-
Notifications
You must be signed in to change notification settings - Fork 40
Grinder Advanced Usage
Anton Nikolaev edited this page Oct 20, 2019
·
3 revisions
This wiki section explains how the Grinder Framework works.
This section explains the meaning of all of the Grinder Framework flags.
.,-:::::/ :::::::.. ::::::. :::.:::::::-. .,:::::: :::::::..
,;;-'````' ;;;;``;;;; ;;;`;;;;, `;;; ;;, `';,;;;;'''' ;;;;``;;;;
[[[ [[[[[[/[[[,/[[[' [[[ [[[[[. '[[ `[[ [[ [[cccc [[[,/[[['
"$$c. "$$ $$$$$$c $$$ $$$ "Y$c$$ $$, $$ $$"""" $$$$$$c
`Y8bo,,,o88o888b "88bo,888 888 Y88 888_,o8P' 888oo,__ 888b "88bo,
`'YMUP"YMMMMMM "W" MMM MMM YM MMMMP"` """"YUMMMMMMM "W"
usage: grinder.py [-h] [-r] [-u] [-q QUERIES_FILE] [-sk SHODAN_KEY]
[-vk VULNERS_KEY] [-cu] [-cp] [-ci CENSYS_ID]
[-cs CENSYS_SECRET] [-cm CENSYS_MAX] [-sm SHODAN_MAX] [-nm]
[-nw NMAP_WORKERS] [-vs] [-vw VULNERS_WORKERS]
[-ht HOST_TIMEOUT] [-tp TOP_PORTS] [-sc]
[-vc VENDOR_CONFIDENCE] [-qc QUERY_CONFIDENCE]
[-v [VENDORS [VENDORS ...]]] [-ml MAX_LIMIT] [-d] [-ts]
[-tsp TLS_SCAN_PATH] [-vr] [-ni]
The Grinder framework was created to automatically enumerate and fingerprint
different hosts on the Internet using different back-end systems
optional arguments:
-h, --help show this help message and exit
-r, --run Run scanning
-u, --update-markers Update map markers
-q QUERIES_FILE, --queries-file QUERIES_FILE
JSON File with Shodan queries
-sk SHODAN_KEY, --shodan-key SHODAN_KEY
Shodan API key
-vk VULNERS_KEY, --vulners-key VULNERS_KEY
Vulners API key
-cu, --count-unique Count unique entities
-cp, --create-plots Create graphic plots
-ci CENSYS_ID, --censys-id CENSYS_ID
Censys API ID key
-cs CENSYS_SECRET, --censys-secret CENSYS_SECRET
Censys API SECRET key
-cm CENSYS_MAX, --censys-max CENSYS_MAX
Censys default maximum results quantity
-sm SHODAN_MAX, --shodan-max SHODAN_MAX
Shodan default maximum results quantity.
-nm, --nmap-scan Initiate Nmap scanning
-nw NMAP_WORKERS, --nmap-workers NMAP_WORKERS
Number of Nmap workers to scan
-vs, --vulners-scan Initiate Vulners API scanning
-vw VULNERS_WORKERS, --vulners-workers VULNERS_WORKERS
Number of Vulners workers to scan
-ht HOST_TIMEOUT, --host-timeout HOST_TIMEOUT
Default host timeout in seconds for scanning with
Vulners and Nmap core
-tp TOP_PORTS, --top-ports TOP_PORTS
Quantity of popular top-ports in addition to Shodan
ports
-sc, --script-check Initiate custom scripts additional checks
-vc VENDOR_CONFIDENCE, --vendor-confidence VENDOR_CONFIDENCE
Set confidence level for vendors
-qc QUERY_CONFIDENCE, --query-confidence QUERY_CONFIDENCE
Set confidence level for queries
-v [VENDORS [VENDORS ...]], --vendors [VENDORS [VENDORS ...]]
Set list of vendors to search from queries file
-ml MAX_LIMIT, --max-limit MAX_LIMIT
Maximum number of unique entities in plots and results
-d, --debug Show more information
-ts, --tls-scan Check for possible TLS attacks and bugs (require TLS-
Scanner)
-tsp TLS_SCAN_PATH, --tls-scan-path TLS_SCAN_PATH
Path to TLS-Scanner.jar (if TLS-Scanner directory not
in Grinder root, else not required)
-vr, --vulners-report
Make additional vulners reports
-ni, --not-incremental
Turn off incrememental scan - make clean scan (without
previous results)-
-h, --help
This flag is used to display help and basic arguments that can be used with the framework. With this flag, the help interface is displayed and nothing more. -
-r, --run
This flag is used to start the scanning process using all other flags provided by the user. If the framework is started with a set of arguments, but without this flag, then scanning and processing will be carried out on the old results (by default, the results of the last scan, which are in the results folder, or the latest scan results from the database). -
-u, --update-markers
This flag is used to update map marker data. If this flag is used during scanning or when we want to force update old results, a copy of the results is sent to the module with the map for further using in the map web interface via flask REST API in JSON results representation format. -
-q QUERIES_FILE, --queries-file
This flag is used to provide the full path to the file containing requests in JSON format. This flag is required in case of new scan. -
-sk SHODAN_KEY, --shodan-key
This flag is used to provide Shodan API key as a string. -
-vk VULNERS_KEY, --vulners-key
This flag is used to provide Vulners API key as a string. -
-cu, --count-unique
This flag is used to count unique entities during scanning (such as, for example, unique ports, unique protocols, unique products, and so on). When this flag is specified, all unique entities will be saved in the results as separate JSON and CSV files. -
-cp, --create-plots
This flag is used to build graphics (images) with analytical information. It is used in conjunction with the-cuflag, since in this case it allows you to build graphs for all types of unique entities calculated using the-cuflag. -
-ci CENSYS_ID, --censys-id CENSYS_ID
This flag is used to provide Censys API ID key as a string. -
-cs CENSYS_SECRET, --censys-secret CENSYS_SECRET
This flag is used to provide Censys API Secret key as a string. -
-cm CENSYS_MAX, --censys-max CENSYS_MAX
This flag is used to set a limit on the results for each Censys API call, i.e. for each request. Thus, for example, if the value of this flag is set to 100, no more than 100 results will be received for each query to the Censys database. -
-sm SHODAN_MAX, --shodan-max SHODAN_MAX
This flag is used to set a limit on the results for each Shodan API call, i.e. for each request. Thus, for example, if the value of this flag is set to 100, no more than 100 results will be received for each query to the Shodan database. -
-nm, --nmap-scan
This flag is used to start an active scan using Nmap scanner on the port that matches the found fingerprint. -
-nw NMAP_WORKERS, --nmap-workers NMAP_WORKERS
This flag is used to provide the number of started Nmap scanner processes at the same time. The default value for this flag is 10, so 10 Nmap processes will be working at the same time and 10 hosts will be scanning at the same time. -
-vs, --vulners-scan
This flag is used to start an active scan using the Vulners NSE script with an Nmap scanner. -
-vw VULNERS_WORKERS, --vulners-workers VULNERS_WORKERS
This flag is almost the same as number 14. This flag is used to provide the number of started Nmap scanner processes with Vulners NSE script at the same time. The default value for this flag is 10, so 10 Nmap processes will be working at the same time and 10 hosts will be scanning at the same time. -
-ht HOST_TIMEOUT, --host-timeout HOST_TIMEOUT
This flag is used to provide the maximum scan time in seconds for a single host using an Nmap scanner. -
-tp TOP_PORTS, --top-ports TOP_PORTS
Using this flag, you can set the top of the most popular and used ports for scanning using NMAP. If this flag is used, popular ports will be scanned, regardless of the port that coincided with the fingerprint we set. -
-sc, --script-check
This flag allows you to enable additional scripts to scan each host. The scripts that will be run are set in the input JSON file with the queries. -
-vc VENDOR_CONFIDENCE, --vendor-confidence VENDOR_CONFIDENCE
This flag allows you to set the level of trust of the vendors that need to be scanned. Thus, if the “certain” level is specified, only hosts with a given level of reliability will be scanned. -
-qc QUERY_CONFIDENCE, --query-confidence QUERY_CONFIDENCE
This flag allows you to set the level of trust of the queries that need to be scanned. Thus, if the “certain” level is specified, only hosts with a given level of reliability will be scanned. -
-v [VENDORS [VENDORS ...]], --vendors [VENDORS [VENDORS ...]]
This flag allows you to specify a list of vendors that need to be scanned from a given queries file. -
-ml MAX_LIMIT, --max-limit MAX_LIMIT
This flag allows you to specify the maximum number of entities that will be calculated for the top results. Thus, if the value of this flag is set to 5, the top 5 entities will be collected, and the remaining entities will be counted under the "others" section. -
-d, --debug
Show more additional information, such as flags, trust levels, and more. -
-ts, --tls-scan
This flag allows you to check the TLS configuration of the found hosts using the TLS-Scanner and TLS-Attacker modules. -
-tsp TLS_SCAN_PATH, --tls-scan-path TLS_SCAN_PATH
This flag allows you to specify the path to the TLS-Scanner.jar module if the module is not in the Grinder root directory. Else module will be searched in Grinder root. -
-vr, --vulners-report
This flag allows you to perform additional checks using API from Vulners, including finding exploits and vulnerabilities. -
-ni, --not-incremental
This flag allows you to initiate a new scan of the file with the queries. By default, the Grinder Framework saves all the results in the database, and if a new scan is started, it tries to load the previous scan results for this query file, thus adding new results to the old ones. This flag allows you to turn off this feature and make a fully new scan without old results.