Kali Linux

Pwndora : Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes

Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are open, and collects more information about targets.

This project allows users to create their own IoT search engine at home, in simple steps, for educational purposes.

Features

  • Port scanning with different options and retrieve software banner information.
  • Detect some web technologies and operating systems running on servers, using Webtech integration.
  • Retrieves IP geolocation from Maxmind free database file, updated periodically.
  • Anonymous login detection on FTP servers.
  • Send notifications with results using Slack API.
  • Different ways to store data: MongoDB and JSON file.
  • Multi thread mode, with a limit of 400 threads

Getting Started

Manual Installation

Make sure you have $HOME/.local/share directory, to avoiding issues with Webtech.

To use slack argument, you should configure Incoming Webhooks URL in config.py

  • Clone this repository
  • Install requirements with Python PIP
  • Finally start scanner

Using Docker image (Recommended)

docker pull alechilczenko/pwndora:3.1

Usage

Options

options:
-h, –help show this help message and exit
-s START, –start START
Start IPv4 address
-e END, –end END End IPv4 address
-t THREADS, –threads THREADS
Number of threads [Default: 50]
-m FILE, –massive-scan FILE
File path with IPv4 ranges
-ti TIMEOUT, –timeout TIMEOUT
Socket timeout [Default: 0.5]
-p, –top-ports Scan only 20 most used ports
-a, –all-ports Scan 1000 most used ports
-c CUSTOM [CUSTOM …], –custom-ports CUSTOM [CUSTOM …]
Scan custom ports directly from terminal
-sl, –slack Send notifications by Slack with results
-sv {json,mongodb}, –save {json,mongodb}
Methods of data storage
-l, –logs Add a log file, useful in debugging

Examples

Scan only a single IPv4 address range:

python3 CLI.py -s 192.168.0.0 -e 192.168.0.255 -t 150 –top-ports -sv json

Scan with custom ports and logs options:

python3 CLI.py -m ranges.csv -t 350 –custom-ports 80 21 22 -sv json –logs

Usage with MongoDB

To insert the results into a database, you must set the following environment variables:

Tip: You can create an instance of MongoDB and Mongo Express using docker-compose.

export MONGODB_URI=”mongodb://localhost:27017″
export MONGODB_USER=”user”
export MONGODB_PASS=”password”

The right way (Elasticsearch and Kibana)

How create your own IoT search engine?

After storing results in our database, we can integrate Elasticsearch to perform fast searches. You can synchronize MongoDB and Elasticsearch using the tool: Mongo-to-elastic-dump.

Finally we added Kibana to visualize data and create graphs with statistics.

Graphs Example

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago