Dnmap is an excellent project for distributing Nmap scans among different clients. The extra resources available, such as bandwidth, allow us to scan one or more targets faster when time is a limiting factor during a security assessment.
The following recipe will show you how to perform distributed port scanning with Dnmap.
Download the latest version of Dnmap from the official SourceForge repositories at http://sourceforge.net/projects/dnmap/files/ .
Dnmap depends on python's library "twisted". If you are on a Debian-based system, you can install it with the following command:
#apt-get install libssl-dev python-twisted
It is also worth mentioning that Nmap is not self-contained in Dnmap; we must install it separately on each client. Please refer to the Compiling Nmap from source code recipe in Chapter 1, Nmap Fundamentals for instructions on installing Nmap.
- Create a file that will contain your Nmap commands. Each command must be separated by a new line:
#cat cmds.txt nmap -sU -p1-10000 -sV scanme.nmap.org nmap -sU -p10000-20000 -sV scanme.nmap.org nmap -sU -p20000-30000 -sV scanme.nmap.org nmap -sU -p40000-50000 -sV scanme.nmap.org nmap -sU -p50001-60000 -sV scanme.nmap.org
- Start the
dnmap_server.py:#python dnmap_server.py -f cmds.txtThe following screenshot shows the Dnmap server:
Dnmap server
- On your clients, run the following command:
#python dnmap_client.py -a client1 -s 192.168.1.1The following screenshot shows the Dnmap server:
Dnmap client
Dnmap is a set of python scripts published by Sebastian GarcĂa "el draco" from Mateslab (http://mateslab.com.ar), to distribute Nmap scans using a server-client connection model.
Server-client model of Dnmap from mateslab.com.ar
Commands are stored in a file that is read by the server. The script dnmap_server.py handles all of the incoming connections and assigns commands to the clients. Each client executes only one Nmap command at a time.
Additionally, you can increase the debugging level on the server by using the argument -d [1-5], as shown in the following command:
#python dnmap_server.py -f cmds.txt -d 5
The server handles disconnections by reinserting the commands at the end of the file. Dnmap creates a file named .dnmap-trace file to keep a track of the current state of progress.
If the server itself loses connectivity, the clients will automatically try to reconnect indefinitely, until the server comes back online.
- The Scanning an IP address range recipe
- The Reading targets from a text file recipe
- The Scanning random targets recipe
- The Skipping tests to speed up long scans recipe
- The Selecting the correct timing template recipe
- The Adjusting timing parameters recipe
- The Adjusting performance parameters recipe
- The Collecting signatures of web servers recipe