003random/003Recon

Why not apt-get install nmap ?

Chan9390 opened this issue · 8 comments

From the commands in install.sh, it is visible that you are downloading the source code of nmap and then locally building it.
(IMHO It is really waste of time if the system already has latest version of nmap.)

Compiling nmap requires gcc and other libraries like OpenSSL and LibSSH2. Instead of going to hard way, why not just sudo apt-get install nmap ?

That is a good one! I will consider this and probably push a fix later this week.
Thanks again!

@003random First of all Thank you very much for providing such a nice tool...
Please, in future enhancements i wanna look the tool , it should be as:

  1. First it should collect subdomains via fierce-subdomain-scanner,domained (it will be good if SecLists could be added in the subdomains.txt of domained tools like sublis3tr etc).

2.Second step should be removal of duplicates
3. Now use alive-host tool to check for online available targets.
4.Now use of CMSmap to check for the common web app like wordpress etc. collect all these special ones in one .txt and send it to testing via wpforce etc.
5.Now use Nmap to check for services
6. Open redirects & CORS misconfig.
7.Banner grabbing etc

Result of each tool should be saved in txt file.
I hope you'll consider it for future enhancements.

Sincerely,

Hey @attacker420.
Thanks for the ideas.
Unfortunately i don't have time right now to implement those ideas.
You could also do it yourself and send a PR :)
But for now, i just don't have enough time to do it.

@Chan9390 I think what @003random has done with installing nmap is good enough. The issue with using apt-get install nmap is you won't be getting the latest version of Nmap. But cloning it from the source code lets you gives you latest version of Nmap.

Hey @rewanth1997 I agree, but how about the scenario where nmap is already installed in the base machine ? It might create some error during installation.

@Chan9390 I added a PR which fixes the issue you stated above.

Hey all.
Thanks for all the good ideas and the nice discussion.
I have come to the conclusion that i'm going to keep it how it was.
The PR i received gave some errors, and after reconsideration, i think it is fine (for now) to just install a new version in the dependencies folder. i also stated in the readme file that if there were already tools install that the user could just simply edit the variable in the recon.sh file that contains the path to the dependency.
Thanks guys :)

There no point in wasting time in cloning and installing nmap if its already exists on the system. Can u paste the error here, so that we can try to fix it @003random .