Goby Red Team Special Edition Full Activated 

What is Goby?

Goby is a next-generation cyber security tool based on cyberspace mapping technology. It generates emergency response of cyber security incidents and vulnerabilities by establishing a comprehensive asset knowledge base for the target network.

Goby provides the most comprehensive asset identification.Goby has preset more than 100,000 rule identification engines to automatically identify and classify hardware equipment and software business systems, and comprehensively analyze the business systems that exist in the network. Goby provides the fastest scanning experience with least impact on the target and analyzes protocol information corresponding to the port quickly through very light transmission.

In addition to Goby’s preset vulnerabilities, Goby also provides a customizable framework for vulnerability scanning, and motivates a large number of cyber security practitioners to contribute POC to ensure continuous emergency response capability.

What is an asset?

An asset is an entity that can be analyzed, including desktops, laptops, servers, storage devices, network devices, phones, tablets, virtual machines, cloud instances, containers, etc.

What is the difference between asset and IP?

IP is typically a property of an asset.

What is Cyberspace mapping technology?

The core idea of cyberspace mapping technology is to establish a knowledge base by performing rule analysis on target network IT assets. It is a new technology that is able to implement emergency response in the shortest time when security incidents occur.

What protocols are currently supported?

Goby has preset more than 200 protocol identification engines, covering network protocol, database protocol, IoT protocol, ICS protocol, etc., which could analyze protocol information corresponding to the port quickly through very light transmission.

What vulnerabilities are currently preseted?

RDP vulnerabilities, deserialization vulnerabilities, the most serious vulnerabilities covering Weblogic, Tomcat, such as default accounts of various devices, etc. .

Is all Goby’s code open-source?

Goby’s code is not open-source currently. But POC will be open-source soon.

Is Goby’s core function asset management or vulnerability scanning?

Goby’s core function is asset management, and more exploration about asset discovery will be done afterwards.

Does Goby have to pay？

Goby is Free.

Will there be an enterprise version in the future?

Undetermined.

Will Goby release plugins and list software markets?

Will Goby release plugins and list software markets?

Is CVE automatically updated?

Automatic updates are not supported until goby formats the package for installation.

Get Started

How to install Goby?

Goby can be used directly after downloading, and installment is not needed.

How to use Goby ?

1. Windows users, please ensure that the computer has a pcap. If there is not, please download first: https://nmap.org/npcap/dist/npcap-0.9995.exe

2. MacOS users, please set the NIC permissions first.

Step1. Open the Terminal,

Step2. Enter the command: cd /dev

Step3. Enter the command: sudo chown $USER:admin bp*

Can Goby scan multiple C sections simultaneously?

Yes, an example：

192.0.0.0/24

192.0.1.0/24

192.0.2.0/24

another example：192.0.0.1-192.0.3.255

How to view the command line of Goby?

Goby command line is saved in：golib\goby-cmd

Why is Goby requesting its website server?

Goby is detecting the new version.

How to see the website screenshots?

Step1. Download and install the Chrome.

Step2. Goby→Settings→Asset Mapping: Enable Screenshot

What scanning methods are available in Goby?

There are many different scanning methods available in Goby. Besides the general ones, it is equipped with the methods we developed, which is faster.

Does Goby support TCP SYN scanning?

Yes.

Is the asset data updated in real time after scanning?

It is not currently. A new scan is required to get the latest data.

Does the custom PoC support HTTPS authentication?

Yes, and importing certificates is not required.

How to provide feedback to Goby?

Pull issues on github https://github.com/Gobysec/Goby/issues with your OS information and the version of your Goby.

Start the server command

windows:

goby-cmd.exe -apiauth user:pass -mode api -bind 0.0.0.0:8361

MacOS:

./goby-cmd -apiauth user:pass -mode api -bind 0.0.0.0:8361

Linux:

./goby-cmd-linux -apiauth user:pass -mode api -bind 0.0.0.0:8361

Is proxy scanning supported?

Yes.

1. In pcap mode: support protocol identification and vulnerability scanning agents, not port scanning.

2. In socket mode: support port scanning protocol identification and vulnerability scanning. But the scan speed of socket mode is slow.

3. Brute-force attack does not support proxy mode currently.

Can I run Goby in command?

That can be used in Goby Beta 1.4.0

Start the server command: ./goby-cmd -apiauth user:pass -mode api -bind 0.0.0.0:8361

Can I change the file directory name of Goby?

No.

When Goby is launched, why is it prompted to access my Mail, photos?

Except file, Goby does not need to access your Mail, photos, Notes, Calendar, Contacts, you can directly refuse.

Because goby used Electron, we tried a lot of things but we couldn’t solve the problem. If you have the means, please contact us as soon as possible, we will express our sincere thanks in Goby’s thank you directory.

Failed to open remote session

Please check the firewall status and close the firewall.

When the number of scanned targets is too large, the program crashes.

For users, only data scanning below segment B is currently supported.

Can users customize session limitation?

Goby’s session is for quick vulnerability verification, and we believe you can migrate critical information to other tools in less than 10 minutes.

The user-defined PoC is stored on the server or locally?

local.

What does adapter Auto mean by default?

Auto means recognize network adapter automaticlly.(Default:Auto)If your device has more than one network adapters, you need to choose one manually.

How to view the scanned PoC’s payload?

We are sorry that it’s temporarily unable to view.But you can use wireshark to capture packets for viewing.

Is there any limit on the number of customed dictionary

Unlimited.

How to download develop version of Goby?

See offical website “https://gobies.org/docs.html”to find the version you want to download.

Are weak password testing and PoC verification separate?

It can be separated.Default:General PoC only, you can scan Brute Force only or scan both of them.

Does Goby enable url scan?

You can enable Crawler to scan url.

Can Goby scan through VPN?

Due to some internal reason of Npcap, it may work wrong.(Fortinet and Sangfor VPN was tested successfully)

You need to upgrade npcap to 0.9995 or above.

Where is the weak password displayed by SMB brute force cracking?

The URL of the vulnerability details

Does Goby support SQL injection detection?

Yes, you need to go to settings>asset mapping to Enable Crawler.Vulnerability settings need to include General PoC/Web Application Vulnerability/All , either.

How Goby’s scan rate could be set?

The default is 100, and the maximum is 20000.

If the server is in LAN,can Goby scan the network segement?

Yes.

If goby found the vulnerability and you want to getshell,must goby log in?

No.

Where is Goby-cmd?

In directory /golib

Does Goby support jdwp scan?

Yes.

Does Goby support 32-bit systems?

Only 64 bits are currently supported.

Can Goby detect enternal blue?

Yes. Goby preset vulnerabilities can be viewed in the PoC management interface.

What should I do if I forget the KEY of Goby login?

Sign in and find key at https://gobies.org/member/index on our official website.

Why Goby can not find some Low-risk vulnerabilities?

The Goby vulnerability library focuses on high-risk vulnerabilities. Most of the threats in our library could getshell.

Can Goby scan Class B?

Yes. Fill the field with [ip address]/16

Does Goby have an EXP manual?

You can refer to the article “EXP of Custom Vulnerabilities” provided by Goby community white hat members at https://mp.weixin.qq.com/s/J1JW66Uh_6Nc0x2YY_5V6Q

How Goby customizes PoC?

You can refer to the article “Custom PoC docking extension” provided by Goby community white hat members at https://mp.weixin.qq.com/s/dQau-s0FoieXrMW3EAnSEQ

Does Goby support public network scanning?

Yes.

How does Goby exploit?

Vulnerability lists with a small lightning icon can be used directly, and no lightning icon is only for detection.

How Goby filters the scanned web information?

Go to Web Finder to view.

Can the scan task be restored after deleted?

No. You can export and store the task source data locally before deleting, and then import the Goby program when needed later.

Asset display error after scan

You can provide the scan display error message in the feedback section of the ip details page. We will solve the problem for you as soon as possible. Thank you very much.

Where is the customized PoC stored?

Default: golib/exploits/user

How does Goby add remote servers?

Add Server in the lower left corner, and then configure the server host, port, and account information.

How to detect individual PoC?

1. Before scanning: view the scan configuration interface, select a PoC

2. After scanning: Go to the PoC management interface and select a PoC

How to choose a network adapter?

Settings> Scan Settings> Interface List, select the network adapter you want to use.

Will Goby steal user data?

All the Goby data is stored locally. We will never get it.

Can Goby scan without host discovery?

Yes. Goby default mode is scan without ping, you can enable in settings.

Goby find out a shiro component, how to view it’s port number?

You can see at Banner and IP details page.

If the scanning rate is too high, will it fail to report?

The lower the rate, the less the false report.

How to change the default 8361 listening port?

Server Settings > Modify port

why the CPU usage will be high?

Website screenshots, crawlers and other functions will consume performance. You can optimize performance by configuring the number of concurrent crawlers, the maximum number of crawler links, and the maximum number of crawler analysis connections.

How does Goby log out from server?

Stop the service on server manually, overwrite the configuration on client with 127.0.0.1 8361.

Can Goby save title information when performing a web scan?

Yes. you can view in Web Finder.

How to use crawler?

You need to go to Settings> Asset Mapping to enable it. And optimize performance by configuring the number of concurrent crawlers, the maximum number of crawler links, and the maximum number of crawler analysis connections. The current host is crawled by default, you can also choose to crawl only the homepage.

Can the new version of PoC be imported to the old version?

Yes, select Vulnerability> PoC Management> Export your PoCs, and then import your PoCs.

How does Goby set up full port scanning?

Fill in the port input box with 1-65535.

How does Goby customize the dictionary?

Vulnerabilities> PoC management> Brute force cracking, add your own dictionary at the plus sign.

Why the verification of the vulnerability fails?

The verification of the vulnerability may require the machine to go out of the network, and there may be waf.

Does Goby support IPV6?

Not supported temporarily, we will improve it as soon as possible.

Dose Goby support http proxy?

Yes. Authentication agent: http://username:password@ip:port

non-authentication agent: http://ip:port

Why Goby can not detect weblogic CVE-2020-2551?

Gobyserver is on the external network and cannot be directly connected to the internal network server. You have to build verification server locally.

How to modify the reverse shell server as a local server?

Go to Settings> Advanced Settings

Change the God server type to Customize and configure the URL address.

How does Goby set up the socks proxy?

Go to settings> Scan settings

Set the proxy, set the password format according to the prompt, non-authenticated proxy format: socks5://ip:port

Why didn’t the crawler get the URL?

1. When using the crawler, make sure to use the goby client for proxy settings.

2. If you want to use proxifier, proxychains or other tools, you need to set a proxy for the Chrome browser, and then goby will also use the proxy to crawl it through headless chrome.

Crashes on MacOS

Mac frequently prompts for a password

Place Goby in the application directory.Running Goby as root.

NIC permissions command cannot be executed

Change $USER to the computer user name.

You don’t permission to cature on that device

Please set NIC permissions:

Step1. Open the Terminal,

Step2. Enter the command: cd /dev

Step3. Enter the command: sudo chown  $USER:admin bp*

(Notice: Change ‘$user’ to computer user name)

Crashes on Windows

Couldn’t load wpcap.dll

Please download pcap for Windows: https://nmap.org/npcap/dist/npcap-0.9995.exe

Npcap 0.9995 installer for Windows Vista/2008, 7/2008R2, 8/2012, 8.1/2012R2, 10/2016 (x86 and x64)

Why can’t Goby recognize the interface in the virtual machine?

Try to reinstall Npcap.

Crashes on Linux

You don’t permission to cature on that device

Solution1. Run the program with a root privilege account.

Solution2. Add the account to a group with administrator privileges.

Goby doesn’t work on Linux

1. centos:

Solution：yum install libXScrnSaver* -y

2. Ubuntu or Kali:

Solution：apt-get install libgconf2*

Goby cannot run on the CentOS Linux release 7.2.1511

Currently, pcap mode does not support ipv6, so we need to switch to TCP mode.

Other fatal errors

Failed to compile rules: could not open file

Please put Goby in the English directory file.

[ERROR] could not find any network interface.

Please select a correct network card on the setting page.

Error when startting Goby in command line

Please run goby-cmd in “\golib” directory to start the service:

Windows users: goby-cmd.exe -apiauth user:pass -mode api -bind 0.0.0.0:8361

MacOS users: ./goby-cmd -apiauth user:pass -mode api -bind 0.0.0.0:8361

Linux users: ./goby-cmd-linux -apiauth user:pass -mode api -bind 0.0.0.0:8361

error query

1. Goby can work. The service has not been started yet, wait for a while;

2. Cannot work, select the correct network adapter according to the prompts. If you are using MacOS, just give the network adapter recognition authority.

Cannot recognize network adapter

1. When using VPN, please select the correct network adapter; if VPN is not on, please select the local network adapter

2. Change the sokcet proxy settings

3. Install the latest version of npcap

4. Your IP may be banned by target.

Cannot scan through VPN

1. Wireshark can find the VPN network adapter, but Goby cannot.

After analysis, the bug of npcap caused the inability to recognize the IPv4 address of vpn. The solution is to upgrade npcap to a version above 0.9995.

2. Wireshark can not find the vpn network adapter, Goby either.

This problem also comes from npcap, we can not solve it.

The Chrome browser is installed but when try to enable the website screenshot and honeypot recognition function it still prompts that it is not installed.

Please check whether there are any space characters in the path. If there are no space characters, please provide us with your installation path for identification. Thank you very much.

Scanning stuck

Please go to data/logs to see if the log is still running, and feedback the log details to us.

Goby is not responding on the start screen

1. It may be blocked by anti-virus software.

2. Try the following:

Mac users: Move Goby to the application directory.

Wins and linux users: try to decompress again. It is possible that missing empty file or directories when decompressing.

Goby is blocked by Huorong Internet Security.How to turn off interception?

You can turn it off in Huorong>Firewall>Basics Protection

There is only Auto option at the network adapter

Reinstall npcap.

Download link:https://nmap.org/npcap/dist/npcap-0.9995.exe

The socks5 proxy format is correct but Goby reports an error

Please check the ip address, username and password.

The output of Goby vulnerability verification office is garbled

The Beta1.8.225 version has solved the problem.

Extensions

How many dictionary fields does the subdomain blasting extension include?

Currently 3k, support user-defined dictionary.

How to access the MSF extensions？

Configure the metasploit environment, and the metasploit installation path:

MacOS/Linux users: /Users/xxx/tmpbuild/metasploit-framework/msfconsole,

windows users: /metasploit-framework/bin/msfconsole.bat,

after the configuration is complete, create a new scan task, Click the MSF button on the vulnerability-related page.

After downloading the deserialization extension, put it in the specified directory, but Goby did not find it.

The extension has no display graphics but can be used normally.

How to configure fofa api?

1. Configure fofa api in new scanning place

2. Settings>Extensions Settings.

3. Extensions > downloaded > fofa extensions settings

Why configure fofa API to prompt unauthorized/401?

If you want to use FOFA, you must be a FOFA member (ordinary members can query 100 free entries, and senior members can query 10,000 free entries). Those who exceed the free times or non-members need to have enough F coins to pay for the inquiries.

Does Goby have extension to export URLs?

Yes. the ExportUrls extension can export URLs.

Where is extension directory?

The root directory of the extension is in \extensions, and the deserialized jar files are in the “\golib\external” directory.

Why using the xray extension keeps crashing

1. Parameter configuration error: different versions have different configuration information, please see the extension introduction for details.

2. The parameter configuration is correct: after xray scan completed, the cmd window will automatically exit.

After the xray plugin is configured correctly, there is no report at the end of the scan

1.If xray can not scanned the vulnerability, there will be no report;

2. Put rad in the same directory of xray.

Where does Goby use the Xray extension?

Use xray-crawler at the asset after the scan is completed.

Why can’t I download and install extensions in the extensions market?

Network jitter may cause problems. Solutions are as follow:

1. Copy the old version of the extension to the new version of the extension directory with one click, and restart Goby.

2. Go to https://github.com/Gobysec/GobyExtension/tree/master/samples to download and release files into the extension directory, then restart Goby.

 

 

 

xRay Web Vulnerability Scanner Advanced v1.8.4 x64 Full Activated – Discount 100% OFF

Acunetix Premium v14.7.220425114 Full Activated – CyberSecurity Tools – Discount 100% OFF

Burp Suite Professional Edition v2022.3.6 x64 Full Activated + Extensions – Discount 100% OFF

Internet Download Manager v6.40 Build 7 Multilingual Incl Full Activated – Discount 100% OFF

 

Software License : Red Team Special Edition

Version : 1.9.325

Price : $ 1910 – 1 Year

---