Skip to content
/ do_recon Public

A tool to help you in scans of infrastructure. It scans a bundle of sites and puts the results in a directory for each site analyzed.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

elcaza/do_recon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
do_recon.sh
do_recon.sh
 
 
sites.txt
sites.txt
 
 

Repository files navigation

Do Recon

A tool to help you in scans of infrastructure. It scans a bundle of sites and puts the results in a directory for each site analyzed.

What does this do?

By order:

  1. Create a log file for all the assets
  2. Check interfaces available in the system
  3. Create a directory for each active to scan
  4. Makes a nslookup search
  5. Makes a traceroute
  6. Makes a nmap --top-ports scan
  7. Makes a nmap -sV scan only with the discovered open ports
  8. Makes a nmap scan for all ports
  9. Makes a nmap -sC scan only with the discovered open ports
  10. Makes a nmap --script vuln scane with the discovered open ports
  11. Make reports:
    • All open ports
    • All open ports with versions
    • CVEs reported by nmap (beta)

How to use

./do_recon.sh input_file.txt

Example input file

1.site1.com
2.site2.org.mx
3.anothersite.com
4.example.com
5.example2.com
6.other.es

Options for the script to infrastructure

Setting log file

LOGFILE=$(date '+%d-%m-%Y')".log"

Setting the new line separator

NEW_LINE="======================================="

Scan options (true || false)

  1. CHECK_INTERFACE=true
  2. CREATE_DIRECTORY=true
  3. DO_NSLOOKUP=true
  4. DO_TRACE=true
  5. DO_NMAP_TOP_PORTS=true
  6. DO_NMAP_SV=true
  7. DO_NMAP_ALL_PORTS=true
  8. DO_NMAP_SC=true
  9. DO_NMAP_SCRIPT_VULNES=true
  10. REPORT_ALL_OPEN_PORTS=true

Variables for the nmap scan

  1. NMAP_DELAY=5
    • Delay in seconds before to run another nmap scan
  2. NMAP_TIMEOUT=0
    • Timeout 0 = No timeout. Any else, timeout in seconds
  3. TOP_PORTS=1000
  4. MAX_RETRIES=1
  5. MIN_RATE=500
  6. T=-T3
    • -T0, -T1, -T2, -T3, -T4, -T5
    • Default -T3

Requirements

  • nmap
  • traceroute
  • nslookup

To install

sudo apt update && sudo apt install nmap traceroute dnsutils

nmap scans used by the script

# $DO_NMAP_TOP_PORTS
timeout $NMAP_TIMEOUT nmap --vv $T -Pn --open --top-ports $TOP_PORTS --max-retries $MAX_RETRIES -oA $FILE"_"$TOP_PORTS $SITE

# $DO_NMAP_SV
timeout $NMAP_TIMEOUT nmap --vv $T -Pn --open -sV --max-retries $MAX_RETRIES -p $PORTS -oA $FILE"_sv" $SITE

# $DO_NMAP_ALL_PORTS
timeout $NMAP_TIMEOUT nmap --vv $T -Pn --open -p- --max-retries $MAX_RETRIES --min-rate $MIN_RATE -oA $FILE"_all_ports" $SITE

# $DO_NMAP_SC
timeout $NMAP_TIMEOUT nmap --vv $T -Pn --open -sV -sC --max-retries $MAX_RETRIES -p $PORTS -oA $FILE"_sc" $SITE

# $DO_NMAP_SCRIPT_VULNES
timeout $NMAP_TIMEOUT nmap --vv $T -Pn --open -sV --script vuln --max-retries $MAX_RETRIES -p $PORTS -oA $FILE"_script_vulnes" $SITE

About

A tool to help you in scans of infrastructure. It scans a bundle of sites and puts the results in a directory for each site analyzed.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages