Solved

nmap 5.51 scripts scanner.bat and rdp.nse how to make them run with -iL  and also output clean ip's?

Posted on 2016-11-02
13
326 Views
Last Modified: 2016-11-26
I use nmap.5.51 becouse for this old version works perfect,ok so i found this 2 scripts on internet wich scans random ip's and filters clean Ip's

Scanner.bat
@echo off
for /l %%%x in (1,1,2) do (
start "rdp" /HIGH nmap -n -Pn -p T:3389 -T5 --script rdp.nse -iR 0
)
exit

Open in new window


The second script is RDP.NSE

description=[[
Checks if an RDP port is open.
]]
author = "ROleg"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "external", "intrusive"}
require "shortport"
portrule = shortport.portnumber(3389, "tcp", "open")
action = function(host, port)
	file = io.open ("results.txt","a+")
	file:write (host.ip.."\n")
	file:flush()
	file:close()
end

Open in new window


output:
120.1.20.30
120.10.50.120
etc...

-iR 0 which means, "Scan random IPs and i changed that,i added ''-iL Cidr.txt'' (wich means scan a list with many Cidr ip ranges,i.e.:: 3.4.128.0/19 ,i use 500 lines).
This is the change i made:
@echo off
for /l %%%x in (1,1,2) do (
start "rdp" /HIGH nmap -sS -Pn -n -p T:3389 -T4 -iL cidr.ips.txt --script rdp.nse
)
exit

Open in new window



Now i run the scripts and works well with first cidr-ip-range line then stops,anyone can modify the script to make it run with all -iL CIDR (500 lines) please?
0
Comment
Question by:john lambert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
13 Comments
 

Author Comment

by:john lambert
ID: 41875216
becouse he don't know the right answer, if i don't use the 2 scripts above and try this output ''-oN results.txt'' would look like this:

PORT     STATE    SERVICE
3389/tcp filtered ms-term-serv

Nmap scan report for x.x.128.1
Host is up.
PORT     STATE    SERVICE
3389/tcp filtered ms-term-serv

Nmap scan report for x.x.128.2
Host is up.
PORT     STATE    SERVICE
3389/tcp filtered ms-term-serv

Nmap scan report for x.x.128.3
Host is up (0.016s latency).
PORT     STATE  SERVICE
3389/tcp closed ms-term-serv

Open in new window


if i use RDP.NSE script,the output results.txt would look like this,clean IP's:
3.10,128.1
3.20,128.2
3.45.128.3

Open in new window

etc...
that's why i need that 2 scripts above to scan and filter clean Ip's

Working with this 2 syntaxes:

Random scan(works perfect):
nmap -n -Pn -p T:3389 -T5 --script rdp.nse -iR 0

Open in new window


Scan 1 single CIDR ip range(works perfect)
nmap -sS -Pn -n -p T:3389 -T4 5.2.128.0/19 --script rdp.nse

Open in new window


Not working with 500 Cidr-Ip-Range Lines :
This is what i want:
nmap -sS -Pn -n -p T:3389 -T4 -iL Cidr-ranges.txt  --script rdp.nse

Open in new window


Cidr-ranges.txt content:
3.20,128.2.0/10
3.20,130.10/28
3.21.150.0/100
etc

Open in new window

0
 

Author Comment

by:john lambert
ID: 41875289
Ok i answer to him!!
1
 
LVL 70

Expert Comment

by:Qlemo
ID: 41875322
Aside of proper use of nmap, your for command syntax is (a) wrong - %% is correct, but you use %%% -  (b) questionable. You are just running the same scan twice. Why?
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 70

Expert Comment

by:Qlemo
ID: 41875332
Are the commas in your file example a typo?
1
 

Author Comment

by:john lambert
ID: 41875437
yes twice !!I found this script on interent in  many places just search on google
https://junookyo.blogspot.com/2013/01/rdp-cracking-ip-list-maker-script.html

Can anyone modify the script? make it run well,please
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 41875516
Just use
start "rdp" /HIGH nmap -sS -Pn -n -p T:3389 -T4 -iL cidr.ips.txt --script rdp.nse

Open in new window

without anything else, and make sure your cidr.ips.txt file is syntactically correct (no commas).
1
 

Author Comment

by:john lambert
ID: 41875565
working fine with nmap5.5 older version (6 years ago) thank you this is very usefull hehe I was curious and did a test with the newest version nmap 7.12 for this version does not work :(
0
 

Author Closing Comment

by:john lambert
ID: 41875604
thank you for helping me, all respect! God bless you!!but dear Qlemo can u make it work with 7.12 or 7.13 can u take a look please?
1
 

Author Comment

by:john lambert
ID: 41875906
well i test again qlemo script and scans only the cidr with 5.xx.xx.xx  does not move to lines 31.xx.xx.xx
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41875943
As we can't see your file, your comment doesn't make much sense. But probably there is a bug in nmap - I don't have any clue.
1
 

Author Comment

by:john lambert
ID: 41876388
i solved the problem......thread closed, thank you Qlemo
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question