#!/bin/bash # # matts-nmap.sh v1.7 # Create by Matthew Phillips # New versions can be downloaded from www.phillips321.co.uk VERSION="1.7" # # This tool requires nmap to be installed and to be run as root # # ChangeLog.... # Version 1.7 - added output of version to help message # Version 1.6 - fixed grepping of nmap output (nmap 5.20+ changed output text) # Version 1.5 - checked for targets.txt file # Version 1.4 - added count to stdout (x of y) # Version 1.3 - added loads of comments and re-arramged if statements # Version 1.2 - added ability to choose big/small scan # Version 1.1 - added ability to chose directory on command line # Version 1.0 - First Release # ################################################################# # CHECKING FOR ROOT ################################################################# if [ `echo -n $USER` != "root" ] then echo "MESSAGE: matts-nmap.sh ${VERSION}" echo "MESSAGE: ERROR: Please run as root!" echo "MESSAGE:" exit 1 fi ################################################################# # CHECKING TO SEE IF NUMBER OF THREADS GIVEN ################################################################# if [ -z ${1} ] then echo "MESSAGE: matts-nmap.sh ${VERSION}" echo "MESSAGE: Usage: `basename ${0}` [threads max = 99] [big/small] [directory]" echo "MESSAGE: # `basename ${0}` 5 small VLANxyz" echo "MESSAGE: if scan size not given i will scan all ports" echo "MESSAGE: if directory is not given then I will write to ./devices/" echo "MESSAGE:" exit 1 fi THREADS="`echo "${1}" | tr -cd '[:digit:]' | cut -c 1-2`" ################################################################# # CHECKING TO SEE IF SIZE OF SCAN GIVEN ################################################################# if [ ${2} = "big" ] || [ ${2} = "small" ] then SIZETYPE="`echo "${2}" | tr -cd '[:alnum:]' | cut -c 1-5`" echo "MESSAGE: performing a ${SIZETYPE} scan" else SIZETYPE="big" echo "MESSAGE: no scan size given or its invalid so scan size will be big." fi ################################################################# # CHECKING TO SEE IF DIRECTORY IS GIVEN ################################################################# if [ -z ${3} ] then DIRECTORY="devices" echo "MESSAGE: no dir given so outputting to ${DIRECTORY}" else DIRECTORY="`echo "${3}" | tr -cd '[:alnum:]'`" echo "MESSAGE: output dir = ${DIRECTORY}" fi ################################################################# # CHECKING IF targets.txt file is in current directory ################################################################# if [ -f ./targets.txt ] then echo "MESSAGE: targets.txt file located" echo "MESSAGE: Identified hosts from targets.txt" cat targets.txt echo "MESSAGE: end of IPs/Hosts" else echo "MESSAGE: please create a targets.txt file the containing the hosts" exit 1 fi ################################################################# # Number of targets ################################################################# NUMBER=`wc -l targets.txt` COUNT=0 echo "MESSAGE: Found ${NUMBER} targets to scan" ################################################################# # CREATING DIRECTORY ################################################################# STARTDIR=`pwd` mkdir "${STARTDIR}/${DIRECTORY}" echo "MESSAGE: Starting Scan with ${THREADS} threads" ################################################################# # STARING LOOPS OF SCANS ################################################################# for i in `cat targets.txt` do TARGET=${i} ((COUNT++)) echo "MESSAGE: now scanning ${TARGET} ${COUNT} of ${NUMBER}" case ${SIZETYPE} in small) xterm -e "nmap -e eth0 -sS -vv -d -A -P0 -n -r -oN ${DIRECTORY}/${TARGET}.small.tcp.txt ${TARGET}" & ;; big) xterm -e "nmap -e eth0 -sS -vv -d -A -p1-65535 -P0 -n -r -oN ${DIRECTORY}/${TARGET}.big.tcp.txt ${TARGET}" & ;; esac xterm -e "nmap -e eth0 -sU -vv -d -P0 -n -r -oN ${DIRECTORY}/${TARGET}.udp.txt ${TARGET}" & while [ `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | grep -v grep | wc -l` -ge ${THREADS} ] do sleep 2 done done ################################################################# # WAITING FOR ALL SCANS TO FINISH ################################################################# while [ `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | grep -v grep | wc -l` -gt 0 ] do echo MESSAGE: `ps -Aef --cols 200 | grep ${DIRECTORY} | grep xterm | grep -v grep | wc -l`processes still running sleep 10 done echo "MESSAGE: Scanning Complete" ################################################################# # DISPLAYING NICE OUTPUT OF RESULTS WITH HIGHLIGHTING ################################################################# cd "${STARTDIR}/${DIRECTORY}" cat *p.txt | grep "scan\ report\ for\|Interesting\|open\|---------------------------------------------" | grep -v "OSScan" > open_ports.txt grep -E --color=always '.*(rdp|ssl|http|telnet|https|sslv2|mail|smtp|snmp).*|' open_ports.txt | less -R cd "${STARTDIR}/.." exit 0