Pivot-scan

[aepereyra at gmail.com (Augusto Pereyra)]

This tool is a 1rst part of a tool I'm trying to do. The output will
be used to do some other things and i need this format
which has the same format of the sl.exe tool created by foundstone
(1st i fill an array with the output of the sl.exe and in each cell of
the array are one ip address with his open ports)
I just dump the content of this array to show the results.

the detailed info of this output is the following

 192.168.1.3,"    ",0,0,"Yes" ,   "139 445 12345",  "123 137 138 445 500"
 |-----------------|    |-----------------|    |---------------------|
  |-----------------------------|
 | ip address  |   |i don't know|    | open  tcp      |   |  open udp
ports     |
                        |      &         |    |  ports           |
                        |i don't care |
                               ;-)

If i have some time to write the next option i will try to do some
changes to the output.
Try the tool you self and you will see that the output is better than
showed in the example because was modify by the size of the window
where was tryed.

Thanks
Best regard
Augusto Pereyra
CISSP CEH



On Sat, Mar 28, 2009 at 2:15 PM, MaXe <metafan at intern0t.net> wrote:
> Augusto Pereyra wrote:
> > Hi list:
> >
> > This little meterpreter tool writed in ruby called pivot-scan
> > facilitates process for enumeration of host in a dmz autodetecting
> > LAN, ?uploading and using a port scanner.
> > When you have a meterpreter session of a host you run it in the following
> > way:
> >
> >
> > meterpreter > run pivot-scan -a
> > [*] Created by Augusto Pereyra aepereyra at gmail.com
> > [*] Uploading Portscanner
> > [*] Performing portscanning for IP range 192.168.1.1-192.168.1.254
> > [*] Transmitting intermediate stager for over-sized stage...(191 bytes)
> >
> > 192.168.1.3,"",0,0,"Yes","139 445 12345","123 137 138 445 500"
> > 192.168.1.10,"",0,0,"Yes","7 9 13 19 135 139 445 12345","7 9 137 138
> > 161 445 500 1027"
> > 192.168.1.9,"",0,0,"Yes","135 139 445 1433 8080 12345","137 138 445 500
> > 1434"
> > 192.168.1.14,"",0,0,"Yes","7 9 13 19 135 139 1433","7 9 137 138 500 1434"
> > 192.168.1.16,"",0,0,"Yes","7 9 13 19 135 139 445 12345","7 9 137 138
> > 161 445 500 1027"
> > 192.168.1.18,"",0,0,"Yes","21 23 25 80 515","69 137 138 161"
> > 192.168.1.23,"",0,0,"Yes","135 139 445 1025 1755 3372 6666","135 137
> > 138 445 500 1027"
> > 192.168.1.178,"",546,0,"Yes","
> > 443","7 9 11 53 68 69 111 123 135 137 161 191 192 256 260 407 445 500
> > 514 520 1009 1024 1025 1027 1028 1030 1033 1034 1035 1037 1041 1058
> > 1060 1434 1645 1646 1812 1813 1900 1978 2002 2049 2140 2161 2301 2365
> > 2493 2631 2967 3179 3327 3456 4045 4156 4296 4802 5631 5632 11487
> > 31337 32768 32769 32770 32771 32772 32773 32774 32775 32777 32778
> > 32779 32780 32781 32782 32783 32784 32785 32786 32787 32788 32789
> > 32790"
> > 192.168.1.201,"",0,2,"Yes","","53 67 68 69 123 137 138 161 514 520 1812"
> > 192.168.1.210,"",0,0,"Yes","","68 161 1025"
> > meterpreter >
> >
> > As you can see all hosts in the dmz were scanned by the controlled
> > host and it is possible because they are all in the same LAN. These
> > hosts listed in the above example are unreachables from internet but
> > not from the host used to do the portscan.
> >
> > You can download this tool from the following link:
> >
> > http://code.google.com/p/pivot-scan/downloads/list
> >
> > Thank you
> > Best regard Augusto Pereyra
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
>
> Looks great, but you could you please parse the output just a little bit
> please?
>
> It's not like i don't understand it, but if you don't have much time when
> f.ex. performing a pentest then you gotta have intuitive parsing as well :-)
> If you wont then do you mind me trying to parse for output but also directly
> to the meterpreter shell it instead? Of course it's only maybe that i might
> do it.
>
>
> ~ MaXe