MassVulScan / Identify open network ports and any associated vulnerabilities

Hello,

2 years ago I created this Bash script for my own (professional) needs:

I was looking for a way to quickly and efficiently identify all the ports available on different remote sites connected to the Internet. And I wanted to make sure, at the same time, there was no host that exposed a service with known vulnerabilities (CVE).

Maybe it could help someone on this forum ? and it’s fully compatible with Pwnbox from HTB.

Script strength

  • Automatic installation of all the prerequisites (Debian OS family)
  • 2 modes: automatic and Interactive
  • Interactive mode: ports to scan, rate level and nmap script
  • Extremely fast identification of open TCP/UDP ports (masscan)
  • The output is sorted to gather all ports to be scanned by host
  • Identification of services and vulnerabilities (nmap + vulners.nse)
  • Multiple sessions in parallel, one session per host
  • 2 generated reports: a global HTML and a TXT (vulnerable hosts)
  • Detects if you are using multiple network interfaces
  • Compatible with IPs and hostnames (input file)
  • Possibility to exclude some hosts
  • Possibility to combine several arguments

Do not hesitate to contact me if you have any questions or if you notice any problems with the script, improvements etc …

David

For those who use Pwnbox and want to speed up the reconnaissance phase, I created a variant of the Bash script:

It quickly and efficiently identify all the ports/services (TCP/UDP) available for a box, and get known vulnerabilities (CVE) for each of them. Launch the script against and old or new machines that under testing and are scheduled to release very soon (few minutes/hours before the Go live).

Automatic installation ~5 minutes and complete scan + reports ~5 minutes. You will find some screenshots on my Github repository.

Same thing, do not hesitate to contact me if you have any questions or if you notice any problems with the script, improvements etc … ?