What will you getting then?
Generate full assets database
Built for security experts
Fastest, check only potentially affected assets
Extensible and customizable
Want even more features? Goby has built-in expansion capabilities. Under the extension API blessing, asset Scanning, vulnerability scanning, themes can be customized or enhanced.
FOFA is a powerful mapping tool for cyberspace assets.
Elasticsearch unauthorized vulnerability exploit tool, and supports viewing the Indices information.
Xray is a web crawler tool.
Query the IP and ports with Shodan, and support importing JSON files downloaded by Shodan.
Input the root domain, brute force subdomain.
Hikvision vulnerability validation tool and returns a snapshot.
RapidDNS is a dns query tool which make querying subdomains or sites of a same ip easy!
Super Saiyan theme.
Goby Professional Benefits
The richest device rule set
More than 100,000 rule identification engines are pre-set in Goby, which can identify and classify hardware equipment and software business system automatically and comprehensively analyze the business system that exists in a network. It currently supports more than 100,000 devices and business systems. Hardware coverage: network equipment, Internet of things equipment, network security products, office equipment, etc. Software coverage: CRM, CMS, EMAIL, OA system, etc.
Most Lightweight protocol identification
More than 200 protocol identification engines are pre-set in Goby, covering networking protocol, database protocol, IoT protocol, ICS protocol, etc. Through very lightweight Iperf, it can quickly analyze the protocol information corresponding to the port, with fast speed and little impact on target equipment.
Port grouping based on rich attack and defense experience
Our security designer summarized the port grouping of different scenarios through the front-line security practice to ensure the most efficient output. It is not possible for penetration test personnel to scan ports 1-65535 on a large network for full coverage, and thus determining port grouping is particularly important. Currently we have screened over 300 ports for scanning to ensure the highest input-output ratio.
Vulnerability framework based on daily community updates
The vulnerability engine with the most effective attack is pre-set in Goby, covering the most serious vulnerabilities such as Weblogic and Tomcat. A large amount of vulnerability information is generated from the Internet (such as CVE) every day, and we screened the vulnerabilities that would be used for real attacks for daily updates. Goby also provides a customizable vulnerability checking framework. A large number of security practitioners on the Internet are motivated to contribute POC to ensure continuous emergency response capability. Meanwhile, we believe that the real-effect-based checks are more valuable than version-based comparisons.
The most comprehensive default password detection
Almost any device will have a default account or even a backdoor account, and the traditional brute force attach mode is not optimal. Pre-set account information of more than 1,000 devices are pre-set in Goby for targeted inspection, ensuring the accuracy and efficiency of risk identification. Of course, Goby has built-in brute force attack testing of custom dictionaries for various protocols.
Meet Cyberspace Mapping
The core idea of cyberspace mapping technology is: a knowledge base is established by first analyzing the rules of the target network IT assets, which is a new technology that can manage safety emergency in the shortest time in the event of a security incident. Different from traditional port scanning and vulnerability scanning, Goby only deals with vulnerability emergency in a small affected area, and thus this method is the fastest and has the least impact on the target network.
The current of Goby is