Ir al contenido
1337skills 1337skills - Hojas de Trucos

Goby

Goby is a Chinese security tool for attack surface mapping, asset discovery, and vulnerability scanning. It combines network reconnaissance with exploit PoC generation for identified vulnerabilities.

Installation

Download and Setup

# Download from Goby official site
# https://www.gobysec.net/

# Linux/Mac extraction
tar -xzf goby-linux.tar.gz
cd goby
./goby

# Windows
# Extract goby-win.zip and run goby.exe

# First run - initialize database
# Download vulnerability database (several GB)

Asset Discovery and Reconnaissance

Basic Network Scanning

# Start Goby
./goby

# Scan network for assets
# GUI: New Task > Add Host Range
# Target: 192.168.1.0/24

# Command line scanning
./goby scan -t 192.168.1.0/24 -o results.json

# Scan specific ports
./goby scan -t 192.168.1.0/24 -p 80,443,8080,3306

# Aggressive scanning
./goby scan -t 192.168.1.0/24 --aggressive

Service and Version Detection

# Detect services on hosts
./goby scan -t target.com -s

# Identify web services
./goby scan -t 192.168.1.1 --web-detect

# Service fingerprinting
./goby scan -t 192.168.1.1 --os-detect --service-detect

Web Application Discovery

# Discover web applications
./goby scan -t 192.168.1.0/24 --web-apps

# Scan for common web paths
./goby scan -t target.com -w common.txt

# Identify web frameworks
./goby scan -t target.com --tech-detect

# CMS detection
./goby scan -t target.com --cms-detect

Vulnerability Scanning

Full Vulnerability Assessment

# Comprehensive vulnerability scan
./goby scan -t target.com --vuln-scan

# Update vulnerability database first
./goby update --db

# Scan with specific vulnerability categories
./goby scan -t target.com --vuln-scan --category "RCE,SQLi,XSS"

# Export vulnerability report
./goby scan -t target.com --vuln-scan -o report.json

Common Vulnerability Classes

# Scan for remote code execution
./goby scan -t target.com --search "RCE"

# SQL injection detection
./goby scan -t target.com --search "SQLi"

# Cross-site scripting
./goby scan -t target.com --search "XSS"

# Authentication bypass
./goby scan -t target.com --search "bypass"

# Directory traversal
./goby scan -t target.com --search "traversal"

PoC Exploitation

Generate and Execute Exploits

# Get vulnerability details
./goby info CVE-2021-1234

# Generate exploit code
./goby exploit --vuln-id CVE-2021-1234 --target http://target.com

# Test vulnerability with PoC
./goby poc -t http://target.com --vuln "Apache RCE"

# Execute exploit with custom parameters
./goby exploit --vuln "Struts2 RCE" --param "url=http://rce.server" --target target.com

Custom Exploit Scripts

# Create custom exploit module
# Location: ./modules/exploit/

# Template exploit structure:
# - Check if target is vulnerable
# - Execute payload
# - Verify exploitation

# Example custom module:
# modules/exploit/custom_rce.py

# Run custom module
./goby exploit --custom custom_rce --target target.com

API-based Scanning

Integration with Other Tools

# Export scan results as API output
./goby scan -t target.com --api --format json

# Integration with SIEM
./goby scan -t target.com --syslog 192.168.1.100:514

# Webhook notifications
./goby scan -t target.com --webhook http://webhook.server/notify

Automated Scanning

# Schedule regular scans
# Create scan job
./goby job create --name "Daily Scan" --target 192.168.0.0/16 --schedule daily

# Run continuous monitoring
./goby monitor --target 192.168.0.0/16 --interval 3600

# Export results to CSV
./goby export --format csv --output results.csv

Advanced Features

Fingerprint and Identification

# Identify specific software versions
./goby identify -t target.com --verbose

# Web server fingerprinting
./goby fingerprint -t target.com --type webserver

# Database identification
./goby scan -t target.com --db-detect

# Operating system detection
./goby scan -t target.com --os-detect

Asset Categorization

# Tag and categorize assets
./goby tag --target 192.168.1.1 --add "critical,production"

# Filter by tags
./goby query --tag critical

# Create asset groups
./goby group create --name "Production" --targets prod_assets.txt

Configuration and Customization

Configuration Files

# goby.conf - Main configuration
scan:
  threads: 50              # Concurrent scan threads
  timeout: 30              # Timeout per host
  retries: 3               # Retry failed probes

vulnerability:
  enabled: true
  db_path: ./data/vulnerabilities.db
  auto_update: true

exploitation:
  poc_execution: true
  enable_payloads: true
  sandbox_mode: false      # Test exploits safely

Custom Wordlists

# Use custom directory wordlist
./goby scan -t target.com --wordlist custom_paths.txt

# Custom service fingerprints
./goby fingerprint -t target.com --custom signatures.txt

# Port configuration
./goby scan -t target.com --ports-file custom_ports.txt

Reporting and Analysis

Report Generation

# Generate detailed HTML report
./goby report --format html --output report.html

# PDF vulnerability report
./goby report --format pdf --output vulnerabilities.pdf

# Executive summary
./goby report --summary --output summary.txt

# Risk-ranked findings
./goby report --risk-ranked --output risk_report.json

Data Export Formats

# JSON export
./goby export -t 192.168.1.0/24 --format json > assets.json

# CSV export for spreadsheet analysis
./goby export -t 192.168.1.0/24 --format csv > assets.csv

# XML for integration
./goby export -t 192.168.1.0/24 --format xml > assets.xml

# NESSUS export format
./goby export --format nessus > scan.nessus

Integration with Frameworks

Integration with Metasploit

# Convert Goby vulnerabilities to Metasploit modules
./goby export --msf --output msf_modules.txt

# Automatic MSF payload generation
./goby exploit --vuln "identified_vuln" --msfvenom

Integration with Burp Suite

# Export target URLs to Burp
./goby export --burp --output burp_targets.txt

# Import Burp scan results
./goby import --burp burp_results.json

Best Practices

  • Keep database updated: Regular vulnerability DB updates
  • Use tags for organization: Categorize assets by risk level
  • Incremental scanning: Start with limited scope before broad scans
  • Separate environments: Test exploits in sandbox first
  • Verify findings: Manual confirmation of automated discoveries
  • Documentation: Record all findings and exploitation attempts

Troubleshooting

# Reset database
./goby reset --db

# Clear cache
./goby clear-cache

# Debug mode
./goby scan -t target.com --debug

# View logs
tail -f ./logs/goby.log

# Check updates
./goby update --check

References

Last updated: 2026-03-30