Vulnerability Assessment

Companion scripts to vulnerability scanner

Nmap

Exclude ports

Any crashing service during the assessment? Exclude the host from your list (-iL) and perform the scan one more time with whitelisted ports.

nmap -v -sV -sC -sS 192.168.0.1 --exclude-ports 123 -oA int-nmap-VA

Top 1000 most common ports

When the scans take too much time, you can limit ports, number of probe retries and disable RTT prolongation. It make sense to chose the top 1000 ports or more, instead of 65535. Ping your asset to retrieve current response time in milliseconds.

UDP

# UDP
nmap -v -sUV --top-ports 1000 --max-rtt-timeout 400ms --initial-rtt-timeout 150ms --max-retries 5 -sC -iL ./internal.hosts -oA int-nmap-UDP100

TCP

# TCP port scan
nmap -v --top-ports 1000 --max-rtt-timeout 400ms --initial-rtt-timeout 150ms --max-retries 5 -sV -sC -sS -iL ./internal.hosts -oA int-nmap-VA

Merge scripts - Nessus, Nmap

GitHub - jr-johnson/nessus_merger: Quickly merge multiple .nessus files into a single file that can then be parsed.GitHub

GitHub - glens/gnxtools: Python scripts to parse and merge nmap XML files.GitHub

Automap.sh

#!/bin/bash

# Check if the user provided an IP address
if [ -z "$1" ]; then
    echo "Usage: $0 <IP_ADDRESS>"
    exit 1
fi

# Assign params
IP_ADDRESS=$1
LOG_DIR="_automap_logs"

# Check if the directory exists
if [ -d "$LOG_DIR" ]; then
    echo "(i) Directory '$LOG_DIR' already exists."
else
   # Create the directory
    echo "(i) Directory '$LOG_DIR' creating..."
    mkdir "$LOG_DIR"
    
    # Check if the directory was created successfully
    if [ $? -eq 0 ]; then
        echo "(i) Directory '$LOG_DIR' created successfully."
    else
        echo "Failed to create directory '$LOG_DIR'."
        exit 1
    fi
fi

# functions
print_line() {
                echo ""
                echo "-"
                echo ""
}

# Run nmap scan on the provided IP address
echo "-------------------------"
echo " Automap v1.0"
echo " target: $IP_ADDRESS"
echo "-------------------------"
echo ""

echo "[DNS] PTR?"
dig -x $IP_ADDRESS | grep PTR
print_line

echo "[TCP] nmap scan on $IP_ADDRESS..."
nmap -v -p- -A $IP_ADDRESS -oA ./${LOG_DIR}/TCP_${IP_ADDRESS}

print_line

echo "[UDP] nmap fast scan on $IP_ADDRESS..."

nmap -v -sUV -F -A $IP_ADDRESS -oA ./${LOG_DIR}/UDP_${IP_ADDRESS}
# End of script