Skip to content

Instantly share code, notes, and snippets.

@dreizehnutters

dreizehnutters/snmap.sh

Last active April 8, 2024 08:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dreizehnutters/c235ffeb2b4b8e915908e335738381de to your computer and use it in GitHub Desktop.
Save dreizehnutters/c235ffeb2b4b8e915908e335738381de to your computer and use it in GitHub Desktop.
Download ZIP
staggered nmap scan
Raw
snmap.sh
#!/bin/bash
NET=$1
bold=$(tput bold)
normal=$(tput sgr0)
error="${bold}[!]${normal}"
if [ -z "${1}" ]; then
echo "${0} <NET_IN_CIDR>|<FILE> [--check]"
exit 1
fi
XMLS=/usr/bin/xmlstarlet
NMAP_BIN=/usr/bin/nmap
uID=1000
NMAP_MIN_RATE=500 # CHANGE ME
MIN_HOSTGROUP=16 # MIN_HOSTGROUP*16 ~= #scan targets
DEFALUT_OPTIONS="--privileged \
-v \
-d1 \
-Pn \
-T5 \
--min-rate=${NMAP_MIN_RATE} \
--min-hostgroup=${MIN_HOSTGROUP} \
--stats-every=10 \
--open"
get_ports_from_XML() {
local nmap_path="${1}"
$XMLS sel -t -m '//port/state[@state="open"]/parent::port' \
-v 'ancestor::host/address[@addrtype="ipv4"]/@addr' \
-o : -v './@portid' -n "${nmap_path}"/*.xml | sort -u -V |
cut -d ':' -f2- | sort -u -V | sed ':a;N;$!ba;s/\n/,/g'
}
is_valid_cidr() {
local cidr="${1}"
local cidr_pattern='^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$'
if ! [[ $cidr =~ $cidr_pattern ]]; then
echo "${error} Invalid CIDR notation: ${cidr}"
exit 1
fi
}
exit_fun() {
sudo /usr/bin/chown ${uID}:${uID} -hR "${NET_PATH}"
echo "$1" && exit 0
}
if [[ -f "${NET}" || -d "${NET}" ]]; then
INPUT="-iL ${NET}"
VERBOSE="$(cat ${NET} 2>/dev/null | tr '\n' ',')"
else
is_valid_cidr $NET
INPUT="${NET}"
VERBOSE="${NET}"
fi
if [ "$2" == "--ports" ]; then
echo "${bold}[[[[ grepping open ports ]]]]${normal}"
get_ports_from_XML $1
exit 0
fi
if [ "$EUID" -ne 0 ]; then
echo "${error} Please run as root (or set capabilities)"
echo "sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)"
exit 1
fi
NET_PATH="${PWD}/nmap-$(echo ${NET} | tr '.' '_' | tr '\/' '-')-$(date +%s)"
mkdir -p "${NET_PATH}"
if [ "$2" == "--check" ]; then
echo "${bold}[[[[ subnet scan of ${VERBOSE} to generate hosts.xml ]]]]${normal}"
$NMAP_BIN \
-v \
-d1 \
--stats-every=10 \
-sn \
-PE \
-oA "${NET_PATH}/hosts" \
$INPUT
echo "${bold}[[[[ the following hosts are reachable ]]]]${normal}"
$XMLS sel -t -m "//host[status/@state='up']" -v "concat(address[@addrtype='ipv4']/@addr, ' ', hostnames/hostname/@name)" -n "${NET_PATH}"/hosts.xml | tee "${NET_PATH}"/up_hosts.txt
echo "${bold}[[[[ the following hosts are NOT reachable ]]]]${normal}"
$XMLS sel -t -m "//host[status/@state='down']" -v "concat(address[@addrtype='ipv4']/@addr, ' ', hostnames/hostname/@name)" -n "${NET_PATH}"/hosts.xml | tee "${NET_PATH}"/down_hosts.txt
exit_fun
fi
echo "${bold}[[[[ min tcp scan for ${VERBOSE} ]]]]${normal}"
$NMAP_BIN \
$DEFALUT_OPTIONS \
-p- \
-sS \
-oA "${NET_PATH}/init" \
$INPUT
[ $? -eq 1 ] && exit_fun "${error} min tcp scan FAILED"
echo "${bold}[[[ checking version on ports: $(get_ports_from_XML "${NET_PATH}") on ${VERBOSE} ]]]${normal}"
$NMAP_BIN \
$DEFALUT_OPTIONS \
-p$(get_ports_from_XML "${NET_PATH}") \
-sCV \
-O \
--script='discovery' \
--version-all \
-oA "${NET_PATH}/version" \
$INPUT
[ $? -eq 1 ] && exit_fun "${error} version scan FAILED"
echo "${bold}[[[[ nmap min udp for ${VERBOSE} ]]]]${normal}"
$NMAP_BIN \
$DEFALUT_OPTIONS \
--top-ports=100 \
-sUV \
--version-intensity 1 \
--open \
-oA "${NET_PATH}/uinit" \
$INPUT
[ $? -eq 1 ] && exit_fun "${error} UDP scan FAILED"
exit_fun "${bold}[[[[ finished ${NET_PATH} ]]]]${normal}"
@dreizehnutters
Copy link
Author

Automates network scanning tasks using Nmap, extracting information such as open ports and host statuses. Supports scanning a specified CIDR range or input file. Provides options for TCP, UDP, and version detection scans with configurable parameters. Outputs scan results to organized directories for further analysis.

Features

  • CIDR Range or File Input: The script supports scanning either a specified CIDR range or an input file containing a list of hosts.

  • Staggered Approach to Scanning: The script employs a staggered approach to scanning, minimizing overhead by setting appropriate options for scanning speed and host group size.

  • Optional Host Scan: Includes an option to perform a subnet scan to check the reachability of hosts within a specified CIDR range. This generates hosts.xml and provides insights into the status of hosts.

  • Grepping of Open Ports: Provides an option to extract and list all open ports from existing Nmap XML files, allowing for targeted analysis and exploration of network services.

  • Automated Directory Organization: Scan results are automatically organized into directories based on the provided input, facilitating easy access and analysis.

Usage

  1. Input Specification:

    • To scan a CIDR range: ./network_scan.sh <CIDR>
    • To scan hosts listed in a file: ./network_scan.sh <file>

  2. Options:

    • --check: Performs a subnet scan to generate hosts.xml and checks the reachability of hosts.
    • --ports: Extracts and lists open ports from existing Nmap XML files.

  3. Prerequisites:

    • Ensure Nmap and xmlstarlet are installed (sudo apt install nmap xmlstarlet).

  4. Execution:

    • Run the script with appropriate permissions (root or with capabilities).

Example Usage

# Scan a CIDR range
./network_scan.sh 192.168.1.0/24

# Scan hosts listed in a file
./network_scan.sh hosts.txt

# Check reachability of hosts in a CIDR range
./network_scan.sh 192.168.1.0/24 --check

# Extract and list open ports from existing Nmap XML files
./network_scan.sh results/ --ports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment