JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report.

Related tags

Networkingpythontcpnetworkenumerationnmappentestingreconbugbountyscanningmasscanportscannersecurity-toolsvulnerabilityscanner
Overview

logo GitHub GitHub release (latest by date) Rating Code style: black

Description

Killing features

  • Perform a large-scale scans using Nmap! Allows you to use Masscan to scan targets and execute Nmap on detected ports with custom settings. Nmap on steroids. *
  • Scans targets in variety of formats, including domain names!
  • Results can be produced in domain:port format.
  • It works in stdin/stdout mode, allowing you to stream results to/from other tools.
  • Auto-adjusts a packet rate for masscan so you don't have to (disable it by --disable-auto-rate).
  • Produces a standard Nmap XML report.
  • Fully supports IPv6.
  • Supports scope control, only targets defined in scope will be scanned.

The JFScan (Just Fu*king Scan) is a wrapper around a super-fast port scanner Masscan. It's designed to simplify work when scanning for open ports on targets in a variety of formats. The JFScan accepts a target in the following forms: URL, domain, or IP (including CIDR). You can specify a file with targets using argument or use stdin.

The JFScan also allows you to output only the results and chain it with other tools like Nuclei. The domain:port output of JFScan is crucial if you want to discover vulnerabilities in web applications as the virtual host decides which content will be served.

Finally, it can scan discovered ports with Nmap. You can also define custom options and use Nmap's amazing scripting capabilities.

nmap usage2

JFScans logic of input & output processing:

diagram

Usage

usage: jfscan [-h] [--targets TARGETS] (-p PORTS | --top-ports TOP_PORTS | --yummy-ports) [--resolvers RESOLVERS] [--enable-ipv6] [--scope SCOPE] [-r MAX_RATE] [--wait WAIT] [--disable-auto-rate] [-i INTERFACE] [--source-ip SOURCE_IP]
              [--router-ip ROUTER_IP] [--router-mac ROUTER_MAC] [--router-mac-ipv6 ROUTER_MAC_IPV6] [-oi] [-od] [-o OUTPUT] [-q | -v] [--nmap] [--nmap-options NMAP_OPTIONS] [--nmap-threads NMAP_THREADS] [--nmap-output NMAP_OUTPUT] [--version]
              [target]

JFScan - Just Fu*king Scan

optional arguments:
  -h, --help            show this help message and exit
  -p PORTS, --ports PORTS
                        ports, can be a range or port list: 0-65535 or 22,80,100-500,...
  --top-ports TOP_PORTS
                        scan only N of the top ports, e. g., --top-ports 1000
  --yummy-ports         scan only for the most yummy ports
  -q, --quite           output only results
  -v, --verbose         verbose output

  --nmap                run nmap on discovered ports
  --nmap-options NMAP_OPTIONS
                        nmap arguments, e. g., --nmap-options='-sV' or --nmap-options='-sV --script ssh-auth-methods'
  --nmap-threads NMAP_THREADS
                        number of nmaps to run concurrently, default 8
  --nmap-output NMAP_OUTPUT
                        output results from nmap to specified file in standard XML format (same as nmap option -oX)

  target                a target or targets separated by a comma, accepted form is: domain name, IPv4, IPv6, URL
  --targets TARGETS     file with targets, accepted form is: domain name, IPv4, IPv6, URL

  -oi, --only-ips       output only IP adresses, default: all resources
  -od, --only-domains   output only domains, default: all resources
  -o OUTPUT, --output OUTPUT
                        output masscan's results to specified file

  --resolvers RESOLVERS
                        custom resolvers separated by a comma, e. g., 8.8.8.8,1.1.1.1
  --enable-ipv6         enable IPv6 support, otherwise all IPv6 addresses will be ignored in the scanning process
  --scope SCOPE         file path with IP adresses and CIDRs to control scope, expected format: IPv6, IPv4, IPv6 CIDR, IPv4 CIDR
  -r MAX_RATE, --max-rate MAX_RATE
                        max kpps rate for the masscan
  --wait WAIT           a number of seconds to wait for packets to arrive (when scanning large networks), option for the masscan
  --disable-auto-rate   disable rate adjustment mechanism for masscan (more false positives/negatives)
  -i INTERFACE, --interface INTERFACE
                        interface for masscan and nmap to use
  --source-ip SOURCE_IP
                        IP address of your interface for the masscan
  --router-ip ROUTER_IP
                        IP address of your router for the masscan
  --router-mac ROUTER_MAC
                        MAC address of your router for the masscan
  --router-mac-ipv6 ROUTER_MAC_IPV6
                        MAC address of your IPv6 router for the masscan

  --version             show program's version number and exit

Please follow installation instructions before running. Do not run the JFScan under a root, it's not needed since we set a special permissions on the masscan binary.

Example

Scan targets for only for ports 80 and 443 with rate of 10 kpps:

$ jfscan -p 80,443 --targets targets.txt -r 10000

Scan targets for top 1000 ports :

$ jfscan --top-ports 1000 1.1.1.1/24

You can also specify targets on stdin and pipe it to nuclei:

$ cat targets.txt | jfscan --top-ports 1000 -q | httpx -silent | nuclei

Or as positional parameter:

$ jfscan --top-ports 1000 1.1.1.1/24 -q | httpx -silent | nuclei

Or everything at once, the JFScan just does not care and scans all the targets specified:

$ echo target1 | jfscan --top-ports 1000 target2 --targets targets.txt -q | httpx -silent | nuclei

Utilize nmap to gather more info about discovered services:

$ cat targets.txt | jfscan -p 0-65535 --nmap --nmap-options="-sV --scripts ssh-auth-methods"

The targets.txt can contain targets in the following forms (IPv6 similarly):

http://domain.com/
domain.com
1.2.3.4
1.2.3.0/24
1.1.1.1-1.1.1.30

Installation

  1. Before installation, make sure you have the latest version of Masscan installed (tested version is 1.3.2).

First, install a libpcap-dev (Debian based distro) or libcap-devel (Centos based distro):

sudo apt install libpcap-dev

Next, clone the official repository and install:

sudo apt-get --assume-yes install git make gcc
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
sudo make install
  1. The Masscan requires root permissions to run. Since running binaries under root is not good idea, we will set a CAP_NET_RAW capability to the binary:
sudo setcap CAP_NET_RAW+ep /usr/bin/masscan
  1. For installation of JFscan a python3 and pip3 is required.
sudo apt install python3 python3-pip
  1. Install JFScan:
$ git clone https://github.com/nullt3r/jfscan.git
$ cd jfscan
$ pip3 install .

If you can't run the jfscan directly from command line you should check if $HOME/.local/bin is in your path.

Add the following line to your ~/.zshrc or ~/.bashrc:

export PATH="$HOME/.local/bin:$PATH"

License

Read file LICENSE.

Disclaimer

I am not responsible for any damages. You are responsible for your own actions. Attacking targets without prior mutual consent is illegal.

* When scanning smaller network ranges, you can just use nmap directly, there is no need to use JFScan. You can reach up to 70% of the speed of JFScan using the following options:

nmap -Pn -n -v yourTargetNetwork/26 -p- --min-parallelism 64 --min-rate 20000 --min-hostgroup 64 --randomize-hosts -sS -sV

As always, expect some false positivies/negatives.

Comments
  • -i flag not working under VPN environment

    -i flag not working under VPN environment

    Hi, i'm playing hackthebox.eu and i need to do port scanning with specific utun4 interface which is openvpn config given by them to scan local machine. But it doesn't work as expected rather than running masscan itself.

    Scanning with jfscan image

    Scanning with masscan image

    bug 
    opened by meichengg 7
  • The flag `--nmap-options='-sV'` crashes the tool.

    The flag `--nmap-options='-sV'` crashes the tool.

    The tool crashes when --nmap-options flag is used. I'm using Python 3.10 and latest nmap, masscan from github.

    /scripts/jfscan# jfscan --top-ports 1000 --nmap --nmap-options='-sV' 123.123.123.0/24
usage: jfscan [-h] [--targets TARGETS] (-p PORTS | --top-ports TOP_PORTS | --yummy-ports) [--resolvers RESOLVERS] [--enable-ipv6] [--scope SCOPE] [-r MAX_RATE] [--wait WAIT] [--disable-auto-rate] [-i INTERFACE]
              [--source-ip SOURCE_IP] [--router-ip ROUTER_IP] [--router-mac ROUTER_MAC] [--router-mac-ipv6 ROUTER_MAC_IPV6] [-oi] [-od] [-o OUTPUT] [-q | -v] [--nmap] [--nmap-options NMAP_OPTIONS]
              [--nmap-threads NMAP_THREADS] [--nmap-output NMAP_OUTPUT] [--version]
              [target]
jfscan: error: incorrect nmap options: 
Segmentation fault

/scripts/jfscan#
    opened by its0x08 4
  • Error instalation

    Error instalation

    Hello,

    when I'm installing (pip3 install . ) fail, I have this error:

    Building wheels for collected packages: jfscan
  Building wheel for jfscan (setup.py) ... error
  error: subprocess-exited-with-error
  
  × python setup.py bdist_wheel did not run successfully.
  │ exit code: 1
  ╰─> [10 lines of output]
      running bdist_wheel
      running build
      running build_py
      /usr/local/lib/python3.9/dist-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools.
        warnings.warn(
      installing to build/bdist.linux-x86_64/wheel
      running install
      running install_lib
      creating build/bdist.linux-x86_64/wheel
      error: could not create 'build/bdist.linux-x86_64/wheel': Permission denied
      [end of output]
  
  note: This error originates from a subprocess, and is likely not a problem with pip.
  ERROR: Failed building wheel for jfscan
  Running setup.py clean for jfscan
Failed to build jfscan

    I have installed all dependencies and the versión of jfscan is 1.3.1 and my version of SO is Debian 5.16.18-1

    A greeting and thanks

    question 
    opened by tXambe 3
  • Show found ports while scanning

    Show found ports while scanning

    Hi, i would like to see found ports while on scanning instead of waiting masscan finishs its progress. Is there any workaround?

    For example, after getting many active ports, i want to cancel the progress and get the ports had been found.

    image

    enhancement 
    opened by meichengg 2
  • Ability to check for firewalls

    Ability to check for firewalls

    I sometimes face with firewalls on some specific servers or IP ranges. For example, when i scan a range /22, only a few IPs behind a firewall, they detect the packets that masscan sends and shows that all 65535 ports are open, is there any way to detect or skip if which IP is actual behind a firewall like my situation? Thanks.

    image

    opened by meichengg 1
Releases(1.6.2)
Owner
Redteamer & pentester, working for corporates. Breaks stuff most of the time.
GitHub Repository
Huawei firewall automatically updates Chinese ip to target IP group.

Huawei firewall automatically updates Chinese ip to target IP group.

Lundaa 0 Jan 11, 2022
Readable, simple and fast asynchronous non-blocking network apps

Fast and readable async non-blocking network apps Netius is a Python network library that can be used for the rapid creation of asynchronous non-block

Hive Solutions 120 Nov 20, 2022
A simple and lightweight server that allows clients to connect and launch a shell remotely through a browser.

carrotsh A simple and lightweight server that allows clients to connect and launch a shell remotely through a browser. Uses xterm.js for the frontend

V9 31 Dec 27, 2022
A protocol or procedure that connects an ever-changing IP address to a fixed physical machine address

p0znMITM ARP Poisoning Tool What is ARP? Address Resolution Protocol (ARP) is a protocol or procedure that connects an ever-changing IP address to a f

Furkan OZKAN 9 Sep 18, 2022
Python port of proxy-www (https://github.com/justjavac/proxy-www)

proxy-www.py Python port of proxy-www (https://github.com/justjavac/proxy-www). Implemented additional functionalities! How to install pip install pro

Minjun Kim (Lapis0875) 20 Dec 08, 2021
Juniper SNMP Migrations For Python

Juniper SNMP Migrations This example will show how to use the PyEZ plugin for Nornir to build a NETCONF connection to a remote device validate that SN

Calvin Remsburg 1 Jan 07, 2022
Home Assistant integration for MyEnergi devices

myenergi for Home Assistant myenergi custom component for Home Assistant This is a very early release, will add more documentations soon! This compone

Johan Isacsson 70 Dec 18, 2022
An advanced real time threat intelligence framework to identify threats and malicious web traffic on the basis of IP reputation and historical data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputatio

CRED 225 Dec 31, 2022
Socialhome is best described as a federated personal profile with social networking functionality

Description Socialhome is best described as a federated personal profile with social networking functionality. Users can create rich content using Mar

Jason Robinson 332 Dec 30, 2022
A simple tcpdump sidecar injector to demonstrate Kubernetes's Mutating Webhook

k8s-tcpdump-webhook A simple tcpdump sidecar injector to demonstrate Kubernetes's Mutating Webhook Build and Deploy Build docker image; docker build -

Bilal Ünal 2 Sep 01, 2022
Wallc - Calculate the layout on the wall to hang up pictures

wallc Calculate the layout on the wall to hang up pictures. Installation pip install git+https://github.com/trbznk/wallc.git Getting Started Currently

Alex Trbznk 68 Sep 09, 2022
Base on browser-time to get har from network, and use python to analyze the data .

base on browser-time to get har from network, and use python to analyze the data

1 Dec 20, 2021
A simple, personal chat program that runs on a single computer. No Internet, just you.

MultiChat A simple, personal chat program that runs on a single computer. No Internet, just you. Simple and Local MultiChat was created with ease of u

Owls 2 Aug 19, 2022
A Cheap Flight Alert program sends you a SMS to notify cheap flights in next 8 months.

Flight Dealer A Cheap Flight Alert program sends you a SMS to notify cheap flights (return trips) in next 6 months. Installing Download the Python 3 i

Aytaç Kaşoğlu 2 Feb 10, 2022
Ctech Didik Auto Script VPN 👨🏻‍💻Youtube: Ctech Didik

CTech Didik Auto Script VPN SUPPORT OPERATING SYSTEM Debian GNU/Linux 11 (Bullseye) Debian GNU/Linux 10 (Buster) Debian GNU/Linux 9 (Stretch) Ubuntu S

Ctech Didik 27 Dec 20, 2022
Simple Port Scanner script written in Python, plans is to expand upon this script to turn it into a GUI based pen testing suite

PortScanner Simple Port Scanner script written in Python, plans is to expand upon this script to turn it into a GUI based pen testing suite. #IMPORTAN

1 Oct 23, 2021
Tool for pretty printing and optimizing Lightning Network channels.

Suez Tool for pretty printing and optimizing Lightning Network channels. Installation Install poetry poetry install poetry run ./suez Channel fee poli

Pavol Rusnak 69 Nov 03, 2022
TunnelProxy 是一个本地隧道代理,可以从fofa爬取免费的socks代理,然后构建代理池,如果一个代理失效,会自动切换

TunnelProxy 是一个本地隧道代理,可以从fofa爬取免费的socks代理,然后构建代理池,如果一个代理失效,会自动切换。 应用场景 渗透测试需要访问某些国内网站(比如edu的),想要隐藏自己,但是国外代理不能访问,也没有稳定的可用代理的时候。 之后,可能我会增加国外代理,实现白嫖科学上网。

urdr-gungnir 45 Nov 17, 2022
The best way to send tokens into a specific server, which can be used for discord bots, and some tools..

XTRA420 The simplified version of sending tokens into a server, the basic and fastest way.. When using this, you have the option to use proxies (http)

07v 1 Nov 30, 2021
openPortScanner is a port scanner made with Python!

Port Scanner made with python • Installation • Usage • Commands Installation Run this to install: $ git clone https://github.com/Miguel-Galdin0/openPo

Miguel Galdino 7 Jan 09, 2022