Post

NetGun, Vulnerability Scanner for Kali OS β€‹πŸ’»β€‹

Posted Updated
By Carlo Colizzi 2 min read

NetGun is an open source project available on GitHub, developed by Me (Carlo Colizzi), Giulio Incoronato, and Antonio Mazzarella

NetGun is a Vulnerability Scanner written in Python. It allows to scan Network infrastructures, enumerate the services running on them, unearth CVEs and Misconfigurations. It aims to facilitate a complex practice such as Penetration Testing, so that PTs can focus on more delicate aspects, automating and speeding up the tasks behind this type of Testing.

logo

NetGun allows you to

  • Detect open and closed ports on any accessible target host
  • Detect the Operating System
  • Detect the services running on each port
  • Detect firewalls
  • Detect tipical misconfigurations
  • Detect CVEs on services

Example 4

Installation

1
2
3

git clone https://github.com/Carlo-Colizzi/NetGun
cd NetGun
pip install -r requirements.txt

How to Use

Here you can set the details of the scan

details

You can set IPv4 and Port range

IPv4 and Port range

Choose the protocol used by the researched services, TCP or UDP

TCP or UDP

Choose the Advanced Options:

  • OS detection: let to discover the OS used by the Target<
  • Disable PING: during the scan the ping functionality will not be used
  • SYN scan: SYN scan is the default and most popular scan option for good reason. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by intrusive firewalls. SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections.
  • ACK scan: Its probe packet has only the ACK flag set. When scanning unfiltered systems, open and closed ports will both return a RST packet. NetGun then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don’t respond, or send certain ICMP error messages back, are labeled filtered.

Important: you can’t use SYN scan and ACK scan together

Advanced Options

Choose the scan mode:

  • SHALLOW: a shallow and stealth scan, do not look for services version
  • DEEP: a deep scan, look also for services version

Scan Mode

Choose the scan aggressivity, from 0 (slow and stealth) to 4 (fast)

Aggressivity

When the scan terminates, you will see the results in a table: Results

CVE analysis

You can check all the CVEs of a specific service just selecting it and clicking β€œOpen CVE”. The Vulnerabilities are obtained through the National Vulnerability Database of U.S. government CVEs

Speedtest by OOkla

You can also make a Speedtest: Speedtest

Other Images

Example 1 Example 2 Example 3

Cyber Security Projects
NetGun Vulnerability Scanner
This post is licensed under CC BY 4.0 by the author.