A script you can run in the background!

The main goal for this script is to automate the process of enumeration & recon that is run every time, and instead focus our attention on real pentesting.

This will ensure two things:

1. Automate nmap scans.
2. Always have some recon running in the background.

Once initial ports are found 'in 5-10 seconds', we can start manually looking into those ports, and let the rest run in the background with no interaction from our side whatsoever.

1. Quick: Shows all open ports quickly (~15 seconds)
2. Basic: Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes)
3. UDP: Runs "Basic" on UDP ports (~5 minutes)
4. Full: Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)
5. Vulns: Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)
6. Recon: Runs "Basic" scan "if not yet run", then suggests recon commands "i.e. gobuster, nikto, smbmap" based on the found ports, then prompts to automatically run them
7. All: Runs all the scans consecutively (~20-30 minutes)

Gobuster 'v3.0 or higher', which we can install with:

sudo apt update
sudo apt install gobuster

or ffuf, which we can install with:

sudo apt update
sudo apt install ffuf

Other Recon tools used within the script include:

• nmap Vulners
• sslscan
• nikto
• joomscan
• wpscan
• droopescan
• smbmap
• enum4linux
• dnsrecon
• odat
• smtp-user-enum

Most of these should be installed by default in Parrot OS and Kali Linux.

git clone https://github.com/21y4d/nmapAutomator.git
sudo ln -s $(pwd)/nmapAutomator/nmapAutomator.sh /usr/local/bin/

./nmapAutomator.sh -h
Usage: ./nmapAutomator.sh -H/--host <TARGET-IP> -t/--type <TYPE> [-d/--dns <DNS SERVER>]

Scan Types:
	Quick: Shows all open ports quickly (~15 seconds)
	Basic: Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes)
	UDP  : Runs "Basic" on UDP ports "requires sudo" (~5 minutes)
	Full : Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)
	Vulns: Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)
	Recon: Suggests recon commands, then prompts to automatically run them
	All  : Runs all the scans (~20-30 minutes)

Example commands:

./nmapAutomator.sh --host 10.1.1.1 --type All
./nmapAutomator.sh -H 10.1.1.1 -t Basic
./nmapAutomator.sh -H academy.htb -t Recon -d 1.1.1.1

Feel free to send your pull requests and contributions :)

• Support DNS resolution "use of urls/domains instead of IPs" - Done, thanks @KatsuragiCSL
• Properly identify url extensions "testing index extensions for code 200"
• Add an nmap progress bar

• If you would like to suggest or add more port-based recon options, you can base your pull request on the following lines.
• If you would like to suggest more options for an existing port, you can add the new command under its port, similar to this example line.