├── README.md
└── scan.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # oscp-enumeration-script
 2 | Scanner that runs enumeration scripts while you do other things, made for the OSCP exam or for use on CTF's. Not recommended to run on live networks as-is.
 3 | 
 4 | ## Notes
 5 | This script is designed to do Nmap scans of a list of target hosts. It takes an hour or so to complete. To keep you notified of its progress, it 
 6 | uses linux system notifications as it finishes each script. 
 7 | 
 8 | - Must have libnotify-bin installed // apt-get install libnotify-bin.
 9 | - If you don't want to use notifications, just remove the line from the script.
10 | - Before you begin, create a file called ips.txt with a host to scan on each line.
11 | - If the UDP scan is taking too long, you should just kill the script.
12 | 
13 | ## Output organization
14 | It will create a directory structure that consists of just the last portion of the subnet you're scanning. 
15 | For example, if you're scanning 5 hosts in the 10.10.10.1/24 subnet, the directory tree would look like this:
16 | 
17 | 127/
18 | 112/
19 | 92/
20 | 84/
21 | 60/
22 | 
23 | Using the .127 host as an example, each folder will be outputs of each scan:
24 | 
25 | $ cd 127/
26 | 
27 | $ ls -la
28 | 
29 | ------------------------
30 | 
31 | scripts_127
32 | 
33 | tcp_full_127
34 | 
35 | tcp_quick_127
36 | 
37 | udp_127
38 | 
39 | Versions
40 | 
41 | ![example](https://i.imgur.com/JqnJh6x.png)
42 | 
43 | 
44 | ## Details
45 | 
46 | - You can modify this script to take things to the next level, by running a nikto, searchsploit or directory scan for hosts with an open port 80/443.
47 | 
48 | 
49 | 
50 | 
51 | 


--------------------------------------------------------------------------------
/scan.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Must have libnotify-bin installed // apt-get install libnotify-bin 
 3 | # If you don't want to use notifications, just remove the lines below
 4 | 
 5 | total_hosts=$(cat ips.txt | wc -l)
 6 | counter=0
 7 | 
 8 | for host in $(cat ips.txt); do
 9 | 	mkdir $(echo $host |cut -d "." -f4)
10 | 	counter=$((counter + 1))
11 | 	notify-send "Beginning TCP quick scan of host" "$(echo $host) | $counter of $(echo $total_hosts)"
12 | 	nmap -T4 -oN $(echo $host |cut -d "." -f4)/tcp_quick_$(echo $host |cut -d "." -f4) $host
13 | 	usleep 1075000
14 | 	nmap -n -Pn -p- -v --reason -sV -oN $(echo $host |cut -d "." -f4)/tcp_full_$(echo $host |cut -d "." -f4) $host
15 | 	usleep 1075000
16 | 	nmap -n -Pn -p- -A -v -oN $(echo $host |cut -d "." -f4)/scripts_$(echo $host |cut -d "." -f4) $host
17 | 	usleep 1075000
18 | 	cat $(echo $host |cut -d "." -f4)/scripts_$(echo $host |cut -d "." -f4) |grep '^[0-9]' |grep open |cut -d" " -f 4- > $(echo $host |cut -d "." -f4)/Versions
19 | 	nmap -sU -n -Pn -vv --reason --open -oN $(echo $host |cut -d "." -f4)/udp_$(echo $host |cut -d "." -f4) $host
20 | done
21 | 


--------------------------------------------------------------------------------