Automated Nmap Toolkit

Farzan Mohammed1, Nor Azlina Abdul Rahman2,Yusnita Yusof3 and Dr Julia Juremi4
2022 International Conference on Advancements in Smart, Secure and Intelligent Computing (ASSIC) | 978-1-6654-6109-2/22/$31.00 ©2022 IEEE | DOI: 10.1109/ASSIC55218.2022.10088375

1234
Forensic and Cyber Security Research Centre
Asia Pacific University, Technology Park Malaysia, Bukit Jalil, Kuala Lumpur, Malaysia.
1
farzannobi@gmail.com, 2nor_azlina@apu.edu.my, 3yusnita.yusof@gmail.com, 4julia.juremi@apu.edu.my

Abstract— Information gathering is one of the most important to use it or do not know it exists Thus now allowing the user to
methodologies within Cybersecurity allowing pen-testers and gather as much information as he/she can when doing audits or
security researchers to find information about a host or a network. vulnerability research thus resorting to other tools like Nessus
Nmap is one of the most popular information gathering tools for which is Resource heavy while Nmap is highly portable and
finding information about a network or host and it is a highly highly flexible as well.
versatile tool which can be fine grained using the command line.
Now for new students, beginners or script kiddies that come into
cybersecurity fail to use the full functionality of Nmap or fail to 2 Similar Systems
continue forward due the vast versatility of Nmap. This paper
documents how a toolkit based on Nmap is automated to help in 2.1 nmapAutomator
achieving the same results but made so much easier for the user.
The most similar system to Nmap Toolkit is the
Key Term: Nmap, automated toolkit, penetration testing nmapAutomator. It is an automation tool that automates the
process of enumeration & recon. It ensures the automation of
1 Introduction Nmap scans and has a recon scan running in the background as
well. The Automator thus only an initial port scan which then
Information Gathering is the first step to getting into a system later each scan needs to have a manual auto scan done.[1]
and the most used tool is Nmap. If a cybers security professional
can use Nmap to its fullest advantage, then he/she can get
information faster and proceed with further evaluation or attack
of the system without compromising time. The more
information a security professional can gather the easier they
can proceed with the attack.

Nmap is such a powerful tool it is a command line-based tool,

and it requires the knowledge of working in a command line
and high understanding of the network to get the best
experience out of Nmap. Each command in Nmap can be
combined to get additional information that is hidden behind a
company or an enterprise. As Nmap is the first stage of
information gathering in the Ethical Hacker Methodology A
beginner that has just entered cybersecurity can find it really
overwhelming and it can discourage the beginner to continue
further into cybersecurity due to the challenges faced when
learning about Nmap.
Nmap also has multitude of commands and features which even
some professionals may not know and end up using some other
tools to fetch that information. Thus, not allowing any of the
security professional to use Nmap to its fullest. Nmap has major
scans such as SCTP scans to Cookie Echo, Firewall bypass and
much more. But to memorise these commands and then to use
it with combination of other commands makes Nmap harder for
any newbie to understand the concept behind it.
Nmap has also another feature called the Nmap Script Engine
or NSE this allows Nmap to do security auditing and
vulnerability finding of a particular host or whole array of host
within a network but many beginners to moderate cyber
security engineers failed to use it because they do not know how
Figure 1: nmapAutomator
NmapAutomator provides the following features:
• Network scans in which all the live hosts are shown
through ping scan
• Port scans in which it shows all the open ports
• Full scan or all scan in which it scans through each and
every port
• UDP scan which needs manual root permission
• Reconnaissance scan
NmapAutomator also runs in bash, and it needs custom
installation done by the user in which the tool ‘ffuf’ &
‘goBusted’ needs to be installed manually by the user.
2.2 Sandmap
Sandmap tool also an automation reconnaissance tool based on
the command line, and it uses mainly the Nmap Script Engine

978-1-6654-8695-8/22/$31.00 ©2022
Authorized licensed use limited IEEE Airlangga. Downloaded on May 05,2024 at 11:12:02 UTC from IEEE Xplore.
to: Universitas Restrictions apply.
 2

or the Nmap Engine. It provides a easy user-friendly interface,

automates and automatically speeds up scans thus allowing for
the usage of advanced scanning techniques.
Sandmap needs few of the external requirements which needs
to be installed manually which are nmap, xterm & proxychains.
The proxychains is for scanning darkweb websites [2].
Sandman has the following features:
• Command Line interface with NSE Scans
• Contains already hardcoded pre-defined scans
• Has Tor support scans using proxychains
• Can do combinational scans at once
• Contains a total of 31 modules

Figure 4: Analysis of Data: Names Collected

All the 62 participants have acknowledged to the terms stated

in the survey and followed through the survey with the
disclaimer given on the description of the survey.

Figure 2: Sandmap

3 Result & Analysis

3.1 Information about the Surveyor

The questionnaire was released on February 18th and is open up

until March 10th. The questionnaire received a total of 62
responses so far. Each result of the questionnaire will be
analysed below:
Figure 5: Analysis of Data: Email Collection

The emails are collected for getting back to the user, if

necessary, it is rare but also allows for the verification of user
and that it is a user and not a bot of any sort

Figure 3: Analysis of Data: Participant Agreement

All the 62 participants have acknowledged to the terms stated

in the survey and followed through the survey with the
disclaimer given on the description of the survey.

Figure 6: Analysis of Data: Gender of Participants

This survey was sent through multiple sources and from the
data that is collected above we can see there is 77.4% (Male)

Authorized licensed use limited to: Universitas Airlangga. Downloaded on May 05,2024 at 11:12:02 UTC from IEEE Xplore. Restrictions apply.
 3

participants and 22.6%(Female) participants. The majority of

the participants here are male. This is all from 62 responses.

Figure 10: Analysis of Data: Familiarity of Nmap

In this response we have 80.6% (50 participants) telling Yes to

Figure 7: Analysis of Data: Education Background using Nmap and finally 19.4% (12 participants) saying No to
using Nmap tool.
Most of the participants that have attended to this participant
are from Bachelor of Degree with 83.9% (52 participants)
people. Followed by Foundation/A level which is 14.5% (9
participants) and finally Diploma with 1.6% (1 participant).

Figure 11: Analysis of Data: Proficiency of Nmap

Range of Participants Percentage

Figure 8: Analysis of Data: Occupation/Background
proficiency (%)
3.2 Information about the Technical Knowledge
In this response we have 75.8% (47 participants) stating Yes to 1 5 8.1%
the survey followed by 11.3% (7 participants) stating No and
finally 12.9% (8 participants) telling maybe. Majority of the 2 6 9.7%
participants have stated Yes.
3 7 11.3%
4 9 14.5%
5 7 11.3%
6 7 11.3%
7 11 17.7%
Figure 9: Analysis of Data: Familiarity of Command Line
8 6 9.7%
In this response we have 75.8% (47 participants) stating Yes to
the survey followed by 11.3% (7 participants) stating No and 9 3 4.8%
finally 12.9% (8 participants) telling maybe. Majority of the
participants have stated Yes.
10 1 1.6%

Table 1: Results: Proficiency rate of Nmap

Authorized licensed use limited to: Universitas Airlangga. Downloaded on May 05,2024 at 11:12:02 UTC from IEEE Xplore. Restrictions apply.
 4

40.3% (25 participants) stating No, followed by 38.7 (24

participants) telling Yes and finally 21% (13 participants)
stating Maybe. The majority of the responses telling No.

Figure 12: Analysis of Data: Is Command line of Nmap Hard to use

In this response we have up to 53.2% (33 participants) saying

No and it is hard while the rest 46.8% (29 participants) say Yes.
Majority here being No

Figure 16: Analysis of Data: Usage of Nmap if it was Automated

The varied responses are stated as follows:

Range of Participants Percentage
proficiency (%)
1 0 0%
2 1 1.6%
Figure 13: Analysis of Data: Preference of Automated Tools
3 0 0%
In this response 96.8% (60 participants) telling yes while only
3.2% (2 participants) tell No. Majority of participants telling 4 0 0%
Yes.
5 2 3.2%
6 4 6.5%
7 11 17.7%
8 15 24.2%
9 9 14.5%

Figure 14: Analysis of Data: If Nmap was automated

10 20 32.3%

In this response there is about 95.2% (59 participants) stating Table 2: Result: Response if it was Automated
Yes to it while the rest 4.8% (3 participants) stating No to
having Nmap tool being automated.

Figure 15: Analysis of Data: Usage of Nmap Script Engine (NSE)

Authorized licensed use limited to: Universitas Airlangga. Downloaded on May 05,2024 at 11:12:02 UTC from IEEE Xplore. Restrictions apply.
 5

Figure 17: Analysis off Data: Feedback on Nmap being automated Figure 17: Nmap Toolkit: Access Control

Almost all the responses here was that it would be great to
having it being efficient and this was the goal of the project thus
we have maximum customer satisfaction. The opinions
collected here helps in proceeding further into the system
development.
After it passes through the access control and package installer
it displays the menu where the user can select which scan, they
should go forth with.

4 Implementation of the Toolkit

After receiving all the response, the tool was created to

implement most of Nmap’s features and make it into an
automated toolkit, with a beautiful UI/UX. The Nmap Toolkit
has an auto installation for all the dependencies that is needed
for it to run. It checks if the needed files are there. If not, it asks
the user for the files to be installed thus allowing for the tool to
run as intended.

Figure 17: Nmap Toolkit: Main Menu

Each scan has its own division in which the user can use to
access each individual scan as per their needs. But before they
can proceed with a scan they are provided with an intermittent
screen where the user can type in the IP Address.

Figure 18: Nmap Toolkit: Package Checker

Next is the Access Control, Nmap is a toolkit that requires it to

be run in root access therefore the tool has a Toolkit Access
control checker which checks if the user is in root or not. If it is
in root, it grants access to the toolkit if not it asks the user to run
the system in root.

Authorized licensed use limited to: Universitas Airlangga. Downloaded on May 05,2024 at 11:12:02 UTC from IEEE Xplore. Restrictions apply.

Figure 17: Nmap Toolkit: IP Address Input
After the IP address is inputted, the user is displayed with a
different screen depending on the scan they have selected. For
basic scan the following set of scans is displayed also Basic
scan is made for simple scans but with a lot more faster scans
are available thus allowing the user to get information about a
host the way they want it.
Figure 17: Nmap Toolkit: Basic Scan Menu
The same menu is applicable for the Advanced Scan. Advanced
scans go in-depth by using Nmap’s highly versatile scans such
as SCTP scans to Custom flag scans, but each option can be
used by the user without any prerequisite knowledge.
Authorized licensed use limited to: Universitas Airlangga. Downloaded on May 05,2024 at 11:12:02 UTC from IEEE Xplore. Restrictions apply.
6
Figure 17: Nmap Toolkit: Advanced Scan Menu
Next, we have the Firewall, IDS, Evasion and Spoofing menu
this is used for evading firewall and IDS using different
methods this is a dedicated scan within Nmap using different
methods, but many users do not use this because it is not well
known or hardly thought of.
Figure 17: Nmap Toolkit: Firewall, IDS, Evasion and Spoofing menu
Followed by Nmap Nikto scan which uses the Nikto
dependency to allow for even more better web vulnerability
scans.
Figure 17: Nmap Toolkit: Nmap Nikto Scan Menu
Followed by Nmap NetBIOS scan which uses NetBIOS scans
to see if Service Management Bus or SMB is running within the
host. This is all integrated within the Nmap Toolkit.

Figure 17: Nmap Toolkit: Nmap NetBIOS Scan Menu
Then log clearing option to clear the logs of each major scan
and its subsections can a well all together.
Figure 17: Nmap Toolkit: Log Clearer
Finally, description option, this is kept so each scan has a
description the user can access, and this is done so that the user
understands what each scan is about thus allowing for a better
understanding of what scan they are doing and getting into.
Figure 17: Nmap Toolkit: Description Menu
Authorized licensed use limited to: Universitas Airlangga. Downloaded on May 05,2024 at 11:12:02 UTC from IEEE Xplore. Restrictions apply.
7
5 Conclusions
The reason to start this project was to make the entry into
cybersecurity easier for all the beginners out there as the
number of cybersecurity job is increasing day by day basis and
the tools being complex. It is overwhelming for students and
newbies alike to enter this field thus making a wide gap in the
industry. That is why Nmap toolkit was made as Nmap is the
tool that is first used in the initial stages of hacker methodology
which is known as Information gathering. It is the first tool that
is used to gather information on a particular network, or a range
of hosts and IPs. Without this tool it would be harder to gather
all the necessary information that is needed to proceed with
scanning and exploitation.
Nmap toolkit was made to automate the complexity of the
Nmap into simple menu driven program which has all the
functions of Nmap, to make it simple, to make sure that the core
functions of Nmap is usable and to provide the user flexibility
without studying the actual code or commands needed to work
through Nmap. This is done so to make it less overwhelming
for the beginners and to narrow the gap into entering the field
of cybersecurity easier without the hindrance of learning
complex codes and to have pre-requisite knowledge on
command line.
Furthermore, the project is worked upon by gathering as much
as details and information from the participants through surveys
to help make the project better and follow user satisfaction as
this is also based on Extreme programming methodology. In
order to achieve all of this it was done in a Linux based desktop
and all of scripting was achieved through bash to finally create
the toolkit that is necessary to give the user satisfaction and also
to keep on updating as Nmap gets evolved.
To conclude the statement, the project can be successfully
achieved with eh various tools, researches and data acquired
throughout the months to make a toolkit that satisfies all the
needs of the user and finally to help and bring new set of
Cybersecurity individuals into the world of Ethical hacking by
narrowing the gap of learning and also to allow them to
understand their hosts and networks even more better without
the overwhelming knowledge and complexity of the tools that
help them in becoming better in this day and era.
6 References
[1] GitHub. 2021. GitHub - 21y4d/nmapAutomator: A script
that you can run in the background!. [online] Available at:
<https://github.com/21y4d/nmapAutomator> [Accessed 3
February 2022].
[2] 8. GitHub. 2019. GitHub - trimstray/sandmap: Nmap on
steroids. Simple CLI with the ability to run pure Nmap engine,
31 modules with 459 scan profiles.. [online] Available at:
<https://github.com/trimstray/sandmap> [Accessed 3 February
2022].