Dismap is a powerful asset discovery and identification tool designed for security professionals. It rapidly identifies protocols and fingerprints across web, TCP, and UDP services, making it ideal for both internal and external network assessments.
- Comprehensive Protocol Support: Identifies TCP, UDP, and TLS protocols
- Extensive Fingerprint Database: Over 4,500 web fingerprint rules
- Multi-Target Detection: Analyzes favicon, response body, headers, and more
- Network Flexibility: Works seamlessly on both internal and external networks
- Fast Performance: Concurrent scanning with customizable thread counts
- Red Team: Quickly locate potential risk assets and attack surfaces
- Blue Team: Detect suspected vulnerable assets and security weaknesses
- Asset Management: Maintain an up-to-date inventory of network services
Note: Version 0.3 introduces JSON output format. Integration with vulmap vulnerability scanner will be available in vulmap >= 1.0.
Dismap is distributed as a standalone binary for Linux, MacOS, and Windows. Download the appropriate version from the Releases page.
chmod +x dismap-0.3-linux-amd64
./dismap-0.3-linux-amd64 -hdismap-0.3-windows-amd64.exe -h
| Option | Description |
|---|---|
-f, --file |
Parse targets from a specified file for batch scanning |
-h, --help |
Display help information |
-i, --ip |
Specify network segment (e.g., -i 192.168.1.0/24 or -i 192.168.1.1-10) |
-j, --json |
Save scan results in JSON format (e.g., -j results.json) |
-l, --level |
Set log level: 0=Fatal, 1=Error, 2=Info, 3=Warning (default), 4=Debug, 5=Verbose |
-m, --mode |
Specify protocol to scan (e.g., -m mysql or -m http) |
--nc |
Disable colored output |
--np |
Skip ICMP/PING host discovery |
-o, --output |
Save scan results to text file (default: output.txt) |
-p, --port |
Define custom port range (e.g., -p 80,443 or -p 1-65535) |
--proxy |
Use proxy for scanning (supports HTTP/SOCKS5, e.g., --proxy socks5://127.0.0.1:1080) |
-t, --thread |
Set number of concurrent threads (default: 500) |
--timeout |
Configure response timeout in seconds (default: 5) |
--type |
Specify connection type (e.g., --type tcp or --type udp) |
-u, --uri |
Scan a specific target URI (e.g., -u https://example.com) |
./dismap -i 192.168.1.0/24./dismap -i 192.168.1.0/24 -o results.txt -j results.json./dismap -i 192.168.1.0/24 --np --timeout 10./dismap -i 192.168.1.0/24 -t 1000./dismap -u https://github.com/zhzyker/dismap./dismap -u mysql://192.168.1.1:3306./dismap -i 192.168.1.0/24 -p 1-65535- Bug Reports & Feature Requests: GitHub Issues
- Twitter: hzyker
The complete fingerprint rule base is defined in rule.go as a structured format.
Rule:
Name: "rule_name" // Define the rule name
Type: "header|body|ico" // Detection types (can be combined)
Mode: "and|or" // Logical operator for Type evaluation
Rule:
InBody: "string" // String that must exist in response body
InHeader: "string" // String that must exist in response header
InIcoMd5: "md5_hash" // MD5 hash of favicon.ico
Http:
ReqMethod: "GET|POST" // HTTP request method
ReqPath: "string" // Custom request path
ReqHeader: []string // Custom HTTP headers
ReqBody: "string" // Custom POST request bodyDetect Apache Flink by checking for <flink-root></flink-root> in the response body:
{"Apache Flink", "body", "", InStr{"(<flink-root></flink-root>)", "", ""}, ReqHttp{"", "", nil, ""}}Detect Apache OFBiz by requesting a custom path and checking either header or body (supports regex):
{"Apache OFBiz", "body|header", "or", InStr{"(Apache OFBiz|apache.ofbiz)", "(Set-Cookie: OFBiz.Visitor=(.*))", ""}, ReqHttp{"GET", "/myportal/control/main", nil, ""}}Valid Combinations β
"body|header|ico", "or""body|header|ico", "or|and""body|ico", "and"
Invalid Combinations β
"body|body", "or"(duplicate type)
Alternative for Multiple Body Checks
Instead of repeating types, use regex patterns:
"body", "", InStr{"(string1|string2)", "", ""}This project is licensed under the GPL License. See the repository for details.