Just Scan It with JFScan

What is JFScan?

JFScan is a great enumeration tool  created by nullt3r written mainly in python. It is self proclaimed to be like “Nmap on steroids” and absolutely for the right reason.

JFScan lets you utilize Masscan to scan for open ports and use Nmap scripts on discovered ports to scan for services. JFScan allows you to run a scan of many different targets using the targets flag(-t) followed by a text file with the domain/IP/URL listed inside.

You can run all of this in one command with the option to output to a text file. You also have the option to output your Masscan into a xml file and send it to Nmap manually to continue vulnerability and service scans. At this time JFScan only supports service scanning. Check out the README.md on GitHub

Installing JFScan

Installation was pretty easy but there are a few things required before you get started. Since this is written in python be sure python3 and pip are installed, then you need the libpcap library, you can do this with the apt command. Once you have that installed you need to install Masscan. Clone the repository and navigate to the masscan directory then  recompile and install the binaries:

sudo apt install libpcap-dev
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
sudo make install

As you can see we needed root permission to install the binaries. Masscan requires root permission to run and since its not best practice to run binaries under root we can use Linux capabilities to provide root access. In the command below we are assigning the capability to CAP_NET_RAW with escalated privilege to the Masscan bin folder.

sudo setcap CAP_NET_RAW+ep /usr/bin/masscan

Finally to install JFScan back in your home directory clone the JFScan repository on GitHub, navigate to the downloaded directory and run a pip install like so:

$ git clone https://github.com/nullt3r/jfscan.git
$ cd jfscan
$ pip3 install .

There are other optional features in the installation section of the readme.

How to use JFScan?

usage: jfscan [-h] -t TARGETS [--resolvers RESOLVERS] [-m MODULES] (-p PORTS | -tp TOP_PORTS) [-r MAX_RATE] [-oi] [-od] [-q] [--nmap] [--nmap-options NMAP_OPTIONS] [--nmap-threads NMAP_THREADS] [--nmap-output NMAP_OUTPUT]

JFScan - Just Fu*king Scan

optional arguments:
  -h, --help            show this help message and exit
  -t TARGETS, --targets TARGETS
                        list of targets, accepted form is: domain name, IPv4, IPv6, URL
  --resolvers RESOLVERS
                        custom resolvers separated by a comma, e. g., 8.8.8.8,1.1.1.1
  -m MODULES, --modules MODULES
                        modules separated by a comma, available modules: enum_amass, enum_crtsh
  -p PORTS, --ports PORTS
                        ports, can be a range or port list: 0-65535 or 22,80,100-500,...
  -tp TOP_PORTS, --top-ports TOP_PORTS
                        scan only N of the top ports, e. g., --top-ports 1000
  -r MAX_RATE, --max-rate MAX_RATE
                        max kpps rate
  -i INTERFACE, --interface INTERFACE
                        interface for masscan and nmap to use
  -oi, --only-ips       output only IP adresses, default: all resources
  -od, --only-domains   output only domains, default: all resources
  -q, --quite           output only results

  --nmap                run nmap on discovered ports
  --nmap-options NMAP_OPTIONS
                        nmap arguments, e. g., --nmap-options='-sV' or --nmap-options='-sV --script ssh-auth-methods'
  --nmap-threads NMAP_THREADS
                        number of nmaps to run concurrently, default 8
  --nmap-output NMAP_OUTPUT
                        path to save output file in XML format (same as nmap option -oX)
You can run jfscan from the directory followed by the argument of your choice. Here are a few I ran on my machines:

Scanning for ports 80,8080,443 and 21 on my target list then running the crt enumeration module.

In the screenshot above you can see I created a text file called target1 with a list of targets. I then ran a jfscan for HTTP ports, FTP ports and HTTPS ports.

Conclusion

This tool is very robust and very fast. Lightening Fast. Faster than Fast! I like the ability to run nmap scripts inside of the jfscan itself but being able to print the output of a scan in xml format for something like zenmap (nmap GUI) is extremely convenient. Were going with a 5 out of 5 on this one putting this tool in my top 5 on GitHub. Happy Hacking!

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive discount here

Help support LHN by buying a T-shirt or a mug?

Check out our selection here

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

BruteDum- A network attack bruteforce tool

MHDDoS – A DDoS Attack Script With Over 50 Different Methods

A Review of DNS Enumeration Tool: DNSEnum