backup/Yasso
1
0
Fork 0
mirror of https://github.com/sairson/Yasso.git synced 2026-02-04 11:04:25 +08:00
Code Issues Projects Releases Wiki Activity

优化代码结构

Browse Source
This commit is contained in:
sairson
2022-01-11 09:06:42 +08:00
parent 29ac430785
commit 97045ecf4e
4 changed files with 87 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@@ -4,9 +4,10 @@
[English Introduce](README_EN.md)
## 介绍 😈
Yasso 将作为一款内网辅助渗透工具集发布,它集合了许多实用功能,来帮助`Red team`成员在内网极端环境下的工具使用以及`Blue team`成员的内网自检,并且程序加入了代理功能以及`ants`的扫描并发,在实现功能的同时追求准确和速度
Yasso 将作为一款内网辅助渗透工具集发布,它集合了许多实用功能,来帮助`Red team`成员在内网极端环境下的工具使用以及`Blue team`成员的内网自检,并且程序加入了代理功能以及`ants`
的扫描并发,在实现功能的同时追求准确和速度
[![asciicast](https://asciinema.org/a/fBxRVxLJ30eVo0dOz2e9mlAZL.svg)](https://asciinema.org/a/fBxRVxLJ30eVo0dOz2e9mlAZL)
@@ -18,13 +19,12 @@ Yasso [模块] [参数1] [参数2] [参数...]
模块里面的 `Flag` 代表当前命令的参数,`Global Flags` 代表全局参数(所有命令都可以用)
## 程序功能模块 👻
## 程序功能模块 👻
2022年1月7日更新 -H 参数均支持ip.txt的导入如下
![image](https://user-images.githubusercontent.com/74412075/148518267-4f72e048-6aee-4ba6-b67d-a447468f2807.png)
目前已有用功能模块 :
<b>all模块: 调用全部模块的完全扫描方式速度更快能力更强ants与并发的完美结合</b>
@@ -57,8 +57,8 @@ Flags:
-i, --icmp Icmp packets are sent to check whether the host is alive(need root)
```
<b>crack模块: 强大的爆破模块和利用工具集 - 子工具集</b>
```
Available Commands:
ftp ftp burst module (support proxy)
@@ -84,6 +84,7 @@ Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
程序主要分为多个子命令功能,每个功能都详细标注了用法,这里详细介绍子功能
<details>
<summary>ftp ftp服务爆破模块 - 支持socks5代理</summary>
@@ -102,6 +103,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -122,6 +124,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -142,6 +145,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -161,6 +165,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -191,6 +196,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -215,6 +221,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -234,6 +241,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -257,6 +265,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -276,6 +285,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -299,6 +309,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -323,6 +334,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
@@ -371,7 +383,6 @@ Flags:
-t, --time duration Set timeout (eg.) -t 50ms(ns,ms,s,m,h) (default 1s)
```
<b>winscan模块: windows主机的netbios识别oxid网卡发现smb主机指纹 - 支持socks5代理</b>
```
@@ -392,14 +403,17 @@ Flags:
```
## 使用例子👿
all 模块的扫描服务调用
```
Yasso.exe all -H 192.168.248.1/24
```
![image](https://user-images.githubusercontent.com/74412075/148240369-14cc4c77-e4f8-4fd1-8faa-e716852d3ed8.png)
mssql 的命令执行提权和WarSQLKit-clr提权Rookit安装卸载执行功能
```
Yasso.exe crack mssql --user sa --pass "admin@123" -c whoami --hostname 192.168.248.128
Yasso.exe crack mssql --user sa --pass "admin@123" -c whoami --hostname 192.168.248.128 --method 2
@@ -408,30 +422,38 @@ Yasso.exe crack mssql --hostname 192.168.248.128 --user sa --pass "admin@123" --
Yasso.exe crack mssql --hostname 192.168.248.128 --user sa --pass "admin@123" --cld "whoami"
Yasso.exe crack mssql --user sa --pass "admin@123" -c whoami --hostname 192.168.248.128 --unkit 1
```
![image](https://user-images.githubusercontent.com/74412075/148234003-8e2ceb59-95c5-4fc3-ad65-501294ddce6b.png)
winrm 的命令执行和交互shell
```
Yasso.exe crack winrm --hostname 192.168.248.128 -c "ipconfig /all" --pass "930517" --user "administrator"
```
![image](https://user-images.githubusercontent.com/74412075/148234337-80fabcef-a333-402d-8e97-e694b89119c0.png)
```
Yasso.exe crack winrm --hostname 192.168.248.128 --shell --pass "930517" --user "administrator"
```
![image](https://user-images.githubusercontent.com/74412075/148234486-037aaf56-fe11-40a0-9781-82b537ef9a37.png)
grdp的强大爆破功能
```
Yasso.exe crack grdp --domain "kilon.local" --pd .\pass.txt --ud .\user.txt -H 192.168.248.128/24 --crack
```
![image](https://user-images.githubusercontent.com/74412075/148234733-fbdc34e7-c73e-49f7-8942-3a1863915213.png)
ssh的交互式登陆
```
Yasso.exe crack ssh --hostname 192.168.248.219 --user root --pass kali
```
![image](https://user-images.githubusercontent.com/74412075/148235003-a72116d3-df9b-4b4e-9523-21d5f8b30e1b.png)
![image](https://user-images.githubusercontent.com/74412075/148235003-a72116d3-df9b-4b4e-9523-21d5f8b30e1b.png)
## 工具优势🤡
@@ -449,9 +471,11 @@ Yasso.exe crack ssh --hostname 192.168.248.219 --user root --pass kali
如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,我们将不承担任何法律及连带责任。
在安装并使用本工具前,请您**务必审慎阅读、充分理解各条款内容**,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。
在安装并使用本工具前,请您**务必审慎阅读、充分理解各条款内容**,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。
除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。
## 工具编写参考链接👀
```
https://github.com/shadow1ng/fscan
https://github.com/k8gege/LadonGo

64
README_EN.md
View File

@@ -6,7 +6,10 @@
## Introduce😈
Yasso will be released as an Intranet assisted penetration tool set, which brings together a number of utility features to help Red Team members use tools in extreme Intranet environments, as well as Intranet self-check for Blue Team members. It also adds proxy functionality and scan concurrency for ants. In the realization of functions at the same time the pursuit of accuracy and speed.
Yasso will be released as an Intranet assisted penetration tool set, which brings together a number of utility features
to help Red Team members use tools in extreme Intranet environments, as well as Intranet self-check for Blue Team
members. It also adds proxy functionality and scan concurrency for ants. In the realization of functions at the same
time the pursuit of accuracy and speed.
[![asciicast](https://asciinema.org/a/fBxRVxLJ30eVo0dOz2e9mlAZL.svg)](https://asciinema.org/a/fBxRVxLJ30eVo0dOz2e9mlAZL)
@@ -16,7 +19,8 @@ The format is
Yasso [模块] [参数1] [参数2] [参数...]
```
In the module, 'Flag' represents the parameters of the current command, and 'Global Flags' represents the Global parameters (all commands can be used).
In the module, 'Flag' represents the parameters of the current command, and 'Global Flags' represents the Global
parameters (all commands can be used).
## Program function module 👻
@@ -26,7 +30,8 @@ In the module, 'Flag' represents the parameters of the current command, and 'Glo
Currently available functional modules:
<b>ALL module: full scan mode of calling all modules, faster and more powerful, perfect combination of ants and concurrency</b>
<b>ALL module: full scan mode of calling all modules, faster and more powerful, perfect combination of ants and
concurrency</b>
```
Usage:
@@ -41,8 +46,8 @@ Flags:
--runtime int Set scanner ants pool thread (default 100)
--time duration Set timeout (default 1s)
```
<b>Ping module: ordinary user can call system ping, root can choose to use ICMP packet</b>
<b>Ping module: ordinary user can call system ping, root can choose to use ICMP packet</b>
```
Use ping or icmp to scanner alive host
@@ -56,6 +61,7 @@ Flags:
-H, --host hosts Set hosts(The format is similar to Nmap)
-i, --icmp Icmp packets are sent to check whether the host is alive(need root)
```
<b>Crack module: Powerful blasting module and utilizing toolset - sub-toolset</b>
```
@@ -84,7 +90,8 @@ Flags:
--ud string user dic path (.eg) user.txt
```
The program is mainly divided into a number of sub-command functions, each function is annotated in detail, here is a detailed introduction of sub-functions
The program is mainly divided into a number of sub-command functions, each function is annotated in detail, here is a
detailed introduction of sub-functions
<details>
<summary>ftp FTP service blowing module - support SOcks5 proxy</summary>
@@ -103,6 +110,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -123,6 +131,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -143,6 +152,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -162,6 +172,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -192,6 +203,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -216,6 +228,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -235,6 +248,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
@@ -259,6 +273,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
<details>
@@ -278,6 +293,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
@@ -303,6 +319,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
@@ -329,6 +346,7 @@ Global Flags:
--timeout duration crack module timeout(.eg) 1s (ns,ms,s,m,h) (default 1s)
--ud string user dic path (.eg) user.txt
```
</details>
@@ -379,7 +397,8 @@ Flags:
-t, --time duration Set timeout (eg.) -t 50ms(ns,ms,s,m,h) (default 1s)
```
<b>winscan module: Windows host netBIOS recognition, OXID network card discovery, SMB host fingerprint - support SOcks5 proxy</b>
<b>winscan module: Windows host netBIOS recognition, OXID network card discovery, SMB host fingerprint - support SOcks5
proxy</b>
```
netbios、smb、oxid scan
@@ -401,13 +420,15 @@ Flags:
## Example👿
Scan service invocation for the ALL module
```
Yasso. Exe all - 192.168.248.1/24 H
```
![image](https://user-images.githubusercontent.com/74412075/148240369-14cc4c77-e4f8-4fd1-8faa-e716852d3ed8.png)
MSSQL commands perform powerlifting and WarSQLKit -CLR Rookit install and uninstall the powerlifting function
```
Yasso.exe crack MSSQL --user sa --pass "admin@123" -c whoami --hostname 192.168.248.128
Yasso.exe crack MSSQL --user sa --pass "admin@123" -c whoami --hostname 192.168.248.128 --method 2
@@ -416,29 +437,37 @@ Yasso.exe crack MSSQL --hostname 192.168.248.128 --user sa --pass "admin@123" --
Yasso.exe crack MSSQL --hostname 192.168.248.128 --user sa --pass "admin@123" -- CLD "whoami"
Yasso.exe crack MSSQL --user sa --pass "admin@123" -c whoami --hostname 192.168.248.128 --unkit 1
```
![image](https://user-images.githubusercontent.com/74412075/148234003-8e2ceb59-95c5-4fc3-ad65-501294ddce6b.png)
Winrm command execution and interactive shell
```
Yasso.exe crack winrm --hostname 192.168.248.128 -c "ipconfig /all" --pass "930517" --user "administrator"
```
![image](https://user-images.githubusercontent.com/74412075/148234337-80fabcef-a333-402d-8e97-e694b89119c0.png)
```
Yasso. Exe crack winrm --hostname 192.168.248.128 --shell --pass "930517" --user "administrator"
```
![image](https://user-images.githubusercontent.com/74412075/148234486-037aaf56-fe11-40a0-9781-82b537ef9a37.png)
grdp's powerful blasting function
```
Yasso. Exe crack GRDP --domain "kilon.local" -- pd.\ pass. TXT -- ud.\ user. TXT -h 192.168.248.129/24 --crack
```
![image](https://user-images.githubusercontent.com/74412075/148234733-fbdc34e7-c73e-49f7-8942-3a1863915213.png)
ssh interactive login
```
Yasso.exe crack SSH --hostname 192.168.248.219 --user root --pass kali
```
![image](https://user-images.githubusercontent.com/74412075/148235003-a72116d3-df9b-4b4e-9523-21d5f8b30e1b.png)
![image](https://user-images.githubusercontent.com/74412075/148235003-a72116d3-df9b-4b4e-9523-21d5f8b30e1b.png)
## Tool advantages 🤡
@@ -446,7 +475,8 @@ Yasso.exe crack SSH --hostname 192.168.248.219 --user root --pass kali
- A large collection of commonly used features, making Yasso not like a regular scanner, but rather a toolset
- Powerful SQL penetration assist functions, providing common Redis, mysql, MSSQL databases such as one key weight and database operations
- Powerful SQL penetration assist functions, providing common Redis, mysql, MSSQL databases such as one key weight and
database operations
- Powerful concurrent blasting, allowing larger dictionaries to gain faster speed
@@ -454,13 +484,21 @@ Yasso.exe crack SSH --hostname 192.168.248.219 --user root --pass kali
## Disclaimer 🧐
This tool is only applicable to enterprise security construction activities legally authorized by. If you need to test the usability of this tool, please build a target machine environment by yourself.
This tool is only applicable to enterprise security construction activities legally authorized by. If you need to test
the usability of this tool, please build a target machine environment by yourself.
When using this tool for testing, ensure that you comply with local laws and regulations and that you have obtained sufficient authorization. <b>It is important not to scan unauthorized targets</b>
If you have any illegal behavior during the use of the tool, you shall bear the corresponding consequences by yourself, and we will not assume any legal and joint liability.
Before installing and using this tool, please <b>carefully read and fully understand the contents of each clause </b>. Restrictions, disclaimers or other clauses related to your significant rights and interests may be highlighted in bold or underlined forms. Do not install and use this tool unless you have fully read, fully understand and accept all terms of this agreement. Your use of this Agreement or your acceptance of this Agreement in any other way, express or implied, shall be deemed that you have read and agreed to be bound by this Agreement.
When using this tool for testing, ensure that you comply with local laws and regulations and that you have obtained
sufficient authorization. <b>It is important not to scan unauthorized targets</b>
If you have any illegal behavior during the use of the tool, you shall bear the corresponding consequences by yourself,
and we will not assume any legal and joint liability. Before installing and using this tool, please <b>carefully read
and fully understand the contents of each clause </b>. Restrictions, disclaimers or other clauses related to your
significant rights and interests may be highlighted in bold or underlined forms. Do not install and use this tool unless
you have fully read, fully understand and accept all terms of this agreement. Your use of this Agreement or your
acceptance of this Agreement in any other way, express or implied, shall be deemed that you have read and agreed to be
bound by this Agreement.
## Tool writing reference link 👀
```
https://github.com/shadow1ng/fscan
https://github.com/k8gege/LadonGo

2
cmd/all.go
View File

@@ -10,7 +10,7 @@ import (
var allCmd = &cobra.Command{
Use: "all",
Short: "Use all scanner module (.attention)\nSome service not support proxy,You might lose it [*]",
Short: "Use all scanner module (.attention) Some service not support proxy,You might lose it [*]",
Run: func(cmd *cobra.Command, args []string) {
if Hosts == "" {
_ = cmd.Help()

4
cmd/resolve.go
View File

@@ -52,13 +52,13 @@ func resolveIP(ip string) ([]string, error) {
var err error
switch footmark {
case "24":
var ip3 = strings.Join(strings.Split(ip[:len(ip)], ".")[0:3], ".")
var ip3 = strings.Join(strings.Split(ip[:], ".")[0:3], ".")
for i := 0; i <= 255; i++ {
temp = append(temp, ip3+"."+strconv.Itoa(i))
}
err = nil
case "16":
var ip2 = strings.Join(strings.Split(ip[:len(ip)], ".")[0:2], ".")
var ip2 = strings.Join(strings.Split(ip[:], ".")[0:2], ".")
for i := 0; i <= 255; i++ {
for j := 0; j <= 255; j++ {
temp = append(temp, ip2+"."+strconv.Itoa(i)+"."+strconv.Itoa(j))