Skip to content

Instantly share code, notes, and snippets.

@hackingbutlegal

hackingbutlegal/gist:5035842

Created February 26, 2013 04:20
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hackingbutlegal/5035842 to your computer and use it in GitHub Desktop.
Save hackingbutlegal/5035842 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
#!/bin/bash
#__________________________________________________________
# Author: phillips321 contact through phillips321.co.uk
# License: CC BY-SA 3.0
# Use: All in one pentest script designed for bt5
# Released: www.phillips321.co.uk
version=7.0
# Dependencies:
# nmap
# sslscan
# gnome-web-photo
# arp-scan
# dialog
# amap
# tree
# glibc
# nfs-common
# xwininfo
# onesixtyone v0.8 (included with svn checkout)
# enum4linux and polenum (included with svn checkout)
# make sure polenum is in your path and enum4linux points to enum4linux.pl
# backtrack users can apt-get install sslscan gnome-web-photo arp-scan dialog tree glibc-2.10-1 nfs-common
# ToDo:
# remove index.blah from wget output
# add xml to output from here: http://www.pentesticles.com/2012/05/we-have-port-scans-what-now.html
# ensure snmp get follows correct port
# add ability to launch nesssus against targets
# check if gnome-web-photo can follow redirects
# fix snmptget output
# prevent threads from being above 50?
# ChangeLog:
# v7.0 - added MACIGNORE which removes a mac address from targets (good for VMHost MAC)
# - This is best added to the custom-config.conf lowercase!!!
# - MACIGNORE="be:ef:b0:0b:13:37"
# v6.8 - minor bug fixes
# v6.7 - added f_progressquick (used when scans<threads to allow quicker loading)
# v6.6 - added a sleep to end of wget (allows errors to be seen)
# v6.5 - added a numerical sort for IP addresses (1.0.0.99 < 1.0.0.1000)
# v6.4 - added echotime function to allow time to be shown easier in output
# - cleaned up output to console
# - changed progress update from 5 to 3 secs
# - changed sleep from 1 to ${SLEEPTIME} (default 0.2)
# v6.3 - improved console output and fixed a cp error(missing targets.txt)
# v6.2 - removed seperate xterm window for THREADS
# - output to terminal now includes time
# v6.1 - removed more dialog usage and added time output to terminal
# v6.0 - removed dialog as much as possible for now
# v5.8 - fixed bug with mask2cidr :-)
# v5.7 - minor bug fixes with scansource.txt creation
# - have diabled f_mask2cidr due to wierd bug :-( default now to /24 ping sweep
# - force wget to only attempt connection once (-t 1)
# v5.6 - minor bug fixes
# v5.5 - Improved output to scansource.txt
# - added nmap ping sweep to scansource.txt
# - this require mask2cidr function and cidr value
# v5.4 - added wget for all HTTP(s) ports
# v5.3 - stooped sslscan from scanning 3389
# v5.2 - added NMAP to title of nmap scans instead of ${OUTPUTDIR}
# v5.1 - fixed echo out of vlan_ports.txt at end of scan
# v5.0 - added seperate file (custom-config.conf) for loading custom parameters.
# - create file called custom-config.conf in the same dir with your settings such as:
# --------------------------------------------------------
# THREADS=20
# NMAPUDPCUSTOMPORTS="53,69,161"
# MACIGNORE="be:ef:b0:0b:13:37"
# --------------------------------------------------------
# v4.3 - outputs targets.txt and vlan_ports.txt at end of scans
# v4.2 - added x11 screen grab using xwininfo
# v4.1 - added option to create new targets.txt if it already exists
# v4.0 - added quick nmap scan to show some ports before main nmap scans
# - added timeout and retry count to amap scans -T 2 -C 1
# v3.6 - removed "Os guess incomplese from open ports output"
# - added f_scansource to gather details of scan info
# - added ipcalc to scansource
# v3.5 - add ability to detech if 32 or 64bit architecture (for onesixtyone bin)
# v3.4 - fixed bug that didnt create SNMPCommunityStrings.txt output properly
# - stopped gwp from taking a photo of 3389 on ssl detection
# v3.3 - added custom onesixty one to scan custom ports
# v3.2 - fixed issue with target directory
# v3.1 - each host now has it's own scan folder for neatness
# v3.0 - replaced nbtscan with enum4linux
# - added enum4linux-0.8.8 and polenum-0.2
# v2.9 - added 80 to custom tcp ports
# - removed delay after opening openports, weakciphers, etc...
# - scansource.txt now in outputdir as opposed to startdir
# v2.8 - copy targets.txt into output folder and added scansource.txt
# v2.7 - fixed error with snmpscan returning with "Host responded with error NO SUCH NAME"
# v2.6 - added nfs tree output
# v2.5 - fixed vlanports.txt output to remove A-Z
# v2.4 - added uniscan to automate some web tests
# v2.3 - added swaks to auto test for relay on smtp
# v2.2 - added option to display md5 signed certificate hashes
# v2.1 - fixed bug creating open_ports.txt where no ports were found (now also shows which scan size was used to create open_ports.txt)
# v2.0 - removed duplicate entries in open_ports.txt (see end of f_nmapscans function)
# - changed Cancel button to Exit
# - removed Cancel button from some dialog windows (such as pause and threads)
# - THREADS xterm window now closes when scans are completed
# v1.8 - fixed issue with searching for running threads
# - removed duplicates from SNMPCommunityStrings.txt
# v1.7 - deleted temp before starting scans
# v1.6 - Changed xterm font to make nmap windows smaller
# v1.5 - Fixed snmp scans (amap not identifying snmp service)
# v1.4 - added (n of X) scanned to progress dialog
# v1.3 - cleanup after nbtscan (removes scans with no response)
# v1.2 - added vlan_ports.txt to show all ports(TCP+UDP found (for ACL testing and import to nessus)
# v1.1 - made scan windows smaller using geometry 80x10
# v1.0 - Can now change number of threads on the fly using the popup xterm
# v0.6 - COUNT++ improved on nmap scans to be more accurate
# v0.5 - offers to create targets.txt if it's now found
# - cleans up nmap output if scan was cancelled
# v0.4 - addition of custom nmap port scan
# v0.3 - comments on all functions
# v0.2 - Caught ESC/Cancel signals to quit program
# v0.1 - First write
# Program
f_setdefaults(){ #defaults for running the script
NMAPTCP="nmap -sS -vv -d -A -Pn -n -r -oA" # this needs to finish with -oA and cannot include -p
NMAPUDP="nmap -sU -vv -d -A -Pn -n -r -oA" # this needs to finish with -oA and cannot include -p
NMAPQUICKPORTS="7,13,17,19,21,22,23,25,50,53,69,80,111,123,135,137,139,161,199,443,445,500,1434,1556,2049,2301,2381,3181,3389,5353,8080,8081,8161,47001"
NMAPTCPCUSTOMPORTS="21,22,23,25,50,80,135,139,199,443,445,1556,2301,2381,3181,3389,8080,8081,47001"
NMAPUDPCUSTOMPORTS="7,13,17,19,53,69,111,123,135,137,161,500,1434,2049,5353,8161"
XTERMVALS="-iconic -fn -*-*-*-*-*-*-7-*-*-*-*-*-*-* -geometry 80x10"
MACHINE_TYPE=`uname -m`
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
onesixtyone=`which pentest.sh | sed -e "s/pentest.sh/onesixtyone-0.8\/onesixtyone_x64/"`
else
onesixtyone=`which pentest.sh | sed -e "s/pentest.sh/onesixtyone-0.8\/onesixtyone_x86/"`
fi
enum4linux=`which pentest.sh | sed -e "s/pentest.sh/enum4linux-0.8.8\/enum4linux.pl/"`
#make sure polenum-0.2 is also in your path
NMAPTCPALL=1 ; NMAPTCPDEFAULT=1 ; NMAPTCPCUSTOM=1
NMAPUDPALL=0 ; NMAPUDPDEFAULT=1 ; NMAPUDPCUSTOM=1
RUNARPSCAN=0
RUNQUICKNMAP=0
RUNNMAP=0
RUNAMAP=0
RUNSSLSCAN=0
RUNGWP=0
RUNSNMPSCAN=0
RUNSNMPGET=0
RUNENUM4LINUXSCAN=0
RUNSWAKS=0
RUNUNISCAN=0
RUNNFSSCAN=0
RUNX11GRAB=0
RUNWGET=0
RUNNING=0
THREADS=10
SLEEPTIME=0.2
MACIGNORE="be:ef:b0:0b:13:37"
# Load custom config from file custom-config.conf if it exists
scriptlocation=`echo "$0" | sed -e s/pentest.sh//`
echo ${scriptlocation}custom-config.conf
if [[ -e ${scriptlocation}custom-config.conf ]]
then
echo "[+] Config file found at ${scriptlocation}"
. ${scriptlocation}custom-config.conf
fi
}
f_main(){ #this is the main bulk of the program that calls the scans
dialog --title "Scan Types" --separate-output --output-fd 2 --checklist "What do you want to run? Scan selections are dependent on the scan type above it being run first. For example, you cannot run sslscan if anamp and nmap have not been run prior." 0 0 0 \
arpscan "run arp-scan to create targets.txt" off \
quicknmap "run a quick nmap of the targets" on \
nmap "nmap targets" on \
amap "amap ports found using nmap" off \
sslscan "sslscan targets" off \
gwp "Take photo of web pages found?" off \
snmpscans "Check for default SNMP community strings" off \
snmpget "Get data from SNMP services using known strings" off \
enum4linux "Run enum4linux against targets" off \
smtp "connect to SMTP to check if they allow relaying of mail" off \
uniscan "run uniscan against HTTP(s) ports" off \
nfsscan "connect to nfs services and list contents" off \
x11grab "get screenshot of x11 sessions" off \
wget "run wget against HTTP(s) ports" off \
2> /tmp/answer
case $? in 1|255) : do ; f_exit ;; esac
checklist=`cat /tmp/answer`
for opt in ${checklist}
do
case ${opt} in
arpscan) : do ; RUNARPSCAN=1 ;;
quicknmap) : do ; RUNQUICKNMAP=1 ;;
nmap) : do ; RUNNMAP=1 ;;
amap) : do ; RUNAMAP=1 ;;
sslscan) : do ; RUNSSLSCAN=1 ;;
gwp) : do ; RUNGWP=1 ;;
snmpscans) : do ; RUNSNMPSCAN=1 ;;
snmpget) : do ; RUNSNMPGET=1 ;;
enum4linux) : do ; RUNENUM4LINUXSCAN=1 ;;
smtp) : do ; RUNSWAKS=1 ;;
uniscan) : do ; RUNUNISCAN=1 ;;
nfsscan) : do ; RUNNFSSCAN=1 ;;
x11grab) : do ; RUNX11GRAB=1 ;;
wget) : do ; RUNWGET=1 ;;
esac
done
clear
echo -e "\e[00;32m[SETTINGS]\e[00m"
read -p "[+] Where would you like the output to go: " -e -i "`pwd`/output" OUTPUTDIR
f_directorycheck
if [ -s targets.txt ]
then
cp targets.txt ${OUTPUTDIR}/targets.txt
fi
read -p "[+] How many threads would you like to run: " -e -i "${THREADS}" THREADS
f_scansource
if [ ${RUNARPSCAN} == "1" ] ; then f_arpscan ; fi
if [ ${RUNQUICKNMAP} == "1" ] ; then f_quicknmap ; fi
if [ ${RUNNMAP} == "1" ] ; then f_nmapoptions ; f_nmapscans ; fi
if [ ${RUNAMAP} == "1" ] ; then f_amapscans ; fi
if [ ${RUNSSLSCAN} == "1" ] ; then f_sslscans ; fi
if [ ${RUNGWP} == "1" ] ; then f_gwp ; fi
if [ ${RUNSNMPSCAN} == "1" ] ; then f_snmpscan ; fi
if [ ${RUNSNMPGET} == "1" ] ; then f_snmpget ; fi
if [ ${RUNENUM4LINUXSCAN} == "1" ] ; then f_runenum4linuxscan ; fi
if [ ${RUNSWAKS} == "1" ] ; then f_swaksscans ; fi
if [ ${RUNUNISCAN} == "1" ] ; then f_uniscan ; fi
if [ ${RUNNFSSCAN} == "1" ] ; then f_nfsscan ; fi
if [ ${RUNX11GRAB} == "1" ] ; then f_x11grab ; fi
if [ ${RUNWGET} == "1" ] ; then f_wget ; fi
}
f_debug(){ #this is debug information (insert f_debug in the script to pause)
echo -e "\e[00;32m[DEBUG]\e[00m"
echo "checklist = ${checklist}"
echo "NMAPTCPDEFAULT=${NMAPTCPDEFAULT}"
echo "NMAPTCPALL=${NMAPTCPALL}"
echo "NMAPTCPCUSTOM=${NMAPTCPCUSTOM}"
echo "NMAPTCPCUSTOMPORTS=${NMAPTCPCUSTOMPORTS}"
echo "NMAPUDPDEFAULT=${NMAPUDPDEFAULT}"
echo "NMAPUDPALL=${NMAPUDPALL}"
echo "NMAPUDPCUSTOM=${NMAPUDPCUSTOM}"
echo "NMAPUDPCUSTOMPORTS=${NMAPUDPCUSTOMPORTS}"
echo "Number of scantypes = $((${NMAPTCPDEFAULT}+${NMAPTCPALL}+${NMAPTCPCUSTOM}+${NMAPUDPDEFAULT}+${NMAPUDPALL}+${NMAPUDPCUSTOM}))"
echo "Output directory = ${OUTPUTDIR}"
echo "Number of threads = ${THREADS}"
echo "RUNARPSCAN = ${RUNARPSCAN}"
echo "RUNQUICKNMAP = ${RUNQUICKNMAP}"
echo "RUNNMAP = ${RUNNMAP}"
echo "RUNAMAP = ${RUNAMAP}"
echo "RUNSSLSCAN = ${RUNSSLSCAN}"
echo "RUNGWP = ${RUNGWP}"
echo "RUNSNMPSCAN = ${RUNSNMPSCAN}"
echo "RUNSNMPGET = ${RUNSNMPGET}"
echo "RUNENUM4LINUXSCAN = ${RUNENUM4LINUXSCAN}"
echo "COUNT = ${COUNT}"
echo "NUMBER = ${NUMBER}"
echo "targets.txt =" ; cat targets.txt
echo "result = ${result}"
read -p "pause"
}
f_directorycheck(){ #creates dir if it's not present
if [ -d ${OUTPUTDIR} ] ; then sleep 0 ; else mkdir ${OUTPUTDIR} ; fi
}
f_scansource(){ #creates scansource.txt containing network info
echo -e "\e[00;32m[SCANSOURCE]\e[00m"
echo "[+] Now creating scansource.txt `echotime`"
ipaddr=`ifconfig eth0 | grep "inet addr" | cut -d":" -f2 | cut -d" " -f1`
netmask=`ifconfig eth0 | grep "Mask" | cut -d":" -f4`
f_mask2cidr ${netmask} #cidr is now /24 /25 /23 and so on
echo "[+] Interface Details----------------" > ${OUTPUTDIR}/scansource.txt
ifconfig eth0 | sed '/^$/d' >> ${OUTPUTDIR}/scansource.txt
echo -e "\n[+] Route Details--------------------" >> ${OUTPUTDIR}/scansource.txt
route -n >> ${OUTPUTDIR}/scansource.txt
echo -e "\n[+] IPCalc Details-------------------" >> ${OUTPUTDIR}/scansource.txt
ipcalc -n -b "${ipaddr}" "${netmask}" >> ${OUTPUTDIR}/scansource.txt
echo -e "\n[+] Arp-Scan Details-----------------" >> ${OUTPUTDIR}/scansource.txt
arp-scan -l | grep -v packets | grep -v Ending | grep -v Starting | grep -v Interface | sed '/^$/d' >> ${OUTPUTDIR}/scansource.txt
echo -e "\n[+] NMAP Ping Sweep Details-----------------" >> ${OUTPUTDIR}/scansource.txt
nmap -sP "${ipaddr}/${cidr}" | grep -v "Host is up" | sed -e 's/Nmap scan report for //' | grep -v Nmap | grep -v "${ipaddr}" | sed ':a;N;$!ba;s/\nMAC Address: / /g' | sed '/^$/d' >> ${OUTPUTDIR}/scansource.txt
echo "[+] scansource.txt created `echotime`"
}
f_mask2cidr(){ #function to turn mask into cidr value
case $1 in
255.255.240.0) cidr="20";;
255.255.248.0) cidr="21";;
255.255.252.0) cidr="22";;
255.255.254.0) cidr="23";;
255.255.255.0) cidr="24";;
255.255.255.128) cidr="25";;
255.255.255.192) cidr="26";;
255.255.255.224) cidr="27";;
255.255.255.240) cidr="28";;
255.255.255.248) cidr="29";;
255.255.255.252) cidr="30";;
*) cidr="24" ; echo "[+] Error:Not able to figure out cidr from subnetmask (defaulting to /24)" ; sleep 5;;
esac
}
f_progress(){ #outputs progress to screen
PERCENTAGE=$(($((${COUNT}*100))/${NUMBER}))
echo -en "\e[K\r[+] ${*} - now on ${COUNT} of ${NUMBER} - ${PERCENTAGE}% | "
THREADSBEFORE=${THREADS}
read -t 5 -p "Threads: " -e -i ${THREADSBEFORE} THREADS
if [ $? != 0 ] ; then THREADS=${THREADSBEFORE} ; fi
}
f_progressquick(){ #outputs progress to screen (uses small sleep)
PERCENTAGE=$(($((${COUNT}*100))/${NUMBER}))
echo -en "\e[K\r[+] ${*} - loading${COUNT} of ${NUMBER} - ${PERCENTAGE}% | "
THREADSBEFORE=${THREADS}
read -t ${SLEEPTIME} -p "Threads: " -e -i ${THREADSBEFORE} THREADS
if [ $? != 0 ] ; then THREADS=${THREADSBEFORE} ; fi
}
f_arpscan(){ #creates targets.txt and then allows editing
echo -e "\e[00;32m[ARPSCAN]\e[00m"
if [ -s targets.txt ]
then
echo -e "\e[00;31m[+] Error! \e[00m targets.txt file already found"
read -p "Do you wish to create a new file(y/n)?: " -e -i "n" ANSWER
if [ "$(echo $ANSWER | tr [:upper:] [:lower:])" == "n" ]
then
echo "\e[00;31m[+] Exiting to prevent overwrite of targets.txt\e[00m"
exit 0
fi
fi
echo "[+] We are now scanning the local subnet for devices using arp-scan `echotime`"
arp-scan -l -g | grep . | grep -v ${MACIGNORE} | cut -f1 | grep -v packets |grep -v Interface | grep -v Ending | grep -v Starting | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > `pwd`/targets.txt
echo "[+] Arp-Scan complete. Please remove IPs you dont wish to scan `echotime`" ; sleep 3
nano `pwd`/targets.txt
cp `pwd`/targets.txt ${OUTPUTDIR}/targets.txt
}
f_nmapoptions(){ #determins what type of nmap scans you want
echo -e "\e[00;32m[NMAP OPTIONS]\e[00m"
ANSWER="y"
while [ "$(echo $ANSWER | tr [:upper:] [:lower:])" != "n" ]
do
echo "[+] Nmap scans types - We are set to run the following:"
echo " |_________TCP___________|_________UDP__________|"
if [ ${NMAPTCPALL} = "1" ] ; then echo -en " |\e[00;32m Big \e[00m "; else echo -en "|\e[02;31m Big \e[00m "; fi
if [ ${NMAPTCPDEFAULT} = "1" ] ; then echo -en "\e[00;32mDefault \e[00m " ; else echo -en "\e[02;31mDefault \e[00m "; fi
if [ ${NMAPTCPCUSTOM} = "1" ] ; then echo -en "\e[00;32mCustom \e[00m " ; else echo -en "\e[02;31mCustom \e[00m "; fi
if [ ${NMAPUDPALL} = "1" ] ; then echo -en "|\e[00;32m Big \e[00m " ; else echo -en "|\e[02;31m Big \e[00m "; fi
if [ ${NMAPUDPDEFAULT} = "1" ] ; then echo -en "\e[00;32mDefault \e[00m " ; else echo -en "\e[02;31mDefault \e[00m "; fi
if [ ${NMAPUDPCUSTOM} = "1" ] ; then echo -e "\e[00;32mCustom\e[00m |" ; else echo -e "\e[02;31mCustom\e[00m |"; fi
read -p "[+] Do you want to change any of this(y/n)? " -e -i "n" ANSWER
if [ "$(echo $ANSWER | tr [:upper:] [:lower:])" == "y" ]
then
read -p " | Big TCP Scan(y/n)?: " -e -i "y" ANSWER1
if [ "$(echo $ANSWER1 | tr [:upper:] [:lower:])" == "y" ]; then NMAPTCPALL=1 ; else NMAPTCPALL=0 ;fi
read -p " | Default TCP Scan(y/n)?: " -e -i "y" ANSWER2
if [ "$(echo $ANSWER2 | tr [:upper:] [:lower:])" == "y" ]; then NMAPTCPDEFAULT=1 ; else NMAPTCPDEFAULT=0 ;fi
read -p " | Custom TCP Scan(y/n)?: " -e -i "y" ANSWER3
if [ "$(echo $ANSWER3 | tr [:upper:] [:lower:])" == "y" ]; then NMAPTCPCUSTOM=1 ; else NMAPTCPCUSTOM=0 ;fi
read -p " | Big UDP Scan(y/n)?: " -e -i "n" ANSWER4
if [ "$(echo $ANSWER4 | tr [:upper:] [:lower:])" == "y" ]; then NMAPUDPALL=1 ; else NMAPUDPALL=0 ;fi
read -p " | Default UDP Scan(y/n)?: " -e -i "y" ANSWER5
if [ "$(echo $ANSWER5 | tr [:upper:] [:lower:])" == "y" ]; then NMAPUDPDEFAULT=1 ; else NMAPUDPDEFAULT=0 ;fi
read -p " | Custom UDP Scan(y/n)?: " -e -i "y" ANSWER6
if [ "$(echo $ANSWER6 | tr [:upper:] [:lower:])" == "y" ]; then NMAPUDPCUSTOM=1 ; else NMAPUDPCUSTOM=0 ;fi
fi
done
if [ ${NMAPTCPCUSTOM} = "1" ]
then
echo "[+] Please enter the NMAP Custom TCP ports:"
read -p " | TCP:" -e -i "${NMAPTCPCUSTOMPORTS}" NMAPTCPCUSTOMPORTS
fi
if [ ${NMAPUDPCUSTOM} = "1" ]
then
echo "[+] Please enter the NMAP Custom UDP ports:"
read -p " | UDP:" -e -i "${NMAPUDPCUSTOMPORTS}" NMAPUDPCUSTOMPORTS
fi
}
f_quicknmap(){ #quick nmap scan of targets
echo -e "\e[00;32m[QUICK NMAP]\e[00m"
echo -e "[+] Performing a quick nmap.... `echotime`"
xterm -title "Quick nmap scan - running" -e "nmap -sSU -vv -iL targets.txt -Pn -p${NMAPQUICKPORTS} -n -r -oN ${OUTPUTDIR}/quicknmap.txt"
xterm -title "Quick nmap scan - results" -e "cat ${OUTPUTDIR}/quicknmap.txt | grep -i \"Nmap\ scan\ report\ for\|open\" | grep -v filtered | less" &
echo -e "[+] Quick nmap finished `echotime`"
}
f_nmapscans(){ #nmap scans of targets
echo -e "\e[00;32m[NMAP]\e[00m"
echo -e "[+] NMAP scans starting `echotime`"
COUNT=0
NUMBER=$(((`cat targets.txt| wc -l`)*$((${NMAPTCPDEFAULT}+${NMAPTCPALL}+${NMAPTCPCUSTOM}+${NMAPUDPDEFAULT}+${NMAPUDPALL}+${NMAPUDPCUSTOM}))))
if [ -s targets.txt ] ; then sleep 0 ; else echo "[+] targets.txt not found in current directory, we'll create one..." ; f_arpscan ; fi
for i in `cat targets.txt`
do
f_progressquick "NMAP Progress"
TARGET=${i}
LOC=${OUTPUTDIR}/${TARGET}
if [ -d ${LOC} ] ; then sleep 0 ; else mkdir ${LOC} ; fi
if [ ${NMAPTCPDEFAULT} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP small TCP" -e "${NMAPTCP} ${LOC}/small.tcp ${TARGET}" & fi
if [ ${NMAPTCPALL} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP big TCP" -e "${NMAPTCP} ${LOC}/big.tcp -p1-65535 ${TARGET}" & fi
if [ ${NMAPTCPCUSTOM} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP custom TCP" -e "${NMAPTCP} ${LOC}/custom.tcp -p${NMAPTCPCUSTOMPORTS} ${TARGET}" & fi
if [ ${NMAPUDPDEFAULT} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP small UDP" -e "${NMAPUDP} ${LOC}/small.udp ${TARGET}" & fi
if [ ${NMAPUDPALL} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP big UDP" -e "${NMAPUDP} ${LOC}/big.udp -p1-65535 ${TARGET}" & fi
if [ ${NMAPUDPCUSTOM} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP custom UDP" -e "${NMAPUDP} ${LOC}/custom.udp -p${NMAPUDPCUSTOMPORTS} ${TARGET}" & fi
while [ `ps -Aef --cols 400 | grep NMAP | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "NMAP Progress"
done
sleep 5
done
while [ `ps -Aef --cols 400 | grep NMAP | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep NMAP | grep xterm | wc -l`
f_progress "NMAP Finishing(${RUNNING}left)"
done
echo "";echo -e "[+] NMAP scans finished `echotime`"
# delete scans that were cancelled during running
cd "${OUTPUTDIR}"
for i in `ls */*.gnmap`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 2 ];then rm ${i};fi;done
for i in `ls */*.xml`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 15 ];then rm ${i};fi;done
for i in `ls */*.nmap`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 1 ];then rm ${i};fi;done
# create open_ports.txt containing only 1 tcp and 1 udp scan from each IP in order of size (big>small>custom)
echo "[+] Creating open_ports.txt `echotime`"
if [ -s open_ports.txt ] ; then rm open_ports.txt ; fi
for i in `ls */*.nmap | cut -d"/" -f1 | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n`
do
echo "###################### ${i} RESULTS ######################" >> open_ports.txt
if [ -f ${i}/big.tcp.nmap ]
then
echo "---------------------- TCP Big------------------------------" >> open_ports.txt
cat ${i}/big.tcp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
elif [ -f ${i}/small.tcp.nmap ]
then
echo "---------------------- TCP Small------------------------------" >> open_ports.txt
cat ${i}/small.tcp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
elif [ -f ${i}/custom.tcp.nmap ]
then
echo "---------------------- TCP Custom------------------------------" >> open_ports.txt
cat *${i}/custom.tcp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
else
echo "no results" >> open_ports.txt
fi
if [ -f ${i}/big.udp.nmap ]
then
echo "---------------------- UDP Big------------------------------" >> open_ports.txt
cat ${i}/big.udp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
elif [ -f ${i}/small.udp.nmap ]
then
echo "---------------------- UDP Small------------------------------" >> open_ports.txt
cat ${i}/small.udp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
elif [ -f ${i}/custom.udp.nmap ]
then
echo "---------------------- UDP Custom------------------------------" >> open_ports.txt
cat *${i}/custom.udp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
else
echo "no results" >> open_ports.txt
fi
echo "" >> open_ports.txt
done
echo "[+] Creating vlan_ports.txt `echotime`"
cat open_ports.txt | grep open | cut -f1 -d"/" | sort -nu | grep -v fingerprint | grep -v "|" | sed ':a;N;$!ba;s/\n/,/g' | tr -cd '[0123456789,]' > vlan_ports.txt
cd ../
}
f_amapscans(){ #amap scans (of nmap output)
echo -e "\e[00;32m[AMAP]\e[00m"
echo -e "[+] AMAP scans starting `echotime`"
cd "${OUTPUTDIR}"
COUNT=0
NUMBER=`ls */*.gnmap | sed -e "s/.gnmap//" | wc -l`
for i in `ls */*.gnmap | sed -e "s/.gnmap//"`
do
f_progressquick "AMAP Progress"
((COUNT++)); xterm ${XTERMVALS} -title "${i} AMAP" -e "amap -T 2 -C 1 -i ${i}.gnmap -o ${i}.amap | tee -a amap_full.txt" &
while [ `ps -Aef --cols 400 | grep AMAP | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "AMAP Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep AMAP | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep AMAP | grep xterm | wc -l`
f_progress "AMAP Finishing(${RUNNING}left)"
done
cat amap_full.txt | cut -d" " -f3,4,5 | grep matches | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > amap.txt
cat amap.txt | grep http | cut -d"/" -f 1 | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > amap.http.txt
cat amap.txt | grep ssl | cut -d"/" -f 1 | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > amap.ssl.txt
cat amap_full.txt | cut -d" " -f3,4,5 | grep 161/udp | cut -d"/" -f1 | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > amap.snmp.txt
cat amap.txt | grep smtp | cut -d"/" -f 1 | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > amap.smtp.txt
cat amap.txt | grep nfs | cut -d"/" -f 1 | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > amap.nfs.txt
cat amap.txt | grep x-windows | cut -d"/" -f1 | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > amap.x11.txt
echo ""; echo -e "[+] AMAP scans finished `echotime`"
cd ../
}
f_sslscans(){ #sslscans of ssl services (using amap output)
echo -e "\e[00;32m[SSL SCANS]\e[00m"
echo -e "[+] SSLSCAN starting `echotime`"
cd "${OUTPUTDIR}"
if [ -s amap.ssl.txt ]
then
COUNT=0
NUMBER=`cat amap.ssl.txt | grep -v 3389 | wc -l`
for i in `cat amap.ssl.txt | grep -v 3389`
do
f_progressquick "SSLSCAN Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} SSLSCAN" -e "sslscan --no-failed ${i} | tee ${HOST}/${PORT}.sslscan.txt; sleep 5" &
while [ `ps -Aef --cols 400 | grep SSLSCAN | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "SSLSCAN Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep SSLSCAN | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep SSLSCAN | grep xterm | wc -l`
f_progress "SSLSCAN Finishing(${RUNNING}left)"
done
cat */*.sslscan.txt | grep "Testing\ SSL\|Accepted\|ERROR\|Signature\ Algorithm" | grep "SSLv2\|Testing\|\ 40\|\ 56\|md5" | grep -v "ERROR" > WeakCiphers.txt
echo ""
fi
echo -e "[+] SSLSCAN finished `echotime`"
cd ../
}
f_gwp(){ #takes photos of http(s) web site roots (using amap output)
echo -e "\e[00;32m[GWP]\e[00m"
echo -e "[+] Gnome Web Photo Scans starting `echotime`"
cd "${OUTPUTDIR}"
if [ -s amap.ssl.txt ]
then
COUNT=0
NUMBER=`cat amap.ssl.txt | grep -v 3389 | wc -l`
for i in `cat amap.ssl.txt | grep -v 3389`
do
f_progressquick "GWP HTTPS Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} GNOME-WEB-PHOTO" -e "gnome-web-photo -t 20 -w 1024 -m photo -f --format=png https://${i} ${HOST}/${PORT}_https.png" &
while [ `ps -Aef --cols 400 | grep GNOME | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "GWP HTTPS Progress"
done
sleep ${SLEEPTIME}
done
fi
if [ -s amap.http.txt ]
then
COUNT=0
NUMBER=`cat amap.http.txt | grep -v 3389 | wc -l`
for i in `cat amap.http.txt | grep -v 3389`
do
f_progress "GWP HTTP Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} GNOME-WEB-PHOTO" -e "gnome-web-photo -m photo -f --format=png ${i} ${HOST}/${PORT}__http.png" &
while [ `ps -Aef --cols 400 | grep GNOME | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "GWP HTTP Progress"
done
sleep ${SLEEPTIME}
done
fi
while [ `ps -Aef --cols 400 | grep GNOME | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep GNOME | grep xterm | wc -l`
f_progress "GWP Finishing(${RUNNING}left)"
echo ""
done
echo -e "[+] Gnome Web Photo Scans finished `echotime`"
cd ../
}
f_snmpscan(){ #checks for default community strings (using amap output)
echo -e "\e[00;32m[SNMP]\e[00m"
echo -e "[+] SNMP scans starting `echotime`"
cd "${OUTPUTDIR}"
which pentest.sh > /dev/null; retval=`echo $?`
if [ ${retval} = 0 ]
then DICT=`which pentest.sh | sed -e "s/pentest.sh/onesixtyone-0.8\/dict.txt/"`
else DICT="/pentest/enumeration/snmp/onesixtyone/dict.txt"
fi
if [ -s amap.snmp.txt ]
then
COUNT=0
NUMBER=`cat amap.snmp.txt | wc -l`
for i in `cat amap.snmp.txt`
do
f_progressquick "SNMP Scan Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${HOST}_${PORT} SNMPSCAN" -e "${onesixtyone} -c ${DICT} -p ${PORT} ${HOST} | tee ${HOST}/${PORT}_snmpscan.txt; echo finished ; sleep 5" &
while [ `ps -Aef --cols 400 | grep SNMPSCAN | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "SNMP Scan Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep SNMPSCAN | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep SNMPSCAN | grep xterm | wc -l`
f_progress "SNMP Scan Finishing(${RUNNING}left)"
done
echo ""
fi
cat */*_snmpscan.txt | grep -v canning | grep -v error | grep -v wrong | sort -but . -k 1,1n -k 2,2n -k 3,3n -k 4,4n > SNMPCommunityStrings.txt
echo -e "[+] SNMP scans finished `echotime`"
cd ../
}
f_snmpget(){ #collects data from snmp services (using snmpscan output)
echo -e "\e[00;32m[SNMP GET]\e[00m"
echo -e "[+] SNMP Get started `echotime`"
cd "${OUTPUTDIR}"
if [ -s SNMPCommunityStrings.txt ]
then
COUNT=0
NUMBER=`cat SNMPCommunityStrings.txt | wc -l`
for i in `cat SNMPCommunityStrings.txt | cut -f1,2 -d" " | sed -e "s/ //"`
do
f_progressquick "SNMP Get Progress"
HOST=`echo $i | cut -f1 -d"["`
string=`echo $i | cut -f2 -d"[" | sed -e "s/]//"`
((COUNT++)); xterm ${XTERMVALS} -title "${HOST} SNMPGET" -e "snmpwalk -v2c -c ${string} ${HOST} | tee ${HOST}/snmpget.txt; sleep 5" &
while [ `ps -Aef --cols 400 | grep SNMPGET | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "SNMP Get Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep SNMPGET | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep SNMPGET | grep xterm | wc -l`
f_progress "SNMP Get Finishing(${RUNNING}left)"
done
echo ""
fi
echo -e "[+] SNMP Get finished `echotime`"
cd ../
}
f_runenum4linuxscan(){ #enum4linux against targets
echo -e "\e[00;32m[ENUM4LINUX]\e[00m"
echo -e "[+] Enum4Linux scans starting `echotime`"
cd "${OUTPUTDIR}"
sleep ${SLEEPTIME}
COUNT=0
NUMBER=`cat targets.txt | wc -l`
for i in `cat targets.txt`
do
f_progressquick "Enum4Linux Progress"
((COUNT++)); xterm ${XTERMVALS} -title "${i} Enum4Linux" -e "${enum4linux} ${i} | tee ${i}/enum4linux.txt; sleep 5" &
while [ `ps -Aef --cols 400 | grep Enum4Linux | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "Enum4Linux Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep Enum4Linux | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep Enum4Linux | grep xterm | wc -l`
f_progress "Enum4Linux Finishing(${RUNNING}left)"
done
echo -e "[+] Enum4Linux scans finished `echotime`"
cd ../
}
f_swaksscans(){ #swaks test against smtp (using amap output)
echo -e "\e[00;32m[SMTP]\e[00m"
echo -e "[+] SMTP (swaks) scans starting `echotime`"
cd "${OUTPUTDIR}"
if [ -s amap.smtp.txt ]
then
COUNT=0
NUMBER=`cat amap.smtp.txt | wc -l`
for i in `cat amap.smtp.txt`
do
f_progressquick "SMTP Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} SWAKS" -e "/pentest/enumeration/smtp/swaks/swaks --to user@example.com --server ${i} | tee ${HOST}/${PORT}_smtp.txt; sleep 5" &
while [ `ps -Aef --cols 400 | grep SWAKS | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "SMTP Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep SWAKS | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep SWAKS | grep xterm | wc -l`
f_progress "SMTP Finishing(${RUNNING}left)"
done
echo ""
fi
echo -e "[+] SMTP scans finished `echotime`"
cd ../
}
f_uniscan(){ #run basic checks against web servers
echo -e "\e[00;32m[UNISCAN]\e[00m"
echo -e "[+] Uniscan scans starting `echotime`"
cd "${OUTPUTDIR}"
if [ -s amap.ssl.txt ]
then
COUNT=0
NUMBER=`cat amap.ssl.txt | wc -l`
for i in `cat amap.ssl.txt`
do
f_progressquick "Uniscan HTTPS Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} UNISCAN" -e "cd /pentest/web/uniscan/ ; ./uniscan.pl -u https://${i}/ -qweds | tee ${OUTPUTDIR}/${HOST}/${PORT}_uniscan.txt ; sleep 5" &
while [ `ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "Uniscan HTTPS Progress"
done
sleep ${SLEEPTIME}
done
echo ""
fi
if [ -s amap.http.txt ]
then
COUNT=0
NUMBER=`cat amap.http.txt | wc -l`
for i in `cat amap.http.txt`
do
f_progress "Uniscan HTTP Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} UNISCAN" -e "cd /pentest/web/uniscan/ ; ./uniscan.pl -u http://${i}/ -qweds | tee ${OUTPUTDIR}/${HOST}/${PORT}_uniscan.txt" &
while [ `ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "Uniscan HTTP Progress"
done
sleep ${SLEEPTIME}
done
echo ""
fi
while [ `ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l`
f_progress "Uniscan Finishing(${RUNNING}left)"
done
echo -e "[+] Uniscan scans finished `echotime`"
cd ../
}
f_nfsscan(){ #connect to nfs and run tree output
echo -e "\e[00;32m[NFS]\e[00m"
echo -e "[+] NFS Scans starting `echotime`"
cd "${OUTPUTDIR}"
if [ -s amap.nfs.txt ]
then
COUNT=0
NUMBER=`cat amap.nfs.txt | wc -l`
for i in `cat amap.nfs.txt | cut -d":" -f1`
do
f_progressquick "NFS Tree Progress"
((COUNT++));
for f in `showmount -e ${i} | cut -d" " -f1 | grep -v "Export"`
do
mkdir -p /tmp/nfs${f}
mount -o nolock,ro -t nfs ${i}:${f} /tmp/nfs${f}
xterm ${XTERMVALS} -title "${i} NFS Tree" -e "tree /tmp/nfs${f} | tee -a ${i}/nfs.txt ; sleep 5" &
done
while [ `ps -Aef --cols 400 | grep "NFS Tree" | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "NFS Tree Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep "NFS Tree" | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep "NFS Tree" | grep xterm | wc -l`
f_progress "NFS Tree Finishing(${RUNNING}left)"
done
for i in `cat amap.nfs.txt | cut -d":" -f1`
do
for a in `mount | grep $i | cut -d" " -f1`
do
umount ${a}
done
done
echo ""
fi
echo -e "[+] NFS Scans Finished `echotime`"
cd ../
}
f_x11grab(){ #connects to x11 servers and does screenshot
echo -e "\e[00;32m[x11]\e[00m"
echo -e "[+] x11 scans starting `echotime`"
cd "${OUTPUTDIR}"
if [ -s amap.x11.txt ]
then
COUNT=0
NUMBER=`cat amap.x11.txt | wc -l`
for i in `cat amap.x11.txt`
do
f_progressquick "x11grab Progress"
HOST=`echo ${i} | cut -d":" -f1`
PORT=`echo ${i} | cut -d":" -f2`
PORTTR=`echo ${PORT} | tr -d 60` # buggy need to just use right most char
((COUNT++)); xterm ${XTERMVALS} -title "${i} X11grab" -e "xwininfo -tree -root -display ${HOST}:${PORTTR} > ${HOST}/x11_${PORTTR}.txt && import -display ${HOST}:${PORTTR} -window root ${HOST}/x11_${PORTTR}.jpg" &
while [ `ps -Aef --cols 400 | grep X11grab | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "x11grab Progress"
done
sleep ${SLEEPTIME}
done
while [ `ps -Aef --cols 400 | grep X11grab | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep X11grab | grep xterm | wc -l`
f_progress "x11grab Finishing(${RUNNING}left)"
done
echo ""
fi
echo -e "[+] x11 Scans finsihed `echotime`"
cd ../
}
f_wget(){ #wget of http(s) web sites (using amap output)
echo -e "\e[00;32m[WGET]\e[00m"
echo -e "[+] WGET scans started `echotime`"
cd "${OUTPUTDIR}"
if [ -s amap.ssl.txt ]
then
COUNT=0
NUMBER=`cat amap.ssl.txt | grep -v 3389 | wc -l`
for i in `cat amap.ssl.txt | grep -v 3389`
do
f_progressquick "WGET HTTPS Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} WGET" -e "wget -t 1 --no-check-certificate --save-headers -O- https://${i} > ${HOST}/${PORT}_wget_https.txt ; sleep 5" &
while [ `ps -Aef --cols 400 | grep WGET | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "WGET HTTPS Progress"
done
sleep ${SLEEPTIME}
done
fi
if [ -s amap.http.txt ]
then
COUNT=0
NUMBER=`cat amap.http.txt | grep -v 3389 | wc -l`
for i in `cat amap.http.txt | grep -v 3389`
do
f_progress "WGET HTTP Progress"
HOST=`echo $i | cut -d":" -f1`
PORT=`echo $i | cut -d":" -f2`
((COUNT++)); xterm ${XTERMVALS} -title "${i} WGET" -e "wget -t 1 --save-headers -O- http://${i} > ${HOST}/${PORT}_wget_http.txt ; sleep 5" &
while [ `ps -Aef --cols 400 | grep WGET | grep xterm | wc -l` -ge ${THREADS} ]
do
f_progress "WGET HTTP Progress"
done
sleep ${SLEEPTIME}
done
fi
while [ `ps -Aef --cols 400 | grep WGET | grep xterm | wc -l` -gt 0 ]
do
RUNNING=`ps -Aef --cols 400 | grep WGET | grep xterm | wc -l`
f_progress "WGET Finishing(${RUNNING}left)"
echo ""
done
echo -e "[+] WGET scans finished `echotime`"
cd ../
}
f_cleanup(){ #deletes files created that are empty or blank
echo "[+] Now cleaning up"
cd "${OUTPUTDIR}"
for i in `ls */*.png`
do
iSIZE=`stat -c %s ${i}`
if [ ${iSIZE} -eq "469" ] ; then rm ${i} ; fi
done
if [ -s amap.ssl.txt ] ; then sleep 0 ; else rm amap.ssl.txt ; fi
if [ -s amap.http.txt ] ; then sleep 0 ; else rm amap.http.txt ; fi
if [ -s WeakCiphers.txt ] ; then sleep 0 ; else rm WeakCiphers.txt ; fi
if [ -s SNMPCommunityStrings.txt ] ; then sleep 0 ; else rm SNMPCommunityStrings.txt ; fi
if [ -s amap.snmp.txt ] ; then sleep 0 ; else rm amap.snmp.txt ; fi
if [ -s amap.smtp.txt ] ; then sleep 0 ; else rm amap.smtp.txt ; fi
for i in `ls */enum4linux.txt`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 30 ];then rm ${i};fi;done
if [ -s amap.nfs.txt ] ; then sleep 0 ; else rm amap.nfs.txt ; fi
cd ../
}
f_displayresults(){ #displays output in xterm windows
echo -e "\e[00;32m[RESULTS]\e[00m"
echo "[+] Displaying results"
cd "${OUTPUTDIR}"
if [ -s open_ports.txt ] ; then xterm -title "OpenPorts from ${OUTPUTDIR}" -e "grep -E --color=always '.*(ssh|rdp|ssl|http|telnet|https|sslv2|mail|smtp|snmp|oracle|sql|tnls|ftp|sftp|echo|chargen|dns|qotd|motd|finger|rlogin|rexec|discard|daytime).*|' open_ports.txt | less -R" & fi
if [ -s WeakCiphers.txt ] ; then xterm -title "WeakCiphers from ${OUTPUTDIR}" -e "less -R WeakCiphers.txt" & fi
if [ -s SNMPCommunityStrings.txt ] ; then xterm -title "SNMPCommunityStrings from ${OUTPUTDIR}" -e "less -R SNMPCommunityStrings.txt" & fi
cd ../
echo "[+] Scanning has finished, now time to get root"
echo "[+] Targets scanned"
cat ${OUTPUTDIR}/targets.txt | sed ':a;N;$!ba;s/\n/,/g'
echo "[+] Vlan Ports"
cat ${OUTPUTDIR}/vlan_ports.txt
echo ""
}
f_exit(){ #this is called upon ESC/Cancel press
rm /tmp/answer
echo "[+] Exiting.... see ya"
exit 1
}
echotime(){ #simply displays the time to the screen
echo -e "\e[00;30m`date +"%T"`\e[00m"
}
### What to run ###
f_setdefaults
f_main
f_cleanup
f_displayresults
#f_debug
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment