Port Scan

Tools

#Automate nmap -p- scan & service scan for only open ports)
ports=$(nmap -p- --min-rate=1000  -T4 10.10.10.161 | grep ^[0-9] | cut -d '/' -f1 | tr '\n' ',' | sed s/,$//) nmap -sC -sV -p$ports 10.10.10.161 

python3 threader.py

masscan -e tun0 -p1-65535,U:1-65535 10.10.10.116

#Powershell
Invoke-Portscan -Hosts <IP/Hostname> -SkipHostDicovery

nmap Automator

  1. Quick: Shows all open ports quickly (~15 seconds)

  2. Basic: Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes)

  3. UDP: Runs "Basic" on UDP ports (~5 minutes)

  4. Full: Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)

  5. Vulns: Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)

  6. Recon: Runs "Basic" scan "if not yet run", then suggests recon commands "i.e. gobuster, nikto, smbmap" based on the found ports, then prompts to automatically run them

  7. All: Runs all the scans consecutively (~20-30 minutes)

./nmapAutomator.sh <IP> All
PreviousRedisNextRPC

Last updated