Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/carlospolop/bashreconscan
Bash Recon Scan - Recon and Scan a network using Bash
https://github.com/carlospolop/bashreconscan
bash fping nc ncat netcat network oneliner ping port recon scan
Last synced: 3 months ago
JSON representation
Bash Recon Scan - Recon and Scan a network using Bash
- Host: GitHub
- URL: https://github.com/carlospolop/bashreconscan
- Owner: carlospolop
- Created: 2019-01-11T18:53:54.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2022-06-19T23:20:16.000Z (over 2 years ago)
- Last Synced: 2024-05-02T01:09:45.222Z (9 months ago)
- Topics: bash, fping, nc, ncat, netcat, network, oneliner, ping, port, recon, scan
- Language: Shell
- Homepage:
- Size: 4.88 KB
- Stars: 25
- Watchers: 3
- Forks: 11
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Bash Recon Scan - BRS
It is a bash script that can use nc/netcat/ncat and fping/ping to find hosts in a network, and then scan several ports (1-1024 and 8000-8100) of the active hosts found.
It is very usefull to use when you want to search and scan hosts in a network and you dont have better tools than nc and ping.
The netmask that are currently supported are: **/24** and **/16**.
This tool doesn't need root pvivileges.
In the help of the tool you can find the main usage:
```bash
└──╼ $./brs.sh
./brs.sh / []
./brs.sh tcp 192.168.0.1/24 22
./brs.sh icmp 192.168.0.1/16
./brs.sh tcp,icmp 192.168.0.1/24 22
The output will be saved in /24__brs_recon.txt
All the active hosts will appear in the terminal and saved in the file active_ips.txt
Available protocols are: tcp,icmp (you can select all at the same time)
The tool will scan ports some ranges of ports of the active hosts: 1-1024 and 8000-8100
The data of the scanned ports will be saved inside port_scan.txt
```You can find usufull also the following oneliners:
Recon a /24 network using nc
```bash
for j in $(seq 1 254); do nc -v -n -z -w 1 192.168.1.$j 22 2>> s.txt; done; grep -v "Connection refused\|Version\|bytes\| out" s.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' s.txt | sort | uniq > ips.txt;#Faster recon using timeout instead of -w and -z
for j in $(seq 1 254); do timeout 0.5 nc -v -n 192.168.1.$j 22 2>> s.txt; done; grep -v "Connection refused\|Version\|bytes\| out" s.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' s.txt | sort | uniq > ips.txt;
```
Recon /24 network using ping or timeout + ping (faster)
```bash
for j in $(seq 0 255); do timeout 0.7 ping 192.168.1.$j; done;
for j in $(seq 0 255); do ping 192.168.1.$j; done;
```Search for open ports in one ip or reading host from ips.txt
```bash
nc -v -z -n 1-1024 #For one host
while read host; do nc -v -z -n $host 1-1024 2>> ps.txt; done < ips.txt; cat ps.txt | grep -v "Connection refused\|Version\|bytes\| out";
```If you **cant select a range of ports** in your netcat version, use this oneliner to scan for ports (reading from a file)
```bash
for p in $(seq 1 1024); do nc -v -z -n -w 1 $p 2>> ps.txt; done; #For one host
while read host; do for p in $(seq 1 1024); do nc -v -z -n -w 1 $host $p 2>> ps.txt; done; done < ips.txt; cat ps.txt | grep -v "Connection refused\|Version\|bytes\| out";#Faster scan using timeout instead of -w and -z
for p in $(seq 1 1024); do timeout 0.5 nc -v -n $p 2>> ps.txt; done; #For one host
while read host; do for p in $(seq 1 1024); do timeout 0.5 nc -v -n $host $p 2>> ps.txt; done; done < ips.txt; cat ps.txt | grep -v "Connection refused\|Version\|bytes\| out";
```