Vulnerability Analysis

GoGhost – Open Source Tool For Mass SMBGhost Scan

GoGhost - High Performance, Lightweight, Portable Open Source Tool For Mass SMBGhost Scan

 

GoGhost is a High Performance, lightweight, portable Open Source tool for mass SMBGhost Scan.

Installation
You can download Windows Binary or Linux Binary. Alternatively, GoGhost uses native Golang libraries so the line above would be fine to compile it:

go build GoGhost.go

Usage Options

GoGhost Scanned 25,000 IP addresses in less than 3 seconds, NMAP took more than 600.

-iL [FILE]
By using the -iL option you’re able to specify a list file with CIDRs in file.

-iR [CIDR]
By using the -iR option you’re able to specify an IP Range.

False Positive & False Negative
If the Windows is patched with KB4551762, GoGhost will still flag it as vulnerable. If the list of CIDRs in the file is bigger than 500k IP Addresses it may flag some vulnerable as Timeout.

The Results
Timeout => Closed Port
Not Vulnerable => Does not has compression
Vulnerable => LZNT1 compression on SMB.

Disclaimer
This tool was coded to measure the impact of SMBGhost in Latin America and Deepsecurity is not responsible for the use of this tool.

 


About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: