Divide full port scan results and use it for targeted Nmap runs
Alternatives To Divideandscan
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
3 days ago765otherC
Nmap - the Network Mapper. Github mirror of official SVN repository.
4 months ago1August 03, 20221agpl-3.0Go
a drop-in replacement for Nmap powered by shodan.io
8 months ago8gpl-3.0Shell
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
2 years agogpl-3.0Python
Mass scan IPs for vulnerable services
5 years ago4mitShell
Use unicornscan to quickly scan all open ports, and then pass the open ports to nmap for detailed scans.
12 years agoApril 05, 20228gpl-3.0Go
Golang IP/port scanner with SYN (stealth) scanning and device manufacturer identification
a year ago2mitPython
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
7 days ago21June 19, 20221bsd-2-clausePython
Divide full port scan results and use it for targeted Nmap runs
a year ago12July 31, 2020mitPython
Multi-threaded Python Port Scanner with Nmap Integration
Python3 Nmap21642 days ago19October 22, 20224gpl-3.0Python
A python 3 library which helps in using nmap port scanner. This is done by converting each nmap command into a callable python3 method or function. System administrators can now automatic nmap scans using python
Alternatives To Divideandscan
Select To Compare

Alternative Project Comparisons


Divide Et Impera And Scan (and also merge the scan results)

version python codacy pypi docker

DivideAndScan is used to efficiently automate port scanning routine by splitting it into 3 phases:

  1. Discover open ports for a bunch of targets.
  2. Run Nmap individually for each target with version grabbing and NSE actions.
  3. Merge the results into a single Nmap report (different formats available).

For the 1st phase a fast port scanner* is intended to be used, whose output is parsed and stored in a single file database (TinyDB). Next, during the 2nd phase individual Nmap scans are launched for each target with its set of open ports (multiprocessing is supported) according to the database data. Finally, in the 3rd phase separate Nmap outputs are merged into a single report in different formats (XML / HTML / simple text / grepable) with nMap_Merger. The visualization portion is provided by DrawNmap.

Potential use cases:

  • Pentest engagements / red teaming with a large scope to enumerate.
  • Cybersecurity wargames / training CTF labs.
  • OSCP certification exam.

* Available port scanners:

DISCLAIMER. All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool.

How It Works


How to Install


To successfully divide and scan we need to get some good port scanning tools (in the examples below GitHub releases are grabbed via eget).

Note: if you don't feel like messing with dependecies on your host OS, skip to the Docker part.


sudo apt install nmap xsltproc -y
sudo nmap --script-updatedb


pushd /tmp
wget https://github.com/ivre/masscan/archive/refs/heads/master.zip -O masscan-master.zip
unzip masscan-master.zip
cd masscan-master
sudo make install
popd && rm -rf /tmp/masscan-master*


eget -t 2.0.1 -a amd64 RustScan/RustScan --to /tmp/rustscan.deb
sudo dpkg -i /tmp/rustscan.deb && rm /tmp/rustscan.deb
sudo wget https://gist.github.com/snovvcrash/8b85b900bd928493cd1ae33b2df318d8/raw/fe8628396616c4bf7a3e25f2c9d1acc2f36af0c0/rustscan-ports-top1000.toml -O /root/.rustscan.toml


sudo mkdir /opt/naabu
sudo eget -s linux/amd64 projectdiscovery/naabu --to /opt/naabu
sudo ln -sv /opt/naabu/naabu /usr/local/bin/naabu


sudo mkdir /opt/nimscan
sudo eget -a NimScan elddy/NimScan --to /opt/nimscan
sudo ln -sv /opt/nimscan/nimscan /usr/local/bin/nimscan


sudo mkdir /opt/sx
sudo eget -s linux/amd64 v-byte-cpu/sx --to /opt/sx
sudo ln -sv /opt/sx/sx /usr/local/bin/sx


sudo mkdir /opt/pd
sudo eget -s linux/amd64 projectdiscovery/dnsx --to /opt/pd
sudo ln -sv /opt/pd/dnsx /usr/local/bin/dnsx


DivideAndScan is available on PyPI as divideandscan, though I recommend installing it from GitHub with pipx in order to always have the bleeding-edge version:

~$ pipx install -f "git+https://github.com/snovvcrash/DivideAndScan.git"
~$ das

There's also a release packed with shiv (large file size though):

# shiv -e das.divideandscan:main -o das.pyz divideandscan
~$ wget https://github.com/snovvcrash/DivideAndScan/releases/latest/download/das.pyz && chmod +x das.pyz
~$ ./das.pyz

For debbugging purposes you can set up a dev environment with poetry:

~$ git clone --recurse-submodules https://github.com/snovvcrash/DivideAndScan
~$ cd DivideAndScan
~$ poetry install
~$ poetry run das

Note: DivideAndScan uses sudo to run all the port scanners, so it will ask for the password when scanning commands are invoked.

Using from Docker


You can run DivideAndScan in a Docker container as follows:

~$ docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan

Since the tool requires some input data and produces some output data, you should specify your current working directory as the mount point at /app within the container. Also publishing port 8050 on host allows to access the Dash app used for Nmap reports visualization.

You may want to set an alias to make the base command shorter:

~$ alias das='docker run --rm -it --name das -v ~/.das:/root/.das -v `pwd`:/app -p 8050:8050 snovvcrash/divideandscan'
~$ das

How to Use


1. Filling the DB

Provide the add module a command for a fast port scanner to discover open ports in a desired range.

Warning: please, make sure that you understand what you're doing, because nearly all port scanning tools can damage the system being tested if used improperly.

# Nmap, -v flag is always required for correct parsing!
~$ das add nmap '-v -n -Pn -e eth0 --min-rate 1000 -T4 -iL hosts.txt -p1-65535 --open'
# Masscan
~$ das add masscan '--rate 1000 -iL hosts.txt -p1-65535 --open'
# RustScan
~$ das add rustscan '-b 1000 -t 2000 -u 5000 -a hosts.txt -r 1-65535 -g --no-config'
# Naabu
~$ das add naabu '-rate 1000 -iL hosts.txt -p - -silent -s s'
# NimScan
~$ das add nimscan ' -vi -p:1-65535 -f:500'
# sx
~$ sudo sx arp -i eth0 --json | tee arp.cache
~$ das add sx 'tcp syn -a arp.cache -i eth0 --rate 1000/s -p 445,3389'

When the module starts its work, a directory ~/.das/db is created where the database file and raw scan results will be put when the module routine finishes.

2. Targeted Scanning

Launch targeted Nmap scans with the scan module. You can adjust the scan surface with either -hosts or -ports option:

# Scan by hosts
~$ das scan -hosts all -oA report1
~$ das scan -hosts, -oA report1
~$ das scan -hosts hosts.txt -oA report1
# Scan by ports
~$ das scan -ports all -oA report2
~$ das scan -ports 22,80,443,445 -oA report2
~$ das scan -ports ports.txt -oA report2

To start Nmap simultaneously in multiple processes, specify the -parallel switch and set number of workers with the -proc option (if no value is provided, it will default to the number of processors on the machine):

~$ das scan -hosts all -oA report -parallel [-proc 4]

The output format is selected with -oX, -oN, -oG and -oA options for XML+HTML formats, simple text format, grepable format and all formats respectively. When the module completes its work, a directory ~/.das/nmap_<DB_NAME> is created containig Nmap raw scan reports.

Also, you can inspect the contents of the database with -show option before actually launching the scans:

~$ das scan -hosts all -show

3 (Optional). Merging the Reports

In order to generate a report independently of the scan module, you should use the report module. It will search for Nmap raw scan reports in the ~/.das/nmap_<DB_NAME> directory and process and merge them based on either -hosts or -ports option:

# Merge outputs by hosts
~$ das report -hosts all -oA report1
~$ das report -hosts, -oA report1
~$ das report -hosts hosts.txt -oA report1
# Merge outputs by ports
~$ das report -ports all -oA report2
~$ das report -ports 22,80,443,445 -oA report2
~$ das report -ports ports.txt -oA report2

Note: keep in mind that the report module does not search the DB when processing the -hosts or -ports options, but looks for Nmap raw reports directly in ~/.das/nmap_<DB_NAME> directory instead; it means that -hosts argument value will be successfully resolved only if ~/.das/nmap_<DB_NAME>/127-0-0-1.* files exist, and -ports 80 argument value will be successfully resolved only if ~/.das/nmap_<DB_NAME>/port80.* files exist.


Let's enumerate open ports for all live machines on Hack The Box.

  1. Add mappings "host open ports" to the database with Masscan. For demonstration purposes I will exclude dynamic port range to avoid unnecessary stuff by using -p1-49151. On the second screenshot I'm reviewing scan results by hosts and by ports:
~$ das -db htb add -rm masscan '-e tun0 --rate 1000 -iL hosts.txt -p1-49151 --open'


~$ das -db htb scan -hosts all -show
~$ das -db htb scan -ports all -show


  1. Launch Nmap processes for each target to enumerate only ports that we're interested in (the open ports). On the second screenshot I'm doing the same but starting Nmap processes simultaneously:
~$ das -db htb scan -hosts all -oA report


~$ das -db htb scan -hosts all -oA report -nmap '-Pn -sVC -O' -parallel


  1. As a result we now have a single report in all familiar Nmap formats (simple text, grepable, XML) as well as a pretty HTML report.


Bring Your Own Scanner!

You can pair your favourite port scanner with DivideAndScan by implementing a single parse method for its output in das/parsers/DUMMY_SCANNER.py (see example for masscan):

from das.parsers import IAddPortscanOutput

class AddPortscanOutput(IAddPortscanOutput):
    """Child class for processing DUMMY_SCANNER output."""

    def parse(self):
        DUMMY_SCANNER raw output parser.

        :return: a pair of values (portscan raw output filename, number of hosts added to DB)
        :rtype: tuple
        hosts = set()
        for line in self.portscan_raw:
            # DUMMY_SCANNER parser implementation

        return (self.portscan_out, len(hosts))


usage: das [-h] [-db DB] {db,add,scan,dns,report,parse,draw,tree,help} ...

|  ________  .__      .__    .___        _____              .____________                       |
|  \______ \ |__|__  _|__| __| _/____   /  _  \   ____    __| _/   _____/ ____ _____    ____    |
|   |    |  \|  \  \/ /  |/ __ |/ __ \ /  /_\  \ /    \  / __ |\_____  \_/ ___\\__  \  /    \   |
|   |    `   \  |\   /|  / /_/ \  ___//    |    \   |  \/ /_/ |/        \  \___ / __ \|   |  \  |
|  /_______  /__| \_/ |__\____ |\___  >____|__  /___|  /\____ /_______  /\___  >____  /___|  /  |
|          \/                 \/    \/        \/     \/      \/       \/     \/     \/     \/   |
|  {@snovvcrash}            {https://github.com/snovvcrash/DivideAndScan}             {vX.Y.Z}  |

positional arguments:
    db                  utilities for manual DB manipulations
    add                 run a full port scan and add the output to DB
    scan                run targeted Nmap scans against hosts and ports from DB
    dns                 map domain names from an input file to corresponding IP addresses from the DB
    report              merge separate Nmap outputs into a single report (https://github.com/CBHue/nMap_Merger)
    parse               parse raw Nmap XML reports by service names and print entries in format {service}://{host}:{port}}
    draw                visualize Nmap XML reports (https://github.com/jor6PS/DrawNmap)
    tree                show contents of the ~/.das/ directory using tree
    help                show builtin --help dialog of a selected port scanner

  -h, --help            show this help message and exit
  -db DB                DB name to work with

Psst, hey buddy... Wanna do some organized p0r7 5c4nn1n6?


  • [x] Add projectdiscovery/naabu parser
  • [x] Add elddy/NimScan parser
  • [x] Add sx parser
  • [ ] Add ZMap parser
  • [x] Store hostnames (if there're any) next to their IP values
  • [x] Add fuff switch to automate web directory fuzzing (added parse module)
Popular Nmap Projects
Popular Port Scanner Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Penetration Testing
Port Scanning