SpooNMAP is a wrapper script implements all of the IDS evasion techniques and service discovery methodologies that we’ve learned over my years of pentesting. It also takes care of the packet rates, depending on the selected options (external, internal, single port, full port, etc.). The README.md also includes references for several commonly exploited services.
The scans can be run successively. So, you may want to run the small port scan first, then run the medium port scan. You may also want to change the target hosts that you’re looking to scan. Each scan will simply add to the final output.
Once completed, all live hosts are broken out by port in the ‘live_hosts’ directory. Full XML results for Masscan and NMAP scans are broken out in their respective directories. All XML output is combined to spoonmap_output.xml, which can be imported to any other frameworks that support it, such as Metasploit or aquatone for further enumeration. Finally, all discovered hosts are saved to all_live_hosts.txt, which can also be used for further enumeration.