Documentation
NetGun is a Vulnerability Scanner written in Python. It allows to scan Network infrastructures, enumerate the services running on them, unearth CVEs and Misconfigurations. It aims to facilitate a complex practice such as Penetration Testing, so that PTs can focus on more delicate aspects, automating and speeding up the tasks behind this type of Testing.
- Detect open and closed ports on any accessible target host
- Detect the Operating System
- Detect the services running on each port
- Detect firewalls
- Detect tipical misconfigurations
- Detect CVEs on services
git clone https://github.com/Carlo-Colizzi/NetGun
cd NetGun
pip install -r requirements.txt
> Here you can set the details of the scan
> You can set IPv4 and Port range
> Choose the protocol used by the researched services, TCP or UDP
> Choose the Advanced Options:
- OS detection: let to discover the OS used by the Target
- Disable PING: during the scan the ping functionality will not be used
- SYN scan: SYN scan is the default and most popular scan option for good reason. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by intrusive firewalls. SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections.
- ACK scan: Its probe packet has only the ACK flag set. When scanning unfiltered systems, open and closed ports will both return a RST packet. NetGun then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don't respond, or send certain ICMP error messages back, are labeled filtered.
Important: you can't use SYN scan and ACK scan together
> Choose the scan mode:
- SHALLOW: a shallow and stealth scan, do not look for services version
- DEEP: a deep scan, look also for services version
> Choose the scan aggressivity, from 0 (slow and stealth) to 4 (fast)
> When the scan terminate, you will see the results in such a table:
> You can check all the CVEs of a specific service just selecting it and clicking "Open CVE". The Vulnerabilities are obtained through the National Vulnerability Database of U.S. government
> You can also make a Speedtest: