Nmap Ndiff and Telegram for red teaming

June 13, 2019 | Views: 5223

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

What is Phactive

Phactive is a little script written in bash, it’s to aid in a red team workflow, Since red team is mostly about continuous monitoring and simulation of a real life attack. unlike in Penetration testing where you just have to run a scan and submit a report the explain your findings, which can be accomplished with a short time missing out new risks and vulnerabilities. For example: During a penetration testing you can run an Nmap scan on port “22” during your scan and its closed. Which might then be opened tomorrow for maybe technical support. So this is where red team idea comes in handing.

So Phactive runs an Nmap scan every morning at 10am with the use of cron job, it then compares the result of Yesterday’s scan result with Todays result using Ndiff. If they are any new open ports or changes in the scan it’s send a report of the new findings to your specified Telegram bot.

This is a very basic red teaming script that runs nmap every day at 10AM using cron job that Scans 0-65535 with
"-A -Pn -v -T4 -F -sV" Flags then uses ndiff to compare the result. 
If there's any difference it send's a notification to your specified Telegram bot about
new ports discovered.
License: MIT
Twitter Follow

Download, setup, and usage

You must have Nmap and Ndiff Installed

git clone https://github.com/Phexcom/phactive.git /opt/phactive

sudo nano /opt/phactive/main.sh

  • Add the host you want to scan and monitor
TARGETS="127.0.0.1"                  # Target eg: (Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254)
  • Add your telegram chat id and Token
chat_id="<Telegram chat id>" # Telegram Chat id
tg_token="<Telegram Bot Token" # Telegram bot Token

To setup a telegram token and chat id Check out this Post

Setup a cron job

  • Once you done with the setup. You can run a cron job that runs every morning at 10am or your desirable time. Here is an Example:

sudo nano /etc/crontab

Then copy and paste then save

00 10 * * * root bash /opt/phactive/main.sh

If you have any contribution to make the script better, Please leave it in the Comment below.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel