OP 05 April, 2022 - 06:01 PM
(This post was last modified: 05 April, 2022 - 09:05 PM by SherlockHemredge. Edited 4 times in total.)
So i always hear after a new 0day has been disclosed that there is mass scanning over the internet by the Russians looking for vulnerable servers to exploit on mass. Now i know you can do this with shodan once you pay for the better API's, however is it possible to do it by myself?
Example:
Masscan > nmap > hxxp > nuclei
Masscan to scan a countries IP range, nmap to port scan and enumerate services and versions, hxxp to resolve IP's to hostnames and nuclei looking for vulns.
I also know its possible with zmap and zgrab.
What do you guys think? Any ideas?
I've heard that russians have bots that bruteforce random servers on mass. I know how to do that.
Exmaple:
masscan > nmap > brutespray.
Tools I mentioned above:
https://github.com/robertdavidgraham/masscan
https://nmap.org/download
https://github.com/x90skysn3k/brutespray
https://github.com/danielmiessler/SecLists
https://github.com/zmap/zgrab2
https://github.com/zmap/zmap
https://github.com/projectdiscovery/nuclei
Example:
Masscan > nmap > hxxp > nuclei
Masscan to scan a countries IP range, nmap to port scan and enumerate services and versions, hxxp to resolve IP's to hostnames and nuclei looking for vulns.
I also know its possible with zmap and zgrab.
What do you guys think? Any ideas?
I've heard that russians have bots that bruteforce random servers on mass. I know how to do that.
Exmaple:
masscan > nmap > brutespray.
Tools I mentioned above:
https://github.com/robertdavidgraham/masscan
https://nmap.org/download
https://github.com/x90skysn3k/brutespray
https://github.com/danielmiessler/SecLists
https://github.com/zmap/zgrab2
https://github.com/zmap/zmap
https://github.com/projectdiscovery/nuclei