Seg is a segmentation testing tool designed to overcome some of the challenges that typically come with segmentation scanning.
It offers two modes; seg scan, and seg listen.
π Listen Mode
π― Scanner Mode
π Protocol Support
See the Future Development section for a list of planned features.
In scan mode seg will accept input from a file which contains a list of network tags (strings which identify the network to the user) followed by a listener IP address. See Target Specification. The tool will then leverage nmap or a pure rust in-built scanner depending on the supplied options to scan all ports for each listener supplied. This can be done for UDP and TCP.
In listen mode, seg will leverage nftables to establish port fowarding rules, and an anti-lockout rule. These rules can be customized using flags or by supplying a custom nft ruleset.
If you need a set of base rules to work off of when creating custom rules, seg listen has the --emit-rules flag which will print the default rules used by seg to stdout. You can modify
these and pass them to a listener using the --rules flag.
See the usage section below, or the examples section for a more thorough walkthrough on how to use seg.
Aside from using the provided docker image with docker pull 84d93r/seg you can find prebuilt binaries under releases.
seg currently depends upon nmap for scanning and nftables for listening. You may need to install these on your systems. For example on Ubuntu linux:
sudo apt update && sudo apt install -y nmap nftables iptables-nftables-compat
sudo systemctl enable nftables.serviceseg needs to be ran as root using sudo or by switching to the root user.
Run in listener mode
Usage: seg listen [OPTIONS]
Options:
--emit-rules
Emits the base rules template for customization
--rules <RULES>
An optional rules file to use
--protocol <PROTOCOL>
The protocol to listen for connection over. NOT YET IMPLEMENTED! [default: both] [possible values: tcp, udp, both]
-l, --listen-address <LISTEN_ADDRESS>
[default: 0.0.0.0]
-a, --access-port <ACCESS_PORT>
Port used to access the host (typicall 22 for ssh) [default: 22]
-p, --port <PORT>
Port to listen on for both TCP and UDP [default: 5555]
-h, --help
Print helpRun in scanner mode
Usage: seg scan [OPTIONS] --input-file <INPUT_FILE>
Options:
-i, --input-file <INPUT_FILE> Path to the file containing lines of network-na
me,listener-ip
-s, --scan-type <SCAN_TYPE> [default: both] [possible values: tcp, udp, both]
-h, --help Print helpFor now targets are only input to scan mode via a file containing lines of the following format:
network-name,scanner-ipseg scan --input-file networks.txtseg listendocker pull 84d93r/segdocker run --rm -v $PWD:/out -w /out --net host --cap-add=NET_ADMIN --cap-add NET_RAW 84d93r/seg scan --targets /out/target.txt --protocol bothdocker run -it --rm -v $PWD:/out -w /out --net host --cap-add=NET_ADMIN --cap-add NET_RAW 84d93r/seg listen --protocol bothTODO
vagrant/hyper-v/
From admin powershell shell
cd vagrant/hyper-v
vagrant up
vagrant ssh listener
# in another shell
vagrant ssh scannerYou can run the binary from these VMs to test the tool over the VM network.
π Listen Mode
π― Scanner Mode
π Protocol Support
π¦ Native Rust Port Scanner
π Enhanced Output
π Data Visualization Tool
π‘οΈ Advanced Scanning
πͺ Windows Support