GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → choupit0 → MassVulScan

choupit0 / MassVulScan

Licence: GPL-3.0 license
Bash script which quickly identifies open network ports and any associated vulnerabilities / Script Bash qui permet d'identifier rapidement les ports réseaux ouverts et les éventuelles vulnérabilités associées.

Programming Languages

shell
77523 projects
HTML
75241 projects
XSLT
1337 projects

Labels

debianscannernmapmasscansecurity-toolsvulners

Projects that are alternatives of or similar to MassVulScan

porteye
Detect alive host and open port .
Stars: ✭ 17 (-69.64%)
Mutual labels:  scanner, nmap, masscan
Unimap
Scan only once by IP address and reduce scan times with Nmap for large amounts of data.
Stars: ✭ 141 (+151.79%)
Mutual labels:  scanner, nmap
ivre
Network recon framework. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,712 (+4742.86%)
Mutual labels:  nmap, masscan
Pycurity
Python Security Scripts
Stars: ✭ 218 (+289.29%)
Mutual labels:  scanner, nmap
Nwatch
🔍 Tool for - Host Discovery, Port Scanning and Operating System Fingerprinting
Stars: ✭ 127 (+126.79%)
Mutual labels:  scanner, nmap
Penta
Open source all-in-one CLI tool to semi-automate pentesting.
Stars: ✭ 130 (+132.14%)
Mutual labels:  scanner, nmap
Bscan
an asynchronous target enumeration tool
Stars: ✭ 207 (+269.64%)
Mutual labels:  scanner, nmap
Legion
Automatic Enumeration Tool based in Open Source tools
Stars: ✭ 280 (+400%)
Mutual labels:  scanner, nmap
Mis-Comandos-Linux
📋 Lista descrita de mis 💯 comandos favoritos ⭐ en GNU/Linux 💻
Stars: ✭ 28 (-50%)
Mutual labels:  debian, nmap
N-WEB
WEB PENETRATION TESTING TOOL 💥
Stars: ✭ 56 (+0%)
Mutual labels:  scanner, nmap
Silver
Mass scan IPs for vulnerable services
Stars: ✭ 588 (+950%)
Mutual labels:  scanner, nmap
sgCheckup
sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.
Stars: ✭ 77 (+37.5%)
Mutual labels:  scanner, nmap
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+637.5%)
Mutual labels:  scanner, nmap
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+3157.14%)
Mutual labels:  scanner, nmap
Docker Onion Nmap
Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.
Stars: ✭ 345 (+516.07%)
Mutual labels:  scanner, nmap
Biu
网络资产发现、漏洞扫描
Stars: ✭ 199 (+255.36%)
Mutual labels:  scanner, nmap
MX1014
MX1014 is a flexible, lightweight and fast port scanner.
Stars: ✭ 79 (+41.07%)
Mutual labels:  scanner, nmap
NSE-scripts
NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (+87.5%)
Mutual labels:  scanner, nmap
Recon-X
Advanced Reconnaissance tool to enumerate attacking surface of the target.
Stars: ✭ 27 (-51.79%)
Mutual labels:  scanner, nmap
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+130.36%)
Mutual labels:  scanner, nmap
View All Similar Projects ➔

MassVulScan 👽 Version Francaise

Generic badge GPLv3 license Maintenance made-with-bash

Description

Bash script which combines the power of the Masscan scanner to find open ports, the efficiency of the Nmap scanner to identify open services and their version, and finally the NSE vulners.nse script to identify potential vulnerabilities (CVEs). An HTML report will be generated containing the result of the analysis as well as a TXT file allowing to focus on the vulnerable hosts.

Example Menu

Prerequisites

I invite you to read the file "requirements.txt" if you have difficulties. It will tell you how to install each of the prerequisites.

Otherwise, the script can install for you all the prerequisites. You have just to launch the script like this the first time:

(root or sudo) ./MassVulScan.sh --auto-installation-latest (latest packages of Nmap and Masscan ~5 minutes)

Or:

(root or sudo) ./MassVulScan.sh --auto-installation-apt (speedest but without the last versions ~1 minute)

Note about APT installation Warning, I detected an error with the APT version. There is a mistake of upstream. The Masscan version 1.0.5 tag points to a commit that still contains 1.0.4 as version. But this is the correct code for the 1.0.5 version. robertdavidgraham/masscan#566 (comment) (Thank you to https://github.com/rhertzog)

Only Debian OS family is currently compatible. This feature has been validated on the following 64bit OS (2 core CPU and 2GB RAM ~5 minutes with latest packages):

  • Debian 10.0
  • Elementary 5.0
  • LinuxMint 19.1
  • Ubuntu 19.04
  • Parrot 5.5.17 (HackTheBox / HTB)

How the script works?

The main steps of the script:

  1. Express identification of hosts that are online with nmap (optional)
  2. For each host, extremely fast identification of open TCP/UDP ports (masscan)
  3. The result is sorted to gather all ports and protocols to be scanned BY host (could be saved, optional)
  4. Identification of services and vulnerabilities with multiple sessions in parallel (nmap + vulners.nse), one session per host
  5. Generated reports: HTML report containing all the details on each host, vulnerable or not, and TXT file allowing to focus on hosts (potentially) vulnerable

The HTML report uses a bootstrap style sheet (https://github.com/honze-net/nmap-bootstrap-xsl) for more convenience.

How to use it?

All you have to do is indicate the file (-f | --include-file) containing a list of networks, IPs and/or hostnames to scan:

git clone https://github.com/choupit0/MassVulScan.git
cd MassVulScan
chmod +x MassVulScan.sh
(root user or sudo) ./MassVulScan.sh -f [input file]

List of available parameters/arguments:

Mandatory parameter:

-f | --include-file = File including IPv4 addresses (CIDR format) or hostnames to scan (one by line)

Optional parameters:

-x | --exclude-file = File including IPv4 addresses ONLY (CIDR format) to NOT scan (one by line)
-i | --interactive = Extra parameters: ports to scan, rate level and NSE script
-a | --all-ports = Scan all 65535 ports (TCP + UDP) at 2K pkts/sec with NSE vulners script
-c | --check = Perform a pre-scanning to identify online hosts and scan only them
-r | --report = File including IPs scanned with open ports and protocols
-n | --no-nmap-scan = Use only the script to detect the hosts with open ports (no HTML report)

By default the script will scan only the first 1000 TCP/UDP ports among the most common ports. You can find the list here: /usr/local/share/nmap/nmap-services. Similarly, the rate or number of packets per second is set to 2500 by default.

For the format of the files, you will find two examples in the dedicated directory:

root@ubuntu:~/audit/MassVulScan# cat example/hosts.txt
# Private subnet
192.168.2.0/24
webmail.acme.corp
root@ubuntu:~/audit/MassVulScan# cat example/exclude.txt
# Gateway
192.168.2.254

Note that the script will detect if you have multiple network interfaces. This is important for Masscan, which will always used the interface that has the default route. You will be asked to choose one (no problem with Nmap).

GIF Demo

Example Demo

Some screenshots

Example Masscan

Example Nmap

Example EOF

Example Vulnerable-hosts

Example HTML

Tree structure

root@Unknown-Device:~/MassVulScan# tree
.
├── CHANGELOG.md
├── demo
│   └── MassVulScan_Demo.gif
├── example
│   ├── exclude-hosts.txt
│   ├── hosts.txt
│   ├── hosts.txt_global-report_2021-01-24_13-51-40.html
│   ├── hosts.txt_open-ports_2021-01-24_13-50-51.txt
│   └── hosts.txt_vulnerable-hosts-details_2021-01-24_13-51-40.txt
├── LICENSE
├── MassVulScan.sh
├── README-FR.md
├── README.md
├── reports
├── requirements.txt
├── screenshots
│   ├── Ex-vulnerable-host-found.PNG
│   ├── Full-script.PNG
│   ├── HTML.PNG
│   ├── Masscan.PNG
│   ├── Menu_1-9-1.PNG
│   └── Nmap.PNG
├── sources
│   ├── installation.sh
│   ├── top-ports-tcp-1000.txt
│   └── top-ports-udp-1000.txt
└── stylesheet
    └── nmap-bootstrap.xsl

6 directories, 22 files

Compatibility

The script has only been tested on Debian family OS but should work on most Linux distributions (except for the automatic prerequisites installation). It can detect open ports on TCP and UDP protocols.

Notes / Tips

Note that the advantage of using the NSE vulners.nse script is that it systematically polls the vulners.com site database, so it will be the latest available data. Similarly, the latter performs a ranking and sorting of identified CVEs, the most severe at the top of the list, which is very convenient.

The script is also compatible with Nmap's categories (https://nmap.org/book/nse-usage.html#nse-categories) to search for specific vulnerabilities (the better known as ms17-010, EternalBlue) in addition to the CVEs identified from vulners.com.

Finally, with the "interactive mode" (-i) you have the possibility to type scripts args also, e.g. vulners --script-args mincvss=5

Known issues

Concerning SNMP, sometimes UDP port scan doesn't seems correctly working with masscan program. I'm trying to find a solution.

TODO

Improve the pre-scanning phase to identify online hosts (fping).

Manage better multiple IP addresses on one network interface.

Improve process of installation (install what is strictly necessary, comparison of versions).

Improve the parsing of hosts file to detect duplicate networks, Ex: 10.10.18.0/24 and 10.10.18.0/28, and avoid duplicate scan.

Changelog

Changelog

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].