Metasploit mailing list archives
Pivot-scan
From: aepereyra at gmail.com (Augusto Pereyra)
Date: Sat, 28 Mar 2009 23:12:26 -0300
This tool is a 1rst part of a tool I'm trying to do. The output will be used to do some other things and i need this format which has the same format of the sl.exe tool created by foundstone (1st i fill an array with the output of the sl.exe and in each cell of the array are one ip address with his open ports) I just dump the content of this array to show the results. the detailed info of this output is the following 192.168.1.3," ",0,0,"Yes" , "139 445 12345", "123 137 138 445 500" |-----------------| |-----------------| |---------------------| |-----------------------------| | ip address | |i don't know| | open tcp | | open udp ports | | & | | ports | |i don't care | ;-) If i have some time to write the next option i will try to do some changes to the output. Try the tool you self and you will see that the output is better than showed in the example because was modify by the size of the window where was tryed. Thanks Best regard Augusto Pereyra CISSP CEH On Sat, Mar 28, 2009 at 2:15 PM, MaXe <metafan at intern0t.net> wrote:
Augusto Pereyra wrote:Hi list: This little meterpreter tool writed in ruby called pivot-scan facilitates process for enumeration of host in a dmz autodetecting LAN, ?uploading and using a port scanner. When you have a meterpreter session of a host you run it in the following way: meterpreter > run pivot-scan -a [*] Created by Augusto Pereyra aepereyra at gmail.com [*] Uploading Portscanner [*] Performing portscanning for IP range 192.168.1.1-192.168.1.254 [*] Transmitting intermediate stager for over-sized stage...(191 bytes) 192.168.1.3,"",0,0,"Yes","139 445 12345","123 137 138 445 500" 192.168.1.10,"",0,0,"Yes","7 9 13 19 135 139 445 12345","7 9 137 138 161 445 500 1027" 192.168.1.9,"",0,0,"Yes","135 139 445 1433 8080 12345","137 138 445 500 1434" 192.168.1.14,"",0,0,"Yes","7 9 13 19 135 139 1433","7 9 137 138 500 1434" 192.168.1.16,"",0,0,"Yes","7 9 13 19 135 139 445 12345","7 9 137 138 161 445 500 1027" 192.168.1.18,"",0,0,"Yes","21 23 25 80 515","69 137 138 161" 192.168.1.23,"",0,0,"Yes","135 139 445 1025 1755 3372 6666","135 137 138 445 500 1027" 192.168.1.178,"",546,0,"Yes"," 443","7 9 11 53 68 69 111 123 135 137 161 191 192 256 260 407 445 500 514 520 1009 1024 1025 1027 1028 1030 1033 1034 1035 1037 1041 1058 1060 1434 1645 1646 1812 1813 1900 1978 2002 2049 2140 2161 2301 2365 2493 2631 2967 3179 3327 3456 4045 4156 4296 4802 5631 5632 11487 31337 32768 32769 32770 32771 32772 32773 32774 32775 32777 32778 32779 32780 32781 32782 32783 32784 32785 32786 32787 32788 32789 32790" 192.168.1.201,"",0,2,"Yes","","53 67 68 69 123 137 138 161 514 520 1812" 192.168.1.210,"",0,0,"Yes","","68 161 1025" meterpreter > As you can see all hosts in the dmz were scanned by the controlled host and it is possible because they are all in the same LAN. These hosts listed in the above example are unreachables from internet but not from the host used to do the portscan. You can download this tool from the following link: http://code.google.com/p/pivot-scan/downloads/list Thank you Best regard Augusto Pereyra _______________________________________________ https://mail.metasploit.com/mailman/listinfo/frameworkLooks great, but you could you please parse the output just a little bit please? It's not like i don't understand it, but if you don't have much time when f.ex. performing a pentest then you gotta have intuitive parsing as well :-) If you wont then do you mind me trying to parse for output but also directly to the meterpreter shell it instead? Of course it's only maybe that i might do it. ~ MaXe
Current thread:
- Pivot-scan Augusto Pereyra (Mar 27)
- Pivot-scan MaXe (Mar 28)
- Pivot-scan Augusto Pereyra (Mar 28)
- Pivot-scan MaXe (Mar 28)