Right here we have now a compilation of instruments by InfoSecMatter that’s used for scanning open or closed TCP/UDP ports. It’s written totally in PowerShell and is a superb addition to your arsenal when attempting to evade AV/WD. Make area in your utility belt for this one as a result of after testing this scanner I’m fairly impressed with the result.
The GitHub repo states that this software can detect open, closed and filtered ports on each TCP and UDP. Single host scanning, community vary or a selected listing of hosts from a file. It’s also possible to regulate the timeout restrict for port scanning. Technically this software is comprised of two totally different scanners, one for TCP and one for UDP however you may make the most of each with one command by making a separate PowerShell script. It additionally has a home windows login brute drive script in addition to a SMB bruteforce script as nicely making this software among the best I’ve used shortly for Pentesting.
Scanner Utilization
Utilizing this software is straightforward and efficient throughout a pentest, merely obtain the zip folder from the GitHub repo and duplicate it to a flash drive. In case you have bodily entry to a machine on the community the subsequent half shall be straightforward, if not it is advisable work out a option to spawn a shell and get permissions to run PowerShell instructions, however another person may help you with that. For me it was straightforward as a result of I have already got entry to a community.
Subsequent step is to switch the scripts to a folder that has write privilege. For testing I created a consumer a easy area consumer and went to an unsuspecting work station. I logged in with the consumer and transfered the recordsdata to the CUsersPublic listing then opened PowerShell. After working the scanner I used to be in a position to detect open ports on 80, 3389 and 445
Scanner in motion
after checking within the consumer folder for a listing of folks that had logged in to the machine I used to be utilizing, I used to be in a position to piece collectively a brief listing of usernames to run the AD brute drive software. I ran a examine in opposition to the default and was capable of finding 5/11 customers who nonetheless had the default password.
Conclusion
This scanner and all of its options name for a 4/5 bunnies. Throughout testing I used to be in a position to evade our enterprise AV. I do know this community, however a superb pentester will do their homework earlier than making an attempt this in a reside situation. Keep tuned for extra bangers.
Need to study extra about moral hacking?
We’ve got a networking hacking course that’s of the same degree to OSCP, get an unique low cost right here
Assist assist LHN by shopping for a T-shirt or a mug?
Take a look at our choice right here
Have you learnt of one other GitHub associated hacking software?
Get in contact with us through the contact type if you want us to take a look at some other GitHub moral hacking instruments.
