Many network scanners like Nmap, zmap takes effort and a long time to scan depending on the size of the network, and while there is a learning curve, they are convenient. However, GoScan, an interactive network scanner, automates the tasks and swiftly enumerates the networks and services.
What is GoScan?
GoScan is a network scanner with an interactive interface that automates some Nmap enumeration functions. It has clever tab auto-completion and an SQLite database on the back end to keep connections and data stable even in unreliable circumstances.
It isn’t the same as different community scanners. It’s far greater of a framework constructed on the pinnacle of different equipment for the abstraction and automation of several tasks. GoScan primarily uses Nmap’s port scanning and service enumeration capabilities, employing other port scanners, such as the Nikto scanner. GoScan can perform all the main steps of network scanning:
Host Discovery (ARP + ping sweep) DNS enumeration Service Enumeration Port scanning Domain enumeration
Tool Installation
Build from Source
Clone the repo: Navigate to the GoScan directory and build: Run the following command to create a multi-platform binary:
Install Via Docker
Binary Install
This is the method of installation that is advised. Obtain binary:
Working with GoScan
Ping Sweep
GoScan is simple to use because it has automatic command suggestions and tab completion. Start entering a command, and a suggestion with a description will appear.
We’ll start by loading a target. We can load several IP addresses or, in our case, our target machine’s single IP address: Next, let’s perform a ping sweep:
GoScan first establishes a directory in which the results will be stored. The directory can be set to a different place, although the default is fine. Following that, we can see the Nmap command it uses and performs and the time it takes to complete it. We can see the output in a few different formats if we browse to the newly formed directory where the results are stored.
Port Scan
The port scanning capabilities of GoScan are likely its most powerful feature. When we type portscan, we can see the several types of scans it can perform:
Any information presently stored by GoScan tool can be displayed using the show command. We can view targets:
Enumerate Services
GoScan also allows us to enumerate running services on the target in addition to port scanning. We can see the available modules by typing enumerate, including FINGER, FTP, HTTP, RDP, and SMB.
Each service also includes a few alternatives, such as DRY, which performs a dry run; POLITE, which runs but avoids brute-forcing; and BRUTEFORCE, which runs but avoids brute-forcing.
Special Scans
There are a few specific scans in GoScan that can be useful for reconnaissance. To see the available options, type special at the prompt: The EyeWitness function, which takes screenshots of webpages and VNC servers, is included in the eyewitness scan. The only constraint is that EyeWitness must be installed in the system PATH for it to function. The domain scan can also be used to enumerate domain information such as users, hosts, and servers.
Final Note ✍
While the GoScan tool is quite useful for quickly discovering networks and services, it might be improved in a few areas. First, within the framework, There could be more service enumeration modules like SNMP and SMTP. But overall, GoScan is a fantastic tool that simplifies some Nmap enumeration tasks.