Prism X integrates asset discovery, fingerprint recognition, weak password detection, and vulnerability verification, adopting a modular YAML plugin strategy configuration to achieve a PoC verification mechanism highly similar to real attack chains.
- Cross-platform and lightweight design: Supports multiple operating systems, making it easy to deploy and use.
- Host and asset fingerprint recognition: Provides host survival scanning and asset fingerprint recognition functions to fully grasp the status of network assets.
- Weak password and vulnerability detection: Capable of identifying weak passwords and scanning for vulnerabilities to detect security risks in a timely manner and ensure system security.
- Built-in JNDI external link service: Supports scanning of vulnerabilities that require external connections, such as JNDI and RMI.
- Port fingerprint recognition framework:
yqcs/fingerscan
Usage of prismx_cli.exe:
-t string
Target hosts to scan, supporting formats like 192.168.1.1/24, 16, 8, 192.168.3.1-80, prismx.io, separated by commas.
-p string
Ports to scan, supporting formats like 80,22,8000-8080.
-bip string
Filter hosts, supporting IP ranges.
-bp string
Filter ports, supporting port ranges.
-m string
Scan speed, options: s (slow), d (medium), f (fast). Default is "d".
-ping boolean
ICMP packets may not be sent under low privileges. Default is -ping=false.
-pn boolean
Do not perform host survival detection. Default is -pn=false.
-s boolean
Enable online subdomain scanning. Default is -s=false.
-vul boolean
Enable vulnerability detection. Default is -vul=true.
-weak boolean
Enable weak password scanning. Default is -weak=true.
- core: System Core
- aliveCheck: Host and port survival detection
- hydra: Weak password detection
- jsFind: Detection of sensitive content in JS files
- owaspTop10: Tools for detecting XSS, SQL injection, etc. (Not completed yet, needs further optimization)
- plugins: Plugin registration center and plugin files
- subdomain: Subdomain scanning
- vulnerability: Vulnerability detection module
- models: Dependencies for public modules
- scan: Task scheduling center
- utils: Utility package
- Task list
- Create new task
- main.go: Program entry point
Tips: It is recommended to use Golang version 1.20 for compilation (newer versions of Go no longer support Windows 7 and earlier versions).
go build -ldflags "-s -w -buildid=" -buildmode="pie" -trimpath
