Ladon: Powerful Internal Network Penetration Scanner 🛡
Overview 🚀
Ladon is a large-scale internal network penetration scanner, domain penetration, and lateral movement tool. It supports:
PowerShell modules
Cobalt Strike plugins
Memory loading
Fileless scanning
Ladon includes:
✅ Port scanning
✅ Service identification
✅ Network asset detection
✅ Password auditing
✅ High-risk vulnerability detection
✅ Exploitation
✅ Credential extraction
✅ One-click GetShell
It supports scanning across A/B/C network segments and cross-segment scanning, as well as scanning URLs, hosts, and domain lists.
Features in Version 12.2 ⚡️
🔹 262 built-in modules
🔹 30+ network asset detection protocols (ICMP, NBT, DNS, MAC, SMB, WMI, SSH, HTTP, HTTPS, Exchange, MSSQL, FTP, RDP, etc.)
🔹 Quickly obtains network information: Live IPs, computer names, workgroups, shared resources, MAC addresses, OS versions, websites, subdomains, middleware, services, routers, switches, databases, printers, etc.
🔹 16+ high-risk vulnerability detections, including Cisco, Zimbra, Exchange, DrayTek, MS17010, SMBGhost, WebLogic, ActiveMQ, Tomcat, Struts2, and Printer vulnerabilities.
🔹 25+ password auditing modules (MySQL, Oracle, MSSQL, FTP, SSH, VNC, Windows (LDAP, SMB/IPC, NBT, WMI, SmbHash, WmiHash, Winrm), BasicAuth, Tomcat, WebLogic, RAR, etc.)
🔹 Remote command execution, including smbexec, wmiexe, psexec, atexec, sshexec, webshell.
🔹 135+ web fingerprint recognition modules (web apps, middleware, script types, page types, etc.)
🔹 21+ local privilege escalation methods, including SweetPotato, BadPotato, EfsPotato, BypassUAC.
🔹 Highly customizable plugins, supporting .NET assemblies, DLLs (C#/Delphi/VC), PowerShell scripts.
🔹 INI configuration support, allowing batch execution of external programs or commands.
🔹 Exploit generator, enabling one-click generation of vulnerability POCs/EXPs.
🔹 Cobalt Strike plugin support, allowing in-memory loading for fast lateral movement.
Easy to Use 🎯
Despite its vast features, Ladon is extremely easy to use.
With just one or two parameters, you can use 90% of its functions!
Each module functions like a standalone tool.
System Requirements 💻
Windows
Works on Windows systems with .NET 2.0+ installed. (Windows 7+ includes .NET by default.)
Compatible with Cmd, PowerShell, Remote Cmd, WebShell, and Cobalt Strike in-memory execution.
Ladon.ps1 supports Windows 7 to Windows 11 (2025 PowerShell) for remote, fileless penetration.
Cross-Platform (LadonGo) 🌍
LadonGo supports Linux, Mac, ARM, MIPS, routers, and network devices.
Practical Challenges 🔄
In real-world scenarios, internal network forwarding may be slow or fail, requiring tool uploads.
Some environments struggle with uploading large files (e.g., Python binaries of dozens of MBs).
Ladon, developed in C#, is only ~500KB—small enough to upload even in restricted environments.
If uploading fails, PowerShell remote memory loading can be used, which is superior to Python or Go binaries.
Mission 🎯
Providing an all-in-one, easy-to-use, feature-rich, and highly flexible scanning tool for users.
Key Features 🌟
✅ Low scanning traffic
✅ Small program size
✅ Powerful features
✅ Easy to use
✅ Supports multiple programming languages for plugins
✅ Cross-platform support (Windows, Kali, Ubuntu, etc.)
✅ Cobalt Strike plugin integration
✅ PowerShell fileless penetration
✅ Exploit generator for one-click POC creation
✅ Multiple versions to suit different environments Supported Parameters ⚙️
1️⃣ Scan a specific IP
2️⃣ Scan a specific domain name
3️⃣ Scan a specific hostname
4️⃣ Scan a specific C-class network (ip/24)
5️⃣ Scan a specific B-class network (ip/16)
6️⃣ Scan a specific A-class network (ip/8)
7️⃣ Scan a specific URL
8️⃣ Batch scan IPs (ip.txt)
9️⃣ Batch scan C-class networks (ip24.txt)
🔟 Batch scan C-class networks (ipc.txt)
1️⃣1️⃣ Batch scan B-class networks (ip16.txt)
1️⃣2️⃣ Batch scan URLs (url.txt)
1️⃣3️⃣ Batch scan domains (domain.txt)
1️⃣4️⃣ Batch scan hostnames (host.txt)
1️⃣5️⃣ Batch scan country-based CIDR segments (cidr.txt)
1️⃣6️⃣ Batch scan a string list (str.txt)
1️⃣7️⃣ Scan host credential lists (check.txt)
1️⃣8️⃣ Scan user-password lists (userpass.txt)
1️⃣9️⃣ Scan a specific C-class network range
2️⃣0️⃣ Load custom DLLs (C# only)
2️⃣1️⃣ Load custom EXEs (C# only)
2️⃣2️⃣ Load custom INI configuration files
2️⃣3️⃣ Load custom PowerShell scripts
2️⃣4️⃣ Execute custom programs (system commands or third-party scripts in any language)
2️⃣5️⃣ Plugins supporting C#/Delphi/Golang/Python/VC/PowerShell
2️⃣6️⃣ Cobalt Strike integration (Beacon command-line scanning for internal or external targets)
2️⃣7️⃣ CIDR format IP scanning (e.g., 100.64.0.0/10, 192.168.1.1/20)
2️⃣8️⃣ Customizable password brute-force via INI configuration
🔥 Ladon is a powerful, flexible, and lightweight penetration testing tool! 🔥