scan4all: a new vulnerability scanner

scan4all is a Go-based tool to scan vulnerabilities of all kind.

Table of Contents

• Features
• Installation
• Usage
• scan4all vs. Metasploitable

Features

• Port scanner (using Nmap).
• Password blasting (RDP, SSH, FTP, etc.)
• Web fingerprint scanner.
• Support multiple output formats.
• Cross-platform.
• And more.

Installation

1. Ensure Go and Nmap are installed:

    # Debian/Ubuntu
    sudo apt install golang nmap
   

    # Arch Linux
    sudo pacman -S go nmap
   

    # Fedora
    sudo dnf install golang nmap
   

2. Then, install scan4all using Go:

    go install github.com/hktalent/scan4all@2.6.8
   

   • Go to the Relases page to check what is the latest version.
3. The application is installed in $HOME/go/bin. To be able to run scan4all without specifying the executable path, you need to add $HOME/go/bin to your PATH. Open $HOME/.bashrc and add a line (or edit it) to edit PATH environment variable:

    export PATH="$PATH:$HOME/go/bin"
   

4. Execute .bashrc to apply the changes.

    source $HOME/.bashrc
   

Usage

Run scan4all -h to see the help page. Most simple command is:

scan4all -host <hostname or IP address>
# scan4all -host 192.168.122.5
# scan4all -host example.com

• To scan all ports (and run some tests) you need to run scan4all with root privileges (sudo scan4all -host <hostname/IP>).
• You can scan subnets.

    scan4all -host 192.168.122.1/24
  

• Specify ports with -p <ports> (separated by commas).

    scan4all -host 192.168.122.5 -p 1000,7000
  

• Output the results to JSON or CSV.

    scan4all -host 192.168.122.5 -json -o res.json
  

    scan4all -host 192.168.122.5 -csv -o res.csv
  

• Only do port scanning and fingerprint recognition.

    scan4all -host 192.168.122.5 -np
  

• Set threads and thread rate

    scan4all -host 192.168.122.5 -c 25 -rate 1000
  

• Check https://github.com/hktalent/scan4all/blob/main/static/running.md for more info (it’s in chinese). English automatic translation. You can also run scan4all -h.
• If you run scan4all with root privileges and then run it again but as an ordinary user, a permissions error may display.

scan4all vs. Metasploitable

I’m going to test scan4all with the Metasploitable, a vulnerable virtual machine used to test Metasploit Framework tools.

sudo scan4all -host 192.168.1.14

After the analysis is over, you can check the red lines (the ones that start with 成功密码破解, meaning “successful password cracking”):

成功密码破解： {"Protocol":"postgresql","Port":5432,"IPAddr":"192.168.1.14","Auth":{"username":"postgres","password":"postgres","Other":{}},"status":true}
...
成功密码破解： {"Protocol":"ftp","Port":21,"IPAddr":"192.168.1.14","Auth":{"username":"ftp","password":"ftp","Other":{}},"status":true}
成功密码破解： {"Protocol":"mysql","Port":3306,"IPAddr":"192.168.1.14","Auth":{"username":"root","password":"","Other":{}},"status":true}

And the lines which refer to known vulnerabilities (CVE codes):

[2022-08-06 16:35:38] [CVE-2020-1938] [network] [critical] 192.168.1.14:8009

If you have any suggestion, feel free to contact me via social media or email.