-
Notifications
You must be signed in to change notification settings - Fork 0
Port Scanning
Menu key: 2 · File: lib/modules/scan.sh · Entry point:
kraken_scan_run
Discovers open TCP ports and, where possible, the services and versions behind them.
When nmap is on PATH, the module runs two phases:
| Phase | Command | Output |
|---|---|---|
| 1 – quick | nmap -Pn -T4 --top-ports 100 <target> |
nmap_quick.txt |
| 2 – services | nmap -Pn -sV --open <target> |
nmap_services.txt |
-Pn skips host discovery (treats the host as up), -T4 is the
aggressive-but-sane timing template, --top-ports 100 keeps phase 1
fast, and -sV --open probes service versions while reporting only
open ports. After scanning, open ports are echoed to the console.
Some nmap features (SYN scans, OS detection) need raw sockets, run Kraken with
sudofor those. See Usage.
If nmap is missing, Kraken uses a pure-Bash probe over /dev/tcp
against a fixed list of common ports:
21 22 23 25 53 80 110 143 443 445 3306 3389 5432 8080 8443
Each port is tested with a 2-second timeout. Open ports are written
to bash_scan.txt. This needs no external tooling at all, but it is
slower and does no version detection.
[*] Launching port scanning module...
[?] Enter target IP/domain: scanme.nmap.org
[+] Output directory: kraken_output/demo/scan_scanme.nmap.org
[*] Scanning with nmap (this may take a while)...
[*] Phase 1: Quick scan (top 100 ports)...
[*] Phase 2: Service version detection...
[+] Nmap scan complete
═══ Open Ports ═══
[+] 22/tcp open ssh OpenSSH 6.6.1p1
[+] 80/tcp open http Apache httpd 2.4.7
[+] Port scanning complete!
kraken_output/<session>/scan_<target>/
nmap_quick.txt # phase 1 (nmap)
nmap_services.txt # phase 2 (nmap)
bash_scan.txt # fallback only
The report module counts open ports from nmap_services.txt (or
bash_scan.txt) for the executive summary. See Reporting.
Kraken Pentest Framework · MIT License · Maintained by Melvin PETIT · For authorized security testing only.
Getting started
Reference
Modules
Development
More