gt-nmap-sh v1.0

1. #!/bin/bash
2. #__________________________________________________________
3. # Author:     phillips321 forum.gnacktrack.co.uk
4. # License:    CC BY-SA 3.0
5. # Use:        Update several applications
6. # Released:   www.gnacktrack.co.uk
7.   version=1.0
8. # Dependencies:
9. #           nmap
10. #           sslscan
11. #           gnome-web-photo
12. #           arp-scan
13. # debian users can apt-get install nmap sslscan gnome-web-photo arp-scan
14. #
15. # ToDo:
16. #           Delete WeakCiphers if it doesnt contain any weak ciphers
17. #           Use watch instead of looping a #process left message
18. #           Use a nice output to show status of scans and what has been complete
19. #           Allow changing of THREADS on fly by reading THREADS from file
20. #___________________________________________________________
21.  
22. f_uservariables(){
23.     CUSTOMPORTS="21,22,23,80,443,445,3389"  #seperate with a comma e.g. CUSTOMPORTS="21,22,23,80,443,445,3389"
24.     NMAPSTRING="nmap -sS -vv -d -A -P0 -n -r -oA"
25. }
26. f_usage(){      #outputs usage information
27.         echo "MESSAGE: matts-nmap.sh ${version}"
28.         echo "MESSAGE: Usage: `basename ${0}` [threads max = 99] [big/small/both/custom] [directory]"
29.         echo "MESSAGE: # `basename ${0}` 5 small VLANxyz"
30.         echo "MESSAGE: if scan size not given i will scan all ports"
31.         echo "MESSAGE: if directory is not given then I will write to ./devices/"
32.         echo "MESSAGE:"
33. }
34. f_yesorno(){    #returns 1 if yes is selected
35.     read -e CONFIRM
36.     case $CONFIRM in
37.         y|Y|YES|yes|Yes)
38.             return 1 ;;
39.         *)
40.             return 0 ;;
41.     esac
42. }
43. f_rootcheck(){  #checks for root and exits if not
44.     if [ `echo -n $USER` != "root" ]
45.     then
46.         echo "MESSAGE: matts-nmap.sh ${VERSION}"
47.         echo "MESSAGE: ERROR: Please run as root!"
48.         echo "MESSAGE:"
49.         exit 1
50.     fi
51. }
52. f_threadcheck(){    #checks input for num of threads
53.     if [ -z ${1} ]
54.     then
55.         f_usage
56.         exit 1
57.     fi
58.     THREADS="`echo "${1}" | tr -cd '[:digit:]' | cut -c 1-2`"
59. }
60. f_scansizecheck(){  #checks input for type of scan
61.     if [ ${1} = "big"  ] || [ ${1} = "small" ] || [ ${1} = "both" ] || [ ${1} = "custom" ]
62.     then
63.         SIZETYPE="`echo "${1}" | tr -cd '[:alnum:]' | cut -c 1-6`"
64.         echo "MESSAGE: performing a ${SIZETYPE} scan"
65.     else
66.         SIZETYPE="both"
67.         echo "MESSAGE: no scan size given or its invalid so scan size will be both(small and big)."
68.     fi 
69. }
70. f_directorycheck(){ #checks input for directory name to save to
71.     if [ -z ${1} ]
72.     then
73.         DIRECTORY="devices"
74.         echo "MESSAGE: no dir given so outputting to ${DIRECTORY}"
75.     else
76.         DIRECTORY="`echo "${1}" | tr -cd '[:graph:]'`"
77.         echo "MESSAGE: output dir = ${DIRECTORY}"
78.     fi
79. }
80. f_outputtargets(){  #cats targets.txt to screen
81.     echo "MESSAGE: targets.txt contents:"
82.     cat targets.txt
83.     echo "MESSAGE: end of IPs/Hosts"
84. }
85. f_arpscansubnet(){  #arpscans local subnet
86.     arp-scan -l -g | grep . | cut -f1 | grep -v packets |grep -v Interface | grep -v Ending | grep -v Starting > targets.txt
87. }
88. f_findtargetstxt(){ #checks for targets.txt and offer to create
89.     if [ -f ./targets.txt ]
90.     then
91.         echo "MESSAGE: targets.txt file located"
92.         f_outputtargets
93.     else
94.         echo -n "MESSAGE: there is no targets.txt file so do you want me to create one? yes/no : "
95.         f_yesorno && exit 0
96.         echo "MESSAGE: Now arp-scanning current subnet"
97.         f_arpscansubnet
98.         echo "MESSAGE: We found `cat targets.txt | wc -l` targets and have output them to targets.txt"
99.         f_outputtargets
100.         echo -n "MESSAGE: Do you wish to edit this list? (DELETE YOURSELF!)yes/no : "
101.         f_yesorno && echo "MESSAGE: Chose not to edit.....continue with scan" || nano targets.txt ; f_outputtargets
102.     fi
103. }
104. f_numberoftargets(){ #counts number of targets in targets.txt
105.     NUMBER=`wc -l targets.txt`
106.     COUNT=0
107.     echo "MESSAGE: Found ${NUMBER} targets to scan"
108. }
109. f_createdirectory(){ #makes the directory
110.     STARTDIR=`pwd`
111.     mkdir "${STARTDIR}/${1}"
112.     cp targets.txt ${STARTDIR}/${1}/.
113. }
114. f_nmapscans(){  #performs loops of nmap scans
115.     echo "MESSAGE: Starting Scan with ${THREADS} threads"
116.     for i in `cat targets.txt`
117.     do
118.         TARGET=${i}
119.         LOC=${DIRECTORY}/${TARGET}
120.         ((COUNT++))
121.         echo "MESSAGE: now scanning ${TARGET} ${COUNT} of ${NUMBER}"
122.         case ${SIZETYPE} in
123.             small) xterm -title "${TARGET} small TCP" -e "${NMAPSTRING} ${LOC}.small.tcp ${TARGET}" & ;;
124.             both) xterm -title "${TARGET} small TCP" -e "${NMAPSTRING} ${LOC}.small.tcp ${TARGET}" &
125.                 xterm -title "${TARGET} big TCP" -e "${NMAPSTRING} ${LOC}.big.tcp -p1-65535 ${TARGET}" & ;;
126.             big) xterm -title "${TARGET} big TCP" -e "${NMAPSTRING} ${LOC}.big.tcp -p1-65535 ${TARGET}" & ;;
127.             custom) xterm -title "${TARGET} custom TCP" -e "${NMAPSTRING} ${LOC}.custom -p${CUSTOMPORTS} ${TARGET}" & ;;
128.         esac
129.         xterm -title "${TARGET} UDP" -e "nmap -sU -vv -d -P0 -n -r -oA ${LOC}.small.udp ${TARGET}" &
130.         while [ `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | wc -l` -ge ${THREADS} ]
131.             do
132.             sleep 5
133.         done
134.         sleep 5
135.     done
136.     while [ `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | wc -l` -gt 0 ]
137.     do
138.         echo MESSAGE: `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | wc -l`nmaps still running
139.         sleep 10
140.     done
141.     echo "MESSAGE: NMap Scanning Complete"
142. }
143. f_amapscans(){
144.     cd "${STARTDIR}/${DIRECTORY}"
145.     for i in `ls *.gnmap | sed -e "s/.gnmap//"`
146.     do
147.         xterm -title "${i} AMAP" -e "amap -i ${i}.gnmap -o ${i}.amap | tee -a amap_full.txt" &
148.         echo "MESSAGE: now amaping ${i}"
149.         while [ `ps -Aef --cols 200 | grep AMAP | grep xterm | wc -l` -ge ${THREADS} ]
150.         do
151.             sleep 1
152.         done
153.         sleep 5
154.     done
155.     while [ `ps -Aef --cols 200 | grep AMAP | grep xterm | wc -l` -gt 0 ]
156.     do
157.         echo MESSAGE: `ps -Aef --cols 200 | grep AMAP | grep xterm | wc -l`amaps still running
158.         sleep 10
159.     done
160.     cat amap_full.txt | cut -d" " -f3,4,5 | grep matches | sort -n | uniq > amap.txt
161.     cat amap.txt | grep http | cut -d"/" -f 1 | sort | uniq > amap.http.txt
162.     cat amap.txt | grep ssl | cut -d"/" -f 1 | sort | uniq > amap.ssl.txt
163.     cd "${STARTDIR}/.."
164.     echo "MESSAGE: Amaping Complete"
165.     sleep 5
166. }
167. f_sslscans(){
168.     cd "${STARTDIR}/${DIRECTORY}"
169.     if [ -s amap.ssl.txt ]
170.     then
171.         cat amap.ssl.txt
172.         for i in `cat amap.ssl.txt`
173.         do
174.             SSLOUT="`echo "${i}" | sed -e s/:/_/g`"
175.             echo "MESSAGE: now sslscanning ${i} and outputting as ${SSLOUT}.sslscan.txt"
176.             xterm -title "${i} SSLSCAN" -e "sslscan --no-failed ${i} | tee ${SSLOUT}.sslscan.txt ; sleep 5" &
177.             while [ `ps -Aef --cols 200 | grep SSLSCAN | grep xterm | wc -l` -ge ${THREADS} ]
178.                 do
179.                         sleep 2
180.                 done
181.         sleep 5
182.         done
183.         while [ `ps -Aef --cols 200 | grep SSLSCAN | grep xterm | wc -l` -gt 0 ]
184.         do
185.             echo MESSAGE: `ps -Aef --cols 200 | grep SSLSCAN | grep xterm | wc -l`sslscans still running
186.             sleep 10
187.         done
188.         cat *.sslscan.txt | grep "Testing\ SSL\|Accepted\|ERROR" | grep "SSLv2\|Testing\|\ 40\|\ 56" | grep -v "ERROR" > WeakCiphers.txt
189.         echo "MESSAGE: Auto SSLSCAN Complete"
190.     else
191.         echo "MESSAGE: sslscan will not run - no ssl ports found using amap"
192.     fi 
193.     sleep 5
194.     cd "${STARTDIR}/.."
195.    
196.  
197. }
198. f_gwp(){
199.     cd "${STARTDIR}/${DIRECTORY}"
200.     if [ -s amap.ssl.txt ]
201.     then
202.         cat amap.ssl.txt
203.         for i in `cat amap.ssl.txt`
204.         do
205.             HTTPOUT="`echo "${i}" | sed -e s/:/_/g`"
206.             echo "MESSAGE: now taking photo of https://${i} and outputting as ${HTTPOUT}.png"
207.             xterm -title "${i} GNOME-WEB-PHOTO" -e "gnome-web-photo -m photo -f --format=png https://${i} ${HTTPOUT}.png" &
208.             while [ `ps -Aef --cols 200 | grep GNOME | grep xterm | wc -l` -ge ${THREADS} ]
209.             do
210.                 sleep 5
211.             done
212.             sleep 5
213.         done
214.     else
215.         echo "MESSAGE: gnome-web-photo will not run - no https ports found using amap"
216.     fi
217.     if [ -s amap.http.txt ]
218.     then
219.         cat amap.http.txt
220.         for i in `cat amap.http.txt`
221.         do
222.             HTTPOUT="`echo "${i}" | sed -e s/:/_/g`"
223.             echo "MESSAGE: now taking photo of http://${i} and outputting as ${HTTPOUT}.png"
224.             xterm -title "${i} GNOME-WEB-PHOTO" -e "gnome-web-photo -m photo -f --format=png ${i} ${HTTPOUT}.png" &
225.             while [ `ps -Aef --cols 200 | grep GNOME | grep xterm | wc -l` -ge ${THREADS} ]
226.             do
227.                 sleep 5
228.             done
229.             sleep 5
230.         done
231.     else
232.         echo "MESSAGE: gnome-web-photo will not run - no http ports found using amap"
233.     fi
234.     while [ `ps -Aef --cols 200 | grep GNOME | grep xterm | wc -l` -gt 0 ]
235.     do
236.         echo MESSAGE: `ps -Aef --cols 200 | grep GNOME | grep xterm | wc -l`screenshots still running
237.         sleep 10
238.     done
239.     sleep 5
240.     cd "${STARTDIR}/.."
241. }
242. f_cleanup(){
243.     cd "${STARTDIR}/${DIRECTORY}"
244.     for i in `ls *.png`
245.     do
246.         iSIZE=`stat -c %s ${i}`
247.         if [ ${iSIZE} -eq "469" ]
248.         then
249.             echo "MESSAGE: Deleting file: ${i} as it is ${iSIZE} bytes"
250.             rm ${i}
251.         fi
252.     done
253. }
254. f_displayresults(){
255.     cd "${STARTDIR}/${DIRECTORY}"
256.     cat *p.nmap | grep "scan\ report\ for\|Interesting\|open\|---------------------------------------------" | grep -v "OSScan" | grep -v "filtered" > open_ports.txt
257.     xterm -title "OpenPorts from ${DIRECTORY}" -e "grep -E --color=always '.*(ssh|rdp|ssl|http|telnet|https|sslv2|mail|smtp|snmp|oracle|sql|tnls|ftp|sftp).*|' open_ports.txt | less -R" &
258.     if [ -s WeakCiphers.txt ]
259.     then
260.         xterm -title "WeakCiphers from ${DIRECTORY}" -e "less -R WeakCiphers.txt" &
261.     else
262.         echo "No weak ciphers found" > WeakCiphers.txt
263.         echo "MESSAGE: no weak ciphers found"
264.     fi
265.     cd "${STARTDIR}/.."
266. }
267.  
268. f_uservariables
269. f_threadcheck ${1}
270. f_scansizecheck ${2}
271. f_directorycheck ${3}
272. f_findtargetstxt
273. f_numberoftargets
274. f_createdirectory ${DIRECTORY}
275. f_nmapscans     #comment me out to skip nmap scans
276. f_amapscans     #comment me out to skip amap scans
277. f_sslscans      #comment me out to skip ssl scans
278. f_gwp           #comment me out to skip web screenshots
279. f_cleanup
280. f_displayresults
281. exit 0