-
Notifications
You must be signed in to change notification settings - Fork 824
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adding option for no ping during port scan #75
Comments
Thanks for the idea, PRs are welcome if you want to do that? otherwise will see about getting the task assigned. |
ok perhaps the PR route makes the most sense. I'm completely new to posting I'll make the request On Wed, Jul 27, 2016 at 3:26 PM, J.Townsend notifications@github.com
|
In the notes section there is a git.txt |
The -Pn switch is already in use. This is also the default behavior the Nexpose uses. |
`f_scan(){
custom='1-1040,1050,1080,1099,1125,1158,1194,1214,1220,1344,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812,1813,1953,1959,2000,2002,2030,2049,2100,2121,2200,2202,2222,2301,2375,2381,2401,2433,2456,2500,2556,2628,2745,2780-2783,2947,3000,3001,3031,3121,3127,3128,3200,3201,3230-3235,3260,3268,3269,3306,3310, 3339,3389,3460,3500,3527,3632,3689,4000,4045,4100,4242,4369,4430,4443,4445,4661,4662,4711,4848,5000,5001,5009,5010,5019,5038,5040,5059,5060,5061,5101,5180,5190,5191,5192,5193,5250,5432,5554,5555,5560,5566,5631,5666,5672,5678,5800,5801,5802,5803,5804,5850,5900-6009,6101,6106,6112,6161,6346,6379,6588,6666,6667,6697,6777,7000,7001,7002,7070,7100,7210,7510,7634,7777,7778,8000,8001,8004,8005,8008,8009,8080,8081,8082,8083,8091,8098,8099,8100,8180,8181,8222,8332,8333,8383,8384,8400,8443,8444,8470-8480,8500,8787,8834,8866,8888,9090,9100,9101,9102,9160,9343,9470-9476,9480,9495,9996,9999,10000,10025,10168,11211,12000,12345,12346,13659,15000,16080,18181-18185,18207,18208,18231,18232,19150,19190,19191,20034,22226,27017,27374,27665,28784,30718,31337,32764,32768,32771,33333,35871,37172,38903,39991,39992,40096,46144,46824,49400,50000,50030,50060,50070,50075,50090,51080,51443,53050,54320,58847,60000,60010,60030,60148,60365,62078,63148'
full='1-65535'
udp='53,67,123,137,161,500,523,1434,1604,2302,3478,3671,4070,5353,6481,17185,31337,44818,47808'
yesping='-sP -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,49152'
noping='-Pn'
echo
echo -n "Perform ping scan? (y/N) "
read discping
if [ "$discping" == "y" ]; then
pingscans=$yesping
else
pingscans=$noping
fi
echo
echo -n "Perform full TCP port scan? (y/N) "
read scan
if [ "$scan" == "y" ]; then
tcp=$full
else
tcp=$custom
fi
echo
echo -n "Perform version detection? (y/N) "
read vdetection
if [ "$vdetection" == "y" ]; then
S='sSV'
U='sUV'
else
S='sS'
U='sU'
fi
echo
echo -n "Set scan delay. (0-5, enter for normal) "
read delay
Check for no answer
if [[ -z $delay ]]; then
delay='0'
fi
if [ $delay -lt 0 ] || [ $delay -gt 5 ]; then
f_error
fi
echo
echo $medium
nmap -iL $location --excludefile $excludefile -n -$S -$U $pingscans -p T:$tcp,U:$udp --max-retries 3 --min-rtt-timeout 100ms --max-rtt-timeout $maxrtt --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --open --stats-every 10s -g $sourceport --scan-delay $delay -oA $name/nmap
x=$(grep '(0 hosts up)' $name/nmap.nmap)
if [[ -n $x ]]; then
rm -rf "$name" tmp
echo
echo $medium
echo
echo "_Scan complete._"
echo
echo
echo -e "\x1B[1;33m[*] No live hosts were found.\x1B[0m"
echo
echo
exit
fi
Clean up
egrep -v '(0000:|0010:|0020:|0030:|0040:|0050:|0060:|0070:|0080:|0090:|00a0:|00b0:|00c0:|00d0:|1 hop|closed|guesses|GUESSING|filtered|fingerprint|FINGERPRINT|general purpose|initiated|latency|Network Distance|No exact OS|No OS matches|OS:|OS CPE|Please report|RTTVAR|scanned in|SF|unreachable|Warning|WARNING)'$name/nmap.nmap | sed 's/Nmap scan report for //' | sed '/^$ /! b end; n; /^$/d; : end' > $name/nmap.txt
grep -o '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' $name/nmap.nmap | $sip > $name/hosts.txt
hosts=$(wc -l $name/hosts.txt | cut -d ' ' -f1)
grep 'open' $name/nmap.txt | grep -v 'WARNING' | awk '{print $1}' | sort -un > $name/ports.txt
grep 'tcp' $name/ports.txt | cut -d '/' -f1 > $name/ports-tcp.txt
grep 'udp' $name/ports.txt | cut -d '/' -f1 > $name/ports-udp.txt
grep 'open' $name/nmap.txt | grep -v 'really open' | awk '{for (i=4;i<=NF;i++) {printf "%s%s",sep,$i;sep=" "}; printf "\n"}' | sed 's/^ //' | sort -u | sed '/^$ /d' > $name/banners.txt
for i in $(cat $name/ports-tcp.txt); do
TCPPORT=$i
cat $name/nmap.gnmap | grep " $i/open/tcp//http/| $i/open/tcp//http-alt/| $i/open/tcp//http-proxy/| $i/open/tcp//appserv-http/" |
sed -e 's/Host: //g' -e 's/ (.//g' -e 's.^.http://.g' -e "s/$/:$i/g" | $sip >> tmp
cat $name/nmap.gnmap | grep " $i/open/tcp//https/| $i/open/tcp//https-alt/| $i/open/tcp//ssl|giop/| $i/open/tcp//ssl|http/| $i/open/tcp//ssl|unknown/" |
sed -e 's/Host: //g' -e 's/ (.//g' -e 's.^.https://.g' -e "s/$/:$i/g" | $sip >> tmp2
done
sed 's/http:////g' tmp > $name/http.txt
sed 's/https:////g' tmp2 > $name/https.txt
Remove all empty files
find $name/ -type f -empty -exec rm {} +
}`
The text was updated successfully, but these errors were encountered: