OpenSecAtlas
OPENSECATLAS
11/12 free views
Tool
Web Service
Vulnerability Management

gosint

by 1in9e

427stars
88forks
10watchers
Updated 8 months ago
About

Gosint is a distributed platform for asset information collection and vulnerability scanning with customizable scanning engines and real-time notifications.

Gosint is a distributed asset information collection and vulnerability scanning platform

Primary Use Case

Security professionals and penetration testers use Gosint to perform distributed asset discovery and vulnerability assessments across multiple hosts or networks. It enables scalable scanning by deploying multiple clients and automates risk assessment with real-time alerts, making it suitable for continuous security monitoring and management.

Key Features
  • Distributed deployment supporting multiple client nodes
  • Customizable scanning engines and plugins
  • Docker-based one-click deployment
  • Real-time vulnerability notification via email and enterprise WeChat
  • Integration with third-party tools like xray, nuclei, subfinder, naabu
  • Task scheduling and monitoring using Celery and Flower
  • Support for multiple brokers/backends (RabbitMQ, Redis)
  • Configurable domain and CNAME blacklists

Installation

  • Install Docker and Docker-Compose on the server
  • Clone the gosint repository
  • Navigate to the gosint directory
  • Run 'docker-compose up -d --build' to start the server
  • For clients, upload the gosint/client directory to VPS or machines
  • Configure client plugins in client/config.ini
  • Modify client/docker-compose.yml to point to the server's broker and backend
  • Run 'docker-compose up -d --build' in client directory to start client nodes
  • Configure xray licenses by placing xray-license.lic in specified tool directories
  • Set up FOFA API keys and other third-party tool tokens in client/config.yaml

Usage

>_ docker-compose up -d --build

Builds and starts the gosint server or client services in detached mode using Docker.

>_ python3 -m celery -A gosint worker -Q server -n server -l info

Starts the Celery worker for the server task queue.

>_ python3 -m celery -A fileleak worker -l info -Q fileleak

Starts the Celery worker for the 'fileleak' scanning plugin.

>_ python3 manage.py migrate

Applies Django database migrations.

>_ python3 manage.py runserver

Runs the Django web server in development mode.

>_ vim client/config.ini

Edits the client configuration to enable or disable scanning plugins.

>_ vim client/docker-compose.yml

Modifies client Docker Compose file to set server IP and broker/backend addresses.

>_ python manage.py shell -c "from django.contrib.auth.models import User; User.objects.create_superuser('gosint', '[email protected]', 'gosint') if not User.objects.filter(username='gosint').exists() else 0"

Creates a default Django superuser if it does not exist.

>_ docker run -it -d -p 6379:6379 redis redis-server

Starts a Redis server container for local development.

Security Frameworks
Reconnaissance
Discovery
Collection
Initial Access
Impact
Usage Insights
  • Integrate Gosint with automated exploitation frameworks like Metasploit to enable seamless transition from discovery to exploitation in red team exercises.
  • Leverage the distributed scanning capability to scale asset discovery across large, segmented networks for continuous vulnerability management.
  • Use real-time notifications to accelerate incident response workflows and reduce time-to-remediation for detected vulnerabilities.
  • Customize scanning plugins to tailor assessments to specific environments or threat models, enhancing detection accuracy.
  • Incorporate Gosint scanning results into SIEM or SOAR platforms to enrich alert context and automate triage processes.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about gosint. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile
Red Team80%
Blue Team60%
Purple Team70%
Details
LanguageJavaScript
Open Issues37
Topics
osint
information-security
information-gathering
bugbounty
security-tools

Related Tools

trivy icon

trivy

aquasecurity/trivy

Tool

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

32.3K
about 1 month ago
nuclei icon

nuclei

projectdiscovery/nuclei

Tool

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

26.6K
3 months ago
lynis icon

lynis

CISOfy/lynis

Tool

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

15.1K
3 months ago
vuls icon

vuls

future-architect/vuls

Tool

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

11.9K
3 months ago
oss-fuzz icon

oss-fuzz

google/oss-fuzz

Tool

OSS-Fuzz - continuous fuzzing for open source software.

11.8K
3 months ago
nuclei-templates icon

nuclei-templates

projectdiscovery/nuclei-templates

Template

Community curated list of templates for the nuclei engine to find security vulnerabilities.

11.8K
3 months ago