austinjdean/tumble.py

## tumble.py
#!/usr/bin/env python3
# outline of a script to tumble through open ports and run some command for each

# take as args (each can be either comma separated cmd line list xor file):
# - port list | -p 22,80,443 | -p ports.txt
# - host list | -h ftp.example.com,nsa.gov,google.com,cheapddos.ru | -h hosts.txt

# cumulative record example matrix
#         22  80  443 etc
# host1       x   x   x
# host2   x   x   x   x
# host3           x   x
# host4   x   x   x
# host5           x   x
# host6   x   x   x   x
# host7   x           x
# host8   x
# host9   x   x   x   x

# routine:
# - bonus: try to autodetect args as either file names or the comma separated lists (how could you help a computer distinguish between what is logically a port and a file name?)
# - quit if one is missing (e.g. all hosts, no ports - or- all ports no hosts)
#   - sass the user
# - for each port:
#   - scan each host for that port with telnet(?); capture response (for host in hosts)
#   - or with nmap? and use an nse script relevant to the current port? store that output? but then why even use nmap this way, you'd just supply the lists of hosts and ports to nmap
#   - maybe we want to build custom scanner, so we can run any command for each host and port (lol that's just NSE scripts i think)
#   - whatever this is a programming exercise not a best practice exercise
#   - some options:
#     - sudo nmap -Pn -sS -sV -O 10.0.0.118 -p 6969
#     - telnet 10.0.0.118 6969 (any way to write keystrokes to subprocess? sometimes telnet gives more info if keystrokes are sent)
#     - cmd = "echo asdf | nc 10.0.0.118 8080 (this sends asdf over the tcp connection and prints reponse. usually gives a hint at what's running)
#     - cmdResult = subprocess.check_output(cmd, shell=True) # thanks: https://stackoverflow.com/questions/6657690/python-getoutput-equivalent-in-subprocess#comment60988696_17330481
#   - add the response to cumulative record (list of lists; telnet responses stored as strings)
#     - table[host][port] would contain telnet response, empty otherwise
# - print results?
# - optionally write to file (csv? pipe delim?)
	#!/usr/bin/env python3
	# outline of a script to tumble through open ports and run some command for each

	# take as args (each can be either comma separated cmd line list xor file):
	# - port list \| -p 22,80,443 \| -p ports.txt
	# - host list \| -h ftp.example.com,nsa.gov,google.com,cheapddos.ru \| -h hosts.txt

	# cumulative record example matrix
	# 22 80 443 etc
	# host1 x x x
	# host2 x x x x
	# host3 x x
	# host4 x x x
	# host5 x x
	# host6 x x x x
	# host7 x x
	# host8 x
	# host9 x x x x

	# routine:
	# - bonus: try to autodetect args as either file names or the comma separated lists (how could you help a computer distinguish between what is logically a port and a file name?)
	# - quit if one is missing (e.g. all hosts, no ports - or- all ports no hosts)
	# - sass the user
	# - for each port:
	# - scan each host for that port with telnet(?); capture response (for host in hosts)
	# - or with nmap? and use an nse script relevant to the current port? store that output? but then why even use nmap this way, you'd just supply the lists of hosts and ports to nmap
	# - maybe we want to build custom scanner, so we can run any command for each host and port (lol that's just NSE scripts i think)
	# - whatever this is a programming exercise not a best practice exercise
	# - some options:
	# - sudo nmap -Pn -sS -sV -O 10.0.0.118 -p 6969
	# - telnet 10.0.0.118 6969 (any way to write keystrokes to subprocess? sometimes telnet gives more info if keystrokes are sent)
	# - cmd = "echo asdf \| nc 10.0.0.118 8080 (this sends asdf over the tcp connection and prints reponse. usually gives a hint at what's running)
	# - cmdResult = subprocess.check_output(cmd, shell=True) # thanks: https://stackoverflow.com/questions/6657690/python-getoutput-equivalent-in-subprocess#comment60988696_17330481
	# - add the response to cumulative record (list of lists; telnet responses stored as strings)
	# - table[host][port] would contain telnet response, empty otherwise
	# - print results?
	# - optionally write to file (csv? pipe delim?)