MedSec Network and Pentest Tool for Linux Systems
MedSec Network and Pentest Tool for Linux Systems

MedSec: Network and Pentest Tool for Linux Systems

MedSec is a network and pentest utility that I developed so that I could perform different kinds of task using the same suite, instead of jumping from one tool to another.

Currently, this script can perform a good variety of tasks such as:

  • Port scan, including SYN, TCP, UDP, ACK, comprehensive scan;
  • Host discovery (scan for up devices on a local network);
  • MAC address detection (get MAC address of a host IP on a local network);
  • Banner grabbing;
  • DNS checks with geolocation information;
  • Subdomain enumeration;
  • Vulnerability reconnaissance;
  • ifconfig (beta);
  • ping;
  • traceroute (beta);
  • IP spoofing;
  • Packet sniffing;
  • Deauth attack.

Other features are still being implemented. Future implementations may include WAF (web application firewall) detection, DNS enumeration, static code analysis, traffic analysis, ARP poisoning, MAC flooding, ping of death, network disassociation attack (not deauth attack), OSINT, exploits, some automated tasks, Windows support and others.


Note that currently, this script can only run well on Linux. If you try it in on Windows or macOS, it may run, but numerous errors will appear. It will have Windows support anytime in the future.


To install the necessary packages so that the script can run withouth any problems simply run the script with root privileges. Currently, this installation script is only supported on Debian, Red Hat and Arch based distros that has the apt, dnf and pacman package manager respectively (UbuntuKali LinuxParrot OSDebianPop!_OSLinux MintDeepinZorin OSMX LinuxElementary OSFedoraCentOSRed Hat Enterprise LinuxRocky LinuxAlmaLinuxOracle LinuxClearOSArchBlack ArchManjaro etc). On most systems, to install medsec simply run the following commands:

git clone
cd medsec
sudo .

Then, simply follow the instructions.

However, if you are using any other Linux distro with a different package manager, please install the packages manually using your distro’s package manager. Depending on the specific distro used, some of the required packages to run this script might be already installed on your machine. The necessary packages are:

  • nmap (using your system’s package manager)
  • traceroute (using your system’s package manager)
  • sockets (using pip3)
  • ipaddress (using pip3)
  • python-nmap (using pip3)
  • colorama (using pip3)
  • ipinfo (using pip3)
  • scapy (using pip3)
  • shodan (using pip3)

After the installation, to run the program, simply navigate to the project’s directory and run the file using python. Running the script as root is recommended for better performance and to avoid permission errors. The used command is the following:

sudo python3

How to use

Scanning ports

Scanning ports helps detect potential security breaches by identifying the hosts connected to your network and the services running.

Multiple scan types are supported, including SYN (-scansyn), TCP (-scantcp), UDP (-scanudp), ACK (-scanack) and comprehensive scan (-scan).

-scan -host [HOST(s)]
-scan -host [HOST(s)] -p [PORT(s)]
-scan -host [HOST(s)] -prange [START PORT] [END PORT]
-scan -iprange [START IP] [END IP] -p [PORT(s)]
-scan -iprange [START IP] [END IP] -prange [START PORT] [END PORT]
Scanning ports by medsec
Scanning ports by medsec

After this scan, it is possible to see that both 22 (SSH) and 80 (HTTP) ports are open.

Host discovery

To look for current up devices on a given network type the following command:


Then type the network you want to scan.

Host discovery by medsec
Host discovery by medsec

MAC address detection

To get a MAC address of one or more live hosts on the LAN, use the command:

-getmac -host [HOST(s) IP]
MAC address detection by medsec
MAC address detection by medsec

Banner grabbing

Banner grabbing is a reconnaissance technique that retrieves a software banner information. This banner usually contains important information about a network service, including but not limited to, it’s software name and version. FTP, Web, SSH, and SMTP servers often expose vital information about the software they are running in their banner.

A banner attack usually starts off with a enumeration scan to find open ports. Once you identified a service you want to target, you can send specific packets and inspect the traffic for the specified information.

To perform banner grabbing, depending on your specific needs, type one of the following commands:

-grab -host [HOST(s)] -p [PORT(s)]
-grab -iprange [START IP] [END IP] -prange [START PORT] [END PORT]
-grab -host [HOST(s)] -prange [START PORT] [END PORT]
-grab -iprange [START IP] [END IP] -p [PORT(s)]
Banner grabbing by medsec
Banner grabbing by medsec

DNS checks

This feature is similar to the well known nslookup command used on UNIX systems. If you want to do a DNS check, type the following:

-ns [HOST(s)]
DNS checks by medsec
DNS checks by medsec

Subdomain enumeration

Subdomain enumeration is the process of finding valid sub-domains for one or more domain.

Sub-domain enumeration can reveal a lot of domains/sub-domains that are in scope of a security assessment which in turn increases the chances of finding vulnerabilities.

If you wish to look for common subdomains of a domain, simply type:

-sdenum [DOMAIN]
Subdomain enumeration by medsec
Subdomain enumeration by medsec

Vulnerability reconnaissance

To scan one or more hosts for vulnerabilities use the following command:

-vulnscan -host [HOST(s)]


Note that this feature uses Shodan API. It is recommended to change the API key to yours as the key provided might be being used by other people.


If you want to display your system’s current TCP/IP network configuration, type the following command:

ifconfig command by medsec
ifconfig command by medsec


To send ICMP packets to one or more hosts to check connectivity, simply type:

-ping [HOST(s)]
ping command by medsec
ping command by medsec


To diagnose route paths and measure transit delays, use the -traceroute command:

-traceroute [HOST]
traceroute command by medsec
traceroute command by medsec

IP spoofing

The objective of IP spoofing is to modify the correct source IP address so that the system to which a packet is directed cannot correctly identify the sender.

Note that this command only works on machines with unpached vulnerabilities. To performe IP spoofing on a host’s specific port, use the following command:

-ipspoof -source [SOURCE IP] [SOURCE PORT] -target [TARGET IP] [TARGET PORT]

If you want to use a random source IP, type the following command:

-ipspoof -source r [SOURCE PORT] -target [TARGET IP] [TARGET PORT]

You can also use a random source port:

-ipspoof -source [SOURCE IP] r -target [TARGET IP] [TARGET PORT]


Please only use this for testing purposes and target your own machines.

Packet sniffing

To perform packet sniffing, type:



If you want to sniff all the data that is passing through a network, first turn your wireless card or adapter to monitor mode.

Deauth attack

A deauth attack is a type of wireless attack that targets communication between a router and one or more devices connected to that router. Effectively forcing the target machine to disconnect from the access point.

To do this attack, use the following command:

-deauth -target [TARGET MAC] -gateway [GATEWAY MAC] -iface [INTERFACE]

If you plan to attack all clients in a gateway, type:

-deauth -target a -gateway [GATEWAY MAC] -iface [INTERFACE]
Deauth attack by medsec
Deauth attack by medsec

After the command issued on the screenshot above, all the devices connected to that access point were disconnected and unable to reconnect while this script was running.


To perform this attack, make sure you have a wireless card or adapter that supports monitor mode and turn it on before attempting a deauth attack. Please only use this for testing purposes and target your own machines.