Jump to content

Nmap Automator – a tool I used during OSCP for simple recon Attribution

Recommended Posts


Nmap Automator – a tool I used during OSCP for simple recon Attribution




A script that you can run in the background!


I have created this script as I was preparing for my OSCP exam.
The main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing.

This will ensure two things:
1) Automate nmap scans. 2) Always have some recon running in the background.

Once you find the inital ports in around 10 seconds, you then can start manually looking into those ports, and let the rest run in the background with no interaction from your side whatsoever.


  1. Quick: Shows all open ports quickly (~15 seconds)
  2. Basic: Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes)
  3. UDP: Runs "Basic" on UDP ports (~5 minutes)
  4. Full: Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)
  5. Vulns: Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)
  6. Recon: Runs "Basic" scan "if not yet run", then suggests recon commands "i.e. gobuster, nikto, smbmap" based on the found ports, then prompts to automatically run them
  7. All: Runs all the scans consecutively (~20-30 minutes)

I tried to make the script as efficient as possible, so that you would get the results as fast as possible, without duplicating any work.

Feel free to send your pull requests and contributions :)


Required: Gobuster v3.0 or higher, as it is not backward compatible.
You can update gobuster on kali using:

apt-get update
apt-get install gobuster --only-upgrade  

Other Recon tools used within the script include:

Examples of use:

./nmapAutomator.sh <TARGET-IP> <TYPE>  
./nmapAutomator.sh All  
./nmapAutomator.sh Basic  
./nmapAutomator.sh Recon  

If you want to use it anywhere on the system, create a shortcut using:
ln -s /PATH-TO-FOLDER/nmapAutomator.sh /usr/local/bin/

TODO features list

pull requests are more than welcome :)

  • Support DNS resolution "use of urls/domains instead of IPs"
  • Properly identify url extensions "testing index extensions for code 200"
  • Add more port-based automatic recon options
  • Add an nmap progress bar
  • Upvote 3
Link to post
Share on other sites

Tot oscp related


1. https://github.com/codingo/Reconnoitre

A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags.

2. https://github.com/frizb/Vanquish

Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged for a remote shell.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...