NetHunter | Network Vulnerability Scanner

Features

Port Scanning

Scan individual IPs, IP ranges, or CIDR notations with customizable port lists to identify open services and potential entry points.

Service Detection

Identify services running on open ports with banner grabbing and precise fingerprinting techniques.

Vulnerability Scanning

Detect common vulnerabilities in services like HTTP, SSH, FTP, and SMB with built-in payloads and analysis tools.

Custom Payloads

Extend functionality with user-defined Ruby scripts to create specialized tests and exploits for your environment.

Multi-Threaded Performance

Speed up scans with concurrent thread support, enabling efficient scanning of large networks.

Detailed Reporting

Generate comprehensive JSON reports for analysis, documentation, and sharing findings with stakeholders.

Installation

Clone the Repository

user@kali:~$ git clone https://github.com/manashma/nethunter.git Cloning into 'nethunter'... remote: Enumerating objects: 157, done. remote: Counting objects: 100% (157/157), done. remote: Compressing objects: 100% (92/92), done. remote: Total 157 (delta 65), reused 157 (delta 65), pack-reused 0 Receiving objects: 100% (157/157), 52.63 KiB | 2.63 MiB/s, done. Resolving deltas: 100% (65/65), done. user@kali:~$ cd nethunter

Install Ruby

Ensure Ruby (version 2.5 or higher) is installed. Download it from ruby-lang.org or use a package manager:

Ubuntu/Debian:

user@kali:~$ sudo apt install ruby

macOS:

user@mac:~$ brew install ruby

Windows:

Use the RubyInstaller.

Verify the installation:

user@kali:~$ ruby -v ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux]

Install Required Gems

user@kali:~/nethunter$ gem install optparse json socket net-http uri fileutils colorize time timeout concurrent

Set Up Directories

The tool automatically creates the following directories if they don't exist:

payloads/: For custom payload scripts.
exploits/: For custom exploit scripts.
output/: For saving scan results.

Configuration

On the first run, NetHunter generates a config.json file with default settings (e.g., scan timeout, default ports, thread count). Edit this file to customize behavior as needed.

Usage

Run NetHunter with the following command:

user@kali:~/nethunter$ ruby nethunter.rb [options]

Command-Line Options

Option	Description
`-t, --target TARGET`	Specify a single target IP or hostname (e.g., 192.168.1.1).
`-r, --range IP_RANGE`	Scan an IP range (e.g., 192.168.1.1-192.168.1.254 or 192.168.1.0/24).
`-p, --ports PORT_RANGE`	Define ports to scan (e.g., 1-100 or 80,443,8080). Default ports used if omitted.
`--payload PAYLOAD_NAME`	Run a custom payload from `payloads/` (e.g., `http_vulnerability_scanner`).
`-o, --output FILENAME`	Save results to a file in `output/` (e.g., `scan.json`).
`-v, --verbose`	Enable detailed output during scanning.
`--exploit EXPLOIT_NAME`	Execute a specific exploit from `exploits/`.
`--list-payloads`	Display all available payloads in `payloads/`.
`--list-exploits`	Display all available exploits in `exploits/`.
`--pentest`	Run a direct penetration test using the specified payload.
`--timeout SECONDS`	Set the scan timeout in seconds (overrides `config.json`).
`--threads NUM`	Set the number of concurrent threads (overrides `config.json`).
`--aggressive`	Enable aggressive scanning (service and version detection).
`--service-scan`	Perform service detection on open ports.
`--vuln-scan`	Scan for common vulnerabilities on detected services.
`-h, --help`	Show the help message.
`--version`	Display the NetHunter version (1.1.0).

Examples

Basic Port Scan

user@kali:~/nethunter$ ruby nethunter.rb -t 192.168.1.1 [*] NetHunter v1.1.0 starting... [*] Target: 192.168.1.1 [*] Scanning default ports (21,22,23,25,53,80,110,135,139,143,443,445,993,995,1723,3306,3389,5900,8080) [+] Open port detected: 22 (SSH) [+] Open port detected: 80 (HTTP) [+] Open port detected: 443 (HTTPS) [*] Scan completed in 3.54 seconds [*] 3 open ports found

Scan an IP Range with Custom Ports and Verbose Output

user@kali:~/nethunter$ ruby nethunter.rb -r 192.168.1.1-192.168.1.10 -p 80,443,8080 -v [*] NetHunter v1.1.0 starting... [*] Verbose mode enabled [*] Target range: 192.168.1.1 - 192.168.1.10 [*] Ports to scan: 80, 443, 8080 [*] Using 10 threads for scanning [*] Starting scan on 192.168.1.1... [+] 192.168.1.1:80 - Open [+] 192.168.1.1:443 - Open [-] 192.168.1.1:8080 - Closed [*] Starting scan on 192.168.1.2... ... [*] Scan completed in 12.75 seconds [*] Results summary: [*] 192.168.1.1 - Open ports: 80, 443 [*] 192.168.1.3 - Open ports: 80 [*] 192.168.1.5 - Open ports: 80, 8080 [*] 192.168.1.9 - Open ports: 443 [*] 4 hosts with open ports found

Run a Vulnerability Scan and Save Output

user@kali:~/nethunter$ ruby nethunter.rb -t 192.168.1.1 --vuln-scan -o scan_results.json [*] NetHunter v1.1.0 starting... [*] Target: 192.168.1.1 [*] Vulnerability scanning enabled [*] Scanning default ports (21,22,23,25,53,80,110,135,139,143,443,445,993,995,1723,3306,3389,5900,8080) [+] Open port detected: 22 (SSH) [+] Open port detected: 80 (HTTP) [+] Open port detected: 443 (HTTPS) [*] Running vulnerability scans on open ports... [*] Scanning SSH (port 22)... [*] Banner: SSH-2.0-OpenSSH_8.2p1 [+] Service detected: OpenSSH 8.2p1 [-] No known vulnerabilities detected for OpenSSH 8.2p1 [*] Scanning HTTP (port 80)... [+] Server: Apache/2.4.41 [+] Detected open directories at /admin/ - SECURITY RISK [!] Found potential XSS vulnerability in search parameter [*] Scanning HTTPS (port 443)... [+] Server: Apache/2.4.41 [!] SSL Certificate is self-signed - potential trust issues [*] Scan completed in 8.76 seconds [*] 3 open ports found [*] 3 vulnerabilities detected [*] Saving results to output/scan_results.json

List Available Payloads

user@kali:~/nethunter$ ruby nethunter.rb --list-payloads [*] Available payloads: [*] 1. http_vulnerability_scanner - Scans for common HTTP vulnerabilities (XSS, SQLi, open directories) [*] 2. service_enumeration - Performs advanced service enumeration and fingerprinting [*] 3. ssh_weak_credentials - Tests SSH for weak or default credentials [*] 4. my_payload - A custom payload example

Custom Payloads

NetHunter allows you to extend its functionality with custom Ruby payloads, stored in the payloads/ directory.

Adding a Custom Payload

Create a Ruby file in payloads/ (e.g., my_payload.rb).
Define a class matching the file name (e.g., MyPayload for my_payload.rb).
Implement the run method, which takes:
- target: The target IP or hostname.
- open_ports: An array of open ports.
- options: A hash of command-line options.
Add a # Description: comment at the top.

Payload Template

# Description: A custom payload example
class MyPayload
  def run(target, open_ports, options)
    puts "Running custom payload on #{target}"
    results = { target: target, findings: [] }

    if open_ports.include?(80)
      results[:findings] << "Port 80 open, potential HTTP service."
    end

    if options[:verbose]
      puts "Verbose: #{results[:findings].join(', ')}"
    end

    results
  end
end

Using a Custom Payload

user@kali:~/nethunter$ ruby nethunter.rb -t 192.168.1.1 --payload my_payload [*] NetHunter v1.1.0 starting... [*] Target: 192.168.1.1 [*] Loading payload: my_payload [*] Scanning default ports (21,22,23,25,53,80,110,135,139,143,443,445,993,995,1723,3306,3389,5900,8080) [+] Open port detected: 22 (SSH) [+] Open port detected: 80 (HTTP) [+] Open port detected: 443 (HTTPS) [*] Running custom payload on 192.168.1.1 [*] Payload findings: [*] - Port 80 open, potential HTTP service. [*] Scan completed in 4.15 seconds [*] 3 open ports found [*] Results saved to output/192.168.1.1_payload_results.json

Available Payloads

NetHunter version 1.1.0 includes several pre-built payloads to help you get started:

HTTP Vulnerability Scanner

Scans for common HTTP vulnerabilities such as XSS, SQL injection, open directories, and misconfigured servers.

# Description: Scans for common HTTP vulnerabilities (XSS, SQLi, open directories)
class HttpVulnerabilityScanner
  def run(target, open_ports, options)
    # Implementation details
  end
end

Service Enumeration

Performs advanced service enumeration and fingerprinting to identify service types, versions, and potential misconfigurations.

# Description: Performs advanced service enumeration and fingerprinting
class ServiceEnumeration
  def run(target, open_ports, options)
    # Implementation details
  end
end

SSH Weak Credentials

Tests SSH servers for weak or default credentials using a built-in dictionary of common username/password combinations.

# Description: Tests SSH for weak or default credentials
class SshWeakCredentials
  def run(target, open_ports, options)
    # Implementation details
  end
end

List all available payloads with:

user@kali:~/nethunter$ ruby nethunter.rb --list-payloads

Security Notice

⚠️ Ethical Use Only

NetHunter is designed for security professionals, network administrators, and ethical hackers to assess and improve network security. Always obtain proper authorization before scanning any network or system you don't own. Unauthorized scanning may be illegal and unethical.

By using NetHunter, you agree to:

Only scan systems you own or have explicit permission to test
Respect the privacy and security of others
Use the tool responsibly and ethically
Comply with all applicable laws and regulations

Contributing

Contributions to NetHunter are welcome! Here's how you can help improve the project:

Report bugs and suggest features by opening issues on GitHub
Submit pull requests with bug fixes or feature enhancements
Create new payloads and share them with the community
Improve documentation and provide usage examples

Please follow the coding style and guidelines in the repository.