Skip to content

marvelo1/AutoEnum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
scan.py
scan.py
 
 

Repository files navigation

Advanced Nmap Automation Scanner 🚀

A high-performance, multi-threaded, and service-aware Nmap automation tool designed for large-scale network reconnaissance and vulnerability scanning. It features intelligent resource management, resumable scan phases, and comprehensive report generation.

🌟 Key Features

  • Multi-Threaded Execution: Leverage multiple CPU cores to scan targets in parallel.
  • Resource Aware: Automatically adjusts thread count based on available CPU and RAM (via psutil).
  • Resumable Scanning: Uses per-phase checkpointing. If interrupted, the scanner picks up exactly where it left off, skipping completed tasks.
  • Intelligence-Based Phases:
    • Phase 0 (Discovery): Efficiently identifies active hosts and open ports across large subnets.
    • Phase 1-5 (Deep Enumeration): Focused scanning on active hosts, including service versioning, OS detection, and vulnerability scanning.
  • Target Flexibility: Supports single IPs, CIDR notation (e.g., 192.168.1.0/24), and IP ranges (e.g., 10.0.0.1-50).
  • Targeted NSE Scripts: Automatically triggers relevant Nmap Scripting Engine (NSE) scripts based on detected services.
  • Vulnerability Assessment: Built-in integration with Nmap's vuln script category for automated flaw detection.
  • Comprehensive Reporting: Generates a consolidated SCAN_REPORT.txt and individual machine-readable scan_summary.json for each host.
  • Cross-Platform: Optimized for Windows (including ANSI color support and Nmap path auto-detection) and Linux/macOS.

🛠️ Prerequisites

  1. Python 3.6+
  2. Nmap: Must be installed and reachable in your system's PATH.
  3. psutil (Optional but recommended): For automatic resource-based thread tuning. 
    pip install psutil

🚀 Getting Started

1. Prepare Targets

Create a file named ip.txt and add your targets:

192.168.1.1
10.0.0.0/24
172.16.5.1-100

2. Run the Scanner

Basic scan with default settings (Top 2000 ports):

python scan.py -f ip.txt

📖 Usage & Options

usage: scan.py [-h] [-f FILE] [-o OUTPUT] [-t THREADS] [--rate RATE] [--full]
               [--batch-discovery] [--batch-size BATCH_SIZE] [--timeout TIMEOUT]
               [--udp] [--safe] [--clean [IP ...]] [-v] [-e INTERFACE]
               [--spoof IP] [--decoys DECOY1,DECOY2...] [--no-color]

Advanced Nmap Automation Scanner

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Target file (default: ip.txt)
  -o OUTPUT, --output OUTPUT
                        Output directory (default: scan_results)
  -t THREADS, --threads THREADS
                        Thread count (0 = auto-detect, default: 0)
  --rate RATE           Min packet rate (default: 5000)
  --full                Scan all 65535 ports (default: top 2000 for speed)
  --batch-discovery     Enable batch discovery (default: True)
  --batch-size BATCH_SIZE
                        IPs per batch (default: 5)
  --timeout TIMEOUT     Host timeout in seconds (default: 300)
  --udp                 Include UDP scan on common ports
  --safe                Use T3 timing instead of T4 (more stealth/reliability)
  --clean [IP ...]      Clear cached results for specific IPs (or all)
  -v, --verbose         Verbose debug logging
  -e INTERFACE, --interface INTERFACE
                        Network interface for nmap (e.g., eth0)
  --spoof IP            Spoof source IP address (-S)
  --decoys DECOY1,DECOY2...
                        Use decoys to mask scan (-D)
  --no-color            Disable colored output

🔍 Scanning Pipeline

The scanner follows a structured 7-phase approach for every active host:

  1. Phase 0: Discovery: Quick ping and port sweep to find active hosts.
  2. Phase 1: TCP Scanning: High-speed port discovery (Quick top-1000 or Full 65k).
  3. Phase 2: Service Versioning: Detects service names and versions (-sV).
  4. Phase 3: OS Detection: Attempts to identify the target operating system (-O).
  5. Phase 4: Targeted NSE: Runs scripts specific to detected services (e.g., smb-vuln-* for SMB).
  6. Phase 5: Vulnerability Scan: Runs standard Nmap vulnerability checks (--script vuln).
  7. Phase 6: UDP Scan (Optional): Scans common UDP ports if enabled via --udp.

📂 Output Structure

Results are organized by IP address in the specified output directory:

scan_results/
├── 192.168.1.1/
│   ├── .completed            # Flag indicating host scan finished
│   ├── .phase_tcp_ports      # Phase checkpoint
│   ├── scan_summary.json     # Machine-readable overview
│   ├── service_versions.txt  # Nmap output for Phase 2
│   ├── nse_http.txt          # Targeted scripts for HTTP
│   └── vuln_scan.txt         # Vulnerability scan results
├── SCAN_REPORT.txt           # Consolidated summary report
└── ...

💡 Examples

Turbo Mode (High Speed)

python scan.py --rate 10000 --full --threads 20

Re-Scan Specific Host

python scan.py --clean 192.168.1.50
python scan.py -f ip.txt

Full Vulnerability Assessment with UDP

python scan.py --full --udp --batch-size 10

⚠️ Disclaimer

This tool is for educational and authorized security testing purposes only. Ensure you have explicit permission before scanning any network. The developers assume no liability for misuse.

About

A powerful, multi-threaded Nmap automation wrapper that handles the entire scanning lifecycle—from discovery to vulnerability assessment. Featuring per-phase checkpointing, intelligent script mapping, and automatic hardware-based optimization, it's the smartest way to scan 100+ IPs at high speed

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages