Masscan/Shodan question!

[nPolarBear]

Hello guys, i'm having a hard time trying to figure this out, I need to scan or get IP list with the following protocols FTP, RDP,VNC, if i use masscan with the standard ports 21,3389,5900 i get results but i want to use non standard ports lets say 22-30 for FTP, 3390-3400 for RDP and 5902-5910 for VNC, if i use masscan i obviously i get an IP list but most of them are just open ports and no real IP with the service/protocol running on those ports!

My question is there any way to do that on masscan or with shodan cli, i mean if i run masscan with port 3390 looking for rdp service only return the ones that have that service running?

Or any command to download those ips from the shodan cli

Thanks in advance

 

[rurk]

You can do it with 2 steps:
1) Find open ports with masscan.
2) Identify the running services (FTP, RDP, VNC, etc) with nmap -sV -p by specifying open ports from the masscan's result.

 

[nPolarBear]

You can do it with 2 steps:
1) Find open ports with masscan.
2) Identify the running services (FTP, RDP, VNC, etc) with nmap -sV -p by specifying open ports from the masscan's result.

Thats a good idea, thanks for taking your time to answer the issue is it will take me, like 100 years to finish a list of 1M ips, im looking a way to do it in mass scale

 

[rurk]

Thats a good idea, thanks for taking your time to answer the issue is it will take me, like 100 years to finish a list of 1M ips, im looking a way to do it in mass scale

You can always run masscan with --banner grabbing.

 

[drotha2]

Thats a good idea, thanks for taking your time to answer the issue is it will take me, like 100 years to finish a list of 1M ips, im looking a way to do it in mass scale

I found a repository on github that I think you might find useful.

GitHub - robertdavidgraham/masscan: TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. - robertdavidgraham/masscan

github.com

 

[nPolarBear]

I found a repository on github that I think you might find useful.

GitHub - robertdavidgraham/masscan: TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. - robertdavidgraham/masscan

github.com

Thats what im using to get the ip lists, what i need is to identify services/protocols according to non-standard ports! thanks for taking your time

 

[Sec13B]

sudo nmap -iL $name/3389.txt -Pn -n --open -p3389 --script-timeout 20s --script=rdp-vuln-ms12-020,rdp-enum-encryption,rdp-ntlm-info --min-hostgroup 100 -g $sourceport --scan-delay $delay > tmp
github.com/leebaird/discover