Nray is a free, platform and architecture independent port and application layer scanner. Apart from regular targets (list of hosts/networks), it supports dynamic target selection, based on source like certificate transparency logs or LDAP. Furthermore, nray allow to run in a distributed manner to speed up scans and to perform scans from different vantage points. Event-based results allow to further process information during the scan, e.g. using tools like
jq or full-blown data analysis platforms like elasticsearch or Splunk.
This is the main repository where nray is developed. Downloads are here. If you are looking for user documentation, have a look at the project homepage. For information related to developing and contributing to nray, continue reading.
Nray is written in pure Go and its versioning follows the semantic versioning model. The development follows Vincent Driessen's "A successful git branching" model, therefore we try to keep the
master branch stable and in line with releases whereas development happens on the
development branch as well as branches derived from there.
Nray introduces fresh ideas when it comes to target selection and result processing:
- Target selection:
- IP, domain names and network lists - the usual stuff.
- Nray allows to observe the certificate transparency log and extract domain names from certificates issued nearly in real time.
- Nray can connect to LDAP (e.g. Active Directory) and perform arbitrary queries, e.g. obtain all registered computer objects and extract their FQDNs.
- DNS zone transfer planned.
- An event stream encoded as JSON data allows to search and use the results while the scan is still running.
- Native elasticsearch integration: Scan results are stored in your elasticsearch cluster as they arrive. Easily search and analyze the results of your network scans to gain valuable high-level insights.
- Splunk and metasploit planned.
- Modularity: Want to integrate your CMDB or network inventory to nray? You prefer .csv output because it opens in Excel? Target selection and event processing is built in a modular way, therefore it should not be too hard for you to adapt nray to your requirements.
Nray allows to perform application layer scans for selected protocols, e.g. SSH or HTTP, using the ZGrab2 framework. The results are, of course, fully integrated into the event-based JSON result stream.
As mentioned, nray is designed as distributed network scanner. The server-client model allows to spin up an arbitrary number of nodes that perform a scan orchestrated by a server. This allows to scale scan speed linearly by introducing more nodes or to create network views by scanning from different vantage points.
Care was taken to mostly stay in line with Go's build system, meaning that the project can be built with a plain
go build. Nray is written in pure Go and care was taken to select only dependencies that also fulfill this requirement, therefore a standard Go installation (plus git) is enough to build nray on and for any supported platform.
Nevertheless, there is a makefile that is supposed to be used for building production versions (
make release) - it ensures that no C dependencies are linked in and symbols are stripped from binaries to save space. Also, binaries for most common operating systems are created automatically. A call to
make will build a local development version, tailored to your current OS and architecture with C libraries and Go's race detector linked in.
go build - in case cross compiling is desired,
GOARCH parameters control target OS and architecture. For nodes, it is possible to inject server location and port directly into the binary:
go build -ldflags "-X main.server=10.0.0.1 -X main.port=8601". To get smaller binaries, strip stuff that is not necessary away via
-ldflags="-s -w" when calling
go build. If you need to rebuild the protobuf schemas (this is not required unless you change the wire protocol!), run
make create-schemas (which requires the protobuf compiler on your system).
Contributing and Development of nray
Just grab the code and fix stuff that annoys you or hack in new awesome features! Every contribution is welcome and the goal is to make nray an awesome project for users and contributors!
Your code should pass standard checks performed by go vet and go lint. I recommend using Visual Studio Code with its Go support enabled, it is a really good IDE that brings such issues up early. Nray is always developed against the latest Go release, so if you are having trouble building nray, check if you have the latest go version installed.
Before opening issues, please check
- Did you read the documentation?
- Are there already similar issues?
- Provide as much environment information as possible: Architecture, operating system, Go version, configuration used etc.
- Try to give steps on how to reproduce the error
- Please use proper formatting, especially for logs (code tags). This greatly increases readability and the chance that somebody looks after your issue.
Copyright 2019 by Michael Eder. Licensed under GPLv3. See LICENSE.
More at: https://github.com/nray-scanner/nray
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky