Primary Use Case

Security professionals and penetration testers use Gosint to perform distributed asset discovery and vulnerability assessments across multiple hosts or networks. It enables scalable scanning by deploying multiple clients and automates risk assessment with real-time alerts, making it suitable for continuous security monitoring and management.

Key Features

Distributed deployment supporting multiple client nodes

Customizable scanning engines and plugins

Docker-based one-click deployment

Real-time vulnerability notification via email and enterprise WeChat

Integration with third-party tools like xray, nuclei, subfinder, naabu

Task scheduling and monitoring using Celery and Flower

Support for multiple brokers/backends (RabbitMQ, Redis)

Configurable domain and CNAME blacklists

Insights & Recommendations

Before use, users must agree to the tool's disclaimer. Some scanning plugins require additional licenses or API tokens (e.g., xray license, FOFA API). It is highly recommended to replace all default passwords and webhook paths in production to prevent unauthorized access. The platform relies on RabbitMQ and Redis for task distribution and result collection, so appropriate ports must be open. Real-time notifications require configuring email or enterprise WeChat tokens. Monitoring of distributed tasks is available via Celery Flower with basic authentication, which should also be secured with strong credentials.

Installation

Install Docker and Docker-Compose on the server
Clone the gosint repository
Navigate to the gosint directory
Run 'docker-compose up -d --build' to start the server
For clients, upload the gosint/client directory to VPS or machines
Configure client plugins in client/config.ini
Modify client/docker-compose.yml to point to the server's broker and backend
Run 'docker-compose up -d --build' in client directory to start client nodes
Configure xray licenses by placing xray-license.lic in specified tool directories
Set up FOFA API keys and other third-party tool tokens in client/config.yaml

Usage

docker-compose up -d --build

Builds and starts the gosint server or client services in detached mode using Docker.

python3 -m celery -A gosint worker -Q server -n server -l info

Starts the Celery worker for the server task queue.

python3 -m celery -A fileleak worker -l info -Q fileleak

Starts the Celery worker for the 'fileleak' scanning plugin.

python3 manage.py migrate

Applies Django database migrations.

python3 manage.py runserver

Runs the Django web server in development mode.

vim client/config.ini

Edits the client configuration to enable or disable scanning plugins.

vim client/docker-compose.yml

Modifies client Docker Compose file to set server IP and broker/backend addresses.

python manage.py shell -c "from django.contrib.auth.models import User; User.objects.create_superuser('gosint', 'root@ohlinge.cn', 'gosint') if not User.objects.filter(username='gosint').exists() else 0"

Creates a default Django superuser if it does not exist.

docker run -it -d -p 6379:6379 redis redis-server

Starts a Redis server container for local development.

Smart Usage Notes

Integrate Gosint with automated exploitation frameworks like Metasploit to enable seamless transition from discovery to exploitation in red team exercises.Leverage the distributed scanning capability to scale asset discovery across large, segmented networks for continuous vulnerability management.Use real-time notifications to accelerate incident response workflows and reduce time-to-remediation for detected vulnerabilities.Customize scanning plugins to tailor assessments to specific environments or threat models, enhancing detection accuracy.Incorporate Gosint scanning results into SIEM or SOAR platforms to enrich alert context and automate triage processes.

OpenSec Atlas

gosint

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like