This payload will launch NMap on a given interface (default eth0) and scan the local subnet. There is no need to know the subnet as the payload will capture and infer the subnet from the IP it receives while launching. The payload will store scan files in all three file types supported by nmap. Also the payload will create a log.txt file to dump process information which may be useful to troubleshoot errors. The default path is /mnt/loot/nmapdump The payload has common variables that maybe changed located at the top of the file making customizing this payload as your deployment needs dictate.
Reconnaissance, or recon, is all about gathering information on a target — be it an individual computer or the network at large. Individual computers may be scanned using a hotplug tool like the Bash Bunny or USB Rubber Ducky coupled with keystroke injection techniques to obtain valuable information without the need to elevate privileges.
Network reconnaissance techniques involve active scans, which may be observed by intrusion detection systems, or passive scans, which may go quietly undetected. The information obtained in a recon operation may assist in the red team's audit plan for future missions such as phishing campaigns or exfiltration. On the network enumeration side, many techniques exist for scanning the network from the outside. The same techniques may be applied to scanning inside the network, which is where hotplug Ethernet attack tools like the Shark Jack excel. See all recon payloads.
This payload is for the Packet Squirrel, a matchbook-sized Ethernet multi-tool designed to give you covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. This tiny linux-box is a man-in-the-middle that's nuts for networks.