Hello, I have been using Flan in combination with OWASP Amass - Amass would run a recon scan on ano organisation's footprint - then filter and output a set of IPs I would input to flan to scan. Once the results are out I would parse the JSON output to add the DNS, ASN associated with the IP address (The ASN would be 0 if it's an internal IP - and DNS left blank if not found).
I like Flan, and would recommend a few improvements if possible
- It's hard to filter out the confirmed open ports (scannable for the external perimeter) vs. the ones NMAP "is confident" it's open behind the firewall - keeping them separate in the JSON output would make filtering/prasing them easier
- For vulnerabilities In an ideal world I would like to create a table with (atleast) the following set of columns (IP|Hostname|DNS|Pot|UDP/TCP|CVE|CVE-Title-CVSS3 score|CPE|Service Name) ASN I can populate along with anything else.
- For scanning open ports again a similar set of fields (IP|Hostname|DNS|Pot|UDP/TCP|Open/Filtered/Closed|CPE|Service Name)
The above make it way easier for me to find what I am looking for with minimal fuss, happy to share some of the scripts used to get data into Flan from Amass then filtering the output. Thanks Again!
Hello, I have been using Flan in combination with OWASP Amass - Amass would run a recon scan on ano organisation's footprint - then filter and output a set of IPs I would input to flan to scan. Once the results are out I would parse the JSON output to add the DNS, ASN associated with the IP address (The ASN would be 0 if it's an internal IP - and DNS left blank if not found).
I like Flan, and would recommend a few improvements if possible
The above make it way easier for me to find what I am looking for with minimal fuss, happy to share some of the scripts used to get data into Flan from Amass then filtering the output. Thanks Again!