<p align="center">
<img src="https://user-images.githubusercontent.com/23141800/113610876-632a4300-9656-11eb-9583-d07f4e34d774.png" width="350px" alt="DivideAndScan">
</p>
<p align="center">
<strong>Divide <strike>Et Impera</strike> And Scan (and also merge the scan results)</strong>
</p>
<p align="center">
<a href="https://github.com/snovvcrash/DivideAndScan/blob/main/pyproject.toml#L3"><img src="https://img.shields.io/badge/version-1.0.3-success" alt="version" /></a>
<a href="https://github.com/snovvcrash/DivideAndScan/search?l=python"><img src="https://img.shields.io/badge/python-3.9-blue?logo=python&logoColor=white" alt="python" /></a>
<a href="https://www.codacy.com/gh/snovvcrash/DivideAndScan/dashboard?utm_source=github.com&utm_medium=referral&utm_content=snovvcrash/DivideAndScan&utm_campaign=Badge_Grade"><img src="https://app.codacy.com/project/badge/Grade/35f0bdfece9846d7aab3888b01642813" alt="codacy" /></a>
<a href="https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-pypi.yml"><img src="https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-pypi.yml/badge.svg" alt="pypi" /></a>
<a href="https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-docker-hub.yml"><img src="https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-docker-hub.yml/badge.svg" alt="docker" /></a>
</p>
---
**D**ivide**A**nd**S**can is used to efficiently automate port scanning routine by splitting it into 3 phases:
1. Discover open ports for a bunch of targets.
2. Run Nmap individually for each target with version grabbing and NSE actions.
3. Merge the results into a single Nmap report (different formats available).
For the 1st phase a *fast port scanner*\* is intended to be used, whose output is parsed and stored in a single file database ([TinyDB](https://github.com/msiemens/tinydb)). Next, during the 2nd phase individual Nmap scans are launched for each target with its set of open ports (multiprocessing is supported) according to the database data. Finally, in the 3rd phase separate Nmap outputs are merged into a single report in different formats (XML / HTML / simple text / grepable) with [nMap_Merger](https://github.com/CBHue/nMap_Merger). The visualization portion is provided by [DrawNmap](https://github.com/jor6PS/DrawNmap).
Potential use cases:
* Pentest engagements / red teaming with a large scope to enumerate.
* Cybersecurity wargames / training CTF labs.
* OSCP certification exam.
\* Available port scanners:
* [Nmap](https://github.com/nmap/nmap)
* [Masscan](https://github.com/ivre/masscan)
* [RustScan](https://github.com/RustScan/RustScan)
* [Naabu](https://github.com/projectdiscovery/naabu)
* [NimScan](https://github.com/elddy/NimScan)
* [sx](https://github.com/v-byte-cpu/sx)
> **DISCLAIMER.** All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.
## How It Works
## How to Install
### Prerequisites
To successfully *divide and scan* we need to get some good port scanning tools (in the examples below GitHub releases are grabbed via [eget](https://github.com/zyedidia/eget)).
📑 **Note:** if you don't feel like messing with dependecies on your host OS, skip to the [Docker](#using-from-docker) part.
#### Nmap
```bash
sudo apt install nmap xsltproc -y
sudo nmap --script-updatedb
```
#### Masscan
```bash
pushd /tmp
wget https://github.com/ivre/masscan/archive/refs/heads/master.zip -O masscan-master.zip
unzip masscan-master.zip
cd masscan-master
make
sudo make install
popd && rm -rf /tmp/masscan-master*
```
#### RustScan
```bash
eget -t 2.0.1 -a amd64 RustScan/RustScan --to /tmp/rustscan.deb
sudo dpkg -i /tmp/rustscan.deb && rm /tmp/rustscan.deb
sudo wget https://gist.github.com/snovvcrash/8b85b900bd928493cd1ae33b2df318d8/raw/fe8628396616c4bf7a3e25f2c9d1acc2f36af0c0/rustscan-ports-top1000.toml -O /root/.rustscan.toml
```
#### Naabu
```bash
sudo mkdir /opt/naabu
sudo eget -s linux/amd64 projectdiscovery/naabu --to /opt/naabu
sudo ln -sv /opt/naabu/naabu /usr/local/bin/naabu
```
#### NimScan
```bash
sudo mkdir /opt/nimscan
sudo eget -a NimScan elddy/NimScan --to /opt/nimscan
sudo ln -sv /opt/nimscan/nimscan /usr/local/bin/nimscan
```
#### sx
```bash
sudo mkdir /opt/sx
sudo eget -s linux/amd64 v-byte-cpu/sx --to /opt/sx
sudo ln -sv /opt/sx/sx /usr/local/bin/sx
```
#### dnsx
```bash
sudo mkdir /opt/pd
sudo eget -s linux/amd64 projectdiscovery/dnsx --to /opt/pd
sudo ln -sv /opt/pd/dnsx /usr/local/bin/dnsx
```
### Installation
DivideAndScan is available on PyPI as `divideandscan`, though I recommend installing it from GitHub with [pipx](https://github.com/pipxproject/pipx) in order to always have the bleeding-edge version:
```console
~$ pipx install -f "git+https://github.com/snovvcrash/DivideAndScan.git"
~$ das
```
There's also a [release](https://github.com/snovvcrash/DivideAndScan/releases/latest) packed with [shiv](https://github.com/linkedin/shiv) (large file size though):
```console
# shiv -e das.divideandscan:main -o das.pyz divideandscan
~$ wget https://github.com/snovvcrash/DivideAndScan/releases/latest/download/das.pyz && chmod +x das.pyz
~$ ./das.pyz
```
For debbugging purposes you can set up a dev environment with [poetry](https://github.com/python-poetry/poetry):
```console
~$ git clone --recurse-submodules https://github.com/snovvcrash/DivideAndScan
~$ cd DivideAndScan
~$ poetry install
~$ poetry run das
```
📑 **Note:** DivideAndScan uses sudo to run all the port scanners, so it will ask for the password when scanning commands are invoked.
### Using from Docker
[](https://hub.docker.com/r/snovvcrash/divideandscan)
You can run DivideAndScan in a Docker container as follows:
```console
~$ docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan
```
Since the tool requires some input data and produces some output data, you should specify your current working directory as the mount point at `/app` within the container. Also publishing port 8050 on host allows to access the [Dash](https://github.com/plotly/dash) app used for Nmap reports visualization.
You may want to set an alias to make the base command shorter:
```console
~$ alias das='docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan'
~$ das
```
## How to Use
### 1. Filling the DB
<table>
<tr>
<td>
Provide the `add` module a command for a fast port scanner to discover open ports in a desired range.
⚠️ **Warning:** please, make sure that you understand what you're doing, because nearly all port scanning tools [can damage the system being tested](https://github.com/RustScan/RustScan/wiki/Usage#%EF%B8%8F-warning) if used improperly.
```console
# Nmap, -v flag is always required for correct parsing!
~$ das add nmap '-v -n -Pn -e eth0 --min-rate 1000 -T4 -iL hosts.txt -p1-65535 --open'
# Masscan
~$ das add masscan '--rate 1000 -iL hosts.txt -p1-65535 --open'
# RustScan
~$ das add rustscan '-b 1000 -t 2000 -u 5000 -a hosts.txt -r 1-65535 -g --no-config'
# Naabu
~$ das add naabu '-rate 1000 -iL hosts.txt -p - -silent -s s'
# NimScan
~$ das add nimscan '192.168.1.0/24 -vi -p:1-65535 -f:500'
# sx
~$ sudo sx arp -i eth0 192.168.1.0/24 --json | tee arp.cache
~$ das add sx 'tcp syn -a arp.cache -i eth0 --rate 1000/s 192.168.1.0/24 -p 445,3389'
```
When the module starts its work, a directory `~/.das/db` is created where the database file and raw scan results will be put when the module routine finishes.
</td>
</tr>
</table>
### 2. Targeted Scanning
<table>
<tr>
<td>
Launch targeted Nmap scans with the `scan` module. You can adjust the scan surface with either `-hosts` or `-ports` option:
```console
# Scan by hosts
~$ das scan -hosts all -oA report1
~$ das scan -hosts 192.168.1.0/24,10.10.13.37 -oA report1
~$ das scan -hosts hosts.txt -oA report1
# Scan by ports
~$ das scan -ports all -oA report2
~$ das scan -ports 22,80,443,445 -oA report2
~$ das scan -ports ports.txt -oA report2
```
To start Nmap simultaneously in multiple processes, specify the `-parallel` switch and set number of workers with the `-proc` option (if no value is provided, it will default to the number of processors on the machine):
```console
~$ das scan -hosts all -oA report -parallel [-proc 4]
```
The output format is selected with `-oX`, `-oN`, `-oG` and `-oA` options for XML+HTML formats, simple text format, grepable format and all formats respectively. When the module completes its work, a directory `~/.das/nmap_<DB_NAME>` is created containig Nmap raw scan reports.
Also, you can inspect the contents of the database with `-show` option before actually launching the scans:
```console
~$ das scan -hosts all -show
```
</td>
</tr>
</table>
### 3 (Optional). Merging the Reports
<table>
<tr>
<td>
In order to generate a report independently of the `scan` module, you should use the `report` module. It will search for Nmap raw scan reports in the `~/.das/nmap_<DB_NAME>` directory and process and merge them based on either `-hosts` or `-ports` option:
```console
# Merge outputs by hosts
~$ das report -hosts all -oA report1
~$ das report -hosts 192.168.1.0/24,10.10.13.37 -oA report1
~$ das report -hosts hosts.txt -oA report1
# Merge outputs by ports
~$ das report -ports all -oA report2
~$ das report -ports 22,80,443,445 -oA report2
~$ das report -ports ports.txt -oA report2
```
📑 **Note:** keep in mind that the `report` module does **not** search the DB when processing the `-hosts` or `-ports` options, but looks for Nmap raw reports directly in `~/.das/nmap_<DB_NAME>` directory instead; it means that `-hosts 127.0.0.1` argument value will be successfully resolved only if `~/.das/nmap_<DB_NAME>/127-0-0-1.*` files exist, and `-ports 80` argument value will be successfully resolved only if `~/.das/nmap_<DB_NAME>/port80.*` files exist.
</td>
</tr>
</table>
<details>
<summary><strong>🔥 Example 🔥</strong></summary>
Let's enumerate open ports for all live machines on [Hack The Box](https://www.hackthebox.eu/home/machines).
1. Add mappings "host ⇄ open ports" to the database with Masscan. For demonstration purposes I will exclude dynamic port range to avoid unnecessary stuff by using `-p1-49151`. On the second screenshot I'm reviewing scan results by hosts and by ports:
```console
~$ das -db htb add -rm masscan '-e tun0 --rate 1000 -iL hosts.txt -p1-49151 --open'
```
<p align="center">
<img src="https://user-images.githubusercontent.com/23141800/117919590-f578d300-b2f5-11eb-8afb-f8e3ed851e62.png" alt="example-1.png">
</p>
```console
~$ das -db htb scan -hosts all -show
~$ das -db htb scan -ports all -show
```
<p align="center">
<img src="https://user-images.githubusercontent.com/23141800/117919602-fa3d8700-b2f5-11eb-8d4a-f2edb0272e2e.png" alt="example-2.png">
</p>
2. Launch Nmap processes for each target to enumerate only ports that we're interested in (the open ports). On the second screenshot I'm doing the same but starting Nmap processes simultaneously:
```console
~$ das -db htb scan -hosts all -oA report
```
<p align="center">
<img src="https://user-images.githubusercontent.com/23141800/117919624-03c6ef00-b2f6-11eb-9539-64a5a6ced1cf.png" alt="example-3.png">
</p>
```console
~$ das -db htb scan -hosts all -oA report -nmap '-Pn -sVC -O' -parallel
```
<p align="center">
<img src="https://user-images.githubusercontent.com/23141800/117919633-0a556680-b2f6-11eb-8cbe-78d1e9ce16f1.png" alt="example-4.png">
</p>
3. As a result we now have a single report in all familiar Nmap formats (simple text, grepable, XML) as well as a pretty HTML report.
<p align="center">
<img src="https://user-images.githubusercontent.com/23141800/117919635-0c1f2a00-b2f6-11eb-933f-ee812e6f6bd0.png" alt="example-5.png">
</p>
</details>
## Bring Your Own Scanner!
You can pair your favourite port scanner with DivideAndScan by implementing a single **parse** method for its output in `das/parsers/DUMMY_SCANNER.py` (see [example](/das/parsers/masscan.py) for masscan):
```python
from das.parsers import IAddPortscanOutput
class AddPortscanOutput(IAddPortscanOutput):
"""Child class for processing DUMMY_SCANNER output."""
def parse(self):
"""
DUMMY_SCANNER raw output parser.
:return: a pair of values (portscan raw output filename, number of hosts added to DB)
:rtype: tuple
"""
hosts = set()
for line in self.portscan_raw:
# DUMMY_SCANNER parser implementation
pass
return (self.portscan_out, len(hosts))
```
## Help
```
usage: das [-h] [-db DB] {db,add,scan,dns,report,parse,draw,tree,help} ...
-----------------------------------------------------------------------------------------------
| ________ .__ .__ .___ _____ .____________ |
| \______ \ |__|__ _|__| __| _/____ / _ \ ____ __| _/ _____/ ____ _____ ____ |
| | | \| \ \/ / |/ __ |/ __ \ / /_\ \ / \ / __ |\_____ \_/ ___\\__ \ / \ |
| | ` \ |\ /| / /_/ \ ___// | \ | \/ /_/ |/ \ \___ / __ \| | \ |
| /_______ /__| \_/ |__\____ |\___ >____|__ /___| /\____ /_______ /\___ >____ /___| / |
| \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ |
| {@snovvcrash} {https://github.com/snovvcrash/DivideAndScan} {vX.Y.Z} |
-----------------------------------------------------------------------------------------------
positional arguments:
{db,add,scan,dns,report,parse,draw,tree,help}
db utilities for manual DB manipulations
add run a full port scan and add the output to DB
scan run targeted Nmap scans against hosts and ports from DB
dns map domain names from an input file to corresponding IP addresses from the DB
report merge separate Nmap outputs into a single report (https://github.com/CBHue/nMap_Merger)
parse parse raw Nmap XML reports by service names and print entries in format {service}://{host}:{port}}
draw visualize Nmap XML reports (https://github.com/jor6PS/DrawNmap)
tree show contents of the ~/.das/ directory using tree
help show builtin --help dialog of a selected port scanner
options:
-h, --help show this help message and exit
-db DB DB name to work with
Psst, hey buddy... Wanna do some organized p0r7 5c4nn1n6?
```
## ToDo
* [x] <strike>Add [projectdiscovery/naabu](https://github.com/projectdiscovery/naabu) parser</strike>
* [x] <strike>Add [elddy/NimScan](https://github.com/elddy/NimScan) parser</strike>
* [x] <strike>Add [sx](https://github.com/v-byte-cpu/sx) parser</strike>
* [ ] Add [ZMap](https://github.com/zmap/zmap) parser
* [x] <strike>Store hostnames (if there're any) next to their IP values</strike>
* [x] <strike>Add `fuff` switch to automate web directory fuzzing</strike> (added `parse` module)
Raw data
{
"_id": null,
"home_page": "https://github.com/snovvcrash/DivideAndScan",
"name": "divideandscan",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.9,<3.12",
"maintainer_email": "",
"keywords": "pentest,scan,nmap,masscan,rustscan",
"author": "Sam Freeside",
"author_email": "snovvcrash@protonmail.ch",
"download_url": "https://files.pythonhosted.org/packages/91/29/69cdf5b878748a0ecd2912b72466afa760cc1afc593f871f496c46a70d00/divideandscan-1.0.3.tar.gz",
"platform": null,
"description": "<p align=\"center\">\n <img src=\"https://user-images.githubusercontent.com/23141800/113610876-632a4300-9656-11eb-9583-d07f4e34d774.png\" width=\"350px\" alt=\"DivideAndScan\">\n</p>\n\n<p align=\"center\">\n <strong>Divide <strike>Et Impera</strike> And Scan (and also merge the scan results)</strong>\n</p>\n\n<p align=\"center\">\n <a href=\"https://github.com/snovvcrash/DivideAndScan/blob/main/pyproject.toml#L3\"><img src=\"https://img.shields.io/badge/version-1.0.3-success\" alt=\"version\" /></a>\n <a href=\"https://github.com/snovvcrash/DivideAndScan/search?l=python\"><img src=\"https://img.shields.io/badge/python-3.9-blue?logo=python&logoColor=white\" alt=\"python\" /></a>\n <a href=\"https://www.codacy.com/gh/snovvcrash/DivideAndScan/dashboard?utm_source=github.com&utm_medium=referral&utm_content=snovvcrash/DivideAndScan&utm_campaign=Badge_Grade\"><img src=\"https://app.codacy.com/project/badge/Grade/35f0bdfece9846d7aab3888b01642813\" alt=\"codacy\" /></a>\n <a href=\"https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-pypi.yml\"><img src=\"https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-pypi.yml/badge.svg\" alt=\"pypi\" /></a>\n <a href=\"https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-docker-hub.yml\"><img src=\"https://github.com/snovvcrash/DivideAndScan/actions/workflows/publish-to-docker-hub.yml/badge.svg\" alt=\"docker\" /></a>\n</p>\n\n---\n\n**D**ivide**A**nd**S**can is used to efficiently automate port scanning routine by splitting it into 3 phases:\n\n1. Discover open ports for a bunch of targets.\n2. Run Nmap individually for each target with version grabbing and NSE actions.\n3. Merge the results into a single Nmap report (different formats available).\n\nFor the 1st phase a *fast port scanner*\\* is intended to be used, whose output is parsed and stored in a single file database ([TinyDB](https://github.com/msiemens/tinydb)). Next, during the 2nd phase individual Nmap scans are launched for each target with its set of open ports (multiprocessing is supported) according to the database data. Finally, in the 3rd phase separate Nmap outputs are merged into a single report in different formats (XML / HTML / simple text / grepable) with [nMap_Merger](https://github.com/CBHue/nMap_Merger). The visualization portion is provided by [DrawNmap](https://github.com/jor6PS/DrawNmap).\n\nPotential use cases:\n\n* Pentest engagements / red teaming with a large scope to enumerate.\n* Cybersecurity wargames / training CTF labs.\n* OSCP certification exam.\n\n\\* Available port scanners:\n\n* [Nmap](https://github.com/nmap/nmap)\n* [Masscan](https://github.com/ivre/masscan)\n* [RustScan](https://github.com/RustScan/RustScan)\n* [Naabu](https://github.com/projectdiscovery/naabu)\n* [NimScan](https://github.com/elddy/NimScan)\n* [sx](https://github.com/v-byte-cpu/sx)\n\n> **DISCLAIMER.** All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.\n\n## How It Works\n\n\n\n## How to Install\n\n### Prerequisites\n\nTo successfully *divide and scan* we need to get some good port scanning tools (in the examples below GitHub releases are grabbed via [eget](https://github.com/zyedidia/eget)).\n\n\ud83d\udcd1 **Note:** if you don't feel like messing with dependecies on your host OS, skip to the [Docker](#using-from-docker) part.\n\n#### Nmap\n\n```bash\nsudo apt install nmap xsltproc -y\nsudo nmap --script-updatedb\n```\n\n#### Masscan\n\n```bash\npushd /tmp\nwget https://github.com/ivre/masscan/archive/refs/heads/master.zip -O masscan-master.zip\nunzip masscan-master.zip\ncd masscan-master\nmake\nsudo make install\npopd && rm -rf /tmp/masscan-master*\n```\n\n#### RustScan\n\n```bash\neget -t 2.0.1 -a amd64 RustScan/RustScan --to /tmp/rustscan.deb\nsudo dpkg -i /tmp/rustscan.deb && rm /tmp/rustscan.deb\nsudo wget https://gist.github.com/snovvcrash/8b85b900bd928493cd1ae33b2df318d8/raw/fe8628396616c4bf7a3e25f2c9d1acc2f36af0c0/rustscan-ports-top1000.toml -O /root/.rustscan.toml\n```\n\n#### Naabu\n\n```bash\nsudo mkdir /opt/naabu\nsudo eget -s linux/amd64 projectdiscovery/naabu --to /opt/naabu\nsudo ln -sv /opt/naabu/naabu /usr/local/bin/naabu\n```\n\n#### NimScan\n\n```bash\nsudo mkdir /opt/nimscan\nsudo eget -a NimScan elddy/NimScan --to /opt/nimscan\nsudo ln -sv /opt/nimscan/nimscan /usr/local/bin/nimscan\n```\n\n#### sx\n\n```bash\nsudo mkdir /opt/sx\nsudo eget -s linux/amd64 v-byte-cpu/sx --to /opt/sx\nsudo ln -sv /opt/sx/sx /usr/local/bin/sx\n```\n\n#### dnsx\n\n```bash\nsudo mkdir /opt/pd\nsudo eget -s linux/amd64 projectdiscovery/dnsx --to /opt/pd\nsudo ln -sv /opt/pd/dnsx /usr/local/bin/dnsx\n```\n\n### Installation\n\nDivideAndScan is available on PyPI as `divideandscan`, though I recommend installing it from GitHub with [pipx](https://github.com/pipxproject/pipx) in order to always have the bleeding-edge version:\n\n```console\n~$ pipx install -f \"git+https://github.com/snovvcrash/DivideAndScan.git\"\n~$ das\n```\n\nThere's also a [release](https://github.com/snovvcrash/DivideAndScan/releases/latest) packed with [shiv](https://github.com/linkedin/shiv) (large file size though):\n\n```console\n# shiv -e das.divideandscan:main -o das.pyz divideandscan\n~$ wget https://github.com/snovvcrash/DivideAndScan/releases/latest/download/das.pyz && chmod +x das.pyz\n~$ ./das.pyz\n```\n\nFor debbugging purposes you can set up a dev environment with [poetry](https://github.com/python-poetry/poetry):\n\n```console\n~$ git clone --recurse-submodules https://github.com/snovvcrash/DivideAndScan\n~$ cd DivideAndScan\n~$ poetry install\n~$ poetry run das\n```\n\n\ud83d\udcd1 **Note:** DivideAndScan uses sudo to run all the port scanners, so it will ask for the password when scanning commands are invoked.\n\n### Using from Docker\n\n[](https://hub.docker.com/r/snovvcrash/divideandscan)\n\nYou can run DivideAndScan in a Docker container as follows:\n\n```console\n~$ docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan\n```\n\nSince the tool requires some input data and produces some output data, you should specify your current working directory as the mount point at `/app` within the container. Also publishing port 8050 on host allows to access the [Dash](https://github.com/plotly/dash) app used for Nmap reports visualization.\n\nYou may want to set an alias to make the base command shorter:\n\n```console\n~$ alias das='docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan'\n~$ das\n```\n\n## How to Use\n\n\n\n### 1. Filling the DB\n\n<table>\n<tr>\n<td>\n\nProvide the `add` module a command for a fast port scanner to discover open ports in a desired range.\n\n\u26a0\ufe0f **Warning:** please, make sure that you understand what you're doing, because nearly all port scanning tools [can damage the system being tested](https://github.com/RustScan/RustScan/wiki/Usage#%EF%B8%8F-warning) if used improperly.\n\n```console\n# Nmap, -v flag is always required for correct parsing!\n~$ das add nmap '-v -n -Pn -e eth0 --min-rate 1000 -T4 -iL hosts.txt -p1-65535 --open'\n# Masscan\n~$ das add masscan '--rate 1000 -iL hosts.txt -p1-65535 --open'\n# RustScan\n~$ das add rustscan '-b 1000 -t 2000 -u 5000 -a hosts.txt -r 1-65535 -g --no-config'\n# Naabu\n~$ das add naabu '-rate 1000 -iL hosts.txt -p - -silent -s s'\n# NimScan\n~$ das add nimscan '192.168.1.0/24 -vi -p:1-65535 -f:500'\n# sx\n~$ sudo sx arp -i eth0 192.168.1.0/24 --json | tee arp.cache\n~$ das add sx 'tcp syn -a arp.cache -i eth0 --rate 1000/s 192.168.1.0/24 -p 445,3389'\n```\n\nWhen the module starts its work, a directory `~/.das/db` is created where the database file and raw scan results will be put when the module routine finishes.\n\n</td>\n</tr>\n</table>\n\n### 2. Targeted Scanning\n\n<table>\n<tr>\n<td>\n\nLaunch targeted Nmap scans with the `scan` module. You can adjust the scan surface with either `-hosts` or `-ports` option:\n\n```console\n# Scan by hosts\n~$ das scan -hosts all -oA report1\n~$ das scan -hosts 192.168.1.0/24,10.10.13.37 -oA report1\n~$ das scan -hosts hosts.txt -oA report1\n# Scan by ports\n~$ das scan -ports all -oA report2\n~$ das scan -ports 22,80,443,445 -oA report2\n~$ das scan -ports ports.txt -oA report2\n```\n\nTo start Nmap simultaneously in multiple processes, specify the `-parallel` switch and set number of workers with the `-proc` option (if no value is provided, it will default to the number of processors on the machine):\n\n```console\n~$ das scan -hosts all -oA report -parallel [-proc 4]\n```\n\nThe output format is selected with `-oX`, `-oN`, `-oG` and `-oA` options for XML+HTML formats, simple text format, grepable format and all formats respectively. When the module completes its work, a directory `~/.das/nmap_<DB_NAME>` is created containig Nmap raw scan reports.\n\nAlso, you can inspect the contents of the database with `-show` option before actually launching the scans:\n\n```console\n~$ das scan -hosts all -show\n```\n\n</td>\n</tr>\n</table>\n\n### 3 (Optional). Merging the Reports\n\n<table>\n<tr>\n<td>\n\nIn order to generate a report independently of the `scan` module, you should use the `report` module. It will search for Nmap raw scan reports in the `~/.das/nmap_<DB_NAME>` directory and process and merge them based on either `-hosts` or `-ports` option:\n\n```console\n# Merge outputs by hosts\n~$ das report -hosts all -oA report1\n~$ das report -hosts 192.168.1.0/24,10.10.13.37 -oA report1\n~$ das report -hosts hosts.txt -oA report1\n# Merge outputs by ports\n~$ das report -ports all -oA report2\n~$ das report -ports 22,80,443,445 -oA report2\n~$ das report -ports ports.txt -oA report2\n```\n\n\ud83d\udcd1 **Note:** keep in mind that the `report` module does **not** search the DB when processing the `-hosts` or `-ports` options, but looks for Nmap raw reports directly in `~/.das/nmap_<DB_NAME>` directory instead; it means that `-hosts 127.0.0.1` argument value will be successfully resolved only if `~/.das/nmap_<DB_NAME>/127-0-0-1.*` files exist, and `-ports 80` argument value will be successfully resolved only if `~/.das/nmap_<DB_NAME>/port80.*` files exist.\n\n</td>\n</tr>\n</table>\n\n<details>\n<summary><strong>\ud83d\udd25 Example \ud83d\udd25</strong></summary>\n\nLet's enumerate open ports for all live machines on [Hack The Box](https://www.hackthebox.eu/home/machines).\n\n1. Add mappings \"host \u21c4 open ports\" to the database with Masscan. For demonstration purposes I will exclude dynamic port range to avoid unnecessary stuff by using `-p1-49151`. On the second screenshot I'm reviewing scan results by hosts and by ports:\n\n```console\n~$ das -db htb add -rm masscan '-e tun0 --rate 1000 -iL hosts.txt -p1-49151 --open'\n```\n\n<p align=\"center\">\n <img src=\"https://user-images.githubusercontent.com/23141800/117919590-f578d300-b2f5-11eb-8afb-f8e3ed851e62.png\" alt=\"example-1.png\">\n</p>\n\n```console\n~$ das -db htb scan -hosts all -show\n~$ das -db htb scan -ports all -show\n```\n\n<p align=\"center\">\n <img src=\"https://user-images.githubusercontent.com/23141800/117919602-fa3d8700-b2f5-11eb-8d4a-f2edb0272e2e.png\" alt=\"example-2.png\">\n</p>\n\n2. Launch Nmap processes for each target to enumerate only ports that we're interested in (the open ports). On the second screenshot I'm doing the same but starting Nmap processes simultaneously:\n\n```console\n~$ das -db htb scan -hosts all -oA report\n```\n\n<p align=\"center\">\n <img src=\"https://user-images.githubusercontent.com/23141800/117919624-03c6ef00-b2f6-11eb-9539-64a5a6ced1cf.png\" alt=\"example-3.png\">\n</p>\n\n```console\n~$ das -db htb scan -hosts all -oA report -nmap '-Pn -sVC -O' -parallel\n```\n\n<p align=\"center\">\n <img src=\"https://user-images.githubusercontent.com/23141800/117919633-0a556680-b2f6-11eb-8cbe-78d1e9ce16f1.png\" alt=\"example-4.png\">\n</p>\n\n3. As a result we now have a single report in all familiar Nmap formats (simple text, grepable, XML) as well as a pretty HTML report.\n\n<p align=\"center\">\n <img src=\"https://user-images.githubusercontent.com/23141800/117919635-0c1f2a00-b2f6-11eb-933f-ee812e6f6bd0.png\" alt=\"example-5.png\">\n</p>\n\n</details>\n\n## Bring Your Own Scanner!\n\nYou can pair your favourite port scanner with DivideAndScan by implementing a single **parse** method for its output in `das/parsers/DUMMY_SCANNER.py` (see [example](/das/parsers/masscan.py) for masscan):\n\n```python\nfrom das.parsers import IAddPortscanOutput\n\n\nclass AddPortscanOutput(IAddPortscanOutput):\n \"\"\"Child class for processing DUMMY_SCANNER output.\"\"\"\n\n def parse(self):\n \"\"\"\n DUMMY_SCANNER raw output parser.\n\n :return: a pair of values (portscan raw output filename, number of hosts added to DB)\n :rtype: tuple\n \"\"\"\n hosts = set()\n for line in self.portscan_raw:\n # DUMMY_SCANNER parser implementation\n pass\n\n return (self.portscan_out, len(hosts))\n```\n\n## Help\n\n```\nusage: das [-h] [-db DB] {db,add,scan,dns,report,parse,draw,tree,help} ...\n\n -----------------------------------------------------------------------------------------------\n| ________ .__ .__ .___ _____ .____________ |\n| \\______ \\ |__|__ _|__| __| _/____ / _ \\ ____ __| _/ _____/ ____ _____ ____ |\n| | | \\| \\ \\/ / |/ __ |/ __ \\ / /_\\ \\ / \\ / __ |\\_____ \\_/ ___\\\\__ \\ / \\ |\n| | ` \\ |\\ /| / /_/ \\ ___// | \\ | \\/ /_/ |/ \\ \\___ / __ \\| | \\ |\n| /_______ /__| \\_/ |__\\____ |\\___ >____|__ /___| /\\____ /_______ /\\___ >____ /___| / |\n| \\/ \\/ \\/ \\/ \\/ \\/ \\/ \\/ \\/ \\/ |\n| {@snovvcrash} {https://github.com/snovvcrash/DivideAndScan} {vX.Y.Z} |\n -----------------------------------------------------------------------------------------------\n\npositional arguments:\n {db,add,scan,dns,report,parse,draw,tree,help}\n db utilities for manual DB manipulations\n add run a full port scan and add the output to DB\n scan run targeted Nmap scans against hosts and ports from DB\n dns map domain names from an input file to corresponding IP addresses from the DB\n report merge separate Nmap outputs into a single report (https://github.com/CBHue/nMap_Merger)\n parse parse raw Nmap XML reports by service names and print entries in format {service}://{host}:{port}}\n draw visualize Nmap XML reports (https://github.com/jor6PS/DrawNmap)\n tree show contents of the ~/.das/ directory using tree\n help show builtin --help dialog of a selected port scanner\n\noptions:\n -h, --help show this help message and exit\n -db DB DB name to work with\n\nPsst, hey buddy... Wanna do some organized p0r7 5c4nn1n6?\n```\n\n## ToDo\n\n* [x] <strike>Add [projectdiscovery/naabu](https://github.com/projectdiscovery/naabu) parser</strike>\n* [x] <strike>Add [elddy/NimScan](https://github.com/elddy/NimScan) parser</strike>\n* [x] <strike>Add [sx](https://github.com/v-byte-cpu/sx) parser</strike>\n* [ ] Add [ZMap](https://github.com/zmap/zmap) parser\n* [x] <strike>Store hostnames (if there're any) next to their IP values</strike>\n* [x] <strike>Add `fuff` switch to automate web directory fuzzing</strike> (added `parse` module)\n",
"bugtrack_url": null,
"license": "BSD-2-Clause",
"summary": "Divide full port scan results and use it for targeted Nmap runs",
"version": "1.0.3",
"project_urls": {
"Homepage": "https://github.com/snovvcrash/DivideAndScan",
"Repository": "https://github.com/snovvcrash/DivideAndScan"
},
"split_keywords": [
"pentest",
"scan",
"nmap",
"masscan",
"rustscan"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8f1fdf0dc3249ec000300555cd443356deb9a73243f253958ded983281e18321",
"md5": "5d586cce179b78b01eb429b0bd407c9f",
"sha256": "c0e83d20366f5d55168195f928026f7527ebd7fef66e7ad757d808e23dbbe4ef"
},
"downloads": -1,
"filename": "divideandscan-1.0.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "5d586cce179b78b01eb429b0bd407c9f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9,<3.12",
"size": 31060,
"upload_time": "2023-08-22T21:05:13",
"upload_time_iso_8601": "2023-08-22T21:05:13.796912Z",
"url": "https://files.pythonhosted.org/packages/8f/1f/df0dc3249ec000300555cd443356deb9a73243f253958ded983281e18321/divideandscan-1.0.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "912969cdf5b878748a0ecd2912b72466afa760cc1afc593f871f496c46a70d00",
"md5": "44d1fadddaec6e7bb891d38916eda80c",
"sha256": "ab8cc607709cdcc2948d0e0b50649fb3272e6a536c81babecf126cdb361d5edf"
},
"downloads": -1,
"filename": "divideandscan-1.0.3.tar.gz",
"has_sig": false,
"md5_digest": "44d1fadddaec6e7bb891d38916eda80c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9,<3.12",
"size": 27593,
"upload_time": "2023-08-22T21:05:15",
"upload_time_iso_8601": "2023-08-22T21:05:15.490880Z",
"url": "https://files.pythonhosted.org/packages/91/29/69cdf5b878748a0ecd2912b72466afa760cc1afc593f871f496c46a70d00/divideandscan-1.0.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-22 21:05:15",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "snovvcrash",
"github_project": "DivideAndScan",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "divideandscan"
}
JSON
