Network utility tool for Linux systems that performs some network and security administrator tasks.
- Port scans, including SYN, TCP, UDP, ACK, comprehensive scan;
- Host discovery (scan for up devices on a local network);
- Banner grabbing;
- DNS checks with geolocation information;
- IP spoofing (beta);
- Packet sniffing (beta).
Other features are still being implemented. Future implementations may include WAP (web application firewall) detection, vulnerability reconnaissance, static code analysis, traffic analysis, ARP poisoning, exploits, some automated tasks and others.
Note that currently, this script can only run well on Linux. If you try it in on Windows or macOS, it may run, but numerous errors will appear.
To install the necessary packages so that the script can run withouth any problems simply run the
setup.sh script with root privileges. Currently, this installation script is only supported on debian-based distros that has the apt package manager (Ubuntu, Kali, Parrot, Debian, PopOS, Mint, etc). On most systems, to install medsec simply run the following commands:
git clone https://github.com/medpaf/medsec.git cd medsec sudo . setup.sh
However, if you are using any other Linux distro with a different package manager, please install the packages manually using your distro’s package manager. Depending on the specific distro used, some of the required packages to run this script might be already installed on your machine. The necessary packages are:
- nmap (using your system’s package manager)
- traceroute (using your system’s package manager)
- python3-pip (using your system’s package manager)
- python-nmap (using pip3)
- colorama (using pip3)
- ipinfo (using pip3)
- scapy (using pip3)
After the installation, to run the program, simply navigate to the project’s directory and run the
medsec.py file using python. Running the script as root is recommended for better performance and to avoid permission errors. The used command is the following:
sudo python3 medsec.py
Multiple scan types are supported, including SYN (
-scansyn), TCP (
-scantcp), UDP (
-scanudp), ACK (
-scanack) and comprehensive scan (
-scan -host [HOST(s)] -scan -host [HOST(s)] -p [PORT(s)] -scan -host [HOST(s)] -prange [START PORT] [END PORT] -scan -iprange [START IP] [END IP] -p [PORT(s)] -scan -iprange [START IP] [END IP] -prange [START PORT] [END PORT]
After this scan, it is possible to see that both 22 (SSH) and 80 (HTTP) ports are open.
To look for current up devices on a given network type the following command:
Then type the network you want to scan.
To perform banner grabbing, depending on your specific needs, type one of the following commands:
-grab -host [HOST(s)] -p [PORT(s)] -grab -iprange [START IP] [END IP] -prange [START PORT] [END PORT] -grab -host [HOST(s)] -prange [START PORT] [END PORT] -grab -iprange [START IP] [END IP] -p [PORT(s)]
This feature is similar to the well known
nslookup command used on UNIX systems. If you want to do a DNS check, type the following:
If you want to display your system’s current TCP/IP network configuration, type the following command:
To send ICMP packets to a host to check connectivity, simply type:
To diagnose route paths and measure transit delays, use the
Note that this command only works on machines with unpached vulnerabilities. To performe IP spoofing on a host’s specific port, use the following command:
-spoof -host [HOST] -p [PORT]
Disclaimer: Please only use this for testing purposes and target your own machines.
To perform packet sniffing, type:
Create a issue or pull request, or send me an email at email@example.com.
This repository is under the MIT License.