Added --nmap and --nmap-append options to allow users to alter nmap scan options.
This commit is contained in:
Tib3rius
parent
679ea05457
commit
ead957b8c2
17
autorecon.py
17
autorecon.py
|
|
@ -20,7 +20,7 @@ import sys
|
||||||
import toml
|
import toml
|
||||||
|
|
||||||
verbose = 0
|
verbose = 0
|
||||||
nmap = ''
|
nmap = '-vv --reason -Pn'
|
||||||
srvname = ''
|
srvname = ''
|
||||||
port_scan_profile = None
|
port_scan_profile = None
|
||||||
|
|
||||||
|
|
@ -202,6 +202,7 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None
|
||||||
|
|
||||||
address = target.address
|
address = target.address
|
||||||
scandir = target.scandir
|
scandir = target.scandir
|
||||||
|
nmap_extra = nmap
|
||||||
|
|
||||||
ports = ''
|
ports = ''
|
||||||
if port_scan is not None:
|
if port_scan is not None:
|
||||||
|
|
@ -269,7 +270,6 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None
|
||||||
return {'returncode': process.returncode, 'name': 'run_portscan', 'services': services}
|
return {'returncode': process.returncode, 'name': 'run_portscan', 'services': services}
|
||||||
|
|
||||||
async def scan_services(loop, semaphore, target):
|
async def scan_services(loop, semaphore, target):
|
||||||
global nmap
|
|
||||||
address = target.address
|
address = target.address
|
||||||
scandir = target.scandir
|
scandir = target.scandir
|
||||||
pending = []
|
pending = []
|
||||||
|
|
@ -471,9 +471,12 @@ if __name__ == '__main__':
|
||||||
parser.add_argument('targets', action='store', help='IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan.', nargs="+")
|
parser.add_argument('targets', action='store', help='IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan.', nargs="+")
|
||||||
parser.add_argument('-ct', '--concurrent-targets', action='store', metavar='<number>', type=int, default=5, help='The maximum number of target hosts to scan concurrently. Default: %(default)s')
|
parser.add_argument('-ct', '--concurrent-targets', action='store', metavar='<number>', type=int, default=5, help='The maximum number of target hosts to scan concurrently. Default: %(default)s')
|
||||||
parser.add_argument('-cs', '--concurrent-scans', action='store', metavar='<number>', type=int, default=10, help='The maximum number of scans to perform per target host. Default: %(default)s')
|
parser.add_argument('-cs', '--concurrent-scans', action='store', metavar='<number>', type=int, default=10, help='The maximum number of scans to perform per target host. Default: %(default)s')
|
||||||
parser.add_argument('--profile', action='store', default='default', help='The port scanning profile to use (defined in port-scan-profiles.toml).')
|
parser.add_argument('--profile', action='store', default='default', help='The port scanning profile to use (defined in port-scan-profiles.toml). Default: %(default)s')
|
||||||
parser.add_argument('-v', '--verbose', action='count', default=0, help='enable verbose output, repeat for more verbosity')
|
parser.add_argument('-o', '--output', action='store', default='results', help='The output directory for results. Default: %(default)s')
|
||||||
parser.add_argument('-o', '--output', action='store', default='results', help='output directory for the results')
|
nmap_group = parser.add_mutually_exclusive_group()
|
||||||
|
nmap_group.add_argument('--nmap', action='store', default='-vv --reason -Pn', help='Override the {nmap_extra} variable in scans. Default: %(default)s')
|
||||||
|
nmap_group.add_argument('--nmap-append', action='store', default='', help='Append to the default {nmap_extra} variable in scans.')
|
||||||
|
parser.add_argument('-v', '--verbose', action='count', default=0, help='Enable verbose output. Repeat for more verbosity.')
|
||||||
parser.add_argument('--disable-sanity-checks', action='store_true', default=False, help='Disable sanity checks that would otherwise prevent the scans from running.')
|
parser.add_argument('--disable-sanity-checks', action='store_true', default=False, help='Disable sanity checks that would otherwise prevent the scans from running.')
|
||||||
parser.error = lambda s: fail(s[0].upper() + s[1:])
|
parser.error = lambda s: fail(s[0].upper() + s[1:])
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
@ -535,6 +538,10 @@ if __name__ == '__main__':
|
||||||
error('Argument --profile: must reference a port scan profile defined in {port_scan_profiles_config_file}. No such profile found: {port_scan_profile}')
|
error('Argument --profile: must reference a port scan profile defined in {port_scan_profiles_config_file}. No such profile found: {port_scan_profile}')
|
||||||
errors = True
|
errors = True
|
||||||
|
|
||||||
|
nmap = args.nmap
|
||||||
|
if args.nmap_append:
|
||||||
|
nmap += " " + args.nmap_append
|
||||||
|
|
||||||
outdir = args.output
|
outdir = args.output
|
||||||
srvname = ''
|
srvname = ''
|
||||||
verbose = args.verbose
|
verbose = args.verbose
|
||||||
|
|
|
||||||
|
|
@ -3,19 +3,19 @@
|
||||||
[default.nmap-quick]
|
[default.nmap-quick]
|
||||||
|
|
||||||
[default.nmap-quick.service-detection]
|
[default.nmap-quick.service-detection]
|
||||||
command = 'nmap -vv --reason -Pn -sV -sC --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -sC --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}'
|
||||||
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
||||||
|
|
||||||
[default.nmap-full-tcp]
|
[default.nmap-full-tcp]
|
||||||
|
|
||||||
[default.nmap-full-tcp.service-detection]
|
[default.nmap-full-tcp.service-detection]
|
||||||
command = 'nmap -vv --reason -Pn -A --osscan-guess --version-all -p- -oN "{scandir}/_full_tcp_nmap.txt" -oX "{scandir}/xml/_full_tcp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -A --osscan-guess --version-all -p- -oN "{scandir}/_full_tcp_nmap.txt" -oX "{scandir}/xml/_full_tcp_nmap.xml" {address}'
|
||||||
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
||||||
|
|
||||||
[default.nmap-top-20-udp]
|
[default.nmap-top-20-udp]
|
||||||
|
|
||||||
[default.nmap-top-20-udp.service-detection]
|
[default.nmap-top-20-udp.service-detection]
|
||||||
command = 'nmap -vv --reason -Pn -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
|
||||||
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
||||||
|
|
||||||
[quick]
|
[quick]
|
||||||
|
|
@ -23,13 +23,13 @@
|
||||||
[quick.nmap-quick]
|
[quick.nmap-quick]
|
||||||
|
|
||||||
[quick.nmap-quick.service-detection]
|
[quick.nmap-quick.service-detection]
|
||||||
command = 'nmap -vv --reason -Pn -sV --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV --version-all -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}'
|
||||||
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
||||||
|
|
||||||
[quick.nmap-top-20-udp]
|
[quick.nmap-top-20-udp]
|
||||||
|
|
||||||
[quick.nmap-top-20-udp.service-detection]
|
[quick.nmap-top-20-udp.service-detection]
|
||||||
command = 'nmap -vv --reason -Pn -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sU -A --top-ports=20 --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
|
||||||
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
||||||
|
|
||||||
[udp]
|
[udp]
|
||||||
|
|
@ -41,5 +41,5 @@
|
||||||
pattern = '^UDP open\s*[\w-]+\[\s*(?P<port>\d+)\].*$'
|
pattern = '^UDP open\s*[\w-]+\[\s*(?P<port>\d+)\].*$'
|
||||||
|
|
||||||
[udp.udp-top-20.service-detection]
|
[udp.udp-top-20.service-detection]
|
||||||
command = 'nmap -vv --reason -Pn -sU -A -p {ports} --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sU -A -p {ports} --version-all -oN "{scandir}/_top_20_udp_nmap.txt" -oX "{scandir}/xml/_top_20_udp_nmap.xml" {address}'
|
||||||
pattern = '^(?P<port>\d+)\/(?P<protocol>(udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
pattern = '^(?P<port>\d+)\/(?P<protocol>(udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ service-names = [
|
||||||
[cassandra.scans]
|
[cassandra.scans]
|
||||||
|
|
||||||
[cassandra.scans.nmap-cassandra]
|
[cassandra.scans.nmap-cassandra]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(cassandra* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cassandra_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_cassandra_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(cassandra* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cassandra_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_cassandra_nmap.xml" {address}'
|
||||||
|
|
||||||
[cups]
|
[cups]
|
||||||
|
|
||||||
|
|
@ -22,7 +22,7 @@ service-names = [
|
||||||
[cups.scans]
|
[cups.scans]
|
||||||
|
|
||||||
[cups.scans.nmap-cups]
|
[cups.scans.nmap-cups]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(cups* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cups_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_cups_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(cups* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cups_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_cups_nmap.xml" {address}'
|
||||||
|
|
||||||
[dns]
|
[dns]
|
||||||
|
|
||||||
|
|
@ -33,7 +33,7 @@ service-names = [
|
||||||
[dns.scans]
|
[dns.scans]
|
||||||
|
|
||||||
[dns.scans.nmap-dns]
|
[dns.scans.nmap-dns]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_dns_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_dns_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_dns_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_dns_nmap.xml" {address}'
|
||||||
|
|
||||||
[ftp]
|
[ftp]
|
||||||
|
|
||||||
|
|
@ -45,7 +45,7 @@ service-names = [
|
||||||
[ftp.scans]
|
[ftp.scans]
|
||||||
|
|
||||||
[ftp.scans.nmap-ftp]
|
[ftp.scans.nmap-ftp]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ftp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ftp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(ftp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ftp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ftp_nmap.xml" {address}'
|
||||||
|
|
||||||
[ftp.manual]
|
[ftp.manual]
|
||||||
|
|
||||||
|
|
@ -69,7 +69,7 @@ ignore-service-names = [
|
||||||
[http.scans]
|
[http.scans]
|
||||||
|
|
||||||
[http.scans.nmap-http]
|
[http.scans.nmap-http]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(http* or ssl*) and not (broadcast or dos or external or http-slowloris* or fuzzer)" -oN "{scandir}/{protocol}_{port}_http_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_{scheme}_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(http* or ssl*) and not (broadcast or dos or external or http-slowloris* or fuzzer)" -oN "{scandir}/{protocol}_{port}_http_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_{scheme}_nmap.xml" {address}'
|
||||||
|
|
||||||
[http.scans.curl-index]
|
[http.scans.curl-index]
|
||||||
command = 'curl -sSik {scheme}://{address}:{port}/ -m 10 -o "{scandir}/{protocol}_{port}_{scheme}_index.html"'
|
command = 'curl -sSik {scheme}://{address}:{port}/ -m 10 -o "{scandir}/{protocol}_{port}_{scheme}_index.html"'
|
||||||
|
|
@ -133,7 +133,7 @@ service-names = [
|
||||||
[imap.scans]
|
[imap.scans]
|
||||||
|
|
||||||
[imap.scans.nmap-imap]
|
[imap.scans.nmap-imap]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(imap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_imap_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_imap_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(imap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_imap_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_imap_nmap.xml" {address}'
|
||||||
|
|
||||||
[kerberos]
|
[kerberos]
|
||||||
|
|
||||||
|
|
@ -144,7 +144,7 @@ service-names = [
|
||||||
[kerberos.scans]
|
[kerberos.scans]
|
||||||
|
|
||||||
[kerberos.scans.nmap-kerberos]
|
[kerberos.scans.nmap-kerberos]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=krb5-enum-users -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script=krb5-enum-users -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}'
|
||||||
|
|
||||||
[ldap]
|
[ldap]
|
||||||
|
|
||||||
|
|
@ -155,7 +155,7 @@ service-names = [
|
||||||
[ldap.scans]
|
[ldap.scans]
|
||||||
|
|
||||||
[ldap.scans.nmap-ldap]
|
[ldap.scans.nmap-ldap]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ldap_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ldap_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_ldap_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ldap_nmap.xml" {address}'
|
||||||
|
|
||||||
[ldap.scans.enum4linux]
|
[ldap.scans.enum4linux]
|
||||||
command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"'
|
command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"'
|
||||||
|
|
@ -172,7 +172,7 @@ service-names = [
|
||||||
[mongodb.scans]
|
[mongodb.scans]
|
||||||
|
|
||||||
[mongodb.scans.nmap-mongodb]
|
[mongodb.scans.nmap-mongodb]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="mongodb*" -oN "{scandir}/{protocol}_{port}_mongodb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mongodb_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="mongodb*" -oN "{scandir}/{protocol}_{port}_mongodb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mongodb_nmap.xml" {address}'
|
||||||
|
|
||||||
[mssql]
|
[mssql]
|
||||||
|
|
||||||
|
|
@ -184,7 +184,7 @@ service-names = [
|
||||||
[mssql.scans]
|
[mssql.scans]
|
||||||
|
|
||||||
[mssql.scans.nmap-mssql]
|
[mssql.scans.nmap-mssql]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=mssql.instance-port={port},mssql.username=sa,mssql.password=sa -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mssql_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=mssql.instance-port={port},mssql.username=sa,mssql.password=sa -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mssql_nmap.xml" {address}'
|
||||||
|
|
||||||
[mssql.manual]
|
[mssql.manual]
|
||||||
|
|
||||||
|
|
@ -203,7 +203,7 @@ service-names = [
|
||||||
[mysql.scans]
|
[mysql.scans]
|
||||||
|
|
||||||
[mysql.scans.nmap-mysql]
|
[mysql.scans.nmap-mysql]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_mysql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mysql_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_mysql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mysql_nmap.xml" {address}'
|
||||||
|
|
||||||
[nfs]
|
[nfs]
|
||||||
|
|
||||||
|
|
@ -215,7 +215,7 @@ service-names = [
|
||||||
[nfs.scans]
|
[nfs.scans]
|
||||||
|
|
||||||
[nfs.scans.nmap-nfs]
|
[nfs.scans.nmap-nfs]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_nfs_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_nfs_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_nfs_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_nfs_nmap.xml" {address}'
|
||||||
|
|
||||||
[oracle]
|
[oracle]
|
||||||
|
|
||||||
|
|
@ -226,7 +226,7 @@ service-names = [
|
||||||
[oracle.scans]
|
[oracle.scans]
|
||||||
|
|
||||||
[oracle.scans.nmap-oracle]
|
[oracle.scans.nmap-oracle]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_oracle_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_oracle_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_nmap.xml" {address}'
|
||||||
|
|
||||||
[pop3]
|
[pop3]
|
||||||
|
|
||||||
|
|
@ -237,7 +237,7 @@ service-names = [
|
||||||
[pop3.scans]
|
[pop3.scans]
|
||||||
|
|
||||||
[pop3.scans.nmap-pop3]
|
[pop3.scans.nmap-pop3]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(pop3* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_pop3_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_pop3_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(pop3* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_pop3_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_pop3_nmap.xml" {address}'
|
||||||
|
|
||||||
[rdp]
|
[rdp]
|
||||||
|
|
||||||
|
|
@ -250,7 +250,7 @@ service-names = [
|
||||||
[rdp.scans]
|
[rdp.scans]
|
||||||
|
|
||||||
[rdp.scans.nmap-rdp]
|
[rdp.scans.nmap-rdp]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(rdp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_rdp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rdp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(rdp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_rdp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rdp_nmap.xml" {address}'
|
||||||
|
|
||||||
[rdp.manual]
|
[rdp.manual]
|
||||||
|
|
||||||
|
|
@ -270,7 +270,7 @@ service-names = [
|
||||||
[rmi.scans]
|
[rmi.scans]
|
||||||
|
|
||||||
[rmi.scans.nmap-rmi]
|
[rmi.scans.nmap-rmi]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=rmi-vuln-classloader,rmi-dumpregistry -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rmi_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script=rmi-vuln-classloader,rmi-dumpregistry -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rmi_nmap.xml" {address}'
|
||||||
|
|
||||||
[rpc]
|
[rpc]
|
||||||
|
|
||||||
|
|
@ -283,7 +283,7 @@ service-names = [
|
||||||
[msrpc.scans]
|
[msrpc.scans]
|
||||||
|
|
||||||
[msrpc.scans.nmap-msrpc]
|
[msrpc.scans.nmap-msrpc]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=msrpc-enum,rpc-grind,rpcinfo -oN "{scandir}/{protocol}_{port}_rpc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rpc_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script=msrpc-enum,rpc-grind,rpcinfo -oN "{scandir}/{protocol}_{port}_rpc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rpc_nmap.xml" {address}'
|
||||||
|
|
||||||
[ssh]
|
[ssh]
|
||||||
|
|
||||||
|
|
@ -294,7 +294,7 @@ service-names = [
|
||||||
[ssh.scans]
|
[ssh.scans]
|
||||||
|
|
||||||
[ssh.scans.nmap-ssh]
|
[ssh.scans.nmap-ssh]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN "{scandir}/{protocol}_{port}_ssh_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ssh_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script=ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN "{scandir}/{protocol}_{port}_ssh_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ssh_nmap.xml" {address}'
|
||||||
|
|
||||||
[ssh.manual]
|
[ssh.manual]
|
||||||
|
|
||||||
|
|
@ -315,7 +315,7 @@ service-names = [
|
||||||
[smb.scans]
|
[smb.scans]
|
||||||
|
|
||||||
[smb.scans.nmap-smb]
|
[smb.scans.nmap-smb]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}'
|
||||||
|
|
||||||
[smb.scans.enum4linux]
|
[smb.scans.enum4linux]
|
||||||
command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"'
|
command = 'enum4linux -a -M -l -d {address} 2>&1 | tee "{scandir}/enum4linux.txt"'
|
||||||
|
|
@ -338,9 +338,9 @@ service-names = [
|
||||||
[smb.manual.smb-vulns]
|
[smb.manual.smb-vulns]
|
||||||
description = 'Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:'
|
description = 'Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:'
|
||||||
commands = [
|
commands = [
|
||||||
'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms06-025" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
|
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
|
||||||
'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms07-029" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
|
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
|
||||||
'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="smb-vuln-ms08-067" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
|
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
|
||||||
]
|
]
|
||||||
|
|
||||||
[smtp]
|
[smtp]
|
||||||
|
|
@ -352,7 +352,7 @@ service-names = [
|
||||||
[smtp.scans]
|
[smtp.scans]
|
||||||
|
|
||||||
[smtp.scans.nmap-smtp]
|
[smtp.scans.nmap-smtp]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smtp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smtp_nmap.xml" {address}'
|
||||||
|
|
||||||
[smtp.scans.smtp-user-enum]
|
[smtp.scans.smtp-user-enum]
|
||||||
command = 'smtp-user-enum -M VRFY -U "{username_wordlist}" -t {address} -p {port} 2>&1 | tee "{scandir}/{protocol}_{port}_smtp_user-enum.txt"'
|
command = 'smtp-user-enum -M VRFY -U "{username_wordlist}" -t {address} -p {port} 2>&1 | tee "{scandir}/{protocol}_{port}_smtp_user-enum.txt"'
|
||||||
|
|
@ -366,7 +366,7 @@ service-names = [
|
||||||
[snmp.scans]
|
[snmp.scans]
|
||||||
|
|
||||||
[snmp.scans.nmap-snmp]
|
[snmp.scans.nmap-snmp]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_snmp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_snmp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_snmp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_snmp_nmap.xml" {address}'
|
||||||
|
|
||||||
[snmp.scans.onesixtyone]
|
[snmp.scans.onesixtyone]
|
||||||
command = 'onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt -dd -o "{scandir}/{protocol}_{port}_snmp_onesixtyone.txt" {address}'
|
command = 'onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt -dd -o "{scandir}/{protocol}_{port}_snmp_onesixtyone.txt" {address}'
|
||||||
|
|
@ -422,7 +422,7 @@ service-names = [
|
||||||
[telnet.scans]
|
[telnet.scans]
|
||||||
|
|
||||||
[telnet.scans.nmap-telnet]
|
[telnet.scans.nmap-telnet]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=telnet-encryption,telnet-ntlm-info -oN "{scandir}/{protocol}_{port}_telnet-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_telnet_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script=telnet-encryption,telnet-ntlm-info -oN "{scandir}/{protocol}_{port}_telnet-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_telnet_nmap.xml" {address}'
|
||||||
|
|
||||||
[tftp]
|
[tftp]
|
||||||
|
|
||||||
|
|
@ -433,7 +433,7 @@ service-names = [
|
||||||
[tftp.scans]
|
[tftp.scans]
|
||||||
|
|
||||||
[tftp.scans.nmap-tftp]
|
[tftp.scans.nmap-tftp]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script=tftp-enum -oN "{scandir}/{protocol}_{port}_tftp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_tftp_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script=tftp-enum -oN "{scandir}/{protocol}_{port}_tftp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_tftp_nmap.xml" {address}'
|
||||||
|
|
||||||
[vnc]
|
[vnc]
|
||||||
|
|
||||||
|
|
@ -444,4 +444,4 @@ service-names = [
|
||||||
[vnc.scans]
|
[vnc.scans]
|
||||||
|
|
||||||
[vnc.scans.nmap-vnc]
|
[vnc.scans.nmap-vnc]
|
||||||
command = 'nmap -vv --reason -Pn -sV {nmap_extra} -p {port} --script="(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_vnc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_vnc_nmap.xml" {address}'
|
command = 'nmap {nmap_extra} -sV -p {port} --script="(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_vnc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_vnc_nmap.xml" {address}'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue