还是满足国人的需求

Author: x51pwn

README.md

@@ -1,64 +1,66 @@
 <p align="center">
-   <a href="/static/Installation.md">Compile/Install/Run</a> •
-   <a href="/static/usage.md">Parameter Description</a> •
-   <a href="/static/running.md">How To</a> •
-   <a href="/static/scenario.md">Scenario</a> •
-   <a href="/static/pocs.md">POC List</a> •
-   <a href="/static/development.md">Custom Scanner</a>
+   <a href="/static/Installation.md">编译/安装/运行</a> •
+   <a href="/static/usage.md">参数说明</a> •
+   <a href="/static/running.md">如何使用</a> •
+   <a href="/static/scenario.md">使用场景</a> •
+   <a href="/static/pocs.md">POC列表</a> •
+   <a href="/static/development.md">自定义扫描</a>
+  <a href="/README_EN.md">README_EN</a>
 </p>
 
-# Features
+# 特性
 
 <h1 align="center">
 <img width="966" alt="image" src="https://user-images.githubusercontent.com/18223385/175191886-aec31972-d81b-46f4-b6ac-70debd2508e7.png">
 </h1>
 
-- Fast port scan, fingerprint detection function
-- Fast login password blasting function
-- Fast POC detection function
-- Fast sensitive file detection
-- Lightweight, open source, cross-platform use
-- Supports multiple types of input - STDIN/HOST/IP/CIDR/URL/TXT
-- Supports multiple types of output - JSON/TXT/CSV/STDOUT
-## New features controlled by configuration files, environment variables
-- url list with context path, enable precise scan UrlPrecise=true ./main -l xx.txt
-- Enable smart subdomain traversal, export EnableSubfinder=true
-- Automatically identify the situation that a domain (DNS) is associated with multiple IPs, and automatically scan the associated multiple IPs
-- Preprocessing, when multiple domain names in the list have the same ip, port scans are merged to improve efficiency
-- In-depth analysis, automatic correlation scan: automatically obtain domain name information in ssl, in the case of *.xxx.com, and configured to allow automatic subdomain traversal, the subdomain traversal will be automatically completed, and the target will be added to the scan list
-- When the input target (target) is ip, all domain names, fingerprint information, historical port information will be automatically associated from the 51pwn cloud, and processed (the cloud service function requires authorization)
-- Automated supply chain analysis and scanning, which requires authorization to use
-- Allows to define your own dictionary through config/config.json configuration, or set related switches, you can define several Options for nuclei, httx, naabu here
-# Implementation process
-- 0. [Subdomain] integrates Subfinder, export EnableSubfinder=true starts, automatically drills deep into the domain name information in the ssl certificate
-- 1. [Port Scanning] Integrate naabu (2.1k), the official product of Nuclei, the famous name Dingding
-- 2. [Service Identification] naabu calls the nmap installed by the system, please install nmap yourself first
-- 3. [Fingerprint recognition] nmap + integrated and optimized EHole (1.4k), and will continue to integrate more fingerprint recognition later
-- 4. [Web Scanning] Integrated httpx (3.2k), officially produced by Nuclei, the famous name Dingding
-- 5. [Vulnerability Scanning]
-    * Integrated nuclei (8.6k) + nuclei-templates (4.5k optimized version, https://github.com/hktalent/nuclei-templates)
-    * Integrated xray 2.0 (6.9k), a total of 354 POCs
-    * scan4all itself implements 8 fuzz components, and at the same time implements vulnerability detection that integrates 14 types of common components
-# How Install
+- 快速端口扫描，指纹检测功能
+- 快速登录密码爆破功能
+- 快速POC检测功能
+- 快速敏感文件检测
+- 轻量级、开源、跨平台使用
+- 支持多种类型的输入 - STDIN/HOST/IP/CIDR/URL/TXT
+- 支持多种输出类型 - JSON/TXT/CSV/STDOUT
+
+## 由配置文件、环境变量控制的新特性
+- 带有上下文路径的url列表，启用精确扫描 UrlPrecise=true ./main -l xx.txt
+- 开启智能子域遍历， 导出 EnableSubfinder=true
+- 自动识别域（DNS）关联多个IP的情况，并自动扫描关联的多个IP
+- 预处理，当列表中多个域名的ip相同时，合并端口扫描，提高效率
+- 深入分析，自动关联扫描：自动获取ssl中的域名信息，如*.xxx.com，并配置允许自动子域遍历，子域遍历自动完成，添加目标到扫描列表
+- 当输入目标（target）为ip时，所有域名、指纹信息、历史端口信息都会从51pwn云自动关联，并进行处理（云服务功能需要授权）
+- 自动化供应链分析和扫描，需要授权才能使用
+- 允许通过config/config.json配置定义自己的字典，或者设置相关的开关，可以在这里定义nuclei、httx、naabu的几个Options
+# 实现过程
+- 0.【Subdomain】集成Subfinder，导出EnableSubfinder=true启动，自动深挖ssl证书中的域名信息
+- 1.【端口扫描】集成Nuclei官方产品naabu(2.1k)，大名鼎鼎
+- 2.【服务识别】naabu调用系统安装的nmap，请先自行安装nmap
+- 3.【指纹识别】nmap+集成优化的EHole（1.4k），后续会继续集成更多指纹识别
+- 4.【网页扫描】集成httpx（3.2k），Nuclei官方出品，大名鼎鼎
+- 5.【漏洞扫描】
+  * 集成核（8.6k）+核模板（4.5k优化版，https://github.com/hktalent/nuclei-templates）
+  * 集成 xray 2.0 (6.9k)，共 354 个 POC
+  * scan4all本身实现了8个fuzz组件，同时实现了集成14类常用组件的漏洞检测
+# 如何安装
 ```bash
 go install github.com/hktalent/[email protected]
 scan4all -h
 ```
-# How use
-Please install nmap by yourself before use
+# 如何使用
+使用前请自行安装nmap
 ```bash
 go build -o scan4all main.go
 # or
 go build
-# Precise scanning UrlPrecise=true
+# 精准扫描 url列表 UrlPrecise=true
 UrlPrecise=true ./scan4all -l xx.txt
 ```
 
-# changelog
-- 2022-06-20 Integrated Subfinder, domain name blasting, startup parameter export EnableSubfinder=true, note that it is very slow after startup; automatic deep drilling of domain name information in ssl certificate
-  Allows to define your own dictionary through config/config.json configuration, or set related switches
-- 2022-06-17 Optimize the case of multiple IPs in one domain name, all IPs will be port scanned, and then follow the subsequent scanning process
-- 2022-06-15 This version adds several weblogic password dictionaries and webshell dictionaries obtained in actual combat in the past
-- 2022-06-10 Complete the integration of nuclei, including the integration of nuclei templates of course
-- 2022-06-07 Added similarity algorithm to detect 404
-- 2022-06-07 Added the http url list precise scan parameter, which is enabled based on the environment variable UrlPrecise=true
+# 变更日志
+- 2022-06-20 集成Subfinder，域名爆破，启动参数导出EnableSubfinder=true，注意启动后很慢； ssl证书中域名信息的自动深度钻取
+  允许通过 config/config.json 配置定义自己的字典，或设置相关开关
+- 2022-06-17 优化一个域名多个IP的情况，所有IP都会被端口扫描，然后按照后续的扫描流程
+- 2022-06-15 此版本增加了过去实战中获得的几个weblogic密码字典和webshell字典
+- 2022-06-10 完成核的整合，当然包括核模板的整合
+- 2022-06-07 添加相似度算法来检测 404
+- 2022-06-07 增加http url列表精准扫描参数，根据环境变量UrlPrecise=true开启

README_EN.md

@@ -0,0 +1,64 @@
+<p align="center">
+   <a href="/static/Installation.md">Compile/Install/Run</a> •
+   <a href="/static/usage.md">Parameter Description</a> •
+   <a href="/static/running.md">How To</a> •
+   <a href="/static/scenario.md">Scenario</a> •
+   <a href="/static/pocs.md">POC List</a> •
+   <a href="/static/development.md">Custom Scanner</a>
+</p>
+
+# Features
+
+<h1 align="center">
+<img width="966" alt="image" src="https://user-images.githubusercontent.com/18223385/175191886-aec31972-d81b-46f4-b6ac-70debd2508e7.png">
+</h1>
+
+- Fast port scan, fingerprint detection function
+- Fast login password blasting function
+- Fast POC detection function
+- Fast sensitive file detection
+- Lightweight, open source, cross-platform use
+- Supports multiple types of input - STDIN/HOST/IP/CIDR/URL/TXT
+- Supports multiple types of output - JSON/TXT/CSV/STDOUT
+## New features controlled by configuration files, environment variables
+- url list with context path, enable precise scan UrlPrecise=true ./main -l xx.txt
+- Enable smart subdomain traversal, export EnableSubfinder=true
+- Automatically identify the situation that a domain (DNS) is associated with multiple IPs, and automatically scan the associated multiple IPs
+- Preprocessing, when multiple domain names in the list have the same ip, port scans are merged to improve efficiency
+- In-depth analysis, automatic correlation scan: automatically obtain domain name information in ssl, in the case of *.xxx.com, and configured to allow automatic subdomain traversal, the subdomain traversal will be automatically completed, and the target will be added to the scan list
+- When the input target (target) is ip, all domain names, fingerprint information, historical port information will be automatically associated from the 51pwn cloud, and processed (the cloud service function requires authorization)
+- Automated supply chain analysis and scanning, which requires authorization to use
+- Allows to define your own dictionary through config/config.json configuration, or set related switches, you can define several Options for nuclei, httx, naabu here
+# Implementation process
+- 0. [Subdomain] integrates Subfinder, export EnableSubfinder=true starts, automatically drills deep into the domain name information in the ssl certificate
+- 1. [Port Scanning] Integrate naabu (2.1k), the official product of Nuclei, the famous name Dingding
+- 2. [Service Identification] naabu calls the nmap installed by the system, please install nmap yourself first
+- 3. [Fingerprint recognition] nmap + integrated and optimized EHole (1.4k), and will continue to integrate more fingerprint recognition later
+- 4. [Web Scanning] Integrated httpx (3.2k), officially produced by Nuclei, the famous name Dingding
+- 5. [Vulnerability Scanning]
+    * Integrated nuclei (8.6k) + nuclei-templates (4.5k optimized version, https://github.com/hktalent/nuclei-templates)
+    * Integrated xray 2.0 (6.9k), a total of 354 POCs
+    * scan4all itself implements 8 fuzz components, and at the same time implements vulnerability detection that integrates 14 types of common components
+# How Install
+```bash
+go install github.com/hktalent/[email protected]
+scan4all -h
+```
+# How use
+Please install nmap by yourself before use
+```bash
+go build -o scan4all main.go
+# or
+go build
+# Precise scanning UrlPrecise=true
+UrlPrecise=true ./scan4all -l xx.txt
+```
+
+# changelog
+- 2022-06-20 Integrated Subfinder, domain name blasting, startup parameter export EnableSubfinder=true, note that it is very slow after startup; automatic deep drilling of domain name information in ssl certificate
+  Allows to define your own dictionary through config/config.json configuration, or set related switches
+- 2022-06-17 Optimize the case of multiple IPs in one domain name, all IPs will be port scanned, and then follow the subsequent scanning process
+- 2022-06-15 This version adds several weblogic password dictionaries and webshell dictionaries obtained in actual combat in the past
+- 2022-06-10 Complete the integration of nuclei, including the integration of nuclei templates of course
+- 2022-06-07 Added similarity algorithm to detect 404
+- 2022-06-07 Added the http url list precise scan parameter, which is enabled based on the environment variable UrlPrecise=true

pkg/naabu/v2/pkg/runner/options.go

@@ -103,7 +103,7 @@ func ParseOptions() *Options {
 	)
 
 	flagSet.CreateGroup("rate-limit", "Rate-limit",
-		flagSet.IntVar(&options.Threads, "c", 25, "general internal worker threads"),
+		flagSet.IntVar(&options.Threads, "c", 64, "general internal worker threads"),
 		flagSet.IntVar(&options.Rate, "rate", DefaultRateSynScan, "packets to send per second"),
 	)