Combines the speed of masscan with the reliability and detailed enumeration of nmap.
A POSIX-compliant BASH script for efficient reconnaissance and attack prep against massive edge networks!
Handles the enumeration of large edge networks at high speed. Uses masscan to quickly identify open ports, then calls nmap to gain details on the systems / services listening on those ports. Data is stored in both masscan & nmap standard outputs, as well as a few other grepable intermediary files that include identified domains & subdomains, all nicely organized into per-network directories to make your boss think you know what you're doing. Most importantly (IMHO), quite a number of flat files are produced in IP:PORT format for highly-attackable services such as RDP, ssh, ftp and lots more!