# shadow1ng/fscan

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/shadow1ng-fscan).**

13,421 stars · 1,860 forks · Go · mit

## Links

- GitHub: https://github.com/shadow1ng/fscan
- awesome-repositories: https://awesome-repositories.com/repository/shadow1ng-fscan.md

## Description

Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments.

The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing password strength and supports proxy-aware traffic routing to facilitate operations within segmented or restricted network segments.

Beyond core discovery, the platform provides capabilities for post-exploitation security operations, including system information collection and remote access management. Users can control scan performance through configurable concurrency and rate limits, with options to manage tasks via both command-line execution and a graphical web interface.

## Tags

### Security & Cryptography

- [Penetration Testing Tools](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/penetration-testing-tools.md) — Functions as an automated penetration testing tool for network reconnaissance, credential brute-forcing, and vulnerability assessment.
- [Vulnerability Scanners](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/vulnerability-scanners.md) — Automates the identification of open ports, active services, and security weaknesses across internal network infrastructures.
- [Network Reconnaissance Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/network-reconnaissance-tools.md) — Automates the identification of network assets, services, and security weaknesses. ([source](https://github.com/shadow1ng/fscan#readme))
- [Vulnerability Assessment Frameworks](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/reconnaissance-assessment-platforms/vulnerability-assessment-frameworks.md) — Provides a framework for automated vulnerability assessment and security testing.
- [Vulnerability Scanning](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning.md) — Executes integrated security checks to detect high-risk vulnerabilities and misconfigurations. ([source](https://github.com/shadow1ng/fscan#readme))
- [Credential Testing Utilities](https://awesome-repositories.com/f/security-cryptography/identity-based-access-control/credential-based-access-controls/credential-testing-utilities.md) — Tests credential strength by attempting authentication against target services. ([source](https://github.com/shadow1ng/fscan#readme))
- [Post-Exploitation Tools](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/offensive-red-team/offensive-security-frameworks/post-exploitation-tools.md) — Includes post-exploitation capabilities for system information collection, credential extraction, and remote access management on compromised hosts. ([source](https://github.com/shadow1ng/fscan#readme))
- [Brute Force Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/brute-force-tools.md) — Provides an automated engine for testing authentication strength through credential guessing.
- [Credential Brute-Forcing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/credential-brute-forcing.md) — Evaluates system access security by performing automated credential brute-force attempts.
- [Security Vulnerabilities](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities.md) — Identifies security flaws and misconfigurations across network services. ([source](https://github.com/shadow1ng/fscan#readme))

### DevOps & Infrastructure

- [Security Assessment Frameworks](https://awesome-repositories.com/f/devops-infrastructure/security-automation-workflows/security-assessment-frameworks.md) — Acts as a comprehensive security assessment framework for discovering assets and testing security across internal network environments.
- [Scan Orchestration](https://awesome-repositories.com/f/devops-infrastructure/scan-orchestration.md) — Optimizes scan performance by configuring concurrency and rate limits. ([source](https://github.com/shadow1ng/fscan#readme))
- [Web Dashboards](https://awesome-repositories.com/f/devops-infrastructure/scan-orchestration/web-dashboards.md) — Provides a graphical web interface for managing and monitoring security scans. ([source](https://github.com/shadow1ng/fscan#readme))

### Networking & Communication

- [Network Scanning Tools](https://awesome-repositories.com/f/networking-communication/network-scanning-tools.md) — Scans network surfaces to identify open ports and active services. ([source](https://github.com/shadow1ng/fscan#readme))
- [Traffic Routing Proxies](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-infrastructure-configuration/network-infrastructure/traffic-routing-proxies.md) — Routes scanning traffic through proxies to bypass network restrictions. ([source](https://github.com/shadow1ng/fscan#readme))
- [Traffic Proxying](https://awesome-repositories.com/f/networking-communication/traffic-proxying.md) — Intercepts and tunnels network traffic through proxies for scanning in restricted environments.

### Software Engineering & Architecture

- [Modular Plugin Architectures](https://awesome-repositories.com/f/software-engineering-architecture/modular-plugin-architectures.md) — Supports extensible security checks through a modular plugin architecture.
- [Worker Pool Models](https://awesome-repositories.com/f/software-engineering-architecture/worker-pool-models.md) — Distributes scanning tasks across parallel threads to maximize network throughput.

### Data & Databases

- [Asset Registries](https://awesome-repositories.com/f/data-databases/in-memory-databases/in-memory-state-stores/asset-registries.md) — Maintains an in-memory registry of discovered hosts and services to prevent redundant scanning.

### System Administration & Monitoring

- [Event-Driven I/O](https://awesome-repositories.com/f/system-administration-monitoring/administrative-operations/linux-system-administration/networking/connection-lifecycle-management/parallel-network-i-o/event-driven-i-o.md) — Uses non-blocking socket operations to manage high-concurrency network connections efficiently.