While not the most useful tool, I wanted to share the Nmap alarm that I used on a recent engagement.
Nmap Alarm – Introduction
During an internal engagement, there was one host (actually the only practical target) that was proving a bit problematic.
We knew that we had access to this host, but it would only be online occasionally and seemingly randomly. Note: as I found out later, it was because this was the only workstation at the site, and the user would put it to sleep when he finished.
In this case, I needed to know when I would be able to attack, regardless of what time it was.
Building the Alarm
First, I just threw together a quick wrapper script for nmap that would serve as my alarm.
This script just scans the target IP and port every 5 seconds, and then print the “Ring terminal bell” character every one second.
#!/bin/bash while : do sleep 5 if [[ $(nmap -p 445 192.168.10.72 -oG - | grep -i open) ]]; then echo "!!!!!!!!!!!445 is open GO GO GO GO GO GO GO GO GO GO!!!!!!!!!" while : do echo -ne "\x07" sleep 1 done else echo "Nope, still dead." fi done
While not the prettiest script, this worked out perfectly for my scenario.
Rays-MacBook-Pro:tools doyler$ ./alarm.sh Nope, still dead. Nope, still dead. Nope, still dead. ... !!!!!!!!!!!445 is open GO GO GO GO GO GO GO GO GO GO!!!!!!!!! ^C
Nmap Alarm – Conclusion
The main point of this post wasn’t alarm.sh, but rather an interesting solution to an engagement problem that could happen to anyone.
Note that you will need to restart the alarm script if the host goes offline. My first script doesn’t restart the scanning, but this could be easily added.
Hopefully this will at least lead you to more create solutions for weird pentesting problems!