RomanNum3ral
/
AutoRecon
mirror of https://github.com/Tib3rius/AutoRecon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed bug with run_once. 

Added xml directory in scandir for XML output.
Modified commands to ouput XML to the new xml directory.
This commit is contained in:
Tib3rius 2019-03-22 19:29:42 -04:00
parent a45c14aa5e
commit 679ea05457
3 changed files with 36 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
autorecon.py
View File

@ -400,7 +400,7 @@ async def scan_services(loop, semaphore, target):
continue continue
if 'run_once' in service_scans_config[service_scan]['scans'][scan] and service_scans_config[service_scan]['scans'][scan]['run_once'] == True: if 'run_once' in service_scans_config[service_scan]['scans'][scan] and service_scans_config[service_scan]['scans'][scan]['run_once'] == True:
scan_tuple = (service, scan) scan_tuple = (scan,)
if scan_tuple in target.scans: if scan_tuple in target.scans:
warn(Fore.YELLOW + '[' + Style.BRIGHT + tag + ' on ' + address + Style.NORMAL + '] Scan should only be run once and it appears to have already been queued. Skipping.' + Fore.RESET) warn(Fore.YELLOW + '[' + Style.BRIGHT + tag + ' on ' + address + Style.NORMAL + '] Scan should only be run once and it appears to have already been queued. Skipping.' + Fore.RESET)
continue continue
@ -440,6 +440,8 @@ def scan_host(target, concurrent_scans):
target.scandir = scandir target.scandir = scandir
os.makedirs(scandir, exist_ok=True) os.makedirs(scandir, exist_ok=True)
os.makedirs(os.path.abspath(os.path.join(scandir, 'xml')), exist_ok=True)
open(os.path.abspath(os.path.join(reportdir, 'local.txt')), 'a').close() open(os.path.abspath(os.path.join(reportdir, 'local.txt')), 'a').close()
open(os.path.abspath(os.path.join(reportdir, 'proof.txt')), 'a').close() open(os.path.abspath(os.path.join(reportdir, 'proof.txt')), 'a').close()

12
port-scan-profiles.toml
View File

@ -3,19 +3,19 @@
[default.nmap-quick] [default.nmap-quick]
[default.nmap-quick.service-detection] [default.nmap-quick.service-detection]
command = 'nmap -vv --reason -Pn -sV -sC --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/_quick_tcp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV -sC --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}'
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$' pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
[default.nmap-full-tcp] [default.nmap-full-tcp]
[default.nmap-full-tcp.service-detection] [default.nmap-full-tcp.service-detection]
command = 'nmap -vv --reason -Pn -A --osscan-guess --version-all -p- -oN "{scandir}/_full_tcp_nmap.txt" -oX "{scandir}/_full_tcp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -A --osscan-guess --version-all -p- -oN "{scandir}/_full_tcp_nmap.txt" -oX "{scandir}/xml/_full_tcp_nmap.xml" {address}'
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$' pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
[default.nmap-top-20-udp] [default.nmap-top-20-udp]
[default.nmap-top-20-udp.service-detection] [default.nmap-top-20-udp.service-detection]
command = 'nmap -vv --reason -Pn -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/_top_20_udp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$' pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
[quick] [quick]
@ -23,13 +23,13 @@
[quick.nmap-quick] [quick.nmap-quick]
[quick.nmap-quick.service-detection] [quick.nmap-quick.service-detection]
command = 'nmap -vv --reason -Pn -sV --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/_quick_tcp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}'
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$' pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
[quick.nmap-top-20-udp] [quick.nmap-top-20-udp]
[quick.nmap-top-20-udp.service-detection] [quick.nmap-top-20-udp.service-detection]
command = 'nmap -vv --reason -Pn -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/_top_20_udp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$' pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
[udp] [udp]
@ -41,5 +41,5 @@
pattern = '^UDP open\s*[\w-]+\[\s*(?P<port>\d+)\].*$' pattern = '^UDP open\s*[\w-]+\[\s*(?P<port>\d+)\].*$'
[udp.udp-top-20.service-detection] [udp.udp-top-20.service-detection]
command = 'nmap -vv --reason -Pn -sU -A -p {ports} --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/_top_20_udp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sU -A -p {ports} --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
pattern = '^(?P<port>\d+)\/(?P<protocol>(udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$' pattern = '^(?P<port>\d+)\/(?P<protocol>(udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'

54
service-scans.toml
View File

@ -11,7 +11,7 @@ service-names = [
[cassandra.scans] [cassandra.scans]
[cassandra.scans.nmap-cassandra] [cassandra.scans.nmap-cassandra]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(cassandra* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cassandra_nmap.txt" -oX "{scandir}/{protocol}_{port}_cassandra_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(cassandra* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cassandra_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_cassandra_nmap.xml" {address}'
[cups] [cups]
@ -22,7 +22,7 @@ service-names = [
[cups.scans] [cups.scans]
[cups.scans.nmap-cups] [cups.scans.nmap-cups]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(cups* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cups_nmap.txt" -oX "{scandir}/{protocol}_{port}_cups_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(cups* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cups_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_cups_nmap.xml" {address}'
[dns] [dns]
@ -33,7 +33,7 @@ service-names = [
[dns.scans] [dns.scans]
[dns.scans.nmap-dns] [dns.scans.nmap-dns]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_dns_nmap.txt" -oX "{scandir}/{protocol}_{port}_dns_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_dns_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_dns_nmap.xml" {address}'
[ftp] [ftp]
@ -45,7 +45,7 @@ service-names = [
[ftp.scans] [ftp.scans]
[ftp.scans.nmap-ftp] [ftp.scans.nmap-ftp]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ftp_nmap.txt" -oX "{scandir}/{protocol}_{port}_ftp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ftp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ftp_nmap.xml" {address}'
[ftp.manual] [ftp.manual]
@ -69,7 +69,7 @@ ignore-service-names = [
[http.scans] [http.scans]
[http.scans.nmap-http] [http.scans.nmap-http]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(http* or ssl*) and not (broadcast or dos or external or http-slowloris* or fuzzer)" -oN "{scandir}/{protocol}_{port}_http_nmap.txt" -oX "{scandir}/{protocol}_{port}_{scheme}_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(http* or ssl*) and not (broadcast or dos or external or http-slowloris* or fuzzer)" -oN "{scandir}/{protocol}_{port}_http_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_{scheme}_nmap.xml" {address}'
[http.scans.curl-index] [http.scans.curl-index]
command = 'curl -sSik {scheme}://{address}:{port}/ -m 10 -o "{scandir}/{protocol}_{port}_{scheme}_index.html"' command = 'curl -sSik {scheme}://{address}:{port}/ -m 10 -o "{scandir}/{protocol}_{port}_{scheme}_index.html"'
@ -133,7 +133,7 @@ service-names = [
[imap.scans] [imap.scans]
[imap.scans.nmap-imap] [imap.scans.nmap-imap]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(imap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_imap_nmap.txt" -oX "{scandir}/{protocol}_{port}_imap_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(imap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_imap_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_imap_nmap.xml" {address}'
[kerberos] [kerberos]
@ -144,7 +144,7 @@ service-names = [
[kerberos.scans] [kerberos.scans]
[kerberos.scans.nmap-kerberos] [kerberos.scans.nmap-kerberos]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=krb5-enum-users -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/{protocol}_{port}_kerberos_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=krb5-enum-users -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}'
[ldap] [ldap]
@ -155,7 +155,7 @@ service-names = [
[ldap.scans] [ldap.scans]
[ldap.scans.nmap-ldap] [ldap.scans.nmap-ldap]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ldap_nmap.txt" -oX "{scandir}/{protocol}_{port}_ldap_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ldap_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ldap_nmap.xml" {address}'
[ldap.scans.enum4linux] [ldap.scans.enum4linux]
command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"' command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"'
@ -172,7 +172,7 @@ service-names = [
[mongodb.scans] [mongodb.scans]
[mongodb.scans.nmap-mongodb] [mongodb.scans.nmap-mongodb]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="mongodb*" -oN "{scandir}/{protocol}_{port}_mongodb_nmap.txt" -oX "{scandir}/{protocol}_{port}_mongodb_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="mongodb*" -oN "{scandir}/{protocol}_{port}_mongodb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mongodb_nmap.xml" {address}'
[mssql] [mssql]
@ -184,7 +184,7 @@ service-names = [
[mssql.scans] [mssql.scans]
[mssql.scans.nmap-mssql] [mssql.scans.nmap-mssql]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=mssql.instance-port={port},mssql.username=sa,mssql.password=sa -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/{protocol}_{port}_mssql_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=mssql.instance-port={port},mssql.username=sa,mssql.password=sa -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mssql_nmap.xml" {address}'
[mssql.manual] [mssql.manual]
@ -203,7 +203,7 @@ service-names = [
[mysql.scans] [mysql.scans]
[mysql.scans.nmap-mysql] [mysql.scans.nmap-mysql]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_mysql_nmap.txt" -oX "{scandir}/{protocol}_{port}_mysql_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_mysql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mysql_nmap.xml" {address}'
[nfs] [nfs]
@ -215,7 +215,7 @@ service-names = [
[nfs.scans] [nfs.scans]
[nfs.scans.nmap-nfs] [nfs.scans.nmap-nfs]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_nfs_nmap.txt" -oX "{scandir}/{protocol}_{port}_nfs_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_nfs_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_nfs_nmap.xml" {address}'
[oracle] [oracle]
@ -226,7 +226,7 @@ service-names = [
[oracle.scans] [oracle.scans]
[oracle.scans.nmap-oracle] [oracle.scans.nmap-oracle]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_oracle_nmap.txt" -oX "{scandir}/{protocol}_{port}_oracle_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_oracle_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_nmap.xml" {address}'
[pop3] [pop3]
@ -237,7 +237,7 @@ service-names = [
[pop3.scans] [pop3.scans]
[pop3.scans.nmap-pop3] [pop3.scans.nmap-pop3]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(pop3* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_pop3_nmap.txt" -oX "{scandir}/{protocol}_{port}_pop3_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(pop3* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_pop3_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_pop3_nmap.xml" {address}'
[rdp] [rdp]
@ -250,7 +250,7 @@ service-names = [
[rdp.scans] [rdp.scans]
[rdp.scans.nmap-rdp] [rdp.scans.nmap-rdp]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(rdp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_rdp_nmap.txt" -oX "{scandir}/{protocol}_{port}_rdp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(rdp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_rdp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rdp_nmap.xml" {address}'
[rdp.manual] [rdp.manual]
@ -270,7 +270,7 @@ service-names = [
[rmi.scans] [rmi.scans]
[rmi.scans.nmap-rmi] [rmi.scans.nmap-rmi]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=rmi-vuln-classloader,rmi-dumpregistry -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/{protocol}_{port}_rmi_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=rmi-vuln-classloader,rmi-dumpregistry -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rmi_nmap.xml" {address}'
[rpc] [rpc]
@ -283,7 +283,7 @@ service-names = [
[msrpc.scans] [msrpc.scans]
[msrpc.scans.nmap-msrpc] [msrpc.scans.nmap-msrpc]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=msrpc-enum,rpc-grind,rpcinfo -oN "{scandir}/{protocol}_{port}_rpc_nmap.txt" -oX "{scandir}/{protocol}_{port}_rpc_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=msrpc-enum,rpc-grind,rpcinfo -oN "{scandir}/{protocol}_{port}_rpc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rpc_nmap.xml" {address}'
[ssh] [ssh]
@ -294,7 +294,7 @@ service-names = [
[ssh.scans] [ssh.scans]
[ssh.scans.nmap-ssh] [ssh.scans.nmap-ssh]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN "{scandir}/{protocol}_{port}_ssh_nmap.txt" -oX "{scandir}/{protocol}_{port}_ssh_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN "{scandir}/{protocol}_{port}_ssh_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ssh_nmap.xml" {address}'
[ssh.manual] [ssh.manual]
@ -315,7 +315,7 @@ service-names = [
[smb.scans] [smb.scans]
[smb.scans.nmap-smb] [smb.scans.nmap-smb]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/{protocol}_{port}_smb_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}'
[smb.scans.enum4linux] [smb.scans.enum4linux]
command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"' command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"'
@ -338,9 +338,9 @@ service-names = [
[smb.manual.smb-vulns] [smb.manual.smb-vulns]
description = 'Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:' description = 'Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:'
commands = [ commands = [
'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms06-025" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/{protocol}_{port}_smb_ms06-025.xml" {address}', 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms06-025" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms07-029" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/{protocol}_{port}_smb_ms07-029.xml" {address}', 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms07-029" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms08-067" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/{protocol}_{port}_smb_ms08-067.xml" {address}' 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms08-067" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
] ]
[smtp] [smtp]
@ -352,7 +352,7 @@ service-names = [
[smtp.scans] [smtp.scans]
[smtp.scans.nmap-smtp] [smtp.scans.nmap-smtp]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/{protocol}_{port}_smtp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smtp_nmap.xml" {address}'
[smtp.scans.smtp-user-enum] [smtp.scans.smtp-user-enum]
command = 'smtp-user-enum -M VRFY -U "{username_wordlist}" -t {address} -p {port} 2>&1 | tee "{scandir}/{protocol}_{port}_smtp_user-enum.txt"' command = 'smtp-user-enum -M VRFY -U "{username_wordlist}" -t {address} -p {port} 2>&1 | tee "{scandir}/{protocol}_{port}_smtp_user-enum.txt"'
@ -366,7 +366,7 @@ service-names = [
[snmp.scans] [snmp.scans]
[snmp.scans.nmap-snmp] [snmp.scans.nmap-snmp]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_snmp-nmap.txt" -oX "{scandir}/{protocol}_{port}_snmp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_snmp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_snmp_nmap.xml" {address}'
[snmp.scans.onesixtyone] [snmp.scans.onesixtyone]
command = 'onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt -dd -o "{scandir}/{protocol}_{port}_snmp_onesixtyone.txt" {address}' command = 'onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt -dd -o "{scandir}/{protocol}_{port}_snmp_onesixtyone.txt" {address}'
@ -422,7 +422,7 @@ service-names = [
[telnet.scans] [telnet.scans]
[telnet.scans.nmap-telnet] [telnet.scans.nmap-telnet]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=telnet-encryption,telnet-ntlm-info -oN "{scandir}/{protocol}_{port}_telnet-nmap.txt" -oX "{scandir}/{protocol}_{port}_telnet_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=telnet-encryption,telnet-ntlm-info -oN "{scandir}/{protocol}_{port}_telnet-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_telnet_nmap.xml" {address}'
[tftp] [tftp]
@ -433,7 +433,7 @@ service-names = [
[tftp.scans] [tftp.scans]
[tftp.scans.nmap-tftp] [tftp.scans.nmap-tftp]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=tftp-enum -oN "{scandir}/{protocol}_{port}_tftp-nmap.txt" -oX "{scandir}/{protocol}_{port}_tftp_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=tftp-enum -oN "{scandir}/{protocol}_{port}_tftp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_tftp_nmap.xml" {address}'
[vnc] [vnc]
@ -444,4 +444,4 @@ service-names = [
[vnc.scans] [vnc.scans]
[vnc.scans.nmap-vnc] [vnc.scans.nmap-vnc]
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_vnc_nmap.txt" -oX "{scandir}/{protocol}_{port}_vnc_nmap.xml" {address}' command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_vnc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_vnc_nmap.xml" {address}'