Description

Optimized nmap scan useful for pentesting, ctfs, etc

Features

Default mode

• initial os discovery based on ping ttl
• scans all 65535 tcp ports then performs targeted service scan based on open ports
• saves results to output file

Proxy mode

• for scanning targets in other networks behind a proxy (ie pivoting)
• integrates proxychains to scan common ports, then performs targeted service scan based on open ports
• for best results comment out "proxy_dns" in /etc/proxychains.conf
• saves results to output file

Range mode

• for scanning network ranges
• finds alive hosts on network using fping
• for each host, scans all ports then performs targeted service scan based on open ports
• saves results to output file
• can be very slow

Options

usage: p0rtscan [-d] [-p] [-r] addr

optimized nmap scan useful for pentesting, ctfs, etc

options:
  -d	default scan
  -p	proxy scan
  -r	range scan (slow)