While not the most useful tool, I wanted to share the Nmap alarm that I used on a recent engagement.
Nmap Alarm – Introduction
During an internal engagement, there was one host (actually the only practical target) that was proving a bit problematic.
We knew that we had access to this host, but it would only be online occasionally and seemingly randomly. Note: as I found out later, it was because this was the only workstation at the site, and the user would put it to sleep when he finished.
In this case, I needed to know when I would be able to attack, regardless of what time it was.
Building the Alarm
First, I just threw together a quick wrapper script for nmap that would serve as my alarm.
This script just scans the target IP and port every 5 seconds, and then print the “Ring terminal bell” character every one second.
#!/bin/bash while : do sleep 5 if [[ $(nmap -p 445 192.168.10.72 -oG - | grep -i open) ]]; then echo "!!!!!!!!!!!445 is open GO GO GO GO GO GO GO GO GO GO!!!!!!!!!" while : do echo -ne "\x07" sleep 1 done else echo "Nope, still dead." fi done
While not the prettiest script, this worked out perfectly for my scenario.
Rays-MacBook-Pro:tools doyler$ ./alarm.sh Nope, still dead. Nope, still dead. Nope, still dead. ... !!!!!!!!!!!445 is open GO GO GO GO GO GO GO GO GO GO!!!!!!!!! ^C
Nmap Alarm – Conclusion
The main point of this post wasn’t alarm.sh, but rather an interesting solution to an engagement problem that could happen to anyone.
Note that you will need to restart the alarm script if the host goes offline. My first script doesn’t restart the scanning, but this could be easily added.
Hopefully this will at least lead you to more create solutions for weird pentesting problems!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.