onetwopunch

Information gathering is an important step in a penetration test or any hacking attempt. Various attack vectors open up based on the findings in the information gathering stage. Port scanning provides a large amount of information on open services and possible exploits that target these services. The problem with port scanning is that it can take a lot of time to generate the results depending on the type of scan, the protocol that’s being scanned, the number of targets, whether or not any IDS is in the way, and a slew of other variables.

Nmap is by far the most comprehensive port scanner, able to identify services, fingerprint operating systems, and even run several scripts against the services to identify potential vulnerabilities. This helps cut down the manual work involved in service enumeration. Nmap uses a default list of ports when none are provided by the attacker. This can cause nmap to miss certain ports that are not in its default list. There is the option to let nmap scan all 65,535 ports on each machine, but as you can imagine, this will take a considerable amount of time, especially if you’re scanning a lot of targets.

Unicornscan is another port scanner that utilizes it’s own userland TCP/IP stack, which allows it to run an asynchronous scan. This makes it a whole lot faster than nmap and can scan 65,535 ports in a relatively shorter time frame. Since unicornscan is so fast, it makes sense to use it for scanning large networks or a large number of ports.

So, the idea behind this post is to utilize both tools to generate a scan of 65,535 ports on the targets. We will use unicornscan to scan all ports and make a list of those ports that are open. We will then take the open ports and pass them to nmap for service detection.

Download

git clone https://github.com/superkojiman/onetwopunch.git

Usage

 ___  _ __   ___           | |___      _____    _ __  _   _ _ __   ___| |__   / \

 / _ \| '_ \ / _ \          | __\ \ /\ / / _ \  | '_ \| | | | '_ \ / __| '_ \ /  /

| (_) | | | |  __/ ᕦ(ò_óˇ)ᕤ | |_ \ V  V / (_) | | |_) | |_| | | | | (__| | | /\_/ 

 \___/|_| |_|\___|           \__| \_/\_/ \___/  | .__/ \__,_|_| |_|\___|_| |_\/   

                                                |_|                               

                                                                   by superkojiman



Usage: ./onetwopunch.sh -t targets.txt [-p tcp/udp/all] [-i interface] [-n nmap-options] [-h]

       -h: Help

       -t: File containing ip addresses to scan. This option is required.

       -p: Protocol. Defaults to tcp

       -i: Network interface. Defaults to eth0

       -n: NMAP options (-A, -O, etc). Defaults to no options.

Copyright (c) 2012-2017 Harold Rodriguez

Source: https://github.com/superkojiman/