Intelspy | Perform Automated Network Reconnaissance Scans

Tools & Scripts
,
1

image
image1654×921 47.6 KB

Perform automated network reconnaissance scans to gather network intelligence.
IntelSpy is a multi-threaded network intelligence spy tool which performs automated enumeration of network services. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-force, detailed off-line exploits searches and more.
The tool will also launch further enumeration scans for each detected service using a number of different tools.

Credits

I had started working on IntelSpy when one day I discovered AutoRecon. Instead of reinventing the wheel, IntelSpy is the result of combining/merging IntelSpy with the best features of the AutoRecon to create a network reconnaissance tool suitable for Penetration Testing engagements.

Features

  • Scans multiple targets in the form of IP addresses, IP ranges (CIDR notation) and resolvable hostnames.
  • Scans targets concurrently.
  • Detects live hosts in an IP range (CIDR) network.
  • Customizable port scanning profiles and service enumeration commands.
  • Creates a directory structure for results gathering.
  • Logs commands that were run.
  • Generates shell scripts with commands to be run manually.
  • Extracts important information in txt and markdown format.
  • Stores data to an SQLite database.
  • Generates HTML report.

Requirements

  • Python 3
  • colorama
  • toml (https://github.com/toml-lang/toml)
  • seclists
  • curl
  • enum4linux
  • gobuster
  • nbtscan
  • nikto
  • nmap
  • onesixtyone
  • oscanner
  • smbclient
  • smbmap
  • smtp-user-enum
  • snmpwalk
  • sslscan
  • svwar
  • tnscmd10g
  • whatweb
  • wkhtmltoimage
  • pandoc
  • hydra
  • medusa
  • wpscan
  • ldapsearch
  • patator
pip3 install -r requirements.txtsudo apt install seclists

Usage

 ___               __          |  ._ _|_  _  | (_  ._      _|_ | | |_ (/_ | __) |_) /                       |   /                                  IntelSpy v1.0 - Perform automated network reconnaissance scans to gather network intelligence.IntelSpy is an open source tool licensed under GPLv3.Written by: @maldevel | @LOGISEK_LTDhttps://logisek.com | https://pentest-labs.comhttps://github.com/maldevel/intelspyusage: intelspy.py [-h] [-ts TARGET_FILE] -p PROJECT_NAME -w WORKING_DIR                   [--exclude <host1[,host2][,host3],...>] [-s SPEED]                   [-ct <number>] [-cs <number>] [--profile PROFILE_NAME]                   [--livehost-profile LIVEHOST_PROFILE_NAME]                   [--heartbeat HEARTBEAT] [-v]                   [targets [targets ...]]positional arguments:  targets               IP addresses (e.g. 10.0.0.1), CIDR notation (e.   g.                        10.0.0.1/24), or resolvable hostnames (e.g.                        example.com) to scan.optional arguments:  -h, --help            show this help message and exit  -ts TARGET_FILE, --targets TARGET_FILE                        Read targets from file.  -p PROJECT_NAME, --project-name PROJECT_NAME                        project name  -w WORKING_DIR, --working-dir WORKING_DIR                        working directory  --exclude <host1[,host2][,host3],...>                        exclude hosts/networks  -s SPEED, --speed SPEED                        0-5, set timing template (higher is faster) (default:                        4)  -ct <number>, --concurrent-targets <number>                        The maximum number of target hosts to scan                        concurrently. Default: 5  -cs <number>, --concurrent-scans <number>                           The maximum number of scans to perform per target                        host. Default: 10  --profile PROFILE_NAME                        The port scanning profile to use (defined in port-                        scan-profiles.toml). Default: default  --livehost-profile LIVEHOST_PROFILE_NAME                        The live host scanning profile to use (defined in                        live-host-scan-profiles.toml). Default: default  --heartbeat HEARTBEAT                        Specifies the heartbeat interval (in seconds) for task                        status messages. Default: 60  -v, --verbose         Enable verbose output. Repeat for more verbosity (-v,                        -vv, -vvv).

Usage Examples
Scanning single target

sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ 192.168.10.15sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ 192.168.10.15 -vsudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ 192.168.10.15 -vvsudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ 192.168.10.15 -vvv

Scanning a hostname

sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ example.com

Scanning a network range(CIDR)

sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ 192.168.10.0/24

Scanning multiple targets (comma separated)

sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ 192.168.10.15 192.168.10.0/24 example.com

Scanning targets from file

sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ -ts /home/user/targets.txt

Excluding one host

sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ --exclude 192.168.10.9 192.168.10.0/24

Excluding many hosts

sudo python3 intelspy.py -p MyProjectName -w /home/user/pt/projects/ --exclude 192.168.10.9,192.168.10.24 192.168.10.0/24

GitHub:

2 Likes