Divide Et Impera And Scan (and also merge the scan results)
DivideAndScan is used to efficiently automate port scanning routine by splitting it into 3 phases:
- Discover open ports for a bunch of targets.
- Run Nmap individually for each target with version grabbing and NSE actions.
- Merge the results into a single Nmap report (different formats available).
For the 1st phase a fastport scanner is intended to be used (Masscan / RustScan / Naabu), whose output is parsed and stored in a database (TinyDB). Next, during the 2nd phase individual Nmap scans are launched for each target with its set of open ports (multiprocessing is supported) according to the database data. Finally, in the 3rd phase separate Nmap outputs are merged into a single report in different formats (XML / HTML / simple text / grepable) with nMap_Merger.
Potential use cases:
- Pentest engagements / red teaming with a large scope to enumerate.
- Cybersecurity wargames / training CTF labs.
- OSCP certification exam.
Prerequisites
To successfully divide and scan we need to get some good port scanning tools.
Nmap
sudo apt install nmap sudo xsltproc -y
sudo nmap --script-updatedb
Masscan
cd /tmp
git clone https://github.com/robertdavidgraham/masscan.git
cd masscan
make
sudo make install
cd && rm -rf /tmp/masscan
RustScan
cd /tmp
wget -qO- https://api.github.com/repos/RustScan/RustScan/releases/latest \
| grep "browser_download_url.*amd64.deb" \
| cut -d: -f2,3 \
| tr -d \" \
| wget -qO rustscan.deb -i-
sudo dpkg -i rustscan.deb
cd && rm /tmp/rustscan.deb
sudo wget https://gist.github.com/snovvcrash/c7f8223cc27154555496a9cbb4650681/raw/a76a2c658370d8b823a8a38a860e4d88051b417e/rustscan-ports-top1000.toml -O /root/.rustscan.toml
Naabu
sudo mkdir /opt/projectdiscovery
cd /opt/projectdiscovery
wget -qO- https://api.github.com/repos/projectdiscovery/naabu/releases/latest \
| grep "browser_download_url.*linux-amd64.tar.gz" \
| cut -d: -f2,3 \
| tr -d \" \
| sudo wget -qO naabu.tar.gz -i-
sudo tar -xvzf naabu.tar.gz
sudo mv naabu-linux-amd64 naabu
sudo rm naabu.tar.gz README.md LICENSE.md
sudo ln -vs /opt/projectdiscovery/naabu /usr/local/bin/naabu
Installation
DivideAndScan is available on PyPI as divideandscan
, though I recommend installing it from GitHub with pipx in order to always have the bleeding-edge version:
~$ pipx install -f "git+https://github.com/snovvcrash/DivideAndScan.git"
~$ das
For debbugging purposes you can set up a dev environment with poetry:
~$ git clone https://github.com/snovvcrash/DivideAndScan
~$ cd DivideAndScan
~$ poetry install
~$ poetry run das
Using from Docker
You can run DivideAndScan in a Docker container as follows:
~$ docker run -it --rm --name das -v `pwd`:/app snovvcrash/divideandscan
Since the tool requires some input data and produces some output data, you should specify your current working directory as the mount point at /app
within the container. You may want to set an alias to make the base command shorter:
~$ alias das='docker run -it --rm --name das -v `pwd`:/app snovvcrash/divideandscan'
~$ das
How to Use
0. Preparations
Make a new directory to start DivideAndScan from. The tool will create subdirectories in CWD to store the output, so I recommend launching it from a clean directory to stay organized:
|
1. Filling the DB
Provide the Warning: please, make sure that you understand what you're doing, because nearly all port scanning tools can damage the system being tested if used improperly.
When the module completes its work, a hidden directory |
2. Targeted Scanning
Launch targeted Nmap scans with the
To start Nmap simultaneously in multiple processes, specify the
The output format is selected with Also, you can inspect the contents of the database with
|
3 (Optional). Merging the Reports
In order to generate a report independently of the
Note: keep in mind that the report module does not search the DB when processing the -hosts or -ports options, but looks for Nmap raw reports directly in .nmap directory instead; it means that -hosts 127.0.0.1 argument value will be successfully resolved only if .nmap/127-0-0-1.* file exists, and -ports 80 argument value will be successfully resolved only if .nmap/port80.* file exists. |
Help
usage: das [-h] {add,scan,report} ...
-----------------------------------------------------------------------------------------------
| ________ .__ .__ .___ _____ .____________ |
| \______ \ |__|__ _|__| __| _/____ / _ \ ____ __| _/ _____/ ____ _____ ____ |
| | | \| \ \/ / |/ __ |/ __ \ / /_\ \ / \ / __ |\_____ \_/ ___\\__ \ / \ |
| | ` \ |\ /| / /_/ \ ___// | \ | \/ /_/ |/ \ \___ / __ \| | \ |
| /_______ /__| \_/ |__\____ |\___ >____|__ /___| /\____ /_______ /\___ >____ /___| / |
| \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ |
| {@snovvcrash} {https://github.com/snovvcrash/DivideAndScan} {vX.Y.Z} |
-----------------------------------------------------------------------------------------------
positional arguments:
{add,scan,report}
add run a full port scan {masscan,rustscan,naabu,nmap} and add the output to DB
scan run targeted Nmap scans against hosts and ports from DB
report merge separate Nmap outputs into a single report in different formats
optional arguments:
-h, --help show this help message and exit
Psst, hey buddy... Wanna do some organized p0r7 5c4nn1n6?
ToDo
- Add projectdiscovery/naabu parser
- Add armada scanner (?) parser