search

freelabz / secator

secator - the pentester's swiss knife
https://docs.freelabz.com
Other
868 stars 73 forks source link

feat: nmap scanning too many port (port_scan workflow) #421

Open romisfrag opened 2 months ago

romisfrag commented 2 months ago

After a naabu scan in the "port_scan.yaml" workflow, nmap will scan all the open ports on all IP adresses image

ocervell commented 2 months ago

nmap cannot take a combination host / port unfortunately.

To implement this we would need to leverage the chunking mechanism already implemented in secator and add a feature to our workflow YAML language, which would (probably) look something like:

  naabu:
    description: Find open ports
  nmap:
    description: Search for vulnerabilities on open ports
    chunk_by: port.host
    targets_: port.host
    ports_: port.port

On naabu output like:

[
  {"port": 80, "host": "test.com"},
  {"port": 81, "host": "test.com"},
  {"port": 8080, "host": "test2.com"}
]

This would effectively run two instances of nmap: nmap -p 80,81 test.com (chunk 1/2) nmap -p 8080 test2.com (chunk 2/2)