DivideAndScan
Divide full port scan results and use it for targeted Nmap runs
Install / Use
/learn @snovvcrash/DivideAndScanREADME
Featured Projects
<a href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/security/das/default.nix#gh-light-mode-only"><img src="https://raw.githubusercontent.com/NixOS/nixos-homepage/master/logo/nixos-hires.png" width="200px" alt="NixOS"/></a><a href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/security/das/default.nix#gh-dark-mode-only"><img src="https://raw.githubusercontent.com/NixOS/nixos-artwork/master/logo/nixos-white.png" width="200px" alt="NixOS"/></a> | <a href="https://offsec.tools/tool/divideandscan"><img src="https://github.com/gwen001/offsectools_www/raw/main/static/img/logo.png" width="150px" alt="offsec.tools"/></a> :-: | :-: NixOS | offsec.tools
</div>DivideAndScan is used to efficiently automate port scanning routine by splitting it into 3 phases:
- Discover open ports for a bunch of targets.
- Run Nmap individually for each target with version grabbing and NSE actions.
- Merge the results into a single Nmap report (different formats available).
For the 1st phase a fast port scanner* is intended to be used, whose output is parsed and stored in a single file database (TinyDB). Next, during the 2nd phase individual Nmap scans are launched for each target with its set of open ports (multiprocessing is supported) according to the database data. Finally, in the 3rd phase separate Nmap outputs are merged into a single report in different formats (XML / HTML / simple text / grepable) with nMap_Merger. The visualization portion is provided by DrawNmap.
Potential use cases:
- Pentest engagements / red teaming with a large scope to enumerate.
- Cybersecurity wargames / training CTF labs.
- OSCP certification exam.
* Available port scanners:
DISCLAIMER. All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.
How It Works
How to Install
Prerequisites
To successfully divide and scan we need to get some good port scanning tools (in the examples below GitHub releases are grabbed via eget).
📑 Note: if you don't feel like messing with dependecies on your host OS, skip to the Docker part.
Nmap
sudo apt install nmap xsltproc -y
sudo nmap --script-updatedb
Masscan
pushd /tmp
wget https://github.com/ivre/masscan/archive/refs/heads/master.zip -O masscan-master.zip
unzip masscan-master.zip
cd masscan-master
make
sudo make install
popd && rm -rf /tmp/masscan-master*
RustScan
eget -t 2.0.1 -a amd64 RustScan/RustScan --to /tmp/rustscan.deb
sudo dpkg -i /tmp/rustscan.deb && rm /tmp/rustscan.deb
sudo wget https://gist.github.com/snovvcrash/8b85b900bd928493cd1ae33b2df318d8/raw/fe8628396616c4bf7a3e25f2c9d1acc2f36af0c0/rustscan-ports-top1000.toml -O /root/.rustscan.toml
Naabu
sudo mkdir /opt/naabu
sudo eget -s linux/amd64 projectdiscovery/naabu --to /opt/naabu
sudo ln -sv /opt/naabu/naabu /usr/local/bin/naabu
NimScan
sudo mkdir /opt/nimscan
sudo eget -a NimScan elddy/NimScan --to /opt/nimscan
sudo ln -sv /opt/nimscan/nimscan /usr/local/bin/nimscan
sx
sudo mkdir /opt/sx
sudo eget -s linux/amd64 v-byte-cpu/sx --to /opt/sx
sudo ln -sv /opt/sx/sx /usr/local/bin/sx
dnsx
sudo mkdir /opt/pd
sudo eget -s linux/amd64 projectdiscovery/dnsx --to /opt/pd
sudo ln -sv /opt/pd/dnsx /usr/local/bin/dnsx
Installation
DivideAndScan is available on PyPI as divideandscan, though I recommend installing it from GitHub with pipx in order to always have the bleeding-edge version:
~$ pipx install -f "git+https://github.com/snovvcrash/DivideAndScan.git"
~$ das
There's also a release packed with shiv (large file size though):
# shiv -e das.divideandscan:main -o das.pyz divideandscan
~$ wget https://github.com/snovvcrash/DivideAndScan/releases/latest/download/das.pyz && chmod +x das.pyz
~$ ./das.pyz
For debbugging purposes you can set up a dev environment with poetry:
~$ git clone --recurse-submodules https://github.com/snovvcrash/DivideAndScan
~$ cd DivideAndScan
~$ poetry install
~$ poetry run das
📑 Note: DivideAndScan uses sudo to run all the port scanners, so it will ask for the password when scanning commands are invoked.
Using from Docker
You can run DivideAndScan in a Docker container as follows:
~$ docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan
Since the tool requires some input data and produces some output data, you should specify your current working directory as the mount point at /app within the container. Also publishing port 8050 on host allows to access the Dash app used for Nmap reports visualization.
You may want to set an alias to make the base command shorter:
~$ alias das='docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan'
~$ das
How to Use
1. Filling the DB
<table> <tr> <td>Provide the add module a command for a fast port scanner to discover open ports in a desired range.
⚠️ Warning: please, make sure that you understand what you're doing, because nearly all port scanning tools can damage the system being tested if used improperly.
# Nmap, -v flag is always required for correct parsing!
~$ das add nmap '-v -n -Pn -e eth0 --min-rate 1000 -T4 -iL hosts.txt -p1-65535 --open'
# Masscan
~$ das add masscan '--rate 1000 -iL hosts.txt -p1-65535 --open'
# RustScan
~$ das add rustscan '-b 1000 -t 2000 -u 5000 -a hosts.txt -r 1-65535 -g --no-config'
# Naabu
~$ das add naabu '-rate 1000 -iL hosts.txt -p - -silent -s s'
# NimScan
~$ das add nimscan '192.168.1.0/24 -vi -p:1-65535 -f:500'
# sx
~$ sudo sx arp -i eth0 192.168.1.0/24 --json | tee arp.cache
~$ das add sx 'tcp syn -a arp.cache -i eth0 --rate 1000/s 192.168.1.0/24 -p 445,3389'
When the module starts its work, a directory ~/.das/db is created where the database file and raw scan results will be put when the module routine finishes.
2. Targeted Scanning
<table> <tr> <td>Launch targeted Nmap scans with the scan module. You can adjust the scan surface with either -hosts or -ports option:
# Scan by hosts
~$ das scan -hosts all -oA report1
~$ das scan -hosts 192.168.1.0/24,10.10.13.37 -oA report1
~$ das scan -hosts hosts.txt -oA report1
# Scan by ports
~$ das scan -ports all -oA report2
~$ das scan -ports 22,80,443,445 -oA report2
~$ das scan -ports ports.txt -oA report2
To start Nmap simultaneously in multiple processes, specify the -parallel switch and set number of workers with the -proc option (if no value is provided, it will default to the number of processors on the machine):
~$ das scan -hosts all -oA report -parallel [-proc 4]
The output format is selected with -oX, -oN, -oG and -oA options for XML+HTML formats, simple text format, grepable format and all formats respectively. When the module completes its work, a directory `~/.das/nm
Related Skills
node-connect
339.5kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
83.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
339.5kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
83.9kCommit, push, and open a PR
