maxx

command module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2025 License: GPL-3.0 Imports: 2 Imported by: 0

README ΒΆ

maxx

Latest releaseGitHub Release DateGitHub All ReleasesGitHub issues

This tool is intended for use by authorized security testers only. Unauthorized testing is prohibited and will be at your own risk.

δΈ­ζ–‡

MaXx

MaXx is a modular network security scanner combining:

  • Port scanning with service fingerprinting (√)
  • Credential auditing (Brute-force & dictionary attacks) (√)
  • Vulnerability assessment (CVE detection) (√)
  • Automated exploit chaining (Beta:Coming soon)

If you like this tool, please star it~

About Port Scanning

About Service Cracking

For webshell brute-force details, refer to docs/webshell

About Vulnerability Scanning

Snapshot

πŸš€ Project Roadmap

πŸ“… June: WebShell Detection & Brute-Force Module
  • Compact Webshell Detection: Supports fingerprinting and brute-force attacks for common PHP/ASP/JSP one-liner webshells
  • Advanced Webshell Analysis: Capable of identifying and testing popular frameworks (Godzilla/Ice Scorpion, Behinder/Chopper)
  • Intelligent Form Cracking: Automated login brute-forcing with integrated CAPTCHA bypass (OCR/TensorFlow)
🌞 July-August: OWASP Top 10 Scanner
  • Comprehensive Vulnerability Assessment: Full coverage of OWASP Top 10 threats (SQLi, XSS, CSRF, etc.) with CTF/red team optimizations
  • Adaptive Payload Engine: Context-aware attack vector generation with false-positive reduction
  • Risk Prioritization: Automated CVSS scoring and remediation guidance
πŸ‚ September-October: Asset Discovery Suite
  • High-Performance Port Scanning: Async TCP/UDP scanning with service correlation
  • Precision Fingerprinting: Version detection for 2000+ web apps/middleware/databases
  • Integrated PoC Framework: Native support for nuclei/xray templates with validation checks
❄️ December: Autonomous Security Platform
  • End-to-End Pentesting: Unified workflow (Discovery β†’ Credential Testing β†’ Vuln Scanning β†’ Exploitation)
  • Executive Reporting: Auto-generated reports with executive summaries and technical details
  • Exploitation Chaining: Conditional attack paths based on vulnerability relationships

Reference Projects

https://github.com/chainreactors/zombie

https://github.com/lcvvvv/kscan

Documentation ΒΆ

The Go Gopher

There is no documentation for this package.

Source Files ΒΆ

View all Source files

Directories ΒΆ

Path Synopsis
attack
crack
scan
types
vuln
examples
call command
libs
C-Sto/goWMIExec/pkg/ntlmssp
C-Sto/goWMIExec/pkg/rpce
C-Sto/goWMIExec/pkg/uuid
C-Sto/goWMIExec/pkg/wmiexec
codec
color
common
cpe
encode
finger
gonmap
gonmap/simplenet
grdp
grdp/core
grdp/emission
grdp/glog
grdp/protocol/lic
grdp/protocol/nla
grdp/protocol/pdu
grdp/protocol/rfb
rfb.go
 rfb.go
grdp/protocol/sec
grdp/protocol/t125
grdp/protocol/t125/ber
grdp/protocol/t125/gcc
grdp/protocol/t125/per
grdp/protocol/tpkt
grdp/protocol/x224
ping
progressbar
slog
socketx
stdio
stdio/chinese
uhttp
urandom
uslice
utcp
utils
webshell
webshell/lib/charset
webshell/lib/dynamic
webshell/lib/encrypt
webshell/lib/gzip
webshell/lib/httpx
webshell/lib/payloads
webshell/lib/shell
webshell/lib/shell/behinder
webshell/lib/shell/godzilla
webshell/lib/shell/godzilla/plugins
webshell/lib/tools
webshell/lib/utils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.