I have wrote a little script (matts-monitor.sh) to monitor for new devices on your subnet and then perform an action against each new device.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | #!/bin/bash # # matts-monitor.sh v1.1 # This tool allows you to monitor your current subnet and then runs a command against the new target! # Create by Matthew Phillips # New versions can be downloaded from www.phillips321.co.uk VERSION="1.1" # # This tool requires nmap to be installed and to be run as root # # ChangeLog.... # Version 1.1 - Improved sort code # - Added better GATEWAY detection # - Allowed script escape by pressing enter # - Collated argument checking into 1 if statement # - Reports version number within usage # Version 1.0 - First Release ################################################################# # CHECKING FOR ROOT ################################################################# if [ `echo -n $USER` != "root" ] then echo "MESSAGE:" echo "MESSAGE: ERROR: Please run as root!" echo "MESSAGE:" exit 1 fi ################################################################# # CHECKING TO SEE IF INTERFACE AND INTERVAL PROVIDED ################################################################# if [ -z ${1} ] || [ -z ${2} ] then echo "MESSAGE: Version number ${VERSION}" echo "MESSAGE: Usage: `basename ${0}` [interface] [time between scans (secs)]" echo "MESSAGE: Example #`basename ${0}` eth0 60" exit 1 else INTERFACE="`echo "${1}" | cut -c 1-6`" echo "MESSAGE: Monitoring ${1} for new devices" INTERVAL="`echo "${2}" | tr -cd '[:digit:]' | cut -c 1-4`" echo "MESSAGE: Scanning once every ${INTERVAL} seconds" fi ################################################################# # IDENTIFY IP, GATEWAY and SUBNET ################################################################# IPADDR=`ifconfig ${INTERFACE} | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'` SUBNET=`ifconfig ${INTERFACE} | grep 'Mask:'| grep -v '127.0.0.1' | cut -d: -f4` GATEWAY=`route -n | grep ${INTERFACE} | grep UG | sed -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 2` echo "MESSAGE: interface=${INTERFACE} gateway=${GATEWAY} ip.addr=${IPADDR} subnet=${SUBNET}" ################################################################# # PERFORMING FIRST SCAN TO CREATE WHITELIST ################################################################# arp-scan -l -I ${INTERFACE} | sed -e '1,2d' -e '/^$/,+2 d' -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 1 > WHITELIST.txt if [[ -s WHITELIST.txt ]] ; then echo "MESSAGE: The following devices were found and will be excluded from this monitor." cat WHITELIST.txt else echo "MESSAGE: No IPs found during arp-scan, are you sure your interface is up?." exit 1 fi ; ################################################################# # THIS IS THE MONITORING BIT ################################################################# echo "MESSAGE: Press enter to exit the scanner" while true; do arp-scan -l -I ${INTERFACE} | sed -e '1,2d' -e '/^$/,+2 d' -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 1 > SCAN.txt sort SCAN.txt -o SCAN.txt NEWIP=`diff -a SCAN.txt WHITELIST.txt | grep \< | sed -e 's/< //'` if [ ! -z ${NEWIP} ]; then echo "MESSAGE: New IP detected!!! ${NEWIP}" echo ${NEWIP} >> WHITELIST.txt ################################################################# # To run a command when new device found please enter it here xterm -e "echo we have found a new ip ${NEWIP} ; sleep 10" ################################################################# fi sort WHITELIST.txt -o WHITELIST.txt read -t ${INTERVAL} && break done ################################################################# # DELETE FILES CREATED DURING MONITORING ################################################################# rm -rf SCAN.txt WHITELIST.txt |
Leave a Reply
You must be logged in to post a comment.