❎
wiki.hackerlab.cz
  • About me
  • Vulnerability Assessment
  • CLOUD PENTESTING
    • AWS
    • GCP
    • Microsoft Azure
    • Labs
  • REST API - Bypasses and Privilege Escalations
  • Python Virtual Environment (VENV)
  • OSINT & Information Gathering
  • Web Pentesting
    • JavaScript .maps
    • SSRF
    • LDAP Injection
    • Django ORM Exploitation
    • HTTP Request Smuggling
    • Server Side Template Injection (SSTI)
    • Insecure Deserialization
    • Brute force
    • Shell Fu - Oneliners
    • CORS
    • Special Chars & NULL Bytes
    • XSS
    • XXE
    • Nuclei
    • SQL Injection
    • Blind SQL Injection
    • SQLmap
    • NoSQL Injection
    • CRLF Injection
    • Input Validation - Fuzz1
    • HTTP Headers - X-Forwarded
    • Log4j
    • Enumeration with Wordlists
    • Bug Bounty - Web Recon
    • HTTP Proxy Override
    • CSV Injection
    • Windows Forbidden File Names
    • Path Traversal
    • OS Command Injection
    • Open Redirect
    • JWT Tool
    • Burp Extensions - TokenJAR & ATOR
    • Upload RCE
    • GUID and UUIDs
  • Toolset
    • Git - Repo and Tools
    • Docker for Pentesters
  • Infrastructure Pentesting
    • Active Directory (AD)
      • Vulnerable Machines (labs)
      • Pass the hash
      • Azure Active Directory
      • Password Cracking
      • Domain Enumeration
      • LLMNR Poisoning with Responder
      • HTB Forest
      • LDAP
      • WinRM
      • SMB & RPC Enumeration
      • SMB Relay
      • Impacket
      • Bloodhound
      • OWA Exchange Server 2019
      • Active Directory Web Services (ADWS)
      • Active Directory Attacks
    • Mail Server Attacks
    • NFS Enumeration
    • Windows PostExploitation
      • Windows Enumeration
      • Powershell Payloads
      • Add RDP Account & Ride on Meterpreter
    • Dump File Analysis
  • Other Pentest Projects
    • Security Projects
  • WIFI Pentesting
    • Kali Linux - Alpha card AWUS 1900 (VirtualBox)
    • Active Card & Monitor Mode
    • Aircrack-ng Suite
  • Certs
    • Burp Suite Certified Practitioner
  • Linux
    • Network Manager
  • Books
    • The Hacker Playbook 3
Powered by GitBook
On this page
  • Nmap
  • Exclude ports
  • Top 1000 most common ports
  • Merge scripts - Nessus, Nmap
  • Automap.sh

Was this helpful?

Vulnerability Assessment

Companion scripts to vulnerability scanner

PreviousAbout meNextCLOUD PENTESTING

Last updated 1 year ago

Was this helpful?

Nmap

Exclude ports

Any crashing service during the assessment? Exclude the host from your list (-iL) and perform the scan one more time with whitelisted ports.

nmap -v -sV -sC -sS 192.168.0.1 --exclude-ports 123 -oA int-nmap-VA

Top 1000 most common ports

When the scans take too much time, you can limit ports, number of probe retries and disable RTT prolongation. It make sense to chose the top 1000 ports or more, instead of 65535. Ping your asset to retrieve current response time in milliseconds.

UDP

# UDP
nmap -v -sUV --top-ports 1000 --max-rtt-timeout 400ms --initial-rtt-timeout 150ms --max-retries 5 -sC -iL ./internal.hosts -oA int-nmap-UDP100

TCP

# TCP port scan
nmap -v --top-ports 1000 --max-rtt-timeout 400ms --initial-rtt-timeout 150ms --max-retries 5 -sV -sC -sS -iL ./internal.hosts -oA int-nmap-VA

Merge scripts - Nessus, Nmap

Automap.sh

#!/bin/bash

# Check if the user provided an IP address
if [ -z "$1" ]; then
    echo "Usage: $0 <IP_ADDRESS>"
    exit 1
fi

# Assign params
IP_ADDRESS=$1
LOG_DIR="_automap_logs"

# Check if the directory exists
if [ -d "$LOG_DIR" ]; then
    echo "(i) Directory '$LOG_DIR' already exists."
else
   # Create the directory
    echo "(i) Directory '$LOG_DIR' creating..."
    mkdir "$LOG_DIR"
    
    # Check if the directory was created successfully
    if [ $? -eq 0 ]; then
        echo "(i) Directory '$LOG_DIR' created successfully."
    else
        echo "Failed to create directory '$LOG_DIR'."
        exit 1
    fi
fi

# functions
print_line() {
                echo ""
                echo "-"
                echo ""
}

# Run nmap scan on the provided IP address
echo "-------------------------"
echo " Automap v1.0"
echo " target: $IP_ADDRESS"
echo "-------------------------"
echo ""

echo "[DNS] PTR?"
dig -x $IP_ADDRESS | grep PTR
print_line

echo "[TCP] nmap scan on $IP_ADDRESS..."
nmap -v -p- -A $IP_ADDRESS -oA ./${LOG_DIR}/TCP_${IP_ADDRESS}

print_line

echo "[UDP] nmap fast scan on $IP_ADDRESS..."

nmap -v -sUV -F -A $IP_ADDRESS -oA ./${LOG_DIR}/UDP_${IP_ADDRESS}
# End of script
GitHub - glens/gnxtools: Python scripts to parse and merge nmap XML files.GitHub
GitHub - jr-johnson/nessus_merger: Quickly merge multiple .nessus files into a single file that can then be parsed.GitHub
Logo
Logo