Why not apt-get install nmap ?

003random / 003Recon

Some tools to automate recon - 003random

https://poc-server.com/

295 stars 74 forks source link

Why not apt-get install nmap ? #5

Closed Chan9390 closed 6 years ago

Chan9390 commented 6 years ago

From the commands in install.sh, it is visible that you are downloading the source code of nmap and then locally building it. (IMHO It is really waste of time if the system already has latest version of nmap.)

Compiling nmap requires gcc and other libraries like OpenSSL and LibSSH2. Instead of going to hard way, why not just sudo apt-get install nmap ?

003random commented 6 years ago

That is a good one! I will consider this and probably push a fix later this week. Thanks again!

attacker34 commented 6 years ago

@003random First of all Thank you very much for providing such a nice tool... Please, in future enhancements i wanna look the tool , it should be as:

First it should collect subdomains via fierce-subdomain-scanner,domained (it will be good if SecLists could be added in the subdomains.txt of domained tools like sublis3tr etc).

2.Second step should be removal of duplicates

Now use alive-host tool to check for online available targets. 4.Now use of CMSmap to check for the common web app like wordpress etc. collect all these special ones in one .txt and send it to testing via wpforce etc. 5.Now use Nmap to check for services
Open redirects & CORS misconfig. 7.Banner grabbing etc

Result of each tool should be saved in txt file. I hope you'll consider it for future enhancements.

Sincerely,

003random commented 6 years ago

Hey @attacker420. Thanks for the ideas. Unfortunately i don't have time right now to implement those ideas. You could also do it yourself and send a PR :) But for now, i just don't have enough time to do it.

rewanthtammana commented 6 years ago

@Chan9390 I think what @003random has done with installing nmap is good enough. The issue with using apt-get install nmap is you won't be getting the latest version of Nmap. But cloning it from the source code lets you gives you latest version of Nmap.

Chan9390 commented 6 years ago

Hey @rewanth1997 I agree, but how about the scenario where nmap is already installed in the base machine ? It might create some error during installation.

rewanthtammana commented 6 years ago

@Chan9390 I added a PR which fixes the issue you stated above.

003random commented 6 years ago

Hey all. Thanks for all the good ideas and the nice discussion. I have come to the conclusion that i'm going to keep it how it was. The PR i received gave some errors, and after reconsideration, i think it is fine (for now) to just install a new version in the dependencies folder. i also stated in the readme file that if there were already tools install that the user could just simply edit the variable in the recon.sh file that contains the path to the dependency. Thanks guys :)

rewanthtammana commented 6 years ago

There no point in wasting time in cloning and installing nmap if its already exists on the system. Can u paste the error here, so that we can try to fix it @003random .