Intelligent Machine Discovery

Intro

IMD is an executable made to do remote discovery / recon on machines like you might find in CTFs. It is the evolution of a shell script I wrote for my OSCP exam that I decided to make in Rust as a learning experience, and for use in CTFs like those on HackTheBox.

Features

• Common TCP port scan with service discovery
• Full TCP port scan
• Detection of NFS shares
• Organization of all relevant data in a directory for the target machine
• If applicable addition of hostname to /etc/hosts
• If applicable nikto scan on ports hosting websites
• If applicable feroxbuster scan for ports hosting websites

Setup

1. Download the most recent release from the release page
2. Give imd execute rights (run chmod +x imd)
3. Move imd to usr/local/bin
4. Ensure that you have the required dependencies:
   1. feroxbuster installed
   2. nikto installed
   3. nmap installed
   4. showmount installed
   5. The file /usr/share/wordlists/seclists/Discovery/Web-Content/raft-medium-directories.txt
      • You don’t actually have to use this file but for (hand waving) reasons it will have to exist. It can be empty if you’d prefer to use your own wordlist

Use

sudo imd -t IP_ADDRESS_1[=hostname] IP_ADDRESS_2[=hostname] ... -w WORDLIST

As individual scans complete, you’ll be able to view their output in their respective directory and file

Examples

sudo imd -t 10.10.10.215

sudo imd -t 10.10.10.215=academy.htb

sudo imd -t 10.10.10.215 10.10.10.216 10.10.10.217

sudo imd -t 10.10.10.215=academy.htb 10.10.10.217=cereal.htb 10.10.10.216 10.10.10.218 10.10.10.219

sudo imd -t 10.10.10.215 -w /usr/share/wordlists/dirbuster/directory-list-lowercase-small.txt