DockrManhattn/scan
GitHub: DockrManhattn/scan
面向 CTF 和渗透测试的一键式自动化网络侦察脚本,将 Nmap 扫描与 SMB 枚举等任务串联执行以减少手动操作。
Stars: 1 | Forks: 0
# 扫描
少输入,多扫描。
## 安装
安装此脚本最简单的方法是运行:
```
python3 setup.py
```
检查 SNMP 需要 sudo 权限
## 使用方法
```
scan 192.168.1.1
```
```
scan hostname.domain.com
```
## 示例
```
❯ export IP='10.10.66.188'
❯ scan $IP
Scanning 10.10.66.188
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-05 10:10 EST
Nmap scan report for DC (10.10.66.188)
Host is up (0.13s latency).
PORT STATE SERVICE
161/udp open|filtered snmp
Nmap done: 1 IP address (1 host up) scanned in 1.73 seconds
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-01-05 10:10 EST
Nmap scan report for DC (10.10.66.188)
Host is up (0.14s latency).
PORT STATE SERVICE VERSION
53/tcp open domain Simple DNS Plus
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-01-05 15:10:22Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: baby2.vl0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=dc.baby2.vl
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:dc.baby2.vl
| Not valid before: 2025-01-05T14:39:42
|_Not valid after: 2026-01-05T14:39:42
|_ssl-date: TLS randomness does not represent time
445/tcp open microsoft-ds?
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: baby2.vl0., Site: Default-First-Site-Name)
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=dc.baby2.vl
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:dc.baby2.vl
| Not valid before: 2025-01-05T14:39:42
|_Not valid after: 2026-01-05T14:39:42
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: baby2.vl0., Site: Default-First-Site-Name)
| ssl-cert: Subject: commonName=dc.baby2.vl
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:dc.baby2.vl
| Not valid before: 2025-01-05T14:39:42
|_Not valid after: 2026-01-05T14:39:42
|_ssl-date: TLS randomness does not represent time
3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP (Domain: baby2.vl0., Site: Default-First-Site-Name)
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: commonName=dc.baby2.vl
| Subject Alternative Name: othername: 1.3.6.1.4.1.311.25.1::, DNS:dc.baby2.vl
| Not valid before: 2025-01-05T14:39:42
|_Not valid after: 2026-01-05T14:39:42
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
9389/tcp open mc-nmf .NET Message Framing
49664/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49671/tcp open msrpc Microsoft Windows RPC
49674/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49676/tcp open msrpc Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| smb2-time:
| date: 2025-01-05T15:11:12
|_ start_date: N/A
|_clock-skew: -1s
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 98.89 seconds
SMB 10.10.66.188 445 DC [*] Windows Server 2022 Build 20348 x64 (name:DC) (domain:baby2.vl) (signing:True) (SMBv1:False)
SMB 10.10.66.188 445 DC [+] baby2.vl\:
SMB 10.10.66.188 445 DC [-] Error enumerating shares: STATUS_ACCESS_DENIED
SMB 10.10.66.188 445 DC [*] Windows Server 2022 Build 20348 x64 (name:DC) (domain:baby2.vl) (signing:True) (SMBv1:False)
SMB 10.10.66.188 445 DC [+] baby2.vl\a: (Guest)
SMB 10.10.66.188 445 DC [*] Enumerated shares
SMB 10.10.66.188 445 DC Share Permissions Remark
SMB 10.10.66.188 445 DC ----- ----------- ------
SMB 10.10.66.188 445 DC ADMIN$ Remote Admin
SMB 10.10.66.188 445 DC apps READ
SMB 10.10.66.188 445 DC C$ Default share
SMB 10.10.66.188 445 DC docs
SMB 10.10.66.188 445 DC homes READ,WRITE
SMB 10.10.66.188 445 DC IPC$ READ Remote IPC
SMB 10.10.66.188 445 DC NETLOGON READ Logon server share
SMB 10.10.66.188 445 DC SYSVOL Logon server share
```
标签:AES-256, CTI, DNS, LDAP, Nmap, Python3, Qt框架, RPC, SMB, 云存储安全, 安全扫描, 插件系统, 数据统计, 无线安全, 时序注入, 服务识别, 漏洞评估, 目标侦察, 端口扫描, 网络安全, 网络扫描, 虚拟驱动器, 逆向工具, 错误配置检测, 隐私保护