Add safe external inventory scripts

This commit is contained in:
emilsarafutdinov
2026-07-01 02:52:14 +05:00
commit 36c5f0bbd1
7 changed files with 1129 additions and 0 deletions
+53
View File
@@ -0,0 +1,53 @@
# Safe External Inventory
This repository contains a list of public IPv4 addresses in [public_ipv4_from_master.txt](public_ipv4_from_master.txt) and a helper script for a conservative external inventory pass.
## What the script does
The script:
- validates and deduplicates IPv4 addresses from the input file
- runs a moderate `nmap` inventory against the top 20 TCP ports
- performs light service detection
- writes raw `nmap` outputs plus CSV and Markdown summaries
It intentionally does not run aggressive vulnerability scripts, OS fingerprinting, or full port sweeps.
## Usage
Install `nmap`, then run:
```bash
chmod +x scripts/safe_external_inventory.sh
scripts/safe_external_inventory.sh
```
Optional arguments:
```bash
scripts/safe_external_inventory.sh \
public_ipv4_from_master.txt \
reports/custom-run
```
## Output
Each run creates a timestamped folder under [reports](reports) with:
- `targets.txt` - cleaned list of validated IPs
- `nmap_inventory.nmap` - normal `nmap` output
- `nmap_inventory.gnmap` - grepable output
- `nmap_inventory.xml` - XML output for tooling
- `summary.csv` - one row per open port
- `summary.md` - quick review queue sorted by host exposure
## Interpreting the results
Prioritize hosts that expose:
- multiple services to the internet
- remote administration ports such as SSH, RDP, WinRM, or control panels
- outdated or unexpected product banners
- plaintext services such as Telnet, FTP, or HTTP admin endpoints
Use the inventory as a review queue for patching, access reduction, ownership checks, and deeper manual assessment within your approved process.