Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the scan speed improvement tool Unimap based on Nmap, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Unimap

Unimap is a scanning speed improvement tool based on Nmap. We only need to provide an IP address to Unimap. Even if it is a large amount of data, Unimap can scan the network at a very fast speed. Unimap is an acronym for "Unique Nmap Scan" and the current version of the tool supports running on platforms such as Linux, macOS, Windows, or Android (Termux).

If you are going to use Nmap to scan an organization's internal network system, the first thing we need to consider is that there may be dozens, hundreds or even thousands of subdomains that point to the same IP address. When the scanning task is executed at some point, we may not be able to continue to perform the scanning task. In addition, our IP address may be blocked due to multiple scans against the same remote host address.

Unimap uses its own technology to initially parse the IP addresses of all subdomains. After completion, according to the number of threads configured by the user, a vector is created with a unique IP address, and then Nmap is used for parallel scanning tasks. At the same time, it can also analyze the data in the Namp file and try to find the relevant information corresponding to each IP address. Finally, Unimap associates information for each IP address associated with the subdomain. For example, if you have 50 subdomains that point to the same IP address, then with the help of Unimap, we only need to perform a Nmap scan to get all the data associated with each subdomain at the same time. In a large-scale network scan task, Unimap will save us days or weeks.

Tool installation

First, we need to install Rust and Nmap on our computers, and then run the following command:

Cargo install unimap

This command installs Unimap from the crates.io source.

In addition, researchers can also install and configure Unimap using the following commands:

Git clone https://github.com/Edu4rdSHL/unimap.gitcd unimapcargo build-- release

At this point, the built code will be stored under the ". / target/release/unimap" path.

Use the AUR package (Arch Linux)

In addition to the above methods, we can also use the AUR package to install Unimap. For example:

Yay-S unimap

You can also clone the AUR package if you want, and then compile the package code using makepkg. For example:

Git clone https://aur.archlinux.org/unimap.gitcd unimapmakepkg-si tool u

Unimap requires root/ administrator privileges to start a Nmap TCP SYN scan because of the accuracy of the scan results and scan performance. If you are using a Linux or Unix-like system, you can run the tool directly using a root shell or using sudo. On the Windows platform, we can use administrator privileges to open a command line interrupt window, and then use the same command to run the tool.

The following options do not require us to provide any values:

Option

Description

-- fast-scan

Perform a quick scan for the port, scanning only the first 1000 ports, and version detection is not supported.

-o,-- output

Output the scan results to a file with the log file name as unimap-log-$date.

-k,-- keep-nmap-logs

For each scanned IP address, store the Nmap XML file in the logs/ directory, which can be used for later analysis tasks.

The following options require appropriate parameter values:

Parameters.

Description

-- resolvers

Contains the file path of the DNS IP address list, which supports multiple file inputs. If not specified, more than 1600 pieces of data from public-dns.info 's built-in available DNS server will be used.

-f,-- file

Writes a list of targets to a file and uses the file as input.

-- iport

Customize the port range for the initial scan.

-- lport

Customize the port range for the last scan.

-- logs-dir

The CSV file path where the current scan process data is stored.

-- min-rate

Min-rate, which controls Nmap, defaults to 30000.

-t,-- target

If you only want to scan a single host and extract data from it, you can use this parameter.

-- threads

The number of scanning threads, default is 30.

-u,-- unique-output

Specifies the storage path for the output data.

Sample use of tools

The following command performs a complete scan task and stores the output to log.csv:

Unimap-f targets.txt-u log.csv

The following command performs a quick scan and stores the log files in the logs/ directory:

Unimap-f targets.txt-- fast-scan-o

The following command scans ports 1-1000 and detects the appropriate services and versions:

Sudo unimap-f targets.txt-- iport 1-- lport 1000-- min-rate 1000 after reading the above, do you have any further understanding of Unimap, a scanning speed improvement tool based on Nmap? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.