There are lots of posts about scanning the internet on mass, spraying and praying, however i see a lack of targeted scanning on coronations. I have found that ASN scanning is a good way to discover and scan a targets IP ranges.
Our goal here is to discover the IP addresses that belong to a company using autonomous system numbers (ASN). Doing this will allow us to identify our targets attack surface at scale.
Example 1:
Results:
Example 2:
bgp.he.net:
Example 3:
Results:
Masscan:
Append ports:
Vuln scan:
Tools:
[1] https://github.com/projectdiscovery/asnmap
[2] https://github.com/projectdiscovery/naabu
[3] https://github.com/projectdiscovery/httpx
[4] https://github.com/projectdiscovery/nuclei
[5] https://bgp.he.net/search?search[search]=nasa&commit=Search
[6] https://enlacehacktivista.org/index.php?title=Scanning_and_Recon#ASN_scanners
For anyone who struggles to get go running correctly for golang tools:
Our goal here is to discover the IP addresses that belong to a company using autonomous system numbers (ASN). Doing this will allow us to identify our targets attack surface at scale.
Example 1:
Bash:
asnmap -d nasa.gov -silentResults:
Bash:
23.20.0.0/14
52.0.0.0/13Example 2:
Bash:
asnmap -d nasa.gov -silent | naabu -top-ports 100bgp.he.net:
Example 3:
Bash:
asnmap -d defense.gov -silent -o DoD.txtResults:
Bash:
102.129.206.0/23
102.129.208.0/20
102.129.224.0/19
102.130.0.0/15
102.132.0.0/14
102.136.0.0/13
102.144.0.0/12
102.160.0.0/11
102.192.0.0/10
103.0.0.0/8
104.0.0.0/5
112.0.0.0/4Masscan:
Bash:
sudo masscan -Pn -sS -iL DoD.txt --rate 12000 -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 --open-only --excludefile block.txt --output-format list --output-file results.txtAppend ports:
Bash:
awk '{ print $4 ":" $3 }' results.txt > final_results.txtVuln scan:
Код:
nuclei -l final_results.txt -t cves -o DoD_vulns.txtTools:
[1] https://github.com/projectdiscovery/asnmap
[2] https://github.com/projectdiscovery/naabu
[3] https://github.com/projectdiscovery/httpx
[4] https://github.com/projectdiscovery/nuclei
[5] https://bgp.he.net/search?search[search]=nasa&commit=Search
[6] https://enlacehacktivista.org/index.php?title=Scanning_and_Recon#ASN_scanners
For anyone who struggles to get go running correctly for golang tools:
Bash:
#!/bin/bash
sudo apt-get update
wget https://dl.google.com/go/go1.19.linux-amd64.tar.gz
sudo tar -C /usr/local/ -xzf go1.19.linux-amd64.tar.gz
cd /usr/local/
echo 'export PATH=$PATH:/usr/local/go/bin' >> $HOME/.profile
source $HOME/.profile
go version
Последнее редактирование: