Introducing GoScan (aka a reason to learn Go)

It’s been a while since I wanted to carve the time to learn Go. Everyone seemed to love it, so I wanted to give it a try.

I started by reading The Little Go Book. My reaction after a couple of hours?

Currently learning @golang. I see now why many people are switching to it. Time to ditch python?

— Marco Lancini (@lancinimarco) May 7, 2018

I was already in love: many aspects similar to C, concurrency almost transparent to the programmer, etc. The only thing that confused me is how Go treats arrays…

I needed a project to experiment on, so I took the chance to get rid of a bunch of python scripts I used to perform network enumeration during a pentest.

This post is now outdated, please refer to GoScan v2.

Introducing GoScan

GoScan is an interactive network scanner client, featuring auto-complete, which provides abstraction and automation over nmap.

It can be used to perform host discovery, port scanning, and service enumeration in situations where being stealthy is not a priority, and time is limited (think at CTFs, OSCP, exams, etc.).

Installation and usage instructions can be found on Github.

Historical Tracking in GoScan

Recently I’ve been reading the great “The Hacker Playbook 3” from Peter Kim. In Chapter 2 (“Red Team Recon”) a Lab exercise challenges readers to build a better network diff scanner, able to continuously monitor the target’s network over time. In particular, Peter suggested to implement the following features:

1. Build a better port list than the default nmap
2. Keep historical tracking of ports
3. Implement nmap banners
4. Build email slerting/notification system

Reading this made me think that GoScan was already able to deal with a similar situation: point 1 was already implemented, point 3 was already in my todo-list, but point 2 caught my eye as a potential nice addition to GoScan. I left point 4 for the future as alerting is not something I needed right now.

In the end, it was pretty straightforward to extend GoScan to provide support for an historical tracking of ports, which I’ve released in V1.3.

Example

Let’s perform a quick portscan on a sample host:

As you can see different ports have been found as open. Now, let’s stop the webserver running on port 80 and run another scan. You’ll be notified that port is not open anymore:

You will still have the entire history tracked in the supporting database, but the CLI will only report the more recent information collected for every host.

GoScan can be found on Github: https://github.com/marco-lancini/goscan.