search-rdp.bash

#!/bin/bash

# This script searchs for all hosts which has an specific port (default 3389 )
# open.
#

declare network port='3389' user pw

declare ips wrong_usage e_wrong_usage=1


function usage {
	printf -- 'usage:\n'
    printf -- '%s ' "${0##*/}"
	printf -- "-N network "
    printf -- "[-P port] "
    printf -- "[-u user] "
    printf -- "-p PW"
    printf -- "\n\n"
}

function check_connection {
    xfreerdp --authonly --ignore-certificate -u "$user" -p "$pw" "$ip"
}


while getopts P:N:u:p:h option; do
    case "$option" in
        N)
            network=$OPTARG
            ;;
        P)
            user=$OPTARG
            ;;
        u)
            user=$OPTARG
            ;;
        p)
            pw=$OPTARG
            ;;
        h)
            usage
            exit 0
            ;;
        *)
            usage >&2
            ;;
    esac
done


[[ -z $user ]] && {
	printf '$USER ("%s") is taken as user.\n' "$USER"
    user="$USER"
}

printf '\n'
for option in network port pw; do
	[[ -z ${!option} ]] && {
		printf '%s must be set!\n' "${option^?}"
		wrong_usage=1
	}
done
printf '\n'
[[ $wrong_usage = 1 ]] && { usage >&2; exit $e_wrong_usage; }


ips=$(nmap -oG - -p $port $network | grep "Ports:.*$port.*open" | cut -d ' ' -f 2)

for ip in $ips
do
    if check_connection 2> /dev/null 1>&2
    then
        printf -- "----------------------------------------\n"
        printf -- "Hostname(s):\n%s\n\n" "$(dig +short -x $ip)"
        printf -- "IP:\n%s\n----------------------------------------\n\n\n" "$ip"
    fi
done