Pwndora : Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets.

This project allows users to create their own IoT search engine at home, in simple steps, for educational purposes.

Features

• Port scanning with different options and retrieve software banner information.
• Detect some web technologies and operating systems running on servers, using Webtech integration.
• Retrieves IP geolocation from Maxmind free database file, updated periodically.
• Anonymous login detection on FTP servers.
• Send notifications with results using Slack API.
• Different ways to store data: MongoDB and JSON file.
• Multi thread mode, with a limit of 400 threads

Getting Started

Manual Installation

Make sure you have $HOME/.local/share directory, to avoiding issues with Webtech.

To use slack argument, you should configure Incoming Webhooks URL in config.py

• Clone this repository
• Install requirements with Python PIP
• Finally start scanner

Using Docker image (Recommended)

docker pull alechilczenko/pwndora:3.1

Usage

Options

options:
-h, –help show this help message and exit
-s START, –start START
Start IPv4 address
-e END, –end END End IPv4 address
-t THREADS, –threads THREADS
Number of threads [Default: 50]
-m FILE, –massive-scan FILE
File path with IPv4 ranges
-ti TIMEOUT, –timeout TIMEOUT
Socket timeout [Default: 0.5]
-p, –top-ports Scan only 20 most used ports
-a, –all-ports Scan 1000 most used ports
-c CUSTOM [CUSTOM …], –custom-ports CUSTOM [CUSTOM …]
Scan custom ports directly from terminal
-sl, –slack Send notifications by Slack with results
-sv {json,mongodb}, –save {json,mongodb}
Methods of data storage
-l, –logs Add a log file, useful in debugging

Examples

Scan only a single IPv4 address range:

python3 CLI.py -s 192.168.0.0 -e 192.168.0.255 -t 150 –top-ports -sv json

Scan with custom ports and logs options:

python3 CLI.py -m ranges.csv -t 350 –custom-ports 80 21 22 -sv json –logs

Usage with MongoDB

To insert the results into a database, you must set the following environment variables:

Tip: You can create an instance of MongoDB and Mongo Express using docker-compose.

export MONGODB_URI=”mongodb://localhost:27017″
export MONGODB_USER=”user”
export MONGODB_PASS=”password”

The right way (Elasticsearch and Kibana)

How create your own IoT search engine?

After storing results in our database, we can integrate Elasticsearch to perform fast searches. You can synchronize MongoDB and Elasticsearch using the tool: Mongo-to-elastic-dump.

Finally we added Kibana to visualize data and create graphs with statistics.

Graphs Example