Last active
May 13, 2020 19:05
-
-
Save notdodo/d918325c1d4003e37ab0e22a28789927 to your computer and use it in GitHub Desktop.
Stealth Scan a list of IPs/subnets with Nmap and multiple from random and multiple VPNs to avoid IP filtering.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env zsh | |
trap ctrl_c INT | |
# | |
# author: notdodo | |
# | |
# Scan a set of IPs/subnets using multiple VPN profiles | |
# | |
# Default values of arguments | |
local IPS="" | |
local CREDENTIALS_FILE="./credentials.txt" | |
local CA_FILE="./ca.crt" | |
local OVPN_DIR="./" | |
local NMAP="$(command -v nmap)" | |
local OPENVPN="$(command -v openvpn)" | |
local DAEMON_NAME="ssrounddaemon" | |
if [[ ${#} -eq 0 ]]; then | |
set -- "$@" '--help' | |
fi | |
# Argument processing | |
for arg in "$@"; do | |
case $arg in | |
-o | --openvpn) | |
OVPN_DIR="${2}" | |
shift | |
shift | |
;; | |
-ca | --certificate) | |
CA_FILE="${2}" | |
shift | |
shift | |
;; | |
-c | --credentials) | |
CREDENTIALS_FILE="${2}" | |
shift | |
shift | |
;; | |
-iL | --ips) | |
IPS="${2}" | |
shift | |
shift | |
;; | |
-h | --help) | |
echo "Scan multiple IPs or subnet using multiple VPN servers to avoid detection or blocking." | |
echo "Usage: $0 --openvpn ovpns_folder --certicate certificate_file --ips ip-subnet_file" | |
exit 0 | |
;; | |
esac | |
done | |
if [[ -z ${IPS} ]]; then | |
echo "Wrong arguments" | |
exit -1 | |
fi | |
function ctrl_c() { | |
echo "** Trapped CTRL-C" | |
pkill -f ${DAEMON_NAME} >/dev/null 2>&1 | |
exit -1 | |
} | |
function kill_vpn() ( | |
local PID="$(pgrep -f ${DAEMON_NAME} | head -1)" | |
while [[ -n ${PID} ]]; do | |
\kill ${PID} >/dev/null 2>&1 | |
sleep 2 | |
PID="$(pgrep -f ${DAEMON_NAME} | head -1)" | |
done | |
) | |
function myip() { | |
\curl -s http://ipinfo.io/ip -m 3 | |
} | |
function start_vpn() { | |
local ORIGINAL_IP="$(myip)" | |
${OPENVPN} --config ${1} --ca ${2} --auth-user-pass ${3} --daemon ${DAEMON_NAME} --connect-timeout 20 | |
local MYIP="$(myip)" | |
while [[ "${MYIP}" == "${ORIGINAL_IP}" ]]; do | |
sleep 2 | |
MYIP="$(myip)" | |
done | |
} | |
function start_nmap() { | |
mkdir -p ./ssroundvanish_scans | |
${NMAP} -sS -p- ${1} -oA ./ssroundvanish_scans/"${1//\//}-fullscan" -vv -T2 --min-rate 1000 --max-scan-delay 100s --host-timeout 2000s --max-retries 5 --max-rtt-timeout 5000ms --defeat-rst-ratelimit | |
} | |
function good_latency() { | |
if [[ $(\ping -c 1 1.1.1.1 | \grep -Po "time=\K(\d+)") -le 100 ]]; then | |
echo "$(myip): Good latency, init scan" | |
return 0 | |
else | |
echo "$(myip): Bad latency, skipping" | |
return 1 | |
fi | |
} | |
# For each IP/subnet | |
while read -r ip; do | |
# Get a random VPN configuration | |
for ovpn in $(\ls -1 ${OVPN_DIR}/*.ovpn | sort -R); do | |
start_vpn ${ovpn} ${CA_FILE} ${CREDENTIALS_FILE} | |
if good_latency; then | |
# Start the scan | |
echo "Start scanning ${ip}" | |
start_nmap ${ip} | |
kill_vpn | |
break | |
fi | |
kill_vpn | |
done | |
done < ${IPS} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment