-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathautoscanner_basic.sh
164 lines (137 loc) · 5 KB
/
autoscanner_basic.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
#!/bin/bash
#Automated recon scanner bash + nmap
if [ $# -eq 0 ]
then
echo "Missing arguments"
echo "Usage autoscanner_basic.sh <ip or range nmap style> /path/to/directory <scan type>"
echo 'Scan types available:'
echo 'no-intense : no service detection, TCP SYN on all 65k porst and UDP top 200'
echo 'full : service detection and enumeration'
echo 'allinonefile: -A -p1-65535, results in one xml file'
echo
echo "Run as root or sudo, requires nmap and xsltproc"
exit 1
fi
path=$2
range=$1
scan_type=$3
xml_location=$path/$range.xml
ip_detected_list=$path/$range-detected-ip.txt
#Quick recon scan on provided IP or range
echo '=========================================='
echo
echo 'Quick reports will be created: '
echo
echo 'HTML: '$path/autoscanner_reports/$range-quick-recon-html-report.html
echo 'TXT: '$path/$range-quick-recon.txt
echo 'Detected IP list: '$ip_detected_list
echo
echo '=========================================='
echo
if [ ! -d "$path" ]; then
echo 'Creating '$path
mkdir -p $path
fi
echo
echo "Running quick scan, please wait"
nmap -Pn -F -sS -T4 -oX $xml_location $range | grep -v 'filtered|closed' > $path/$range-quick-recon.txt
wait
if [ ! -d "$path" ]; then
mkdir -p $path/autoscanner_reports
fi
#convert xml report to html
xsltproc $xml_location -o $path/autoscanner_reports/$range-quick-recon-html-report.html
# Create a lisf of detected ips found in the quick scan
grep addr $xml_location | grep ipv4 | awk {'print $2'} | cut -d "\"" -f 2 > $ip_detected_list
echo 'Starting stage 2 scan'
############################## STAGE 2
# Get ip count for more feedback
ip_count=$(grep addr $xml_location | grep ipv4 | awk {'print $2'} | cut -d "\"" -f 2| wc -l )
echo
echo "Running detailed port scans for "$ip_count" discovered IPs, this will take some time do something else"
echo
echo
echo
echo
if [ ! -d "$path/autoscanner_per_ip_scans" ]; then
mkdir $path/autoscanner_per_ip_scans;
fi
for ip in $(cat $ip_detected_list);
do
mkdir $path/autoscanner_reports/$ip;
done
# Run nmap with -iL input list to scan in paralell
# for live scan change to
function tcp_scanner {
echo 'Running nmap TCP SYN scan on '$ip_count' IPs >> nmap -Pn -sS -T4 -p1-65535'
for ip in $(cat $ip_detected_list);
do
mkdir $path/autoscanner_per_ip_scans/$ip;
nmap -Pn -sS -T4 -p1-65535 -oX $path/autoscanner_per_ip_scans/$ip-all-TCP-ports.xml $ip | grep -v 'filtered|closed';
done
}
function tcp_scanner_all-in-one-file {
echo 'Works like SHIT you were warned'
echo 'Running nmap TCP SYN scan on '$ip_count' IPs >> nmap -Pn -sS -T4 -p1-65535'
echo 'Results in a single xml file'
for ip in $(cat $ip_detected_list);
do
mkdir $path/autoscanner_per_ip_scans/whole-range $range;
nmap -Pn -sS -A -T4 -p1-65535 -oX $path/autoscanner_per_ip_scans/$range-all-TCP-ports.xml -iL $ip_detected_list | grep -v 'filtered|closed';
done
}
function tcp_scanner_intense {
mkdir $path/autoscanner_per_ip_scans/intense_per_ip_results
echo 'Running TCP SYN intense with version detection'
for ip in $(cat $ip_detected_list);
do
nmap -nvv -Pn -sSV -T2 -p$(cat $path/autoscanner_per_ip_scans/$ip-all-TCP-ports.xml | grep portid | grep protocol=\"tcp\" | cut -d'"' -f4 | paste -sd "," -) --version-intensity 9 -oX $path/autoscanner_per_ip_scans/intense_per_ip_results/$ip-all-TCP-version-ports.xml $ip;
done
}
function udp_scanner {
echo 'Running UDP top 200 ports scan on' $ip_count' IPs >> nmap -vv -Pn -A -sC -sU -T4 --top-ports 200'
nmap -vv -Pn -A -sC -sU -T4 --top-ports 200 -iL $ip_detected_list -oX $path/autoscanner_per_ip_scans/$range-top200-UDP-ports.xml | grep -v 'filtered|closed';
}
function http_enum {
for ip in $(cat $ip_detected_list);
do
nmap -sV -Pn -vv -p$(cat $path/autoscanner_per_ip_scans/intense_per_ip_results/$ip-all-TCP-version-ports.xml | grep http | cut -d'"' -f4 | paste -sd "," -) $ip --script=http-vhosts,http-userdir-enum,http-apache-negotiation,http-backup-finder,http-config-backup,http-default-accounts,http-email-harvest,http-methods,http-method-tamper,http-passwd,http-robots.txt -oX $path/autoscanner_per_ip_scans/$ip/$ip-http-enum.xml
done
}
function ftp_enum {
for ip in $(cat $ip_detected_list);
do
nmap -sV -Pn -vv -p$(cat $path/autoscanner_per_ip_scans/intense_per_ip_results/$ip-all-TCP-version-ports.xml | grep ftp | cut -d'"' -f4 | paste -sd "," -) $ip --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 -oX $path/autoscanner_per_ip_scans/$ip/$ip-ftp-enum.xml
done
}
#scan type selection
case $scan_type in
no-intense)
udp_scanner&
tcp_scanner
wait
;;
full)
udp_scanner&
tcp_scanner
tcp_scanner_intense
wait
http_enum&
ftp_enum
wait
;;
allinonefile)
tcp_scanner_all-in-one-file
wait
;;
*)
echo '==================================================='
echo "No option selected only quick detection scan performed"
exit 1
esac
echo
echo
echo '===== All scans done ======'
#bash ./Reporting_autoscanner.sh $path $range
wait
#echo '==== Reports created in '$path'/autoscanner_reports'