{"id":20563708,"url":"https://github.com/trustedsec/spoonmap","last_synced_at":"2025-08-21T05:32:40.673Z","repository":{"id":44949057,"uuid":"328715387","full_name":"trustedsec/spoonmap","owner":"trustedsec","description":null,"archived":false,"fork":false,"pushed_at":"2023-08-01T05:41:24.000Z","size":43,"stargazers_count":150,"open_issues_count":3,"forks_count":38,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-04-08T04:51:23.177Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trustedsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-11T15:54:40.000Z","updated_at":"2025-03-08T16:38:09.000Z","dependencies_parsed_at":"2024-11-16T05:00:26.781Z","dependency_job_id":null,"html_url":"https://github.com/trustedsec/spoonmap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/trustedsec/spoonmap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fspoonmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fspoonmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fspoonmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fspoonmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trustedsec","download_url":"https://codeload.github.com/trustedsec/spoonmap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fspoonmap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271430804,"owners_count":24758378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T04:20:24.135Z","updated_at":"2025-08-21T05:32:40.399Z","avatar_url":"https://github.com/trustedsec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SpooNMAP\n\n## Dependencies\nThis script is simply a wrapper for NMAP and Masscan. Install them from your\nfavorite package manager, or install from source.\n\nThe script also utilizes Python's magical f-strings, so Python 3.6 or above\nis required.\n\n## Usage\nAgain, make sure that you have Python 3.6 or above installed. Simply executing\nthe script will prompt you for all of the required scanning options.\n\n```\n# ./spoonmap.py \n\n________                   _____   _______  _________________ \n__  ___/______________________  | / /__   |/  /__    |__  __ \\\n_____ \\___  __ \\  __ \\  __ \\_   |/ /__  /|_/ /__  /| |_  /_/ /\n____/ /__  /_/ / /_/ / /_/ /  /|  / _  /  / / _  ___ |  ____/ \n/____/ _  .___/\\____/\\____//_/ |_/  /_/  /_/  /_/  |_/_/      \n       /_/                                                 \n    \n\nScan Type\n\t(1) Small Port Scan\n\t(2) Medium Port Scan\n\t(3) Large Port Scan\n\t(4) Extra Large Port Scan (Small, Medium, and Large)\n\t(5) Full Port Scan\n\t(6) Custom Port Scan\n\nWhat type of scan would you like to perform (default: Small Port Scan)? \n\nWould you like to enumerate service banners for any identified services (default: Yes)? \n\nTarget Scan\n\t(1) External\n\t(2) Internal\n\nIs this an internal or external scan (default: External)? \n\nHow fast would you like to scan (default: 20000 packets/second)? \n\nExample Target File\nOne CIDR or IP Address per line\n\n\t192.168.0.0/24\n\t192.168.1.23\n\nPlease enter the full path for the file containing target hosts (default: /opt/spoonmap/ranges.txt): \n\nWould you like to exclude any hosts?  (default: No) \n\nScan Type: Small Port Scan\nTarget Ports: ['80', '443', '8000', '8080', '8008', '8181', '8443']\nService Banner: False\nSource Port: 53\nMasscan Max Packet Rate (pps): 2000\nTarget File: ranges.txt\nExclusions File: exclusions.txt\n\nScanning port 80...\n```\nYou can also create a configuration file to avoid all of the prompts. Use the\nprovided 'config.json.sample' as an example. Just make sure that your file \nis named 'config.json'\n```\n# cat config.json\n{\n    \"__scan_type_choices__\" : \"Small Port Scan, Medium Port Scan, Large Port Scan, Extra Large Port Scan, Full Port Scan, Custom Port Scan\", \n    \"scan_type\" : \"Custom Port Scan\", \n    \"dest_ports\" : [\"80\",\"443\",\"8000\",\"8080\",\"U:53\"],\n    \"__banner_scan_choices__\" : \"True, False\", \n    \"banner_scan\" : \"True\", \n    \"__target_scan_choices__\" : \"External, Internal\", \n    \"target_scan\" : \"Internal\",\n    \"__max_rate_external_recommedation__\" : \"Single Port = 20000, Full Port = 10000\", \n    \"__max_rate_internal_recommedation__\" : \"Single Port = 2000, Full Port = 1000\", \n    \"max_rate\" : \"2000\",\n    \"target_file\" : \"ranges.txt\",\n    \"output_path\" : \"./\",\n    \"exclusions_file\" : \"exclusions.txt\"\n}\n```\nNote: To perform UDP scans simply prepend 'U:' to the port you'd like to scan (i.e 'U:53').\n#### config.json Parameters\n##### scan_type\nThis paramater is used to determine what ports to scan.\n* Small Port Scan\n    * 80, 443, 8000, 8080, 8008, 8181, 8443\n* Medium Port Scan\n    * 7001, 1433, 445, 139, 21, 22, 23, 25, \\\n    53, 111, 389, 4243, 3389, 3306, 4786, \\\n    5900, 5901, 6379, 6970, 9100\n* Large Port Scan\n    * 1090, 1098, 1099, 10999, 11099, 11111, \\\n    3300, 4243, 4444, 4445, 45000, 45001, \\\n    47001, 47002, 4786, 4848, 50500, 5555, \\\n    5556, 6129, 6379, 6970, 7000, \\\n    7002, 7003, 7004, 7070, 7071, \\\n    8001, 8002, 8003, 8686, 9000, \\\n    9001, 9002, 9003, 9012, 9503\n* Extra Large Port Scan\n    * Small, Medium, and Large Ports Combined\n* Full Port Scan\n    * 1-65,535\n* Custom Port Scan\n    * Dealer's Choice\n##### dest_ports\n* Only used if 'Custom Port Scan' is selected.\n##### banner_scan\nThis parameter is used to determine whether NMAP will be used\nto grab service banners.\n* True\n* False\n##### target_scan\nThis paramater is used to determine what source port to spoof.\n* External Port Scan\n    * source port = 53\n* Internal Port Scan\n    * source port = 88\n##### max_rate\nThis parameter is used to determine how fast to scan in masscan.\nIf it is not set manually, it is determined from the\nscan_type and target_scan parameters.\n**Note: Selecting a max_rate that is too high can easily create\na denial-of-service. In my testing, the following rates have been\nfound to be safe. YMMV**\n* 'External' and 'Common Port Scan'\n    * max_rate = 20,000 packets/second\n* 'External' and 'Full Port Scan'\n    * max_rate = 10,000 packets/second\n* 'Internal' and 'Common Port Scan'\n    * max_rate = 2,000 packets/second\n* 'Internal' and 'Full Port Scan'\n    * max_rate = 1,000 packets/second\n* Everything else\n    * max_rate = 2,000 packets/second\n    \n## Potential Hacks to Look For  \n\n1090, 1098, 1099, 4444, 11099, 47001, 47002, 10999  \nJava RMI  \nhttps://www.rapid7.com/db/modules/exploit/multi/misc/java_rmi_server  \nhttps://medium.com/@afinepl/java-rmi-for-pentesters-structure-recon-and-communication-non-jmx-registries-a10d5c996a79  \nhttps://medium.com/@afinepl/java-rmi-for-pentesters-part-two-reconnaissance-attack-against-non-jmx-registries-187a6561314d  \n\n7000-7004, 8000-8003, 9000-9003, 9503, 7070, 7071  \nWebLogic  \nhttps://www.exploit-db.com/search?q=weblogic  \n  \n45000, 45001  \nJDWP  \nhttps://www.rapid7.com/db/modules/exploit/multi/misc/java_jdwp_debugger  \nhttps://github.com/IOActive/jdwp-shellifier  \n  \n8686, 9012, 50500  \nJMX  \nhttps://www.rapid7.com/db/modules/exploit/multi/misc/java_jmx_server  \n  \n4848  \nGlassFish  \nhttps://www.rapid7.com/db/modules/auxiliary/scanner/http/glassfish_traversal  \n\n11111, 4444, 4445  \nJBoss  \nhttps://www.rapid7.com/db/modules/auxiliary/scanner/http/jboss_vulnscan  \nhttps://github.com/joaomatosf/jexboss  \n  \n4786  \nCisco Smart Install  \nhttps://www.rapid7.com/db/modules/auxiliary/scanner/misc/cisco_smart_install  \nhttps://github.com/Sab0tag3d/SIET  \n  \n5555, 5556  \nHP Data Protector  \nhttps://www.rapid7.com/db/modules/exploit/multi/misc/hp_data_protector_exec_integutil  \nhttps://www.rapid7.com/db/modules/exploit/windows/misc/hp_dataprotector_cmd_exec  \n\n3300  \nSAP  \nhttps://github.com/chipik/SAP_GW_RCE_exploit  \n\n6129  \nDameware  \nhttps://www.tenable.com/security/research/tra-2019-43  \nhttps://github.com/tenable/poc/blob/master/Solarwinds/Dameware/dwrcs_dwDrvInst_rce.py  \n  \n6379  \nRedis  \nhttps://www.rapid7.com/db/modules/exploit/linux/redis/redis_replication_cmd_exec  \n  \n6970  \nCisco Unified Communications Manager\nhttps://github.com/trustedsec/SeeYouCM-Thief\nhttp://[CUCM IP Address]:6970/ConfigFileCacheList.txt  \n  \n8080  \nAdobe CodFusion BlazeDS  \nhttps://www.tenable.com/plugins/nessus/99731  \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fspoonmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrustedsec%2Fspoonmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fspoonmap/lists"}