El script no es para nada complejo, simplemente utiliza los fingerprint devueltos por un escaneo de nmap para diferenciar los distintos dispositivos. Lo que hace básicamente es escanear las IPs entre dos valores pasados por parámetro, y por cada IP decide si se trata de un web server, un database server, un switch, un router, un firewall, un mail server, una impresora, y los clasifica guardando las IPs con los ports en archivos separados.
Existe un programa llamado autoscan que es mucho más completo y utiliza interfaz gráfica, pero a mi nunca me anduvo, me satura la red y el programa colapsa sin dejarme guardar los resultados. Por eso cree este script que hace todo lo q necesito.
La licencia del script es GPLv2.
El gran mérito se lo lleva el nmap que es el que realiza el verdadero trabajo, sin dudas el programa más útil que he encontrado para mi trabajo.
Espero que les sea de utilidad y que si hacen alguna derivación lo comenten en el blog, tal vez me sea de utilidad a mi también =)
Los comentarios están en inglés porque me acostumbré a programar así, con comentarios en inglés, éste le puede servir a mucha más gente.
#!/bin/bash
######################################################
# Created by: d3m4s1@d0v1v0
# Date: 2009-11-04
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License v2 as published by
# the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
######################################################
if [ $# -lt 2 ]
then
echo "usage: $0"
exit -1
fi
INI_IP=$1 # from which IP do you want to scan? // take into account the "this network" direction (e.g. 192.168.0.0)
FINAL_IP=$2 # until which IP do you want to scan? // take into account the broadcast direction! (e.g. 192.168.0.255)
time=$( date +"%m-%d-%y %H:%M" )
echo "Starting dv-scan-network 0.1.1beta at $time..."
IP=(${INI_IP//./ })
IP_FIN=(${FINAL_IP//./ })
timestamp=$( date +"%s" )
mkdir report-$timestamp &> /dev/null
cd report-$timestamp
webservers=0
printers=0
switchs=0
routers=0
remote_access=0
dbservers=0
mailservers=0
firewalls=0
hosts=0
down=0
for (( A=${IP[0]}; A<=${IP_FIN[0]}; A++ )) do for (( B=${IP[1]}; B<=${IP_FIN[1]}; B++ )) do for (( C=${IP[2]}; C<=${IP_FIN[2]}; C++ )) do for (( D=( ${IP[3]} ); D<=${IP_FIN[3]}; D++ )) do scanIP="$A.$B.$C.$D" echo -n "scanning $scanIP..." hostscan=$( nmap -sV $scanIP -O ) if [ $? == 0 ] then echo " [done]" else echo " [failed]" fi if [[ "$hostscan" =~ "Host seems down" ]] then echo "$scanIP" >> down.txt
let down++
else
if [[ "$hostscan" =~ switch ]]
then
printf "%s $hostscan" >> switchs.txt
echo "" >> switchs.txt
echo "--------------" >> switchs.txt
echo $scanIP >> switchs-ip.txt
let switchs++
fi
if [[ "$hostscan" =~ router ]]
then
printf "%s $hostscan" >> routers.txt
echo "" >> routers.txt
echo "--------------" >> routers.txt
echo $scanIP >> routers-ip.txt
let routers++
fi
if [[ "$hostscan" =~ printer ]]
then
printf "%s $hostscan" >> printers.txt
echo "" >> printers.txt
echo "--------------" >> printers.txt
echo $scanIP >> printers-ip.txt
let printers++
fi
if [[ "$hostscan" =~ Apache ]] || [[ "$hostscan" =~ IIS ]]
then
printf "%s $hostscan" >> web-servers.txt
echo "" >> web-servers.txt
echo "--------------" >> web-servers.txt
echo $scanIP >> web-servers-ip.txt
let webservers++
fi
if [[ "$hostscan" =~ smtp ]] || [[ "$hostscan" =~ pop3 ]] || [[ "$hostscan" =~ imap ]]
then
printf "%s $hostscan" >> mail-servers.txt
echo "" >> mail-servers.txt
echo "--------------" >> mail-servers.txt
echo $scanIP >> mail-servers-ip.txt
let mailservers++
fi
if [[ "$hostscan" =~ oracle ]] || [[ "$hostscan" =~ mysql ]] || [[ "$hostscan" =~ ms-sql ]] || [[ "$hostscan" =~ 3051 ]]
then
printf "%s $hostscan" >> db-servers.txt
echo "" >> db-servers.txt
echo "--------------" >> db-servers.txt
echo $scanIP >> db-servers-ip.txt
let dbservers++
fi
if [[ "$hostscan" =~ ssh ]] || [[ "$hostscan" =~ microsoft-rdp ]] || [[ "$hostscan" =~ vnc ]] || [[ "$hostscan" =~ telnet ]]
then
printf "%s $hostscan" >> remote-access.txt
echo "" >> remote-access.txt
echo "--------------" >> remote-access.txt
echo $scanIP >> remote-access-ip.txt
let remote_access++
fi
if [[ "$hostscan" =~ firewall ]]
then
printf "%s $hostscan" >> firewalls.txt
echo "" >> firewalls.txt
echo "--------------" >> firewalls.txt
echo $scanIP >> firewalls-ip.txt
let firewalls++
fi
printf "%s $hostscan" >> scan.txt
echo "" >> scan.txt
echo "--------------" >> scan.txt
echo $scanIP >> hosts-ip.txt
let hosts++
sleep 10
fi
done
done
done
done
endtimestamp=$( date +"%s" )
scantime=$(( endtimestamp - timestamp ))
echo $scantime
endtime=$( date +"%m-%d-%y %H:%M" )
hours=$((scantime / 3600))
seconds=$((scantime % 3600))
minutes=$((scantime / 60))
seconds=$((scantime % 60))
echo ""
echo "scan ended at $endtime in $hours:$minutes:$seconds"
echo "dv-scan-network resume:"
echo "scanned hosts = "$hosts
echo "hosts that seems down = "$down
echo "web servers found = "$webservers
echo "mail servers found = "$mailservers
echo "database servers found = "$dbservers
echo "switchs found = "$switchs
echo "routers found = "$routers
echo "remote access found = "$remote_access
echo "printers found = "$printers
echo "firewalls found = "$firewalls
echo ""
echo "for more information about the hosts, read the report at the report-timestamp/ directory"
0 comentarios:
Publicar un comentario