Ladon study源文件

## Ladon 911 20230305  [](https://github.com/k8gege) [](https://github.com/k8gege/Ladon) [](https://github.com/k8gege/Ladon/releases) [](https://github.com/k8gege/Ladon/issues) [](https://github.com/k8gege/Ladon) [](https://github.com/k8gege/Ladon) [](https://github.com/k8gege/Ladon) [](https://github.com/k8gege/Ladon/releases/latest)  ### Program introduction Ladon is a multi-threaded plug-in comprehensive scanning artifact for large-scale network penetration, including port scanning, service identification, network assets, password blasting, high-risk vulnerability detection and one click getshell. It supports batch a segment / b segment / C segment and cross network segment scanning, as well as URL, host and domain name list scanning. Version 10.9 has 200 built-in functional modules and 18 external modules. It can quickly obtain the target network survival host IP, computer name, workgroup, shared resources, network card address, operating system version, website, subdomain name, middleware, open services, routers, databases and other information through a variety of protocols and methods. Vulnerability detection includes ms17010, smbghost, Weblogic, ActiveMQ, Tomcat, struts 2 series and so on, There are 13 kinds of password blasting including databases (mysql, Oracle, MSSQL), FTP, SSH, vnc, windows (LDAP, SMB / IPC, NBT, WMI, smbhash, wmihash, winrm), basicauth, Tomcat, Weblogic, rar, etc. the remote execution commands include (smbexec / wmiex / psexec / atexec / sshexec / jspshell), and the web fingerprint identification module can identify 75 kinds (web application, middleware, script type, page type), etc. it can be highly customized with plug-in POC support Net assembly, DLL (C # / Delphi / VC), PowerShell and other language plugins, support the batch call of any external program or command by configuring ini, and the exp generator can generate vulnerability POC at one click to quickly expand the scanning ability. Ladon supports the plug-in scanning of cobalt strike to quickly expand the intranet for horizontal movement. ### DownLoad New Version：https://k8gege.org/Download <br> All Version: https://github.com/k8gege/Ladon/releases/ Ladon concise use tutorial complete document: http://k8gege.org/Ladon Support CMD, shell, cobalt strike and PowerShell Windows version:. Net, cobalt strike, PowerShell Full system version: go (full platform), python (theoretically full platform) PS: the GUI version is mainly convenient for local testing, and CMD is used for complete functions ### Version Ladon9.2.1 20220911 171 examples of concise usage ### 001 custom thread scanning Example: scan the target 10.1.2 for ms17010 vulnerabilities Single thread: Ladon 10.1.2.8/24 ms17010 t = 1 80 thread: Ladon noping 10.1.2.8/24 ms17010 t = 80 The network default thread under high-intensity protection cannot be scanned, and must be a single thread ### 002 Socks5 agent scan Example: scan the target section 10.1.2 for ms17010 vulnerabilities (noping must be added) Ladon noping 10.1.2.8/24 MS17010 See: http://k8gege.org/Ladon/proxy.html ### 003 network segment scanning / batch scanning CIDR format: not only / 24 / 16 / 8 (all) Ladon 192.168.1.8/24 scanning module Ladon 192.168.1.8/16 scanning module Ladon 192.168.1.8/8 scanning module Letter format: only section C, Section B and section a are sorted in order Ladon 192.168.1.8/c scanning module Ladon 192.168.1.8/b scanning module Ladon 192.168.1.8/a scanning module ### 0x004 specify IP range and network segment scanning Ladon 192.168.1.50-192.168.1.200 ICMP ICMP detects the surviving hosts of segment 1 (50-200) Ladon 192.168.1.30-192.168.50.80 ICMP ICMP probe 1.30 to 50.80 surviving hosts Txt format ##### 004 ICMP batch scan C-segment list survival host Ladon ip24.txt ICMP ##### 005 ICMP batch scan segment B list survival host Ladon ip16.txt ICMP ##### 006 ICMP batch scan CIDR list (e.g. IP segment of a country) Ladon cidr. txt ICMP ##### 007 whether ICMP bulk SCAN domain name survives Ladon domain. txt ICMP ##### 008 "ICMP batch scanning machine survives" Ladon host. txt ICMP ##### 009 whatcms batch identification URL list (CMS identification, banner, SSL certificate, title) Ladon 192.168.1.8 whatcms scan IP Ladon 192.168.1.8/24 whatcms scanning section C Ladon 192.168.1.8/c whatcms scanning section C Ladon 192.168.1.8/b whatcms scanning section B Ladon 192.168.1.8/a whatcms scanning section a Ladon IP. Txt whatcms scan IP list Ladon ip24.txt whatcms scan C-segment list Ladon ip16.txt whatcms scan segment B list Ladon cidr. Txt whatcms scans the list of IP segments in the whole country Disable Ping scanning Ladon noping 192.168.1.8 whatcms scan IP Ladon noping 192.168.1.8/24 whatcms scanning segment C ##### 010 batch detection of DrayTek router version, vulnerability and weak password Ladon url. txt DraytekPoc ##### 011 batch decrypt Base64 password Ladon str.txt DeBase64 ### Asset scanning, fingerprint identification, service identification, surviving host, port scanning ##### 012 ICMP scans surviving hosts (fastest) Ladon 192.168.1.8/24 ICMP ##### 013 Ping detect the surviving host (call the system ping command to echo MS, TTL and other information) Ladon 192.168.1.8/24 Ping ##### 014 multi protocol probe surviving host (IP, machine name, MAC / domain name, manufacturer / system version) Ladon 192.168.1.8/24 OnlinePC ##### 015 multi protocol identification operating system (IP, machine name, operating system version, open service) Ladon 192.168.1.8/24 OsScan ##### 016 oxid probe multi network card host Ladon 192.168.1.8/24 EthScan Ladon 192.168.1.8/24 OxidScan ##### 017 DNS detects multiple network card hosts Ladon 192.168.1.8/24 DnsScan ##### 018 multi protocol scanning surviving host IP Ladon 192.168.1.8/24 OnlineIP ##### 019 scan SMB vulnerability ms17010 (IP, machine name, vulnerability number, operating system version) Ladon 192.168.1.8/24 MS17010 ##### 020 smbghost vulnerability detection cve-2020-0796 (IP, machine name, vulnerability number, operating system version) Ladon 192.168.1.8/24 SMBGhost ##### 021 scan web information / HTTP service Ladon 192.168.1.8/24 WebScan ##### 022 scan C-segment site URL domain name Ladon 192.168.1.8/24 UrlScan ##### 023 scan C-segment site URL domain name Ladon 192.168.1.8/24 SameWeb ##### 024 scan sub domain name and secondary domain name Ladon baidu. com SubDomain ##### 025 domain name resolution IP, host name resolution IP Ladon baidu. com DomainIP Ladon baidu. com HostIP ##### 025 batch domain name resolution IP, batch host name resolution IP Ladon domain. txt DomainIP Ladon host. txt HostIP ##### 025 batch domain name and host name resolution results (only IP) Ladon domain. txt Domain2IP Ladon host. txt Host2IP ##### 026 DNS query of machines and IPS in the domain (within the conditional domain) Ladon AdiDnsDump 192.168.1.8 (Domain IP) ##### 027 query machines and IPS in the domain (within the conditional domain) Ladon GetDomainIP ##### 028 scan section C ports and specified ports Ladon 192.168.1.8/24 PortScan Ladon 192.168.1.8 PortScan 80,445,3389 ##### 029 scan C-segment web and identify CMS (86 + web fingerprint identification) Ladon 192.168.1.8/24 WhatCMS ##### 030 scan Cisco devices