Solved

nmap 5.51 scripts scanner.bat and rdp.nse how to make them run with -iL  and also output clean ip's?

Posted on 2016-11-02
13
394 Views
Last Modified: 2016-11-26
I use nmap.5.51 becouse for this old version works perfect,ok so i found this 2 scripts on internet wich scans random ip's and filters clean Ip's

Scanner.bat
@echo off
for /l %%%x in (1,1,2) do (
start "rdp" /HIGH nmap -n -Pn -p T:3389 -T5 --script rdp.nse -iR 0
)
exit

Open in new window


The second script is RDP.NSE

description=[[
Checks if an RDP port is open.
]]
author = "ROleg"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "external", "intrusive"}
require "shortport"
portrule = shortport.portnumber(3389, "tcp", "open")
action = function(host, port)
	file = io.open ("results.txt","a+")
	file:write (host.ip.."\n")
	file:flush()
	file:close()
end

Open in new window


output:
120.1.20.30
120.10.50.120
etc...

-iR 0 which means, "Scan random IPs and i changed that,i added ''-iL Cidr.txt'' (wich means scan a list with many Cidr ip ranges,i.e.:: 3.4.128.0/19 ,i use 500 lines).
This is the change i made:
@echo off
for /l %%%x in (1,1,2) do (
start "rdp" /HIGH nmap -sS -Pn -n -p T:3389 -T4 -iL cidr.ips.txt --script rdp.nse
)
exit

Open in new window



Now i run the scripts and works well with first cidr-ip-range line then stops,anyone can modify the script to make it run with all -iL CIDR (500 lines) please?
0
Comment
Question by:john lambert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
13 Comments
 

Author Comment

by:john lambert
ID: 41875216
becouse he don't know the right answer, if i don't use the 2 scripts above and try this output ''-oN results.txt'' would look like this:

PORT     STATE    SERVICE
3389/tcp filtered ms-term-serv

Nmap scan report for x.x.128.1
Host is up.
PORT     STATE    SERVICE
3389/tcp filtered ms-term-serv

Nmap scan report for x.x.128.2
Host is up.
PORT     STATE    SERVICE
3389/tcp filtered ms-term-serv

Nmap scan report for x.x.128.3
Host is up (0.016s latency).
PORT     STATE  SERVICE
3389/tcp closed ms-term-serv

Open in new window


if i use RDP.NSE script,the output results.txt would look like this,clean IP's:
3.10,128.1
3.20,128.2
3.45.128.3

Open in new window

etc...
that's why i need that 2 scripts above to scan and filter clean Ip's

Working with this 2 syntaxes:

Random scan(works perfect):
nmap -n -Pn -p T:3389 -T5 --script rdp.nse -iR 0

Open in new window


Scan 1 single CIDR ip range(works perfect)
nmap -sS -Pn -n -p T:3389 -T4 5.2.128.0/19 --script rdp.nse

Open in new window


Not working with 500 Cidr-Ip-Range Lines :
This is what i want:
nmap -sS -Pn -n -p T:3389 -T4 -iL Cidr-ranges.txt  --script rdp.nse

Open in new window


Cidr-ranges.txt content:
3.20,128.2.0/10
3.20,130.10/28
3.21.150.0/100
etc

Open in new window

0
 

Author Comment

by:john lambert
ID: 41875289
Ok i answer to him!!
1
 
LVL 70

Expert Comment

by:Qlemo
ID: 41875322
Aside of proper use of nmap, your for command syntax is (a) wrong - %% is correct, but you use %%% -  (b) questionable. You are just running the same scan twice. Why?
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 70

Expert Comment

by:Qlemo
ID: 41875332
Are the commas in your file example a typo?
1
 

Author Comment

by:john lambert
ID: 41875437
yes twice !!I found this script on interent in  many places just search on google
https://junookyo.blogspot.com/2013/01/rdp-cracking-ip-list-maker-script.html

Can anyone modify the script? make it run well,please
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 41875516
Just use
start "rdp" /HIGH nmap -sS -Pn -n -p T:3389 -T4 -iL cidr.ips.txt --script rdp.nse

Open in new window

without anything else, and make sure your cidr.ips.txt file is syntactically correct (no commas).
1
 

Author Comment

by:john lambert
ID: 41875565
working fine with nmap5.5 older version (6 years ago) thank you this is very usefull hehe I was curious and did a test with the newest version nmap 7.12 for this version does not work :(
0
 

Author Closing Comment

by:john lambert
ID: 41875604
thank you for helping me, all respect! God bless you!!but dear Qlemo can u make it work with 7.12 or 7.13 can u take a look please?
1
 

Author Comment

by:john lambert
ID: 41875906
well i test again qlemo script and scans only the cidr with 5.xx.xx.xx  does not move to lines 31.xx.xx.xx
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 41875943
As we can't see your file, your comment doesn't make much sense. But probably there is a bug in nmap - I don't have any clue.
1
 

Author Comment

by:john lambert
ID: 41876388
i solved the problem......thread closed, thank you Qlemo
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question