-
Notifications
You must be signed in to change notification settings - Fork 216
Home
You can file an issue about it and ask that it be added.
Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques.
- simple CLI with the ability to run pure Nmap engine
- predefined scans included in the modules
- support Nmap Scripting Engine (NSE)
- TOR support (with proxychains)
- multiple scans at one time
- at this point: 7 modules with 174 scan profiles
Sandmap provides simple and intuitive cli that supports the entire reconnaissance process using the built-in Nmap options.
Cli consists of two levels:
-
cli(main)>- the main level by means of which we can set and display session parameters, display information about modules, obtain a list of profiles in a given module, enable a given module and manipulate a temporary command stack. -
cli(module_name)>- level of the module that provides many commands available in the main menu. The main differences are the ability to run scan profiles and add them to the temporary stack of commands, as well as displaying the description of each profile.
This parameter displays all available modules along with the number of profiles and a short description.
cli(main)> list
Module Profiles Description
------ -------- -----------
host_discovery 11 Nmap Host Discovery module
nse_version 23 NSE 'version' category module
nse_vuln 110 NSE 'vuln' category module
os_detection 4 Nmap OS Detection module
port_scan 11 Nmap Port Scan types module
service_detection 5 Service and Version Detection module
zenmap_scan 10 Zenmap module
All Modules: 7
All Profiles: 174This option show information about the module. These are the identifier and profile alias that we can use to determine the scanning technique and the parameters used by the profile.
The parameter of this option is the name of the module.
cli(main)> show host_discovery
ID Alias Nmap Parameters
-- ----- ---------------
0 list_scan -sL
1 no_port_scan -sn
2 no_ping -Pn
3 tcp_syn_ping -PS -p
4 tcp_ack_ping -PA -p 80
5 udp_ping -PU -p 80
6 sctp_init_ping -PY -p 80
7 arp_ping -PR
8 icmp_ping-1 -PE
9 icmp_ping-2 -PP
10 icmp_ping-3 -PMThe config parameter displays information about session configuration variables. With their help, we can define the purpose or objectives of the scan, enable the transmission of traffic through the TOR network, set the type of output and specify additional parameters.
This option can be called without parameters and specify the name of the session variable. The initial values of variables are specified in the file etc/main.cfg.
cli(main)> config
Description: Destination
Examples: '127.0.0.1,example.com'
{ "dest":"127.0.0.1" }
Description: Nmap Parameters
Examples: '--script ssl-ccs-injection -p 443'
{ "params":"" }
Description: Report type
Examples: 'nmap|xml|grep'
{ "report":"" }
Description: Pass through TOR
Examples: 'true|false'
{ "tor":"" }
Description: Terminal type
Examples: 'internal|external'
{ "terminal":"internal" }By config We display the values of session variables and use the set command to specify their new values.
The parameters of this command are the name of the variable and the new value. Specifying an empty value resets the value of the variable.
cli(main)> set dest 192.168.252.1
cli(main)> config dest
Description: Destination
Examples: '127.0.0.1,example.com'
{ "dest":"192.168.252.1" }