base on :: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具 <h1 align="left">Prism X · Open Source</h1> <a href="README.md">`English`</a> • <a href="README_CN.md">`中文`</a> --- **Prism X integrates asset discovery, fingerprint recognition, weak password detection, and vulnerability verification, adopting a modular YAML plugin strategy configuration to achieve a PoC verification mechanism highly similar to real attack chains.** - Cross-platform and lightweight design: Supports multiple operating systems, making it easy to deploy and use. - Host and asset fingerprint recognition: Provides host survival scanning and asset fingerprint recognition functions to fully grasp the status of network assets. - Weak password and vulnerability detection: Capable of identifying weak passwords and scanning for vulnerabilities to detect security risks in a timely manner and ensure system security. - Built-in JNDI external link service: Supports scanning of vulnerabilities that require external connections, such as JNDI and RMI. - Port fingerprint recognition framework: [**`yqcs/fingerscan`**](https://github.com/yqcs/fingerscan) <h1 align="center"> <img src="images/scan.png" width="95%"> </h1> ### Usage Command ``` Usage of prismx_cli.exe: -t string Target hosts to scan, supporting formats like 192.168.1.1/24, 16, 8, 192.168.3.1-80, prismx.io, separated by commas. -p string Ports to scan, supporting formats like 80,22,8000-8080. -bip string Filter hosts, supporting IP ranges. -bp string Filter ports, supporting port ranges. -m string Scan speed, options: s (slow), d (medium), f (fast). Default is "d". -ping boolean ICMP packets may not be sent under low privileges. Default is -ping=false. -pn boolean Do not perform host survival detection. Default is -pn=false. -s boolean Enable online subdomain scanning. Default is -s=false. -vul boolean Enable vulnerability detection. Default is -vul=true. -weak boolean Enable weak password scanning. Default is -weak=true. ``` ### Source Code Structure <Tree> <ul> <li> core: System Core <ul> <li> aliveCheck: Host and port survival detection </li> <li> hydra: Weak password detection </li> <li> jsFind: Detection of sensitive content in JS files </li> <li> owaspTop10: Tools for detecting XSS, SQL injection, etc. (Not completed yet, needs further optimization) </li> <li> plugins: Plugin registration center and plugin files </li> <li> subdomain: Subdomain scanning </li> <li> vulnerability: Vulnerability detection module </li> <li> models: Dependencies for public modules </li> </ul> </li> <li> scan: Task scheduling center </li> <li> utils: Utility package <ul> <li>Task list</li> <li>Create new task</li> </ul> </li> <li> main.go: Program entry point </li> </ul> </Tree> <h1 align="center"> <img src="images/img.png" width="95%"> </h1> ### Build Tips: It is recommended to use Golang version 1.20 for compilation (newer versions of Go no longer support Windows 7 and earlier versions). ```bash go build -ldflags "-s -w -buildid=" -buildmode="pie" -trimpath ``` --- ## [**`Customized: Prismx.io`**](https://prismx.io/) <h1 align="center"> <a href="https://prismx.io/"><img src="https://prismx.io/static/pc_home.jpg" width="90%"></a> <a href="https://prismx.io/"><img src="https://prismx.io/static/view.jpg" width="90%"></a> </h1> #### WeChat（left）| Follow（right） <img src="images/wx.jpg" width="150"> <img src="images/wx_qrcode.jpg" width="150"> ", Assign "at most 3 tags" to the expected json: {"id":"6598","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"