Lazymap is a single command-line tool made for network penetration testing. It combines multiple selected NMAP scripts, sslscan, ssh-audit, dig, ldapsearch, curl, rpcclient, selected metasploit modules, and wget.
- Added sslscan for additional POC for ssl-related issues.
- Added ssh-audit for additional POC for ssh-related issues.
- Added 2 Metasploit modules to scan RDP and RPC issues.
- Merged my 2nd personal project, CheckThatHeaders, which scans and detects missing HTTP security header issues.
- Added a feature to determine if the target is within the subnet or individual IP to relay the result without issue for sslscan, ssh-audit and checkthatheaders.
- Added a not so fancy ascii art for the banner.
- Improved verbose and scan outputs.
- Added another metasploit module for Oracle TNS SID Enumeration.
- Added 'dig' for DNSSec vulnerability scan.
- Added 'ldapsearch' for LDAP Anonymous Bind scan.
- Added 'rpcclient' for Unauthenticated RPC scan.
- Added 'curl' for Default IIS Webpage detection.
- Re-configured 'checkthatheaders' to scan live host (Port 80, 443, 8443, 8080) only.
- Added -k flag to exclude sslscan, ssh-audit, and CheckThatHeaders scans.
- Added -a flag to exclude the all ports scan and UDP scan.
- Added -N flag to add -n -T4 to Nmap command for faster scanning.
- Added -h flag to display this help message.
- Added a feature to combine multiple flags.
- Improved verbose and scan outputs.
- Bash version 4 or higher
- nmap
- curl
- dig
- ldapsearch
- rpcclient
- metasploit
- wget
- sslscan
- ssh-audit
- Port 139 and 445 (SMB)
- Port 443, 1443, 389, 3389 (SSL Cipher)
- Port 137 (NetBIOS)
- Port 1521 (Oracle TNS)
- Port 123 (NTP)
- Port 161 (SNMP)
- Port 389, 636, 3268, 3269 (LDAP)
- Port 80 (HTTP)
- Port 111 (Portmapper)
- Port 3306 (MySQL)
- Port 22 (SSH)
- Port 23 (Telnet)
- Port 8009 (Apache AJP)
- Port 3389 (RDP)
- Port 2049 (NFS)
- Port 110 (Pop3)
- Port 53 (DNS)
- Port 21 (FTP)
- Port 69 (TFTP)
- Port 25,465,587 (SMTP)
- Port 623 (IPMI)
- Port 143 and 993 (IMAP)
- Port 500 (IKE)
- Port 548 (AFP)
- Port 70 (Gopher)
- Port 88 (Kerberos)
- Port 6379 (Redis)
- Port 5900 (VNC)
- Port 5060 (SIP)
git clone https://github.com/evanricafort/lazymap.git && cd lazymap && sudo chmod +x lazymap.sh && sudo ./lazymap.sh -h
- Usage: ./lazymap.sh -u host [Single Host] or ./lazymap.sh -t hosts.txt [Multiple Hosts]
- Additional Options: Insert additional scripts with option -1 for [vulners], -2 for [vuln], -3 for both [vulners & vuln] NSE scripts, -4 for Firewall Evasion Scan, -a exclude the all ports scan and UDP scan, -N to add -n -T4 to Nmap command for faster scanning and -k to exclude sslscan, ssh-audit, and CheckThatHeaders scans.
- Reminder: Option -3 may take some time to finish if you have multiple targets.
- Note: Run in sudo mode to execute NMAP scripts related to UDP scan.