Awesome
<h1 align="center"> <br> <a href="https://github.com/s0md3v/Silver"><img src="https://i.ibb.co/bv3rqXs/silver.png" alt="Silver"></a> <br> Silver <br> </h1> <h4 align="center">Mass Vulnerability Scanner</h4> <p align="center"> <a href="https://github.com/s0md3v/Silver/releases"> <img src="https://img.shields.io/github/release/s0md3v/Silver.svg"> </a> <a href="https://github.com/s0md3v/Silver/issues?q=is%3Aissue+is%3Aclosed"> <img src="https://img.shields.io/github/issues-closed-raw/s0md3v/Silver.svg"> </a> </p>Introduction
masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows complete utilization of these programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more.
Features
- Resumable scanning
- Slack notifcations
- Multi-core utilization
- Supports: IPs, CIDR & hostnames
- Vulnerability data caching
- Shodan integration
Dependencies
External Programs
Python libraries
- psutil
- requests
Required Python libraries can be installed by executing sudo pip3 install -r requirements.txt
in Silver
directory.
Setting up Slack notifications
- Create a workspace on slack, here
- Create an app, here
- Enable WebHooks from the app and copy the URL from there to Silver's
/core/memory.py
file.
Usage
Before you start
:warning: Run Silver as root and with python3
i.e. with sudo python3 silver.py <your input>
. The python libraries need to be installed as root too.
:warning: Silver scans all TCP ports by default i.e. ports 0-65535
. Use --quick
switch to only scan top ~1000 ports.
Scan host(s) from command line
python3 silver.py 127.0.0.1
python3 silver.py 127.0.0.1/22
python3 silver.py 127.0.0.1,127.0.0.2,127.0.0.3
Use Shodan
Shodan can provide open ports, service information and CVEs from the data collected during its contiunous internet wide scanning. I think this is the best choice for quickly checking top ~1500 ports. Not using it makes sense when:
- You want to scan all the ports instead of the most common ones
- You are not okay with the scan results being 2-3 days old
- The IP you want to scan has been excluded by Shodan by a request of the owner
python3 silver.py 127.0.0.1 --shodan
Scan top ~1000 ports
python3 silver.py 127.0.0.1 --quick
Scan specific ports
python3 silver.py 127.0.0.1 -p80,443
Scan hosts from a file
python3 silver.py -i /path/to/targets.txt
Save JSON output to a file
Default: result-<ip_here>.json
python3 silver.py 127.0.0.1 -o my_target.json
Note: The output is saved regardless of using this option. It only exists to choose a specific name for the file instead of the autogenerated one.
Set max number of parallel nmap instances
Default: number_of_cores
python3 silver.py -i /path/to/targets.txt -t 4
Choose packets to be sent per seconds
Default: 10000
python3 silver.py 127.0.0.1 --rate 1000
Contribution
You can contribute to this project by providing suggestions, reporting sensible issues and spreading the word. Pull requessts for the following will not be accepted:
- Typos
- coDe qUaLiTY
- Docker and .gitignore file