Fl@sh v1.6
We all know port scanning is the bread and butter of the enumeration faze. There is no denying that nmap sets the standard for port scanning on both windows and UNIX systems. However full range UDP and TCP port scans (65k ports) take a long time to finish. There is another scanner which excels at speed; unicornscan is an asynchronous stateless port scanner that implements its own TCP/IP stack. This script invokes unicornscan and passes the ports that are found to nmap and/or amap for further fingerprinting. I have built in two main port ranges into this script, unicornscan’s default port range and the full 65k port range. I would like to stress that the default packet speed for unicornscan is 300pps and I wouldn’t go higher than 400pps. After this is finished you have the option to search some keywords in the locally cached version of exploit-db on backtrack…
EDIT: Version update from v1.5 to v1.6 to avoid an issue brought to light by scottm99. When you halt the script before it finishes some temporary files created by the script will not be removed hence resulting in erroneous port-lists (with duplicate entries or ports from a previous target). I added a cleanup routine at the beginning of the script to avoid this issue…
Download: flash.sh
root@bt:~/Desktop# ./flash.sh -------------------------------------------------------------------- | Fl@sh v1.6 ~ b33f | | -Scanned Before you know it- | -------------------------------------------------------------------- | USAGE: ./flash.sh -s [pps] -e [N/A/B] -p [A/D] -x [Y/N] -t [IP] | | | | REQUIRED | | -s Packets per second [recommended less than 400]. | | -e Pipe output into N (nmap), A (amap), B (both). | | -p A (full 65k), D (default port list). | | -x Parse keywords in searchsploit (Y/N). | | -t Target IP. | | | | DETAILS | | (1) When the open ports are passed to nmap or amap | | or both, the results will be saved to nmap-output.txt | | and/or amap-output.txt in the parent directory... | | | | (2) When using the -x you should bear in mind that you | | you should update the the local version of exploit-db | | browse to '/pentest/exploits/exploitdb/platforms' and | | issue 'svn up'... | -------------------------------------------------------------------- root@bt:~/Desktop# ./flash.sh -s 350 -e B -p D -x N -t 192.168.111.130 [*] Scanning Default TCP port range, be patient... [>] TCP Ports: TCP open http[ 80] from 192.168.111.130 ttl 128 TCP open epmap[ 135] from 192.168.111.130 ttl 128 TCP open netbios-ssn[ 139] from 192.168.111.130 ttl 128 TCP open https[ 443] from 192.168.111.130 ttl 128 TCP open microsoft-ds[ 445] from 192.168.111.130 ttl 128 TCP open blackjack[ 1025] from 192.168.111.130 ttl 128 TCP open mysql[ 3306] from 192.168.111.130 ttl 128 [*] Scanning Default UDP port range, be patient... [>] UDP Ports: UDP open netbios-ns[ 137] from 192.168.111.130 ttl 128 UDP open exosee[ 1027] from 192.168.111.130 ttl 128 [*] Passing Ports to Nmap & Amap... [>] Done!! Check out nmap-output.txt and amap-output.txt... [>] Done!! No searchsploit parsing to do...