Chinese | English
The Goby plugin, developed using Vue + Bootstrap, currently has the following features.
- Exporting data from Goby scan jobs
- Scanning WEB systems with AWVS
- Scanning applications with FSCAN, weak passwords
- Exporting vulnerability data for AWVS, FSCAN scanning tasks
- Use FOFA information collection, **Note:**VIP required
- Add the IPs collected by FOFA to Goby's new scan task, **Note:**At present, you can only add one page, change the maximum search volume to 2000 pages, which is enough to use, right?
Note:
- Export data is exported to the datadir directory of the plug-in folder by default
- Windows data directory: Goby installation directory\extensions\plugin number, plugin name\datadir
- Mac data directory: /Users/current username/goby/extensions/plugin number, plugin name/datadir
Project address: https://github.com/0xn0ne/RelaxHelper
-
Install via the extension store
-
(Can be skipped) Configure AWVS or FOFA address, email, API key
-
Click on the icon in the right toolbar to open the Relax control panel
-
Start the operation
- nodejs v16+
- download the plugin file
- Copy the file to Goby's extensions plugin directory
- Go to the plugin directory and use the
npm install
command to install the plugin dependencies - Restart Goby and you are done
- Windows plugin directory: C:\Users\current username\goby\extensions\
- Mac plugin directory: /Users/current-username/goby/extensions/
This function is used for Goby scan job data export and requires access to the job panel before operation
-
Go to the task panel
-
Check the Export field as needed and click Export Task Data to export the current Goby scan data, the path will appear in the prompt box
-
Click Save Configuration to save all the exported and scanned current configurations, so you don't need to re-check them after reopening Relax. The data will be exported in CSV and JSON format, and the data content is as follows
This feature is used to link third-party tools to expand scanning capabilities, currently only the whole AWVS, FSCAN, you need to enter the task panel and then operate
-
Before use, you need to confirm the correct configuration of AWVS API KEY, AWVS ADDRESS, FSCAN PATH on the configuration page of Goby plug-in.
-
If the configuration is incorrect or AWVS or FSCAN cannot be connected, AWVS or FSCAN scanning cannot be started, so re-open Goby after reconfiguration.
-
Click Submit Scan Job to submit the current asset to the launched scanning system for scanning, it will automatically filter the http or https protocol ports to AWVS for scanning, the number of targets will be different from the number of assets
-
Here will display the progress of the scan and the number of vulnerabilities, each time you reopen the panel Relax will update the data once
-
Click Clear All Targets to clear all Targets in AWVS, FSCAN.**Note:**All Targets will be cleared whether they are added by Relax or not, and the scan results will also be cleared.
-
Click Export Data to export the current scan data of AWVS and FSCAN, you can also export the data during the scanning process, the export data is as follows
This function is used to link third-party tools to start scanning tasks, currently only the entire FOFA, must be FOFA VIP to use the API
-
Before use, you need to confirm whether the configuration of FOFA API KEY, FOFA EMAIL, FOFA ADDRESS is correct.
-
If the configuration is correct, enter the search syntax and click search to load the results
-
After selecting the search results, open Goby's New Scan task panel and click Add Scan Target to add the selected results to the Goby scan task panel
- When doing the operation no pop-up prompt may indicate that the connection failed or something like that, check whether the configuration of AWVS or FOFA is correct or can be connected normally
- It's been a long time since I touched the code, it's a bit messy to write, I have a headache myself, I don't plan to get other functions yet
- This is a month to come up with something, do not expect too much
- If there are bugs, please raise Issues
The file is too big too stupid, too lazy to update