Vulnerability Assessment
Companion scripts to vulnerability scanner
Nmap
Exclude ports
Any crashing service during the assessment? Exclude the host from your list (-iL) and perform the scan one more time with whitelisted ports.
nmap -v -sV -sC -sS 192.168.0.1 --exclude-ports 123 -oA int-nmap-VA
Top 1000 most common ports
When the scans take too much time, you can limit ports, number of probe retries and disable RTT prolongation. It make sense to chose the top 1000 ports or more, instead of 65535. Ping your asset to retrieve current response time in milliseconds.
UDP
# UDP
nmap -v -sUV --top-ports 1000 --max-rtt-timeout 400ms --initial-rtt-timeout 150ms --max-retries 5 -sC -iL ./internal.hosts -oA int-nmap-UDP100
TCP
# TCP port scan
nmap -v --top-ports 1000 --max-rtt-timeout 400ms --initial-rtt-timeout 150ms --max-retries 5 -sV -sC -sS -iL ./internal.hosts -oA int-nmap-VA
Merge scripts - Nessus, Nmap
Automap.sh
#!/bin/bash
# Check if the user provided an IP address
if [ -z "$1" ]; then
echo "Usage: $0 <IP_ADDRESS>"
exit 1
fi
# Assign params
IP_ADDRESS=$1
LOG_DIR="_automap_logs"
# Check if the directory exists
if [ -d "$LOG_DIR" ]; then
echo "(i) Directory '$LOG_DIR' already exists."
else
# Create the directory
echo "(i) Directory '$LOG_DIR' creating..."
mkdir "$LOG_DIR"
# Check if the directory was created successfully
if [ $? -eq 0 ]; then
echo "(i) Directory '$LOG_DIR' created successfully."
else
echo "Failed to create directory '$LOG_DIR'."
exit 1
fi
fi
# functions
print_line() {
echo ""
echo "-"
echo ""
}
# Run nmap scan on the provided IP address
echo "-------------------------"
echo " Automap v1.0"
echo " target: $IP_ADDRESS"
echo "-------------------------"
echo ""
echo "[DNS] PTR?"
dig -x $IP_ADDRESS | grep PTR
print_line
echo "[TCP] nmap scan on $IP_ADDRESS..."
nmap -v -p- -A $IP_ADDRESS -oA ./${LOG_DIR}/TCP_${IP_ADDRESS}
print_line
echo "[UDP] nmap fast scan on $IP_ADDRESS..."
nmap -v -sUV -F -A $IP_ADDRESS -oA ./${LOG_DIR}/UDP_${IP_ADDRESS}
# End of script
Last updated
Was this helpful?