Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding option for no ping during port scan #75

Closed
ifrane opened this issue Jul 27, 2016 · 4 comments
Closed

adding option for no ping during port scan #75

ifrane opened this issue Jul 27, 2016 · 4 comments

Comments

@ifrane
Copy link

ifrane commented Jul 27, 2016

`f_scan(){
custom='1-1040,1050,1080,1099,1125,1158,1194,1214,1220,1344,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812,1813,1953,1959,2000,2002,2030,2049,2100,2121,2200,2202,2222,2301,2375,2381,2401,2433,2456,2500,2556,2628,2745,2780-2783,2947,3000,3001,3031,3121,3127,3128,3200,3201,3230-3235,3260,3268,3269,3306,3310, 3339,3389,3460,3500,3527,3632,3689,4000,4045,4100,4242,4369,4430,4443,4445,4661,4662,4711,4848,5000,5001,5009,5010,5019,5038,5040,5059,5060,5061,5101,5180,5190,5191,5192,5193,5250,5432,5554,5555,5560,5566,5631,5666,5672,5678,5800,5801,5802,5803,5804,5850,5900-6009,6101,6106,6112,6161,6346,6379,6588,6666,6667,6697,6777,7000,7001,7002,7070,7100,7210,7510,7634,7777,7778,8000,8001,8004,8005,8008,8009,8080,8081,8082,8083,8091,8098,8099,8100,8180,8181,8222,8332,8333,8383,8384,8400,8443,8444,8470-8480,8500,8787,8834,8866,8888,9090,9100,9101,9102,9160,9343,9470-9476,9480,9495,9996,9999,10000,10025,10168,11211,12000,12345,12346,13659,15000,16080,18181-18185,18207,18208,18231,18232,19150,19190,19191,20034,22226,27017,27374,27665,28784,30718,31337,32764,32768,32771,33333,35871,37172,38903,39991,39992,40096,46144,46824,49400,50000,50030,50060,50070,50075,50090,51080,51443,53050,54320,58847,60000,60010,60030,60148,60365,62078,63148'
full='1-65535'
udp='53,67,123,137,161,500,523,1434,1604,2302,3478,3671,4070,5353,6481,17185,31337,44818,47808'
yesping='-sP -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,49152'
noping='-Pn'

echo
echo -n "Perform ping scan? (y/N) "
read discping

if [ "$discping" == "y" ]; then
pingscans=$yesping
else
pingscans=$noping
fi

echo
echo -n "Perform full TCP port scan? (y/N) "
read scan

if [ "$scan" == "y" ]; then
tcp=$full
else
tcp=$custom
fi

echo
echo -n "Perform version detection? (y/N) "
read vdetection

if [ "$vdetection" == "y" ]; then
S='sSV'
U='sUV'
else
S='sS'
U='sU'
fi

echo
echo -n "Set scan delay. (0-5, enter for normal) "
read delay

Check for no answer

if [[ -z $delay ]]; then
delay='0'
fi

if [ $delay -lt 0 ] || [ $delay -gt 5 ]; then
f_error
fi

echo
echo $medium

nmap -iL $location --excludefile $excludefile -n -$S -$U $pingscans -p T:$tcp,U:$udp --max-retries 3 --min-rtt-timeout 100ms --max-rtt-timeout $maxrtt --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --open --stats-every 10s -g $sourceport --scan-delay $delay -oA $name/nmap

x=$(grep '(0 hosts up)' $name/nmap.nmap)

if [[ -n $x ]]; then
rm -rf "$name" tmp
echo
echo $medium
echo
echo "_Scan complete._"
echo
echo
echo -e "\x1B[1;33m[*] No live hosts were found.\x1B[0m"
echo
echo
exit
fi

Clean up

egrep -v '(0000:|0010:|0020:|0030:|0040:|0050:|0060:|0070:|0080:|0090:|00a0:|00b0:|00c0:|00d0:|1 hop|closed|guesses|GUESSING|filtered|fingerprint|FINGERPRINT|general purpose|initiated|latency|Network Distance|No exact OS|No OS matches|OS:|OS CPE|Please report|RTTVAR|scanned in|SF|unreachable|Warning|WARNING)' $name/nmap.nmap | sed 's/Nmap scan report for //' | sed '/^$/! b end; n; /^$/d; : end' > $name/nmap.txt

grep -o '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' $name/nmap.nmap | $sip > $name/hosts.txt
hosts=$(wc -l $name/hosts.txt | cut -d ' ' -f1)

grep 'open' $name/nmap.txt | grep -v 'WARNING' | awk '{print $1}' | sort -un > $name/ports.txt
grep 'tcp' $name/ports.txt | cut -d '/' -f1 > $name/ports-tcp.txt
grep 'udp' $name/ports.txt | cut -d '/' -f1 > $name/ports-udp.txt

grep 'open' $name/nmap.txt | grep -v 'really open' | awk '{for (i=4;i<=NF;i++) {printf "%s%s",sep, $i;sep=" "}; printf "\n"}' | sed 's/^ //' | sort -u | sed '/^$/d' > $name/banners.txt

for i in $(cat $name/ports-tcp.txt); do
TCPPORT=$i
cat $name/nmap.gnmap | grep " $i/open/tcp//http/| $i/open/tcp//http-alt/| $i/open/tcp//http-proxy/| $i/open/tcp//appserv-http/" |
sed -e 's/Host: //g' -e 's/ (.//g' -e 's.^.http://.g' -e "s/$/:$i/g" | $sip >> tmp
cat $name/nmap.gnmap | grep " $i/open/tcp//https/| $i/open/tcp//https-alt/| $i/open/tcp//ssl|giop/| $i/open/tcp//ssl|http/| $i/open/tcp//ssl|unknown/" |
sed -e 's/Host: //g' -e 's/ (.
//g' -e 's.^.https://.g' -e "s/$/:$i/g" | $sip >> tmp2
done

sed 's/http:////g' tmp > $name/http.txt
sed 's/https:////g' tmp2 > $name/https.txt

Remove all empty files

find $name/ -type f -empty -exec rm {} +
}`

@L1ghtn1ng
Copy link
Collaborator

Thanks for the idea, PRs are welcome if you want to do that? otherwise will see about getting the task assigned.

@ifrane
Copy link
Author

ifrane commented Jul 27, 2016

ok perhaps the PR route makes the most sense. I'm completely new to posting
on GitHub so forgive my mistakes.

I'll make the request

On Wed, Jul 27, 2016 at 3:26 PM, J.Townsend notifications@github.com
wrote:

Thanks for the idea, PRs are welcome if you want to do that? otherwise
will see about getting the task assigned.


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#75 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ATu2fglwQrvouXtrzvcMKC1bIuU61Yhgks5qZ80UgaJpZM4JWoUr
.

@L1ghtn1ng
Copy link
Collaborator

In the notes section there is a git.txt
I would recommend you read that as that would be useful for you.

@leebaird
Copy link
Owner

leebaird commented Aug 1, 2016

The -Pn switch is already in use. This is also the default behavior the Nexpose uses.

@leebaird leebaird closed this as completed Aug 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants