0

So I know this is an odd piece of code. I am simply trying to make nmap run faster. I need to find all active ips and what ports are open on the 10.0.0.0/8 network. My company has very poor documentation and never kept track of all this. I have a lot of cores to work with on my machine, but nmap doesn't make use of them. I also have a 10 gig NIC. I should be able to make this go blazing fast if I did it right, but I am not sure how to go about it. My code below is one of many attempts to multithread calls to nmap, but it seems os.system() puts a pause on everything else. Obviously that won't help make my scans run faster.

Eventually I need to use -Pn since some of the hosts have ICMP disabled, but might have open ports. Since my boss won't accept waiting 11 years for this I am kind of stuck. Any help, advice, or scolding for doing it completely wrong would be much appreciated. Thank you in advanced.

import os
import sys
from threading import Thread

def nmaping(x):
    command = "nmap 10." + str(x) + ".0.0/16 --open -oG nmap10-" + str(x) + ".txt"
    print(command)

try:
    threads = []
    
    for x in range(0, 255):
        t = Thread(target = nmaping, args=(x,))
        t.start()
except KeyboardInterrupt:
    print("Quit")
    sys.exit()
Charles Hartman
  • 13
  • 3
  • Check masscan project https://github.com/robertdavidgraham/masscan – Benoît Zu Aug 18 '21 at 14:42
  • Have a look at https://stackoverflow.com/questions/24989105/whats-the-best-way-to-nmap-thousands-of-subnets-in-parallel-from-a-script/24994879#24994879 you don't want to run multiple nmap commands. Also try using parameters `nmap 10.0-255.0.0 -Pn -n -sS --open -oG nmap-results.txt` – JScoobyCed Aug 18 '21 at 15:00
  • This is a great tool thanks. It will definitely give me a start, but I think I still need more. Is there a way to run masscan on all ports? I need to build a map of every open port, so I need to run it on all possible ports. – Charles Hartman Aug 18 '21 at 15:13

2 Answers2

0

So I got it to work, and I figured I would answer my own question so people in the future can find it.

masscan was the answer. I was able to narrow down the ports that mattered and I got the entire subnet done.

There is a major problem though. Don't ever do this!!! I ddos'd our firewall by running it too fast. It took down our network for a while.

If anyone else ever needs to do this do this slower. --max-rate 10000000 is way too high.

Thank you for the help otherwise Benoit Zu

Charles Hartman
  • 13
  • 3
0

Masscan is still faster port scanning tool:

https://github.com/robertdavidgraham/masscan

Or if you still want to use Nmap, you can bind it with GNU parallel. Better for scanning services using nmap which Masscan doesn't do at the moment.

Hedger
  • 112
  • 1
  • 6