Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #####################################################################
- ###
- ### tink-stack.sh
- ### -------------
- ###
- ### Script to run through a list of IPs and tinker.
- ### DESTRUCTIVE SCRIPT.... proceed cautiously
- ###
- ### The only argument required is an ip address, hostname, subnet, or
- ### any nmap target specification (e.g. 10.21.161.1-25, 10.21.161.1,3,5)
- ###
- ### Use option "-b" if you are logging into an Ubuntu system
- ###
- #####################################################################
- ######################################################################
- ### CUSTOMIZE: write_script
- ### -----------------------
- ### The script that is run on the remote host; it should provide
- ### simple output that the process_output function can easily use.
- ######################################################################
- function write_script () {
- cat <<EOF > $1
- #!/bin/bash
- ntp_host=\$(awk '\$1 == "server" {print \$2}' /etc/ntp.conf | head -1)
- service ntp stop >/dev/null 2>&1
- echo "$ ntpdate-debian \$ntp_host"
- ntpdate-debian \$ntp_host
- service ntp start >/dev/null 2>&1
- if ! service ntp status >/dev/null 2>&1 ; then
- echo "[WARNING]: ntp is stopped"
- fi
- echo
- echo "$ sysctl net.ipv4.ip_forward"
- sysctl net.ipv4.ip_forward
- echo
- echo "$ ip addr show | egrep \"^([0-9]| *link| *inet \")"
- ip addr show | egrep "^([0-9]| *link| *inet )"
- echo
- echo "$ netstat -rn"
- netstat -rn
- echo
- echo "$ ip netns show"
- ip netns show
- echo
- echo "$ ls -R /var/run/netns; ls -R /etc/netns"
- ls -R /var/run/netns; ls -R /etc/netns
- echo
- if [ -x /sbin/brctl ] ; then
- echo "$ brctl show"
- brctl show
- echo
- fi
- if [ -x /usr/bin/ovs-vsctl ] ; then
- echo "$ ovs-vsctl show"
- ovs-vsctl show
- echo
- fi
- echo "$ ping 10.0.164.1"
- ping -c2 10.0.164.1 >/dev/null 2>&1 && echo UP || echo DOWN
- echo
- echo "$ ping 192.168.241.1"
- ping -c2 192.168.241.1 >/dev/null 2>&1 && echo UP || echo DOWN
- echo
- echo "$ ping 192.168.239.1"
- ping -c2 192.168.239.1 >/dev/null 2>&1 && echo UP || echo DOWN
- echo
- echo
- rm -f \$0 # self-destruct
- EOF
- }
- ######################################################################
- ### CUSTOMIZE: process_output
- ### -------------------------
- ### If the script produces output, here's where you can tinker with
- ### the presentation
- ######################################################################
- function process_output () {
- local ip=$1; local hn=$2; local out="$3"
- len=$( echo | awk '{print length( a b )}' a=$ip b=$hn )
- for (( x=$((len + 1)) ; x > 0 ; x-- )) ; do echo -n "-"; done ; echo
- echo $ip $hn
- for (( x=$((len + 1)) ; x > 0 ; x-- )) ; do echo -n "-"; done ; echo
- if [[ -n "$out" ]] ; then
- echo "$out"
- else
- echo "script-FAILED"
- fi
- echo ; echo
- }
- ######################################################################
- ######################################################################
- #---------------CHANGE BELOW AT YOUR OWN RISK-------------------------
- ######################################################################
- ######################################################################
- me=$(basename $0)
- USAGE=$( cat <<-EOF
- USAGE: $me [-b] [-u <username>] [-s]
- -b login to Ubuntu system as user ubuntu; -s is implied
- -u login as user <username>
- -s run remote script with sudo
- EOF
- )
- ######################################################################
- ### VARIABLES
- ######################################################################
- user=root; sudo=
- tscr="/tmp/tink-$$.sh" # payload script, copied to host targets
- tscr_x="/tmp/tink-$$_x.sh" # script name on taregt hosts
- ssh_x="ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o PasswordAuthentication=no"
- scp_x="scp -q -o StrictHostKeyChecking=no -o BatchMode=yes -o PasswordAuthentication=no"
- while getopts "hbu:s" opt ; do
- case $opt in
- h) echo "$USAGE"; echo; exit 1;;
- b) user='ubuntu'; sudo='sudo';;
- u) user=$OPTARG ;;
- s) sudo='sudo' ;;
- esac
- done
- shift $((OPTIND - 1))
- me=$(basename $0)
- nmap_range="$@"
- declare -a IPS # Array of IP targets
- ######################################################################
- ### SANITY CHECK
- ######################################################################
- function USAGE () {
- echo
- echo "USAGE: $me <ip|hostname|subnet|nmap-target>"
- echo
- echo "Edit script to customize write_script() and process_output() functions"
- echo
- exit 1
- }
- if [[ -z "$nmap_range" ]] ; then
- echo "[ERROR]: argument missing"
- USAGE;
- elif [[ ! $nmap_range =~ "^[0-9]+\.[0-9]+\.[0-9,-]+\.[0-9,-]+" ]] ; then
- echo "[ERROR]: invalid argument \"$nmap_range\""
- USAGE;
- fi
- ######################################################################
- ### HELPER FUNCTIONS
- ######################################################################
- function run_nmap () {
- local targ="$@"
- nmap -sP -oG - ${targ} |
- awk '/^Host:/ {print $2}'
- }
- function check_ssh () {
- local host=$1
- echo | nc -w 3 $host 22 > /dev/null 2>&1
- return $?
- }
- ######################################################################
- ### MAIN
- ######################################################################
- IPS=( $( run_nmap $nmap_range ) )
- echo
- echo "${#IPS[@]} pingable IPs discovered"
- echo
- write_script $tscr
- for IP in ${IPS[@]} ; do
- search_dom=".$(awk '$1 == "search"{print $2}' /etc/resolv.conf)."
- HN=$(dig +short -x $IP)
- HN=${HN%$search_dom}
- if check_ssh $IP; then
- if $scp_x $tscr ${user}@${IP}:${tscr_x} >/dev/null 2>&1 ; then
- ssh_out="$( $ssh_x $user@$IP $sudo bash $tscr_x 2>/dev/null )"
- process_output $IP $HN "$ssh_out"
- else
- echo "$HN ($IP): scp-FAILED"
- fi
- else
- echo "$HN ($IP): ssh-FAILED"
- fi
- done
- ### Axe the temporary tink script
- rm -f $tscr
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement