51pwn.com",null,"Go",6122,717,67,10,0,5,118,57.07,"BSD 3-Clause \"New\" or \"Revised\" License",false,"main",[24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43],"0day","attack","auto","brute-force","bugbounty","bugbounty-tools","golang","hacker","hacktools","nmap","nuclei","pentest-tool","recon","security-scanner","security-tools","ssh","tools","vulnerabilities-scan","vulnerability-detection","vulnerability-scanners","2026-06-11 04:04:56","[![Twitter](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Furl\u002Fhttp\u002FHktalent3135773.svg?style=social)](https:\u002F\u002Ftwitter.com\u002Fintent\u002Ffollow?screen_name=Hktalent3135773) [![Follow on Twitter](https:\u002F\u002Fimg.shields.io\u002Ftwitter\u002Ffollow\u002FHktalent3135773.svg?style=social&label=Follow)](https:\u002F\u002Ftwitter.com\u002Fintent\u002Ffollow?screen_name=Hktalent3135773) [![GitHub Followers](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Ffollowers\u002Fhktalent.svg?style=social&label=Follow)](https:\u002F\u002Fgithub.com\u002Fhktalent\u002F) \u003Ca target=_blank href=\"https:\u002F\u002Fchat.51pwn.com:2083\u002F?cnId=51pwn&atRd=true&stChat=1\">💬\u003C\u002Fa>\n\u003Cp align=\"center\">\n   \u003Ca href=\"\u002FREADME_CN.md\">README_中文\u003C\u002Fa> •\n   \u003Ca href=\"\u002Fstatic\u002FInstallation.md\">Compile\u002FInstall\u002FRun\u003C\u002Fa> •\n   \u003Ca href=\"\u002Fstatic\u002Fusage.md\">Parameter Description\u003C\u002Fa> •\n   \u003Ca href=\"\u002Fstatic\u002Frunning.md\">How to use\u003C\u002Fa> •\n   \u003Ca href=\"\u002Fstatic\u002Fscenario.md\">Scenario\u003C\u002Fa> •\n   \u003Ca href=\"\u002Fstatic\u002Fpocs.md\">POC List\u003C\u002Fa> •\n   \u003Ca href=\"\u002Fstatic\u002Fdevelopment.md\">Custom Scan\u003C\u002Fa> •\n   \u003Ca href=\"\u002Fstatic\u002FNicePwn.md\">Best Practices\u003C\u002Fa>\n\u003C\u002Fp>\n\n# Features\n\n\u003Ch1 align=\"center\">\n\u003Cimg width=\"928\" alt=\"image\" src=\"https:\u002F\u002Fuser-images.githubusercontent.com\u002F18223385\u002F175768227-098c779b-6c5f-48ee-91b1-c56e3daa9c87.png\">\n\u003C\u002Fh1>\n\n- \u003Ca href=https:\u002F\u002Fgithub.com\u002Fhktalent\u002F51Pwn-Platform\u002Fblob\u002Fmain\u002FREADME.md>Free one id Multi-target web netcat for reverse shell\u003C\u002Fa>\n- What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。red team tools\n  Code-level optimization, parameter optimization, and individual modules, such as vscan filefuzz, have been rewritten for these integrated projects.\n  In principle, do not repeat the wheel, unless there are bugs, problems\n- Cross-platform: based on golang implementation, lightweight, highly customizable, open source, supports Linux, windows, mac os, etc.\n- Support [23] password blasting, support custom dictionary, open by \"priorityNmap\": true\n  * RDP\n  * VNC\n  * SSH\n  * Socks5\n  * rsh-spx\n  * Mysql\n  * MsSql\n  * Oracle\n  * Postgresql\n  * Redis\n  * FTP\n  * Mongodb\n  * SMB, also detect MS17-010 (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148), SmbGhost (CVE- 2020-0796)\n  * Telnet\n  * Snmp\n  * Wap-wsp (Elasticsearch)\n  * RouterOs\n  * HTTP BasicAuth(Authorization), contains Webdav、SVN（Apache Subversion） crack\n  * Weblogic, enable nuclei through enableNuclei=true at the same time, support T3, IIOP and other detection\n  * Tomcat\n  * Jboss\n  * Winrm(wsman)\n  * POP3\u002FPOP3S\n- By default, http password intelligent blasting is enabled, and it will be automatically activated when an HTTP password is required, without manual intervention\n- Detect whether there is nmap in the system, and enable nmap for fast scanning through priorityNmap=true, which is enabled by default, and the optimized nmap parameters are faster than masscan\n  Disadvantages of using nmap: Is the network bad, because the traffic network packet is too large, which may lead to incomplete results\n  Using nmap additionally requires setting the root password to an environment variable\n\n```bash  \n  export PPSSWWDD=yourRootPswd \n```\n\n  More references: config\u002FdoNmapScan.sh\n  By default, naabu is used to complete port scanning -stats=true to view the scanning progress\n  Can I not scan Ports?\n```bash\nnoScan=true .\u002Fscan4all -l list.txt -v\n# nmap result default noScan=true \n.\u002Fscan4all -l nmapRssuilt.xml -v\n```\n\n\u003Cimg src=\"\u002Fstatic\u002Fnmap.gif\" width=\"400\">\n\n- Fast 15000+ POC detection capabilities, PoCs include: \n  * nuclei POC\n  ## Nuclei Templates Top 10 statistics\n\n|    TAG    | COUNT |    AUTHOR     | COUNT |    DIRECTORY     | COUNT | SEVERITY | COUNT |  TYPE   | COUNT |\n|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|\n| cve       |  1430 | daffainfo     |   631 | cves             |  1407 | info     |  1474 | http    |  3858 |\n| panel     |   655 | dhiyaneshdk   |   584 | exposed-panels   |   662 | high     |  1009 | file    |    76 |\n| edb       |   563 | pikpikcu      |   329 | vulnerabilities  |   509 | medium   |   818 | network |    51 |\n| lfi       |   509 | pdteam        |   269 | technologies     |   282 | critical |   478 | dns     |    17 |\n| xss       |   491 | geeknik       |   187 | exposures        |   275 | low      |   225 |         |       |\n| wordpress |   419 | dwisiswant0   |   169 | misconfiguration |   237 | unknown  |    11 |         |       |\n| exposure  |   407 | 0x_akoko      |   165 | token-spray      |   230 |          |       |         |       |\n| cve2021   |   352 | princechaddha |   151 | workflows        |   189 |          |       |         |       |\n| rce       |   337 | ritikchaddha  |   137 | default-logins   |   103 |          |       |         |       |\n| wp-plugin |   316 | pussycat0x    |   133 | file             |    76 |          |       |         |       |\n\n**281 directories, 3922 files**.\n* vscan POC\n  * vscan POC includes: xray 2.0 300+ POC, go POC, etc.\n* scan4all POC\n\n- Support 7000+ web fingerprint scanning, identification:\n  * httpx fingerprint\n    * vscan fingerprint\n    * vscan fingerprint: including eHoleFinger, localFinger, etc.\n  * scan4all fingerprint\n\n- Support 146 protocols and 90000+ rule port scanning\n  * Depends on protocols and fingerprints supported by nmap\n- Fast HTTP sensitive file detection, can customize dictionary\n- Landing page detection\n- Supports multiple types of input - STDIN\u002FHOST\u002FIP\u002FCIDR\u002FURL\u002FTXT\n- Supports multiple output types - JSON\u002FTXT\u002FCSV\u002FSTDOUT\n- Highly integratable: Configurable unified storage of results to Elasticsearch [strongly recommended]\n- Smart SSL Analysis:\n  * In-depth analysis, automatically correlate the scanning of domain names in SSL information, such as *.xxx.com, and complete subdomain traversal according to the configuration, and the result will automatically add the target to the scanning list\n  * Support to enable *.xx.com subdomain traversal function in smart SSL information, export EnableSubfinder=true, or adjust in the configuration file\n- Automatically identify the case of multiple IPs associated with a domain (DNS), and automatically scan the associated multiple IPs\n- Smart processing:\n  * 1. When the IPs of multiple domain names in the list are the same, merge port scans to improve efficiency\n  * 2. Intelligently handle http abnormal pages, and fingerprint calculation and learning\n- Automated supply chain identification, analysis and scanning\n- Link python3 \u003Ca href=https:\u002F\u002Fgithub.com\u002Fhktalent\u002Flog4j-scan>log4j-scan\u003C\u002Fa>\n  * This version blocks the bug that your target information is passed to the DNS Log Server to avoid exposing vulnerabilities\n  * Added the ability to send results to Elasticsearch for batch, touch typing\n  * There will be time in the future to implement the golang version\n    how to use?\n```bash\nmkdir ~\u002FMyWork\u002F;cd ~\u002FMyWork\u002F;git clone https:\u002F\u002Fgithub.com\u002Fhktalent\u002Flog4j-scan\n````\n- Intelligently identify honeypots and skip Targets. This function is disabled by default. You can set EnableHoneyportDetection=true to enable\n- Highly customizable: allow to define your own dictionary through config\u002Fconfig.json configuration, or control more details, including but not limited to: nuclei, httpx, naabu, etc.\n- support HTTP Request Smuggling: CL-TE、TE-CL、TE-TE、CL_CL、BaseErr\n  \u003Cimg width=\"968\" alt=\"image\" src=\"https:\u002F\u002Fuser-images.githubusercontent.com\u002F18223385\u002F182503765-1307a634-61b2-4f7e-9631-a4184ec7ac25.png\">\n\n- Support via parameter Cookie='PHPSession=xxxx' .\u002Fscan4all -host xxxx.com, compatible with nuclei, httpx, go-poc, x-ray POC, filefuzz, http Smuggling\n# work process\n\n\u003Cimg src=\"static\u002Fworkflow.jpg\">\n\n# how to install\ndownload from\n\u003Ca href=https:\u002F\u002Fgithub.com\u002FGhostTroops\u002Fscan4all\u002Freleases>Releases\u003C\u002Fa>\n```bash\ngo install github.com\u002FGhostTroops\u002Fscan4all@2.8.9\nscan4all -h\n````\n# how to use\n- 1. Start Elasticsearch, of course you can use the traditional way to output, results\n```bash\nmkdir -p logs data\ndocker run --restart=always --ulimit nofile=65536:65536 -p 9200:9200 -p 9300:9300 -d --name es -v $PWD\u002Flogs:\u002Fusr\u002Fshare\u002Felasticsearch\u002Flogs -v $PWD \u002Fconfig\u002Felasticsearch.yml:\u002Fusr\u002Fshare\u002Felasticsearch\u002Fconfig\u002Felasticsearch.yml -v $PWD\u002Fconfig\u002Fjvm.options:\u002Fusr\u002Fshare\u002Felasticsearch\u002Fconfig\u002Fjvm.options -v $PWD\u002Fdata:\u002F usr\u002Fshare\u002Felasticsearch\u002Fdata hktalent\u002Felasticsearch:7.16.2\n# Initialize the es index, the result structure of each tool is different, and it is stored separately\n.\u002Fconfig\u002FinitEs.sh\n\n# Search syntax, more query methods, learn Elasticsearch by yourself\nhttp:\u002F\u002F127.0.0.1:9200\u002Fnmap_index\u002F_doc\u002F_search?q=_id:192.168.0.111\nwhere 92.168.0.111 is the target to query\n\n````\n- Please install nmap by yourself before use\n  \u003Ca href=https:\u002F\u002Fgithub.com\u002FGhostTroops\u002Fscan4all\u002Fdiscussions>Using Help\u003C\u002Fa>\n```bash\ngo build\n# Precise scan szUrl list UrlPrecise=true\nUrlPrecise=true .\u002Fscan4all -l xx.txt\n# Disable adaptation to nmap and use naabu port to scan its internally defined http-related Ports\npriorityNmap=false .\u002Fscan4all -tp http -list allOut.txt -v\n````\n\n# Work Plan\n- Integrate web-cache-vulnerability-scanner to realize HTTP smuggling smuggling and cache poisoning detection\n- Linkage with metasploit-framework, on the premise that the system has been installed, cooperate with tmux, and complete the linkage with the macos environment as the best practice\n- Integrate more fuzzers \u003C!-- gryffin -->, such as linking sqlmap\n- Integrate chromedp to achieve screenshots of landing pages, detection of front-end landing pages with pure js and js architecture, and corresponding crawlers (sensitive information detection, page crawling)\n- Integrate nmap-go to improve execution efficiency, dynamically parse the result stream, and integrate it into the current task waterfall\n- Integrate ksubdomain to achieve faster subdomain blasting\n- Integrate spider to find more bugs\n- Semi-automatic fingerprint learning to improve accuracy; specify fingerprint name, configure\n\n# Q & A\n- how use Cookie?\n- libpcap related question\n\nmore see: \u003Ca href=https:\u002F\u002Fgithub.com\u002FGhostTroops\u002Fscan4all\u002Fdiscussions>discussions\u003C\u002Fa>\n\n# References \n- https:\u002F\u002Fwww.77169.net\u002Fhtml\u002F312916.html\n- https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F636131542\n- https:\u002F\u002Fgithub.com\u002FGhostTroops\u002Fscan4all\u002Fblob\u002Fmain\u002Fstatic\u002FInstallation.md\n- https:\u002F\u002Fgithub.com\u002FGhostTroops\u002Fscan4all\u002Fblob\u002Fmain\u002Fstatic\u002FNicePwn.md\n- https:\u002F\u002Fgithub.com\u002FGhostTroops\u002Fscan4all\u002Fblob\u002Fmain\u002Fstatic\u002Frunning.md\n- https:\u002F\u002Fwww.google.com\u002Fsearch?client=safari&rls=en&q=%22hktalent%22+%22scan4all%22&ie=UTF-8&oe=UTF-8#ip=1\n\n# Thanks Donors\n- \u003Ca href=https:\u002F\u002Fgithub.com\u002Ffreeload101 target=_blank>@freeload101\u003C\u002Fa>\n- \u003Ca href=https:\u002F\u002Fgithub.com\u002Fb1win0y target=_blank>@b1win0y\u003C\u002Fa>\n- \u003Ca href=https:\u002F\u002Fgithub.com\u002FBL4CKR4Y target=_blank>@BL4CKR4Y\u003C\u002Fa>\n\n# Contributors\nhttps:\u002F\u002Fgithub.com\u002FGhostTroops\u002Fscan4all\u002Fgraphs\u002Fcontributors\n\n# Changelog\n- 2023-10-01 Optimize support for nuclei@latest\n- 2022-07-28 Added substr and aes_cbc dsl helper by me nuclei v2.7.7\n- 2022-07-20 fix and PR nuclei #2301 Concurrent multi-instance bug\n- 2022-07-20 add web cache vulnerability scanner\n- 2022-07-19 PR nuclei #2308 add dsl function: substr aes_cbc\n- 2022-07-19 Add dcom Protocol enumeration network interfaces\n- 2022-06-30 Embedded integrated private version nuclei-templates A total of 3744 YAML POC; 1. Integrate Elasticsearch to store intermediate results 2. Embed the entire config directory into the program\n- 2022-06-27 Optimize fuzzy matching to improve accuracy and robustness; integrate ksubdomain progress\n- 2022-06-24 Optimize fingerprint algorithm; add workflow chart\n- 2022-06-23 Added parameter ParseSSl to control the default of not deeply analyzing DNS information in SSL and not scanning DNS in SSL by default; Optimization: nmap does not automatically add .exe bug; Optimize the bug of cache files under Windows not optimizing the size\n- 2022-06-22 Integrated weak password detection and password blasting for 11 protocols: ftp, mongodb, mssql, mysql, oracle, postgresql, rdp, redis, smb, ssh, telnet, and optimized support for plug-in password dictionary\n- 2022-06-20 Integrate Subfinder, domain name blasting, startup parameter export EnableSubfinder=true, note that it is very slow after startup; automatic deep drilling of domain name information in the ssl certificate allows you to define your own dictionary through config\u002Fconfig.json configuration, or set related switch\n- 2022-06-17 Optimize the situation where one domain name has multiple IPs. All IPs will be port scanned, and then follow the subsequent scanning process.\n- 2022-06-15 This version adds several weblogic password dictionaries and webshell dictionaries obtained in past actual combat\n- 2022-06-10 Complete the integration of the core, including of course the integration of the core template\n- 2022-06-07 Add similarity algorithm to detect 404\n- 2022-06-07 Added http url list precision scanning parameters, turned on according to the environment variable UrlPrecise=true\n\n# Communication group (WeChat, QQ，Tg)\n| Wechat | Or | QQchat | Or | Tg |\n| --- |--- |--- |--- |--- |\n|\u003Cimg width=166 src=https:\u002F\u002Fgithub.com\u002Fhktalent\u002Fscan4all\u002Fblob\u002Fmain\u002Fstatic\u002Fwcq.JPG>||\u003Cimg width=166 src=https:\u002F\u002Fgithub.com\u002Fhktalent\u002Fscan4all\u002Fblob\u002Fmain\u002Fstatic\u002Fqqc.jpg>||\u003Cimg width=166 src=https:\u002F\u002Fgithub.com\u002Fhktalent\u002Fscan4all\u002Fblob\u002Fmain\u002Fstatic\u002Ftg.jpg>|\n\n\n## 💖Star\n[![Stargazers over time](https:\u002F\u002Fstarchart.cc\u002Fhktalent\u002Fscan4all.svg)](https:\u002F\u002Fstarchart.cc\u002Fhktalent\u002Fscan4all)\n\n# Donation\n| Wechat Pay | AliPay | Paypal | BTC Pay |BCH Pay |\n| --- | --- | --- | --- | --- |\n|\u003Cimg src=https:\u002F\u002Fraw.githubusercontent.com\u002Fhktalent\u002Fmyhktools\u002Fmain\u002Fmd\u002Fwc.png>|\u003Cimg width=166 src=https:\u002F\u002Fraw.githubusercontent.com\u002Fhktalent\u002Fmyhktools\u002Fmain\u002Fmd\u002Fzfb.png>|[paypal](https:\u002F\u002Fwww.paypal.me\u002Fpwned2019) **miracletalent@gmail.com**|\u003Cimg width=166 src=https:\u002F\u002Fraw.githubusercontent.com\u002Fhktalent\u002Fmyhktools\u002Fmain\u002Fmd\u002FBTC.png>|\u003Cimg width=166 src=https:\u002F\u002Fraw.githubusercontent.com\u002Fhktalent\u002Fmyhktools\u002Fmain\u002Fmd\u002FBCH.jpg>|\n\n","scan4all 是一个集成化的漏洞扫描工具，能够执行超过15000个PoC漏洞检测、23种应用程序密码破解以及7000多个Web指纹识别。它支持146种协议和90000多条规则的端口扫描，并具备模糊测试和硬件安全评估功能。该工具基于Go语言开发，具有跨平台特性，支持Linux、Windows和macOS等操作系统，轻量级且高度可定制。scan4all 适用于红队渗透测试、Bug Bounty项目及网络安全审计等多种场景，其核心优势在于自动化程度高、智能化操作以及对现有工具如vscan、nuclei的优化整合。",2,"2026-06-11 03:37:48","high_star"]