Awesome

<h1 align="center"> <br> <a href="https://github.com/s0md3v/Silver"><img src="https://i.ibb.co/bv3rqXs/silver.png" alt="Silver"></a> <br> Silver <br> </h1> <h4 align="center">Mass Vulnerability Scanner</h4> <p align="center"> <a href="https://github.com/s0md3v/Silver/releases"> <img src="https://img.shields.io/github/release/s0md3v/Silver.svg"> </a> <a href="https://github.com/s0md3v/Silver/issues?q=is%3Aissue+is%3Aclosed"> <img src="https://img.shields.io/github/issues-closed-raw/s0md3v/Silver.svg"> </a> </p>

Introduction

masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows complete utilization of these programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more.

demo

Features

Resumable scanning
Slack notifcations
Multi-core utilization
Supports: IPs, CIDR & hostnames
Vulnerability data caching
Shodan integration

Dependencies

External Programs

nmap
masscan

Python libraries

psutil
requests

Required Python libraries can be installed by executing sudo pip3 install -r requirements.txt in Silver directory.

Setting up Slack notifications

Create a workspace on slack, here
Create an app, here
Enable WebHooks from the app and copy the URL from there to Silver's /core/memory.py file.

Usage

Before you start

:warning: Run Silver as root and with python3 i.e. with sudo python3 silver.py <your input>. The python libraries need to be installed as root too.

:warning: Silver scans all TCP ports by default i.e. ports 0-65535. Use --quick switch to only scan top ~1000 ports.

Scan host(s) from command line

python3 silver.py 127.0.0.1
python3 silver.py 127.0.0.1/22
python3 silver.py 127.0.0.1,127.0.0.2,127.0.0.3

Use Shodan

Shodan can provide open ports, service information and CVEs from the data collected during its contiunous internet wide scanning. I think this is the best choice for quickly checking top ~1500 ports. Not using it makes sense when:

You want to scan all the ports instead of the most common ones
You are not okay with the scan results being 2-3 days old
The IP you want to scan has been excluded by Shodan by a request of the owner

python3 silver.py 127.0.0.1 --shodan

Scan top ~1000 ports

python3 silver.py 127.0.0.1 --quick

Scan specific ports

python3 silver.py 127.0.0.1 -p80,443

Scan hosts from a file

python3 silver.py -i /path/to/targets.txt

Save JSON output to a file

Default: result-<ip_here>.json

python3 silver.py 127.0.0.1 -o my_target.json

Note: The output is saved regardless of using this option. It only exists to choose a specific name for the file instead of the autogenerated one.

Set max number of parallel nmap instances

Default: number_of_cores

python3 silver.py -i /path/to/targets.txt -t 4

Choose packets to be sent per seconds

Default: 10000

python3 silver.py 127.0.0.1 --rate 1000

Contribution

You can contribute to this project by providing suggestions, reporting sensible issues and spreading the word. Pull requessts for the following will not be accepted:

Typos
coDe qUaLiTY
Docker and .gitignore file