adding option for no ping during port scan
Closed this issue · 4 comments
`f_scan(){
custom='1-1040,1050,1080,1099,1125,1158,1194,1214,1220,1344,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812,1813,1953,1959,2000,2002,2030,2049,2100,2121,2200,2202,2222,2301,2375,2381,2401,2433,2456,2500,2556,2628,2745,2780-2783,2947,3000,3001,3031,3121,3127,3128,3200,3201,3230-3235,3260,3268,3269,3306,3310, 3339,3389,3460,3500,3527,3632,3689,4000,4045,4100,4242,4369,4430,4443,4445,4661,4662,4711,4848,5000,5001,5009,5010,5019,5038,5040,5059,5060,5061,5101,5180,5190,5191,5192,5193,5250,5432,5554,5555,5560,5566,5631,5666,5672,5678,5800,5801,5802,5803,5804,5850,5900-6009,6101,6106,6112,6161,6346,6379,6588,6666,6667,6697,6777,7000,7001,7002,7070,7100,7210,7510,7634,7777,7778,8000,8001,8004,8005,8008,8009,8080,8081,8082,8083,8091,8098,8099,8100,8180,8181,8222,8332,8333,8383,8384,8400,8443,8444,8470-8480,8500,8787,8834,8866,8888,9090,9100,9101,9102,9160,9343,9470-9476,9480,9495,9996,9999,10000,10025,10168,11211,12000,12345,12346,13659,15000,16080,18181-18185,18207,18208,18231,18232,19150,19190,19191,20034,22226,27017,27374,27665,28784,30718,31337,32764,32768,32771,33333,35871,37172,38903,39991,39992,40096,46144,46824,49400,50000,50030,50060,50070,50075,50090,51080,51443,53050,54320,58847,60000,60010,60030,60148,60365,62078,63148'
full='1-65535'
udp='53,67,123,137,161,500,523,1434,1604,2302,3478,3671,4070,5353,6481,17185,31337,44818,47808'
yesping='-sP -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,49152'
noping='-Pn'
echo
echo -n "Perform ping scan? (y/N) "
read discping
if [ "$discping" == "y" ]; then
pingscans=$yesping
else
pingscans=$noping
fi
echo
echo -n "Perform full TCP port scan? (y/N) "
read scan
if [ "$scan" == "y" ]; then
tcp=$full
else
tcp=$custom
fi
echo
echo -n "Perform version detection? (y/N) "
read vdetection
if [ "$vdetection" == "y" ]; then
S='sSV'
U='sUV'
else
S='sS'
U='sU'
fi
echo
echo -n "Set scan delay. (0-5, enter for normal) "
read delay
Check for no answer
if [[ -z $delay ]]; then
delay='0'
fi
if [ $delay -lt 0 ] || [ $delay -gt 5 ]; then
f_error
fi
echo
echo $medium
nmap -iL $location --excludefile $excludefile -n -$S -$U $pingscans -p T:$tcp,U:$udp --max-retries 3 --min-rtt-timeout 100ms --max-rtt-timeout $maxrtt --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --open --stats-every 10s -g $sourceport --scan-delay $delay -oA $name/nmap
x=$(grep '(0 hosts up)' $name/nmap.nmap)
if [[ -n $x ]]; then
rm -rf "$name" tmp
echo
echo $medium
echo
echo "_Scan complete._"
echo
echo
echo -e "\x1B[1;33m[*] No live hosts were found.\x1B[0m"
echo
echo
exit
fi
Clean up
egrep -v '(0000:|0010:|0020:|0030:|0040:|0050:|0060:|0070:|0080:|0090:|00a0:|00b0:|00c0:|00d0:|1 hop|closed|guesses|GUESSING|filtered|fingerprint|FINGERPRINT|general purpose|initiated|latency|Network Distance|No exact OS|No OS matches|OS:|OS CPE|Please report|RTTVAR|scanned in|SF|unreachable|Warning|WARNING)'
grep -o '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' $name/nmap.nmap | $sip > $name/hosts.txt
hosts=$(wc -l $name/hosts.txt | cut -d ' ' -f1)
grep 'open' $name/nmap.txt | grep -v 'WARNING' | awk '{print $1}' | sort -un > $name/ports.txt
grep 'tcp' $name/ports.txt | cut -d '/' -f1 > $name/ports-tcp.txt
grep 'udp' $name/ports.txt | cut -d '/' -f1 > $name/ports-udp.txt
grep 'open' $name/nmap.txt | grep -v 'really open' | awk '{for (i=4;i<=NF;i++) {printf "%s%s",sep,
for i in $(cat $name/ports-tcp.txt); do
TCPPORT=$i
cat $name/nmap.gnmap | grep " $i/open/tcp//http/| $i/open/tcp//http-alt/| $i/open/tcp//http-proxy/| $i/open/tcp//appserv-http/" |
sed -e 's/Host: //g' -e 's/ (.//g' -e 's.^.http://.g' -e "s/$/:$i/g" | $sip >> tmp
cat $name/nmap.gnmap | grep " $i/open/tcp//https/| $i/open/tcp//https-alt/| $i/open/tcp//ssl|giop/| $i/open/tcp//ssl|http/| $i/open/tcp//ssl|unknown/" |
sed -e 's/Host: //g' -e 's/ (.//g' -e 's.^.https://.g' -e "s/$/:$i/g" | $sip >> tmp2
done
sed 's/http:////g' tmp > $name/http.txt
sed 's/https:////g' tmp2 > $name/https.txt
Remove all empty files
find $name/ -type f -empty -exec rm {} +
}`
Thanks for the idea, PRs are welcome if you want to do that? otherwise will see about getting the task assigned.
ok perhaps the PR route makes the most sense. I'm completely new to posting
on GitHub so forgive my mistakes.
I'll make the request
On Wed, Jul 27, 2016 at 3:26 PM, J.Townsend notifications@github.com
wrote:
Thanks for the idea, PRs are welcome if you want to do that? otherwise
will see about getting the task assigned.—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#75 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ATu2fglwQrvouXtrzvcMKC1bIuU61Yhgks5qZ80UgaJpZM4JWoUr
.
In the notes section there is a git.txt
I would recommend you read that as that would be useful for you.
The -Pn switch is already in use. This is also the default behavior the Nexpose uses.