I will teach you how we can audit systems worldwide by the ranges that the ISP give to each country, this POST I wanted to elaborate it about 1 year ago, but reasons of time and occupations do not make it easy for me , but today I have the pleasure of doing it public, since the tool "Masscan" have already published in some videos or forums but with a poor content, clear without discrediting my colleagues in the "ordinary" sense, what I will do to innovate the researches in attaching the tools Masscan and Blockfinder, to globalize our investigation to a level of world-wide quality. What is Masscan?
Masscan is the fastest scanner in Internet port scanning. is able to analyze the entire Internet in less than 6 minutes, the transmission of 10 million packets per second. It produces results similar to nmap the most famous port scanner. literally works more like scanrand, unicornscan and zmap, using asynchronous transmission. The main difference is that it is faster from these other scanners. In addition, it is more flexible, allowing arbitrary port ranges and port ranges. What is Blockfinder?
Blockfinder allows to identify, contact and potentially obtain each computer network in the world, it is a console based on a simple text, this tool wraps a list of network blocks for a given country granting the IP ranges that are used in their ISP.
After reading the function of each tool, let's download them either manually or by the terminal, in my case I will by the terminal.
root@kali:~# git clone https://github.com/robertdavidgraham/masscan.git
root@kali:~# cd masscan
root@kali:~/masscan# chmod 775 *
root@kali:~/masscan# sudo apt-get install git gcc make libpcap-dev
the first thing I did was to download the masscan, later we entered the folder we gave the executable permissions to the module and after that install lipbcap, since we need this repository for the tool to execute without any errors.
After that we will install it with the command " make "
Once you have done all the procedures we will have our masscan running perfectly, before running it we will proceed to download Blockfinder.
root@kali:~# git clone https://github.com/ioerror/blockfinder.git
root@kali:~# cd blockfinder
root@kali:~/blockfinder# chmod 775 *
root@kali:~/blockfinder# ./blockfinder.py -i
As we saw in the same way we downloaded it, we entered the directory, gave permissions in the module but when running ./blockfinder.py -i, the -i statement updates the ranges packages related to each ISO code of each country, which would benefit this tool to have a good result.
Once you understand the following, we will get the IP ranges of a country, in my case I will look for the one in egypt for this proof of concept .
root@kali:~/blockfinder# ./blockfinder.py -v -t EG
once you have obtained the ranges we will choose a RANGE that we want.
we will now go to enter the masscan to analyze the specific range and ports that we want to capture in my case, it will be the 445 that is vulnerable to many attacks such as the well known exploit Netapi, by msfconsole, likewise we can locate ports referring to FTP, SMTP, among many which they are aimed at. as we see a list of us scanning and we see that it is beginning to scan 32769 computers that are in the process of analysis, if we want to save it in a file we can do it in the following way:
root@kali:~/masscan/bin# ./masscan -p445 220.127.116.11/17 -oX scan.xml
in my case I leave it as optional call the file scan with the extension .xml.
the file is hosted in the folder where they executed the masscan with the name they assigned in my case scan.xml
In our case we can choose an IP and analyze it with the Shoudan search engine to see the services that such system consists of:
https: // www .shodan.io / host / 18.104.22.168
remote attacks one can add an IP list to proceed to scan and launch the Hail Mary to automatically exploit some systems while it may be running something else at the same time. in my case I did 10 days ago I made a exploitation by telnet to a camera server
In my case I exploit a Telnet server, with port 23 and leave a backdoor inside, for security I only show the ARRIS access panel.
in my case I found a IP related to a web which was: bembos.com.pe, so if you want to audit that web system with a brute force attack you can do it with the tool "BruteX"
https://github.com/ 1N3 / BruteX
root@kali:~/BruteX# ./brutex pizzahut.ca
I hope you will be pleased with this thread