Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/carlospolop/bashReconScan

Bash Recon Scan - Recon and Scan a network using Bash
https://github.com/carlospolop/bashReconScan

bash fping nc ncat netcat network oneliner ping port recon scan

Last synced: 3 days ago
JSON representation

Bash Recon Scan - Recon and Scan a network using Bash

Host: GitHub
URL: https://github.com/carlospolop/bashReconScan
Owner: carlospolop
Created: 2019-01-11T18:53:54.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2022-06-19T23:20:16.000Z (over 2 years ago)
Last Synced: 2024-05-02T01:09:45.222Z (6 months ago)
Topics: bash, fping, nc, ncat, netcat, network, oneliner, ping, port, recon, scan
Language: Shell
Homepage:
Size: 4.88 KB
Stars: 25
Watchers: 3
Forks: 11
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Bash Recon Scan - BRS

It is a bash script that can use nc/netcat/ncat and fping/ping to find hosts in a network, and then scan several ports (1-1024 and 8000-8100) of the active hosts found.

It is very usefull to use when you want to search and scan hosts in a network and you dont have better tools than nc and ping.

The netmask that are currently supported are: **/24** and **/16**.

This tool doesn't need root pvivileges.

In the help of the tool you can find the main usage:

```bash

└──╼ $./brs.sh 

./brs.sh  / []

./brs.sh tcp 192.168.0.1/24 22

./brs.sh icmp 192.168.0.1/16

./brs.sh tcp,icmp 192.168.0.1/24 22

The output will be saved in /24__brs_recon.txt

All the active hosts will appear in the terminal and saved in the file active_ips.txt

Available protocols are: tcp,icmp (you can select all at the same time)

The tool will scan ports some ranges of ports of the active hosts: 1-1024 and 8000-8100

The data of the scanned ports will be saved inside port_scan.txt

```

You can find usufull also the following oneliners:

Recon a /24 network using nc

```bash

for j in $(seq 1 254); do nc -v -n -z -w 1 192.168.1.$j 22 2>> s.txt; done; grep -v "Connection refused\|Version\|bytes\| out" s.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' s.txt | sort | uniq > ips.txt;

#Faster recon using timeout instead of -w and -z

for j in $(seq 1 254); do timeout 0.5 nc -v -n 192.168.1.$j 22 2>> s.txt; done; grep -v "Connection refused\|Version\|bytes\| out" s.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' s.txt | sort | uniq > ips.txt;

```

Recon /24 network using ping or timeout + ping (faster)

```bash

for j in $(seq 0 255); do timeout 0.7 ping 192.168.1.$j; done;

for j in $(seq 0 255); do ping 192.168.1.$j; done;

```

Search for open ports in one ip or reading host from ips.txt

```bash

nc -v -z -n  1-1024 #For one host

while read host; do nc -v -z -n $host 1-1024 2>> ps.txt; done < ips.txt; cat ps.txt | grep -v "Connection refused\|Version\|bytes\| out";

```

If you **cant select a range of ports** in your netcat version, use this oneliner to scan for ports (reading from a file)

```bash

for p in $(seq 1 1024); do nc -v -z -n -w 1  $p 2>> ps.txt; done; #For one host

while read host; do for p in $(seq 1 1024); do nc -v -z -n -w 1 $host $p 2>> ps.txt; done; done < ips.txt; cat ps.txt | grep -v "Connection refused\|Version\|bytes\| out";

#Faster scan using timeout instead of -w and -z

for p in $(seq 1 1024); do timeout 0.5 nc -v -n  $p 2>> ps.txt; done; #For one host

while read host; do for p in $(seq 1 1024); do timeout 0.5 nc -v -n $host $p 2>> ps.txt; done; done < ips.txt; cat ps.txt | grep -v "Connection refused\|Version\|bytes\| out";

```