Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/s0md3v/Silver

Mass scan IPs for vulnerable services
https://github.com/s0md3v/Silver

masscan network network-scanner nmap port-scanner scanner shodan silver vulnerability-scanner vulners

Last synced: about 1 month ago
JSON representation

Mass scan IPs for vulnerable services

Awesome Lists containing this project

README

        




Silver


Silver


Mass Vulnerability Scanner








### Introduction
masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows
complete utilization of these programs by parsing data, spawning parallel processes, caching vulnerability data for faster
scanning over time and much more.

![demo](https://i.ibb.co/nPK8yD8/Untitled.png)

## Features
- Resumable scanning
- Slack notifcations
- Multi-core utilization
- Supports: IPs, CIDR & hostnames
- Vulnerability data caching
- Shodan integration

## Dependencies

### External Programs
- [nmap](https://nmap.org/)
- [masscan](https://github.com/robertdavidgraham/masscan)

### Python libraries
- psutil
- requests

Required Python libraries can be installed by executing `sudo pip3 install -r requirements.txt` in `Silver` directory.

## Setting up Slack notifications
- Create a workspace on slack, [here](https://slack.com/)
- Create an app, [here](https://api.slack.com/apps/new)
- Enable WebHooks from the app and copy the URL from there to Silver's `/core/memory.py` file.

## Usage

#### Before you start

:warning: Run Silver as root and with `python3` i.e. with `sudo python3 silver.py `. The python libraries need to be installed as root too.

:warning: Silver scans all TCP ports by default i.e. ports `0-65535`. Use `--quick` switch to only scan top ~1000 ports.

#### Scan host(s) from command line

```
python3 silver.py 127.0.0.1
python3 silver.py 127.0.0.1/22
python3 silver.py 127.0.0.1,127.0.0.2,127.0.0.3
```

#### Use Shodan
Shodan can provide open ports, service information and CVEs from the data collected during its contiunous internet wide scanning. I think this is the best choice for quickly checking top ~1500 ports. Not using it makes sense when:

- You want to scan all the ports instead of the most common ones
- You are not okay with the scan results being 2-3 days old
- The IP you want to scan has been excluded by Shodan by a request of the owner

```
python3 silver.py 127.0.0.1 --shodan
```

#### Scan top ~1000 ports
```
python3 silver.py 127.0.0.1 --quick
```

#### Scan specific ports
```
python3 silver.py 127.0.0.1 -p80,443
```

#### Scan hosts from a file

```
python3 silver.py -i /path/to/targets.txt
```

#### Save JSON output to a file
Default: `result-.json`
```
python3 silver.py 127.0.0.1 -o my_target.json
```
> Note: The output is saved regardless of using this option. It only exists to choose a specific name for the file instead of the autogenerated one.

#### Set max number of parallel nmap instances
Default: `number_of_cores`
```
python3 silver.py -i /path/to/targets.txt -t 4
```

#### Choose packets to be sent per seconds
Default: `10000`
```
python3 silver.py 127.0.0.1 --rate 1000
```

## Contribution
You can contribute to this project by providing suggestions, reporting sensible issues and spreading the word.
Pull requessts for the following will not be accepted:
- Typos
- coDe qUaLiTY
- Docker and .gitignore file