Network Scan

Automatic Network Scan

Mynmap

Here's a very simple bash script I made myself. It is designed to automate the configuration and execution of port scans on a specified domain or IP address. The code is written to be run on Linux systems and requires the Nmap package to function correctly.

Usage

Mandatory arguments:

-t, --target <TARGET_IP>     #The IP address of the target to scan.
-d, --domain <DOMAIN_NAME>   #The domain name of the target to scan.

Optional arguments:

-nc, --no-colors             #Disable console coloring.

Examples:

./port-scan.sh -t 192.168.1.1 -d mydomain.com
./port-scan.sh -t 10.0.0.2 -d mydomain.com --no-colors

NmapAutomator

The main goal for this script is to automate the process of enumeration and recon that is run every time, and instead focus our attention on real pentesting.

Manual Network Scan

Nmap

Nmap large scan

nmap -sVC -sS -sU -T4 -p- <IP_RANGE> -oG output.txt

Grep nmap output to search for live hosts

grep Up ping-sweep.txt | cut -d " " -f 2

Search for nse script for nmap:

cd /usr/share/nmap/scripts/
head -n 5 script.db
cat script.db  | grep '"vuln"\|"exploit"'

Use --script vuln to run all scripts in the "vuln" category against a target in the PWK labs:

sudo nmap --script vuln 10.11.1.10

Netcat

Netcat UDP scan

nc -nv -u -z -w 1 10.11.1.0/24 1-65535

Netcat TCP scan

nc -nvv -w 1 -z 10.11.1.0/24 1-65535

Masscan

Masscan

sudo masscan -p80 10.11.1.0/24 --rate=1000 -e tap0 --router-ip 10.11.0.1

Last updated