Skip to content

Instantly share code, notes, and snippets.

@proclnas

proclnas/procnscan-README.md

Last active May 18, 2016 22:55
Show Gist options
  • Save proclnas/4a6618d2df9bb5411a9aed4a286fe8c2 to your computer and use it in GitHub Desktop.
Save proclnas/4a6618d2df9bb5411a9aed4a286fe8c2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
procnscan-README.md

README

Procnscan, a socket based scan to read and send requests.

Setup

Pending

Use

~$ php procnscan.php
php procnscan.php
        -c        cidr/ip
        -f        Use a file with ip's
        -p        Port
        -r        String to look for, Default = *
        -i        Ignore case when check response
        -w        Request string to send
        -m        Module, Default = default (tomcat)
        -t        Threads, Default = 1
        -o        Output, Default = output.txt
        -v        Be verbose, Default = false
        -x        Exit on brute a valid credential

Example:
php procnscan.php -c 192.168.0.0/24 -p 80[,8080, ...] -w "HEAD / HTTP/1.1" -r "T
omcat" -t 20 -o output

Example with file:
php procnscan.php -f ips.txt -w "HEAD / HTTP/1.1" -r "Tomcat" -t 20 -o output

Examples

Request single ip

~$ php procnscan.php -c 127.0.0.1 -p 8080 -w "HEAD / HTTP/1.1"

-----------------
[+] 127.0.0.1:8080 [127.0.0.1]
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Wed, 18 May 2016 21:57:17 GMT
Connection: close
-----------------

Grep Banner

~$ php procnscan.php -c 127.0.0.1 -p 8080 -w "HEAD /manager/html HTTP/1.1" -r "Tomcat"

[+][MATCH->Tomcat][127.0.0.1:8080] [127.0.0.1]
----------------
[+] 127.0.0.1:8080 [127.0.0.1]
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 COT
WWW-Authenticate: Basic realm="Tomcat Manager Application"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Date: Wed, 18 May 2016 21:58:53 GMT
Connection: close
----------------

Range Scan

~$ php procnscan.php -c 127.0.0.0/24 -p 80 -t 20

---snip---
----------------
[+] 127.0.0.1:80 [127.0.0.1]
HTTP/1.1 200 OK
Content-Length: 689
Content-Type: text/html
Last-Modified: Sat, 20 Dec 2014 23:36:23 GMT
Accept-Ranges: bytes
ETag: "b27df8c3ad1cd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 18 May 2016 22:07:40 GMT
Connection: close

----------------
---snip---

Tomcat brute module

~$ php procnscan.php -c 127.0.0.1 -p 8080 -m tomcat

Checking 127.0.0.1:8080 [127.0.0.1]
[+][http://127.0.0.1:8080/manager/html] [admin:123456] [127.0.0.1]

Using file

~$ php procnscan.php -f hosts.txt -w "HEAD / HTTP/1.1"
------------------------------------------------------
[+] 127.0.0.1:8080 [127.0.0.1]
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Transfer-Encoding: chunked
Date: Wed, 18 May 2016 22:50:23 GMT
Connection: close

----------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment