0xcrow13/wmap

Y88b e / 888-~88e-~88e /~~~8e 888-~88e Y88b d8b / 888 888 888 88b 888 888b Y888/Y88b/ 888 888 888 e88~-888 888 8888 Y8/ Y8/ 888 888 888 C888 888 888 888P Y Y 888 888 888 "88_-888 888-_88" 888 # wmap Active/passive network scanner and reconnaissance tool. Written in Go, zero external dependencies. wmap [options] ## Commands | Command | Description | |--------------|------------------------------------------------| | `active` | TCP/UDP port scan with service/OS fingerprinting | | `passive` | Recon via Shodan, Censys, BinaryEdge, ZoomEye, HackerTarget | | `discover` | Ping-sweep a CIDR range for live hosts | | `update-db` | Test NVD API connectivity | ## Active Scan Options | Flag | Description | |--------------------|--------------------------------------------------| | `-p ` | TCP ports (comma/range, e.g. `80,443,8000-8080`) | | `-P ` | UDP ports (same syntax) | | `-sU` | Enable UDP scan (default UDP ports) | | `-sV` | Service/version banner grabbing | | `-O` | OS detection from banners | | `-A` | `-sV -O` shorthand | | `-T <1-5>` | Timing template (1=slow/20 threads … 5=insane/500) | | `--vuln` | Look up CVEs for detected services via NVD API | | `--exploit` | Filter vuln results to only EDBID entries | | `-o ` | Save results (CSV or JSON if name ends in .json) | | `-oJ` | Print JSON to stdout | | `-v` | Per-port progress during scan | | `-q` | Suppress banner, minimal output | | `--no-ping` | Assume all hosts online | | `--min-rate` | Min packets/sec (stored, not enforced) | | `--max-rate` | Max packets/sec (stored, not enforced) | ## Passive Scan Options | Flag | Description | |------------------|-------------------------------------------| | `-o ` | Save passive recon report to file | ## Examples wmap active scanme.nmap.org -sV wmap active scanme.nmap.org -sV -O -p 22,80,443 --vuln wmap active -l targets.txt -p 1-1000 -o results.csv wmap passive example.com -o report.txt wmap passive -l domains.txt wmap discover 192.168.1.0/24 ## API Keys (Passive Mode) Set environment variables for passive data sources. Unset sources are skipped: export SHODAN_KEY=xxx export CENSYS_ID=xxx export CENSYS_SECRET=xxx export BINARYEDGE_KEY=xxx export ZOOMEYE_KEY=xxx HackerTarget (nmap-style passive port listing) requires no key. ## Vulnerability Detection When `--vuln` or `--exploit` is used with `-sV`, the scanner queries the [NVD API 2.0](https://nvd.nist.gov/developers) (free, no key required, 5 req/30s limit). Results are cached in memory per (service, version). Only services with a concrete version number (2+ numeric components e.g. `1.18.0`) are looked up — generic banner strings like `AmazonS3` are skipped to avoid false positives. ## Output - ANSI colors auto-disable when output is piped/redirected. - Banner suppressed with `-q`. - CSV output is host,port,proto,service,status (one row per port). - JSON output is `{host, os, ports: [{port, service, version, banner, vulns}]}`. ## Install go install github.com/Xwal13/wmap@latest Requires Go 1.24+.

标签：EVTX分析