Network utility tool for Linux systems

medsec

Network utility tool for Linux systems that performs some network and security administrator tasks.


This is a network utility tool that I developed to perform some network and security administrator tasks. Currently, this script can perform a good variety of tasks such as:

  • Port scans, including SYN, TCP, UDP, ACK, comprehensive scan;
  • Host discovery (scan for up devices on a local network);
  • Banner grabbing;
  • DNS checks with geolocation information;
  • ifconfig;
  • ping;
  • traceroute;
  • IP spoofing (beta);
  • Packet sniffing (beta).

Other features are still being implemented. Future implementations may include WAP (web application firewall) detection, vulnerability reconnaissance, static code analysis, traffic analysis, ARP poisoning, exploits, some automated tasks and others.

Installation

Note that currently, this script can only run well on Linux. If you try it in on Windows or macOS, it may run, but numerous errors will appear.

Linux

To install the necessary packages so that the script can run withouth any problems simply run the setup.sh script with root privileges. Currently, this installation script is only supported on debian-based distros that has the apt package manager (UbuntuKaliParrotDebianPopOSMint, etc). On most systems, to install medsec simply run the following commands:

git clone https://github.com/medpaf/medsec.git
cd medsec
sudo . setup.sh

However, if you are using any other Linux distro with a different package manager, please install the packages manually using your distro’s package manager. Depending on the specific distro used, some of the required packages to run this script might be already installed on your machine. The necessary packages are:

  • nmap (using your system’s package manager)
  • traceroute (using your system’s package manager)
  • python3-pip (using your system’s package manager)
  • python-nmap (using pip3)
  • colorama (using pip3)
  • ipinfo (using pip3)
  • scapy (using pip3)

After the installation, to run the program, simply navigate to the project’s directory and run the medsec.py file using python. Running the script as root is recommended for better performance and to avoid permission errors. The used command is the following:

sudo python3 medsec.py

How to use

Scanning ports

Multiple scan types are supported, including SYN (-scansyn), TCP (-scantcp), UDP (-scanudp), ACK (-scanack) and comprehensive scan (-scan).

-scan -host [HOST(s)]

-scan -host [HOST(s)] -p [PORT(s)]

-scan -host [HOST(s)] -prange [START PORT] [END PORT]

-scan -iprange [START IP] [END IP] -p [PORT(s)]

-scan -iprange [START IP] [END IP] -prange [START PORT] [END PORT]
md

After this scan, it is possible to see that both 22 (SSH) and 80 (HTTP) ports are open.

Host discovery

To look for current up devices on a given network type the following command:

-scanlocal

Then type the network you want to scan.

scan

Banner grabbing

To perform banner grabbing, depending on your specific needs, type one of the following commands:

-grab -host [HOST(s)] -p [PORT(s)]

-grab -iprange [START IP] [END IP] -prange [START PORT] [END PORT]

-grab -host [HOST(s)] -prange [START PORT] [END PORT]

-grab -iprange [START IP] [END IP] -p [PORT(s)]
nmapscan

DNS checks

This feature is similar to the well known nslookup command used on UNIX systems. If you want to do a DNS check, type the following:

-ns [HOST(s)]

dns

ifconfig

If you want to display your system’s current TCP/IP network configuration, type the following command:

-ifconfig

ifconfig

ping

To send ICMP packets to a host to check connectivity, simply type:

-ping [HOST]

ping

traceroute

To diagnose route paths and measure transit delays, use the -traceroute command:

-traceroute [HOST]

traceroute

IP spoofing

Note that this command only works on machines with unpached vulnerabilities. To performe IP spoofing on a host’s specific port, use the following command:

-spoof -host [HOST] -p [PORT]

spoofing

Disclaimer: Please only use this for testing purposes and target your own machines.

Packet sniffing

To perform packet sniffing, type:

-sniff

sniff

Contribution

Create a issue or pull request, or send me an email at pafmed@outlook.com.

License

This repository is under the MIT License.