Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SigPloiter/GTScan

The Nmap Scanner for Telco
https://github.com/SigPloiter/GTScan

Last synced: 3 months ago
JSON representation

The Nmap Scanner for Telco

Host: GitHub
URL: https://github.com/SigPloiter/GTScan
Owner: SigPloiter
License: mit
Created: 2018-01-08T01:20:26.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2018-09-26T19:25:18.000Z (about 6 years ago)
Last Synced: 2024-05-31T08:36:35.108Z (5 months ago)
Language: Python
Size: 55.7 KB
Stars: 145
Watchers: 14
Forks: 53
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - SigPloiter/GTScan - The Nmap Scanner for Telco (Python)

README

# GTScan
The Nmap Scanner for Telco. With the current focus on telecom security, there used tools in day to day IT side penetration testing should
be extended to telecom as well. From here came the motivation for an nmap-like scanner but for telco

The current security interconnect security controls might fail against reconnaissance , although mobile operators might implement
SMS firewalls/proxies, Interconnect firewalls, some of those leak information that could be used for further information gathering
process.

The motivation behind this project, first adding a new toolking into the arsenal of telecom penetration testers. Second give the
mobile operators a way to test their controls to a primitive methodology such as information gathering and reconnaissance.

# How does it work
GTScan relies on using empty TCAP layers as probes to detect listening subsystem numbers (i.e application port numbers like 80 for
http, 443 for https but for telecom nodes) on the respective global titles. With this way will be able to map the network
and use the results to conduct targeted direct attacks to the respective nodes.

GTScan includes Message handling: Return message on error in the SCCP layer to determine from the response what is the scanned node.
If a TCAP abort message is returned with an error p-abortCause: unrecognizedMessageType (0) thus the destination nodes is listening
on the SSN that was scanned, else then the scanner continues scanning on other SSNs

You can provide GTscan a range of global titles to be scanned, a comma-separated or a single GT to be scanned, along with other
parameters

# Requirements
python3

pip3 install -r requirements.txt

And of course an SS7/Sigtran access :)

# Usage

Example: ./GTScan.py -G 201500000000,201500000002 -g 965123456780 -c 1 -C 2 -p 2905 -P 2906 -l 192.168.56.1 -r 192.168.56.102

All contributions are mostly welcomed