jgamblin/scan.sh

## scan.sh
#!/bin/bash
#
# Requires NMAP, NDIFF and Slackcli
# https://candrholdings.github.io/slack-cli/
# TARGETS should be set by env variable
# INTERVAL how many seconds to wait between scans
# SLACKTOKEN from here https://api.slack.com/web


TARGETS="scanme.handsonhacking.org"
INTERVAL="60"
SLACKTOKEN=""


if [ "${TARGETS:-}" == "" ]; then
    echo "TARGETS not set (space separated list of servers to scan)"
    exit
fi


if [ "${INTERVAL:-}" == "600" ]; then
    echo "INTERVAL not set (second to sleep between runs)"
    exit
fi

if [ "${OPTIONS:-}" == "" ]; then
    OPTIONS='-Pn --open --exclude-ports 25'
fi

cd  ~/scan
LAST_RUN_FILE='.lastrun'

while true; do

    # If the last run file exists, we should only sleep for the time
    # specified minus the time that's already elapsed.
    if [ -e "${LAST_RUN_FILE}" ]; then
        LAST_RUN_TS=$(date -r ${LAST_RUN_FILE} +%s)
        NOW_TS=$(date +%s)
        LAST_RUN_SECS=$(expr ${NOW_TS} - ${LAST_RUN_TS})
        SLEEP=$(expr ${INTERVAL} - ${LAST_RUN_SECS})
        if [ ${SLEEP} -gt 0 ]; then
            UNTIL_SECS=$(expr ${NOW_TS} + ${SLEEP})
            echo $(date) "- sleeping until" $(date --date="@${UNTIL_SECS}") "(${SLEEP}) seconds"
            sleep ${SLEEP}
        fi
    fi

    START_TIME=$(date +%s)
    echo $(date) '- starting all targets, options: ' ${OPTIONS}
    echo '=================='

    DATE=`date +%Y-%m-%d_%H-%M-%S`
    for TARGET in ${TARGETS}; do
        CUR_LOG=scan-${TARGET/\//-}-${DATE}.xml
        PREV_LOG=scan-${TARGET/\//-}-prev.xml
        DIFF_LOG=scan-${TARGET/\//-}-diff

        echo
        echo $(date) "- starting ${TARGET}"
        echo "------------------"

        # Scan the target
        nmap ${OPTIONS} ${TARGET} -oX ${CUR_LOG}

        # If there's a previous log, diff it
        if [ -e ${PREV_LOG} ]; then

            # Exclude the Nmap version and current date - the date always changes
	    ndiff ${PREV_LOG} ${CUR_LOG} | egrep -v '^(\+|-)N' > ${DIFF_LOG}
            if [ -s ${DIFF_LOG} ]; then
                slackcli -t $SLACKTOKEN -h nmap -m "Change detected from NMAP Scan on:"
                cat ${DIFF_LOG} | slackcli -t $SLACKTOKEN -h nmap -c

                # Set the current nmap log file to reflect the last date changed
                ln -sf ${CUR_LOG} ${PREV_LOG}
            else
                # No changes so remove our current log
                rm ${CUR_LOG}
            fi
            rm ${DIFF_LOG}
        else
            # Create the previous scan log
            ln -sf ${CUR_LOG} ${PREV_LOG}
        fi
    done

    touch ${LAST_RUN_FILE}
    END_TIME=$(date +%s)
    echo
    echo $(date) "- finished all targets in" $(expr ${END_TIME} - ${START_TIME}) "second(s)"
done
ubuntu@i
	#!/bin/bash
	#
	# Requires NMAP, NDIFF and Slackcli
	# https://candrholdings.github.io/slack-cli/
	# TARGETS should be set by env variable
	# INTERVAL how many seconds to wait between scans
	# SLACKTOKEN from here https://api.slack.com/web


	TARGETS="scanme.handsonhacking.org"
	INTERVAL="60"
	SLACKTOKEN=""


	if [ "${TARGETS:-}" == "" ]; then
	echo "TARGETS not set (space separated list of servers to scan)"
	exit
	fi


	if [ "${INTERVAL:-}" == "600" ]; then
	echo "INTERVAL not set (second to sleep between runs)"
	exit
	fi

	if [ "${OPTIONS:-}" == "" ]; then
	OPTIONS='-Pn --open --exclude-ports 25'
	fi

	cd ~/scan
	LAST_RUN_FILE='.lastrun'

	while true; do

	# If the last run file exists, we should only sleep for the time
	# specified minus the time that's already elapsed.
	if [ -e "${LAST_RUN_FILE}" ]; then
	LAST_RUN_TS=$(date -r ${LAST_RUN_FILE} +%s)
	NOW_TS=$(date +%s)
	LAST_RUN_SECS=$(expr ${NOW_TS} - ${LAST_RUN_TS})
	SLEEP=$(expr ${INTERVAL} - ${LAST_RUN_SECS})
	if [ ${SLEEP} -gt 0 ]; then
	UNTIL_SECS=$(expr ${NOW_TS} + ${SLEEP})
	echo $(date) "- sleeping until" $(date --date="@${UNTIL_SECS}") "(${SLEEP}) seconds"
	sleep ${SLEEP}
	fi
	fi

	START_TIME=$(date +%s)
	echo $(date) '- starting all targets, options: ' ${OPTIONS}
	echo '=================='

	DATE=`date +%Y-%m-%d_%H-%M-%S`
	for TARGET in ${TARGETS}; do
	CUR_LOG=scan-${TARGET/\//-}-${DATE}.xml
	PREV_LOG=scan-${TARGET/\//-}-prev.xml
	DIFF_LOG=scan-${TARGET/\//-}-diff

	echo
	echo $(date) "- starting ${TARGET}"
	echo "------------------"

	# Scan the target
	nmap ${OPTIONS} ${TARGET} -oX ${CUR_LOG}

	# If there's a previous log, diff it
	if [ -e ${PREV_LOG} ]; then

	# Exclude the Nmap version and current date - the date always changes
	ndiff ${PREV_LOG} ${CUR_LOG} \| egrep -v '^(\+\|-)N' > ${DIFF_LOG}
	if [ -s ${DIFF_LOG} ]; then
	slackcli -t $SLACKTOKEN -h nmap -m "Change detected from NMAP Scan on:"
	cat ${DIFF_LOG} \| slackcli -t $SLACKTOKEN -h nmap -c

	# Set the current nmap log file to reflect the last date changed
	ln -sf ${CUR_LOG} ${PREV_LOG}
	else
	# No changes so remove our current log
	rm ${CUR_LOG}
	fi
	rm ${DIFF_LOG}
	else
	# Create the previous scan log
	ln -sf ${CUR_LOG} ${PREV_LOG}
	fi
	done

	touch ${LAST_RUN_FILE}
	END_TIME=$(date +%s)
	echo
	echo $(date) "- finished all targets in" $(expr ${END_TIME} - ${START_TIME}) "second(s)"
	done
	ubuntu@i