Skip to content

NMAP equipped network penetration testing tool for the lazy peeps.

License

Notifications You must be signed in to change notification settings

evanricafort/lazymap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 
 
 

Repository files navigation

Screenshot 2024-10-09 at 7 22 18 PM

lazymap

Lazymap is a single command-line tool made for network penetration testing. It combines multiple selected NMAP scripts, sslscan, ssh-audit, dig, ldapsearch, curl, rpcclient, selected metasploit modules, and wget.

Additional Information

v0.5

  • Added sslscan for additional POC for ssl-related issues.
  • Added ssh-audit for additional POC for ssh-related issues.
  • Added 2 Metasploit modules to scan RDP and RPC issues.
  • Merged my 2nd personal project, CheckThatHeaders, which scans and detects missing HTTP security header issues.
  • Added a feature to determine if the target is within the subnet or individual IP to relay the result without issue for sslscan, ssh-audit and checkthatheaders.
  • Added a not so fancy ascii art for the banner.
  • Improved verbose and scan outputs.

v0.6

  • Added another metasploit module for Oracle TNS SID Enumeration.
  • Added 'dig' for DNSSec vulnerability scan.
  • Added 'ldapsearch' for LDAP Anonymous Bind scan.
  • Added 'rpcclient' for Unauthenticated RPC scan.
  • Added 'curl' for Default IIS Webpage detection.
  • Re-configured 'checkthatheaders' to scan live host (Port 80, 443, 8443, 8080) only.
  • Added -k flag to exclude sslscan, ssh-audit, and CheckThatHeaders scans.
  • Added -a flag to exclude the all ports scan and UDP scan.
  • Added -N flag to add -n -T4 to Nmap command for faster scanning.
  • Added -h flag to display this help message.
  • Added a feature to combine multiple flags.
  • Improved verbose and scan outputs.

Requirements

  • Bash version 4 or higher
  • nmap
  • curl
  • dig
  • ldapsearch
  • rpcclient
  • metasploit
  • wget
  • sslscan
  • ssh-audit

List of Ports

  • Port 139 and 445 (SMB)
  • Port 443, 1443, 389, 3389 (SSL Cipher)
  • Port 137 (NetBIOS)
  • Port 1521 (Oracle TNS)
  • Port 123 (NTP)
  • Port 161 (SNMP)
  • Port 389, 636, 3268, 3269 (LDAP)
  • Port 80 (HTTP)
  • Port 111 (Portmapper)
  • Port 3306 (MySQL)
  • Port 22 (SSH)
  • Port 23 (Telnet)
  • Port 8009 (Apache AJP)
  • Port 3389 (RDP)
  • Port 2049 (NFS)
  • Port 110 (Pop3)
  • Port 53 (DNS)
  • Port 21 (FTP)
  • Port 69 (TFTP)
  • Port 25,465,587 (SMTP)
  • Port 623 (IPMI)
  • Port 143 and 993 (IMAP)
  • Port 500 (IKE)
  • Port 548 (AFP)
  • Port 70 (Gopher)
  • Port 88 (Kerberos)
  • Port 6379 (Redis)
  • Port 5900 (VNC)
  • Port 5060 (SIP)

Installation

git clone https://github.com/evanricafort/lazymap.git && cd lazymap && sudo chmod +x lazymap.sh && sudo ./lazymap.sh -h

Usage

  • Usage: ./lazymap.sh -u host [Single Host] or ./lazymap.sh -t hosts.txt [Multiple Hosts]
  • Additional Options: Insert additional scripts with option -1 for [vulners], -2 for [vuln], -3 for both [vulners & vuln] NSE scripts, -4 for Firewall Evasion Scan, -a exclude the all ports scan and UDP scan, -N to add -n -T4 to Nmap command for faster scanning and -k to exclude sslscan, ssh-audit, and CheckThatHeaders scans.
  • Reminder: Option -3 may take some time to finish if you have multiple targets.
  • Note: Run in sudo mode to execute NMAP scripts related to UDP scan.

About

NMAP equipped network penetration testing tool for the lazy peeps.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages