MCPcopy Index your code
hub / github.com/H3rmesk1t/Predator

github.com/H3rmesk1t/Predator @v1.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.0 ↗ · + Follow
498 symbols 1,374 edges 114 files 14 documented · 3%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Predator

简介

参考Fscan等扫描工具开发的一款综合扫描工具(由于是练习GO写工具的产出,可能存在很多Bug) - 重构项目结构,基于net/http封装自定义网络请求包 - 对常见组件及WEB应用漏洞采取go形式poc扫描,yml形式poc支持raw解析,采用X-ray格式 - 删除部分功能,例如:WMIExec、MS17010 EXP、Http/Socks5 Proxy、SSH命令执行、Redis后利用等 - 去除常见服务爆破时error输出信息 - 默认扫描结果文件名优化 - 完善爆破用户名、密码,服务分组端口等 - 完善常见组件及WEB应用等指纹识别 - 融入NetSpy工具 - ......

使用方法

# 扫描模块使用
./Predator scan -h 127.0.0.1 -noping

# 探测网段可达
./Predator spy -sm icmp
Usage: Predator Command

Scan : comprehensive scanning of internal and external network assets.
  -ap string
        add port base DefaultPorts, -pa 3389
  -apwd string
        add a password base DefaultPasswords, -apwd xxx
  -auser string
        add a user base DefaultUsers, -auser xxx
  -br int
        brute threads when scan, -br (default 5)
  -cookie string
        set pocs cookie, -cookie rememberMe=login
  -dc string
        smb domain, -dc xxx
  -debug int
        every time to LogErr, -debug xxx (default 60)
  -dns
        using dnslog pocs, -dns
  -fastjson
        check fastjson vuln, -fastjson
  -h string
        select target address of the host to scan, for example: 192.168.1.1 | 192.168.1.1-255 | 192.168.1.1,192.168.1.2
  -hash string
        set hash, -hash xxx
  -hf string
        use host file, -hf ip.txt
  -log4
        check log4j2 vuln, -log4
  -m string
        select scan type, -m ssh (default "all")
  -nc
        no color cli, -nc
  -nh string
        set the hosts no scan, -hn 192.168.1.1/24
  -nobp
        not to brute password, -bp
  -noping
        not to ping, -noping
  -nopoc
        not to scan web vul, -nopoc
  -nosave
        not to save output log, -nosave
  -np string
        the ports no scan, -pn 445
  -num int
        pocs rate, -num xxx (default 25)
  -o string
        output results to file, -o xxx (default "output.txt")
  -p string
        select port to scan, for example: 22 | 1-65535 | 22,80,3306 (default "21,22,23,80,81,88,135,139,143,389,443,445,1433,1521,2171,2181,2375,3306,3389,4444,5432,5632,5900,5984,6379,6443,7001,8000,8061,8080,8081,8086,8088,8089,8161,8443,8848,8888,9000,9043,9080,9090,9200,9300,10051,10250,11211,15672,27018,50070")
  -pf string
        use port File, -pf port.txt
  -ping
        use ping replace icmp, -ping
  -pocf string
        use pocs file path, -pf pocs.txt
  -pocname string
        use the pocs these contain pocname, -pocname weblogic
  -pwd string
        password, -pwd xxx
  -pwdf string
        use password file, -pwdf pwd.txt
  -s    silent scan, -s
  -sk string
        sshkey file (id_rsa), -sk xxx
  -springboot
        check springboot vuln. -springboot
  -thread int
        thread nums when scan, -thread xxx (default 600)
  -time int
        set timeout when scan, -time xxx (default 5)
  -top int
        show live len top, -top xxx (default 10)
  -u string
        url, -u url
  -uf string
        urlfile, -uf url.txt
  -user string
        username, -user xxx
  -userf string
        use username file, -userf user.txt
  -wt int
        set web timeout, -wt xxx (default 3)

Spy : quickly detect reachable network segments on the internal network.
  -sc string
        specify detection CIDR (for example: 172.16.0.0/12)
  -sd
        show debugging information (default: false)
  -se string
        specify the last number of the IP (default: 1, 254, 2, 255)
  -sf
        force detection of all generated IPs (default: false)
  -sm string
        icmp protocol to spy, use icmp/ping/tcp/udp
  -so string
        the path to save the surviving network segment results (default: spy.txt) (default "spy.txt")
  -sr int
        the number of digits at the end of the IP random number (default: 1) (default 1)
  -ssi
        only show surviving network segments (default: false)
  -ssp
        whether to detect special intranets (default: false)
  -st int
        number of echo request messages be sent (default: 1) (default 1)
  -sth int
        number of concurrencies (default: 50) (default 50)
  -sto int
        packet sending timeout in milliseconds (default: 100) (default 100)
  -stp string
        specify tcp port to spy (default: 21, 22, 23, 80, 135, 139, 443, 445, 3389, 8080) (default "21,22,23,80,135,139,443,445,3389,8080")
  -sup string
        specify udp port to spy (default: 53, 123, 137, 161, 520, 523, 1645, 1701, 1900, 5353) (default "53,123,137,161,520,523,1645,1701,1900,5353")
  -sx
        rapid detection mode (default: false)

示例截图

Extension points exported contracts — how you extend this code

RequestMiddleware (FuncType)
RequestMiddleware type is for request middleware, called before a request is sent
pkg/xhttp/client.go
RequestFuncType (FuncType)
(no doc)
module/v1/ymlpoc/ymlcheck.go
ResponseMiddleware (FuncType)
ResponseMiddleware type is for response middleware, called after a response has been received
pkg/xhttp/client.go
RequestFuncType (FuncType)
(no doc)
module/v1/ymlpoc/cel/cel.go
QPSLimiter (Interface)
(no doc)
pkg/xhttp/limiter.go
WaitFunc (FuncType)
(no doc)
pkg/xhttp/limiter.go

Core symbols most depended-on inside this repo

HttpRequset
called by 88
pkg/utils/gohttp.go
LogSuccess
called by 77
pkg/utils/log.go
Close
called by 48
module/v1/jndi/server.go
Wait
called by 15
pkg/xhttp/limiter.go
Do
called by 12
pkg/xhttp/client.go
WrapperTcpWithTimeout
called by 11
pkg/xhttp/wrapper.go
SetHeader
called by 11
pkg/xhttp/request.go
RandInt
called by 10
pkg/common/parse.go

Shape

Function 308
Method 137
Struct 43
FuncType 7
TypeAlias 2
Interface 1

Languages

Go100%

Modules by API surface

module/v1/ymlpoc/structs/requests.pb.go82 symbols
pkg/xhttp/request.go36 symbols
pkg/xhttp/client.go19 symbols
pkg/xhttp/response.go13 symbols
module/v1/ymlpoc/lib/requests.go12 symbols
module/v1/web.go12 symbols
module/v1/gopoc/tomcat/CVE_2020_1938.go12 symbols
module/v1/ymlpoc/cel/cel.go11 symbols
module/v1/jndi/server.go11 symbols
module/v1/icmp.go11 symbols
api/plugin/netbios/netbios.go11 symbols
pkg/common/parse.go10 symbols

Datastores touched

(mysql)Database · 1 repos
fooDatabase · 1 repos

For agents

$ claude mcp add Predator \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact