What is JFScan?
JFScan is a great enumeration tool created by nullt3r written mainly in python. It is self proclaimed to be like “Nmap on steroids” and absolutely for the right reason.
JFScan lets you utilize Masscan to scan for open ports and use Nmap scripts on discovered ports to scan for services. JFScan allows you to run a scan of many different targets using the targets flag(-t) followed by a text file with the domain/IP/URL listed inside.
You can run all of this in one command with the option to output to a text file. You also have the option to output your Masscan into a xml file and send it to Nmap manually to continue vulnerability and service scans. At this time JFScan only supports service scanning. Check out the README.md on GitHub
Installation was pretty easy but there are a few things required before you get started. Since this is written in python be sure python3 and pip are installed, then you need the libpcap library, you can do this with the apt command. Once you have that installed you need to install Masscan. Clone the repository and navigate to the masscan directory then recompile and install the binaries:
sudo apt install libpcap-dev git clone https://github.com/robertdavidgraham/masscan cd masscan make sudo make install
As you can see we needed root permission to install the binaries. Masscan requires root permission to run and since its not best practice to run binaries under root we can use Linux capabilities to provide root access. In the command below we are assigning the capability to CAP_NET_RAW with escalated privilege to the Masscan bin folder.
sudo setcap CAP_NET_RAW+ep /usr/bin/masscan
Finally to install JFScan back in your home directory clone the JFScan repository on GitHub, navigate to the downloaded directory and run a pip install like so:
git clone https://github.com/nullt3r/jfscan.git $ cd jfscan $ pip3 install .
There are other optional features in the installation section of the readme.
How to use JFScan?
usage: jfscan [-h] -t TARGETS [--resolvers RESOLVERS] [-m MODULES] (-p PORTS | -tp TOP_PORTS) [-r MAX_RATE] [-oi] [-od] [-q] [--nmap] [--nmap-options NMAP_OPTIONS] [--nmap-threads NMAP_THREADS] [--nmap-output NMAP_OUTPUT] JFScan - Just Fu*king Scan optional arguments: -h, --help show this help message and exit -t TARGETS, --targets TARGETS list of targets, accepted form is: domain name, IPv4, IPv6, URL --resolvers RESOLVERS custom resolvers separated by a comma, e. g., 220.127.116.11,18.104.22.168 -m MODULES, --modules MODULES modules separated by a comma, available modules: enum_amass, enum_crtsh -p PORTS, --ports PORTS ports, can be a range or port list: 0-65535 or 22,80,100-500,... -tp TOP_PORTS, --top-ports TOP_PORTS scan only N of the top ports, e. g., --top-ports 1000 -r MAX_RATE, --max-rate MAX_RATE max kpps rate -i INTERFACE, --interface INTERFACE interface for masscan and nmap to use -oi, --only-ips output only IP adresses, default: all resources -od, --only-domains output only domains, default: all resources -q, --quite output only results --nmap run nmap on discovered ports --nmap-options NMAP_OPTIONS nmap arguments, e. g., --nmap-options='-sV' or --nmap-options='-sV --script ssh-auth-methods' --nmap-threads NMAP_THREADS number of nmaps to run concurrently, default 8 --nmap-output NMAP_OUTPUT path to save output file in XML format (same as nmap option -oX)
In the screenshot above you can see I created a text file called target1 with a list of targets. I then ran a jfscan for HTTP ports, FTP ports and HTTPS ports.
This tool is very robust and very fast. Lightening Fast. Faster than Fast! I like the ability to run nmap scripts inside of the jfscan itself but being able to print the output of a scan in xml format for something like zenmap (nmap GUI) is extremely convenient. Were going with a 5 out of 5 on this one putting this tool in my top 5 on GitHub. Happy Hacking!
Want to learn more about ethical hacking?
We have a networking hacking course that is of a similar level to OSCP, get an exclusive discount here
Help support LHN by buying a T-shirt or a mug?
Check out our selection here
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.