diff options
| -rw-r--r-- | README.md | 25 | ||||
| -rwxr-xr-x | tmap | 16 |
2 files changed, 28 insertions, 13 deletions
@@ -2,19 +2,24 @@ This port scanner was orginally made by [Stevan Nestorovic](https://github.com/stevannestorovic) to work over clearnet. -It was modifed to work over Tor for anonymous scanning. +It was modifed to work over **Tor** for anonymous and hidden service scanning. ### Dependencies -Tmap is a python script that requries a socks module and a running Tor deamon on localhost. +Tmap is a python script that requries the **socks** module and a running Tor deamon on localhost. +Both **python2** and **pyhton3** are supported. ### Usage: `./tmap [-h] -H HOSTS [-p PORTS] [-t TIMEOUT] [--clearnet] [--torport TORPORT]` -Multiple hosts can be specified using a comma (-H 1.1.1.1,2.2.2.2). +`-H` option can be used to specify hosts, but it is assumed by default. +Multiple hosts can be specified using a comma (ex. `./tmap -H 1.1.1.1,google.com,facebookcorewwwi.onion -p 80`). +Tmap supports IP address ranges as well (ex. `./tmap 192.168.1.0/24 -p 22`). -Ports can be either specified as a range (-p 20-100) or separated with a comma (-p 25,53,80). +**For private addresses, Tor is _not_ used, but a _direct_ connection is established instead.** +Ports can be specified as a range (ex. `./tmap google.com -p 20-30`),separated with a comma (ex. `./tmap 1.1.1.1 -p 25,53,80`) or both. +Ports in a range are scanned including the ends of an interval (ex. in a range "20-30" both port 20 and 30 are scanned). ### Examples @@ -30,5 +35,15 @@ Scan port 80 on facebookcorewwwi.onion Scan ports from 0 to 1024 on 192.168.0.1 without routing traffic through Tor. +`./tmap 192.168.1.0/24 -p 80` + +Scan the whole 192.168.1.0/24 range for an open port 80 without tor. + +`./tmap 8.8.8.8/31 -p 53` + +Scan the 8.8.8.8/31 range for an open port 53 with tor. + ### License -**GPL3** +**GPLv3+**: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> +This is *free* software: you are free to change and redistribute it. +There is **NO WARRANTY**, to the extent permitted by law. @@ -72,14 +72,14 @@ def main(): startTime = time.time() ## Define and parse the arguments - parser = argparse.ArgumentParser(description="Simple port scanner that works over Tor") - parser.add_argument("--version", dest="version", help="print version info and exit", action="store_true") - parser.add_argument("HOSTS", help="IP or domain to scan", default="empty_host", nargs="?") - parser.add_argument("-H", "--hosts", metavar="HOSTS", dest="tgtHost", help="IP or domain to scan", default="empty_host_option") - parser.add_argument("-p", "--ports", metavar="PORTS", dest="tgtPort", help="ports to scan", default="20-25,53,80-85,443-445,8080,8333,9050,9150") - parser.add_argument("-t", "--timeout", metavar="TIMEOUT", dest="sockTimeout", type=int, help="seconds to wait before connection timeout for each port", default=2) - parser.add_argument("--clearnet", dest="clearnet", help="don't use Tor for scanning", action="store_true") - parser.add_argument("--torport", metavar="TORPORT", dest="torPort", type=int, help="port for Tor proxy", default="9050") + parser = argparse.ArgumentParser(description="Simple stateful port scanner that works over Tor") + parser.add_argument("--version", dest="version", help="print version information and exit", action="store_true") + parser.add_argument("HOSTS", help="IP address or domain to scan", default="empty_host", nargs="?") + parser.add_argument("-H", "--hosts", metavar="HOSTS", dest="tgtHost", help="IP address or domain to scan", default="empty_host_option") + parser.add_argument("-p", "--ports", metavar="PORTS", dest="tgtPort", help="ports to scan, seperated by a comma", default="20-25,53,80-85,443-445,8080,8333,9050,9150") + parser.add_argument("-t", "--timeout", metavar="TIMEOUT", dest="sockTimeout", type=int, help="seconds to wait before connection timeout for each port", default=3) + parser.add_argument("--clearnet", dest="clearnet", help="don't use Tor for scanning, connect directly instead", action="store_true") + parser.add_argument("--torport", metavar="TORPORT", dest="torPort", type=int, help="port on which Tor is listening on", default="9050") args = parser.parse_args() |