nshtcp v0.21

1. brutus@blackt0p:~/.scripts$ cat nshtcp
2. #!/bin/bash
3.  
4. # nshtcp v 0.21
5. #+ nmap single host tcp scan
6.  
7. # assumptions:
8. #+ stealth isn't required.  This script uses -sT over -sS
9. #+ you know the host is live (-Pn for speed)
10. #+ you don't want to have to sudo to scan (no root needed)
11. # what it does:
12. #+ runs the the top hundred ports as fast as possible
13. #+ feeds found open ports to a 'service scan'.
14. #+ this should be enough information to start picking
15. #+ runs a 'fast as possible' full tcp scan
16. #+ tries to let you know how long it's going to take
17. #+ if additional ports are found open, runs a service scan
18. #+ otherwise ends.
19. # why would i need this?
20. #+ because when the enemy has tanks and heavy weaponry
21. #+ and all you have is a sharpened stick
22. #+ how fast you can run can make all the difference.
23.  
24. # errorcodes
25. noarg=1       # No arguement provided
26. nores=11      # Name does not resolve
27. nowrite=12    # No write access to dir
28. nonmap=13     # Nmap not installed
29.  
30. ## Prereq Tests ##
31.  
32. if [ -z "$1" ]; then
33.     echo "[x] Usage : $(basename "$0") <target_name_or_ip>"
34.     exit $noarg
35. fi
36.  
37. if ! [ -w ./ ]; then
38.     echo "[x] Directory is not writable"
39.     exit $nowrite
40. fi
41.  
42. if ! [ -f "$(whereis -b nmap | cut -f 2 -d ' ')" ]; then
43.     echo "[x] Nmap is not installed"
44.     exit $nonmap
45. fi
46.  
47. ## as quick as possible scan ##
48.  
49. echo "[*] Running 'as fast as possible' scan"
50. echo
51. nmap -sT -F -T5 $1 -oN quick -n -Pn --open &> /dev/null && \
52. cat quick | grep PORT && cat quick | grep tcp
53.  
54. ## set ports ##
55.  
56. ports=$(cat quick | grep tcp | cut -d"/" -f1 | tr '\n' ',' | sed 's:.$::')
57.  
58. ## quick identify scan (if needed) ##
59.  
60. if [ -n "$ports" ]; then
61.   echo
62.   echo "[*] Ports set to $ports"
63.   echo "[*] Running 'quick identify' scan"
64.   echo
65.   nmap -sT -sV -T4 $1 -n -oN service -p $ports -Pn &> /dev/null && \
66.   cat service | grep PORT && cat service | grep tcp
67. else
68.   echo "[x] No ports found!"
69.   rescheck=$(cat quick | grep resolve | sed 's:.$::')
70.   if [ -n "$rescheck" ]; then
71.     echo "[x] $rescheck"
72.     exit $nores
73.   fi
74. fi
75.  
76. ## full tcp scan - values speed over accuracy or stealth ##
77.  
78. echo
79. echo "[*] Running 'full tcp' scan"
80. echo
81. nmap -sT -T5 -p- $1 -oN full -n -Pn -v --open | grep remaining
82.  
83. ## set fports ##
84.  
85. fports=$(cat full | grep tcp | cut -d"/" -f1 | tr '\n' ',' | sed 's:.$::')
86.  
87. ## Full Service Scan (if needed) ##
88.  
89. if [ "$ports" = "$fports" ]; then
90.   echo
91.   echo "[x] Full scan found no new ports"
92. else
93.   cat full | grep PORT && cat full | grep tcp
94.   echo
95.   echo "[*] Ports set to $fports"
96.   echo "[*] Service Scaning all ports"
97.   echo
98.   nmap -sT -sV -T3 $1 -n -oN fserv -p $fports -Pn -v | grep remaining
99.   cat fserv | grep PORT && cat fserv | grep tcp
100.   echo
101. fi
102.  
103. echo "[*] All Scans Completed"
104.  
105. ## Cleanup time ##
106.  
107. while true; do
108.   echo "[*] Would you like to clean up files?"
109.   read answ
110.   if [ "$answ" == "y" ] || [ "$answ" == "yes" ]; then
111.     rm -f ./quick ./full ./service ./fserv
112.     echo "[*] All files removed"
113.   elif [ "$answ" == "n" ] || [ "$answ" == "no" ]; then
114.     echo "[*] Scan files were left in the current directory"
115.   else
116.     echo "[x] Please answer yes or no"
117.     continue
118.   fi
119.   break
120. done
121.  
122. # Oxagast is a Based God
123.  
124. exit $?