Forum Thread: Auditing Worldwide with Masscan & Blockfinder by : [Mohamed Ahmed]

I will teach you how we can audit systems worldwide by the ranges that the ISP give to each country, this POST I wanted to elaborate it about 1 year ago, but reasons of time and occupations do not make it easy for me , but today I have the pleasure of doing it public, since the tool "Masscan" have already published in some videos or forums but with a poor content, clear without discrediting my colleagues in the "ordinary" sense, what I will do to innovate the researches in attaching the tools Masscan and Blockfinder, to globalize our investigation to a level of world-wide quality. What is Masscan?

Masscan is the fastest scanner in Internet port scanning. is able to analyze the entire Internet in less than 6 minutes, the transmission of 10 million packets per second. It produces results similar to nmap the most famous port scanner. literally works more like scanrand, unicornscan and zmap, using asynchronous transmission. The main difference is that it is faster from these other scanners. In addition, it is more flexible, allowing arbitrary port ranges and port ranges. What is Blockfinder?

Blockfinder allows to identify, contact and potentially obtain each computer network in the world, it is a console based on a simple text, this tool wraps a list of network blocks for a given country granting the IP ranges that are used in their ISP.

Download:
https://github.com/robertdavidgraham/masscan
https://github.com/ioerror/blockfinder

After reading the function of each tool, let's download them either manually or by the terminal, in my case I will by the terminal.

Code: Select
root@kali:~# git clone https://github.com/robertdavidgraham/masscan.git
root@kali:~# cd masscan
root@kali:~/masscan# chmod 775 *
root@kali:~/masscan# sudo apt-get install git gcc make libpcap-dev

the first thing I did was to download the masscan, later we entered the folder we gave the executable permissions to the module and after that install lipbcap, since we need this repository for the tool to execute without any errors.

After that we will install it with the command " make "

Once you have done all the procedures we will have our masscan running perfectly, before running it we will proceed to download Blockfinder.

Code: Select
root@kali:~# git clone https://github.com/ioerror/blockfinder.git
root@kali:~# cd blockfinder
root@kali:~/blockfinder# chmod 775 *
root@kali:~/blockfinder# ./blockfinder.py -i

As we saw in the same way we downloaded it, we entered the directory, gave permissions in the module but when running ./blockfinder.py -i, the -i statement updates the ranges packages related to each ISO code of each country, which would benefit this tool to have a good result.

ISO Codes

http://www.nationsonline.org/oneworld/country_code_list.htm

Once you understand the following, we will get the IP ranges of a country, in my case I will look for the one in egypt for this proof of concept .

Code: Select
root@kali:~/blockfinder# ./blockfinder.py -v -t EG

once you have obtained the ranges we will choose a RANGE that we want.

we will now go to enter the masscan to analyze the specific range and ports that we want to capture in my case, it will be the 445 that is vulnerable to many attacks such as the well known exploit Netapi, by msfconsole, likewise we can locate ports referring to FTP, SMTP, among many which they are aimed at. as we see a list of us scanning and we see that it is beginning to scan 32769 computers that are in the process of analysis, if we want to save it in a file we can do it in the following way:

Code: Select
root@kali:~/masscan/bin# ./masscan -p445 190.187.128.0/17 -oX scan.xml

in my case I leave it as optional call the file scan with the extension .xml.

the file is hosted in the folder where they executed the masscan with the name they assigned in my case scan.xml

In our case we can choose an IP and analyze it with the Shoudan search engine to see the services that such system consists of:

https: // www .shodan.io / host / 190.187.142.83

remote attacks one can add an IP list to proceed to scan and launch the Hail Mary to automatically exploit some systems while it may be running something else at the same time. in my case I did 10 days ago I made a exploitation by telnet to a camera server

In my case I exploit a Telnet server, with port 23 and leave a backdoor inside, for security I only show the ARRIS access panel.

in my case I found a IP related to a web which was: bembos.com.pe, so if you want to audit that web system with a brute force attack you can do it with the tool "BruteX"

https://github.com/ 1N3 / BruteX

Code: Select
root@kali:~/BruteX# ./brutex pizzahut.ca

I hope you will be pleased with this thread
greetings ..

Get The Weekly Null Byte Newsletter

Never miss a Null Byte guide.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active