Goby
Goby is a Chinese security tool for attack surface mapping, asset discovery, and vulnerability scanning. It combines network reconnaissance with exploit PoC generation for identified vulnerabilities.
Installation
Download and Setup
# Download from Goby official site
# https://www.gobysec.net/
# Linux/Mac extraction
tar -xzf goby-linux.tar.gz
cd goby
./goby
# Windows
# Extract goby-win.zip and run goby.exe
# First run - initialize database
# Download vulnerability database (several GB)Asset Discovery and Reconnaissance
Basic Network Scanning
# Start Goby
./goby
# Scan network for assets
# GUI: New Task > Add Host Range
# Target: 192.168.1.0/24
# Command line scanning
./goby scan -t 192.168.1.0/24 -o results.json
# Scan specific ports
./goby scan -t 192.168.1.0/24 -p 80,443,8080,3306
# Aggressive scanning
./goby scan -t 192.168.1.0/24 --aggressiveService and Version Detection
# Detect services on hosts
./goby scan -t target.com -s
# Identify web services
./goby scan -t 192.168.1.1 --web-detect
# Service fingerprinting
./goby scan -t 192.168.1.1 --os-detect --service-detectWeb Application Discovery
# Discover web applications
./goby scan -t 192.168.1.0/24 --web-apps
# Scan for common web paths
./goby scan -t target.com -w common.txt
# Identify web frameworks
./goby scan -t target.com --tech-detect
# CMS detection
./goby scan -t target.com --cms-detectVulnerability Scanning
Full Vulnerability Assessment
# Comprehensive vulnerability scan
./goby scan -t target.com --vuln-scan
# Update vulnerability database first
./goby update --db
# Scan with specific vulnerability categories
./goby scan -t target.com --vuln-scan --category "RCE,SQLi,XSS"
# Export vulnerability report
./goby scan -t target.com --vuln-scan -o report.jsonCommon Vulnerability Classes
# Scan for remote code execution
./goby scan -t target.com --search "RCE"
# SQL injection detection
./goby scan -t target.com --search "SQLi"
# Cross-site scripting
./goby scan -t target.com --search "XSS"
# Authentication bypass
./goby scan -t target.com --search "bypass"
# Directory traversal
./goby scan -t target.com --search "traversal"PoC Exploitation
Generate and Execute Exploits
# Get vulnerability details
./goby info CVE-2021-1234
# Generate exploit code
./goby exploit --vuln-id CVE-2021-1234 --target http://target.com
# Test vulnerability with PoC
./goby poc -t http://target.com --vuln "Apache RCE"
# Execute exploit with custom parameters
./goby exploit --vuln "Struts2 RCE" --param "url=http://rce.server" --target target.comCustom Exploit Scripts
# Create custom exploit module
# Location: ./modules/exploit/
# Template exploit structure:
# - Check if target is vulnerable
# - Execute payload
# - Verify exploitation
# Example custom module:
# modules/exploit/custom_rce.py
# Run custom module
./goby exploit --custom custom_rce --target target.comAPI-based Scanning
Integration with Other Tools
# Export scan results as API output
./goby scan -t target.com --api --format json
# Integration with SIEM
./goby scan -t target.com --syslog 192.168.1.100:514
# Webhook notifications
./goby scan -t target.com --webhook http://webhook.server/notifyAutomated Scanning
# Schedule regular scans
# Create scan job
./goby job create --name "Daily Scan" --target 192.168.0.0/16 --schedule daily
# Run continuous monitoring
./goby monitor --target 192.168.0.0/16 --interval 3600
# Export results to CSV
./goby export --format csv --output results.csvAdvanced Features
Fingerprint and Identification
# Identify specific software versions
./goby identify -t target.com --verbose
# Web server fingerprinting
./goby fingerprint -t target.com --type webserver
# Database identification
./goby scan -t target.com --db-detect
# Operating system detection
./goby scan -t target.com --os-detectAsset Categorization
# Tag and categorize assets
./goby tag --target 192.168.1.1 --add "critical,production"
# Filter by tags
./goby query --tag critical
# Create asset groups
./goby group create --name "Production" --targets prod_assets.txtConfiguration and Customization
Configuration Files
# goby.conf - Main configuration
scan:
threads: 50 # Concurrent scan threads
timeout: 30 # Timeout per host
retries: 3 # Retry failed probes
vulnerability:
enabled: true
db_path: ./data/vulnerabilities.db
auto_update: true
exploitation:
poc_execution: true
enable_payloads: true
sandbox_mode: false # Test exploits safelyCustom Wordlists
# Use custom directory wordlist
./goby scan -t target.com --wordlist custom_paths.txt
# Custom service fingerprints
./goby fingerprint -t target.com --custom signatures.txt
# Port configuration
./goby scan -t target.com --ports-file custom_ports.txtReporting and Analysis
Report Generation
# Generate detailed HTML report
./goby report --format html --output report.html
# PDF vulnerability report
./goby report --format pdf --output vulnerabilities.pdf
# Executive summary
./goby report --summary --output summary.txt
# Risk-ranked findings
./goby report --risk-ranked --output risk_report.jsonData Export Formats
# JSON export
./goby export -t 192.168.1.0/24 --format json > assets.json
# CSV export for spreadsheet analysis
./goby export -t 192.168.1.0/24 --format csv > assets.csv
# XML for integration
./goby export -t 192.168.1.0/24 --format xml > assets.xml
# NESSUS export format
./goby export --format nessus > scan.nessusIntegration with Frameworks
Integration with Metasploit
# Convert Goby vulnerabilities to Metasploit modules
./goby export --msf --output msf_modules.txt
# Automatic MSF payload generation
./goby exploit --vuln "identified_vuln" --msfvenomIntegration with Burp Suite
# Export target URLs to Burp
./goby export --burp --output burp_targets.txt
# Import Burp scan results
./goby import --burp burp_results.jsonBest Practices
- Keep database updated: Regular vulnerability DB updates
- Use tags for organization: Categorize assets by risk level
- Incremental scanning: Start with limited scope before broad scans
- Separate environments: Test exploits in sandbox first
- Verify findings: Manual confirmation of automated discoveries
- Documentation: Record all findings and exploitation attempts
Troubleshooting
# Reset database
./goby reset --db
# Clear cache
./goby clear-cache
# Debug mode
./goby scan -t target.com --debug
# View logs
tail -f ./logs/goby.log
# Check updates
./goby update --checkReferences
Last updated: 2026-03-30