Skip to content

Instantly share code, notes, and snippets.

@amriunix

amriunix/htbscan.py

Created May 31, 2018 03:01
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save amriunix/3a72529e1876abe5c066e60f9482b382 to your computer and use it in GitHub Desktop.
Save amriunix/3a72529e1876abe5c066e60f9482b382 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
htbscan.py
#!/usr/bin/env python
# Author: Alamot
import subprocess, re, sys
ip = "127.0.0.1"
max_rate = "500"
ports = "0-65535"
if len(sys.argv) > 1:
ip = sys.argv[1]
else:
print("Usage: "+sys.argv[0]+" <IP> [max_rate] [ports]")
exit()
if len(sys.argv) > 2:
max_rate = sys.argv[2]
if len(sys.argv) > 3:
ports = sys.argv[3]
# Running masscan
cmd = ["sudo", "masscan", "-e", "wlan0", "-p"+ports, "--max-rate", max_rate, "--interactive", ip]
print("\nRunning command: "+' '.join(cmd))
sp = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
output = ""
while True:
out = sp.stdout.read(1).decode('utf-8')
if out == '' and sp.poll() != None:
break
if out != '':
output += out
sys.stdout.write(out)
sys.stdout.flush()
# Getting discovered ports from the masscan output and sorting them
results = re.findall('port (\d*)', output)
if results:
ports = list({int(port) for port in results})
ports.sort()
# Running nmap
cmd = ["sudo", "nmap", "-A", "-p"+''.join(str(ports)[1:-1].split()), ip]
print("\nRunning command: "+' '.join(cmd)+"\n")
sp = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
output = ""
while True:
out = sp.stdout.read(1).decode('utf-8')
if out == '' and sp.poll() != None:
break
if out != '':
output += out
sys.stdout.write(out)
sys.stdout.flush()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment